* tests/cms/samplemsgs/: Add sample messages.
* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error.
* sm/decrypt.c (decrypt_gcm_filter): New.
(gpgsm_decrypt): Use this filter if requested. Check authtag.
--
Note that the sample message pwri-sample.gcm.p7m is broken: The
authtag is duplicated to the authEncryptedContentInfo. I used a
temporary code during testing hack to that test message out.
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.
* sm/decrypt.c (pwri_decrypt): Use "passphrase".
--
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03f83bcda5)
Note that we keep on using the term "passphrase" although "password"
would be better. There are however so many occurance of this and
given it is a bike shedding topic we fix that in the PO files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c (pwri_decrypt): Add arg ctrl. Ask for passphrase.
* sm/export.c (export_p12): Mark string as translatable.
* sm/import.c (parse_p12): Ditto.
--
This is finishes the support for PWRI.
The N_() marks are added so that we don't rely of the side-effect of
having the same strings in protect-tool.c
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c (pwri_parse_pbkdf2): New.
(pwri_decrypt): New.
(prepare_decryption): Support pwri.
(gpgsm_decrypt): Test for PWRI. Move IS_DE_VS flag to DFPARM.
--
Note that this is not finished because we need to implement a password
callback. For now "abc" is used as passwort.
Latest libksba is also required to return the required info.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--
This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant. GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS. Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg. Add arg pkalgoflags. Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags. Pass algo flags along.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c (ecdh_decrypt): Support
dhSinglePass-stdDH-sha1kdf-scheme. Factor key derive code out to ...
(ecdh_derive_kek): new global function. Allow for hashs shorter than
the key.
(hash_ecc_cms_shared_info): Make file-only.
* sm/encrypt.c (ecdh_encrypt): Replace derive code by a call to the
new ecdh_derive_kek. Add test code to create data using
dhSinglePass-stdDH-sha1kdf-scheme.
* sm/gpgsm.h (opt): Add member force_ecdh_sha1kdf.
* sm/gpgsm.c: Add option --debug-force-ecdh-sha1kdf.
--
I did some test against
Governikus_Signer: 2.9.2.0
MCard security Provider: 2.4.0
Algorithm catalog from: 05.12.2019
using a Signature Card v2.0 and a nistp256 certificate. Encrypting
with Governikus used the stdDH-sha1kdf scheme which we can now
decrypt. Encrypting with GPGSM uses for that curve the recommended
scheme sha256kdf but Governikus was not able to decrypt this (no
usable error message). Encrypting using stdDH-sha1kdf with GPGSM by
using the new --debug-force-ecdh-sha1kdf option showed that
Governikus was able to decrypt this.
FWIW: RFC5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms)
has this requirement:
Implementations that support EnvelopedData with the
ephemeral-static ECDH standard primitive:
- MUST support the dhSinglePass-stdDH-sha256kdf-scheme key
agreement algorithm, the id-aes128-wrap key wrap algorithm, and
the id-aes128-cbc content encryption algorithm; and
which Governikus seems not to fulfill.
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (cipher_mode_to_string): New.
* sm/decrypt.c (prepare_decryption): Show cipher algo and mode.
(gpgsm_decrypt): Show key algo and fingerprint
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c (ecdh_decrypt): Add arg nbits and detect bare secret.
(prepare_decryption): Add arg nbits and pass on.
(gpgsm_decrypt): Pass size of curve to prepare_decryption.
--
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c (hash_ecc_cms_shared_info): Make global.
* sm/encrypt.c (ecdh_encrypt): New.
(encrypt_dek): Add arg PK_ALGO and support ECDH.
(gpgsm_encrypt): Pass PK_ALGO.
--
Note: This has only been tested with a messages created and decrypted
by GnuPG.
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c: Include tlv.h.
(string_from_gcry_buffer): New.
(hash_ecc_cms_shared_info): New.
(ecdh_decrypt): New.
(prepare_decryption): Support ECDH. Add arg pk_algo.
(gpgsm_decrypt): Lift some variables from an inner code block.
--
Note: This has only been tested with a single messages created by
OpenSSL and taken from the Mozilla bug tracker. In particular the
code to included UserKeyingMaterial (ukm) has not been tested.
GnuPG-bug-id: 4098
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/decrypt.c: Use TMP_RC for ksba_cms_get_issuer_serial,
and return the last error when no key is available.
Fix the error report with TMP_RC for second call of
ksba_cms_get_issuer_serial.
GnuPG-bug-id: 4561
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pubkey-enc.c (get_session_key): Bail out if the algo is not
allowed in the current compliance mode.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
The idea here is that the owner of the key created a non-compliant key
and later receives a mail encrypted to that key. The sender should
have checked this key too but we can't guarantee that. By hard
failing here the owner of the key will notice that he had created a
non-compliant key and thus has a chance to generate a new compliant
key. In case the compliant criteria changes and the owner wants to
decrypt an old message he can still switch gpg to another compliant
mode.
Fixes-commit: a0d0cbee76
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check. We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
so that we have only one translation.
--
We always allow decryption and print only a note if the key was not
complaint at the encryption site.
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information will be picked up by the frontend and
presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* common/ksba-io-support.c: Include ksba-io-support.h instead of
../sm/gpgsm.h. Include util.h.
(writer_cb_parm_s): Remove const from 'pem_name'.
(gpgsm_destroy_writer): Free 'pem_name'.
(gpgsm_create_reader): Rename to ...
(gnupg_ksba_create_reader): this. Replace args CTRL and
ALLOW_MULTI_PEM by a new arg FLAGS. Change the code to evaluate
FLAGS. Change all callers to pass the FLAGS.
(gpgsm_create_writer): Rename to ...
(gnupg_ksba_create_writer): this. Replace arg CTRL by new arg FLAGS.
Add arg PEM_NAME. Evaluate FLAGS. Store a copy of PEM_NAME. Change
all callers to pass the FLAGS and PEM_NAME.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global. Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global. Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND. Also add new arg CTRL and change
all callers to pass it down.
Signed-off-by: Werner Koch <wk@gnupg.org>
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
* certreqgen.c (get_parameter_uint, create_request): Create
an extension for key usage when requested.
* gpgsm.c (main): Install emergency_cleanup also as an atexit
handler.
* verify.c (gpgsm_verify): Removed the separate error code
handling for KSBA. We use shared error codes anyway.
* export.c (export_p12): Removed debugging code.
* encrypt.c (gpgsm_encrypt): Put the session key in to secure memory.
message.
* decrypt.c (gpgsm_decrypt): Ditto.
* fingerprint.c (gpgsm_get_key_algo_info): New.
* sign.c (gpgsm_sign): Don't assume RSA in the status line.
* keylist.c (list_cert_colon): Really print the algorithm and key
length.
(list_cert_raw, list_cert_std): Ditto.
* gpgsm.h (opt): Add member CONFIG_FILENAME.
* gpgsm.c (main): Use it here instead of the local var.
(gpgsm_agent_genkey, gpgsm_agent_istrusted)
(gpgsm_agent_marktrusted, gpgsm_agent_havekey)
(gpgsm_agent_passwd): Add new arg CTRL and changed all callers.
(start_agent): New arg CTRL. Send progress item when starting a
new agent.
* sign.c (gpgsm_get_default_cert, get_default_signer): New arg
CTRL to be passed down to the agent function.
* decrypt.c (prepare_decryption): Ditto.
* certreqgen.c (proc_parameters, read_parameters): Ditto.
* certcheck.c (gpgsm_create_cms_signature): Ditto.
Werner Koch