1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-25 10:49:57 +01:00

148 Commits

Author SHA1 Message Date
Werner Koch
ab7a0b0702
gpg: Show AEAD preferences
* g10/packet.h (preftype_t): Add PREFTYPE_AEAD.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
* g10/getkey.c (fixup_uidnode): Set AEAD flags.
(merge_selfsigs): Ditto.
--

Although we are not able to create such keys we should be abale to
show them.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:36:28 +02:00
Werner Koch
1dfe71c62b
gpg: Support decryption of the new AEAD packet
* common/openpgpdefs.h (aead_algo_t): New.
(pkttype_t): Add PKT_ENCRYPTED_AEAD.
* g10/decrypt-data.c (struct decode_filter_context_s): Add fields for
AEAD.
(aead_set_nonce_and_ad): New.
(aead_checktag): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/dek.h (DEK): Add field use_aead.  Turn use_mdc,
algo_info_printed, and symmetric into bit flags.
* g10/mainproc.c (struct mainproc_context): Add field
seen_pkt_encrypted_aead.
(release_list): Clear it.
(have_seen_pkt_encrypted_aead): New.
(symkey_decrypt_seskey): Support AEAD.
(proc_symkey_enc): Ditto.
(proc_encrypted): Ditto.
(proc_plaintext): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(openpgp_aead_algo_info): New.
* g10/packet.h (PKT_symkey_enc): Add field use_aead.
(PKT_user_id): Add field flags.aead
(PKT_public_key): Ditto.
(PKT_encrypted): Add fields for AEAD.
* g10/parse-packet.c (parse): Handle PKT_ENCRYPTED_AEAD.
(parse_symkeyenc): Support AEAD.
(parse_encrypted): Ditto.
(dump_sig_subpkt): Dump AEAD preference packet.
(parse_encrypted_aead): New.
--

This patch allows to decrypt data encrypted using the new AEAD
mechanism as specified in rfc4880bis.  Although preferences are used
to enable this new mode, it is useful to have at least a decryption
option in case a user switches between GnuPG 2.2 and newer versions.

The new AEAD mechanism is much faster than the current CFB+MDC and
thus 2.2 will allow faster decryption of symmetric only decryption.

This patch is based on the current master (2.3) code base and includes
a few other patches.  In particular
commit 44be675b759d27bac310c2de8bae1b7882a26b65
(gpg: More check for symmetric key encryption.)
is included.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-04-16 08:25:55 +02:00
Werner Koch
b42d9f540c
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters.  Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--

This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.

There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported.  The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time.  However,
the new user id is not imported.  Now when trying to reply to that
last mail, no key will be found.  We need to see whether we can update
a key in such a case.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>

Backported from master

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-14 19:53:40 +01:00
Werner Koch
d32963eeb3
gpg: Do not allow creation of user ids larger than our parser allows.
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--

This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us.  Test case is

  gpg --batch --passphrase 'abc' -v  \
      --quick-gen-key $(yes 'a'| head -4000|tr -d '\n')

GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 16:28:11 +02:00
Werner Koch
b78f293cf0
common: Provide some convenient OpenPGP related constants.
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f382984966a31a4cbe572bce5370590c5490ed1e)
2019-01-29 20:18:52 +01:00
Werner Koch
a59a9962f4
gpg: New option --known-notation.
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--

GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3da835713fb6220112d988e1953f3d84beabbf6a)
2018-08-29 09:36:44 +02:00
Werner Koch
221af19351
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f7526c7bc754acf68bde0b79c785e875a9365d60)
2018-07-05 21:41:02 +02:00
Werner Koch
cedd754fcb
gpg: Fix import's repair-key duplicate signature detection.
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--

The key_check_all_keysigs first does a detection of duplicate
signature.  This is done over all signatures at once.  The problem
here is for example:

   key
   uid_1
     sig_uid_1.1
     sig_uid_1.2
   subkey_1
     sig_sub_1.1
   subkey_2
     sig_sub_2.1
     sig_sub_2.2  (duplicate of sig_sub_1.1)

Now the de-duplication deletes the first signature and keeps the
second.  That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore.  In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid.  The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).

The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey).  This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.

In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1.  This duplicates the
signature and for cleanness we should kick the de-duplication process
again.  This will be done with a followup patch.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba)
2018-06-07 18:43:04 +02:00
Werner Koch
69c3e7acb7
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
Werner Koch
33ecb541fc
doc: Comment fixes and one trailing comma fix.
--
2017-07-20 18:13:40 +02:00
Werner Koch
fa1155e89e
gpg: New option --key-origin.
* g10/keydb.h (KEYORG_): Rename to KEYORG_.
* g10/packet.h (PKT_user_id): Rename field keysrc to keyorg.  Adjust
users.
(PKT_public_key): Ditto.
(PKT_ring_trust): Ditto.
* g10/options.h (struct opt): Add field key_origin.
* g10/getkey.c (parse_key_origin): New.
* g10/gpg.c (oKeyOrigin): New.
(opts): Add "keys-origin".
(main): Set option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 18:29:01 +02:00
Justus Winter
22739433e9
gpg: Properly account for ring trust packets.
* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
instead of counting ourself.
* g10/packet.h (struct parse_packet_ctx_s): New field
'n_parsed_packets'.
(init_parse_packet): Initialize new field.
* g10/parse-packet.c (parse): Count packets.
--

The 'keyring' keystore depends on the number of packets for delete and
update operations.  With the rework of the ring trust packets, the
trust packets were no longer properly accounted for leading to keyring
corruptions.

The 'keybox' store was not affected.

GnuPG-bug-id: 3123
GnuPG-bug-id: 3135
GnuPG-bug-id: 3144
Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 14:33:11 +02:00
Justus Winter
692208fd6c
gpg: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2017-05-08 14:33:09 +02:00
NIIBE Yutaka
5c8fe54809 Spelling fixes in docs and comments.
--

In addition, fix trailing spaces in tests/inittests.

GnuPG-bug-id: 3121
Reported-by: ka7 (klemens)
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 10:06:33 +09:00
Werner Koch
8f2671d2cc
gpg: Pass CTRL to many more functions.
--

For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions.  Quite
a lot of changes but fortunately straightforward to do.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:07:20 +02:00
Werner Koch
7bf24e8146
gpg: Fix actual leak and possible leaks in the packet parser.
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--

Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 16:01:52 +02:00
Werner Koch
a8895c99a7
gpg: Revamp reading and writing of ring trust packets.
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this.  Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META.  Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants.  They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto.  Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta.  Remove special treatment
of ring trust packets and initialization of the signature caches.
--

This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes.  Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.

Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".

The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately.  Thus only the parser sees
the ring trust packets.  Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet.  That
function writes a ring trust packet when the needed information is
available.

As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
Werner Koch
afa8680908
gpg: Extend free_packet to handle a packet parser context.
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro.  Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context.  Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 12:08:31 +02:00
Werner Koch
0526c99164
gpg: Change parse_packet to take a context.
* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context.  Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--

We will need this change to handle ring packets inside the parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-29 10:06:29 +02:00
Justus Winter
2649fdfff5
g10: Move more flags into the flag bitfield.
* g10/packet.h (PKT_user_id): Move 'is_primary', 'is_revoked', and
'is_expired' into the flags bitfield, and drop the prefix.
* g10/call-dirmngr.c: Adapt accordingly.
* g10/export.c: Likewise.
* g10/getkey.c: Likewise.
* g10/import.c: Likewise.
* g10/kbnode.c: Likewise.
* g10/keyedit.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyserver.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pubkey-enc.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
--

This patch has been created by applying the following semantic patch:

    @@
    expression E;
    @@
    -E->is_expired
    +E->flags.expired

    @@
    expression E;
    @@
    -E->is_primary
    +E->flags.primary

    @@
    expression E;
    @@
    -E->is_revoked
    +E->flags.revoked

Signed-off-by: Justus Winter <justus@g10code.com>
2017-03-08 13:31:10 +01:00
NIIBE Yutaka
70aca95d68 Remove -I option to common.
* dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common.
* g10/Makefile.am (AM_CPPFLAGS): Ditto.
* g13/Makefile.am (AM_CPPFLAGS): Ditto.
* kbx/Makefile.am (AM_CPPFLAGS): Ditto.
* scd/Makefile.am (AM_CPPFLAGS): Ditto.
* sm/Makefile.am (AM_CPPFLAGS): Ditto.
* tools/Makefile.am (AM_CPPFLAGS): Ditto.
* Throughout: Follow the change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 20:25:54 +09:00
Neal H. Walfield
522f74f7e3 Improve some comments. 2016-11-29 14:56:00 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
37e3c89725
gpg: Fix printing of pubkey algo in --verbose signature verify.
* g10/sig-check.c (check_signature2): Replace arg PK by R_PK and
change the semantics.  Also clear the other R_ args on function entry,
use gpg_error() and change retturn type to gpg_error_t.
* g10/mainproc.c (do_check_sig): Add arg R_PK.
(list_node): Pass NULL for new arg.
(check_sig_and_print): Rework to make use of the returned PK.
--

The output

gpg: textmode signature, digest algorithm SHA256, key algorithm rsa2048

showed the pubkey algo of the primary key which was surprising.
Changed to print the algo of the subkey used for verification.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-09-01 16:39:41 +02:00
Werner Koch
ed5c1b0b8a
gpg: Print the signer's UID during verification.
* g10/parse-packet.c (parse_signature): Sanitize the value stored in
SIGNERS_UID.
* g10/mainproc.c (issuer_fpr_string): New.
(check_sig_and_print): Print the signers' UID.  Print the issuer
fingerprint in --rfc4880bis mode.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-10 19:53:53 +02:00
Werner Koch
f015552374
gpg: Allow to cache the mbox in a user id struct.
* g10/packet.h (PKT_user_id): Add field 'mbox'.
* g10/free-packet.c (free_user_id): Free that.
--

This will be required by the coming import filter.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-01 16:27:43 +02:00
Werner Koch
d8bce478be
gpg: Make sure a user ID packet has always a terminating Nul in memory.
* g10/keygen.c (write_uid): Avoid overflow.
--

Also the actual length if the user ID is given by LEN, using NAME
diretcly is often more convenient.
2016-07-01 16:27:43 +02:00
Werner Koch
955baf0436
gpg: Add experimental support for an issuer fpr.
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--

This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-20 23:59:18 +02:00
Werner Koch
08c82b1b55
gpg: Try Signer's User ID sub-packet with --auto-key-retrieve.
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status.  If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-13 10:40:34 +02:00
Werner Koch
67a4bc8d53
gpg: New status code NOTATION_FLAGS.
* common/status.h (STATUS_NOTATION_FLAGS: New.
* g10/packet.h (struct notation): Add flags.human.
(notation_t): New typedef.
* g10/build-packet.c (sig_to_notation): Set flags.human.
* g10/keylist.c (show_notation): Write STATUS_NOTATION_FLAGS.
2016-05-31 15:51:18 +02:00
Justus Winter
71040f48ef g10: Fix typo.
--
Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-07 13:51:26 +02:00
Neal H. Walfield
d040628ddf gpg: Add new program gpgcompose.
* g10/packet.h: Include "util.h".
* g10/encrypt.c (encrypt_seskey): Don't mark as static.
* g10/gpgcompose.c: New file.
* g10/Makefile.am (noinst_PROGRAMS): Add gpgcompose.
(gpg2_SOURCES): Split everything but gpg.c into...
(gpg_sources): ... this new variable.
(gpgcompose_SOURCES): New variable.
(gpgcompose_LDADD): Likewise.
(gpgcompose_LDFLAGS): Likewise.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:19 +01:00
Neal H. Walfield
1a62458614 gpg: Add a new function for creating binary notations.
* g10/build-packet.c (blob_to_notation): New function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-03-02 20:36:13 +01:00
Neal H. Walfield
b7b4a1bdd9 gpg: Improve documentation and comments related to OpenPGP packets.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-25 21:08:56 +01:00
Neal H. Walfield
c45633a571 gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid.
* g10/keydb.h (keyid_cmp): New function.
* g10/keyid.c (pk_keyid): New function.
(pk_main_keyid): New function.
(keyid_copy): New function.
(pk_keyid_str): New function.
* g10/packet.h (PKT_public_key): Update comments for main_keyid and
keyid.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>

Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk,
NULL) to ensure that pk->keyid is valid.  Because it is easy to forget
to do this, these accessor functions take care of it.
2016-02-19 16:13:00 +01:00
Werner Koch
34bca9cd4b
gpg: Add an exact search flag to the PK struct.
* g10/getkey.c (merge_selfsigs_subkey): Clear exact flag.
(finish_lookup): Set exact flag.
* g10/packet.h (PKT_public_key): Add field flags.exact.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-08 15:16:12 +01:00
Justus Winter
a9e0905342 Fix typos found using codespell.
* agent/cache.c: Fix typos.
* agent/call-pinentry.c: Likewise.
* agent/call-scd.c: Likewise.
* agent/command-ssh.c: Likewise.
* agent/command.c: Likewise.
* agent/divert-scd.c: Likewise.
* agent/findkey.c: Likewise.
* agent/gpg-agent.c: Likewise.
* agent/w32main.c: Likewise.
* common/argparse.c: Likewise.
* common/audit.c: Likewise.
* common/audit.h: Likewise.
* common/convert.c: Likewise.
* common/dotlock.c: Likewise.
* common/exechelp-posix.c: Likewise.
* common/exechelp-w32.c: Likewise.
* common/exechelp-w32ce.c: Likewise.
* common/exechelp.h: Likewise.
* common/helpfile.c: Likewise.
* common/i18n.h: Likewise.
* common/iobuf.c: Likewise.
* common/iobuf.h: Likewise.
* common/localename.c: Likewise.
* common/logging.c: Likewise.
* common/openpgp-oid.c: Likewise.
* common/session-env.c: Likewise.
* common/sexputil.c: Likewise.
* common/sysutils.c: Likewise.
* common/t-sexputil.c: Likewise.
* common/ttyio.c: Likewise.
* common/util.h: Likewise.
* dirmngr/cdblib.c: Likewise.
* dirmngr/certcache.c: Likewise.
* dirmngr/crlcache.c: Likewise.
* dirmngr/dirmngr-client.c: Likewise.
* dirmngr/dirmngr.c: Likewise.
* dirmngr/dirmngr_ldap.c: Likewise.
* dirmngr/dns-stuff.c: Likewise.
* dirmngr/http.c: Likewise.
* dirmngr/ks-engine-hkp.c: Likewise.
* dirmngr/ks-engine-ldap.c: Likewise.
* dirmngr/ldap-wrapper.c: Likewise.
* dirmngr/ldap.c: Likewise.
* dirmngr/misc.c: Likewise.
* dirmngr/ocsp.c: Likewise.
* dirmngr/validate.c: Likewise.
* g10/encrypt.c: Likewise.
* g10/getkey.c: Likewise.
* g10/gpg.c: Likewise.
* g10/gpgv.c: Likewise.
* g10/import.c: Likewise.
* g10/keydb.c: Likewise.
* g10/keydb.h: Likewise.
* g10/keygen.c: Likewise.
* g10/keyid.c: Likewise.
* g10/keylist.c: Likewise.
* g10/keyring.c: Likewise.
* g10/mainproc.c: Likewise.
* g10/misc.c: Likewise.
* g10/options.h: Likewise.
* g10/packet.h: Likewise.
* g10/parse-packet.c: Likewise.
* g10/pkclist.c: Likewise.
* g10/pkglue.c: Likewise.
* g10/plaintext.c: Likewise.
* g10/server.c: Likewise.
* g10/sig-check.c: Likewise.
* g10/sqlite.c: Likewise.
* g10/tdbio.c: Likewise.
* g10/test-stubs.c: Likewise.
* g10/tofu.c: Likewise.
* g10/trust.c: Likewise.
* g10/trustdb.c: Likewise.
* g13/create.c: Likewise.
* g13/mountinfo.c: Likewise.
* kbx/keybox-blob.c: Likewise.
* kbx/keybox-file.c: Likewise.
* kbx/keybox-init.c: Likewise.
* kbx/keybox-search-desc.h: Likewise.
* kbx/keybox-search.c: Likewise.
* kbx/keybox-update.c: Likewise.
* scd/apdu.c: Likewise.
* scd/app-openpgp.c: Likewise.
* scd/app-p15.c: Likewise.
* scd/app.c: Likewise.
* scd/ccid-driver.c: Likewise.
* scd/command.c: Likewise.
* scd/iso7816.c: Likewise.
* sm/base64.c: Likewise.
* sm/call-agent.c: Likewise.
* sm/call-dirmngr.c: Likewise.
* sm/certchain.c: Likewise.
* sm/gpgsm.c: Likewise.
* sm/import.c: Likewise.
* sm/keydb.c: Likewise.
* sm/minip12.c: Likewise.
* sm/qualified.c: Likewise.
* sm/server.c: Likewise.
* tools/gpg-check-pattern.c: Likewise.
* tools/gpgconf-comp.c: Likewise.
* tools/gpgkey2ssh.c: Likewise.
* tools/gpgparsemail.c: Likewise.
* tools/gpgtar.c: Likewise.
* tools/rfc822parse.c: Likewise.
* tools/symcryptrun.c: Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-17 12:50:22 +01:00
Neal H. Walfield
ec409e62ae gpg: Add support for unwrapping the outer level of encryption.
* g10/decrypt-data.c (decrypt_data): If OPT.UNWRAP_ENCRYPTION is set,
copy the data to the output file instead of continuing to process it.
* g10/gpg.c (enum cmd_and_opt_values): Add new value oUnwrap.
(opts): Handle oUnwrap.
(main): Likewise.
* g10/options.h (opt): Add field unwrap_encryption.
* g10/plaintext.c (handle_plaintext): Break the output file selection
functionality into ...
(get_output_file): ... this new function.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
GnuPG-bug-id: 1060
Debian-bug-id: 282061
2015-11-05 14:16:33 +01:00
Neal H. Walfield
e16d7168c5 gpg: Allow multiple --default-key options. Take the last available key.
* g10/getkey.c (parse_def_secret_key): New function.
(get_seckey_default): Add parameter ctrl.  Update callers.  Use
parse_def_secret_key to get the default secret key, if any.
(getkey_byname): Likewise.
(enum_secret_keys): Likewise.
* g10/options.h (opt): Change def_secret_key's type from a char * to a
strlist_t.
* g10/gpg.c (main): When processing --default-key, add the key to
OPT.DEF_SECRET_KEY.
* g10/gpgv.c (get_session_key): Add parameter ctrl.  Update callers.
* g10/mainproc.c (proc_pubkey_enc): Likewise.
(do_proc_packets): Likewise.
* g10/pkclist.c (default_recipient): Likewise.
* g10/pubkey-enc.c (get_session_key): Likewise.
* g10/sign.c (clearsign_file): Likewise.
(sign_symencrypt_file): Likewise.
* g10/skclist.c (build_sk_list): Likewise.
* g10/test-stubs.c (get_session_key): Likewise.

--
Signed-off-by: Neal H. Walield <neal@g10code.com>
GnuPG-bug-id: 806
2015-11-04 13:19:52 +01:00
Neal H. Walfield
d1a0b520b1 gpg: Remove unused prototype digest_algo_from_sig.
* g10/packet.h (digest_algo_from_sig): Remove prototype without a
corresponding implementation.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-20 10:21:40 +02:00
Neal H. Walfield
a608ee750d gpg: Improve function documentation and some comments.
* g10/main.h: Improve function documentation.
* g10/packet.h.h: Improve function documentation.
* g10/sig-check.c: Improve function documentation and some comments.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:02 +02:00
Neal H. Walfield
0433e66702 gpg: Improve and regularize naming of signature checking functions.
* g10/packet.h (signature_check): Rename from this...
(check_signature): ... to this.  Update users.
(signature_check2): Rename from this...
(check_signature2): ... to this.  Update users.
* g10/sig-check.c (do_check): Rename from this...
(check_signature_end): ... to this.  Update users.
(do_check_messages): Rename from this...
(check_signature_metadata_validity): ... to this.  Update users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-10-19 20:11:01 +02:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
2acceba5cc
gpg: Fix a practical hang after use of --faked-system-time.
* g10/sign.c (update_keysig_packet): Bail out if we would need to long
for a new timestamp.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-01 17:59:22 +02:00
Neal H. Walfield
bd0c902f1d g10: Remove unused field req_algo.
* g10/packet.h (PKT_public_key): Remove unused field req_algo.  Remove
users.
* g10/getkey.c (struct getkey_ctx_s): Remove unused field req_algo.
Remove users.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-02 15:08:58 +02:00
Neal H. Walfield
4f37820334 common: Don't assume on-disk layout matches in-memory layout.
* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *.  Update users.

--
revkey was a pointer into the raw data.  But, C doesn't guarantee that
there is no padding.  Thus, we copy the data.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:08 +02:00
Neal H. Walfield
026feff4a8 Add documentation for g10/parse-packet.c.
* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Neal H. Walfield
c46e8bfe9a g10/packet.h: Remove unused argument from enum_sig_subpkt.
* g10/packet.h (enum_sig_subpkt): Remove argument RET_N.  Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.

--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.

Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-20 14:16:29 +02:00
Werner Koch
64e809b791
gpg: New command --quick-adduid.
* g10/keygen.c (ask_user_id): Factor some code out to ...
(uid_already_in_keyblock): new.
(generate_user_id): Add arg UIDSTR.  Fix leaked P.
* g10/keyedit.c (menu_adduid): Add new arg uidstring.  Adjust caller.
(keyedit_quick_adduid): New.
* g10/gpg.c (aQuickAddUid): New.
(opts):  Add command --quick-adduid.
(main): Implement that.
--

GnuPG-bug-id: 1956
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 16:08:57 +02:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00