1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-04 20:38:50 +01:00
Commit Graph

944 Commits

Author SHA1 Message Date
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
958e5f292f gpg: Avoid NULL-deref in default key listing.
* g10/keyid.c (hash_public_key): Take care of NULL keys.
* g10/misc.c (pubkey_nbits): Ditto.
--

This problem was mainly due to our ECC code while checking for opaque
MPIs with the curve name.
2014-06-02 19:54:22 +02:00
Werner Koch
f3249b1c4d gpg: Simplify default key listing.
* g10/mainproc.c (list_node): Rework.
--

GnuPG-bug-id: 1640
2014-06-02 19:50:18 +02:00
Werner Koch
d9cde7ba7d gpg: Graceful skip reading of corrupt MPIs.
* g10/parse-packet.c (mpi_read): Change error message on overflow.
--

This gets gpg 2.x in sync to what gpg 1.4 does.  No need to die for a
broken MPI.

GnuPG-bug-id: 1593

Resolved conflicts:
	g10/parse-packet.c - whitespaces fixes.
2014-06-02 18:42:45 +02:00
Werner Koch
99972bd6e9 gpg: Fix bug parsing a zero length user id.
* g10/getkey.c (get_user_id): Do not call xmalloc with 0.

* common/xmalloc.c (xmalloc, xcalloc): Take extra precaution not to
pass 0 to the arguments.
--

The problem did not occur in 1.x because over there the xmalloc makes
sure to allocate at least one byte.  With 2.x for most calls the
xmalloc of Libgcrypt is used and Libgcrypt returns an error insteead
of silent allocating a byte.  Thus gpg 2.x bailed out with an
"Fatal: out of core while allocating 0 bytes".

The extra code in xmalloc.c is for more robustness for the other
xmalloc calls.
2014-06-02 11:47:25 +02:00
Werner Koch
25036ec6ab gpg: Fix uninitialized access to search descindex with gpg keyboxes.
* kbx/keybox-search.c (keybox_search): Add arg  R_DESCINDEX.  Chnage
both callers.
* g10/keydb.c (keydb_search): Always set DESCINDEX.
--

This only affects the new keybox for OpenPGP keys in 2.1.  The bug
exhibited itself by running GPA's backup command on Windows.
2014-05-14 18:13:11 +02:00
Werner Koch
455a4a2212 gpg: Remove useless diagnostic in MDC verification.
* g10/decrypt-data.c (decrypt_data): Do not distinguish between a bad
MDC packer header and a bad MDC.
--

The separate diagnostic was introduced for debugging a problems.  For
explaining an MDC error a single error message is easier to
understand.
2014-05-14 08:56:39 +02:00
Werner Koch
b2945c451d gpg: Fix glitch entering a full expiration time.
* g10/keygen.c (ask_expire_interval): Get the current time after the
prompt.
--

This almost avoid that an entered full ISO timestamp is not used as
given but off by the time the user required to enter the timestamp.

GnuPG-bug-id: 1639
2014-05-14 08:56:36 +02:00
Werner Koch
cb2aeb4e11 Make more use of *_NAME macros.
* configure.ac (GPG_DISP_NAME, GPGSM_DISP_NAME): New.
(GPG_AGENT_DISP_NAME, SCDAEMON_DISP_NAME): New.
(DIRMNGR_DISP_NAME, G13_DISP_NAME): New.
(GPGCONF_DISP_NAME): New.
(SCDAEMON_SOCK_NAME): New.
* common/argparse.c (show_help): Map description string.
2014-05-08 10:28:23 +02:00
Werner Koch
359c643d74 gpg: Print the key algorithm/curve with signature info.
* g10/mainproc.c (check_sig_and_print): Print the name and curve.
2014-05-07 15:05:34 +02:00
Werner Koch
e73edfb175 gpg: Fix memleak in signature verification of bogus keys.
* g10/mainproc.c (check_sig_and_print): Factor common code out to ...
(print_good_bad_signature): here.
--

P was not released if the key had no user id.
2014-05-07 14:36:34 +02:00
Werner Koch
e5279c85a0 gpg: Fix indendation of check_sig_and_print.
--
2014-05-07 14:08:42 +02:00
Werner Koch
09055aa0f7 gpg: Mark experimental algorithms in the key listing.
* g10/keylist.c (list_keyblock_print): Remove duplicate curve name.
Print a note for experimental algorithms.
* g10/misc.c (print_pubkey_algo_note): Fix warning message.
2014-05-07 13:50:00 +02:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
Werner Koch
6477e51919 Use "samethread" mode keyword for some es_fopenmem.
* dirmngr/ks-engine-hkp.c (armor_data): Add mode keyword.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* scd/atr.c (atr_dump): Ditto.
2014-05-06 09:49:26 +02:00
NIIBE Yutaka
21dab64030 ECC Fixes.
* agent/cvt-openpgp.c (get_keygrip, convert_secret_key)
(convert_transfer_key): Follow newer (>= 1.6) libgcrypt API, which
does not distinguish the detail.
(do_unprotect, convert_from_openpgp_main): Don't call
map_pk_openpgp_to_gcry, as it's the value of libgcrypt API already and
not the value defined by OpenPGP.
(convert_to_openpgp): It's "ecc".
* agent/gpg-agent.c (map_pk_openpgp_to_gcry): Remove.
* g10/call-agent.c (agent_pkdecrypt): Fix off-by-one error.
* g10/pubkey-enc.c (get_it): Fix swapping the fields error.
2014-04-28 10:36:16 +09:00
Werner Koch
ffa39be5eb gpg: Print a warning if GKR has hijacked gpg-agent.
* g10/call-agent.c (check_hijacking): New.
(start_agent): Call it.
(membuf_data_cb, default_inq_cb): Move more to the top.
--

Note that GUIs may use the gpg status line

[GNUPG:] ERROR check_hijacking 33554509

to detect this and print an appropriate warning.
2014-04-22 12:50:15 +02:00
Werner Koch
e184a11f94 gpg: New %U expando for the photo viewer.
* g10/photoid.c (show_photos): Set namehash.
* g10/misc.c (pct_expando): Add "%U" expando.
--

This makes is possible to extract all photos ids from a key to
different files.
2014-04-17 21:44:09 +02:00
Werner Koch
db3b528239 gpg: Re-enable secret key deletion.
* g10/call-agent.c (agent_delete_key): New.
* g10/keydb.h (FORMAT_KEYDESC_DELKEY): New.
* g10/passphrase.c (gpg_format_keydesc): Support new format.
* g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 19:44:50 +02:00
Werner Koch
d25d00b89e gpg: Re-indent a file.
* g10/delkey.c: Re-indent.
(do_delete_key, delete_keys): Change return type top gpg_error_t.
2014-04-15 19:44:48 +02:00
Werner Koch
c4d983239a gpg: Fix regression in secret key export.
* agent/cvt-openpgp.c (convert_to_openpgp): Fix use
gcry_sexp_extract_param.
* g10/export.c (do_export_stream): Provide a proper prompt to the
agent.
--

NB: The export needs more work, in particular the ECC algorithms.
2014-04-15 19:44:42 +02:00
Werner Koch
e549799db6 gpg: Change pinentry prompt to talk about "secret key".
* g10/passphrase.c (gpg_format_keydesc): Add mode 2.  Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New.  Use them for clarity.
--

The use of the term "certificate" was more confusing than helpful.
2014-04-15 19:29:57 +02:00
NIIBE Yutaka
40c3b0741e g10: EdDSA support.
* g10/keyid.c (keygrip_from_pk): Compute keygrip of EdDSA key.
* g10/keygen.c (generate_subkeypair): Ed25519 is for EdDSA.
* common/openpgp-oid.c (oid_ed25519): Update.
2014-04-08 11:59:39 +09:00
Werner Koch
b6786cc3ec gpg: Add commands --quick-sign-key and --quick-lsign-key.
* g10/gpg.c (main): Add commands --quick-sign-key and
--quick-lsign-key.
* g10/keyedit.c (sign_uids): Add args FP and QUICK.
(keyedit_quick_sign): New.
(show_key_with_all_names): Add arg NOWARN.
2014-03-27 16:33:40 +01:00
Werner Koch
4f50ec98dd Change some keyedit functions to allow printing to arbitrary streams.
* common/ttyio.c (tty_print_string): Add optional arg FP. Change all
callers.
(tty_print_utf8_string2): Ditto.
* g10/keyedit.c (show_prefs):  Ditto.
(show_key_with_all_names_colon): Ditto.
(show_names): Ditto.
* g10/keylist.c (print_revokers): Ditto.
(print_fingerprint): Ditto.
2014-03-27 12:59:55 +01:00
Werner Koch
f90cfe6b66 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 18:14:23 +01:00
Werner Koch
1e2e39c575 gpg: Make --auto-key-locate work again with keyservers.
* dirmngr/ks-engine-hkp.c (ks_hkp_get): Allow exact search mode.
* g10/keyserver.c (keyserver_import_name): Implement.
(keyserver_get): Use exact mode for name based import.
(keyserver_get): Add args R_FPR and R_FPRLEN.  Change all callers.
2014-03-17 15:39:33 +01:00
Werner Koch
1d642d3ca8 gpg: New mechanism "clear" for --auto-key-locate.
* g10/getkey.c (parse_auto_key_locate): Implement "clear".
2014-03-17 15:36:15 +01:00
Werner Koch
a401f768ca gpg: Print the actual used keyserver address.
* dirmngr/ks-engine-hkp.c (ks_hkp_search, ks_hkp_get): Print SOURCE
status lines.
* g10/call-dirmngr.c (ks_status_parm_s): New.
(ks_search_parm_s): Add field stparm.
(ks_status_cb): New.
(ks_search_data_cb): Send source to the data callback.
(gpg_dirmngr_ks_search): Change callback prototope to include the
SPECIAL arg.  Adjust all users.  Use ks_status_cb.
(gpg_dirmngr_ks_get): Add arg r_source and use ks_status_cb.
* g10/keyserver.c (search_line_handler): Adjust callback and print
"data source" disgnostic.
(keyserver_get): Print data source diagnostic.
--

It has often been requested that the actually used IP of a keyservers
is shown in with gpg --recv-key and --search-key.  This is helpful if
the keyserver is actually a pool of keyservers.  This patch does this.
2014-03-14 16:12:54 +01:00
Werner Koch
6dd5d99a61 gpg: Add option --dirmngr-program.
* g10/gpg.c: Add option --dirmngr-program.
* g10/options.h (struct opt): Add field dirmngr_program.
* g10/call-dirmngr.c (create_context): Use new var.

* dirmngr/dirmngr.c: Include gc-opt-flags.h.
(main): Remove GC_OPT_FLAG_*.
* tools/gpgconf-comp.c (GC_OPT_FLAG_NO_CHANGE): Move macro to ...
* common/gc-opt-flags.h: here.
2014-03-12 18:35:36 +01:00
Werner Koch
99135b89ce Comment typo fixes
--
2014-03-12 14:33:51 +01:00
Werner Koch
8e9b1aa563 Comment fixes.
--

Reported-by: Daniel Kahn Gillmor
(cherry picked from commit 7db5c81e3a)
2014-03-10 15:13:12 +01:00
Werner Koch
4387ecb11c Silence more warnings about unused vars and args.
* dirmngr/cdblib.c (cdb_init) [W32]: Remove unused var.
* dirmngr/dirmngr-client.c (start_dirmngr): s/int/assuan_fd_t/.
* dirmngr/dirmngr.c (w32_service_control): Mark unused args.
(call_real_main): New.
(main) [W32]: Use new function to match prototype.
(real_main) [W32]: Mark unused vars.
(handle_signal) [W32]: Do not build the function at all.
(handle_connections) [W32]: Do not define signo.
* dirmngr/ldap-wrapper-ce.c (outstream_reader_cb): Remove used vars.
* g10/tdbio.c (ftruncate) [DOSISH]: Define only if not yet defined.
2014-03-07 19:05:41 +01:00
Werner Koch
094aa2589e w32: Silence warnings about unused vars.
* agent/gpg-agent.c (main) [W32]: Mark unused vars.
* sm/gpgsm.c (run_protect_tool) [W32]: Ditto.
* g10/trustdb.c (check_regexp) [DISABLE_REGEX]: Ditto.
* scd/scdaemon.c (main) [W32]: Ditto.
(handle_connections) [W32]: Ditto.
(handle_signal) [W32]: Do not build the function at all.
* scd/apdu.c (pcsc_send_apdu_direct): Ditto.
(connect_pcsc_card): s/long/pcsc_dword_t/.
(open_pcsc_reader_direct): Remove var listlen.
2014-03-07 16:11:15 +01:00
Werner Koch
3032fc3ad7 Silence several warnings when building under Windows.
* agent/call-scd.c (start_scd): Replace int by assuan_fd_t.
(start_pinentry): Ditto.
* common/asshelp.c (start_new_gpg_agent): Replace int by assuan_fd_t.
* common/dotlock.c (GNUPG_MAJOR_VERSION): Include stringhelp.h for
prototypes on Windows and some other platforms.
* common/logging.c (fun_writer): Declare addrbuf only if needed.
* g10/decrypt.c (decrypt_message_fd) [W32]: Return not_implemented.
* g10/encrypt.c (encrypt_crypt) [W32]: Return error if used in server
mode.
* g10/dearmor.c (dearmor_file, enarmor_file): Replace GNUPG_INVALID_FD
by -1 as temporary hack for Windows.
* g10/export.c (do_export): Ditto.
* g10/revoke.c (gen_desig_revoke, gen_revoke): Ditto.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file): Ditto.
* g10/server.c (cmd_verify, gpg_server) [W32]: Return an error.
--

The gpg server mode is not actual working and thus we can avoid the
warnings by explicitly disabling the mode.  We keep it working under
Unix, though.
2014-03-07 16:06:35 +01:00
Werner Koch
cb0dcc3408 w32: Include winsock2.h to silence warnings. 2014-03-07 14:18:43 +01:00
Werner Koch
d8f0b83e4f gpg: Do not require a trustdb with --always-trust.
* g10/tdbio.c (tdbio_set_dbname): Add arg R_NOFILE.
* g10/trustdb.c (trustdb_args): Add field no_trustdb.
(init_trustdb): Set that field.
(revalidation_mark):  Take care of a nonexistent trustdb file.
(read_trust_options): Ditto.
(tdb_get_ownertrust): Ditto.
(tdb_get_min_ownertrust): Ditto.
(tdb_update_ownertrust): Ditto.
(update_min_ownertrust): Ditto.
(tdb_clear_ownertrusts): Ditto.
(tdb_cache_disabled_value): Ditto.
(tdb_check_trustdb_stale): Ditto.
(tdb_get_validity_core): Ditto.
* g10/gpg.c (main): Do not create a trustdb with most commands for
trust-model always.
--

This slightly changes the semantics of most commands in that they
won't create a trustdb if --trust-model=always is used.  It just does
not make sense to create a trustdb if there is no need for it.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1a0eeaacd1)

Resolved conflicts:
	NEWS
	g10/trustdb.c: Manually apply changes due to changed
                       function names.

Note that this also includes the fix for clear_ownertrust, see
GnuPG-bug-id: 1622.
2014-03-07 10:44:27 +01:00
Werner Koch
dfb25d47a9 gpg: Print a "not found" message for an unknown key in --key-edit.
* g10/keyedit.c (keyedit_menu): Print message.
--

GnuPG-bug-id: 1420
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 0bf54e60d3)

Resolved conflicts:
	g10/keyedit.c: Fix white spaces
2014-03-07 10:18:32 +01:00
Werner Koch
db1f74ba53 gpg: Protect against rogue keyservers sending secret keys.
* g10/options.h (IMPORT_NO_SECKEY): New.
* g10/keyserver.c (keyserver_spawn, keyserver_import_cert): Set new
flag.
* g10/import.c (import_secret_one): Deny import if flag is set.
--

By modifying a keyserver or a DNS record to send a secret key, an
attacker could trick a user into signing using a different key and
user id.  The trust model should protect against such rogue keys but
we better make sure that secret keys are never received from remote
sources.

Suggested-by: Stefan Tomanek
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit e7abed3448)

Resolved conflicts:
	g10/import.c
	g10/keyserver.c
2014-03-07 10:14:05 +01:00
Werner Koch
7c4bfa599f gpgv: Init Libgcrypt to avoid syslog warning.
* g10/gpgv.c (main): Check libgcrypt version and disable secure
memory.
--

GnuPG-bug-id: 1376
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 3966eb2445)

Resolved conflicts:
	g10/gpgv.c
2014-03-07 09:58:22 +01:00
Werner Koch
0ab752cc2d gpg: Remove legacy keyserver examples from the template conf file.
* g10/options.skel: Update.

(cherry picked from commit f3c5cc8bcd)
2014-03-07 09:53:29 +01:00
NIIBE Yutaka
5ed8e9335f Fix g10/trust.c.
* g10/trust.c (register_trusted_keyid, register_trusted_key)
(update_ownertrust): Call functions with tdb_.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-03-06 16:23:10 +09:00
Werner Koch
47e6b6bad1 gpg: Silent more compiler warnings due to some configure options.
* g10/keygen.c (generate_keypair, gen_card_key)
(gen_card_key_with_backup) [!ENABLE_CARD_SUPPORT]: Mark unused args.
2014-02-10 23:15:34 +01:00
Werner Koch
7901c5c2a3 gpg: Cleanup compiler warnings due to some configure options.
* g10/photoid.c (show_photos) [DISABLE_PHOTO_VIEWER]: Mark args as
unused.
* tools/gpgconf-comp.c (my_dgettext): Mark DOMAIN as unused if NLS is
not configured.
2014-02-10 23:15:28 +01:00
Werner Koch
62fb86c658 gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above.  Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.

* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.

* tests/openpgp/defs.inc (opt_always): New.  Use in all tests instead
of --always-trust.
2014-02-10 17:46:40 +01:00
Werner Koch
8e0ba4ecd3 Allow disabling of card support.
* configure.ac: Add option --disable-card-support.  Also add
am_conditional and do not build scd if card support is enabled.
2014-02-07 13:58:12 +01:00
Werner Koch
357b142e72 gpg: List only available algos in --gen-key.
* g10/keygen.c (ask_algo, ask_curve): Take care of GPG_USE_<algo>.
2014-02-07 13:45:11 +01:00
Werner Koch
54a11729fb gpg: Change --print-mds to output enabled OpenPGP algos.
* g10/gpg.c (print_mds): Use opengpg_md_test_algo.  Test also for MD5
availibility.
2014-02-07 13:43:39 +01:00
Werner Koch
aa76a16606 gpg: Avoid compiler warnings for disabled algos.
* g10/misc.c (map_cipher_openpgp_to_gcry): Add case for disabled algo.
(openpgp_pk_test_algo2): Ditto.
(map_md_openpgp_to_gcry): Ditto.
2014-02-07 13:41:04 +01:00
Werner Koch
2c814806d7 gpg: Change format for the key size in --list-key and --edit-key.
* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto.  Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--

For ECC it seems to be better to show the name of the curve and not
just the size of the prime field.  The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either.  Thus the new format uses

   "rsa2048"    - RSA with 2048 bit
   "elg1024"    - Elgamal with 1024 bit
   "ed25519"    - ECC using the curve Ed25519.
   "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".

unless --legacy-list-mode is given.  In does not anymore line up
nicely in columns thus I expect further changes to this new format.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
Werner Koch
2ba818de1a gpg: Add configure options to disable algorithms
* acinclude.m4 (GNUPG_GPG_DISABLE_ALGO): New.
* configure.ac: Add --enable-gpg-* options to disable non MUS
algorithms.
* g10/misc.c (map_cipher_openpgp_to_gcry): Implement these options.
(openpgp_pk_test_algo2): Ditto.
(map_md_openpgp_to_gcry): Ditto.
(openpgp_cipher_test_algo, openpgp_md_test_algo): Simplify.
--

We have a similar feature in GnuPG-1.  Although we don't shrink the
size of the gpg binary by disabling algorithms (they are implemented
in Libgcrypt), this feature may still be useful for inerop testing.
2014-01-31 22:47:11 +01:00
Werner Koch
71540d4041 gpg: Improve --version algo info output.
* g10/misc.c (openpgp_pk_algo_name): Return a different string for
each ECC algorithm.
* g10/gpg.c (build_list_pk_test_algo): New wrapper to cope with the
different algo type enums.
(build_list_pk_algo_name): Ditto.
(build_list_cipher_test_algo): Ditto.
(build_list_cipher_algo_name): Ditto.
(build_list_md_test_algo): Ditto.
(build_list_md_algo_name): Ditto.
(my_strusage): Use them.
(list_config): Ditto. Add "pubkeyname".
(build_list): Add letter==1 hack.
2014-01-31 15:55:04 +01:00
Werner Koch
bf50604a0d gpg: Start using OpenPGP digest algo ids.
* g10/misc.c (print_pubkey_algo_note): Use enum typedef for the arg.
(print_cipher_algo_note): Ditto.
(print_digest_algo_note): Ditto.
(map_md_openpgp_to_gcry): New.
(openpgp_md_test_algo): Rewrite.
(openpgp_md_algo_name): Rewrite to do without Libgcrypt.
* g10/cpr.c (write_status_begin_signing): Remove hardwired list of
algo ranges.
2014-01-31 15:33:03 +01:00
Werner Koch
16a6311ade gpg: Use only OpenPGP cipher algo ids.
* g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
use enums for the arg and return value.
(map_cipher_gcry_to_openpgp): Ditto.
(openpgp_cipher_blocklen): Use constant macros.
(openpgp_cipher_test_algo): Use mapping function and prepare to
disable algorithms.
(openpgp_cipher_algo_name): Do not use Libgcrypt.

* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
CGRY_CIPHER_* by CIPHER_ALGO_*.

* common/openpgpdefs.h (cipher_algo_t): Remove unused
CIPHER_ALGO_DUMMY.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-31 14:35:49 +01:00
Werner Koch
b7f8dec632 gpg: Use only OpenPGP public key algo ids and add the EdDSA algo id.
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.

* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.

* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip):  Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--

This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones.  This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.

This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA.  As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF.  Note that EdDSA (Ed25519)
does not yet work and that more changes are required.

The ECC support is still broken right now.  Needs to be fixed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-30 18:48:37 +01:00
Werner Koch
ea8a1685f7 gpg: Remove cipher.h and put algo ids into a common file.
* common/openpgpdefs.h (cipher_algo_t, pubkey_algo_t, digest_algo_t)
(compress_algo_t): New.
* agent/gpg-agent.c: Remove ../g10/cipher.h. Add openpgpdefs.h.
* g10/cipher.h (DEK): Move to ...
* g10/dek.h: new file.
* g10/cipher.h (is_RSA, is_ELGAMAL, is_DSA)
(PUBKEY_MAX_NPKEY, PUBKEY_MAX_NSKEY, PUBKEY_MAX_NSIG, PUBKEY_MAX_NENC)
(PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC, PUBKEY_USAGE_CERT)
(PUBKEY_USAGE_AUTH, PUBKEY_USAGE_NONE): Move to
* g10/packet.h: here.
* g10/cipher.h: Remove.  Remove from all files.
* g10/filter.h, g10/packet.h:  Include dek.h.
* g10/Makefile.am (common_source): Remove cipher.h.  Add dek.h.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 20:35:05 +01:00
Werner Koch
25b4c2acbd include: Remove this directory.
* include/cipher.h: Move to ...
* g10/cipher.h: here.
* agent/gpg-agent.c: Adjust header file name.

* include/host2net.h: Move to ...
* common/host2net.h: here.  Change license to LGPLv3/GPLv2.  Adjust
notices to reflect that only me worked on that file.

* include/types.h: Remove.
* common/types.h: Include inttypes.h.  Add byte typedef and comments
for __riscos__.
* common/iobuf.h: Adjust header file name.

* include/_regex.h: Remove this unused file.

* include/Makefile.am: Remove.
* Makefile.am (SUBDIRS): Remove "include".
* configure.ac (AC_CONFIG_FILES): Remove include/Makefile.
* include/ChangeLog-2011: Move to ...
* common/ChangeLog-2011.include: here.
* common/Makefile.am (EXTRA_DIST): Add file.

* include/zlib-riscos.h: Move this repo only file to ...
* g10/zlib-riscos.h: here.

* include/: Remove.
--

include/ was a leftover from GnuPG 1.x times.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-01-29 17:45:05 +01:00
Werner Koch
47bb0d7683 gpg: Add another card vendor id.
--
2014-01-29 15:19:20 +01:00
NIIBE Yutaka
c5e41f539b Add secp256k1.
* common/openpgp-oid.c (openpgp_curve_to_oid): Add secp256k1.
(openpgp_oid_to_curve): Likewise.

* g10/keygen.c (ask_curve): Add secp256k1.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2014-01-15 15:00:24 +09:00
Werner Koch
101a54add3 gpg: Change --show-session-key to print the session key earlier.
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-12-11 10:20:15 +01:00
Werner Koch
e951782e93 gpg: Change armor Version header to emit only the major version.
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1.  Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--

GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-27 09:20:02 +01:00
Werner Koch
cc9a0b69b6 Make use of the *_NAME etc macros.
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.

* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
2013-11-18 14:09:47 +01:00
Werner Koch
5499942571 kbx: Implement update operation for OpenPGP keyblocks.
* kbx/keybox-update.c (keybox_update_keyblock): Implement.
* kbx/keybox-search.c (get_blob_flags): Move to ...
* kbx/keybox-defs.h (blob_get_type): here.
* kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
* g10/keydb.c (build_keyblock_image): Allow calling without
R_SIGSTATUS.
(keydb_update_keyblock): Implement for keybox.

* kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
size.  Print "does not expire" also on 64 bit platforms.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 15:54:31 +01:00
Werner Koch
a0102a548d Fix minor compiler warnings.
--
2013-11-15 15:49:34 +01:00
Werner Koch
402aa0f948 gpg: Rework ECC support and add experimental support for Ed25519.
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New.  Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case.  Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--

Be warned that this code is subject to further changes and that the
format will very likely change before a release.  There are also known
bugs and missing code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-11-15 09:01:11 +01:00
Werner Koch
e6175055fb gpg: Limit the nesting level of I/O filters.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 35e40e2d51)

Resolved conflicts:
	common/iobuf.c
	g10/mainproc.c
2013-10-04 14:05:59 +02:00
Werner Koch
0899f6d4be gpg: Fix bug with deeply nested compressed packets.
* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-10-02 09:11:43 +02:00
Werner Koch
4c3b35b067 gpg: Use 2048 as the default keysize in batch mode.
* g10/keygen.c (gen_elg, gen_dsa, gen_rsa): Set default keysize to
2048.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-30 10:27:21 +02:00
Werner Koch
780ba32336 gpg: Make decryption with the OpenPGP card work.
* scd/app-common.h (APP_DECIPHER_INFO_NOPAD): New.
* scd/app-openpgp.c (do_decipher): Add arg R_INFO.
* scd/app-nks.c (do_decipher): Add arg R_INFO as a dummy.
* scd/app.c (app_decipher): Add arg R_INFO.
* scd/command.c (cmd_pkdecrypt): Print status line "PADDING".
* agent/call-scd.c (padding_info_cb): New.
(agent_card_pkdecrypt): Add arg R_PADDING.
* agent/divert-scd.c (divert_pkdecrypt): Ditto.
* agent/pkdecrypt.c (agent_pkdecrypt): Ditto.
* agent/command.c (cmd_pkdecrypt):  Print status line "PADDING".
* g10/call-agent.c (padding_info_cb): New.
(agent_pkdecrypt): Add arg R_PADDING.
* g10/pubkey-enc.c (get_it): Use padding info.
--

Decryption using a card never worked in gpg 2.1 because the
information whether the pkcs#1 padding needs to be removed was not
available.  Gpg < 2.1 too this info from the secret sub key but that
has gone in 2.1.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-28 17:40:32 +02:00
Werner Koch
498b9a95dc gpg: No need to create a trustdb when encrypting with --always-trust.
* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-08-02 09:10:17 +02:00
Werner Koch
7777e68d04 Implement unattended OpenPGP secret key import.
* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this.  Add arg 'passphrase'.  Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL.  Adjust all
callers.  Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--

With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent.  This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme.  With many secret keys this is quite some
usability hurdle.  In particular if a passphrase is not instantly
available.

To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used.  For example:

   gpg2 --batch --import mysecretkey.gpg

works without any user interaction due to the use of --batch.  Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk.  The next time,
the internal format of the key is used.

This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-05-22 10:14:57 +02:00
Werner Koch
88e24341e5 w32: Add icons and version information.
* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>

(cherry picked from commit 049b3d9ca0)

Solved conflicts in:

	agent/Makefile.am
	common/Makefile.am
	g10/Makefile.am
	scd/Makefile.am
	sm/Makefile.am
	tools/Makefile.am
2013-05-07 21:35:48 +02:00
Werner Koch
151b78cc26 Fix potential heap corruption in "gpg -v --version".
* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>

(cherry picked from commit 3402a84720)

Signed-off-by: Werner Koch <wk@gnupg.org>
2013-04-22 20:43:27 +02:00
Werner Koch
eaa6dc3a8b Merge branch 'master' into key-storage-work
--
2013-03-20 10:00:12 +01:00
Werner Koch
2739834206 Add code to allow for late memory cleanup.
* common/init.c (mem_cleanup_item_t): New.
(run_mem_cleanup): New.
(_init_common_subsystems): Add an atexit for it.
(register_mem_cleanup_func): New.

* g10/kbnode.c (cleanup_registered): New.
(release_unused_nodes): New.
(alloc_node): Call register_mem_cleanup_func.
--

It is often time consuming to figure out whether still allocated
memory at process termination is fine (e.g. a cache) or a problem.  To
help for that register_mem_cleanup_func may now be used to cleanup
such memory.  The run time of the program will be longer; if that
turns out to be a problem we can change the code to only run in
debugging mode.
2013-03-20 09:50:17 +01:00
Werner Koch
c4dbd1b2de gpg: Print indicator for unknown key capability.
* g10/keylist.c (print_capabilities): Print '?' for unknown usage.
2013-03-19 17:26:42 +01:00
Daniel Kahn Gillmor
b693ec02c4 gpg: Allow setting of all zero key flags
* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.
2013-03-19 17:26:42 +01:00
Werner Koch
4bde12206c gpg: Distinguish between missing and cleared key flags.
* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.
2013-03-19 17:26:42 +01:00
Werner Koch
585d5c62ee Use has_leading_keyword in the assuan callbacks.
* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.
2013-02-22 10:56:13 +01:00
Werner Koch
161674118d gpg: Fix a memory leak in batch key generation
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
2013-02-22 09:30:07 +01:00
Werner Koch
baee681d24 gpg: Handle the agent's NEW_PASSPHRASE inquiry.
* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
2013-02-22 09:30:02 +01:00
NIIBE Yutaka
7d376ffa32 gpg: fix keytocard and support ECC card for key attribute.
* g10/call-agent.c (agent_keytocard): Supply PARM arg.
* g10/card-util.c (card_status): Support ECC.
(card_store_subkey): Don't assume RSA.
2013-02-22 11:00:27 +09:00
Werner Koch
273bb38cd7 gpg: Fix a memory leak in batch key generation
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
2013-02-21 20:35:10 +01:00
Werner Koch
18a261b65f gpg: Handle the agent's NEW_PASSPHRASE inquiry.
* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.
2013-02-21 20:27:20 +01:00
Werner Koch
caddeef4a7 Merge branch 'master' into key-storage-work 2013-02-12 19:17:42 +01:00
NIIBE Yutaka
b90506ea22 gpg: Implement card_store_subkey again.
* g10/call-agent.h (agent_keytocard): New.
* g10/call-agent.c (agent_keytocard): New.
* g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
(card_generate_subkey): Check return value of replace_existing_key_p.
(card_store_subkey): Implement again using agent_keytocard.
2013-02-12 14:19:12 +09:00
Werner Koch
21feecd48f gpg: Add pinentry-mode feature.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.
2013-02-07 20:37:58 +01:00
Werner Koch
1cd6445eec gpg: Add status line PINENTRY_LAUNCHED.
* common/status.h (STATUS_PINENTRY_LAUNCHED): New.
* g10/server.c (server_local_s): Add field allow_pinentry_notify.
(option_handler): Add option "allow-pinentry-notify".
(gpg_proxy_pinentry_notify): New.
* g10/call-agent.c (default_inq_cb): Factor code out to the new
function.
2013-01-30 12:00:29 +01:00
Christian Aistleitner
60c58766ae gpg: Fix honoring --cert-digest-algo when recreating a cert
* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.
2013-01-11 13:48:59 +01:00
Werner Koch
492792378d gpg: Cache keybox searches.
* common/iobuf.c (iobuf_seek): Fix for temp streams.
* g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
* g10/keydb.c (dump_search_desc): New.
(enum_keyblock_states, struct keyblock_cache): New.
(keyblock_cache_clear): New.
(keydb_get_keyblock, keydb_search): Implement a keyblock cache.
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_rebuild_caches, keydb_search_reset): Clear the cache.
--

Gpg uses the key database at several places without a central
coordination.  This leads to several scans of the keybox for the same
key.  To improve that we now use a simple cache to store a retrieved
keyblock in certain cases.  In theory this caching could also be done
for old keyrings, but it is a bit more work and questionable whether
it is needed; the keybox scheme is anyway much faster than keyrings.

Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte
sample text we get these values for encrypt and decrypt operations on
an Core i5 4*3.33Ghz system.  The option --trust-model=always is used.
Times are given in milliseconds wall time.

|           | enc | dec | dec,q |
|-----------+-----+-----+-------|
| key 1     |  48 |  96 |    70 |
| key 10000 |  60 |  98 |    80 |
| key 20000 |  69 | 106 |    88 |
| 10 keys   | 540 | 290 |    70 |

The 10 keys test uses a mix of keys, the first one is used for
decryption but all keys are looked up so that information about are
printed.  The last column gives decryption results w/o information
printing (--quiet).

The keybox is always scanned sequentially without using any index.  By
adding an index to the keybox it will be possible to further reduce
the time required for keys stored to the end of the file.
2013-01-08 14:46:06 +01:00
Werner Koch
f3f5721e68 gpg: Remove a function wrapper.
* g10/keydb.h (keydb_search): Remove macro.
* g10/keydb.c (keydb_search2): Rename to keydb_search.  Change all
callers.
2013-01-08 09:43:21 +01:00
Werner Koch
f6d7b3f1ee gpg: Set the node flags while retrieving a keyblock.
* g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and
set the note flags accordingly.
(keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image.
* kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part)
(blob_cmp_name, blob_cmp_mail): Return the key/user number.
(keybox_search): Set the key and user number into the found struct.
(keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from
the found struct.
--

getkey.c needs to know whether the correct subkey was found.  Thus we
need to set the node flags the same way we did it with the keyring
storage.
2013-01-07 21:14:52 +01:00
Werner Koch
0baedfd25a New function log_clock.
* common/logging.c (log_clock): New.
* g10/gpg.c (set_debug): Print clock debug flag.
* g10/options.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
--

To actually use log_clock you need to enable the code in
logginc.c:log_check() and link against librt.  --debug 4096 may then
be used to enable it at runtime.
2013-01-07 16:51:24 +01:00
Werner Koch
7d00e52bd5 gpg: Allow generation of more than 4096 keys in one run.
* g10/getkey.c (cache_public_key): Make room in the cache if needed.
--

To create the selfsigs, the key generation code makes use of the key
cache.  However, after 4096 the cache is filled up and then disabled.
Thus generating more than 4096 keys in one run was not possible.  We
now clear the first half the inserted keys every time the cache gets
full.
2013-01-07 15:37:50 +01:00
Werner Koch
79f08fb069 gpg: Add signature cache support to the keybox.
* g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS.
(keydb_get_keyblock): Handle it.
(build_keyblock_image): Add arg SIGSTATUS.
(keydb_insert_keyblock): Handle it.
* kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS.
(_keybox_create_openpgp_blob): Ditto.
* kbx/kbxutil.c (import_openpgp): Adjust for above change.
* kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New.
* kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag.
(keybox_get_keyblock): Add arg R_SIGSTATUS.
* kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS.
--

With this change a key listing using the keybox format is now double
as fast as using a keyring.  The memory use dropped as well.  Measured
with about 1500 keys.
2012-12-28 17:17:56 +01:00
Werner Koch
a986383424 gpg: First working support for keyboxes.
* g10/getkey.c (get_pubkey_fast): Improve the assertion.
* kbx/keybox.h: Include iobuf.h.
* kbx/keybox-blob.c (keyboxblob_uid): Add field OFF.
(KEYBOX_WITH_OPENPGP): Remove use of this macro.
(pgp_create_key_part_single): New.
(pgp_temp_store_kid): Change to use the keybox-openpgp parser.
(pgp_create_key_part): Ditto.
(pgp_create_uid_part): Ditto.
(pgp_create_sig_part): Ditto.
(pgp_create_blob_keyblock): Ditto.
(_keybox_create_openpgp_blob): Ditto.
* kbx/keybox-search.c (keybox_get_keyblock): New.
* kbx/keybox-update.c (keybox_insert_keyblock): New.
* g10/keydb.c (parse_keyblock_image):
(keydb_get_keyblock): Support keybox.
(build_keyblock_image): New.
(keydb_insert_keyblock): Support keybox.

* kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print
a kbx file to stdout.

* kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6
bytes.
--

Import and key listing does now work with the keybox format.  It is
still quite slow and signature caching is completely missing.

Increasing the maximum allowed length for a keyblock was required due
to a 700k keyblock which inhibited kbxutil to list the file.
kbxutil's option name --import-openpgp is not quite appropriate
because it only creates KBX blobs from OpenPGP data.
2012-12-28 14:05:27 +01:00
Werner Koch
91e61d5253 gpg: First patches to support a keybox storage backend.
* kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to ..
* kbx/keybox.h: here.
* kbx/keybox-init.c (keybox_lock): Add dummy function
* g10/keydb.c: Include keybox.h.
(KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX.
(struct resource_item): Add field kb.
(maybe_create_keyring_or_box): Add error descriptions to diagnostics.
Add arg IS_BOX.  Write a header for a new keybox file.
(keydb_add_resource): No more need for the force flag.  Rename the
local variable "force" to "create".  Add URL scheme "gnupg-kbx".  Add
magic test to detect a keybox file.  Add basic support for keybox.
(keydb_new, keydb_get_resource_name, keydb_delete_keyblock)
(keydb_locate_writable, keydb_search_reset, keydb_search2): Add
support for keybox.
(lock_all, unlock_all): Ditto.
* g10/Makefile.am (needed_libs): Add libkeybox.a.
(gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround.

* g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY)
KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New.
* g10/gpg.c, g10/gpgv.c (main): Use new constants.
--

I did most of these changes back in 2011 and only cleaned them up
now.  More to follow soon.
2012-12-27 15:04:42 +01:00
Werner Koch
f0b33b6fb8 gpg: Import only packets which are allowed in a keyblock.
* g10/import.c (valid_keyblock_packet): New.
(read_block): Store only valid packets.
--

A corrupted key, which for example included a mangled public key
encrypted packet, used to corrupt the keyring.  This change skips all
packets which are not allowed in a keyblock.

GnuPG-bug-id: 1455

(cherry-picked from commit f795a0d59e)
2012-12-20 12:37:01 +01:00
Werner Koch
d61f7402f2 gpg: Make commit 2b3cb2ee actually work
* g10/sign.c (update_keysig_packet): Use digest_algo.

(cherry-picked from commit d23ec86095)
2012-12-19 12:40:21 +01:00
Werner Koch
8325d61659 gpg: Suppress "public key already present" in quiet mode.
* g10/pkclist.c (find_and_check_key, build_pk_list): Print a
diagnostic only in non-quiet mode.
2012-12-19 11:21:26 +01:00