* g10/build-packet.c (do_encrypted_aead): New.
(do_symkey_enc): Handle version 5.
(build_packet): Support the ENCRYPTED_AEAD packet.
* g10/cipher.c (MIN_PARTIAL_SIZE): Remove unused macro.
(AEAD_ENC_BUFFER_SIZE): New macro.
(my_iobuf_write): New.
(write_header): Rename to write_cfb_header. Adjust caller.
(set_ocb_nonce_and_ad): New.
(write_ocb_header): New.
(write_ocb_auth_tag): New.
(write_ocb_final_chunk): New.
(do_ocb_flush): New.
(do_ocb_free): New.
(cipher_filter_ocb): New.
* g10/filter.h (cipher_filter_context_t): Add fields for AEAD.
* g10/encrypt.c (encrypt_symmetric): For the use of a session key in
OCB mode.
(encrypt_seskey): Revamp to support OCB.
(use_aead): New.
(encrypt_simple): Support OCB.
(write_symkey_enc): Ditto.
(encrypt_crypt): Ditto.
(encrypt_filter): Handle OCB.
* g10/options.h (opt): Add field force_ocb.
* g10/gpg.c (oForceOCB): New.
(opts): New option "--force-ocb".
(main): Set force_ocb option.
* g10/gpgcompose.c (encrypt_seskey): New.
* g10/keygen.c (aead_available): New global var.
(keygen_set_std_prefs): Set AEAD feature by default in GNUPG mode. Add
parings of aead feature flag.
(keygen_get_std_prefs): Set aead flag.
(add_feature_aead): New.
(keygen_upd_std_prefs): Set OCB as preference if AEAD is enabled.
* g10/pkclist.c (select_aead_from_pklist): New.
(warn_missing_aead_from_pklist): New.
(select_mdc_from_pklist): Remove this unused function.
--
This extends the long available OCB and EAX decryption feature. Due
to the meanwhile expired patent on OCB there is no more reason for
using EAX. Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
In GNUPG mode new keys are now created with the AEAD feature flag set.
Option --rfc4880 is one way to disable this.
GnuPG-bug-id: 6263
* g10/keygen.c (ask_algo): Request keygrip via cpr_get.
* doc/help.txt (gpg.keygen.keygrip): New help text.
--
This change makes it possible to add an existing (sub)key to
another key via the status/command interface.
GnuPG-bug-id: 5771
(cherry picked from commit 19b1a28621c614b81f596e363b1ce49dd9fae115)
* common/openpgp-oid.c (openpgp_curve_to_oid): Add optional arg R_NBITS.
Change all callers.
--
In particular for ed25519 and cv25519 it is quite useful to have an
ability to get the required algorithm.
(cherry picked from commit 24095101a5069f15a9aea7512498ac436a76814a)
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--
In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter. Thus there should be no
problem because the assert call check s buffer first. For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable. That does not happen with our
log_assert. Tested with gcc 8.3.0 and valgrind 3.14.0.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change.
(gen_rsa): Set fallback to 3072.
(get_keysize_range): Set default to 3072.
* doc/examples/vsnfd.prf: No more need for default-new-key-algo.
Signed-off-by: Werner Koch <wk@gnupg.org>
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--
Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.
Signed-off-by: Werner Koch <wk@gnupg.org>
Cherry-picked-from-master: 4031c42bfd0135874a5b362df175de93a19f1b51
* g10/keygen.c (parse_key_parameter_part): Add arg R_KEYGRIP and
support the special algo "card".
(parse_key_parameter_string): Add args R_KEYGRIP and R_SUBKEYGRIP.
Handle the "card" algo. Adjust callers.
(parse_algo_usage_expire): Add arg R_KEYGRIP.
(quickgen_set_para): Add arg KEYGRIP and put it into the parameter
list.
(quick_generate_keypair): Handle algo "card".
(generate_keypair): Also handle the keygrips as returned by
parse_key_parameter_string.
(ask_algo): Support ed25519 from a card.
--
Note that this allows to create a new OpenPGP key from an initialized
OpenPGP card or from any other supported cards. It has been tested
with the TCOS Netkey card. Right now a stub file for the cards might
be needed; this can be achieved by running "gpgsm --learn" with the
card plugged in.
Example:
gpg --quick-gen-key foo@example.org card
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported from master d3f5d8544fdb43082ff34b106122bbf0619a0ead
which required to remove the extra key version args.
GnuPG-bug-id: 4681
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--
Note that this new menu 14 is always displayed. The usage flags can
be changed only in --expert mode, though.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit a480182f9d7ec316648cb64248f7a0cc8f681bc3)
Removed stuff from gpg-card which does not exists in 2.2. No tests
yet done for this backport.
* g10/parse-packet.c: Move max packet lengths constants to ...
* g10/packet.h: ... here.
* g10/build-packet.c (do_user_id): Return an error if too data is too
large.
* g10/keygen.c (write_uid): Return an error for too large data.
--
This can lead to keyring corruption becuase we expect that our parser
is abale to parse packts created by us. Test case is
gpg --batch --passphrase 'abc' -v \
--quick-gen-key $(yes 'a'| head -4000|tr -d '\n')
GnuPG-bug-id: 4532
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.
--
(cherry picked from commit 4324560b2c0bb76a1769535c383424a042e505ae)
This change matters when it is called from ask_card_keyattr.
Some-comments-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (generate_keypair): Show more info.
--
GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 1bfe766bcf3959135333900934f1a15c9b96c3cf)
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.
--
GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback. Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--
The problem here was that future-default gives the primary and subkey
algorithm. However, when using future-default for adding a key, the
second part was always used which is for encryption. If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.
gpg --batch --passphrase "" --quick-add-key FPR future-default encr
aready worked as did
gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign
but
gpg --batch --passphrase "" --quick-add-key FPR future-default sign
does only work with this fix.
GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string. And while at it we also
allow case-insensitivity.
GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order. When publishing
external preferences, state preference for SHA512 first.
--
SHA-512 has a wider security margin than SHA-256. It is also slightly
faster on most of the architectures on which GnuPG runs today. New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.
Specifically, this changes --default-preference-list from:
SHA256 SHA384 SHA512 SHA224
to:
SHA512 SHA384 SHA256 SHA224
This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--
We try to verify the primary key and thus seed the passphrase cache
before generating the subkey. However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error. This patch detects this error and continues without
a seeded passphrase cache. After all that pre-seeding is just a
convenience.
GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (proc_parameter_file): Don't check the result of
stpcpy.
--
Fixes-commit: 7089dcc54099a4909ce7d386c07ab87e1398e2eb
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (proc_parameter_file): Special case the email only
case.
--
Using a parameter file like
%ask-passphrase
key-type: RSA
key-length: 2048
key-usage: sign
subkey-type: RSA
subkey-length: 2048
subkey-usage: encrypt
name-email: foo@example.org
with "gpg --gen-key --patch" the result was this key
pub rsa2048 2017-09-11 [SC]
63A8C1BA12CC289A0E8072C971C7F8D4A18CE0BE
uid [ultimate] <foo@example.org>
sub rsa2048 2017-09-11 [E]
At least the the extra leading space the left angle bracket is wrong.
Further some mail providers reject keys which consist of more than
just a plain mail address. Using just a mail address is anyway the
new new suggested content for a user id. With this patch the key
will be
pub rsa2048 2017-09-11 [SC]
B302343C20EA6DECDB6A155135352F2520397080
uid [ultimate] foo@example.org
sub rsa2048 2017-09-11 [E]
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (do_generate_keypair): Only set fpr in
list_keyblock_direct invocation if neither --fingerprint nor
--with-fingerprints are given.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 2741
* g10/keygen.c (generate_subkeypair): Handle errors from pinentry.
--
Previously, when generating a subkey, gpg would ask for the passphrase
of the primary key. If that dialog is canceled, gpg would ask a
second time for a passphrase to protect the new subkey.
Fix this by handling the error.
GnuPG-bug-id: 3212
Signed-off-by: Justus Winter <justus@g10code.com>
--
For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions. Quite
a lot of changes but fortunately straightforward to do.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro. Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context. Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Always initialize the trust db when generating
keys.
* g10/keygen.c (do_generate_keypair): We can now assume that there is
a trust db.
--
It is important to mark keys we create as ultimately trusted.
Fixes-commit: 4735ab96aa5577d40ba7b3f72d863057198cc6a7
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keygen.c (do_generate_keypair): Only update the ownertrust if we
do have a trust database.
* g10/trustdb.c (have_trustdb): New function.
* g10/trustdb.h (have_trustdb): New prototype.
* tests/openpgp/quick-key-manipulation.scm: Remove workaround.
GnuPG-bug-id: 2695
Signed-off-by: Justus Winter <justus@g10code.com>
I already have copyright assignment with the FSF for GDB. I don't
think I'll need to do the DCO thing.
Signed-off-by: Manish Goregaokar <manish@mozilla.com>
* g10/keygen.c (keygen_set_std_prefs): Rename variable.
--
I consider it better not to use the name of a commonly used function.
Signed-off-by: Werner Koch <wk@gnupg.org>
* doc/gpg.texi: Document that fact.
* g10/keygen.c (quick_generate_keypair): Use a default value.
* tests/openpgp/quick-key-manipulation.scm: Test that fact.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/keygen.c (get_default_pubkey_algo): New.
(parse_key_parameter_string): Use it.
* g10/gpg.c (gpgconf_list): Take value from new function.
--
Note that consumers of that gpgconf-list value may need to be adjusted
to that new value. It should anyway only be used to display the
default algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--
The first change is the actual fix. The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.
Fixes-commit: ce29272e24e7b718b8fca9b84bc728e65f3dea24
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (default_expiration_interval): New variable.
(generate_keypair): Use the new default.
--
Cursory discussion on gnupg-devel@ suggested two years as a good
default expiration interval.
GnuPG-bug-id: 2701
Signed-off-by: Justus Winter <justus@g10code.com>
* common/openpgp-oid.c (openpgp_is_curve_supported): Add optional arg
R_ALGO and change all callers.
* common/util.h (GPG_ERR_UNKNOWN_FLAG): New error code.
* g10/options.h (struct opt): Add field DEF_NEW_KEY_ALGO.
* g10/gpg.c (oDefaultNewKeyAlgo): New enum.
(opts): New option "--default-new-key-algo".
(main): Set the option.
* g10/keygen.c: Remove DEFAULT_STD_ FUTURE_STD_ constants and replace
them by ...
(DEFAULT_STD_KEY_PARAM, FUTURE_STD_KEY_PARAM): new string constants.
(get_keysize_range): Remove arg R_DEF and return that value instead.
Change all callers.
(gen_rsa): Use get_keysize_range instead of the removed
DEFAULT_STD_KEYSIZE.
(parse_key_parameter_part): New function.
(parse_key_parameter_string): New function.
(quick_generate_keypair): Refactor using parse_key_parameter_string.
(generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
This new option is intended to be used in the forthcoming
--set-profile command of gpgconf. It allows to provide a gpg
configuration with custom defaults for a new key using the simple
commands which use the default algorithm set.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (CO_DE_VS): New.
(GNUPG): Also allow CO_DE_VS.
* g10/gpg.c (oDE_VS): New.
(parse_compliance_option): Add "de-vs".
(set_compliance_option): Set "de-vs".
* g10/misc.c (compliance_option_string): Return a description string.
(compliance_failure): Ditto.
* g10/keygen.c (ask_algo): Take care of CO_DE_VS.
(get_keysize_range): Ditto.
(ask_curve): Add new field to CURVES and trun flags into bit flags.
Allow only Brainpool curves in CO_DE_VS mode.
--
As of now this compliance mode only restricts the set of algorithms
and curves which can be created.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_algo_usage_expire): Use a different error
message for an unknown algorithm name.
--
GnuPG-bug-id: 2832
Signed-off-by: Werner Koch <wk@gnupg.org>