* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it. Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--
This new option can be used to detect ROCA affected keys. To scan an
entire keyring and print the affected fingerprints use this:
gpg -k --with-key-screening --with-colons | gawk -F: \
'$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
$1=="fpr" && found {print $10}; {found=0}'
The same works for gpgsm. Note that we need gawk due to the "\<" in
the r.e.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac (ENABLE_LOG_CLOCK): New ac_define and option.
* common/logging.c (log_clock): Use ENABLE_LOG_CLOCK to enable
timestamp printing.
* g10/call-agent.c (agent_pksign): Time signing.
* g10/sig-check.c (check_signature_end_simple): Time verification.
--
Timing for verification is limited to data signatures because this is
the most common thing to evaluate. We should consider to change
log_clock to printf style so that we could print the signature class
and other info.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/gettime.c (isotime_p): Accept the Z suffix.
--
The intention is use for human interface.
GnuPG-bug-id: 3278
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/exechelp-posix.c (gnupg_wait_processes): Loop for r_exitcodes
even if we already see an error.
--
The value stored by waitpid for exit code is encoded; It requires
decoded by WEXITSTATUS macro, regardless of an error.
For example, when one of processes is already exited and another is
still running, it resulted wrong value of in r_exitcodes[n].
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/compliance.c (gnupg_pk_is_allowed): Rework to always allow
verification.
* g10/mainproc.c (check_sig_and_print): Print a con-compliant warning.
* g10/sig-check.c (check_signature2): Use log_error instead of
log_info.
--
We should be able to verify all signatures. So we only print a
warning. That is the same beheavour as for untrusted keys etc.
GnuPG-bug-id: 3311
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Remove the Elgamal
signing check. We don't support Elgamal signing at all.
(gnupg_pk_is_allowed) <de-vs>: Revert encryption/decryption for RSA.
Check the curvenames for ECDH.
* g10/pubkey-enc.c (get_session_key): Print only a warning if the key
is not compliant.
* sm/decrypt.c (gpgsm_decrypt): Ditto. Use the same string as in gpg
so that we have only one translation.
--
We always allow decryption and print only a note if the key was not
complaint at the encryption site.
GnuPG-bug-id: 3308
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (default_homedir): Strip trailing slashes.
(gnupg_set_homedir): Ditto.
--
is_gnupg_default_homedir() does not ignore trailing slashes when
comparing directory names. This can lead to multiple agents started
on the same directory if the homedir was specified with --homedir or
GNUPGHOME without or with a number of slashes.
We now make sure that the home directory name never ends in a
slash (except for the roo of course).
GnuPG-bug-id: 3295
Signed-off-by: Werner Koch <wk@gnupg.org>
* argparse.h (ARGPARSE_SHORTOPT_HELP, ARGPARSE_SHORTOPT_VERSION,
ARGPARSE_SHORTOPT_WARRANTY, ARGPARSE_SHORTOPT_DUMP_OPTIONS): New
macros.
(ARGPARSE_end): Add some placeholders for standard options.
* argparse.c (arg_parse): Fill in missing standard options so
default machinery works. Check for standard options in new way.
Do not write out standard options for --dump-options.
Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 1747
* common/compliance.c (gnupg_rng_is_compliant): New.
* g10/call-agent.c (start_agent) [W32]: Check rng compliance.
* sm/call-agent.c (start_agent) [W32]: Ditto.
* g10/encrypt.c (encrypt_simple, encrypt_crypt): Check that the RNG is
compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* g10/sign.c (do_sign): Ditto.
* sm/sign.c (gpgsm_sign): Ditto.
--
Under Windows we need to check that the Jitter RNG is active in de-vs
mode. Under Linux this is not necessary because /dev/random can be
scrutinized and is believed to provide enough entropy.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_inotify_watch_delete_self): New.
* agent/gpg-agent.c (handle_connections): Rename my_inotify_fd to
sock_inotify_fd.
(handle_connections): Add home_inotify_fd to watch the home directory.
--
GnuPG-bug-id: 3218
Note that we should add this also to dirmngr. And for non-Linux
systems a stat in ticker should be implemented.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_ENCRYPTION_COMPLIANCE_MODE): New.
* g10/encrypt.c (encrypt_crypt): Emit new status code.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
--
This status code allows to report whether an encryption operation was
compliant to de-vs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_pk_is_compliant): Swap P and Q for DSA
check. Explicitly check for allowed ECC algos.
(gnupg_pk_is_allowed): Swap P and Q for DSA check.
* g10/mainproc.c (proc_encrypted): Simplify SYMKEYS check. Replace
assert by debug message.
--
Note that in mainproc.c SYMKEYS is unsigned and thus a greater than 0
condition is surprising because it leads to the assumption SYMKEYS
could be negative. Better use a boolean test.
The assert could have lead to a regression for no good reason. Not
being compliant is better than breaking existing users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_{pk,cipher,digest}_is_compliant): Return
false if the module is not initialized.
(gnupg_{pk,cipher,digest}_is_allowed): Return true if the module is
not initialized.
(gnupg_status_compliance_flag): Do not assert that the module is
initialized.
(gnupg_parse_compliance_option): Likewise.
(gnupg_compliance_option_string): Likewise.
--
This implements a default policy for modules not explicitly using the
compliance module. The default policy is to allow all algorithms, but
mark none of them as compliant.
Fixes gpgv.
GnuPG-bug-id: 3210
Signed-off-by: Justus Winter <justus@g10code.com>
* common/compliance.c (gnupg_digest_is_allowed): Don't include
GCRY_MD_WHIRLPOOL because it is not a digest_algo_t.
--
Note that Whirlpool is not used anywhere in gpg or gpgsm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.
GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
* common/compliance.c (gnupg_pk_is_compliant): Add DSA with certain
parameters.
(gnupg_cipher_is_compliant): New function.
(gnupg_digest_is_compliant): Likewise.
* common/compliance.h (gnupg_cipher_is_compliant): New prototype.
(gnupg_digest_is_compliant): Likewise.
* common/status.h (STATUS_DECRYPTION_COMPLIANCE_MODE): New status.
(STATUS_VERIFICATION_COMPLIANCE_MODE): Likewise.
* doc/DETAILS: Document the new status lines.
* g10/mainproc.c (proc_encrypted): Compute compliance with CO_DE_VS
and report that using the new status line.
(check_sig_and_print): Likewise.
* sm/decrypt.c (gpgsm_decrypt): Likewise.
* sm/verify.c (gpgsm_verify): Likewise.
--
When decrypting data and verifying signatures, report whether the
operations are in compliance with the criteria for data classified as
VS-NfD. This information will be picked up by the frontend and
presented to the user.
GnuPG-bug-id: 3059
Signed-off-by: Justus Winter <justus@g10code.com>
* common/Makefile.am (common_sources): Add new files.
* common/compliance.c: New file. Move 'gnupg_pk_is_compliant' here,
and tweak it to not rely on types private to gpg.
* common/compliance.h: New file. Move the compliance enum here.
* g10/keylist.c (print_compliance_flags): Adapt callsite.
* g10/main.h (gnupg_pk_is_compliant): Remove prototype.
* g10/misc.c (gnupg_pk_is_compliant): Remove function.
* g10/options.h (opt): Use the new compliance enum.
* sm/keylist.c (print_compliance_flags): Use the common functions.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/ssh-utils.c (dummy_realloc): New function.
(dummy_free): Likewise.
(get_fingerprint): Prepend the fingerprint with the name of the digest
algorithm. Correctly render SHA256-based ssh fingerprints.
* common/t-ssh-utils.c (sample_keys): Add SHA256 hashes for the keys.
(main): Add an option to dump the keys to gather fingerprints, also
print the SHA256 fingerprint for keys given as arguments, and check
the SHA256 fingerprints of the test keys.
GnuPG-bug-id: 2106
Signed-off-by: Justus Winter <justus@g10code.com>
* common/stringhelp.c (format_text): Return NULL on error.
* common/t-stringhelp.c (test_format_text): Adjust for change.
* g10/gpgcompose.c (show_help): Abort on out of core.
* g10/tofu.c (ask_about_binding): Abort on format_text error.
(show_statistics): Ditto.
(show_warning): Ditto.
--
For better re-usability function in common/ shot better not use
xmalloc functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* Makefile.am (TESTS_ENVIRONMENT): New variable.
(check-all): New phony target to run all tests.
* tests/gpgme/gpgme-defs.scm (have-gpgme?): New function that tests
whether the GPGME test suite is available instead of exiting the
process.
* tests/gpgscm/init.scm (export): New macro.
* tests/gpgscm/tests.scm (run-tests): New function.
(load-tests): Likewise.
* tests/gpgme/run-tests.scm: Simplify and move the parsing of the list
of tests to 'all-tests.scm'.
* tests/gpgsm/run-tests.scm: Likewise.
* tests/migrations/run-tests.scm: Likewise.
* tests/openpgp/run-tests.scm: Likewise.
* tests/gpgme/Makefile.am: To select the tests to run, use the
variable 'TESTS'. This harmonizes the interface with the automake
test suite.
* tests/gpgsm/Makefile.am: Likewise.
* tests/migrations/Makefile.am: Likewise.
* tests/openpgp/Makefile.am: Likewise.
* tests/openpgp/README: Likewise.
* agent/all-tests.scm: New file.
* common/all-tests.scm: Likewise.
* g10/all-tests.scm: Likewise.
* g13/all-tests.scm: Likewise.
* tests/gpgme/all-tests.scm: Likewise.
* tests/gpgsm/all-tests.scm: Likewise.
* tests/migrations/all-tests.scm: Likewise.
* tests/openpgp/all-tests.scm: Likewise.
* tests/run-tests.scm: Likewise.
--
This change allows us to run all tests in parallel and write one XML
report capturing the results of every test. It also lays the
foundation to parametrize test suites.
Signed-off-by: Justus Winter <justus@g10code.com>
* common/openpgpdefs.h (CIPHER_ALGO_PRIVATE10, PUBKEY_ALGO_PRIVATE10)
(DIGEST_ALGO_PRIVATE10, COMPRESS_ALGO_PRIVATE10): New.
* g10/misc.c (map_pk_gcry_to_openpgp): Add type conversion.
(map_cipher_openpgp_to_gcry, openpgp_cipher_algo_name)
(openpgp_pk_test_algo2, map_md_openpgp_to_gcry)
(pubkey_get_npkey): Add default handling.
--
Compilers may emit code assuming the maximum value of enum type.
According to OpenPGP specification, there are cases for private uses.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/homedir.c (_gnupg_socketdir_internal): Fix error handling.
--
Prior to 26086b36 the non-existance of the socket directory was
considered an error if a non-default home directory is used. Since
26086b36 we now create the directory on demand, but the function still
returned the fallback path. This made the agent bind the socket in
the socket directory, and the client trying to connect to the socket
in the home directory.
Fixes-commit: 26086b362f
Signed-off-by: Justus Winter <justus@g10code.com>
* common/miscellaneous.c (is_openpgp_compressed_packet): New.
(is_file_compressed): Rerad 2 more bytes and call new function.
--
Note that this does not yet allow to detect compressed data piped to
gpg. This requires a proper read-ahead in iobuf.c which is
complicated due to the auto-removal of filter functions. Thus such an
read-ahead needs to be done in the I/O backend of iobuf.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/homedir.c (_gnupg_socketdir_internal): Create the
sub-directory.
--
Although there is no auto cleanup (yet) this should be helpful. Let's
see whether possibly leaving stale directories around is better than
running into trouble when --create-socketdir was not used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: New option --enable-gnupg-builddir-envvar.
(ENABLE_GNUPG_BUILDDIR_ENVVAR): New ac_define.
* common/homedir.c (gnupg_set_builddir_from_env): Consider
ENABLE_GNUPG_BUILDDIR_ENVVAR.
* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Rename to ...
(AM_DISTCHECK_CONFIGURE_FLAGS): this to be future proof. Add option
--enable-gnupg-builddir-envvar.
--
Our regression test suite makes use of the envvar GNUPG_BUILDDIR. Now
the code in gnupg for evaluating this envvar is only included in a
development version (that is one with a "-betaNNN" suffix). For a
real release the envvar is not considered. However during a "make
distcheck" a "make check" is done for the build directory. Without
defining that envar we would try to run binaries in the install
directory ("_inst" sub-directory) which are not yet installed at that
time.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/exectool.c (gnupg_exec_tool_stream) [W32]: Use _get_osfhandle
to print the fd for the command line.
* common/exechelp-w32.c (create_pipe_and_estream): Use es_sysopen so
that the streams are actually pollable.
--
This addresses two bugs:
- Using the "-&@INEXTRA@" kludges requires that we pass the value of
the handle on the command line and not the libc fd.
- gpgrt_poll requires the use of the ReadFile/WriteFile backend which
is currently only used when the stream has been created with
gpgrt_sysopen.
Signed-off-by: Werner Koch <wk@gnupg.org>
