* g10/misc.c (map_cipher_openpgp_to_gcry): Use explicit mapping and
use enums for the arg and return value.
(map_cipher_gcry_to_openpgp): Ditto.
(openpgp_cipher_blocklen): Use constant macros.
(openpgp_cipher_test_algo): Use mapping function and prepare to
disable algorithms.
(openpgp_cipher_algo_name): Do not use Libgcrypt.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Replace
CGRY_CIPHER_* by CIPHER_ALGO_*.
* common/openpgpdefs.h (cipher_algo_t): Remove unused
CIPHER_ALGO_DUMMY.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sexputil.c (get_pk_algo_from_canon_sexp): Change to return a
string.
* g10/keygen.c (check_keygrip): Adjust for change.
* sm/certreqgen-ui.c (check_keygrip): Likewise.
* agent/pksign.c (do_encode_dsa): Remove bogus map_pk_openpgp_to_gcry.
* g10/misc.c (map_pk_openpgp_to_gcry): Remove.
(openpgp_pk_test_algo): Change to a wrapper for openpgp_pk_test_algo2.
(openpgp_pk_test_algo2): Rewrite.
(openpgp_pk_algo_usage, pubkey_nbits): Add support for EdDSA.
(openpgp_pk_algo_name): Rewrite to remove need for gcry calls.
(pubkey_get_npkey, pubkey_get_nskey): Ditto.
(pubkey_get_nsig, pubkey_get_nenc): Ditto.
* g10/keygen.c(do_create_from_keygrip): Support EdDSA.
(common_gen, gen_ecc, ask_keysize, generate_keypair): Ditto.
* g10/build-packet.c (do_key): Ditto.
* g10/export.c (transfer_format_to_openpgp): Ditto.
* g10/getkey.c (cache_public_key): Ditto.
* g10/import.c (transfer_secret_keys): Ditto.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Ditto.
* g10/mainproc.c (proc_pubkey_enc): Ditto.
* g10/parse-packet.c (parse_key): Ditto,
* g10/sign.c (hash_for, sign_file, make_keysig_packet): Ditto.
* g10/keyserver.c (print_keyrec): Use openpgp_pk_algo_name.
* g10/pkglue.c (pk_verify, pk_encrypt, pk_check_secret_key): Use only
OpenPGP algo ids and support EdDSA.
* g10/pubkey-enc.c (get_it): Use only OpenPGP algo ids.
* g10/seskey.c (encode_md_value): Ditto.
--
This patch separates Libgcrypt and OpenPGP public key algorithms ids
and in most cases completely removes the Libgcrypt ones. This is
useful because for Libgcrypt we specify the algorithm in the
S-expressions and the public key ids are not anymore needed.
This patch also adds some support for PUBKEY_ALGO_EDDSA which will
eventually be used instead of merging EdDSA with ECDSA. As of now an
experimental algorithm id is used but the plan is to write an I-D so
that we can get a new id from the IETF. Note that EdDSA (Ed25519)
does not yet work and that more changes are required.
The ECC support is still broken right now. Needs to be fixed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Remove check for uint64 and UINT64_C.
* include/types.h: Remove u64 stuff.
* common/types.h: Ditto.
--
There have been relicts from GnuPG-1.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/gpg-agent.c (main): Defer setting of socket_name_ssh to avoid
removal of the socket when it will die in create_server_socket for
socket_name.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* scripts/gpg-w32-dev/README: Remove
* scripts/gpg-w32-dev/GNUmakefile, scripts/gpg-w32-dev/speedo.mk:
Merge into ..
* scripts/speedo.mk: this.
--
Speedo may now be used to build from GIT or tarballs and has a couple
of other improvements as well. For best results the autogen.sh files
of all source package should be updated to the one used in gnupg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* tools/gpgsplit.c [!HAVE_ZLIB]: Do not include zlib.h.
(handle_zlib): Build only if HAVE_ZLIB is defined.
(write_part): Support zlib and zip only if HAVE_ZLIB is defined.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--
This feature can be used to return the session key for just a part of
a file. For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key. The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.
GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgp-oid.c (openpgp_curve_to_oid): Change OID for
Ed25519. Add brainpool OIDs.
(openpgp_oid_to_curve): Ditto.
--
This change is required to the change in Libgcrypt. Note that we will
likely use a different OpenPGP algorithm ID for EdDSA and thus the
current Ed25519 implementation will not stay with us.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/membuf.c (put_membuf_printf): New.
--
This is just a convenience function for easier code readability.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (opt): Rename field no_version to emit_version.
* g10/gpg.c (main): Init opt.emit_vesion to 1. Change --emit-version
to bump up opt.emit_version.
* g10/armor.c (armor_filter): Implement different --emit-version
values.
--
GnuPG-bug-id: 1572
Signed-off-by: Werner Koch <wk@gnupg.org>
Replace hardwired strings at many places with new macros from config.h
and use the new strusage macro replacement feature.
* common/asshelp.c (lock_spawning) [W32]: Change the names of the spawn
sentinels.
* agent/command.c (cmd_import_key): Use asprintf to create the prompt.
* kbx/keybox-update.c (keybox_update_keyblock): Implement.
* kbx/keybox-search.c (get_blob_flags): Move to ...
* kbx/keybox-defs.h (blob_get_type): here.
* kbx/keybox-file.c (_keybox_read_blob2): Fix calling without R_BLOB.
* g10/keydb.c (build_keyblock_image): Allow calling without
R_SIGSTATUS.
(keydb_update_keyblock): Implement for keybox.
* kbx/keybox-dump.c (_keybox_dump_blob): Fix printing of the unhashed
size. Print "does not expire" also on 64 bit platforms.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/findkey.c (key_parms_from_sexp): Add algo name "ecc".
(agent_is_dsa_key): Ditto.
(agent_is_eddsa_key): New. Not finished, though.
* agent/pksign.c (do_encode_eddsa): New.
(agent_pksign_do): Use gcry_log_debug functions.
* agent/protect.c (agent_protect): Parse a flags parameter.
* g10/keygen.c (gpg_curve_to_oid): Move to ...
* common/openpgp-oid.c (openpgp_curve_to_oid): here and rename.
(oid_ed25519): New.
(openpgp_oid_is_ed25519): New.
(openpgp_oid_to_curve): New.
* common/t-openpgp-oid.c (test_openpgp_oid_is_ed25519): New.
* g10/build-packet.c (gpg_mpi_write): Write the length header also for
opaque MPIs.
(gpg_mpi_write_nohdr): New.
(do_key): Use gpg_mpi_write_nohdr depending on algorithm.
(do_pubkey_enc): Ditto.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Use
gpg_mpi_write_nohdr.
* g10/export.c (transfer_format_to_openpgp):
* g10/keygen.c (ecckey_from_sexp): Return the error.
(gen_ecc): Repalce arg NBITS by CURVE.
(read_parameter_file): Add keywords "Key-Curve" and "Subkey-Curve".
(ask_curve): New.
(generate_keypair, generate_subkeypair): Use ask_curve.
(do_generate_keypair): Also pass curve name.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Print
curve name.
* g10/parse-packet.c (mpi_read): Remove workaround for
Libcgrypt < 1.5.
(parse_key): Fix ECC case. Print the curve name.
* g10/pkglue.c (mpi_from_sexp): Rename to get_mpi_from_sexp.
(pk_verify, pk_check_secret_key): Add special case for Ed25519.
* g10/seskey.c (encode_md_value): Ditto.
* g10/sign.c (do_sign, hash_for, sign_file): Ditto.
--
Be warned that this code is subject to further changes and that the
format will very likely change before a release. There are also known
bugs and missing code.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (do_encode_dsa): Remove Libgcrypt version check
--
Now that we have decided on a release plan for Libgcrypt 1.6 and given
all the improvements it makes more sense to make use of these
improvements than to clutter the GnuPG code with workarounds for older
Libgcrypt versions.
* scd/apdu.c (check_pcsc_pinpad): Set ->minlen and ->maxlen only when
those are specified.
(pcsc_pinpad_modify): Remove old check code.
--
GnuPG-bug-id: 1549
* doc/yat2m.c (MAX_CONDITION_NESTING): New.
(gpgone_defined): Remove.
(condition_s, condition_stack, condition_stack_idx): New.
(cond_is_active, cond_in_verbatim): New.
(add_predefined_macro, set_macro, macro_set_p): New.
(evaluate_conditions, push_condition, pop_condition): New.
(parse_file): Rewrite to use the condition stack.
(top_parse_file): Set prefined macros.
(main): Change -D to define arbitrary macros.
--
This change allows the use of other conditionals than "gpgone" and
thus make "gpgtwoone" et al. actually work. It does now also track
conditionals over included files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* scd/apdu.c (open_pcsc_reader_direct): Don't call
pcsc_vendor_specific_init here, but...
(connect_pcsc_card): Call it here.
--
Thanks to Martin Wolters for the bug report.
* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.
* g10/mainproc.c (mainproc_context): New field ANY. Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY. Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--
This is a more general fix for the nested compression packet bug. In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream. This patch also reduces the
number of error messages for the non-import case.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 35e40e2d514223c950c2f6d1214e02e92d87e997)
Resolved conflicts:
common/iobuf.c
g10/mainproc.c
* agent/pksign.c (rfc6979_hash_algo_string): New.
(do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979.
--
Now that we have a good (and not NSA/NIST demanded ;-) specification
on how to use DSA without a random nonce, we take advantage of it and
thus avoid pitfalls related to a misbehaving RNG during signature
creation.
Note that OpenPGP has the option of using a longer hash algorithm but
truncated to what is suitable for the used DSA key size. The hash
used as input to RFC-6979 will also be one with an appropriate digest
length but not a truncated one. This is allowed by RFC-6979.
Signed-off-by: Werner Koch <wk@gnupg.org>