* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end. Add additional check to cope for the 0je extra bytes needed for
AEAD.
--
Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--
For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
* g10/filter.h (cipher_filter_context_t): Add new fields for AEAD.
* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
chunkbyte.
* g10/build-packet.c (do_encrypted_aead): New.
(build_packet): Call it.
* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
(parse_one_sig_subpkt, can_handle_critical): Ditto.
(parse_encrypted): Clear new PKT_ENCRYPTED fields.
(parse_encrypted_aead): New.
(parse): Call it.
* g10/gpg.c (main): Take care of --rfc4880bis option when checking
compliance.
* g10/cipher-aead.c: Replace the stub by real code.
* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
AEAD.
(aead_set_nonce): New.
(aead_set_ad): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/encrypt.c (use_aead): Make that new fucntion work.
(encrypt_simple): Use default_aead_algo() instead of EAX.
* g10/mainproc.c (proc_encrypted): Support AEAD.
(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
--
This code has seen only a very few manual tests. Encrypting always
uses a 64k chunks and decryption has not been tested with larger
chunks. Those small chunks make debugging much faster.
Tests can be done using:
gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \
--force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \
-v -z 0 --status-fd 2 -c <INFILE >OUTFILE
and
gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \
--status-fd 2 -v -d <INFILE >OUTFILE
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
--
This actually does not harm because we merely display a buffer
allocated by ourselves. However, we better tell Valgrind about it so
that we don't need to track this thing down ever again.
Test using a corrupted literal data packet:
echo cb 0a 75 ff 59 ae 90 d5 74 65 73 74 | \
undump |\
valgrind gpg --list-packets >/dev/null
Reported-by: Sebastian Schinzel
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyring.c (keyring_get_keyblock): Use the parser's packet count
instead of counting ourself.
* g10/packet.h (struct parse_packet_ctx_s): New field
'n_parsed_packets'.
(init_parse_packet): Initialize new field.
* g10/parse-packet.c (parse): Count packets.
--
The 'keyring' keystore depends on the number of packets for delete and
update operations. With the rework of the ring trust packets, the
trust packets were no longer properly accounted for leading to keyring
corruptions.
The 'keybox' store was not affected.
GnuPG-bug-id: 3123
GnuPG-bug-id: 3135
GnuPG-bug-id: 3144
Fixes-commit: a8895c99a7d0750132477d80cd66caaf3a709113
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/parse-packet.c (can_handle_critical): Add
SIGSUBPKT_REVOC_REASON.
--
Some software seems to mark that subpacket as criticial. Although gpg
has no special treatment for a revocation reasons (except for
--list-packets) we can accept a criticial marked anyway. There are no
mandatary rules specified on how to handle a revocation reason.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c: Use '#if' instead of '#ifdef' when checking
DEBUG_PARSE_PACKET. This fixes the build with '#define
DEBUG_PARSE_PACKET 0'.
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/packet.h (struct parse_packet_ctx_s): Change LAST_PKT deom a
pointer to its struct.
(init_parse_packet): Adjust for LAST_PKT not being a pointer.
* g10/parse-packet.c (parse): Ditto. Free the last packet before
storing a new one in case of a deep link.
(parse_ring_trust): Adjust for LAST_PKT not being a pointer.
* g10/free-packet.c (free_packet): Ditto.
* g10/t-keydb-get-keyblock.c (do_test): Release keyblock.
--
Fixes-commit: afa86809087909a8ba2f9356588bf90cc923529c
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_trust): Rename to ...
(parse_ring_trust): this. Change args and implement new ring trust
packet format.
(parse): Add special ring trust packet handling.
* g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and
KEYSRC.
(PKT_public_key): Ditto.
(RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts.
(PKT_ring_trust): New.
(struct packet_struct): Remove member RING_TRUST.
(strcu parse_packet_ctx_s): Add field SKIP_META.
(init_parse_packet): Init SKIPT_META.
* g10/free-packet.c (release_public_key_parts): Free UDPATEURL.
(free_user_id): Ditto.
* g10/mainproc.c (list_node): Remove printing of non-documented "rtv"
lines.
* g10/build-packet.c (build_packet_and_meta): New.
(do_ring_trust): New.
* g10/export.c (write_keyblock_to_output): Use build_packet_and_meta
in backup mode.
(do_export_one_keyblock): Ditto.
* g10/import.c (read_block): Add arg WITH_META. Skip ring trust
packets if that ism not set.
(import): Call read_block WITH_META in restore mode.
* g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS)
(KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not
yet used, though.
* g10/keydb.c (parse_keyblock_image): Allow ring trust packets.
(build_keyblock_image): Ditto. Use build_packet_and_meta.
* g10/keyring.c (keyring_get_keyblock): Remove specila treatment of
ring trust packets.
(write_keyblock): Use build_packet_and_meta. Remove special treatment
of ring trust packets and initialization of the signature caches.
--
This patch introduced the framework to store meta data for keys and
user ids in the keyrings/keyboxes. Ring trust packets are
implementation defined and have always been used in gpg to cache the
signature verification status.
Ring trust packets are only exported with the export option "backup"
and only imported with the import option "restore".
The new code uses a cleaner way to handle the ring trust packets: When
the parser reads a ring trust packet and the previously read packet
matches the type of that ring trust packet, the information is stored
in that previously read packet (signature, user id, or primary key)
and the next packet is read immediately. Thus only the parser sees
the ring trust packets. Ring trust packets are written by using the
new function build_packet_and_meta instead of build_packet. That
function writes a ring trust packet when the needed information is
available.
As a side-effect of this patch the signature status cache works again
and "gpg --check-sigs" is thus much faster.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): Add fields LAST_PKT and
FREE_LAST_PKT.
(init_parse_packet): Clear them.
(deinit_parse_packet): New macro. Change all users if
init_parse_packet to also call this macro.
* g10/free-packet.c (free_packet): Add arg PARSECTX and handle shallow
packet copies in the context. Change all callers.
* g10/parse-packet.c (parse): Store certain packets in the parse
context.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (struct parse_packet_ctx_s): New.
(parse_packet_ctx_t): New type.
(init_parse_packet): New macro.
* g10/parse-packet.c (parse_packet, dbg_parse_packet): Change to take
a parse context. Change all callers to provide a context instead of
directly supplying the input stream.
(search_packet, dbg_search_packet): Ditto.
(copy_all_packets, dbg_copy_all_packets): Init an use a parse context.
(copy_some_packets, dbg_copy_some_packets): Ditto.
(skip_some_packets, dbg_skip_some_packets): Ditto.
--
We will need this change to handle ring packets inside the parser.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_string): Fix handling of PART==1.
(parse_key_parameter_part): Use default key size if only "rsa", "dsa",
or "elg" is given.
--
The first change is the actual fix. The second change avoids the
error "Invalid Curve" when only "rsa" instead of RSA2048 is given.
Fixes-commit: ce29272e24e7b718b8fca9b84bc728e65f3dea24
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/options.h (DBG_MPI): New.
* g10/gpg.c (set_debug): Use macro or extra parens for binary operator.
* g10/parse-packet.c (set_packet_list_mode): Use dbg macro.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_signature): Sanitize the value stored in
SIGNERS_UID.
* g10/mainproc.c (issuer_fpr_string): New.
(check_sig_and_print): Print the signers' UID. Print the issuer
fingerprint in --rfc4880bis mode.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (SIGSUBPKT_ISSUER_FPR): New.
* g10/build-packet.c (build_sig_subpkt_from_sig): Add arg PKSK and
insert the issuer fpr if needed.
* g10/sign.c (write_signature_packets): Pass signing key.
(make_keysig_packet): Ditto.
(update_keysig_packet): Ditto.
* g10/parse-packet.c (dump_sig_subpkt): Print issuer fpr.
(parse_one_sig_subpkt): Detect issuer fpr.
(can_handle_critical): Add issuer fpr.
* g10/mainproc.c (check_sig_and_print): Try to get key via fingerprint.
* g10/gpgv.c (keyserver_import_fprint): New stub.
* g10/test-stubs.c (keyserver_import_fprint): New stub.
--
This support is enabled with the --rfc4880bis option and intended to
test to recently proposed issuer fpr.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_signature): Add field 'signers_uid'.
* g10/parse-packet.c (parse_signature): Set this field.
* g10/free-packet.c (free_seckey_enc): Free field.
(copy_signature): Copy field.
* g10/mainproc.c (akl_has_wkd_method): New.
(check_sig_and_print): Extend NEWSIG status. If WKD is enabled try to
locate a missing key via the signature's Signer's User ID sub-packet.
Do this right before trying a keyserver lookup.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_key): Check for premature end of salt.
--
This has no security implications because an arbitrary salt could have
also been inset by an attacker.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (change_passphrase): Remove useless init of ANY.
(keyedit_quick_adduid): Remove useless setting of ERR.
* g10/parse-packet.c (parse_key): Remove PKTLEN from condition because
it has been checked before the loop.
(parse_plaintext): Remove useless init of PKTLEN.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse): Use an int to compare to -1. Use
buf32_to_ulong.
--
Regression-due-to: 0add91ae1ca3718e8140af09294c595f47c958d3
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_signature): Change revkey's type from a struct
revocation_key ** to a struct revocation_key *. Update users.
--
revkey was a pointer into the raw data. But, C doesn't guarantee that
there is no padding. Thus, we copy the data.
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/parse-packet.c (parse): We don't handle copying packets with a
partial body length to an output stream. If this occurs, log an error
and abort.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/parse-packet.c (dbg_copy_all_packets): Check that OUT is not
NULL.
(copy_all_packets): Likewise.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/parse-packet.c (parse_signature): Make sure PKTLEN doesn't
underflow. Be more careful that a read doesn't read more data than
PKTLEN says is available.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/packet.h: Add documentation for functions defined in
parse-packet.c.
* g10/parse-packet.c: Improve comments for many functions.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/packet.h (enum_sig_subpkt): Remove argument RET_N. Update
callers.
* g10/parse-packet.c (enum_sig_subpkt): Remove argument RET_N.
--
Remove the RET_N argument, because it is unused and because it is
meaningless: it's not clear whether it is an offset into SIG->HASHED
or SIG->UNHASHED.
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/parse-packet.c (mpi_read): Improve documentation. Correctly
handle an EOF. On overflow, correctly return the number of bytes read
from the pipeline.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* common/openpgp-oid.c (openpgp_oid_to_curve): Add CANON argument.
* common/util.h: Update.
* g10/import.c (transfer_secret_keys): Follow the change.
* g10/keyid.c (pubkey_string): Likewise.
* g10/keylist.c (list_keyblock_print, list_keyblock_colon): Likewise.
* parse-packet.c (parse_key): Likewise.
* scd/app-openpgp.c (send_key_attr, get_public_key): Likewise.
--
Change the function so that caller can select canonical name of curve
or name for printing. Suggested by wk.
* g10/parse-packet.c (parse): Make the description more accurate when
listing packets: old format packets don't support partial lengths,
only indeterminate lengths (RFC 4880, Section 4.2).
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/parse-packet.c (parse_gpg_control): Replace puts by es_fputs to
LISTFP.
--
Reported-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This was an oversight from the conversion to estream or a separate
listing stream.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_key): Check PKTLEN before calling mpi_read
et al.
--
Due to the missing length checks PKTLEN may turn negative. Because
PKTLEN is an unsigned int the malloc in read_rest would try to malloc
a too large number and terminate the process with "error reading rest
of packet: Cannot allocate memory".
Reported-by: Hanno Böck.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (set_packet_list_mode): Set mpi_print_mode.
* g10/misc.c (mpi_print): Do not print an extra leading zero.
--
This was in older versions possible using "--debug 4" but that was
disabled in 2.1 due to a conflict using this values also for
Libgcrypt. Now the values are dumped either with --debug 4 or using
--list-packets along with --verbose.
Because OpenPGP only uses unsigned integers an extra leading zero will
not be printed anymore.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/host2net.h (buf16_to_ulong, buf16_to_uint): New.
(buf16_to_ushort, buf16_to_u16): New.
(buf32_to_size_t, buf32_to_ulong, buf32_to_uint, buf32_to_u32): New.
--
Commit 91b826a38880fd8a989318585eb502582636ddd8 was not enough to
avoid all sign extension on shift problems. Hanno Böck found a case
with an invalid read due to this problem. To fix that once and for
all almost all uses of "<< 24" and "<< 8" are changed by this patch to
use an inline function from host2net.h.
Signed-off-by: Werner Koch <wk@gnupg.org>