* agent/findkey.c (write_extended_private_key): New function.
(agent_write_private_key): Detect if an existing file is in extended
format and update the key within if it is.
(read_key_file): Handle the new format.
* agent/keyformat.txt: Document the new format.
* common/Makefile.am: Add the new files.
* common/private-keys.c: New file.
* common/private-keys.h: Likewise.
* common/t-private-keys.c: Likewise.
* common/util.h (alphap, alnump): New macros.
* tests/migrations: Add test demonstrating that we can cope with the
new format.
--
GnuPG 2.3+ will use a new format to store private keys that is both
more flexible and easier to read and edit by human beings. The new
format stores name,value-pairs using the common mail and http header
convention.
This patch adds the parser and support code and prepares GnuPG 2.1 for
the new format.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/gpg-agent.c (create_private_keys_directory): Set permissions.
* common/sysutils.c (modestr_to_mode): New function.
(gnupg_mkdir): Use new function.
(gnupg_chmod): New function.
* common/sysutils.h (gnupg_chmod): New prototype.
* tests/migrations/from-classic.test: Test migration with existing
directory.
GnuPG-bug-id: 2312
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/protect.c (do_encryption): Fix CBC hashing.
--
The buggy code included an extra closing parenthesis before
the (protected-at) term in the CBC hashing. We now do it by
explicitly hashing the protected stuff and append the rest of the
expression instead of a fixed closing parenthesis. Note that the OCB
hashing only differs that it does no include the protected part.
Fixes-commit: 4159567f7ed7a1139fdc3a6c92988e1648ad84ab
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect-tool.c (read_and_unprotect): Add arg ctrl and pass to
agent_unprotect.
(main): Allocate a simple CTRL object and pass it to
read_and_unprotect.
(convert_from_openpgp_native): Remove stub.
(agent_key_available, agent_get_cache): New stubs.
(agent_askpin): New emulation for the one in call-pinentry.c.
(agent_write_private_key): New to dump key.
* agent/Makefile.am (gpg_protect_tool_SOURCES): Add cvt-openpgp.c
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/protect.c (agent_protect): Add arg use_ocb. Change all caller
to pass -1 for default.
* agent/protect-tool.c: New option --debug-use-ocb.
(oDebugUseOCB): New.
(opt_debug_use_ocb): New.
(main): Set option.
(read_and_protect): Implement option.
* agent/protect.c (OCB_MODE_SUPPORTED): New macro.
(PROT_DEFAULT_TO_OCB): New macro.
(do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp,
and timestamp_exp_len. Implement OCB.
(agent_protect): Change to support OCB.
(do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len.
Implement OCB.
(merge_lists): Allow NULL for sha1hash.
(agent_unprotect): Change to support OCB.
(agent_private_key_type): Remove debug output.
--
Instead of using the old OpenPGP way of appending a hash of the
plaintext and encrypt that along with the plaintext, the new scheme
uses a proper authenticated encryption mode. See keyformat.txt for a
description. Libgcrypt 1.7 is required.
This mode is not yet enabled because there would be no way to return
to an older GnuPG version. To test the new scheme use
gpg-protect-tool:
./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key
./gpg-protect-tool -av -P abc -u <prot.key
Any key from the private key storage should work.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/command-ssh.c (SPEC_FLAG_WITH_CERT): New.
(ssh_key_types): Add OpenSSH cert types.
(stream_read_string): Allow a dummy read.
(ssh_receive_mpint_list): Pass SPEC by reference.
(ssh_receive_mpint_list): New arg CERT and use it.
(ssh_receive_key): Read certificate into an estream object and modify
parser to make use of that object.
--
This is a first step to support certificate via the agent. The only
effect of this change is the removal of an error message parsing the
certificate. Note that ssh-add sends the private key anyway first and
only then follows with the certificate+private key.
What we need to implement next is a way to store the certificate in
the agent and return it on request.
Signed-off-by: Werner Koch <wk@gnupg.org>
* agent/pksign.c (agent_pksign_do): Use S-exp of public key, instead
of shadowed key.
--
Reported-by: Justus Winter
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* agent/cvt-openpgp.c (convert_from_openpgp_main): Add an option not
to check existing key.
(convert_from_openpgp): Ditto.
(convert_from_openpgp_native): Call convert_from_openpgp_main with
dontcare_exist=0.
* agent/command.c (cmd_import_key): Call with dontcare_exist=force.
* common/stringhelp.c (utf8_charcount): Take additional parameter,
len. Process at most LEN bytes.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* agent/trustlist.c (istrusted_internal): Initialize 'err'.
--
There is a plausible path of execution so that a branch condition uses
the uninitialized value.
Found using the Clang Static Analyzer.
Signed-off-by: Justus Winter <justus@g10code.com>
* agent/pksign.c (agent_pksign_do): Use public key smartcard.
--
Since gcry_pk_verify can't handle shadowed private key, public
key SEXP should be prepared for smartcard.
* agent/genkey.c (agent_ask_new_passphrase): Use a separate malloc for
PI2. Check return value of the malloc function.
* agent/command-ssh.c (ssh_identity_register): Use a separate malloc
for PI2. Wipe PI2.
--
For whatever stupid reasons I once allocated only one memory area and
split that into PI and PI2. This is actually a common pattern with
malloc but here we used a made up object size and do not take the
extra alignment required into account. One of these not yet hit by
a (sig)bus PC/VAX hacker bugs.
Instead of trying to fix the alignment, it is better to use a second
calloc for the second struct.
GnuPG-bug-id: 2112
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sign.c (do_sign): Let verify signature by gpg-agent.
* agent/pksign.c (agent_pksign_do): Call gcry_pk_verify for RSA.
--
RSA signature verification should be done to prevent attacks against
RSA CRT implementations and not to return invalid signature to
adversary. Newer libgcrypt does so. For older libgcrypt and
smartcards, gpg-agent does signature verification.
* agent/cvt-openpgp.c (convert_from_openpgp_main): Only encrypted
parameters are stored as opaque.
(apply_protection): ARRAY members are all normal, non-opaque MPI.
(extract_private_key): Get public key as normal, non-opaque MPI.
Remove support of ECC key with '(flags param)'.
Remove support of "ecdsa" and "ecdh" keys of our experiment.
* agent/command.c (cmd_get_passphrase): Don't repeat passphrase for
pinentry loopback mode.
* agent/genkey.c (check_passphrase_constraints): Immediately return when
pinentry mode is loopback.
--
Fixes endless loop when inquiring a passphrase with
pinentry-mode=loopback that may not satisfy passphrase contraints.
* agent/cvt-openpgp.c (get_keygrip): Handle Curve25519.
(convert_secret_key, convert_transfer_key): Ditto.
* common/openpgp-oid.c (oidtable): Add Curve25519.
(oid_crv25519, openpgp_oid_is_crv25519): New.
* common/util.h (openpgp_oid_is_crv25519): New.
* g10/ecdh.c (pk_ecdh_encrypt_with_shared_point): Handle the case
with Montgomery curve which uses x-only coordinate.
* g10/keygen.c (gen_ecc): Handle Curve25519.
(ask_curve): Change the API and second arg is to return subkey algo.
(generate_keypair, generate_subkeypair): Follow chage of ask_curve.
* g10/keyid.c (keygrip_from_pk): Handle Curve25519.
* g10/pkglue.c (pk_encrypt): Handle Curve25519.
* g10/pubkey-enc.c (get_it): Handle the case with Montgomery curve.
* scd/app-openpgp.c (ECC_FLAG_DJB_TWEAK): New.
(send_key_attr): Work with general ECC, Ed25519, and Curve25519.
(get_public_key): Likewise.
(ecc_writekey): Handle flag_djb_tweak.
--
When libgcrypt has Curve25519, GnuPG now supports Curve25519.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--
Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places. For now we need repalcement
macros, though.
* agent/gpg-agent.c (main): Unset INSIDE_EMACS envvar.
--
The variable is set only temporarily when gpg is called from Emacs,
keeping it during the session makes no sense.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
* agent/agent.h (LunderscorePROTO): New.
* common/util.h (GNUPG_GCC_ATTR_FORMAT_ARG): New.
* common/i18n.h (GNUPG_GCC_ATTR_FORMAT_ARG): New. Use for
i18n_localegettext. Expand LunderscorePROTO.
* agent/genkey.c (check_passphrase_constraints): Use xtryasprintf
again to keep the old translations.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* po/Makevars (XGETTEXT_OPTIONS): Add keyword "L_".
* common/i18n.c (i18n_localegettext): New stub.
* common/i18n.h: Expand the LunderscoreIMPL macro.
* agent/agent.h (L_): New.
(LunderscoreIMPL): New.
* agent/call-pinentry.c (setup_qualitybar): Add arg ctrl anc change
caller.
* agent/findkey.c (try_unprotect_cb): Add local var ctrl.
* agent/genkey.c (check_passphrase_constraints): Replace xtryasprintf
by xtrystrdup to avoid gcc warning. Unfortinately this changes the
string.
(agent_ask_new_passphrase): Cleanup the use of initial_errtext.
--
Static strings in gpg-agent need to be translated according to the
locale set by the caller. This is required so that a gpg-agent can be
started in one locale and a gpg can be run in another. If we don't do
this the static strings (prompt, buttons) are not or in the wrong
locale translated while dynamic strings (e.g. key description) uses
the locale of gpg.
This is only the first part of the change the actual local switching
still needs to be implemented.
Debian-bug-id: 788983
Signed-off-by: Werner Koch <wk@gnupg.org>