1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

155 Commits

Author SHA1 Message Date
Werner Koch
d246f317c0
sm: Add special case for expired intermediate certificates.
* sm/gpgsm.h (struct server_control_s): Add field 'current_time'.
* sm/certchain.c (find_up_search_by_keyid): Detect a corner case.
Also simplify by using ref-ed cert objects in place of an anyfound
var.
--

See the code for a description of the problem. Tested using the certs
from the bug report and various command lines

  gpgsm --faked-system-time=XXXX --disable-crl-checks \
         -ea -v --debug x509  -r 0x95599828

with XXXX being 20190230T000000 -> target cert too young
with XXXX being 20190330T000000 -> okay
with XXXX being 20190830T000000 -> okay, using the long term cert
with XXXX being 20220330T000000 -> target cert expired

The --disabled-crl-checks option is required because in our a simple
test setting dirmngr does not know about the faked time.

GnuPG-bug-id: 4696
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-12-06 20:25:56 +01:00
Werner Koch
6e1c99bc39
gpgsm: Allow sepcification of ldaps servers.
* sm/gpgsm.h (struct keyserver_spec): Add field use_ldaps.
* sm/gpgsm.c (parse_keyserver_line): Parse flags.
* sm/call-dirmngr.c (prepare_dirmngr): Send ldaps flag to the dirmngr.

* dirmngr/dirmngr.h (struct ldap_server_s): Add field use_ldaps.
* dirmngr/ldapserver.c (ldapserver_parse_one): Parse flags.
* dirmngr/ldap.c (start_cert_fetch_ldap): Call wrapper with --tls.

* dirmngr/dirmngr_ldap.c: New option --tls.
(fetch_ldap): Make use of that option.
--

There was no way to specify an LDAPS server in
dirmngr_ldapserver.socnf or with gpgsm's --keyserver option.  This
patch fixes this.  Eventually we should allow to replace host and port
by a partial URI in the same way ldap_initialize does it.  For backward
compatibility we do not yet do that.

Although the dirmngr code accepts an URL (eg. taken from a
certificate), I can't see how the scheme was ever used.  Thus the
patch also detects an ldaps scheme and uses this.  That part has not
been tested, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-09 11:29:59 +01:00
Werner Koch
521e7d4644
sm: Avoid confusing diagnostic for the default key.
* sm/certlist.c (cert_usage_p): Add arg 'silent' and change all
callers.
(gpgsm_cert_use_sign_p): Add arg 'silent' and pass to cert_usage_p.
Change all callers.
* sm/sign.c (gpgsm_get_default_cert): Set SILENT when calling
gpgsm_cert_use_sign_p
--

GnuPG-bug-id: 4535
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-27 15:44:16 +02:00
Werner Koch
6e041b7b35
sm: Add a couple of debug calls to the keydb module.
* sm/gpgsm.h (DBG_CLOCK_VALUE, DBG_CLOCK): New.
(DBG_LOOKUP_VALUE, DBG_LOOKUP): New.
* sm/gpgsm.c: new debug flags "lookup" and "clock"
* sm/keydb.c: Add log_clock calls to most functions.
(keydb_search_desc_dump): New.
(keydb_search) [DBG_LOOKUP]: Print descrh decription.
* sm/keylist.c (list_cert_std): Flush FP in debug mode to better
syncronize the output with the debug output
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-15 08:52:21 +02:00
Werner Koch
5f3864fb64
sm: Add yet inactive options to support authenticode
* sm/gpgsm.c (opts): New options --authenticode and --attribute.
* sm/gpgsm.h (opt): Add vars authenticode and attribute_list.
* sm/sign.c (add_signed_attribute): New but inactive.
(gpgsm_sign): Use new options.
--

Because libksba 1.4 is not yet ready the new code is not yet active.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-30 08:28:54 +02:00
Daniel Kahn Gillmor
b39ece7d35 headers: fix spelling
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-25 16:53:05 -04:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
f6ab97fd96
Merge branch 'STABLE-BRANCH-2-2' into master
--
Resolved Conflicts:
	configure.ac - Adjust due to new log_clock otions
2017-10-27 13:56:15 +02:00
Rainer Perske
1067403c8a
sm: Do not expect X.509 keyids to be unique
* sm/certlist.c (gpgsm_find_cert): Add arg allow_ambiguous and use it.
* sm/call-dirmngr.c (inq_certificate): Pass true to ALLOW_AMBIGUOUS
(run_command_inq_cb): Ditto.
* sm/gpgsm.c (main): Pass false.
* sm/server.c (cmd_passwd): Pass false.

--

As described in my report T1644, it is possible that multiple
certificates exist with the same Distinguished Name and the same key.
In this case, verifying S/MIME signatures and other actions fail with
"certificate not found: Ambiguous name". For details see the bug
report.

To circumvent the problem, I am patching GnuPG since 2014 so that in
this case the newest of the ambiguous certificates is used.

This is not an ultimate solution of the problem: You should try every
certificate with the same DN until verification succeeds or until all
certificates fail, and if multiple certificates of a chain are
ambiguous you even have to check every combination. You may even
consider checking the keyUsage attributes of the ambiguous certificates
to reduce the number of combinations.

But in the existing case of the certificates in the German Research
Network (DFN) PKI where the newest one is the valid one and all
ambiguous certificates have the same keyUsage attributes, this patch
has proven to be sufficient over the last three years.

With every GnuPG update, I have adapted the patch, luckily I never
needed to change anything except line numbers.

GnuPG-bug-id: 1644

ChangeLog log written by wk, comment taken from mail.  Signed-off line
was missing in the plain diff.  However the mail with the patch and
the DCO posted as reply to that mail were both signed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-24 17:29:04 +02:00
Werner Koch
825abec0e7
gpg,sm: New option --with-key-screening.
* common/pkscreening.c: New.
* common/pkscreening.h: New.
* common/Makefile.am (common_sources): Add them.
* g10/gpg.c (opts): New option --with-key-screening.
* g10/options.h (struct opt): New field with_key_screening.
* g10/keylist.c: Include pkscreening.h.
(print_pk_screening): New.
(list_keyblock_print): Call it.
(print_compliance_flags): Call it.
* sm/gpgsm.c (opts): New option --with-key-screening.
* sm/gpgsm.h (scruct opt): New field with_key_screening.
* sm/keylist.c:  Include pkscreening.h.
(print_pk_screening): New.
(print_compliance_flags): Call it.  Add new arg cert.
(list_cert_colon): Pass arg cert
(list_cert_std): Call print_pk_screening.
* sm/fingerprint.c (gpgsm_get_rsa_modulus): New.
--

This new option can be used to detect ROCA affected keys.  To scan an
entire keyring and print the affected fingerprints use this:

  gpg -k --with-key-screening --with-colons | gawk -F: \
       '$1~/pub|sub|sec|ssb|crt/ && $18~/\<6001\>/ {found=1;next};
        $1=="fpr" && found {print $10}; {found=0}'

The same works for gpgsm.  Note that we need gawk due to the "\<" in
the r.e.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-17 21:10:19 +02:00
Justus Winter
842d233d40
common,gpg,sm: Move the compliance option parser.
* common/compliance.c (gnupg_parse_compliance_option): New function.
* common/compliance.h (struct gnupg_compliance_option): New type.
(gnupg_parse_compliance_option): New prototype.
* g10/gpg.c (parse_compliance_option): Remove function.
(compliance_options): New variable.
(main): Adapt callsite.
* sm/gpgsm.c (main): Use the new common function.
* sm/gpgsm.h (opt): New field 'compliance'.

GnuPG-bug-id: 3191
Signed-off-by: Justus Winter <justus@g10code.com>
2017-06-07 16:53:31 +02:00
Werner Koch
28c31524be
common: Remove gpgsm dependencies from ksba-io-support.
* common/ksba-io-support.c: Include ksba-io-support.h instead of
../sm/gpgsm.h.  Include util.h.
(writer_cb_parm_s): Remove const from 'pem_name'.
(gpgsm_destroy_writer): Free 'pem_name'.
(gpgsm_create_reader): Rename to ...
(gnupg_ksba_create_reader): this.  Replace args CTRL and
ALLOW_MULTI_PEM by a new arg FLAGS.  Change the code to evaluate
FLAGS.  Change all callers to pass the FLAGS.
(gpgsm_create_writer): Rename to ...
(gnupg_ksba_create_writer): this.  Replace arg CTRL by new arg FLAGS.
Add arg PEM_NAME.  Evaluate FLAGS.  Store a copy of PEM_NAME.  Change
all callers to pass the FLAGS and PEM_NAME.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-02-16 16:22:07 +01:00
Werner Koch
5d13581f47
gpg,sm: Add STATUS_ERROR keydb_search and keydb_add-resource.
* g10/keydb.c (keydb_add_resource): Make ANY_REGISTERED
file-global.  Write a STATUS_ERROR.
(maybe_create_keyring_or_box): Check for non-accessible but existant
file.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.
* sm/keydb.c (keydb_add_resource): Rename ANY_PUBLIC to ANY_REGISTERED
and make file-global.  Write a STATUS_ERROR.
(keydb_search): Write a STATUS_ERROR if no keyring has been registered
but continue to return NOT_FOUND.  Also add new arg CTRL and change
all callers to pass it down.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-11-10 17:07:28 +01:00
Werner Koch
4d7dc432b5
Change all http://www.gnu.org in license notices to https://
--
2016-11-05 12:02:19 +01:00
Werner Koch
22a7ef01aa
Replace use of opt.homedir by accessor functions.
* common/homedir.c (the_gnupg_homedir): New var.
(gnupg_set_homedir): New.
(gnupg_homedir): New.
* g10/options.h (struct opt): Remove 'homedir' and replace all users
by the new accessor functions.
* g13/g13-common.h (struct opt): Ditto.
* scd/scdaemon.h (struct opt): Ditto.
* sm/gpgsm.h (struct opt): Ditto.
* dirmngr/dirmngr.h (struct opt): Ditto.
* agent/preset-passphrase.c (opt_homedir): Ditto.
* agent/protect-tool.c (opt_homedir): Ditto.
--

This will make detection of a non-default homedir easier.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-06-07 10:59:46 +02:00
Justus Winter
eea139c56e sm: Implement pinentry loopback and reading passphrases from fd.
* doc/gpgsm.texi: Document '--pinentry-mode' and '--passphrase-fd'.
* sm/Makefile.am (gpgsm_SOURCES): Add new files
* sm/call-agent.c (struct default_inq_parm_s): New definition.
(start_agent): Pass in the pinentry mode.
(default_inq_cb): Handle 'PASSPHRASE' and 'NEW_PASSPHRASE' inquiries.
Adapt all call sites to the new callback cookie.
* sm/gpgsm.c (cmd_and_opt_values): Add new values.
(opts): Add new options.
(main): Handle new options.
* sm/gpgsm.h (struct opt): Add field 'pinentry_mode'.
* sm/passphrase.c: New file.
* sm/passphrase.h: Likewise.

GnuPG-bug-id: 1970
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-07 18:16:37 +01:00
Justus Winter
53ed98eda7 sm: Remove unused argument '--fixed-passphrase'.
* doc/gpgsm.texi: Drop description.
* sm/gpgsm.c (cmd_and_opt_values): Drop enum value.
(opts): Drop argument.
(main): Drop argument handling.
* sm/gpgsm.h (struct opt): Drop field 'fixed_passphrase'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-07 15:22:38 +01:00
Werner Koch
d382242fb6
Replace GNUPG_GCC_A_ macros by GPGRT_ATTR_ macros.
* common/util.h: Provide replacement for GPGRT_ATTR_ macros when using
libgpg-error < 1.20.
* common/mischelp.h: Ditto.
* common/types.h: Ditto.
--

Given that libgpg-error is a dependency of all GnuPG related libraries
it is better to define such macros at only one place instead of having
similar macros at a lot of places.  For now we need repalcement
macros, though.
2015-07-26 12:50:24 +02:00
Werner Koch
2c9c46e2a2
gpgsm: Add command option "offline".
* sm/server.c (option_handler): Add "offline".
(cmd_getinfo): Ditto.
* sm/certchain.c (is_cert_still_valid):
(do_validate_chain):
* sm/gpgsm.c (gpgsm_init_default_ctrl): Default "offline" to the value
of --disable-dirmngr.
* sm/call-dirmngr.c (start_dirmngr_ext): Better also check for
ctrl->offline.
--

Adding this option makes it easier to implement the corresponding
feature in gpgme.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-29 11:06:41 +02:00
Werner Koch
24a75201da
Rename DBG_ASSUAN to DBG_IPC and add separate DBG_EXTPROG.
* g10/options.h (DBG_EXTPROG_VALUE): Separate from DBG_IPC_VALUE.
2015-04-06 13:42:17 +02:00
Werner Koch
7aee3579be Add option --no-autostart.
* g10/gpg.c: Add option --no-autostart.
* sm/gpgsm.c: Ditto.
* g10/options.h (opt): Add field autostart.
* sm/gpgsm.h (opt): Ditto.
* g10/call-agent.c (start_agent): Print note if agent was not
autostarted.
* sm/call-agent.c (start_agent): Ditto.
* g10/call-dirmngr.c (create_context): Likewise.
* sm/call-dirmngr.c (start_dirmngr_ext): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-11-28 09:44:19 +01:00
Werner Koch
c4b60cdae8 sm: Create homedir and lock empty keybox creation.
* sm/gpgsm.h (opt): Add field "no_homedir_creation".
* sm/gpgsm.c (main): Set it if --no-options is used.
* sm/keydb.c (try_make_homedir): New.  Similar to the one from
g10/openfile.c.
(maybe_create_keybox): New.  Similar to the one from g10/keydb.c.
(keydb_add_resource): Replace some code by maybe_create_keybox.
2014-08-14 17:15:50 +02:00
Werner Koch
be07ed65e1 Add new option --with-secret.
* g10/gpg.c: Add option --with-secret.
* g10/options.h (struct opt): Add field with_secret.
* g10/keylist.c (public_key_list): Pass opt.with_secret to list_all
and list_one.
(list_all, list_one): Add arg mark_secret.
(list_keyblock_colon): Add arg has_secret.
* sm/gpgsm.c: Add option --with-secret.
* sm/server.c (option_handler): Add option "with-secret".
* sm/gpgsm.h (server_control_s): Add field with_secret.
* sm/keylist.c (list_cert_colon): Take care of with_secret.  Also move
the token string from the wrong field 14 to 15.
--

This option is useful for key managers which need to know whether a
key has a secret key.  This change allows to collect this information
in one pass.
2014-06-03 21:35:59 +02:00
Werner Koch
0beec2f0f2 gpgsm: New commands --export-secret-key-{p8,raw}
* sm/gpgsm.c: Add new commands.
* sm/minip12.c (build_key_sequence): Add arg mode.
(p12_raw_build): New.
* sm/export.c (export_p12): Add arg rawmode.  Call p12_raw_build.
(gpgsm_p12_export): Ditto.
(print_short_info): Print the keygrip.
2014-06-03 18:57:33 +02:00
Werner Koch
8a12a2000d gpgsm: Add new validation model "steed".
* sm/gpgsm.h (VALIDATE_FLAG_STEED): New.
* sm/gpgsm.c (gpgsm_parse_validation_model): Add model "steed".
* sm/server.c (option_handler): Allow validation model "steed".
* sm/certlist.c (gpgsm_cert_has_well_known_private_key): New.
* sm/certchain.c (do_validate_chain): Handle the
well-known-private-key attribute.  Support the "steed" model.
(gpgsm_validate_chain): Ditto.
* sm/verify.c (gpgsm_verify): Return "steed" in the trust status line.
* sm/keylist.c (list_cert_colon): Print the new 'w' flag.
--

This is the first part of changes to implement the STEED proposal as
described at http://g10code.com/steed.html .  The idea for X.509 is
not to use plain self-signed certificates but certificates signed by a
dummy CA (i.e. one for which the private key is known).  Having a
single CA as an indication for the use of STEED might help other X.509
implementations to implement STEED.
2011-12-07 16:15:15 +01:00
Werner Koch
28c157b55c Support X.509 certificate creation.
Using "gpgsm --genkey" allows the creation of a self-signed
certificate via a new prompt.

Using "gpgsm --genkey --batch" should allow the creation of arbitrary
certificates controlled by a parameter file.  An example parameter file
is

    Key-Type: RSA
    Key-Length: 1024
    Key-Grip: 2C50DC6101C10C9C643E315FE3EADCCBC24F4BEA
    Key-Usage: sign, encrypt
    Serial: random
    Name-DN: CN=some test key
    Name-Email: foo@example.org
    Name-Email: bar@exmaple.org
    Hash-Algo: SHA384
    not-after: 2038-01-16 12:44

This creates a self-signed X.509 certificate using the key given by
the keygrip and using SHA-384 as hash algorithm.  The keyword
signing-key can be used to sign the certificate with a different key.
See sm/certreggen.c for details.
2011-03-01 14:42:56 +01:00
Werner Koch
b008274afd Nuked almost all trailing white space.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces.  In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much.  For future commits the pre-commit scripts
checks that this won't happen again.
2011-02-04 12:57:53 +01:00
Werner Koch
41a33e0c78 Remove superfluous parameter.
Make self-check interval larger
2010-11-26 09:42:56 +00:00
Werner Koch
a78335c9ce Add new option --with-keygrip 2010-10-08 11:11:08 +00:00
Werner Koch
7e752a4208 Auto-start dirmngr. 2010-08-16 11:03:43 +00:00
Werner Koch
91056b1976 Implement export of pkcs#12 objects using a direct agent connection. 2010-06-21 10:01:24 +00:00
Werner Koch
006fd75aea Avoid using the protect-tool to import pkcs#12. 2010-06-17 15:44:44 +00:00
Werner Koch
d8b1099d01 Merged jnlib into common. 2010-03-10 12:24:58 +00:00
Werner Koch
6216d33e8c Removed almost al dup calls. 2010-03-08 18:19:21 +00:00
Werner Koch
943aaf0cba Replace use stdio by estream functions. 2010-03-08 12:22:18 +00:00
Werner Koch
a51675fabe Add option --cert-extension. 2009-12-10 13:00:30 +00:00
Werner Koch
2193992559 Impleemned gpgsm's IMPORT --re-import feature.
Typo fix.
2009-07-07 16:52:12 +00:00
Werner Koch
f6f5430e50 Reworked passing of envars to Pinentry. 2009-07-07 10:02:41 +00:00
Werner Koch
81972ca7d5 Create a pkcs#10 request directly from a card.
Deprecate gpgsm-gencert.sh script.
2009-07-02 09:49:31 +00:00
Werner Koch
990585ad7d Signing using Netkey 3 cards does now work. 2009-03-26 19:27:04 +00:00
Werner Koch
ceb42db4dd Print NO_SECKEY status line in gpgsm.
This fixes bug#1020.
2009-03-25 16:05:16 +00:00
Werner Koch
a3b63ac1dc Add server option with-ephemeral-keys.
Extend SCD LEARN command.
2009-03-18 11:18:56 +00:00
Werner Koch
a9c317a95c New gpg-agent command to list key information.
Gpgsm does now print the S/N of cards.
Consider ephemeral keys during listing an export.
2009-03-06 17:31:27 +00:00
Werner Koch
3f8e827f63 fixed a bug in the prompt formatter. 2008-10-28 11:41:52 +00:00
Werner Koch
12366d1e81 Help dirmngr to use supplied trust anchors. 2008-10-21 15:03:51 +00:00
Werner Koch
8381a43ca7 Add gpgsm server command GETINFO agent-check.
Fix tests.
2008-09-30 10:30:20 +00:00
Marcus Brinkmann
7d2cfee1df 2008-08-08 Marcus Brinkmann <marcus@g10code.de>
* gpgsm.h (struct server_control_s): Remove member dirmngr_seen.
	* call-dirmngr.c (dirmngr2_ctx, dirmngr_ctx_locked)
	(dirmngr2_ctx_locked): New global variables.
	(prepare_dirmngr): Don't check dirmngr_seen anymore.
	(start_dirmngr): Move bunch of code to ...
	(start_dirmngr_ext): ... this new function.
	(release_dirmngr, start_dirmngr2, release_dirmngr2): New
	functions.
	(gpgsm_dirmngr_isvalid): Call release_dirmngr.
	(gpgsm_dirmngr_lookup): Call release_dirmngr.  If dirmngr_ctx is
	locked, use dirmngr2_locked.
	(gpgsm_dirmngr_run_command): Call release_dirmngr.
2008-08-08 01:06:48 +00:00
Werner Koch
a6a9181818 Start support of TCOS 3 cards.
Support restriction attribute.
Fix utf-8 printing problems.
Use AES by default.
2008-06-26 19:09:07 +00:00
Marcus Brinkmann
04e965c7fc sm/
2008-06-12  Marcus Brinkmann  <marcus@g10code.de>

	* gpgsm.h (struct keyserver_spec): New struct.
	(opt): Add member keyserver.
	* gpgsm.c (keyserver_list_free, parse_keyserver_line): New functions.
	(main): Implement --keyserver option.
	* call-dirmngr.c (prepare_dirmngr): Send LDAPSERVER commands.

tools/
2008-06-12  Marcus Brinkmann  <marcus@g10code.de>

	* gpgconf-comp.c (gc_options_gpgsm): Add option keyserver.
2008-06-12 14:24:46 +00:00