1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

79 Commits

Author SHA1 Message Date
Justus Winter
b9d1e099c3 tests: Test the pinentry interactions when exporting keys.
* tests/openpgp/export.test: Test pinentry interactions.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
4994153924 tests: Add support for a passphrase queue to fake pinentry.
* tests/openpgp/fake-pinentry.c (get_passphrase): New function.
(main): Add option --passphrasefile and read passphrases from it.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
41b10c66ec tests: Add logging to fake pinentry.
* tests/openpgp/fake-pinentry.c (log_stream): New variable.
(reply): New function.
(spacep,skip_options,option_value): Copy from common.
(main): Parse arguments, add --logfile option, write logfile.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Justus Winter
a54e89a585 tests: Add export test.
* tests/openpgp/Makefile.am (TESTS): Add new file.
* tests/openpgp/export.test: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-05-23 16:06:53 +02:00
Werner Koch
33aacc3d4b
tests: Silence output of some tests.
* common/t-exechelp.c (print_open_fds): Silence non-verbose output.
(test_close_all_fds): Ditto.
* common/t-session-env.c (show_stdnames): Indent output.
* g10/test.c (TEST): Silence non-verbose okay output.
(exit_tests): Ditto.
* tools/gpg-zip.in (tar_verbose_opt): Add option --quiet.
* tests/openpgp/gpgtar.test (GPGZIP): Pass option --quiet.
* tests/openpgp/mds.test: Indent MD5 notice.
* tests/openpgp/version.test: Indent --version output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-05-03 11:26:06 +02:00
Werner Koch
94504b3d5a
tests: Set fake-pinentry's stdout and stdin to _IOLBF.
* tests/openpgp/fake-pinentry.c (main): Call setvbuf.  Show passphrase
at startup.  Increase buffer.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-14 09:37:45 +02:00
Werner Koch
96bcd4220f
Now build "gpg" binary but install as "gpg2"
* configure.ac (USE_GPG2_HACK): New ac_define am_conditional.
* common/homedir.c (gnupg_module_name): Replace use of macro
NAME_OF_INSTALLED_GPG.
* g10/keygen.c (generate_keypair): Ditto.
* g10/Makefile.am (bin_PROGRAMS): Remove.
(noinst_PROGRAMS): Add gpg or gpg2 and gpgv or gpg2.
(gpg2_hack_list): New.
(use_gpg2_hack): New.
(gpg2_SOURCES): Rename to gpg_SOURCES.
(gpgv2_SOURCES): Rename to gpgv_SOURCES.
(gpg2_LDADD): Rename to gpg_LDADD.
(gpgv2_LDADD): Rename to gpgv_LDADD.
(gpg2_LDFLAGS): Rename to gpg_LDFLAGS.
(gpgv2_LDFLAGS): Rename to gpgv2_LDFLAGS.
(install-exec-hook): Remove WinCE specific rules and add new rules.
(uninstall-local): Uninstall gpg/gpg2 and gpgv/gpgv2.
* tests/openpgp/Makefile.am (required_pgms): s/gpg2/gpg/.
* tests/openpgp/defs.inc: Ditto.
* tests/openpgp/gpgtar.test: Ditto.
* tests/openpgp/mkdemodirs: Ditto.
* tests/openpgp/signdemokey: Ditto.

* Makefile.am (DISTCHECK_CONFIGURE_FLAGS): Remove obsolete
--enable-mailto, add --enable-gpg2-is-gpg.
--

Although we need to duplicate some automake generated code this method
allows to easily switch the name of the installed target using the
configure option "--enable-gpg2-is-gpg".

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-04-04 18:40:25 +02:00
Werner Koch
c6ed863491
tests: Add missing file.
* tests/openpgp/Makefile.am (TEST_FILES): Add plain-largeo.asc.
--

Fixes-commit: 785a7f463ec4e937304ce1263c5e6a46e8079137
2016-04-04 18:40:25 +02:00
Justus Winter
dd5902cc45 tests: Fix default key test.
* tests/openpgp/default-key.test: Avoid using the option
'--trust-model' unconditionally.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-04-04 13:10:28 +02:00
Justus Winter
a883d4c0f8 tests/openpgp: Skip gpgtar test if it has not been built.
* tests/openpgp/gpgtar.test: Check if executable exists.

GnuPG-bug-id: 2261
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-03 12:24:24 +01:00
Uldis Anšmits
1cdb744d91 tests/openpgp: Make tests more portable.
* tests/openpgp/default-key.test: Avoid 'grep -q'.
* tests/openpgp/gpgtar.test: Avoid 'grep -qe' and 'diff -q'.
* tests/openpgp/use-exact-key.test: Avoid 'grep -q'.

GnuPG-bug-id: 2262
Signed-off-by: Justus Winter <justus@g10code.com>
2016-03-02 17:59:38 +01:00
Justus Winter
ede0061feb tests/openpgp: Qualify executables with extension.
* tests/openpgp/Makefile.am (required_pgms): Qualify executables with
'$EXEEXT'.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-02-23 11:58:52 +01:00
Justus Winter
01dcc2cf2f tests/openpgp: Reimplement 'pinentry.sh' in c.
* tests/openpgp/Makefile.am: Build new program.
* tests/openpgp/defs.inc: Use the new program.
* tests/openpgp/fake-pinentry.c: New file.
--
Building an executable that does not require an interpreter makes it
easier to use on Windows.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-02-23 11:58:52 +01:00
Justus Winter
785a7f463e tests/openpgp: Avoid dependency on source files.
* tests/openpgp/plain-largeo.asc: New file.
* tests/openpgp/version.test: Dearmor the new file instead of relying
on the source being present.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-02-23 11:58:52 +01:00
Justus Winter
629284120f tests/openpgp: Fix file removal.
* tests/openpgp/version.test: Fix file removal.

Signed-off-by: Justus Winter <justus@g10code.com>
2016-02-23 11:58:52 +01:00
Werner Koch
d711f5c769
tests: Remove some harmless warnings in regression tests.
* tests/openpgp/gpg-agent.conf.tmpl: Remove --use-standard-socket.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-02-13 17:06:15 +01:00
Werner Koch
1fbfa1bf0a
tests: Use info and error instead of a plain echo.
* tests/openpgp/4gb-packet.test: Use error and info.

Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-06 08:34:14 +01:00
Neal H. Walfield
dc52995d85 gpg: Lazily evaluate --default-key.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-22 15:03:54 +01:00
Justus Winter
1c8eae95a8 tests: Add some more gpgtar tests.
* tests/openpgp/gpgtar.test: Add more tests.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-07 13:05:01 +01:00
Justus Winter
582e684a48 tools/gpgtar: Implement symmetric encryption.
* tests/openpgp/gpgtar.test: Add test case.
* tools/gpgtar-create.c (gpgtar_create): Pass '--symmetric' flag to
gpg.
* tools/gpgtar.c (parse_arguments): We do handle the argument now.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:40 +01:00
Justus Winter
45c814f348 tools/gpgtar: Implement signing.
* tests/openpgp/gpgtar.test: Test signing.
* tools/gpgtar-create.c (gpgtar_create): Add 'sign' option, add the
appropriate gpg arguments to implement signing and selecting the local
user.
* tools/gpgtar.c (parse_options): We do handle '--local-user' now.
(main): Handle signing, encrypting, and doing both when creating an
archive.
* tools/gpgtar.h (gpgtar_create): Update prototype.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-12-04 12:52:40 +01:00
Neal H. Walfield
cedbd4709e gpg: Use the matching key if the search description is exact.
* g10/gpg.c (check_user_ids): If the search description is for an
exact match (a keyid or fingerprint that ends in '!'), then use the
matching key, not the primary key.
* tests/openpgp/Makefile.am (TESTS): Add use-exact-key.test.
(priv_keys): Add privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc,
privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc,
privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc,
privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc and
privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc.
(sample_keys): Add
samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc.
* tests/openpgp/privkeys/00FE67F28A52A8AA08FFAED20AF832DA916D1985.asc:
New file.
* tests/openpgp/privkeys/1DF48228FEFF3EC2481B106E0ACA8C465C662CC5.asc:
New file.
* tests/openpgp/privkeys/A2832820DC9F40751BDCD375BB0945BA33EC6B4C.asc:
New file.
* tests/openpgp/privkeys/ADE710D74409777B7729A7653373D820F67892E0.asc:
New file.
* tests/openpgp/privkeys/CEFC51AF91F68A2904FBFF62C4F075A4785B803F.asc:
New file.
* tests/openpgp/samplekeys/E657FB607BB4F21C90BB6651BC067AF28BC90111.asc:
New file.
* tests/openpgp/use-exact-key.test: New file.
* tests/openpgp/version.test: Install the new private keys.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Reported-by: Reported-by: Kristian Fiskerstrand
  <kristian.fiskerstrand@sumptuouscapital.com>
Fixes-commit: 10cca02
2015-12-03 00:00:54 +01:00
Justus Winter
69a8440f44 tools/gpgtar: Handle '--gpg-args'.
* tools/gpgtar-create.c (gpgtar_create): Use given arguments.
* tools/gpgtar-extract.c (gpgtar_extract): Likewise.
* tools/gpgtar-list.c (gpgtar_list): Likewise.
* tools/gpgtar.c (enum cmd_and_opt_values): New value.
(opts): Add 'gpg-args'.
(parse_arguments): Handle arguments.
* tools/gpgtar.h (opt): Add field 'gpg_arguments'.
* tests/openpgp/gpgtar.test: Simplify accordingly.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-26 15:36:52 +01:00
Justus Winter
2eb3248058 tools/gpgtar: Handle '--tar-args' for compatibility with gpg-zip.
* tools/gpgtar.c (enum cmd_and_opt_values): New value.
(opts): Add new group for tar options, rearrange a little, add
'--tar-args'.
(tar_opts): New variable.
(shell_parse_stringlist): New function.
(shell_parse_argv): Likewise.
(parse_arguments): Add option argument, handle '--tar-args'.
(main): Fix invokation of 'parse_arguments'.
* tests/openpgp/gpgtar.test: Simplify decryption.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-26 14:28:22 +01:00
Justus Winter
556e8c4426 tests: Add tests for gpgtar and gpg-zip.
* tests/openpgp/Makefile.am (TESTS): Add new file.
* tests/openpgp/gpgtar.test: New file.

Signed-off-by: Justus Winter <justus@g10code.com>
2015-11-25 18:38:45 +01:00
Neal H. Walfield
770c06ed4e gpg: If sqlite is not available, don't build things depending on it.
* configure.ac: Define the automake conditional SQLITE3.
* tests/openpgp/Makefile.am (TESTS): Move the sqlite3 dependent tests
to...
(sqlite3_dependent_tests): ... this new variable.  If SQLITE3 is not
defined, then clear this variable.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-23 12:42:31 +01:00
Neal H. Walfield
f77913e0ff g10: Add TOFU support.
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask.  Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask.  Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask.  Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask.  If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level.  Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-10-18 18:45:40 +02:00
Werner Koch
4584125802
gpg: Try hard to use MDC also for sign+symenc.
* g10/encrypt.c (use_mdc): Make it a global func.
* g10/sign.c (sign_symencrypt_file): Use that function to decide
whether to use an MDC.
* tests/openpgp/conventional-mdc.test: Add a simple test case.
--

We used --force-mdc in sign+symenc mode (-cs) only with --force-mdc.
That broke our assumption from commit 625e292 (GnuPG 2.1.9) that all
uses of modern ciphers are using MDC.

Reported-by: Ben Kibbey <bjk@luxsci.net>
Signed-off-by: Werner Koch <wk@gnupg.org>
2015-10-12 09:31:44 +02:00
Werner Koch
0bae2ff599
tests: Two new OpenPGP test keys from E2E.
--
2015-10-05 10:58:00 +02:00
Werner Koch
7a0c3cc760
tests: Silence the 5gb-packet test.
* tests/openpgp/4gb-packet.test: Send output to /dev/null.

Signed-off-by: Werner Koch <wk@gnupg.org>
2015-09-10 18:12:22 +02:00
Neal H. Walfield
09f2a7bca6 common: Don't incorrectly reject 4 GB - 1 sized packets.
* g10/parse-packet.c (parse): Don't reject 4 GB - 1 sized packets.
Add the constraint that the type must be 63.
* kbx/keybox-openpgp.c (next_packet): Likewise.
* tests/openpgp/4gb-packet.asc: New file.
* tests/openpgp/4gb-packet.test: New file.
* tests/openpgp/Makefile.am (TESTS): Add 4gb-packet.test.
(TEST_FILES): Add 4gb-packet.asc.

--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-21 14:21:13 +02:00
Werner Koch
5038276fc4
tests: More OpenPGP test keys
--
2015-05-16 12:20:02 +02:00
Werner Koch
9546aa3cc8 tests: Speed up the genkey1024.test by using not so strong random.
* agent/gpg-agent.c (oDebugQuickRandom): New.
(opts): New option --debug-quick-random.
(main): Use new option.
* common/asshelp.c (start_new_gpg_agent): Add hack to pass an
additional argument for the agent name.
* tests/openpgp/defs.inc: Pass --debug-quick-random to the gpg-agent
starting parameters.
* tests/openpgp/version.test: Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-30 09:55:51 +01:00
Werner Koch
8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00
Werner Koch
fab89f159b gpg: Remove extra RSA import status line.
* g10/import.c (stats_s): Remove field "imported_rsa".
(import_print_stats): Do not print separate value for RSA.
(import_one): Remove the RSA counter.
--

RSA is the standard key format and thus there is no more need to have
a separate counter.  This is a remain from the RSA patent times.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 15:08:58 +02:00
Werner Koch
c60814a5ce gpg: Allow importing keys with duplicated long key ids.
* g10/keydb.c (keydb_handle): Add field no_caching.
(keyblock_cache): Repalce field kid by fpr.
(keydb_disable_caching): New.
(keydb_search): Use the fingerprint as cache index.

* g10/import.c (import_one): Use the fingerprint and not the kid to
lookup the key.  Call keydb_disable_caching beofre re-searching for
update.

* tests/openpgp/import.test: Add a test case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:01:29 +02:00
Werner Koch
a256722537 tests: Add sample keys with colliding long keu ids.
--

Thanks to David Leon Gil <coruus@gmail.com> who posted these keys to
openpgp@ietf.org on Fri, 13 Dec 2013 07:09:54 -0800 (PST).
2014-10-13 13:57:00 +02:00
Werner Koch
2543f0ab9c tests: Speed up conventional encryption tests for gpg.
* tests/openpgp/conventional-mdc.test: Add an s2k-count option.
* tests/openpgp/conventional.test: Ditto.
--

Due to measuring the iteration count for the passphrase hashing, the
conventional encryption tests are running quite slow.  This patch
fixes it by using a fixed and lower value for the iteration count.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 11:45:34 +02:00
Werner Koch
ade531acac Some doc fixes and a fix for "make distcheck".
--
2014-10-03 13:02:23 +02:00
Werner Koch
83c2d2396c gpg: Use algorithm id 22 for EdDSA.
* common/openpgpdefs.h (PUBKEY_ALGO_EDDSA): Change to 22.
* g10/keygen.c (ask_curve): Reword the Curve25519 warning note.
--

In the hope that the IETF will eventually assign 22 for EdDSA using
the draft-koch-eddsa-for-openpgp-01 specs we start using this number.
2014-09-12 11:31:49 +02:00
Werner Koch
3259862cb4 tests: Re-enable OpenPGP ecc test.
--
2014-08-18 12:55:54 +02:00
Werner Koch
2b8d8369d5 gpg: Remove options --pgp2 and --rfc1991.
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove.  Remove all users.
(RFC2440, PGP2): Remove.  Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--

The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5).  Thus we remove all support for
_creating_ PGP 2 compatible messages.
2014-08-14 11:03:55 +02:00
Werner Koch
03018ef9ee gpg: Auto-create revocation certificates.
* configure.ac (GNUPG_OPENPGP_REVOC_DIR): New config define.
* g10/revoke.c (create_revocation): Add arg "leadin".
(gen_standard_revoke): New.
* g10/openfile.c (get_openpgp_revocdir): New.
(open_outfile): Add MODE value 3.
* g10/keyid.c (hexfingerprint): New.
* g10/keygen.c (do_generate_keypair): Call gen_standard_revoke.
--

GnuPG-bug-id: 1042
2014-06-30 16:40:55 +02:00
Werner Koch
8fee6c1ce6 gpg: Finish experimental support for Ed25519.
* agent/cvt-openpgp.c (try_do_unprotect_arg_s): Add field "curve".
(get_keygrip): Add and use arg CURVE.
(convert_secret_key): Ditto.
(convert_transfer_key): Ditto.
(get_npkey_nskey): New.
(prepare_unprotect): Replace gcrypt functions by
get_npkey_nskey.  Allow opaque MPIs.
(do_unprotect): Use CURVE instead of parameters.
(convert_from_openpgp_main): Ditto.
(convert_to_openpgp):  Simplify.
* g10/import.c (one_mpi_from_pkey): Remove.
(transfer_secret_keys): Rewrite to use the curve instead of the
parameters.
* g10/parse-packet.c (parse_key): Mark protected MPIs with USER1 flag.

* common/openpgp-oid.c (openpgp_curve_to_oid): Allow the use of
 "NIST P-256" et al.
* g10/keygen.c (ask_curve): Add arg ALGO.
(generate_keypair): Rewrite the ECC key logic.

* tests/openpgp/ecc.test: Provide the "ecc" passphrase.
2014-05-07 13:27:43 +02:00
Werner Koch
f90cfe6b66 gpg: Reject signatures made with MD5.
* g10/gpg.c: Add option --allow-weak-digest-algos.
(main): Set option also in PGP2 mode.
* g10/options.h (struct opt): Add flags.allow_weak_digest_algos.
* g10/sig-check.c (do_check): Reject MD5 signatures.
* tests/openpgp/defs.inc: Add allow_weak_digest_algos to gpg.conf.
2014-03-17 18:14:23 +01:00
Werner Koch
62fb86c658 gpg: Allow building without any trust model support.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above.  Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.

* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.

* tests/openpgp/defs.inc (opt_always): New.  Use in all tests instead
of --always-trust.
2014-02-10 17:46:40 +01:00
Werner Koch
ea7f895319 tests: Handle disabled algorithms.
* tests/openpgp/mds.test: Skip disabled algorithms.
* tests/openpgp/signencrypt-dsa.test: Ditto.
* tests/openpgp/sigs-dsa.test: Ditto.
2014-02-10 10:41:48 +01:00
Werner Koch
a0102a548d Fix minor compiler warnings.
--
2013-11-15 15:49:34 +01:00
Werner Koch
f1e1387bee Do not mix test result with progress lines.
This makes parsing of the results easier.  Fixes bug#1400.

* tests/openpgp/defs.inc (progress_cancel, progress_end)
(progress_new): New.
* tests/openpgp/conventional-mdc.test: Use progress functions
* tests/openpgp/conventional.test: Ditto.
* tests/openpgp/encrypt-dsa.test: Ditto.
* tests/openpgp/encrypt.test: Ditto.
* tests/openpgp/sigs.test: Ditto.
--
The new output style is now:

      > MD5 SHA1 RIPEMD160 SHA256 SHA384 SHA512 SHA224 <
  PASS: sigs.test

or if the test fails:

      > MD5 SHA1
  sigs.test: ooops
  FAIL: sigs.test
2012-04-05 20:36:04 +02:00
Werner Koch
2336b09779 Generate the ChangeLog from commit logs.
* scripts/gitlog-to-changelog: New script.  Taken from gnulib.
* scripts/git-log-fix: New file.
* scripts/git-log-footer: New file.
* doc/HACKING: Describe the ChangeLog policy
* ChangeLog: New file.
* Makefile.am (EXTRA_DIST): Add new files.
(gen-ChangeLog): New.
(dist-hook): Run gen-ChangeLog.

Rename all ChangeLog files to ChangeLog-2011.
2011-12-01 11:09:02 +01:00