1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2439 Commits

Author SHA1 Message Date
NIIBE Yutaka
dd4fb1c8f6 gpg: Fix first zero-byte case for SOS handling.
* g10/export.c (transfer_format_to_openpgp): Check the first byte.
* g10/pkglue.c (sexp_extract_param_sos): Likewise.

--

GnuPG-bug-id: 5116
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-30 15:21:20 +09:00
Werner Koch
243f9176e7
gpg: New command --quick-revoke-sig
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
* g10/keylist.c (cmp_signodes): Make global.
--

GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
Werner Koch
742e2729f4
gpg: Sort the signatures in standard key listings.
* g10/gpg.c (parse_list_options): Add "sort-sigs".
(main): Make it the default.
* g10/options.h (LIST_SORT_SIGS): New.
* g10/keylist.c (cmp_signodes): New.
(list_keyblock_print): Sort signatures and factor signature printing
code out to ...
(list_signature_print): new.
--

In particular together with --full-timestamps this makes it easier to
see the history of key signatures and their revocations.  The
self-signatures are also printed first.  To disable this

  --list-options no-sort-sigs

can be used.

Also don't print the annoying "no recocation reason specified"
message.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-27 17:21:19 +01:00
Werner Koch
0f780b1aeb
g10: Make call to agent_scd_serialno more robust.
* g10/call-agent.c (agent_scd_serialno): Make sure that NULL is stored
on error at r_serialno.
* g10/card-util.c (card_status): Simplify freeing of seriaono.
(factory_reset): Ditto.
--

This pattern is what we use with other functions returning an
allocated string and thus less surprising.
2020-10-26 12:50:30 +01:00
Werner Koch
cf4b8a27c3
g10,sm: Use gnupg_access at two more places
--
2020-10-26 12:50:13 +01:00
NIIBE Yutaka
a153d0f769 gpg: Fix double free on error.
* g10/card-util.c (card_status): Check an error return.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-26 14:00:26 +09:00
NIIBE Yutaka
157f1de64e gpg,tools: Fix detecting OpenPGP card by serialno.
* tools/gpg-card.c (list_openpgp): Use ->apptype to determine card's
APP.
* g10/card-util.c (get_info_for_key_operation): Likewise.
(current_card_status): Even if its SERIALNO is not like OpenPGP card,
it's OpenPGP card when app says so.

--

GnuPG-bug-id: 5100
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-26 13:49:23 +09:00
Werner Koch
18e5dd7b03
Replace all calls to stat by gnupg_stat.
* common/sysutils.c (gnupg_stat): New.
* common/sysutils.h: Include sys/stat.h.
--

Yet another wrapper for Unicode support on Windows.

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 16:38:06 +02:00
Werner Koch
4dcef0e178
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
2020-10-20 14:08:35 +02:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
NIIBE Yutaka
228836f79f gpg,ecc: Fix SOS handling when receiving from agent.
* g10/export.c (transfer_format_to_openpgp): It's not simple opaque
MPI, but SOS.

--

Fixes-commit: f5bc94555458123f93d8b07816a68fb7485421e1
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-10-09 13:57:35 +09:00
Werner Koch
ff31dde456
gpg: Switch to ed25519+cv25519 as default algo.
* g10/keygen.c (DEFAULT_STD_KEY_PARAM): Change to former future
default ago.
(ask_algo): Change default and also the way we indicate the default
algo in the list of algos.
(ask_curve): Indicate the default curve.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-05 14:21:31 +02:00
Werner Koch
e824e27d36
gpg: Fix parameter parsing form ed448.
* g10/keygen.c (parse_key_parameter_part): Set algo also for 448.
--
Fixes-commit: a763bb2580b0d586a80b8ccd3654f41e49604f4f
2020-10-02 12:29:20 +02:00
Werner Koch
d49a945b12
gpg: New experimental import option "bulk-import"
* g10/options.h (IMPORT_BULK): New.
* g10/import.c (parse_import_options): Add "bulk-import".
* g10/call-keyboxd.c (in_transaction): New var.
(gpg_keyboxd_deinit_session_data): Run a commit if in bulk import
mode.
(create_new_context): Run a begin transaction if in bulk import mode.
--

Initial tests with this option are not very promising.  Importing
about 3000 real world keys with --use-keyboxd and full logging took:

   real    33m31.724s
   user    19m54.265s
   sys     2m49.662s

With bulk-import this saves a mere 12%:

   real    29m36.542s
   user    19m3.391s
   sys     2m46.728s

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 16:47:10 +02:00
Werner Koch
25ad3c22d7
keyboxd: Implement multiple search descriptions.
* kbx/kbx-client-util.c (kbx_client_data_simple): New.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add field descidx.
(be_sqlite_search): Use that.
* g10/call-keyboxd.c (keydb_search): Implement multi mode.
--

With that change the keyboxd is at par with the keybox code.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-24 10:37:42 +02:00
Werner Koch
1835097561
gpg: Set the found-by flags in the keyblock in keyboxd mode.
* g10/keydb-private.h (struct keydb_handle_s): Add fields to return
the ordinals of the last found blob.
* g10/call-keyboxd.c (keydb_get_keyblock): Pass them to the keyblock
parser.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-22 16:20:41 +02:00
Werner Koch
babd87f2da
doc: Some documentation updates.
--

Also fixed some typos and documented soon to be used OIDs
2020-09-21 09:20:47 +02:00
NIIBE Yutaka
dfdcf14738 common,agent,dirmngr,g10,tools: Fix split_fields API.
* common/stringhelp.h (split_fields): Use const * for the strings in
the ARRAY.
(split_fields_colon): Likewise.
* common/stringhelp.c (split_fields, split_fields_colon): Fix
the implementation.
* agent/call-scd.c, agent/command.c: Follow the change.
* common/t-stringhelp.c, dirmngr/loadswdb.c: Likewise.
* g10/call-agent.c, tools/card-call-scd.c: Likewise.
* tools/card-yubikey.c, tools/gpg-card.c: Likewise.
* tools/gpg-card.h, tools/gpg-wks-client.c: Likewise.
* tools/gpgconf-comp.c, tools/gpgconf.c: Likewise.
* tools/wks-util.c: Likewise.

--

The strings in the ARRAY don't need to be released by caller, as those
are references.  It's easier to follow the code when it's explicitly
const *.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-18 10:20:23 +09:00
NIIBE Yutaka
8dfd0ebfd8 gpg,scd: Fix handling of KDF feature.
* g10/card-util.c (kdf_setup): Fix the default value.
* scd/app-openpgp.c (do_setattr): Support kdf-setup "off" by
Zeitcontrol.  Make sure Gnuk and Yubikey work well.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-16 12:49:20 +09:00
Werner Koch
6fcc263c18
keyboxd: Use D-lines instead of a separate thread.
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--

This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation.  Given that the
thread adds extra complexity we go for now with the D-line approach.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:14:02 +02:00
Werner Koch
29977e21d1
keyboxd: Add options --openpgp and --x509 to SEARCH.
* kbx/keyboxd.h (struct server_control_s): Replace the two request
objects by just one.  Add filter flags.
* kbx/kbxserver.c (cmd_search): Add options --openpgp and --x509.
(cmd_killkeyboxd): Do not return GPG_ERR_EOF.
* kbx/frontend.c (kbxd_release_session_info): Adjust for the new
request object.
(kbxd_search, kbxd_store, kbxd_delete): Ditto.
* kbx/backend-sqlite.c (struct be_sqlite_local_s): Add filter flags.
(run_sql_prepare): Add optional arg 'extra'.  Change callers.
(run_sql_bind_ntext): New.
(run_sql_bind_text): Just call run_sql_bind_ntext.
(run_select_statement): Add ctrl arg.  Implement the filter flags.

* g10/call-keyboxd.c (keydb_search): Use the --openpgp option.
--

As soon as we implement X.509 we need to have a way to return only
openpgp or x.509 certificates.  Gpg/gpgsm will then use the respective
flag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:08:48 +02:00
Werner Koch
adec6a84f6
kbx: Change X.509 S/N search definition.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
SNLLEN with a hex flag.  Add SNHEX.
* kbx/keybox-search.c (keybox_search): Adjust.
* common/userids.c (classify_user_id): Adjust.
* sm/keydb.c (keydb_search_desc_dump): Adjust.
* g10/keydb.c (keydb_search_desc_dump): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 20:34:59 +02:00
NIIBE Yutaka
2bc1ec2944 gpg,tools: Add handling of supported algorithms by a card.
* g10/call-agent.h (struct agent_card_info_s): Add supported_keyalgo.
* g10/call-agent.c (learn_status_cb): Parse KEY-ATTR-INFO.
(agent_release_card_info): Release supported_keyalgo.
* tools/gpg-card.h (struct card_info_s): Add supported_keyalgo.
* tools/card-call-scd.c (learn_status_cb): Parse KEY-ATTR-INFO.
(release_card_info): Release supported_keyalgo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-09-08 15:34:42 +09:00
Werner Koch
65eb156980
gpg: Initialize a parameter to silence valgrind.
* g10/keygen.c (read_parameter_file): Initialize nline.
* g10/textfilter.c (copy_clearsig_text): Initialize bufsize.
--

In iobuf_read_line the parameter to pass and return the current buffer
length is controlled by the buffer parameter.  Thus there should be no
problem because the assert call check s buffer first.  For yet unknown
reasons when using the standard GNU libc assert valgrind complains
about an uninitialized variable.  That does not happen with our
log_assert.

Tested with gnupg 2.2.23 with gcc 8.3.0 and valgrind 3.14.0.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-04 11:32:47 +02:00
Werner Koch
8ec9573e57
gpg: Fix segv importing certain keys.
* g10/key-check.c (key_check_all_keysigs): Initialize issuer.
--

Fixes-commit: 404fa8211b6188a0abe83ef43a4b44d528c0b035
from 2017

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:30:44 +02:00
Werner Koch
497db0b5bc
keyboxd: Restructure client access code.
* kbx/kbx-client-util.c: New.
* kbx/kbx-client-util.h: New.
* kbx/Makefile.am (client_sources): New.
* g10/keydb.c (parse_keyblock_image): Rename to keydb_parse_keyblock
and make global.
* g10/call-keyboxd.c: Include kbx-client-util.h.
(struct keyboxd_local_s): Remove struct datastream.  Add field kcd.
Remove per_session_init_done.
(lock_datastream, unlock_datastream): Remove.
(prepare_data_pipe, datastream_thread): Remove.
(keydb_get_keyblock_do_parse): Remove.
(gpg_keyboxd_deinit_session_data): Release the KCD object.
(open_context): Use of kbx_client_data_new.
(keydb_get_keyblock): Simplify.
(keydb_search): Use kbx_client_data_cmd and _wait.
--

The data specific part of the code has been moved from gpg to a new
module in kbx/ so that it can also be used by gpgsm.  The OpenPGP
parsing while reading the data has been replaced by storing the data
in memory and parse it later.  That makes a nice interface and
abstracts the fd-passing/D-lines handling away.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-02 15:16:29 +02:00
Werner Koch
2cd8bae23d
Use only one copy of the warn_server_mismatch function.
* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-01 20:43:57 +02:00
Werner Koch
fc1a185755
gpg: Remove left over debug output from recent change.
* g10/import.c (collapse_subkeys): Remove debug out.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 15:20:28 +02:00
Werner Koch
633c1fea5f
gpg: Collapse duplicate subkeys.
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--

GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
Werner Koch
96e15051ba
Add a new dist signing key
--

This is

  pub   ed25519 2020-08-24 [SC] [expires: 2030-06-30]
        6DAA 6E64 A76D 2840 571B  4902 5288 97B8 2640 3ADA
  uid                      Werner Koch (dist signing 2020)
2020-08-24 19:47:26 +02:00
Werner Koch
32aac55875
build: New configure option --disable-tests
* configure.ac: Add option --disable-tests.  Print warnings in the
summary.
(DISABLE_TESTS): New am_conditional.
--
GnuPG-bug-id: 4960
2020-08-20 10:54:17 +02:00
Werner Koch
4031c42bfd
gpg,gpgsm: Record the creation time of a private key.
* sm/call-agent.c (gpgsm_agent_genkey): Pass --timestamp option.
(gpgsm_agent_import_key): Ditto.
* g10/call-agent.c (agent_genkey): Add arg timestamp and pass it on.
(agent_import_key): Ditto.
* g10/import.c (transfer_secret_keys): Pass the creation date to the
agent.
* g10/keygen.c (common_gen): Ditto.
--

Having the creation time in the private key file makes it a lot easier
to re-create an OpenPGP public keyblock in case it was accidentally
lost.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-19 13:43:16 +02:00
NIIBE Yutaka
1d66b518ca gpg: Fix condition of string_to_aead_algo.
* g10/misc.c (string_to_aead_algo): Only compare if not NULL.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-19 15:18:42 +09:00
Werner Koch
6bcb609e1b
Add --chuid to gpg, gpg-card, and gpg-connect-agent.
* g10/gpg.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.  Delay setting of homedir until the new
chuid is done.
* sm/gpgsm.c (main): Delay setting of homedir until the new chuid is
done.
* tools/gpg-card.c (oChUid): New.
(opts): Add --chuid.
(changeuser): New helper var.
(main): Implement --chuid.
* tools/gpg-connect-agent.c (oChUid): New.
(opts): Add --chuid.
(main): Implement --chuid.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-14 12:19:11 +02:00
Werner Koch
53d84f9815
gpg: Ignore personal_digest_prefs for ECDSA keys.
* g10/sign.c (hash_for): Simplify hash algo selection for ECDSA.
--

GnuPG-bug-id: 5021
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-13 11:19:22 +02:00
NIIBE Yutaka
373c975859 gpg: Fix trustdb for v5key.
* g10/keydb.h (fpr20_from_pk): New.
* g10/keyid.c (fpr20_from_pk): New.
* g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk.
* g10/trustdb.c (keyid_from_fpr20): New.
(verify_own_keys): Use keyid_from_fpr20.
(tdb_update_ownertrust): Use fpr20_from_pk.
(update_min_ownertrust): Likewise.
(update_validity): Likewise.

--

For the compatibility of existing implementation, we keep the format
of trustdb untouched.  The format of trustdb uses 20-byte fingerprint
for the trust record entry.  To handle both of v4key (with 20-byte
fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20
fingerprint, internally.  For v4key, FPR20 is as same as v4
fingerprint.  For v5key, FPR20 is constructed from v5key fingerprint.

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:47 +09:00
NIIBE Yutaka
20982bbd75 gpg: Fix short key ID for v5key.
* g10/keyid.c (keyid_from_pk): Return keyid[0] for v5key.
* g10/keyring.c (keyring_search): Handle short key ID for v5key.

--

GnuPG-bug-id: 5000
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 13:02:40 +09:00
Werner Koch
0774482257
build: Remove expired key of David Shaw from distsigkey.gpg.
--
2020-08-06 11:26:57 +02:00
Werner Koch
d847f0651a
gpg: Add level 16 to --gen-random
* g10/gpg.c (main): Add that hack.
--

This is an yet undocumented hack to allow printing hex encoded random
number with gpg.  The level is forced to be 1 which is is good for
almost all uses.  Note that --armor is ignored.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-05 16:53:34 +02:00
Werner Koch
5c514a274c
gpg: Do not close stdout after --export-ssh-key
* g10/export.c (export_ssh_key): Do not close stdout.
--

stdout should never be closed; this fixes this minor bug.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-16 11:31:13 +02:00
Werner Koch
3e730c55e7
gpg: Reword warning about decryption w/o using a non-encrypt key.
--
2020-07-14 11:01:45 +02:00
NIIBE Yutaka
31ae0718ba gpg: For decryption, support use of a key with no 'encrypt' usage.
* g10/pubkey-enc.c (get_session_key): Don't skip at no PUBKEY_USAGE_ENC.
Emit information the key has no 'encrypt' usage.

--

GnuPG-bug-id: 4246
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-07-10 10:00:00 +09:00
Werner Koch
212f9b20b5
gpg: Print a note if no args are given to --delete-key
--

It is a bit surprising that nothing happens if no key is specified to
--delete-key et al.  Although this is common Unix behaviour the use
might have expected that it behaves like --export and deletes all
keys.  Sure we don't do the latter, so a short notice will help.

GnuPG-bug-id: 4959
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-09 11:24:54 +02:00
Werner Koch
999d25d47d
Do not use the pinentry's qualitybar
* agent/genkey.c (agent_ask_new_passphrase): No qualitybar.
* g10/call-agent.c (agent_get_passphrase): Ditto.
* sm/call-agent.c (gpgsm_agent_ask_passphrase): Ditto.
--

The concept of a passphrase quality indicator is anyway questionable
because user are smart enough to trick them out and they also tend to
limit the actually used entropy.

Except for the red/green switching (to show whether constraints are
fulfilled) our qualitybar is pretty bad and thus worse than none.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:54:10 +02:00
Werner Koch
a6a4bbf6de
gpg: Use integrated passphrase repeat entry also for -c.
* g10/call-agent.c (agent_get_passphrase): Add arg newsymkey.
* g10/passphrase.c (passphrase_get): Add arg newsymkey.
(passphrase_to_dek): Pass it on.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-08 14:33:25 +02:00
Werner Koch
6864bba78e
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-07 12:58:29 +02:00
Werner Koch
969abcf40c
sm: Exclude rsaPSS from de-vs compliance mode.
* common/compliance.h (PK_ALGO_FLAG_RSAPSS): New.
* common/compliance.c (gnupg_pk_is_compliant): Add arg alog_flags and
test rsaPSS.  Adjust all callers.
(gnupg_pk_is_allowed): Ditto.
* sm/misc.c (gpgsm_ksba_cms_get_sig_val): New wrapper function.
(gpgsm_get_hash_algo_from_sigval): New.
* sm/certcheck.c (gpgsm_check_cms_signature): Change type of sigval
arg.  Add arg pkalgoflags.  Use the PK_ALGO_FLAG_RSAPSS.
* sm/verify.c (gpgsm_verify): Use the new wrapper and new fucntion to
also get the algo flags.  Pass algo flags along.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-03 16:15:29 +02:00
NIIBE Yutaka
45398518fb ecc: Support Ed448/X448 key generation.
* g10/keygen.c (ask_curve): Support Ed448/X448 keys.
(generate_keypair): Support switch to X448 key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-30 14:20:31 +09:00
NIIBE Yutaka
a763bb2580 gpg,agent: Support Ed448 signing.
* agent/pksign.c (do_encode_eddsa): First argument is NBITs,
so that it can support Ed448, as well as Ed25519.
(agent_pksign_do): Follow the change.
* agent/sexp-secret.c (fixup_when_ecc_private_key): No fix-up needed
for Ed448, it's only for classic curves.
* common/openpgp-oid.c (oidtable): Add Ed448.
* common/sexputil.c (get_pk_algo_from_key): Ed448 is only for EdDSA.
* g10/export.c (match_curve_skey_pk): Ed448 is for EdDSA.
* g10/keygen.c (gen_ecc): Support Ed448 with the name of "ed448".
(ask_algo, parse_key_parameter_part): Handle "ed448".
* g10/pkglue.c (pk_verify): Support Ed448.
(pk_check_secret_key): Support Ed448.
* g10/sign.c (hash_for): Defaults to SHA512 for Ed448.
(make_keysig_packet): Likewise.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-06-24 10:05:03 +09:00