1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

768 Commits

Author SHA1 Message Date
Werner Koch
f8075257af
gpgsm: New option --require-compliance
* sm/gpgsm.c (oRequireCompliance): New.
(opts): Add --require-compliance.
(main): Set option.
* sm/gpgsm.h (opt): Add field require_compliance.
(gpgsm_errors_seen): Declare.
* sm/verify.c (gpgsm_verify): Emit error if non de-vs compliant.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
--
2022-03-08 19:28:16 +01:00
Werner Koch
7c8c606061
agent: New flag "qual" for the trustlist.txt.
* agent/trustlist.c (struct trustitem_s): Add flag "qual".
(read_one_trustfile): Rename arg "allow_include" to "systrust" and
change callers.  Parse new flag "qual".
(istrusted_internal): Print all flags.
* sm/call-agent.c (istrusted_status_cb): Detect the "qual" flag.
* sm/gpgsm.h (struct rootca_flags_s): Add flag "qualified".
* sm/certchain.c (do_validate_chain): Take care of the qualified flag.
2022-02-27 12:26:38 +01:00
NIIBE Yutaka
05fdaa1737 sm: Fix use of value NONE in gnupg_isotime_t type.
* common/gettime.h (GNUPG_ISOTIME_NONE): New.
* sm/call-dirmngr.c (gpgsm_dirmngr_isvalid): Use it.
* sm/certlist.c (gpgsm_add_to_certlist): Likewise.
* sm/import.c (check_and_store): Likewise.
* sm/keylist.c (list_cert_colon, list_cert_raw): Likewise.
(list_cert_std): Likewise.
* sm/sign.c (gpgsm_sign): Likewise.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-02-18 11:11:12 +09:00
Werner Koch
e23dc755fa
sm: New option --ignore-cert-with-oid.
* sm/gpgsm.c (oIgnoreCertWithOID): New.
(opts): Add option.
(main): Store its value.
* sm/call-agent.c (learn_cb): Test against that list.
2022-02-03 14:17:10 +01:00
Werner Koch
623a427b0c
sm: Partly revert last commit.
* sm/gpgsm.c (set_debug): Remove doubled code.
--

It was already there; sorry.

Fixes-commit: 51edea995d352a7b557fb0315fa5091dc42065cb
2022-02-01 15:20:29 +01:00
Werner Koch
51edea995d
gpg,sm: Set --verbose and clear --quiet in debug mode.
* g10/gpg.c (set_debug): Tweak options.
* sm/gpgsm.c (set_debug): Ditto.
2022-02-01 15:13:13 +01:00
Werner Koch
f2d1187fcd
gpgsm: Retire the new --ldapserver.
* sm/gpgsm.c (oKeyServer_deprecated): New.
(opts): Assign "ldapserver" to the new option and mark it as obsolete.
--

We want to use "ldapserver" in dirmngr but need to keep using
"keyserver" in gpgsm for existant versions of Kleopatra etc.

GnuPG-bug-id: 5801
2022-01-27 15:23:42 +01:00
Werner Koch
0b4fdbd5f4
gpgconf: Return --ldapserver and --keyserver from dirmngr.
* dirmngr/dirmngr.c: Reorder two option groups.
* tools/gpgconf-comp.c (known_options_gpgsm): Rename "keyserver" to
"ldapserver" and set level to invisible.
(known_options_dirmngr): Add "ldapserver" at the basic level.
* sm/gpgsm.c (opts): No more help text for "ldapserver".
--

GnuPG-bug-id: 5800
2022-01-25 20:24:25 +01:00
Werner Koch
5f39db70c0
gpg,gpgsm: Add option --min-rsa-length.
* common/compliance.c (min_compliant_rsa_length): New.
(gnupg_pk_is_compliant): Take in account.
(gnupg_pk_is_allowed): Ditto.
(gnupg_set_compliance_extra_info): New.
* g10/gpg.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* g10/options.h (opt): Add field min_rsa_length.
* sm/gpgsm.c (oMinRSALength): New.
(opts): Add --min-rsa-length.
(main): Set value.
* sm/gpgsm.h (opt): Add field min_rsa_length.
2021-11-18 20:49:37 +01:00
Werner Koch
74c5b35062
sm: Detect circular chains in --list-chain.
* sm/keylist.c (list_cert_chain): Break loop for a too long chain.
--

This avoids endless loops in case of circular chain definitions.  We
use such a limit at other palces as well.  Example for such a chain is

# ------------------------ >8 ------------------------
           ID: 0xBE231B05
          S/N: 51260A931CE27F9CC3A55F79E072AE82
        (dec): 107864989418777835411218143713715990146
       Issuer: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
      Subject: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
     sha2_fpr: 92:5E:4B:37:2B:A3:2E:5E:87:30:22:84:B2:D7:C9:DF:BF:82:00:FF:CB:A0:D1:66:03:A1:A0:6F:F7:6C:D3:53
     sha1_fpr: 31:93:78:6A:48:BD:F2:D4:D2:0B:8F:C6:50:1F:4D:E8:BE:23:1B:05
      md5_fpr: AC:F3:10:0D:1A:96:A9:2E:B8:8B:9B:F8:7E:09:FA:E6
      pgp_fpr: E8D2CA1449A80D784FB1532C06B1611DB06A1678
       certid: 610C27E9D37835A8962EA5B8368D3FBED1A8A15D.51260A931CE27F9CC3A55F79E072AE82
      keygrip: CFCA58448222ECAAF77EEF8CC45F0D6DB4E412C9
    notBefore: 2005-06-07 08:09:10
     notAfter: 2019-06-24 19:06:30
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: ADBD987A34B426F7FAC42654EF03BDE024CB541A
    authKeyId: [none]
 authKeyId.ki: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
[...]

Certified by
           ID: 0xCE2E4C63
          S/N: 46EAF096054CC5E3FA65EA6E9F42C664
        (dec): 94265836834010752231943569188608722532
       Issuer: CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
      Subject: CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
     sha2_fpr: 21:3F:AD:03:B1:C5:23:47:E9:A8:0F:29:9A:F0:89:9B:CA:FF:3F:62:B3:4E:B0:60:66:F4:D7:EE:A5:EE:1A:73
     sha1_fpr: 9E:99:81:7D:12:28:0C:96:77:67:44:30:49:2E:DA:1D:CE:2E:4C:63
      md5_fpr: 55:07:0F:1F:9A:E5:EA:21:61:F3:72:2B:8B:41:7F:27
      pgp_fpr: 922A6D0A1C0027E75038F8A1503DA72CF2C53840
       certid: 14673DA5792E145E9FA1425F9EF3BFC1C4B4957C.46EAF096054CC5E3FA65EA6E9F42C664
      keygrip: 10678FB5A458D99B7692851E49849F507688B847
    notBefore: 2005-06-07 08:09:10
     notAfter: 2020-05-30 10:48:38
     hashAlgo: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption)
      keyType: rsa2048
    subjKeyId: 5332D1B3CF7FFAE0F1A05D854E92D29E451DB44F
    authKeyId: [none]
 authKeyId.ki: ADBD987A34B426F7FAC42654EF03BDE024CB541A
     keyUsage: certSign crlSign
[...]

Which has a circular dependency on subKeyId/authkeyId.ki.
2021-11-15 17:51:38 +01:00
Werner Koch
255d4d5815
sm: Add LotW support to the key listing
* sm/certdump.c (parse_dn_part): Translate OID to "Callsign"
* sm/keylist.c (oidtranstbl): Some more OIDs.
--

This is Ham thingy to make it easier to read LotW certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-09-09 13:30:22 +02:00
Ingo Klöcker
08f227052f build: Fix "ksba.h not found" problem
* sm/Makefile.am (t_minip12_CFLAGS): Add KSBA_CFLAGS.
--

GnuPG-bug-id: 5592
2021-09-08 15:18:38 +02:00
NIIBE Yutaka
100c954ab0 sm: Fix pwri.
* sm/decrypt.c (pwri_parse_pbkdf2): Use int for digest algo.
(pwri_decrypt): Use int for cipher algo and digest algo.

--

Fixes-commit: 02029f9eab87e9fd667829dfb083846275576398
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2021-08-05 11:16:56 +09:00
Werner Koch
7cdd06af47
sm,w32: Fix Unicode problem on key box creation.
* sm/keydb.c (maybe_create_keybox): Replace access by gnupg_access
2021-07-29 11:51:25 +02:00
Werner Koch
89df86157e
sm: New option --ldapserver as an alias for --keyserver.
* sm/gpgsm.c (opts): Add option --ldapserver and make --keyserver an
alias.
--

We should use "keyserver" for OpenPGP and thus it is better to allow
for "ldapserver" here - it is the same convention as now used in
dirmngr.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d6df1bf84969bf5f5781e33bc1c2f6cb2aee0093)
2021-06-16 13:04:34 +02:00
Werner Koch
bebc71d229
gpg,sm: Simplify keyserver spec parsing.
* common/keyserver.h: Remove.
* sm/gpgsm.h (struct keyserver_spec): Remove.
(opt): Change keyserver to a strlist_t.
* sm/gpgsm.c (keyserver_list_free): Remove.
(parse_keyserver_line): Remove.
(main): Store keyserver in an strlist.
* sm/call-dirmngr.c (prepare_dirmngr): Adjust for the strlist.  Avoid
an ambiguity in dirmngr by adding a prefix if needed.

* g10/options.h (struct keyserver_spec): Move definition from
keyserver.h to here.  Remove most fields.
* g10/keyserver.c (free_keyserver_spec): Adjust.
(cmp_keyserver_spec): Adjust.
(parse_keyserver_uri): Simplify.
(keyidlist): Remove fakev3 arg which does not make any sense because
we don't even support v3 keys.
--

We now rely on the dirmngr to parse the keyserver specs.  Thus a bad
specification will not be caught immediately.  However, even before
that dirmngr had stricter tests.

Signed-off-by: Werner Koch <wk@gnupg.org>
Ported-from: 9f586700ec4ceac97fd47cd799878a8847342ffa
2021-06-16 12:03:13 +02:00
Werner Koch
6b76693ff5
sm: Fix finding of issuer in use-keyboxd mode.
* sm/keydb.c (struct keydb_local_s): Add field saved_search_result.
(keydb_push_found_state): Implement for keyboxd.
(keydb_pop_found_state): Ditto.
(keydb_get_cert): Do not release the cert so that the function can be
used again to get the same cert.  This is the same behaviour as in
pubring.kbx mode.

* sm/certchain.c, sm/import.c: Improve some error messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-06-11 20:15:32 +02:00
Werner Koch
4980fb3c6d
sm: Support AES-GCM decryption.
* tests/cms/samplemsgs/: Add sample messages.
* sm/gpgsm.c (main): Use gpgrt_fcancel on decryption error.
* sm/decrypt.c (decrypt_gcm_filter): New.
(gpgsm_decrypt): Use this filter if requested.  Check authtag.
--

Note that the sample message pwri-sample.gcm.p7m is broken: The
authtag is duplicated to the authEncryptedContentInfo.  I used a
temporary code during testing hack to that test message out.
2021-06-02 11:03:55 +02:00
Werner Koch
52bbdc731f
sm: Let --dump-cert --show-cert also print an OpenPGP fingerprint.
* sm/keylist.c (list_cert_raw): Print the OpenPGP fpr.
--

This is useful for debugging for example if an OpenPGP key is used to
create an X.509 cert.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-20 19:09:38 +02:00
Jakub Jelen
e6132bc9f4
sm: Avoid memory leaks and double double-free
* sm/certcheck.c (extract_pss_params): Avoid double free
* sm/decrypt.c (gpgsm_decrypt): goto leave instead of return
* sm/encrypt.c (encrypt_dek): release s_pkey
* sm/server.c (cmd_export): free list
(do_listkeys): free lists

--

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
GnuPG-bug-id: 5393
2021-05-20 13:51:47 +02:00
Werner Koch
6dfae2f402
gpg: Use a more descriptive prompt for symmetric decryption.
* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags.  Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.

* sm/decrypt.c (pwri_decrypt): Use "passphrase".
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b)

Note that we keep on using the term "passphrase" although "password"
would be better.  There are however so many occurance of this and
given it is a bike shedding topic we fix that in the PO files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:48:15 +02:00
Werner Koch
eeb65d3bbd
sm: Ask for the password for password based decryption (pwri)
* sm/decrypt.c (pwri_decrypt): Add arg ctrl.  Ask for passphrase.

* sm/export.c (export_p12): Mark string as translatable.
* sm/import.c (parse_p12): Ditto.
--

This is finishes the support for PWRI.

The N_() marks are added so that we don't rely of the side-effect of
having the same strings in protect-tool.c

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 15:42:27 +02:00
Werner Koch
02029f9eab
sm: Support decryption of password based encryption (pwri)
* sm/decrypt.c (pwri_parse_pbkdf2): New.
(pwri_decrypt): New.
(prepare_decryption): Support pwri.
(gpgsm_decrypt): Test for PWRI.  Move IS_DE_VS flag to DFPARM.
--

Note that this is not finished because we need to implement a password
callback.  For now "abc" is used as passwort.

Latest libksba is also required to return the required info.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-14 18:56:10 +02:00
Werner Koch
f79e9540ca
keyboxd: Fix searching for exact mail addresses.
* kbx/kbxserver.c (cmd_search): Use the openpgp hack for calling
classify_user_id.
* kbx/backend-sqlite.c (run_select_statement): Remove angle brackets
in exact addrspec mode.
* g10/call-keyboxd.c (keydb_search): Do not duplicate the left angle
bracket.
* sm/keydb.c (keydb_search): Ditto.
--

Note that the openpgp hack flag of classify_user_id is actually a
misnomer because we actually hack a round a problem in gpgsm.  And it
is only over there that we don't set it there.  In keyboxd the flag
should be set.  And we need to remove the angle brackets of course
because that is how we create the addrspec column values.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-21 14:40:08 +02:00
Werner Koch
d153e4936e
gpg,sm: Ignore the log-file option from common.conf.
* g10/gpg.c (main): Don't use the default log file from common.conf.
* sm/gpgsm.c (main): Ditto.
--

That was acutally not intended and contradicts the description in
doc/example/common.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-21 14:40:08 +02:00
Werner Koch
51419d6341
sm: New command --show-certs
* sm/keylist.c (do_show_certs): New.
(gpgsm_show_certs): New.
* sm/gpgsm.c (aShowCerts): New.
(opts): Add --show-certs.
(main): Call gpgsm_show_certs.
--

I have been using libksba test programs for countless times to look at
certificates and I always wanted to add such a feature to gpgsm.  This
is simply much more convenient.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-20 09:37:56 +02:00
Werner Koch
5fe60576d5
build: Fix build problems on macOS for gpgsm tests and gpg-card.
* tools/gpg-card.c: Include ctype.h.
* sm/Makefile.am (t_common_ldadd): Add LIBICONV.
--

GnuPG-bug-id: 5400
Signed-off-by: Werner Koch <wk@gnupg.org>
2021-04-19 20:17:39 +02:00
Werner Koch
d13c5bc244
gpg,gpgsm: Move use-keyboxd to the new conf file common.conf
* common/comopt.c, common/comopt.h: New.
* common/Makefile.am: Add them.
* g10/gpg.c: Include comopt.h.
(main): Also parse common.conf.
* sm/gpgsm.c: Include comopt.h.
(main): Set a flag for the --no-logfile option.  Parse common.conf.

* tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add
pseudo option "use_keyboxd".
(known_pseudo_options_gpg): Add pseudo option "use_keyboxd".
(known_options_gpgsm): Remove "use-keyboxd".

* tests/openpgp/defs.scm (create-gpghome): Create common.conf.

* doc/examples/common.conf: New.
--

Note that --use-keybox still works but prints a warning.  We will
eventually remove this option becuase it was marked as an experimental
feature anyway.

It would be too confusing if gpg and gpgsm use different key storages.
Further, other components (e.g. dirmngr or gpg-wks-client) which call
gpg or gpgsm need to be aware that the keyboxd is used and pass that
option on the command line.  Now that common.conf is always read (even
if --no-options is used) those tools will work instantly.
2021-04-19 11:33:19 +02:00
Werner Koch
c56926f773
sm: Add a few more OIDs to the table for nicer keylistings
--
2021-03-24 12:27:35 +01:00
Werner Koch
a4021d9be4
sm: Init nPth which might be used by some helper code.
* sm/gpgsm.c: Include npth.h.
(main): Init nPth.
--

Actually we currently do not use extra threads but we need to link to
the npth version of the common functions because there is an option to
use threads.  Now, without initialized npth, we could experience a
crash in gnupg_sleep, which uses npth_usleep in the npth based common
functions.

Fixes-commit: 046f419f806036248c058c4bd44368f8596287b7
2021-03-08 21:53:29 +01:00
Werner Koch
a170f0e73f
sm: Do not print certain issuer not found diags in quiet mode.
* sm/certchain.c (find_up_dirmngr): Print one diagnostic only in
verbose mode.  Do not print issuer not found diags in quiet mode.
* sm/minip12.c (parse_bag_data): Add missing verbose condition.
--

GnuPG-bug-id: 4757
2021-02-25 09:16:18 +01:00
Werner Koch
473b83d1b9
sm: Fix issuer certificate look error due to legacy error code.
* sm/certchain.c (find_up): Get rid of the legacy return code -1 and
chnage var name rc to err.
(gpgsm_walk_cert_chain): Change var name rc to err.
(do_validate_chain): Get rid of the legacy return code -1.
--

This was detected while fixing
GnuPG-bug-id: 4757
2021-02-25 09:00:38 +01:00
Werner Koch
615d2e4fb1
sm: Silence some output on --quiet
* sm/encrypt.c (gpgsm_encrypt): Take care of --quiet.
* sm/gpgsm.c: Include minip12.h.
(set_debug): Call p12_set_verbosity.
* sm/import.c (parse_p12): Dump keygrip only in debug mode.
* sm/minip12.c (opt_verbose, p12_set_verbosity): New.
(parse_bag_encrypted_data): Print info messages only in verbose mode.
--

GnuPG-bug-id: 4757
2021-02-24 08:40:06 +01:00
Werner Koch
4c9b509d24
sm: Extend the list of known OIDs.
* sm/keylist.c (oidtranstbl): Add a couple of OIDs and mark them for
key usage.
2021-02-22 15:54:05 +01:00
Werner Koch
2b75b25605
Require GpgRT version 1.41.
* configure.ac (NEED_GPG_ERROR_VERSION): Rename to NEED_GPGRT_VERSION
and set to 1.41.
* common/sysutils.c (gnupg_access): Remove code for older gpgrt
versions.
* kbx/backend-sqlite.c: Ditto.
* sm/gpgsm.c (main): Ditto.
--

We already have a requirement for a newer Libgcrypt and thus we can
also require a more recent libgpgrt (aka libgpg-error) which was
released before Libgcrypt.
2021-02-10 08:32:57 +01:00
Werner Koch
0737dc8187
sm: Add a few OIDs and merge OID tables.
* sm/keylist.c (OID_FLAG_KP): New.
(key_purpose_map): Merge into ...
(oidtranstbl): this.
(get_oid_desc): New arg 'matchflag'.  Use function in place of direct
access to key_purpose_map.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-02-01 10:28:52 +01:00
Werner Koch
90c514868f
Include the library version in the compliance checks.
* common/compliance.c (gnupg_gcrypt_is_compliant): New.
(gnupg_rng_is_compliant): Also check library version.
* g10/mainproc.c (proc_encrypted): Use new function.
(check_sig_and_print): Ditto.
* sm/decrypt.c (gpgsm_decrypt): Ditto.
* sm/encrypt.c (gpgsm_encrypt): Ditto.
* sm/verify.c (gpgsm_verify): Ditto
--

This will eventually allow us to declare Libgcrypt 1.9 to be de-vs
compliant.  GnuPG can use this information then for its own checks.
As of now GnuPG tests the version of the used library but that is a
bit cumbersome to maintain.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-28 15:48:08 +01:00
Werner Koch
9500432b7a
Require Libgcrypt 1.9
* configure.ac: Require at least Libgcrypt 1.9.0.  Remove all
GCRYPT_VERSION_NUMBER dependent code.
--

Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in
RFC4880bis.

Signed-off-by: Werner Koch <wk@gnupg.org>
2021-01-19 10:33:03 +01:00
Werner Koch
dabc314b71
common: Fix duplicate implementation of try_make_homedir.
* g10/openfile.c (try_make_homedir): Move core of the code to ...
* common/homedir.c (gnupg_maybe_make_homedir): new.
* sm/keydb.c (try_make_homedir): Implement using new function.

* common/homedir.c: Include i18n.h.
* po/POTFILES.in: Add common/homedir.c.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-04 16:13:04 +01:00
Werner Koch
cf4b8a27c3
g10,sm: Use gnupg_access at two more places
--
2020-10-26 12:50:13 +01:00
Werner Koch
4dcef0e178
Replace most calls to open by a new wrapper.
* common/sysutils.c (any8bitchar) [W32]: New.
(gnupg_open): New.  Replace most calls to open by this.
* common/iobuf.c (any8bitchar) [W32]: New.
(direct_open) [W32]: Use CreateFileW if needed.
--

This is yet another step for full Unicode support on Windows.

GnuPG-bug-id: 5098
2020-10-20 14:08:35 +02:00
Werner Koch
390497ea11
Replace most of the remaining stdio calls by estream calls.
--

We need to use es_fopen on Windows to cope with non-ascii file names.
This is quite a large but fortunately straightforward change.  At a
very few places we keep using stdio (for example due to the use of
popen).

GnuPG-bug-id: 5098
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 12:15:56 +02:00
Werner Koch
c94ee1386e
Replace all calls to access by gnupg_access
* common/sysutils.c (gnupg_access): New.  Replace all calls to access
by this wrapper.
* common/homedir.c (w32_shgetfolderpath): Change to return UTF-8
directory name.
(standard_homedir): Adjust for change.
(w32_commondir, gnupg_cachedir): Ditto.
--

Also use SHGetFolderPathW instead of SHGetFolderPathA on Windows.

This is required to correctly handle non-ascii filenames on Windows.

GnuPG-bug-id: 5098
2020-10-20 12:15:55 +02:00
Werner Koch
4eb9ce8478
gpgsm: Fix detection of too old keyboxd.
* sm/keydb.c (warn_version_mismatch): Add arg ctrl and pass on.
(create_new_context): Pass ctrl to warn function.
2020-10-05 17:54:26 +02:00
Werner Koch
b810320b1b
sm: Fix returning of the ephemeral flag in keyboxd mode.
* sm/keydb.c (search_status_cb): Skip over the ubid.
2020-09-22 16:15:47 +02:00
Werner Koch
c772770574
sm: Implement delete key in keyboxd mode
* sm/keydb.c (keydb_delete): Implement keyboxd mode.
(keydb_update_cert): Disable unused function.
* kbx/backend-sqlite.c (be_sqlite_delete): Delete from issuer.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-21 09:20:40 +02:00
Werner Koch
ed6ebb696e
sm: Implement initial support for keyboxd.
* sm/gpgsm.h (MAX_FINGERPRINT_LEN): New.
* sm/keydb.c (struct keydb_local_s): Change definition of
search_result.
(keydb_get_cert): Implement keyboxd mode.
(keydb_get_flags): Temporary hack for keyboxd mode.  Needs to be
fixed.
(struct store_parm_s, store_inq_cb): New.
(keydb_insert_cert): Implement keyboxd mode.
(keydb_locate_writable): Make static.
(keydb_search_reset): Implement keyboxd mode.
(search_status_cb): New.
(keydb_search): Implement keyboxd mode. Replace return code -1 by
GPG_ERR_NOT_FOUND.
(keydb_set_cert_flags): Replace return code -1 by GPG_ERR_NOT_FOUND.
* sm/keylist.c (list_cert_colon): Adjust for replacement of -1 by
GPG_ERR_NOT_FOUND.
(list_internal_keys): Ditto.
* sm/sign.c (add_certificate_list): Ditto.
* sm/certchain.c (find_up_search_by_keyid): Ditto.
(find_up_external, find_up, find_up_dirmngr): Ditto.
(gpgsm_walk_cert_chain): Ditto.
(get_regtp_ca_info): Ditto.
* sm/certlist.c (gpgsm_add_to_certlist): Ditto.
(gpgsm_find_cert): Ditto.
* sm/delete.c (delete_one): Ditto.
* sm/export.c (gpgsm_export): Ditto.
(gpgsm_p12_export): Ditto.
* sm/import.c (gpgsm_import_files): Ditto.
--

Note that keyboxd is not yet able to handle the ephemeral flag.  This
needs fixing here and in keyboxd.  Delete et al. is also not yet
implemented.  A basic key listing works, though.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 13:05:17 +02:00
Werner Koch
6fcc263c18
keyboxd: Use D-lines instead of a separate thread.
* kbx/kbx-client-util.c (kbx_client_data_new): Add arg 'dlines'.
* g10/call-keyboxd.c (open_context): Set DLINES to true.
* sm/keydb.c (open_context): Ditto.
--

This allows to compile time switch between the D-line and the
fd-passing data communication between gpg/gpgsm and keyboxd. A quick
test with about 3000 OpenPGP keys showed that D-lines are only 10%
slower than the fd-passing based implementation.  Given that the
thread adds extra complexity we go for now with the D-line approach.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-10 12:14:02 +02:00
Werner Koch
adec6a84f6
kbx: Change X.509 S/N search definition.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Do not overload
SNLLEN with a hex flag.  Add SNHEX.
* kbx/keybox-search.c (keybox_search): Adjust.
* common/userids.c (classify_user_id): Adjust.
* sm/keydb.c (keydb_search_desc_dump): Adjust.
* g10/keydb.c (keydb_search_desc_dump): Adjust.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-09 20:34:59 +02:00
Werner Koch
046f419f80
sm: New options to prepare the use of keyboxd.
* sm/Makefile.am (AM_CFLAGS): Add npth flags.
(common_libs): Use npth version of the lib.
(gpgsm_LDADD): Add npth libs.
* sm/gpgsm.c (oUseKeyboxd, oKeyboxdProgram): New.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Set them.
(gpgsm_deinit_default_ctrl): New.
(main): Call it.
* sm/server.c (gpgsm_server): Ditto.
* sm/gpgsm.h (opt): Add fields use_keyboxd and keyboxd_program.
(keydb_local_s): New type.
(struct server_control_s): Add field keybd_local.
* sm/keydb.c: Include assuan.h, asshelp.h, and kbx-client-util.h.
(struct keydb_local_s): New.
(struct keydb_handle): Add fields for keyboxd use.
(gpgsm_keydb_deinit_session_data): New.
(warn_version_mismatch): New.
(create_new_context): New.
(open_context): New.
(keydb_new): Implement keyboxd mode.
(keydb_release): Ditto.
(keydb_get_resource_name): Ditto.

* sm/keydb.c: Add stub support for all other functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-03 13:49:20 +02:00