1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00
gnupg/tests/openpgp/defs.inc
Werner Koch 8fd150b05b gpg: Remove all support for v3 keys and always create v4-signatures.
* g10/build-packet.c (do_key): Remove support for building v3 keys.
* g10/parse-packet.c (read_protected_v3_mpi): Remove.
(parse_key): Remove support for v3-keys.  Add dedicated warnings for
v3-key packets.
* g10/keyid.c (hash_public_key): Remove v3-key support.
(keyid_from_pk): Ditto.
(fingerprint_from_pk): Ditto.

* g10/options.h (opt): Remove fields force_v3_sigs and force_v4_certs.
* g10/gpg.c (cmd_and_opt_values): Remove oForceV3Sigs, oNoForceV3Sigs,
oForceV4Certs, oNoForceV4Certs.
(opts): Turn --force-v3-sigs, --no-force-v3-sigs, --force-v4-certs,
--no-force-v4-certs int dummy options.
(main): Remove setting of the force_v3_sigs force_v4_certs flags.
* g10/revoke.c (gen_revoke, create_revocation): Always create v4 certs.
* g10/sign.c (hash_uid): Remove support for v3-signatures
(hash_sigversion_to_magic): Ditto.
(only_old_style): Remove this v3-key function.
(write_signature_packets): Remove support for creating v3-signatures.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
(clearsign_file): Ditto.  Remove code to emit no Hash armor line if
only v3-keys are used.
(make_keysig_packet): Remove arg SIGVERSION and force using
v4-signatures.  Change all callers to not pass a value for this arg.
Remove all v3-key related code.
(update_keysig_packet): Remove v3-signature support.
* g10/keyedit.c (sign_uids): Always create v4-signatures.

* g10/textfilter.c (copy_clearsig_text): Remove arg pgp2mode and
change caller.
--

v3 keys are deprecated for about 15 years and due the severe
weaknesses of MD5 it does not make any sense to keep code around to
use these old and broken keys.  Users who need to decrypt old messages
should use gpg 1.4 and best re-encrypt them to modern standards.
verification of old (i.e. PGP2) created signatures is thus also not
anymore possible but such signatures have no values anyway - MD5 is
just too broken.

We have also kept support for v3 signatures until now.  With the
removal of support for v3 keys it is questionable whether it makes any
sense to keep support for v3-signatures.  What we do now is to keep
support for verification of v3-signatures but we force the use of
v4-signatures.  The latter makes the --pgp6 and --pgp7 switch a bit
obsolete because those PGP versions require v3-signatures for
messages.  These versions of PGP are also really old and not anymore
maintained so they have not received any bug fixes and should not be
used anyway.

Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-17 13:32:16 +02:00

267 lines
5.9 KiB
Bash
Executable File

# Definitions for the OpenPGP test scripts -*- sh -*-
# Copyright 1998,1999,2000,2001,2002,2003,2004,2005,2006,
# 2007, 2010 Free Software Foundation, Inc.
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved. This file is
# distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY, to the extent permitted by law; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#--------------------------------
#------ constants ---------------
#--------------------------------
usrname1="one@example.com"
usrpass1="def"
usrname2="two@example.com"
usrpass2=""
usrname3="three@example.com"
usrpass3=""
dsa_usrname1="pgp5"
# we use the sub key because we do not yet have the logic to to derive
# the first encryption key from a keyblock (I guess) (Well of course
# we have this by now and the notation below will lookup the primary
# first and then search for the encryption subkey.)
dsa_usrname2="0xCB879DE9"
plain_files="plain-1 plain-2 plain-3"
data_files="data-500 data-9000 data-32000 data-80000"
exp_files=""
# The testscripts expect the original language
LANG=
LANGUAGE=
LC_ALL=
LC_MESSAGES=
# Internal use.
defs_stop_on_error=no
defs_error_seen=no
defs_progress_active=no
#--------------------------------
#------ utility functions -------
#--------------------------------
progress_cancel () {
if [ x$defs_progress_active = xyes ]; then
echo
defs_progress_active=no
fi
}
fatal () {
progress_cancel
echo "$pgmname: fatal:" $* >&2
echo "$pgmname: fatal:" $* >&5
echo stop >gnupg-test.stop
exit 1;
}
error () {
progress_cancel
echo "$pgmname:" $* >&2
defs_error_seen=yes
echo "$pgmname:" $* >&5
if [ x$defs_stop_on_error != xyes ]; then
exit 1
fi
}
# Call this at the start of a test and resume_error at the end to keep
# on running all subtests without immediately exiting on error.
suspend_error () {
defs_stop_on_error=yes
}
resume_error () {
if [ x$defs_error_seen = xyes ]; then
exit 1
fi
defs_stop_on_error=no
defs_error_seen=no
}
info () {
progress_cancel
echo "$pgmname:" $* >&2
if [ -n "${verbose+set}" ]; then
echo "$pgmname:" $* >&5
fi
}
linefeed () {
echo >&2
}
echo_n_init=no
echo_n () {
if test "$echo_n_init" = "no"; then
if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then
echo_n_n=
echo_n_c='
'
else
echo_n_n='-n'
echo_n_c=
fi
else
echo_n_n=
echo_n_c='\c'
fi
echo_n_init=yes
fi
echo $echo_n_n "${1}$echo_n_c"
}
progress_end () {
if [ x$defs_progress_active = xyes ]; then
echo "<"
defs_progress_active=no
fi
}
progress () {
if [ x$defs_progress_active != xyes ]; then
echo_n " > "
defs_progress_active=yes
fi
echo_n "$* "
}
#cleanup () {
# rm $cleanup_files 2>/dev/null || true
# echo "#empty" >./gpg.conf
#}
#add_cleanup () {
# cleanup_files="$cleanup_files $*"
#}
have_pubkey_algo () {
if $GPG --version | grep "Pubkey:.*$1" >/dev/null
then
true
else
false
fi
}
have_cipher_algo () {
if $GPG --version | grep "Cipher:.*$1" >/dev/null
then
true
else
false
fi
}
have_hash_algo () {
if $GPG --version | grep "Hash:.*$1" >/dev/null
then
true
else
false
fi
}
all_cipher_algos () {
$GPG --with-colons --list-config ciphername \
| sed 's/^cfg:ciphername://; s/;/ /g'
}
all_hash_algos () {
$GPG --with-colons --list-config digestname \
| sed 's/^cfg:digestname://; s/;/ /g'
}
set -e
pgmname=`basename $0`
#trap cleanup SIGHUP SIGINT SIGQUIT
[ -z "$srcdir" ] && fatal "not called from make"
#
if [ -f gnupg-test.stop ]; then
if [ $pgmname = "version.test" ]; then
rm gnupg-test.stop
else
# Skip the rest of the tests.
exit 77
fi
fi
# Always work in the current directory. We set GNUPGHOME only if it
# has not been set already. Usually it is set through the Makefile's
# TESTS_ENVIRONMENT macro.
if [ -z "$GNUPGHOME" ]; then
GNUPGHOME=`/bin/pwd`
export GNUPGHOME
elif [ "$GNUPGHOME" != `/bin/pwd` ]; then
echo "$pgmname: GNUPGHOME not set to the cwd" $* >&2
exit 1
fi
# We don't use GPG_AGENT_INFO anymore - better reset it.
unset GPG_AGENT_INFO
# (--no-permission-warning makes only sense on the commandline)
GPG="../../g10/gpg2 --no-permission-warning "
# (We may not use a relative name for gpg-agent.)
GPG_AGENT="$(cd ../../agent && /bin/pwd)/gpg-agent"
GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
GPGCONF="../../tools/gpgconf"
GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase"
MKTDATA="../../tools/mk-tdata"
PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh"
# Default to empty passphrase for pinentry.sh
PINENTRY_USER_DATA=
# If --check-trustdb is not an option, GPG has been build without
# trust model support. Thus we can't use --always-trust and some
# other options.
if $GPG --dump-options | grep '^--check-trustdb$' >/dev/null ; then
opt_always="--always-trust"
else
opt_always=
fi
# Make sure we have a valid option files even with VPATH builds.
for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then
:
elif [ -f $srcdir/$f.tmpl ]; then
cat $srcdir/$f.tmpl >$f
case "$f" in
gpg.conf)
[ -n "${opt_always}" ] && echo "no-auto-check-trustdb" >>"$f"
echo "agent-program $GPG_AGENT" >>"$f"
echo "allow-weak-digest-algos" >>"$f"
;;
gpg-agent.conf)
echo "pinentry-program $PINENTRY" >>"$f"
;;
esac
fi
done
if [ "${verbose:-0}" -gt "1" ]; then
exec 5>/dev/null
else
echo "Test: $pgmname" > ${pgmname}.log
echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
exec 5>&2 2>>${pgmname}.log
fi
:
# end