* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c

(algo_available): --pgp7, identical to --pgp6 except that it permits a few
algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH.  Any
more of these --pgpX flags, and it'll be time to start looking at a
generic --emulate-pgp X option.

5 files changed, 40 insertions, 20 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 804a7b1e7..051e7f4b6 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,11 @@
 2002-05-07  David Shaw  <[email protected]>
 
+	* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
+	(algo_available): --pgp7, identical to --pgp6 except that it
+	permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
+	and TWOFISH.  Any more of these --pgpX flags, and it'll be time to
+	start looking at a generic --emulate-pgp X option.
+
 	* export.c (do_export_stream): Warn the user when exporting a
 	secret key if it or any of its secret subkeys are protected with
 	SHA1 while simple_sk_checksum is set.
diff --git a/g10/g10.c b/g10/g10.c
index 72376cdb2..f70348986 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -164,6 +164,8 @@ enum cmd_and_opt_values { aNull = 0,
     oNoPGP2,
     oPGP6,
     oNoPGP6,
+    oPGP7,
+    oNoPGP7,
     oCipherAlgo,
     oDigestAlgo,
     oCompressAlgo,
@@ -420,6 +422,8 @@ static ARGPARSE_OPTS opts[] = {
     { oNoPGP2, "no-pgp2", 0, "@"},
     { oPGP6, "pgp6", 0, "@"},
     { oNoPGP6, "no-pgp6", 0, "@"},
+    { oPGP7, "pgp7", 0, "@"},
+    { oNoPGP7, "no-pgp7", 0, "@"},
     { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
     { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME|use message digest algorithm NAME for passphrases")},
@@ -1117,6 +1121,8 @@ main( int argc, char **argv )
 	  case oNoPGP2: opt.pgp2 = 0; break;
 	  case oPGP6: opt.pgp6 = 1; break;
 	  case oNoPGP6: opt.pgp6 = 0; break;
+	  case oPGP7: opt.pgp7 = 1; break;
+	  case oNoPGP7: opt.pgp7 = 0; break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
 	  case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@@ -1392,8 +1398,9 @@ main( int argc, char **argv )
     g10_opt_homedir = opt.homedir;
 
     /* Do these after the switch(), so they can override settings. */
-    if(opt.pgp2 && opt.pgp6)
-      log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6");
+    if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
+      log_error(_("%s not allowed with %s!\n"),
+		"--pgp2",opt.pgp6?"--pgp6":"--pgp7");
     else
       {
 	if(opt.pgp2)
@@ -1463,7 +1470,7 @@ main( int argc, char **argv )
 	      }
 	  }
 
-	if(opt.pgp6)
+	if(opt.pgp6 || opt.pgp7)
 	  {
 	    opt.force_mdc=0;
 	    opt.disable_mdc=1;
diff --git a/g10/getkey.c b/g10/getkey.c
index a578d51cb..fd8eb5b89 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1834,10 +1834,10 @@ finish_lookup (GETKEY_CTX ctx)
   #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
     unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
     /* Request the primary if we're certifying another key, and also
-       if signing data while --pgp6 is on (since pgp 6 (and 7) do not
-       understand signatures made by a signing subkey. */
+       if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
+       do not understand signatures made by a signing subkey. */
     int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
-      (opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG));
+      ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
     u32 latest_date;
     KBNODE latest_key;
     u32 curtime = make_timestamp ();
diff --git a/g10/options.h b/g10/options.h
index 9093690c2..a5faffa1e 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -88,6 +88,8 @@ struct {
     int always_trust;
     int pgp2;
     int pgp6;
+    int pgp7; /* if we get any more of these, it's time to look at a
+		 special emulate_pgp variable... */
     int rfc1991;
     int rfc2440;
     int pgp2_workarounds;
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 393087a5c..26be90f74 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -955,18 +955,19 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 
 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
    CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
-   and all compressions except none (0) and ZIP (1).  For a true PGP6
-   key all of this is unneeded as they are the only items present in
-   the preferences subpacket, but checking here covers the weird case
-   of encrypting to a key that had preferences from a different
-   implementation which was then used with PGP6.  I am not completely
-   comfortable with this as the right thing to do, as it slightly
-   alters the list of what the user is supposedly requesting.  It is
-   not against the RFC however, as the preference chosen will never be
-   one that the user didn't specify somewhere ("The implementation may
-   use any mechanism to pick an algorithm in the intersection"), and
-   PGP6 has no mechanism to fix such a broken preference list, so I'm
-   including it. -dms */
+   and all compressions except none (0) and ZIP (1).  pgp7 mode
+   expands the cipher list to include AES128 (7), AES192 (8), AES256
+   (9), and TWOFISH (10).  For a true PGP key all of this is unneeded
+   as they are the only items present in the preferences subpacket,
+   but checking here covers the weird case of encrypting to a key that
+   had preferences from a different implementation which was then used
+   with PGP.  I am not completely comfortable with this as the right
+   thing to do, as it slightly alters the list of what the user is
+   supposedly requesting.  It is not against the RFC however, as the
+   preference chosen will never be one that the user didn't specify
+   somewhere ("The implementation may use any mechanism to pick an
+   algorithm in the intersection"), and PGP has no mechanism to fix
+   such a broken preference list, so I'm including it. -dms */
 
 static int
 algo_available( int preftype, int algo )
@@ -975,16 +976,20 @@ algo_available( int preftype, int algo )
         if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 
+        if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
+			 algo != 7 && algo != 8 && algo != 9 && algo != 10) )
+	  return 0;
+
 	return algo && !check_cipher_algo( algo );
     }
     else if( preftype == PREFTYPE_HASH ) {
-        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
+        if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;
 
 	return algo && !check_digest_algo( algo );
     }
     else if( preftype == PREFTYPE_ZIP ) {
-        if ( opt.pgp6 && ( algo !=0 && algo != 1) )
+        if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
 	  return 0;
 
 	return !algo || algo == 1 || algo == 2;