diff options
| author | Werner Koch <[email protected]> | 2007-12-12 10:28:30 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2007-12-12 10:28:30 +0000 |
| commit | bae4b256c79c24e5306c692adf9bb5891433c7d5 (patch) | |
| tree | c0aae4de008d75964074146240257f81b8ded0b1 /g10 | |
| parent | Allow decryption using type 20 Elgamal keys. (diff) | |
| download | gnupg-bae4b256c79c24e5306c692adf9bb5891433c7d5.tar.gz gnupg-bae4b256c79c24e5306c692adf9bb5891433c7d5.zip | |
Support DSA2.
Support Camellia for testing.
More audit stuff.
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 26 | ||||
| -rw-r--r-- | g10/encode.c | 8 | ||||
| -rw-r--r-- | g10/encr-data.c | 5 | ||||
| -rw-r--r-- | g10/gpg.c | 49 | ||||
| -rw-r--r-- | g10/import.c | 4 | ||||
| -rw-r--r-- | g10/keyedit.c | 7 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/mainproc.c | 10 | ||||
| -rw-r--r-- | g10/misc.c | 55 | ||||
| -rw-r--r-- | g10/parse-packet.c | 6 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 2 | ||||
| -rw-r--r-- | g10/sign.c | 16 |
12 files changed, 156 insertions, 33 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index f6019a435..9e6602c6e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,6 +1,30 @@ +2007-12-12 Werner Koch <[email protected]> + + * misc.c (map_cipher_openpgp_to_gcry): New. Used to map Camellia + algorithms to Gcrypt. + (openpgp_cipher_test_algo): Call new map function. Replace + all remaining calls to gcry_cipher_test_algo by a call to this. + (openpgp_cipher_algo_name): New. Replace all remaining calls to + gcry_cipher_algo_name by a call to this. + (map_cipher_gcry_to_openpgp): New. + (string_to_cipher_algo): Use it. + * gpg.c (main): Print a warning if Camellia support is build in. + + * gpg.c (print_algo_names): New. From the 1.4 branch by David. + (list_config): Use it here for the "ciphername" and "digestname" + config items so we can get a script-parseable list of the names. + + * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include + the 0x. + + * sign.c (match_dsa_hash): Remove conditional builds dending on + USE_SHAxxx. We don't need this becuase it can be expected that + libgcrypt provides it. However we need to runtime test for SHA244 + becuase that is only available with libgcrypt 2.4. + 2007-12-11 Werner Koch <[email protected]> - * mainproc.c (proc_pubkey_enc): Allo type 20 Elgamal key for + * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for decryption. 2007-12-10 Werner Koch <[email protected]> diff --git a/g10/encode.c b/g10/encode.c index ee2ce9703..92aa9b27d 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -244,7 +244,7 @@ encode_simple( const char *filename, int mode, int use_seskey ) if(opt.verbose) log_info(_("using cipher %s\n"), - gcry_cipher_algo_name (cfx.dek->algo)); + openpgp_cipher_algo_name (cfx.dek->algo)); cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo); } @@ -558,7 +558,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey ) opt.def_cipher_algo,NULL)!=opt.def_cipher_algo) log_info(_("WARNING: forcing symmetric cipher %s (%d)" " violates recipient preferences\n"), - gcry_cipher_algo_name (opt.def_cipher_algo), + openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); cfx.dek->algo = opt.def_cipher_algo; @@ -750,7 +750,7 @@ encrypt_filter( void *opaque, int control, NULL)!=opt.def_cipher_algo) log_info(_("forcing symmetric cipher %s (%d) " "violates recipient preferences\n"), - gcry_cipher_algo_name (opt.def_cipher_algo), + openpgp_cipher_algo_name (opt.def_cipher_algo), opt.def_cipher_algo); efx->cfx.dek->algo = opt.def_cipher_algo; @@ -847,7 +847,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) char *ustr = get_user_id_string_native (enc->keyid); log_info(_("%s/%s encrypted for: \"%s\"\n"), gcry_pk_algo_name (enc->pubkey_algo), - gcry_cipher_algo_name (dek->algo), + openpgp_cipher_algo_name (dek->algo), ustr ); xfree(ustr); } diff --git a/g10/encr-data.c b/g10/encr-data.c index a05ff468a..56d787c7e 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -88,8 +88,9 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if ( opt.verbose && !dek->algo_info_printed ) { - if (!gcry_cipher_test_algo (dek->algo)) - log_info (_("%s encrypted data\n"), gcry_cipher_algo_name (dek->algo)); + if (!openpgp_cipher_test_algo (dek->algo)) + log_info (_("%s encrypted data\n"), + openpgp_cipher_algo_name (dek->algo)); else log_info (_("encrypted with unknown algorithm %d\n"), dek->algo ); dek->algo_info_printed = 1; @@ -791,7 +791,7 @@ my_strusage( int level ) case 35: if( !ciphers ) ciphers = build_list(_("Cipher: "), 'S', - gcry_cipher_algo_name, + openpgp_cipher_algo_name, openpgp_cipher_test_algo ); p = ciphers; break; @@ -1384,6 +1384,24 @@ print_algo_numbers(int (*checker)(int)) } +static void +print_algo_names(int (*checker)(int),const char *(*mapper)(int)) +{ + int i,first=1; + + for(i=0;i<=110;i++) + { + if(!checker(i)) + { + if(first) + first=0; + else + printf(";"); + printf("%s",mapper(i)); + } + } +} + /* In the future, we can do all sorts of interesting configuration output here. For now, just give "group" as the Enigmail folks need it, and pubkey, cipher, hash, and compress as they may be useful @@ -1450,6 +1468,14 @@ list_config(char *items) any=1; } + if (show_all || !ascii_strcasecmp (name,"ciphername")) + { + printf ("cfg:ciphername:"); + print_algo_names (openpgp_cipher_test_algo,openpgp_cipher_algo_name); + printf ("\n"); + any = 1; + } + if(show_all || ascii_strcasecmp(name,"digest")==0 || ascii_strcasecmp(name,"hash")==0) @@ -1460,6 +1486,16 @@ list_config(char *items) any=1; } + if (show_all + || !ascii_strcasecmp(name,"digestname") + || !ascii_strcasecmp(name,"hashname")) + { + printf ("cfg:digestname:"); + print_algo_names (openpgp_md_test_algo, gcry_md_algo_name); + printf("\n"); + any=1; + } + if(show_all || ascii_strcasecmp(name,"compress")==0) { printf("cfg:compress:"); @@ -2864,6 +2900,15 @@ main (int argc, char **argv ) log_set_prefix (NULL, 1|2|4); } +#ifdef USE_CAMELLIA + /* We better also print a runtime warning if people build it with + support for Camellia (which is not yet defined by OpenPGP). */ + log_info ("WARNING: This version has been built with support for the " + "Camellia cipher.\n"); + log_info (" It is for testing only and is NOT for production " + "use!\n"); +#endif + if (opt.verbose > 2) log_info ("using character set `%s'\n", get_native_charset ()); @@ -3129,7 +3174,7 @@ main (int argc, char **argv ) if(opt.def_cipher_algo && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL)) { - badalg = gcry_cipher_algo_name (opt.def_cipher_algo); + badalg = openpgp_cipher_algo_name (opt.def_cipher_algo); badtype = PREFTYPE_SYM; } else if(opt.def_digest_algo diff --git a/g10/import.c b/g10/import.c index 66aa875c4..41198b687 100644 --- a/g10/import.c +++ b/g10/import.c @@ -602,9 +602,9 @@ check_prefs(KBNODE keyblock) if (openpgp_cipher_test_algo (prefs->value)) { const char *algo = - (gcry_cipher_test_algo (prefs->value) + (openpgp_cipher_test_algo (prefs->value) ? num - : gcry_cipher_algo_name (prefs->value)); + : openpgp_cipher_algo_name (prefs->value)); if(!problem) check_prefs_warning(pk); log_info(_(" \"%s\": preference for cipher" diff --git a/g10/keyedit.c b/g10/keyedit.c index 8efe824ce..c81594be2 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -2325,9 +2325,10 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose) tty_printf (", "); any = 1; /* We don't want to display strings for experimental algos */ - if (!gcry_cipher_test_algo (prefs[i].value) + if (!openpgp_cipher_test_algo (prefs[i].value) && prefs[i].value < 100 ) - tty_printf ("%s", gcry_cipher_algo_name (prefs[i].value)); + tty_printf ("%s", + openpgp_cipher_algo_name (prefs[i].value)); else tty_printf ("[%d]", prefs[i].value); if (prefs[i].value == CIPHER_ALGO_3DES ) @@ -2337,7 +2338,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose) if (!des_seen) { if (any) tty_printf (", "); - tty_printf ("%s", gcry_cipher_algo_name (CIPHER_ALGO_3DES)); + tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES)); } tty_printf ("\n "); tty_printf (_("Digest: ")); diff --git a/g10/main.h b/g10/main.h index 963387007..bf3df6417 100644 --- a/g10/main.h +++ b/g10/main.h @@ -83,6 +83,7 @@ u16 checksum_mpi( gcry_mpi_t a ); u32 buffer_to_u32( const byte *buffer ); const byte *get_session_marker( size_t *rlen ); int openpgp_cipher_test_algo( int algo ); +const char *openpgp_cipher_algo_name (int algo); int openpgp_pk_test_algo( int algo ); int openpgp_pk_test_algo2 ( int algo, unsigned int use ); int openpgp_pk_algo_usage ( int algo ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 10d665b80..3756e2f96 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -274,9 +274,9 @@ proc_symkey_enc( CTX c, PACKET *pkt ) else if(!c->dek) { int algo = enc->cipher_algo; - const char *s = gcry_cipher_algo_name (algo); + const char *s = openpgp_cipher_algo_name (algo); - if (!gcry_cipher_test_algo (algo)) + if (!openpgp_cipher_test_algo (algo)) { if(!opt.quiet) { @@ -524,8 +524,8 @@ proc_encrypted( CTX c, PACKET *pkt ) algo = opt.def_cipher_algo; if ( algo ) log_info (_("assuming %s encrypted data\n"), - gcry_cipher_algo_name (algo)); - else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) ) + openpgp_cipher_algo_name (algo)); + else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) ) { algo = opt.def_cipher_algo; if (!algo) @@ -533,7 +533,7 @@ proc_encrypted( CTX c, PACKET *pkt ) idea_cipher_warn(1); log_info (_("IDEA cipher unavailable, " "optimistically attempting to use %s instead\n"), - gcry_cipher_algo_name (algo)); + openpgp_cipher_algo_name (algo)); } else { diff --git a/g10/misc.c b/g10/misc.c index 5f9af54c3..fa85e61c7 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -301,7 +301,7 @@ print_cipher_algo_note( int algo ) { warn=1; log_info (_("WARNING: using experimental cipher algorithm %s\n"), - gcry_cipher_algo_name (algo)); + openpgp_cipher_algo_name (algo)); } } } @@ -324,6 +324,33 @@ print_digest_algo_note( int algo ) gcry_md_algo_name (algo)); } + +/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do + this for algorithms we implemented in Libgcrypt after they become + part of OpenPGP. */ +static int +map_cipher_openpgp_to_gcry (int algo) +{ + switch (algo) + { + case CIPHER_ALGO_CAMELLIA128: return 310; + case CIPHER_ALGO_CAMELLIA256: return 312; + default: return algo; + } +} + +/* The inverse fucntion of above. */ +static int +map_cipher_gcry_to_openpgp (int algo) +{ + switch (algo) + { + case 310: return CIPHER_ALGO_CAMELLIA128; + case 312: return CIPHER_ALGO_CAMELLIA256; + default: return algo; + } +} + /**************** * Wrapper around the libgcrypt function with additonal checks on * the OpenPGP contraints for the algo ID. @@ -331,12 +358,32 @@ print_digest_algo_note( int algo ) int openpgp_cipher_test_algo( int algo ) { - /* 5 and 6 are marked reserved by rfc2440bis. */ + /* (5 and 6 are marked reserved by rfc4880.) */ if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 ) return gpg_error (GPG_ERR_CIPHER_ALGO); - return gcry_cipher_test_algo (algo); + + /* Camellia is not yet defined for OpenPGP thus only allow it if + requested. */ +#ifndef USE_CAMELLIA + if (algo == CIPHER_ALGO_CAMELLIA128 + || algo == CIPHER_ALGO_CAMELLIA256) + return gpg_error (GPG_ERR_CIPHER_ALGO); +#endif + + return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo)); } +/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a + string representation of the algorithm name. For unknown algorithm + IDs this function returns "?". */ +const char * +openpgp_cipher_algo_name (int algo) +{ + return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo)); +} + + + int openpgp_pk_test_algo( int algo ) { @@ -690,7 +737,7 @@ string_to_cipher_algo (const char *string) { int val; - val = gcry_cipher_map_name (string); + val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string)); if (!val && string && (string[0]=='S' || string[0]=='s')) { char *endptr; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index b1b01e515..6b8e79ec1 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1588,8 +1588,10 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen, ops->keyid[1] = read_32(inp); pktlen -= 4; ops->last = iobuf_get_noeof(inp); pktlen--; if( list_mode ) - fprintf (listfp, ":onepass_sig packet: keyid %08lX%08lX\n" - "\tversion %d, sigclass %02x, digest %d, pubkey %d, last=%d\n", + fprintf (listfp, + ":onepass_sig packet: keyid %08lX%08lX\n" + "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, " + "last=%d\n", (ulong)ops->keyid[0], (ulong)ops->keyid[1], version, ops->sig_class, ops->digest_algo, ops->pubkey_algo, ops->last ); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index e0ae55fd7..b7e76a874 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -282,7 +282,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) && !opt.quiet && !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo )) log_info (_("WARNING: cipher algorithm %s not found in recipient" - " preferences\n"), gcry_cipher_algo_name (dek->algo)); + " preferences\n"), openpgp_cipher_algo_name (dek->algo)); if (!rc) { KBNODE k; diff --git a/g10/sign.c b/g10/sign.c index 6bb30f04b..022622b20 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -345,22 +345,24 @@ match_dsa_hash (unsigned int qbytes) { if (qbytes <= 20) return DIGEST_ALGO_SHA1; -#ifdef USE_SHA256 - if (qbytes <= 28) + + /* SHA244 is only available with libgcrypt 1.4 - thus do a runtime + test. */ + if (qbytes <= 28 && !gcry_md_test_algo (DIGEST_ALGO_SHA224)) return DIGEST_ALGO_SHA224; + if (qbytes <= 32) return DIGEST_ALGO_SHA256; -#endif -#ifdef USE_SHA512 if (qbytes <= 48) return DIGEST_ALGO_SHA384; + if (qbytes <= 64) return DIGEST_ALGO_SHA512; -#endif + return DEFAULT_DIGEST_ALGO; /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong - answer we have if the larger SHAs aren't there. */ + answer we have if a digest larger than 512 bits is requested. */ } @@ -1258,7 +1260,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr) algo = default_cipher_algo(); if (!opt.quiet || !opt.batch) log_info (_("%s encryption will be used\n"), - gcry_cipher_algo_name (algo) ); + openpgp_cipher_algo_name (algo) ); cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled); if (!cfx.dek || !cfx.dek->keylen) { |