diff options
48 files changed, 695 insertions, 251 deletions
@@ -215,6 +215,9 @@ Phil Pennock <[email protected]> Phil Pennock <[email protected]> 2017-01-19:[email protected]: +Rainer Perske <[email protected]> +2017-10-24:permail-2017102014511105be2aed00002fc6-perske@message-id.uni-muenster.de: + Other authors ============= @@ -1,9 +1,7 @@ -Noteworthy changes in version 2.2.2 (unreleased) +Noteworthy changes in version 2.3.0 (unreleased) ------------------------------------------------ - -Noteworthy changes in version 2.2.1 (2017-09-19) ------------------------------------------------- + Changes also found in 2.2.1: * gpg: Fix formatting of the user id in batch mode key generation if only "name-email" is given. @@ -23,6 +21,10 @@ Noteworthy changes in version 2.2.1 (2017-09-19) certificates are configured. If build with GNUTLS, this was already the case. + Release dates of 2.2.x versions: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + Version 2.2.1 (2017-09-19) + Noteworthy changes in version 2.2.0 (2017-08-28) ------------------------------------------------ diff --git a/agent/agent.h b/agent/agent.h index f5df75e6e..bf8d244a0 100644 --- a/agent/agent.h +++ b/agent/agent.h @@ -226,6 +226,7 @@ struct server_control_s char *lc_ctype; char *lc_messages; unsigned long client_pid; + int client_uid; /* The current pinentry mode. */ pinentry_mode_t pinentry_mode; @@ -254,6 +255,10 @@ struct server_control_s /* The current S2K which might be different from the calibrated count. */ unsigned long s2k_count; + + /* If pinentry is active for this thread. It can be more than 1, + when pinentry is called recursively. */ + int pinentry_active; }; diff --git a/agent/call-pinentry.c b/agent/call-pinentry.c index 6a5c1fe1e..af4eb06f2 100644 --- a/agent/call-pinentry.c +++ b/agent/call-pinentry.c @@ -67,12 +67,6 @@ static struct } entry_features; -/* The control variable of the connection owning the current pinentry. - This is only valid if ENTRY_CTX is not NULL. Note, that we care - only about the value of the pointer and that it should never be - dereferenced. */ -static ctrl_t entry_owner; - /* A mutex used to serialize access to the pinentry. */ static npth_mutex_t entry_lock; @@ -128,7 +122,7 @@ agent_query_dump_state (void) void agent_reset_query (ctrl_t ctrl) { - if (entry_ctx && popup_tid && entry_owner == ctrl) + if (entry_ctx && popup_tid && ctrl->pinentry_active) { agent_popup_message_stop (ctrl); } @@ -140,7 +134,7 @@ agent_reset_query (ctrl_t ctrl) stalled pinentry does not block other threads. Fixme: We should have a timeout in Assuan for the disconnect operation. */ static gpg_error_t -unlock_pinentry (gpg_error_t rc) +unlock_pinentry (ctrl_t ctrl, gpg_error_t rc) { assuan_context_t ctx = entry_ctx; int err; @@ -177,15 +171,18 @@ unlock_pinentry (gpg_error_t rc) } } - entry_ctx = NULL; - err = npth_mutex_unlock (&entry_lock); - if (err) + if (--ctrl->pinentry_active == 0) { - log_error ("failed to release the entry lock: %s\n", strerror (err)); - if (!rc) - rc = gpg_error_from_errno (err); + entry_ctx = NULL; + err = npth_mutex_unlock (&entry_lock); + if (err) + { + log_error ("failed to release the entry lock: %s\n", strerror (err)); + if (!rc) + rc = gpg_error_from_errno (err); + } + assuan_release (ctx); } - assuan_release (ctx); return rc; } @@ -288,6 +285,14 @@ start_pinentry (ctrl_t ctrl) char *flavor_version; int err; + if (ctrl->pinentry_active) + { + /* It's trying to use pinentry recursively. In this situation, + the thread holds ENTRY_LOCK already. */ + ctrl->pinentry_active++; + return 0; + } + npth_clock_gettime (&abstime); abstime.tv_sec += LOCK_TIMEOUT; err = npth_mutex_timedlock (&entry_lock, &abstime); @@ -302,8 +307,6 @@ start_pinentry (ctrl_t ctrl) return rc; } - entry_owner = ctrl; - if (entry_ctx) return 0; @@ -325,7 +328,7 @@ start_pinentry (ctrl_t ctrl) the Wine implementation does not flush stdin,stdout and stderr - see above. Let's try to ignore the error. */ #ifndef HAVE_W32_SYSTEM - return unlock_pinentry (tmperr); + return unlock_pinentry (ctrl, tmperr); #endif } @@ -371,6 +374,10 @@ start_pinentry (ctrl_t ctrl) log_error ("can't allocate assuan context: %s\n", gpg_strerror (rc)); return rc; } + + ctrl->pinentry_active = 1; + entry_ctx = ctx; + /* We don't want to log the pinentry communication to make the logs easier to read. We might want to add a new debug option to enable pinentry logging. */ @@ -382,17 +389,15 @@ start_pinentry (ctrl_t ctrl) that atfork is used to change the environment for pinentry. We start the server in detached mode to suppress the console window under Windows. */ - rc = assuan_pipe_connect (ctx, full_pgmname, argv, + rc = assuan_pipe_connect (entry_ctx, full_pgmname, argv, no_close_list, atfork_cb, ctrl, ASSUAN_PIPE_CONNECT_DETACHED); if (rc) { log_error ("can't connect to the PIN entry module '%s': %s\n", full_pgmname, gpg_strerror (rc)); - assuan_release (ctx); - return unlock_pinentry (gpg_error (GPG_ERR_NO_PIN_ENTRY)); + return unlock_pinentry (ctrl, gpg_error (GPG_ERR_NO_PIN_ENTRY)); } - entry_ctx = ctx; if (DBG_IPC) log_debug ("connection to PIN entry established\n"); @@ -402,65 +407,65 @@ start_pinentry (ctrl_t ctrl) { char *optstr; if (asprintf (&optstr, "OPTION pinentry-user-data=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, opt.no_grab? "OPTION no-grab":"OPTION grab", NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); value = session_env_getenv (ctrl->session_env, "GPG_TTY"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttyname=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } value = session_env_getenv (ctrl->session_env, "TERM"); if (value) { char *optstr; if (asprintf (&optstr, "OPTION ttytype=%s", value) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_ctype) { char *optstr; if (asprintf (&optstr, "OPTION lc-ctype=%s", ctrl->lc_ctype) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (ctrl->lc_messages) { char *optstr; if (asprintf (&optstr, "OPTION lc-messages=%s", ctrl->lc_messages) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); rc = assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -476,7 +481,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-external-password-cache", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (opt.allow_emacs_pinentry) @@ -486,7 +491,7 @@ start_pinentry (ctrl_t ctrl) rc = assuan_transact (entry_ctx, "OPTION allow-emacs-prompt", NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_UNKNOWN_OPTION) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -524,7 +529,7 @@ start_pinentry (ctrl_t ctrl) if (*s == '|' && (s2=strchr (s+1,'|'))) s = s2+1; if (asprintf (&optstr, "OPTION default-%s=%s", tbl[idx].key, s) < 0 ) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); xfree (optstr); @@ -593,8 +598,9 @@ start_pinentry (ctrl_t ctrl) nodename = utsbuf.nodename; #endif /*!HAVE_W32_SYSTEM*/ - if ((optstr = xtryasprintf ("OPTION owner=%lu %s", - ctrl->client_pid, nodename))) + if ((optstr = xtryasprintf ("OPTION owner=%lu/%d %s", + ctrl->client_pid, ctrl->client_uid, + nodename))) { assuan_transact (entry_ctx, optstr, NULL, NULL, NULL, NULL, NULL, NULL); @@ -651,8 +657,8 @@ start_pinentry (ctrl_t ctrl) rc = agent_inq_pinentry_launched (ctrl, pinentry_pid, flavor_version); if (gpg_err_code (rc) == GPG_ERR_CANCELED || gpg_err_code (rc) == GPG_ERR_FULLY_CANCELED) - return unlock_pinentry (gpg_err_make (GPG_ERR_SOURCE_DEFAULT, - gpg_err_code (rc))); + return unlock_pinentry (ctrl, gpg_err_make (GPG_ERR_SOURCE_DEFAULT, + gpg_err_code (rc))); rc = 0; } @@ -1022,18 +1028,18 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); build_cmd_setdesc (line, DIM(line), desc_text); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt_text? prompt_text : is_pin? L_("PIN:") : L_("Passphrase:")); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); /* If a passphrase quality indicator has been requested and a minimum passphrase length has not been disabled, send the command @@ -1042,7 +1048,7 @@ agent_askpin (ctrl_t ctrl, { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (initial_errtext) @@ -1051,7 +1057,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (pininfo->with_repeat) @@ -1082,7 +1088,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); errtext = NULL; } @@ -1092,7 +1098,7 @@ agent_askpin (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); @@ -1120,7 +1126,7 @@ agent_askpin (ctrl_t ctrl, errtext = is_pin? L_("PIN too long") : L_("Passphrase too long"); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (!errtext && pininfo->min_digits) { @@ -1146,7 +1152,7 @@ agent_askpin (ctrl_t ctrl, || gpg_err_code (rc) == GPG_ERR_BAD_PIN) errtext = (is_pin? L_("Bad PIN") : L_("Bad Passphrase")); else if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (!errtext) @@ -1154,7 +1160,7 @@ agent_askpin (ctrl_t ctrl, if (pininfo->with_repeat && (pinentry_status & PINENTRY_STATUS_PIN_REPEATED)) pininfo->repeat_okay = 1; - return unlock_pinentry (0); /* okay, got a PIN or passphrase */ + return unlock_pinentry (ctrl, 0); /* okay, got a PIN or passphrase */ } if ((pinentry_status & PINENTRY_STATUS_PASSWORD_FROM_CACHE)) @@ -1163,7 +1169,7 @@ agent_askpin (ctrl_t ctrl, pininfo->failed_tries --; } - return unlock_pinentry (gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN + return unlock_pinentry (ctrl, gpg_error (pininfo->min_digits? GPG_ERR_BAD_PIN : GPG_ERR_BAD_PASSPHRASE)); } @@ -1229,7 +1235,7 @@ agent_get_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc && gpg_err_code (rc) != GPG_ERR_ASS_UNKNOWN_CMD) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (desc) @@ -1238,18 +1244,18 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); snprintf (line, DIM(line), "SETPROMPT %s", prompt); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (with_qualitybar && opt.min_passphrase_len) { rc = setup_qualitybar (ctrl); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (errtext) @@ -1257,14 +1263,14 @@ agent_get_passphrase (ctrl_t ctrl, snprintf (line, DIM(line), "SETERROR %s", errtext); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } memset (&parm, 0, sizeof parm); parm.size = ASSUAN_LINELENGTH/2 - 5; parm.buffer = gcry_malloc_secure (parm.size+10); if (!parm.buffer) - return unlock_pinentry (out_of_core ()); + return unlock_pinentry (ctrl, out_of_core ()); saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL); assuan_begin_confidential (entry_ctx); @@ -1288,7 +1294,7 @@ agent_get_passphrase (ctrl_t ctrl, xfree (parm.buffer); else *retpass = parm.buffer; - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1332,7 +1338,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok) { @@ -1340,7 +1346,7 @@ agent_get_confirmation (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } if (notok) { @@ -1363,7 +1369,7 @@ agent_get_confirmation (ctrl_t ctrl, NULL, NULL, NULL, NULL, NULL, NULL); } if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM", @@ -1371,7 +1377,7 @@ agent_get_confirmation (ctrl_t ctrl, if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1405,7 +1411,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { @@ -1413,7 +1419,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } rc = assuan_transact (entry_ctx, "CONFIRM --one-button", NULL, NULL, NULL, @@ -1421,7 +1427,7 @@ agent_show_message (ctrl_t ctrl, const char *desc, const char *ok_btn) if (rc && gpg_err_source (rc) && gpg_err_code (rc) == GPG_ERR_ASS_CANCELED) rc = gpg_err_make (gpg_err_source (rc), GPG_ERR_CANCELED); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } @@ -1469,19 +1475,19 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) snprintf (line, DIM(line), "RESET"); rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); if (ok_btn) { snprintf (line, DIM(line), "SETOK %s", ok_btn); rc = assuan_transact (entry_ctx, line, NULL,NULL,NULL,NULL,NULL,NULL); if (rc) - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } err = npth_attr_init (&tattr); if (err) - return unlock_pinentry (gpg_error_from_errno (err)); + return unlock_pinentry (ctrl, gpg_error_from_errno (err)); npth_attr_setdetachstate (&tattr, NPTH_CREATE_JOINABLE); popup_finished = 0; @@ -1492,7 +1498,7 @@ agent_popup_message_start (ctrl_t ctrl, const char *desc, const char *ok_btn) rc = gpg_error_from_errno (err); log_error ("error spawning popup message handler: %s\n", strerror (err) ); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } npth_setname_np (popup_tid, "popup-message"); @@ -1551,10 +1557,9 @@ agent_popup_message_stop (ctrl_t ctrl) /* Thread IDs are opaque, but we try our best here by resetting it to the same content that a static global variable has. */ memset (&popup_tid, '\0', sizeof (popup_tid)); - entry_owner = NULL; /* Now we can close the connection. */ - unlock_pinentry (0); + unlock_pinentry (ctrl, 0); } int @@ -1580,5 +1585,5 @@ agent_clear_passphrase (ctrl_t ctrl, rc = assuan_transact (entry_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL); - return unlock_pinentry (rc); + return unlock_pinentry (ctrl, rc); } diff --git a/agent/call-scd.c b/agent/call-scd.c index cf61a3546..6ce0cddfb 100644 --- a/agent/call-scd.c +++ b/agent/call-scd.c @@ -89,7 +89,6 @@ struct inq_needpin_parm_s const char *getpin_cb_desc; assuan_context_t passthru; /* If not NULL, pass unknown inquiries up to the caller. */ - int any_inq_seen; /* The next fields are used by inq_writekey_parm. */ const unsigned char *keydata; @@ -727,7 +726,6 @@ inq_needpin (void *opaque, const char *line) size_t pinlen; int rc; - parm->any_inq_seen = 1; if ((s = has_leading_keyword (line, "NEEDPIN"))) { line = s; @@ -811,30 +809,6 @@ hash_algo_option (int algo) } -static gpg_error_t -cancel_inquire (ctrl_t ctrl, gpg_error_t rc) -{ - gpg_error_t oldrc = rc; - - /* The inquire callback was called and transact returned a - cancel error. We assume that the inquired process sent a - CANCEL. The passthrough code is not able to pass on the - CANCEL and thus scdaemon would stuck on this. As a - workaround we send a CANCEL now. */ - rc = assuan_write_line (ctrl->scd_local->ctx, "CAN"); - if (!rc) { - char *line; - size_t len; - - rc = assuan_read_line (ctrl->scd_local->ctx, &line, &len); - if (!rc) - rc = oldrc; - } - - return rc; -} - - /* Create a signature using the current card. MDALGO is either 0 or * gives the digest algorithm. DESC_TEXT is an additional parameter * passed to GETPIN_CB. */ @@ -875,7 +849,6 @@ agent_card_pksign (ctrl_t ctrl, inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.getpin_cb_desc = desc_text; inqparm.passthru = 0; - inqparm.any_inq_seen = 0; inqparm.keydata = NULL; inqparm.keydatalen = 0; @@ -888,9 +861,6 @@ agent_card_pksign (ctrl_t ctrl, put_membuf_cb, &data, inq_needpin, &inqparm, NULL, NULL); - if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); if (rc) { @@ -974,7 +944,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.getpin_cb_desc = desc_text; inqparm.passthru = 0; - inqparm.any_inq_seen = 0; inqparm.keydata = NULL; inqparm.keydatalen = 0; snprintf (line, DIM(line), "PKDECRYPT %s", keyid); @@ -982,9 +951,6 @@ agent_card_pkdecrypt (ctrl_t ctrl, put_membuf_cb, &data, inq_needpin, &inqparm, padding_info_cb, r_padding); - if (inqparm.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); if (rc) { @@ -1111,15 +1077,11 @@ agent_card_writekey (ctrl_t ctrl, int force, const char *serialno, parms.getpin_cb_arg = getpin_cb_arg; parms.getpin_cb_desc= NULL; parms.passthru = 0; - parms.any_inq_seen = 0; parms.keydata = keydata; parms.keydatalen = keydatalen; rc = assuan_transact (ctrl->scd_local->ctx, line, NULL, NULL, inq_writekey_parms, &parms, NULL, NULL); - if (parms.any_inq_seen && (gpg_err_code(rc) == GPG_ERR_CANCELED || - gpg_err_code(rc) == GPG_ERR_ASS_CANCELED)) - rc = cancel_inquire (ctrl, rc); return unlock_scd (ctrl, rc); } @@ -1344,7 +1306,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, inqparm.getpin_cb_arg = getpin_cb_arg; inqparm.getpin_cb_desc = NULL; inqparm.passthru = assuan_context; - inqparm.any_inq_seen = 0; inqparm.keydata = NULL; inqparm.keydatalen = 0; @@ -1354,8 +1315,6 @@ agent_card_scd (ctrl_t ctrl, const char *cmdline, pass_data_thru, assuan_context, inq_needpin, &inqparm, pass_status_thru, assuan_context); - if (inqparm.any_inq_seen && gpg_err_code(rc) == GPG_ERR_ASS_CANCELED) - rc = cancel_inquire (ctrl, rc); assuan_set_flag (ctrl->scd_local->ctx, ASSUAN_CONVEY_COMMENTS, saveflag); if (rc) diff --git a/agent/command-ssh.c b/agent/command-ssh.c index 9d45a1864..866f43959 100644 --- a/agent/command-ssh.c +++ b/agent/command-ssh.c @@ -255,6 +255,11 @@ static gpg_error_t ssh_signature_encoder_eddsa (ssh_key_type_spec_t *spec, static gpg_error_t ssh_key_extract_comment (gcry_sexp_t key, char **comment); +struct peer_info_s +{ + unsigned long pid; + int uid; +}; /* Global variables. */ @@ -3581,10 +3586,11 @@ ssh_request_process (ctrl_t ctrl, estream_t stream_sock) /* Return the peer's pid. */ -static unsigned long -get_client_pid (int fd) +static void +get_client_info (int fd, struct peer_info_s *out) { - pid_t client_pid = (pid_t)0; + pid_t client_pid = (pid_t)(-1); + uid_t client_uid = (uid_t)-1; #ifdef SO_PEERCRED { @@ -3599,8 +3605,10 @@ get_client_pid (int fd) { #if defined (HAVE_STRUCT_SOCKPEERCRED_PID) || defined (HAVE_STRUCT_UCRED_PID) client_pid = cr.pid; + client_uid = cr.uid; #elif defined (HAVE_STRUCT_UCRED_CR_PID) client_pid = cr.cr_pid; + client_pid = cr.cr_uid; #else #error "Unknown SO_PEERCRED struct" #endif @@ -3611,6 +3619,7 @@ get_client_pid (int fd) socklen_t len = sizeof (pid_t); getsockopt (fd, SOL_LOCAL, LOCAL_PEERPID, &client_pid, &len); + getsockopt (fd, SOL_LOCAL, LOCAL_PEERUID, &client_uid, &len); } #elif defined (LOCAL_PEEREID) { @@ -3619,6 +3628,7 @@ get_client_pid (int fd) if (getsockopt (fd, 0, LOCAL_PEEREID, &unp, &unpl) != -1) client_pid = unp.unp_pid; + client_uid = unp.unp_euid; } #elif defined (HAVE_GETPEERUCRED) { @@ -3626,7 +3636,8 @@ get_client_pid (int fd) if (getpeerucred (fd, &ucred) != -1) { - client_pid= ucred_getpid (ucred); + client_pid = ucred_getpid (ucred); + client_uid = ucred_geteuid (ucred); ucred_free (ucred); } } @@ -3634,7 +3645,8 @@ get_client_pid (int fd) (void)fd; #endif - return (unsigned long)client_pid; + out->pid = (client_pid == (pid_t)(-1)? 0 : (unsigned long)client_pid); + out->uid = (int)client_uid; } @@ -3645,12 +3657,15 @@ start_command_handler_ssh (ctrl_t ctrl, gnupg_fd_t sock_client) estream_t stream_sock = NULL; gpg_error_t err; int ret; + struct peer_info_s peer_info; err = agent_copy_startup_env (ctrl); if (err) goto out; - ctrl->client_pid = get_client_pid (FD2INT(sock_client)); + get_client_info (FD2INT(sock_client), &peer_info); + ctrl->client_pid = peer_info.pid; + ctrl->client_uid = peer_info.uid; /* Create stream from socket. */ stream_sock = es_fdopen (FD2INT(sock_client), "r+"); diff --git a/agent/command.c b/agent/command.c index e20361a11..3b249b1bd 100644 --- a/agent/command.c +++ b/agent/command.c @@ -874,7 +874,7 @@ static const char hlp_genkey[] = "\n" " C: GENKEY\n" " S: INQUIRE KEYPARAM\n" - " C: D (genkey (rsa (nbits 2048)))\n" + " C: D (genkey (rsa (nbits 3072)))\n" " C: END\n" " S: D (public-key\n" " S: D (rsa (n 326487324683264) (e 10001)))\n" @@ -3331,7 +3331,7 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) for (;;) { - pid_t client_pid; + assuan_peercred_t client_creds; rc = assuan_accept (ctx); if (gpg_err_code (rc) == GPG_ERR_EOF || rc == -1) @@ -3344,12 +3344,20 @@ start_command_handler (ctrl_t ctrl, gnupg_fd_t listen_fd, gnupg_fd_t fd) break; } - client_pid = assuan_get_pid (ctx); - ctrl->server_local->connect_from_self = (client_pid == getpid ()); - if (client_pid != ASSUAN_INVALID_PID) - ctrl->client_pid = (unsigned long)client_pid; + rc = assuan_get_peercred (ctx, &client_creds); + if (rc) + { + log_info ("Assuan get_peercred failed: %s\n", gpg_strerror (rc)); + client_creds->pid = assuan_get_pid (ctx); + ctrl->client_uid = -1; + } + ctrl->server_local->connect_from_self = + (client_creds->pid == getpid ()); + if (client_creds->pid != ASSUAN_INVALID_PID) + ctrl->client_pid = (unsigned long)client_creds->pid; else ctrl->client_pid = 0; + ctrl->client_uid = client_creds->uid; rc = assuan_process (ctx); if (rc) diff --git a/agent/protect.c b/agent/protect.c index c257861e2..9b262a978 100644 --- a/agent/protect.c +++ b/agent/protect.c @@ -159,7 +159,7 @@ calibrate_s2k_count_one (unsigned long count) /* Measure the time we need to do the hash operations and deduce an - S2K count which requires about 100ms of time. */ + S2K count which requires roughly some targeted amount of time. */ static unsigned long calibrate_s2k_count (void) { @@ -171,11 +171,11 @@ calibrate_s2k_count (void) ms = calibrate_s2k_count_one (count); if (opt.verbose > 1) log_info ("S2K calibration: %lu -> %lums\n", count, ms); - if (ms > 100) + if (ms > AGENT_S2K_CALIBRATION) break; } - count = (unsigned long)(((double)count / ms) * 100); + count = (unsigned long)(((double)count / ms) * AGENT_S2K_CALIBRATION); count /= 1024; count *= 1024; if (count < 65536) diff --git a/common/Makefile.am b/common/Makefile.am index fcbe7ea66..94318dae4 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -94,7 +94,8 @@ common_sources = \ name-value.c name-value.h \ recsel.c recsel.h \ ksba-io-support.c ksba-io-support.h \ - compliance.c compliance.h + compliance.c compliance.h \ + pkscreening.c pkscreening.h if HAVE_W32_SYSTEM diff --git a/common/exechelp-posix.c b/common/exechelp-posix.c index 7237993a2..3acf74ad6 100644 --- a/common/exechelp-posix.c +++ b/common/exechelp-posix.c @@ -784,30 +784,32 @@ gnupg_wait_processes (const char **pgmnames, pid_t *pids, size_t count, } } - if (ec == 0) - for (i = 0; i < count; i++) - { - if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) - { - log_error (_("error running '%s': probably not installed\n"), - pgmnames[i]); - ec = GPG_ERR_CONFIGURATION; - } - else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) - { - if (dummy) - log_error (_("error running '%s': exit status %d\n"), - pgmnames[i], WEXITSTATUS (r_exitcodes[i])); - else - r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); - ec = GPG_ERR_GENERAL; - } - else if (!WIFEXITED (r_exitcodes[i])) - { - log_error (_("error running '%s': terminated\n"), pgmnames[i]); - ec = GPG_ERR_GENERAL; - } - } + for (i = 0; i < count; i++) + { + if (r_exitcodes[i] == -1) + continue; + + if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i]) == 127) + { + log_error (_("error running '%s': probably not installed\n"), + pgmnames[i]); + ec = GPG_ERR_CONFIGURATION; + } + else if (WIFEXITED (r_exitcodes[i]) && WEXITSTATUS (r_exitcodes[i])) + { + if (dummy) + log_error (_("error running '%s': exit status %d\n"), + pgmnames[i], WEXITSTATUS (r_exitcodes[i])); + else + r_exitcodes[i] = WEXITSTATUS (r_exitcodes[i]); + ec = GPG_ERR_GENERAL; + } + else if (!WIFEXITED (r_exitcodes[i])) + { + log_error (_("error running '%s': terminated\n"), pgmnames[i]); + ec = GPG_ERR_GENERAL; + } + } xfree (dummy); return gpg_err_make (GPG_ERR_SOURCE_DEFAULT, ec); diff --git a/common/gettime.c b/common/gettime.c index 3e1ee5569..4ad99f54d 100644 --- a/common/gettime.c +++ b/common/gettime.c @@ -222,6 +222,8 @@ isotime_p (const char *string) for (s++, i=9; i < 15; i++, s++) if (!digitp (s)) return 0; + if (*s == 'Z') + s++; if ( !(!*s || (isascii (*s) && isspace(*s)) || *s == ':' || *s == ',')) return 0; /* Wrong delimiter. */ @@ -354,9 +356,10 @@ string2isotime (gnupg_isotime_t atime, const char *string) } -/* Scan an ISO timestamp and return an Epoch based timestamp. The only - supported format is "yyyymmddThhmmss" delimited by white space, nul, a - colon or a comma. Returns (time_t)(-1) for an invalid string. */ +/* Scan an ISO timestamp and return an Epoch based timestamp. The + only supported format is "yyyymmddThhmmss[Z]" delimited by white + space, nul, a colon or a comma. Returns (time_t)(-1) for an + invalid string. */ time_t isotime2epoch (const char *string) { diff --git a/common/logging.c b/common/logging.c index c4eaca411..82b21e25b 100644 --- a/common/logging.c +++ b/common/logging.c @@ -1039,11 +1039,11 @@ log_printsexp () {} is found in sexputils.c */ - +/* Print a microsecond timestamp followed by STRING. */ void log_clock (const char *string) { -#if 0 +#if ENABLE_LOG_CLOCK static unsigned long long initial; struct timespec tv; unsigned long long now; @@ -1060,10 +1060,10 @@ log_clock (const char *string) initial = now; log_debug ("[%6llu] %s", (now - initial)/1000, string); -#else - /* You need to link with -ltr to enable the above code. */ - log_debug ("[not enabled in the source] %s", string); -#endif +#else /*!ENABLE_LOG_CLOCK*/ + /* You may need to link with -ltr to use the above code. */ + log_debug ("[not enabled by configure] %s", string); +#endif /*!ENABLE_LOG_CLOCK*/ } diff --git a/common/pkscreening.c b/common/pkscreening.c new file mode 100644 index 000000000..a3bfb474e --- /dev/null +++ b/common/pkscreening.c @@ -0,0 +1,159 @@ +/* pkscreening.c - Screen public keys for vulnerabilities + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#include <config.h> +#include <stdlib.h> + +#include "util.h" +#include "pkscreening.h" + + +/* Helper */ +static inline gpg_error_t +my_error (gpg_err_code_t ec) +{ + return gpg_err_make (default_errsource, ec); +} + + +/* Emulation of the new gcry_mpi_get_ui function. */ +static gpg_error_t +my_mpi_get_ui (unsigned int *v, gcry_mpi_t a) +{ + gpg_error_t err; + unsigned char buf[8]; + size_t n; + int i, mul; + + if (gcry_mpi_cmp_ui (a, 16384) > 0) + return my_error (GPG_ERR_ERANGE); /* Clearly too large for our purpose. */ + + err = gcry_mpi_print (GCRYMPI_FMT_USG, buf, sizeof buf, &n, a); + if (err) + return err; + + *v = 0; + for (i = n - 1, mul = 1; i >= 0; i--, mul *= 256) + *v += mul * buf[i]; + + return 0; +} + + +/* Detect whether the MODULUS of a public RSA key is affected by the + * ROCA vulnerability as found in the Infinion RSA library + * (CVE-2017-15361). Returns 0 if not affected, GPG_ERR_TRUE if + * affected, GPG_ERR_BAD_MPI if an opaque RSA was passed, or other + * error codes if something weird happened */ +gpg_error_t +screen_key_for_roca (gcry_mpi_t modulus) +{ + static struct { + unsigned int prime_ui; + const char *print_hex; + gcry_mpi_t prime; + gcry_mpi_t print; + } table[] = { + { 3, "0x6" }, + { 5, "0x1E" }, + { 7, "0x7E" }, + { 11, "0x402" }, + { 13, "0x161A" }, + { 17, "0x1A316" }, + { 19, "0x30AF2" }, + { 23, "0x7FFFFE" }, + { 29, "0x1FFFFFFE" }, + { 31, "0x7FFFFFFE" }, + { 37, "0x4000402" }, + { 41, "0x1FFFFFFFFFE" }, + { 43, "0x7FFFFFFFFFE" }, + { 47, "0x7FFFFFFFFFFE" }, + { 53, "0x12DD703303AED2" }, + { 59, "0x7FFFFFFFFFFFFFE" }, + { 61, "0x1434026619900B0A" }, + { 67, "0x7FFFFFFFFFFFFFFFE" }, + { 71, "0x1164729716B1D977E" }, + { 73, "0x147811A48004962078A" }, + { 79, "0xB4010404000640502" }, + { 83, "0x7FFFFFFFFFFFFFFFFFFFE" }, + { 89, "0x1FFFFFFFFFFFFFFFFFFFFFE" }, + { 97, "0x1000000006000001800000002" }, + { 101, "0x1FFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 103, "0x16380E9115BD964257768FE396" }, + { 107, "0x27816EA9821633397BE6A897E1A" }, + { 109, "0x1752639F4E85B003685CBE7192BA" }, + { 113, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 127, "0x6CA09850C2813205A04C81430A190536" }, + { 131, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 137, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 139, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 149, "0x1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 151, "0x50C018BC00482458DAC35B1A2412003D18030A" }, + { 157, "0x161FB414D76AF63826461899071BD5BACA0B7E1A" }, + { 163, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" }, + { 167, "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" } + }; + gpg_error_t err; + int i; + gcry_mpi_t rem; + unsigned int bitno; + + /* Initialize on the first call. */ + if (!table[0].prime) + { + /* We pass primes[i] to the call so that in case of a concurrent + * second thread the already allocated space is reused. */ + for (i = 0; i < DIM (table); i++) + { + table[i].prime = gcry_mpi_set_ui (table[i].prime, table[i].prime_ui); + if (gcry_mpi_scan (&table[i].print, GCRYMPI_FMT_HEX, + table[i].print_hex, 0, NULL)) + BUG (); + } + } + + /* Check that it is not NULL or an opaque MPI. */ + if (!modulus || gcry_mpi_get_flag (modulus, GCRYMPI_FLAG_OPAQUE)) + return my_error (GPG_ERR_BAD_MPI); + + /* We divide the modulus of an RSA public key by a set of small + * PRIMEs and examine all the remainders. If all the bits at the + * index given by the remainder are set in the corresponding PRINT + * masks the key is very likely vulnerable. If any of the tested + * bits is zero, the key is not vulnerable. */ + rem = gcry_mpi_new (0); + for (i = 0; i < DIM (table); i++) + { + gcry_mpi_mod (rem, modulus, table[i].prime); + err = my_mpi_get_ui (&bitno, rem); + if (gpg_err_code (err) == GPG_ERR_ERANGE) + continue; + if (err) + goto leave; + if (!gcry_mpi_test_bit (table[i].print, bitno)) + goto leave; /* Not vulnerable. */ + } + + /* Very likely vulnerable */ + err = my_error (GPG_ERR_TRUE); + + leave: + gcry_mpi_release (rem); + return err; +} diff --git a/common/pkscreening.h b/common/pkscreening.h new file mode 100644 index 000000000..a64758924 --- /dev/null +++ b/common/pkscreening.h @@ -0,0 +1,26 @@ +/* pkscreening.c - Screen public keys for vulnerabilities + * Copyright (C) 2017 Werner Koch + * + * This file is part of GnuPG. + * + * This file is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This file is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#ifndef GNUPG_COMMON_PKSCREENING_H +#define GNUPG_COMMON_PKSCREENING_H + +gpg_error_t screen_key_for_roca (gcry_mpi_t modulus); + + +#endif /*GNUPG_COMMON_PKSCREENING_H*/ diff --git a/common/util.h b/common/util.h index c6d19c64b..f3722812d 100644 --- a/common/util.h +++ b/common/util.h @@ -59,6 +59,11 @@ /* Hash function used with libksba. */ #define HASH_FNC ((void (*)(void *, const void*,size_t))gcry_md_write) +/* The length of the keygrip. This is a SHA-1 hash of the key + * parameters as generated by gcry_pk_get_keygrip. */ +#define KEYGRIP_LEN 20 + + /* Get all the stuff from jnlib. */ #include "../common/logging.h" #include "../common/argparse.h" diff --git a/configure.ac b/configure.ac index dc1fc1afd..ebd0c2f07 100644 --- a/configure.ac +++ b/configure.ac @@ -27,8 +27,8 @@ min_automake_version="1.14" # another commit and push so that the git magic is able to work. m4_define([mym4_package],[gnupg]) m4_define([mym4_major], [2]) -m4_define([mym4_minor], [2]) -m4_define([mym4_micro], [2]) +m4_define([mym4_minor], [3]) +m4_define([mym4_micro], [0]) # To start a new development series, i.e a new major or minor number # you need to mark an arbitrary commit before the first beta release @@ -116,7 +116,6 @@ use_tls_library=no large_secmem=no show_tor_support=no - GNUPG_BUILD_PROGRAM(gpg, yes) GNUPG_BUILD_PROGRAM(gpgsm, yes) # The agent is a required part and can't be disabled anymore. @@ -244,6 +243,15 @@ fi AC_DEFINE_UNQUOTED(SECMEM_BUFFER_SIZE,$SECMEM_BUFFER_SIZE, [Size of secure memory buffer]) +AC_MSG_CHECKING([calibrated passphrase-stretching (s2k) duration]) +AC_ARG_WITH(agent-s2k-calibration, + AC_HELP_STRING([--with-agent-s2k-calibration=MSEC], + [calibrate passphrase stretching (s2k) to MSEC milliseconds]), + agent_s2k_calibration=$withval, agent_s2k_calibration=100) +AC_MSG_RESULT($agent_s2k_calibration milliseconds) +AC_DEFINE_UNQUOTED(AGENT_S2K_CALIBRATION, $agent_s2k_calibration, + [Agent s2k calibration time (ms)]) + AC_MSG_CHECKING([whether to enable trust models]) AC_ARG_ENABLE(trust-models, AC_HELP_STRING([--disable-trust-models], @@ -1666,6 +1674,19 @@ AC_ARG_ENABLE(optimization, fi]) # +# log_debug has certain requirements which might hamper portability. +# Thus we use an option to enable it. +# +AC_MSG_CHECKING([whether to enable log_clock]) +AC_ARG_ENABLE(log_clock, + AC_HELP_STRING([--enable-log-clock], + [enable log_clock timestamps]), + enable_log_clock=$enableval, enable_log_clock=no) +AC_MSG_RESULT($enable_log_clock) +if test "$enable_log_clock" = yes ; then + AC_DEFINE(ENABLE_LOG_CLOCK,1,[Defined to use log_clock timestamps]) +fi + # Add -Werror to CFLAGS. This hack can be used to avoid problems with # misbehaving autoconf tests in case the user supplied -Werror. # diff --git a/doc/DETAILS b/doc/DETAILS index 0be55f4d6..8ead6a8f5 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -222,12 +222,14 @@ described here. *** Field 18 - Compliance flags - Space separated list of asserted compliance modes for this key. + Space separated list of asserted compliance modes and + screening result for this key. Valid values are: - 8 :: The key is compliant with RFC4880bis - 23 :: The key is compliant with compliance mode "de-vs". + - 6001 :: Screening hit on the ROCA vulnerability. *** Field 19 - Last update diff --git a/doc/Makefile.am b/doc/Makefile.am index 89079b383..c0c7fd0b7 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -22,7 +22,7 @@ AM_CPPFLAGS = include $(top_srcdir)/am/cmacros.am examples = examples/README examples/scd-event examples/trustlist.txt \ - examples/vsnfd.prf examples/debug.prf \ + examples/vsnfd.prf examples/debug.prf examples/qualified.txt \ examples/systemd-user/README \ examples/systemd-user/dirmngr.service \ examples/systemd-user/dirmngr.socket \ @@ -43,7 +43,7 @@ helpfiles = help.txt help.be.txt help.ca.txt help.cs.txt \ profiles = -EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem qualified.txt \ +EXTRA_DIST = samplekeys.asc mksamplekeys com-certs.pem \ gnupg-logo.eps gnupg-logo.pdf gnupg-logo.png gnupg-logo-tr.png \ gnupg-module-overview.png gnupg-module-overview.pdf \ gnupg-card-architecture.png gnupg-card-architecture.pdf \ diff --git a/doc/examples/README b/doc/examples/README index 77ee80741..4d6a5be87 100644 --- a/doc/examples/README +++ b/doc/examples/README @@ -9,3 +9,5 @@ trustlist.txt A list of trustworthy root certificates gpgconf.conf A sample configuration file for gpgconf. systemd-user Sample files for a Linux-only init system. + +qualified.txt Sample file for qualified.txt. diff --git a/doc/qualified.txt b/doc/examples/qualified.txt index c0e4da582..eba11f244 100644 --- a/doc/qualified.txt +++ b/doc/examples/qualified.txt @@ -29,7 +29,7 @@ # # Germany # -# The information for Germany is available +# The information for Germany is available # at http://www.bundesnetzagentur.de #******************************************* @@ -74,7 +74,7 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B de #Serial number: 02 # Issuer: /CN=9R-CA 1:PN/O=Regulierungsbehörde für # Telekommunikation und Post/C=DE -# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für +# Subject: /CN=9R-CA 1:PN/O=Regulierungsbehörde für # Telekommunikation und Post/C=DE # validity: 2004-11-25 14:59:11 through 2007-12-31 14:56:59 # key type: 1024 bit RSA @@ -118,7 +118,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de # key usage: certSign # policies: 1.3.36.8.1.1:N: # chain length: unlimited -# [checked: 2008-06-25] +# [checked: 2008-06-25] 44:7E:D4:E3:9A:D7:92:E2:07:FA:53:1A:2E:F5:B8:02:5B:47:57:B0 de # ID: 0x46A2CC8A @@ -130,7 +130,7 @@ A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D de # key usage: certSign # policies: 1.3.36.8.1.1:N: # chain length: unlimited -# [checked: 2008-06-25] +# [checked: 2008-06-25] AC:A7:BE:45:1F:A6:BF:09:F2:D1:3F:08:7B:BC:EB:7F:46:A2:CC:8A de @@ -215,7 +215,7 @@ E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C de # key type: 2048 bit RSA # key usage: certSign crlSign # chain length: 1 -#[checked: 2007-12-13 via received ZIP file with qualified signature from +#[checked: 2007-12-13 via received ZIP file with qualified signature from # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg] C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de @@ -230,7 +230,7 @@ C9:2F:E6:50:DB:32:59:E0:CE:65:55:F3:8C:76:E0:B8:A8:FE:A3:CA de # key type: 2048 bit RSA # key usage: certSign crlSign # chain length: 1 -#[checked: 2007-12-13 via received ZIP file with qualified signature from +#[checked: 2007-12-13 via received ZIP file with qualified signature from # /CN=Dr. Matthias Stehle/O=Deutscher Sparkassenverlag # /C=DE/SerialNumber=DSV0000000008/SN=Stehle/GN=Matthias Georg"] D5:C7:50:F2:FE:4E:EE:D7:C7:B1:E4:13:7B:FB:54:84:3A:7D:97:9B de diff --git a/doc/gpgsm.texi b/doc/gpgsm.texi index 5d79ce54e..b187a54d5 100644 --- a/doc/gpgsm.texi +++ b/doc/gpgsm.texi @@ -843,15 +843,9 @@ purposes. Note that even if a certificate is listed in this file, this does not mean that the certificate is trusted; in general the certificates listed -in this file need to be listed also in @file{trustlist.txt}. - -This is a global file an installed in the data directory -(e.g. @file{@value{DATADIR}/qualified.txt}). GnuPG installs a suitable -file with root certificates as used in Germany. As new Root-CA -certificates may be issued over time, these entries may need to be -updated; new distributions of this software should come with an updated -list but it is still the responsibility of the Administrator to check -that this list is correct. +in this file need to be listed also in @file{trustlist.txt}. This is a global +file an installed in the sysconf directory (e.g. +@file{@value{SYSCONFDIR}/qualified.txt}). Every time @command{gpgsm} uses a certificate for signing or verification this file will be consulted to check whether the certificate under @@ -1073,7 +1067,7 @@ key. The algorithm must be capable of signing. This is a required parameter. The only supported value for @var{algo} is @samp{rsa}. @item Key-Length: @var{nbits} -The requested length of a generated key in bits. Defaults to 2048. +The requested length of a generated key in bits. Defaults to 3072. @item Key-Grip: @var{hexstring} This is optional and used to generate a CSR or certificate for an diff --git a/doc/howto-create-a-server-cert.texi b/doc/howto-create-a-server-cert.texi index 55f1a91a4..30e28bdd0 100644 --- a/doc/howto-create-a-server-cert.texi +++ b/doc/howto-create-a-server-cert.texi @@ -31,14 +31,14 @@ Let's continue: @cartouche @example - What keysize do you want? (2048) - Requested keysize is 2048 bits + What keysize do you want? (3072) + Requested keysize is 3072 bits @end example @end cartouche -Hitting enter chooses the default RSA key size of 2048 bits. Smaller -keys are too weak on the modern Internet. If you choose a larger -(stronger) key, your server will need to do more work. +Hitting enter chooses the default RSA key size of 3072 bits. Keys +smaller than 2048 bits are too weak on the modern Internet. If you +choose a larger (stronger) key, your server will need to do more work. @cartouche @example @@ -124,7 +124,7 @@ request: @example These parameters are used: Key-Type: RSA - Key-Length: 2048 + Key-Length: 3072 Key-Usage: sign, encrypt Name-DN: CN=example.com Name-DNS: example.com @@ -224,7 +224,7 @@ To see the content of your certificate, you may now enter: aka: (dns-name example.com) aka: (dns-name www.example.com) validity: 2015-07-01 16:20:51 through 2016-07-01 16:20:51 - key type: 2048 bit RSA + key type: 3072 bit RSA key usage: digitalSignature keyEncipherment ext key usage: clientAuth (suggested), serverAuth (suggested), [...] fingerprint: 0F:9C:27:B2:DA:05:5F:CB:33:D8:19:E9:65:B9:4F:BD:B1:98:CC:57 diff --git a/doc/wks.texi b/doc/wks.texi index 029dbf0c0..55dfee6d5 100644 --- a/doc/wks.texi +++ b/doc/wks.texi @@ -303,11 +303,11 @@ the submission address: The output of the last command looks similar to this: @example - sec rsa2048 2016-08-30 [SC] + sec rsa3072 2016-08-30 [SC] C0FCF8642D830C53246211400346653590B3795B uid [ultimate] key-submission@@example.net bxzcxpxk8h87z1k7bzk86xn5aj47intu@@example.net - ssb rsa2048 2016-08-30 [E] + ssb rsa3072 2016-08-30 [E] @end example Take the hash of the string "key-submission", which is diff --git a/g10/call-agent.c b/g10/call-agent.c index 545b2448a..684771b75 100644 --- a/g10/call-agent.c +++ b/g10/call-agent.c @@ -1474,7 +1474,7 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock) char *p; kbnode_t kbctx, node; int nkeys; - unsigned char grip[20]; + unsigned char grip[KEYGRIP_LEN]; err = start_agent (ctrl, 0); if (err) @@ -1854,10 +1854,16 @@ agent_pksign (ctrl_t ctrl, const char *cache_nonce, snprintf (line, sizeof line, "PKSIGN%s%s", cache_nonce? " -- ":"", cache_nonce? cache_nonce:""); + + if (DBG_CLOCK) + log_clock ("enter signing"); err = assuan_transact (agent_ctx, line, put_membuf_cb, &data, default_inq_cb, &dfltparm, NULL, NULL); + if (DBG_CLOCK) + log_clock ("leave signing"); + if (err) xfree (get_membuf (&data, NULL)); else diff --git a/g10/card-util.c b/g10/card-util.c index 62b2a6755..790f95e20 100644 --- a/g10/card-util.c +++ b/g10/card-util.c @@ -1121,7 +1121,8 @@ change_cafpr (int fprno) char *data; const char *s; int i, c, rc; - unsigned char fpr[20]; + unsigned char fpr[MAX_FINGERPRINT_LEN]; + int fprlen; data = cpr_get ("cardedit.change_cafpr", _("CA fingerprint: ")); if (!data) @@ -1129,7 +1130,7 @@ change_cafpr (int fprno) trim_spaces (data); cpr_kill_prompt (); - for (i=0, s=data; i < 20 && *s; ) + for (i=0, s=data; i < MAX_FINGERPRINT_LEN && *s; ) { while (spacep(s)) s++; @@ -1143,8 +1144,9 @@ change_cafpr (int fprno) fpr[i++] = c; s += 2; } + fprlen = i; xfree (data); - if (i != 20 || *s) + if ((fprlen != 20 && fprlen != 32) || *s) { tty_printf (_("Error: invalid formatted fingerprint.\n")); return -1; @@ -1152,7 +1154,7 @@ change_cafpr (int fprno) rc = agent_scd_setattr (fprno==1?"CA-FPR-1": fprno==2?"CA-FPR-2": - fprno==3?"CA-FPR-3":"x", fpr, 20, NULL ); + fprno==3?"CA-FPR-3":"x", fpr, fprlen, NULL ); if (rc) log_error ("error setting cafpr: %s\n", gpg_strerror (rc)); write_sc_op_status (rc); diff --git a/g10/cipher.c b/g10/cipher.c index 655937f07..7031d93eb 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -66,7 +66,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) { char buf[20]; - sprintf (buf, "%d %d", ed.mdc_method, cfx->dek->algo); + snprintf (buf, sizeof buf, "%d %d", ed.mdc_method, cfx->dek->algo); write_status_text (STATUS_BEGIN_ENCRYPTION, buf); } diff --git a/g10/getkey.c b/g10/getkey.c index c58e8ff2c..7061f51eb 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -144,7 +144,7 @@ static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, kbnode_t *ret_keyblock, kbnode_t *ret_found_key); static kbnode_t finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, - unsigned int *r_flags); + int want_secret, unsigned int *r_flags); static void print_status_key_considered (kbnode_t keyblock, unsigned int flags); @@ -1734,7 +1734,7 @@ get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname) /* Warning: node flag bits 0 and 1 should be preserved by * merge_selfsigs. FIXME: Check whether this still holds. */ merge_selfsigs (ctrl, keyblock); - found_key = finish_lookup (keyblock, pk->req_usage, 0, &infoflags); + found_key = finish_lookup (keyblock, pk->req_usage, 0, 0, &infoflags); print_status_key_considered (keyblock, infoflags); if (found_key) pk_from_block (pk, keyblock, found_key); @@ -3485,7 +3485,7 @@ merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock) */ static kbnode_t finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, - unsigned int *r_flags) + int want_secret, unsigned int *r_flags) { kbnode_t k; @@ -3627,6 +3627,13 @@ finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact, continue; } + if (want_secret && agent_probe_secret_key (NULL, pk)) + { + if (DBG_LOOKUP) + log_debug ("\tno secret key\n"); + continue; + } + if (DBG_LOOKUP) log_debug ("\tsubkey might be fine\n"); /* In case a key has a timestamp of 0 set, we make sure @@ -3814,7 +3821,7 @@ lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret, * merge_selfsigs. */ merge_selfsigs (ctrl, keyblock); found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact, - &infoflags); + want_secret, &infoflags); print_status_key_considered (keyblock, infoflags); if (found_key) { @@ -197,6 +197,7 @@ enum cmd_and_opt_values oWithSubkeyFingerprint, oWithICAOSpelling, oWithKeygrip, + oWithKeyScreening, oWithSecret, oWithWKDHash, oWithColons, @@ -785,6 +786,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oWithSubkeyFingerprint, "with-subkey-fingerprints", "@"), ARGPARSE_s_n (oWithICAOSpelling, "with-icao-spelling", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), + ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), ARGPARSE_s_n (oWithWKDHash, "with-wkd-hash", "@"), ARGPARSE_s_n (oWithKeyOrigin, "with-key-origin", "@"), @@ -2737,6 +2739,10 @@ main (int argc, char **argv) opt.with_keygrip = 1; break; + case oWithKeyScreening: + opt.with_key_screening = 1; + break; + case oWithSecret: opt.with_secret = 1; break; @@ -38,14 +38,15 @@ #define MAX_EXTERN_MPI_BITS 16384 /* The maximum length of a binary fingerprints. This is used to - provide a static buffer and will be increased if we need to support - longer fingerprints. - Warning: At some places we still use 20 instead of this macro. */ -#define MAX_FINGERPRINT_LEN 20 + * provide a static buffer and will be increased if we need to support + * longer fingerprints. Warning: At some places we have some + * assumption on a 20 byte fingerprint. + * Watch out for FIXME(fingerprint) */ +#define MAX_FINGERPRINT_LEN 32 /* The maximum length of a formatted fingerprint as returned by - format_hexfingerprint(). */ -#define MAX_FORMATTED_FINGERPRINT_LEN 50 + * format_hexfingerprint(). */ +#define MAX_FORMATTED_FINGERPRINT_LEN 59 /* diff --git a/g10/gpgcompose.c b/g10/gpgcompose.c index 2b42bfbf9..8c156d279 100644 --- a/g10/gpgcompose.c +++ b/g10/gpgcompose.c @@ -2746,7 +2746,7 @@ literal_name (const char *option, int argc, char *argv[], void *cookie) { struct litinfo *li = cookie; - if (argc <= 1) + if (argc <= 0) log_fatal ("Usage: %s NAME\n", option); if (strlen (argv[0]) > 255) diff --git a/g10/keygen.c b/g10/keygen.c index 8f30b7ecc..1dddfeeda 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -46,11 +46,10 @@ #include "../common/mbox-util.h" -/* The default algorithms. If you change them remember to change them - also in gpg.c:gpgconf_list. You should also check that the value +/* The default algorithms. If you change them, you should ensure the value is inside the bounds enforced by ask_keysize and gen_xxx. See also get_keysize_range which encodes the allowed ranges. */ -#define DEFAULT_STD_KEY_PARAM "rsa2048/cert,sign+rsa2048/encr" +#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr" #define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" /* When generating keys using the streamlined key generation dialog, @@ -1623,7 +1622,7 @@ gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, if (nbits < 1024) { - nbits = 2048; + nbits = 3072; log_info (_("keysize invalid; using %u bits\n"), nbits ); } else if (nbits > maxsize) @@ -2092,7 +2091,7 @@ get_keysize_range (int algo, unsigned int *min, unsigned int *max) default: *min = opt.compliance == CO_DE_VS ? 2048: 1024; *max = 4096; - def = 2048; + def = 3072; break; } diff --git a/g10/keyid.c b/g10/keyid.c index d733156f8..78a5b0b70 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -73,7 +73,7 @@ pubkey_letter( int algo ) is copied to the supplied buffer up a length of BUFSIZE-1. Examples for the output are: - "rsa2048" - RSA with 2048 bit + "rsa3072" - RSA with 3072 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". @@ -83,7 +83,7 @@ pubkey_letter( int algo ) If the option --legacy-list-mode is active, the output use the legacy format: - "2048R" - RSA with 2048 bit + "3072R" - RSA with 3072 bit "1024g" - Elgamal with 1024 bit "256E" - ECDSA using a curve with 256 bit @@ -835,8 +835,22 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) /* Half way through we add a second space. */ + 1); } + else if (hexlen == 64 || hexlen == 50) /* v5 fingerprint */ + { + /* The v5 fingerprint is commonly printed truncated to 25 + * octets. We accept the truncated as well as the full hex + * version here and format it like this: + * B2CCB6 838332 5D61BA C50F9F 5E CD21A8 0AC8C5 2565C8 C52565 + */ + hexlen = 50; + space = 8 * 6 + 2 + 8 + 1; + } else /* Other fingerprint versions - print as is. */ { + /* We truncated here so that we do not need to provide a buffer + * of a length which is in reality never used. */ + if (hexlen > MAX_FORMATTED_FINGERPRINT_LEN - 1) + hexlen = MAX_FORMATTED_FINGERPRINT_LEN - 1; space = hexlen + 1; } @@ -849,7 +863,7 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) { for (i = 0, j = 0; i < 40; i ++) { - if (i && i % 4 == 0) + if (i && !(i % 4)) buffer[j ++] = ' '; if (i == 40 / 2) buffer[j ++] = ' '; @@ -859,9 +873,29 @@ format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen) buffer[j ++] = 0; log_assert (j == space); } + else if (hexlen == 50) /* v5 fingerprint */ + { + for (i=j=0; i < 24; i++) + { + if (i && !(i % 6)) + buffer[j++] = ' '; + buffer[j++] = fingerprint[i]; + } + buffer[j++] = ' '; + buffer[j++] = fingerprint[i++]; + buffer[j++] = fingerprint[i++]; + for (; i < 50; i++) + { + if (!((i-26) % 6)) + buffer[j++] = ' '; + buffer[j++] = fingerprint[i]; + } + buffer[j++] = 0; + log_assert (j == space); + } else { - strcpy (buffer, fingerprint); + mem2str (buffer, fingerprint, space); } return buffer; @@ -959,18 +993,18 @@ gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip) { gpg_error_t err; - unsigned char grip[20]; + unsigned char grip[KEYGRIP_LEN]; *r_grip = NULL; err = keygrip_from_pk (pk, grip); if (!err) { - char * buf = xtrymalloc (20*2+1); + char * buf = xtrymalloc (KEYGRIP_LEN * 2 + 1); if (!buf) err = gpg_error_from_syserror (); else { - bin2hex (grip, 20, buf); + bin2hex (grip, KEYGRIP_LEN, buf); *r_grip = buf; } } diff --git a/g10/keylist.c b/g10/keylist.c index 86d1c564f..bcbad450a 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -45,6 +45,7 @@ #include "../common/zb32.h" #include "tofu.h" #include "../common/compliance.h" +#include "../common/pkscreening.h" static void list_all (ctrl_t, int, int); @@ -696,6 +697,37 @@ print_key_data (PKT_public_key * pk) } } + +/* Various public key screenings. (Right now just ROCA). With + * COLON_MODE set the output is formatted for use in the compliance + * field of a colon listing. + */ +static void +print_pk_screening (PKT_public_key *pk, int colon_mode) +{ + gpg_error_t err; + + if (is_RSA (pk->pubkey_algo) && pubkey_get_npkey (pk->pubkey_algo)) + { + err = screen_key_for_roca (pk->pkey[0]); + if (!err) + ; + else if (gpg_err_code (err) == GPG_ERR_TRUE) + { + if (colon_mode) + es_fprintf (es_stdout, colon_mode > 1? " %d":"%d", 6001); + else + es_fprintf (es_stdout, + " Screening: ROCA vulnerability detected\n"); + } + else if (!colon_mode) + es_fprintf (es_stdout, " Screening: [ROCA check failed: %s]\n", + gpg_strerror (err)); + } + +} + + static void print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock) { @@ -922,6 +954,9 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, if (opt.with_key_data) print_key_data (pk); + if (opt.with_key_screening) + print_pk_screening (pk, 0); + if (opt.with_key_origin && (pk->keyorg || pk->keyupdate || pk->updateurl)) { @@ -1063,6 +1098,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); if (opt.with_key_data) print_key_data (pk2); + if (opt.with_key_screening) + print_pk_screening (pk2, 0); } else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs) @@ -1227,6 +1264,9 @@ print_compliance_flags (PKT_public_key *pk, gnupg_status_compliance_flag (CO_DE_VS)); any++; } + + if (opt.with_key_screening) + print_pk_screening (pk, 1+any); } @@ -1906,6 +1946,9 @@ print_card_serialno (const char *serialno) * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] * 80615870F5BAD690333686D0F2AD85AC1E42B367 * + * pub rsa2048 2017-12-31 [SC] [expires: 2028-12-31] + * 80615870F5BAD690333686D0F2AD85AC1E42B3671122334455 + * * Some global options may result in a different output format. If * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and * depending on the value a flag character is shown: diff --git a/g10/main.h b/g10/main.h index 6c15a2a8d..4a8f8c32a 100644 --- a/g10/main.h +++ b/g10/main.h @@ -31,7 +31,9 @@ (i.e. uncompressed) rather than 1 (zip). However, the real world issues of speed and size come into play here. */ -#if GPG_USE_AES128 +#if GPG_USE_AES256 +# define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES256 +#elif GPG_USE_AES128 # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_AES #elif GPG_USE_CAST5 # define DEFAULT_CIPHER_ALGO CIPHER_ALGO_CAST5 diff --git a/g10/options.h b/g10/options.h index 130bec84c..61f7403be 100644 --- a/g10/options.h +++ b/g10/options.h @@ -82,6 +82,7 @@ struct int with_fingerprint; /* Option --with-fingerprint active. */ int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ int with_keygrip; /* Option --with-keygrip active. */ + int with_key_screening;/* Option --with-key-screening active. */ int with_tofu_info; /* Option --with-tofu_info active. */ int with_secret; /* Option --with-secret active. */ int with_wkd_hash; /* Option --with-wkd-hash. */ diff --git a/g10/sig-check.c b/g10/sig-check.c index 23af12b2e..f8e366b7e 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -233,7 +233,7 @@ check_signature2 (ctrl_t ctrl, unsigned char *p, *buffer; size_t n, nbytes; int i; - char hashbuf[20]; + char hashbuf[20]; /* We use SHA-1 here. */ nbytes = 6; for (i=0; i < nsig; i++ ) @@ -510,7 +510,11 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig, return GPG_ERR_GENERAL; /* Verify the signature. */ + if (DBG_CLOCK && sig->sig_class <= 0x01) + log_clock ("enter pk_verify"); rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey ); + if (DBG_CLOCK && sig->sig_class <= 0x01) + log_clock ("leave pk_verify"); gcry_mpi_release (result); if( !rc && sig->flags.unknown_critical ) diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 5ea903f45..37bf78b80 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -129,7 +129,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname ) char *p; size_t n, fprlen; unsigned int otrust; - byte fpr[20]; + byte fpr[MAX_FINGERPRINT_LEN]; int any = 0; int rc; @@ -171,7 +171,7 @@ import_ownertrust (ctrl_t ctrl, const char *fname ) continue; } fprlen = p - line; - if( fprlen != 32 && fprlen != 40 ) { + if( fprlen != 32 && fprlen != 40 && fprlen != 64) { log_error (_("error in '%s': %s\n"), fname, _("invalid fingerprint") ); continue; @@ -183,10 +183,12 @@ import_ownertrust (ctrl_t ctrl, const char *fname ) } if( !otrust ) continue; /* no otrust defined - no need to update or insert */ - /* convert the ascii fingerprint to binary */ - for(p=line, fprlen=0; fprlen < 20 && *p != ':'; p += 2 ) - fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]); - while (fprlen < 20) + /* Convert the ascii fingerprint to binary */ + for(p=line, fprlen=0; + fprlen < MAX_FINGERPRINT_LEN && *p != ':'; + p += 2 ) + fpr[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]); + while (fprlen < MAX_FINGERPRINT_LEN) fpr[fprlen++] = 0; rc = tdbio_search_trust_byfpr (fpr, &rec); diff --git a/g10/tofu.c b/g10/tofu.c index c183fc665..e63e98932 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -2083,13 +2083,16 @@ build_conflict_set (ctrl_t ctrl, tofu_dbs_t dbs, * policy to ask due to a conflict. */ for (iter = conflict_set; iter; iter = iter->next) { + /* Fixme: Why the check against N+1? */ int l = strlen (iter->d); - if (!(l == 2 * MAX_FINGERPRINT_LEN - || l == 2 * MAX_FINGERPRINT_LEN + 1)) + if (!(l == 2 * 20 + || l == 2 * 20 + 1 + || l == 2 * 32 + || l == 2 * 32 + 1)) { log_error (_("TOFU db corruption detected.\n")); - print_further_info ("fingerprint '%s' is not %d characters long", - iter->d, 2 * MAX_FINGERPRINT_LEN); + print_further_info ("fingerprint '%s' is %d characters long", + iter->d, l); } if (l >= 1 && iter->d[l - 1] == '!') @@ -2469,10 +2472,11 @@ get_policy (ctrl_t ctrl, tofu_dbs_t dbs, PKT_public_key *pk, /* See if the key is signed by an ultimately trusted key. */ { int fingerprint_raw_len = strlen (fingerprint) / 2; - char fingerprint_raw[20]; + char fingerprint_raw[MAX_FINGERPRINT_LEN]; int len = 0; - if (fingerprint_raw_len != sizeof fingerprint_raw + /* FIXME(fingerprint) */ + if (fingerprint_raw_len != 20 /*sizeof fingerprint_raw */ || ((len = hex2bin (fingerprint, fingerprint_raw, fingerprint_raw_len)) != strlen (fingerprint))) diff --git a/scd/apdu.c b/scd/apdu.c index 97624ebad..1b25ceb95 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -496,6 +496,7 @@ host_sw_string (long err) case SW_HOST_ABORTED: return "aborted"; case SW_HOST_NO_PINPAD: return "no pinpad"; case SW_HOST_ALREADY_CONNECTED: return "already connected"; + case SW_HOST_CANCELLED: return "cancelled"; default: return "unknown host status error"; } } @@ -602,7 +603,7 @@ pcsc_error_to_sw (long ec) { case 0: rc = 0; break; - case PCSC_E_CANCELLED: rc = SW_HOST_ABORTED; break; + case PCSC_E_CANCELLED: rc = SW_HOST_CANCELLED; break; case PCSC_E_NO_MEMORY: rc = SW_HOST_OUT_OF_CORE; break; case PCSC_E_TIMEOUT: rc = SW_HOST_CARD_IO_ERROR; break; case PCSC_E_NO_SERVICE: diff --git a/scd/apdu.h b/scd/apdu.h index 6751e8c9b..8a0d4bda8 100644 --- a/scd/apdu.h +++ b/scd/apdu.h @@ -71,7 +71,8 @@ enum { SW_HOST_NO_READER = 0x1000c, SW_HOST_ABORTED = 0x1000d, SW_HOST_NO_PINPAD = 0x1000e, - SW_HOST_ALREADY_CONNECTED = 0x1000f + SW_HOST_ALREADY_CONNECTED = 0x1000f, + SW_HOST_CANCELLED = 0x10010 }; struct dev_list; diff --git a/scd/iso7816.c b/scd/iso7816.c index 081b0808c..29208c254 100644 --- a/scd/iso7816.c +++ b/scd/iso7816.c @@ -93,8 +93,9 @@ map_sw (int sw) case SW_HOST_CARD_IO_ERROR: ec = GPG_ERR_EIO; break; case SW_HOST_GENERAL_ERROR: ec = GPG_ERR_GENERAL; break; case SW_HOST_NO_READER: ec = GPG_ERR_ENODEV; break; - case SW_HOST_ABORTED: ec = GPG_ERR_CANCELED; break; + case SW_HOST_ABORTED: ec = GPG_ERR_INV_RESPONSE; break; case SW_HOST_NO_PINPAD: ec = GPG_ERR_NOT_SUPPORTED; break; + case SW_HOST_CANCELLED: ec = GPG_ERR_CANCELED; break; default: if ((sw & 0x010000)) diff --git a/sm/certreqgen-ui.c b/sm/certreqgen-ui.c index 9772a3baf..4f8a1ac9d 100644 --- a/sm/certreqgen-ui.c +++ b/sm/certreqgen-ui.c @@ -138,7 +138,7 @@ gpgsm_gencertreq_tty (ctrl_t ctrl, estream_t output_stream) unsigned int nbits; int minbits = 1024; int maxbits = 4096; - int defbits = 2048; + int defbits = 3072; const char *keyusage; char *subject_name; membuf_t mb_email, mb_dns, mb_uri, mb_result; diff --git a/sm/certreqgen.c b/sm/certreqgen.c index 44318702a..1d610c1bb 100644 --- a/sm/certreqgen.c +++ b/sm/certreqgen.c @@ -26,7 +26,7 @@ $ cat >foo <<EOF %echo Generating a standard key Key-Type: RSA - Key-Length: 2048 + Key-Length: 3072 Name-DN: CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Ddorf,C=DE Name-Email: [email protected] # Do a commit here, so that we can later print a "done" @@ -468,7 +468,7 @@ proc_parameters (ctrl_t ctrl, struct para_data_s *para, /* Check the keylength. NOTE: If you change this make sure that it macthes the gpgconflist item in gpgsm.c */ if (!get_parameter (para, pKEYLENGTH, 0)) - nbits = 2048; + nbits = 3072; else nbits = get_parameter_uint (para, pKEYLENGTH); if ((nbits < 1024 || nbits > 4096) && !cardkeyid) diff --git a/sm/fingerprint.c b/sm/fingerprint.c index fbcec5883..59688f3a4 100644 --- a/sm/fingerprint.c +++ b/sm/fingerprint.c @@ -277,6 +277,70 @@ gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits) } +/* If KEY is an RSA key, return its modulus. For non-RSA keys or on + * error return NULL. */ +gcry_mpi_t +gpgsm_get_rsa_modulus (ksba_cert_t cert) +{ + gpg_error_t err; + gcry_sexp_t key; + gcry_sexp_t list = NULL; + gcry_sexp_t l2 = NULL; + char *name = NULL; + gcry_mpi_t modulus = NULL; + + { + ksba_sexp_t ckey; + size_t n; + + ckey = ksba_cert_get_public_key (cert); + if (!ckey) + return NULL; + n = gcry_sexp_canon_len (ckey, 0, NULL, NULL); + if (!n) + { + xfree (ckey); + return NULL; + } + err = gcry_sexp_sscan (&key, NULL, (char *)ckey, n); + xfree (ckey); + if (err) + return NULL; + } + + list = gcry_sexp_find_token (key, "public-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "protected-private-key", 0); + if (!list) + list = gcry_sexp_find_token (key, "shadowed-private-key", 0); + + gcry_sexp_release (key); + if (!list) + return NULL; /* No suitable key. */ + + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + l2 = NULL; + + name = gcry_sexp_nth_string (list, 0); + if (!name) + ; + else if (gcry_pk_map_name (name) == GCRY_PK_RSA) + { + l2 = gcry_sexp_find_token (list, "n", 1); + if (l2) + modulus = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + } + + gcry_free (name); + gcry_sexp_release (l2); + gcry_sexp_release (list); + return modulus; +} + /* For certain purposes we need a certificate id which has an upper diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 0feda90b1..e80de6378 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -155,6 +155,7 @@ enum cmd_and_opt_values { oWithMD5Fingerprint, oWithKeygrip, oWithSecret, + oWithKeyScreening, oAnswerYes, oAnswerNo, oKeyring, @@ -391,6 +392,7 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oWithFingerprint, "with-fingerprint", "@"), ARGPARSE_s_n (oWithKeygrip, "with-keygrip", "@"), ARGPARSE_s_n (oWithSecret, "with-secret", "@"), + ARGPARSE_s_n (oWithKeyScreening,"with-key-screening", "@"), ARGPARSE_s_s (oDisableCipherAlgo, "disable-cipher-algo", "@"), ARGPARSE_s_s (oDisablePubkeyAlgo, "disable-pubkey-algo", "@"), ARGPARSE_s_n (oIgnoreTimeConflict, "ignore-time-conflict", "@"), @@ -1289,6 +1291,10 @@ main ( int argc, char **argv) opt.with_keygrip = 1; break; + case oWithKeyScreening: + opt.with_key_screening = 1; + break; + case oOptions: /* config files may not be nested (silently ignore them) */ if (!configfp) @@ -1785,7 +1791,7 @@ main ( int argc, char **argv) /* The next one is an info only item and should match what proc_parameters actually implements. */ es_printf ("default_pubkey_algo:%lu:\"%s:\n", GC_OPT_FLAG_DEFAULT, - "RSA-2048"); + "RSA-3072"); } break; diff --git a/sm/gpgsm.h b/sm/gpgsm.h index cd4fc995f..3e2f95fb3 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -85,6 +85,8 @@ struct int with_keygrip; /* Option --with-keygrip active. */ + int with_key_screening; /* Option --with-key-screening active. */ + int pinentry_mode; int armor; /* force base64 armoring (see also ctrl.with_base64) */ @@ -258,6 +260,7 @@ unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array); char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert); int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits); +gcry_mpi_t gpgsm_get_rsa_modulus (ksba_cert_t cert); char *gpgsm_get_certid (ksba_cert_t cert); diff --git a/sm/keylist.c b/sm/keylist.c index 9997da812..ea2a22093 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -37,6 +37,7 @@ #include "../common/i18n.h" #include "../common/tlv.h" #include "../common/compliance.h" +#include "../common/pkscreening.h" struct list_external_parm_s { @@ -238,6 +239,38 @@ print_key_data (ksba_cert_t cert, estream_t fp) #endif } + +/* Various public key screenings. (Right now just ROCA). With + * COLON_MODE set the output is formatted for use in the compliance + * field of a colon listing. */ +static void +print_pk_screening (ksba_cert_t cert, int colon_mode, estream_t fp) +{ + gpg_error_t err; + gcry_mpi_t modulus; + + modulus = gpgsm_get_rsa_modulus (cert); + if (modulus) + { + err = screen_key_for_roca (modulus); + if (!err) + ; + else if (gpg_err_code (err) == GPG_ERR_TRUE) + { + if (colon_mode) + es_fprintf (fp, colon_mode > 1? " %d":"%d", 6001); + else + es_fprintf (fp, " screening: ROCA vulnerability detected\n"); + } + else if (!colon_mode) + es_fprintf (fp, " screening: [ROCA check failed: %s]\n", + gpg_strerror (err)); + gcry_mpi_release (modulus); + } + +} + + static void print_capabilities (ksba_cert_t cert, estream_t fp) { @@ -348,10 +381,19 @@ email_kludge (const char *name) /* Print the compliance flags to field 18. ALGO is the gcrypt algo * number. NBITS is the length of the key in bits. */ static void -print_compliance_flags (int algo, unsigned int nbits, estream_t fp) +print_compliance_flags (ksba_cert_t cert, int algo, unsigned int nbits, + estream_t fp) { + int any = 0; + if (gnupg_pk_is_compliant (CO_DE_VS, algo, NULL, nbits, NULL)) - es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); + { + es_fputs (gnupg_status_compliance_flag (CO_DE_VS), fp); + any++; + } + + if (opt.with_key_screening) + print_pk_screening (cert, 1+any, fp); } @@ -526,7 +568,7 @@ list_cert_colon (ctrl_t ctrl, ksba_cert_t cert, unsigned int validity, es_putc (':', fp); /* End of field 15. */ es_putc (':', fp); /* End of field 16. */ es_putc (':', fp); /* End of field 17. */ - print_compliance_flags (algo, nbits, fp); + print_compliance_flags (cert, algo, nbits, fp); es_putc (':', fp); /* End of field 18. */ es_putc ('\n', fp); @@ -1253,6 +1295,9 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret, } } + if (opt.with_key_screening) + print_pk_screening (cert, 0, fp); + if (have_secret) { char *cardsn; diff --git a/sm/qualified.c b/sm/qualified.c index 564e77929..6a7b47306 100644 --- a/sm/qualified.c +++ b/sm/qualified.c @@ -58,7 +58,7 @@ read_list (char *key, char *country, int *lnr) if (!listname) { - listname = make_filename (gnupg_datadir (), "qualified.txt", NULL); + listname = make_filename (gnupg_sysconfdir (), "qualified.txt", NULL); listfp = fopen (listname, "r"); if (!listfp && errno != ENOENT) { |