diff options
Diffstat (limited to 'g10')
58 files changed, 3506 insertions, 1060 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 82c6709e0..6d19d7e0e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,15 +1,477 @@ -Wed Sep 15 16:22:17 CEST 1999 Werner Koch <[email protected]> +Thu May 18 11:38:54 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. + + * status.c, status.h: Added 3 new status tokens. + * status.c (do_get_from_fd): New. + (cpr_enabled,cpr_get,cpr_get_hidden,cpr_kill_prompt, + cpr_get_answer_is_yes,cpr_get_answer_yes_no_quit): Modified to work + with the new function. + * g10.c: Add new option --command-fd. + + * status.c (progress_cb): New. + (set_status_fd): Register progress functions + +Fri May 12 14:01:20 CEST 2000 Werner Koch <[email protected]> + + * delkey.c (delete_key): Add 2 new status messages + * status.c, status.h (STATUS_DELETE_PROBLEM): New. + + Fixed years of copyright in all source files. + +Mon May 1 17:08:14 CEST 2000 Werner Koch <[email protected]> + + * trustdb.c (propagate_validity): Fixed the bug that only one uid + gets fully trusted even when all are signed by an ultimate key. + +Mon May 1 15:38:04 CEST 2000 Werner Koch <[email protected]> + + * getkey.c (key_byname): Always returned a defined context. Fixed + a segv for invalid user id specifications. Reported by Walter Koch. + + * getkey.c (get_user_id): I18ned "no user id" string. By Walter. + + * pkclist.c (do_show_revocation_reason): Typo fixes. + * helptext.c: Ditto. + + * armor.c (armor_filter): Fixed some CRLF issues. By Mike McEwan. + +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * pkclist.c (do_show_revocation_reason): New. + (show_revocation_reason): New and called at various places. + + * g10.c (main): Fixed small typo. + + * pkclist.c (do_we_trust): Act on always_trust but not for revoked + keys. Suggested by Chip Salzenberg. + + * g10.c: New option --lock-never. + + * ringedit.c (get_writable_keyblock_file): New. + * keygen.c (do_generate_keypair): Use this instead of the hardwired one. + + * keygen.c (ask_user_id): Check that the email address is in the + correct field. Suggested by Christian Kurz. + +Mon Apr 10 13:34:19 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (show_key_with_all_names): s/sbb/ssb/ + +Tue Mar 28 14:26:58 CEST 2000 Werner Koch <[email protected]> + + * trustdb.c (verify_own_keys): Do not print warning about unprotected + key when in quiet mode. + +Wed Mar 22 13:50:24 CET 2000 Werner Koch <[email protected]> + + * mainproc.c (print_userid): Do UTF8 conversion before printing. + * import.c (import_one): Ditto. + (import_secret_one): Ditto. + (delete_inv_parts): Ditto. + +Thu Mar 16 16:20:23 CET 2000 Werner Koch <[email protected]> + + * keylist.c (print_key_data): Handle a NULL pk gracefully. + + * getkey.c (merge_one_pk_and_selfsig): Fixed silly code for + getting the primary keys keyID but kept using the one from the + subkey. + * pubkey-enc.c (get_it): Print a note for expired subkeys. + + * getkey.c (has_expired): New. + (subkeys_expiretime): New. + (finish_lookup): Check for expired subkeys needed for encryption. + (merge_keys_and_selfsig): Fixed expiration date merging for subkeys. + + * keylist.c (list_keyblock): Print expiration time for "sub". + (list_one): Add missing merging for public keys. + * mainproc.c (list_node): Ditto. + +2000-03-14 13:49:38 Werner Koch ([email protected]) + + * keygen.c (keyedit_menu): Do not allow to use certain commands + while the secret key is selected. +2000-03-09 12:53:09 Werner Koch ([email protected]) + + * keygen.c (ask_expire_interval): Movede parsig to ... + (parse_expire_string): ... this new function. And some new control + commands. + (proc_parameter_file): Add expire date parsing. + (do_generate_keypair): Allow the use of specified output files. + +2000-03-08 10:38:38 Werner Koch ([email protected]) + + * keygen.c (ask_algo): Removed is_v4 return value and the commented + code to create Elg keys in a v3 packet. Removed the rounding + of key sizes here. + (do_create): Likewise removed arg v4_packet. + (gen_elg): Likewise removed arg version. Now rounding keysizes here. + (gen_dsa): Rounding keysize now here. + (release_parameter_list): New + (get_parameter*): New. + (proc_parameter_file): New. + (read_parameter_file): New. + (generate_keypair): Splitted. Now uses read_parameter_file when in + batch mode. Additional argument to specify a parameter file. + (do_generate_keypair): Main bulk of above fucntion and uses the + parameter list. + (do_create): Don't print long notice in batch mode. + * g10.c (main): Allow batched key generation. + +Thu Mar 2 15:37:46 CET 2000 Werner Koch <[email protected]> + + * pubkey-enc.c (get_it): Print a note about unknown cipher algos. + + * g10.c (opts): Add a note to the help listing about the man page + and removed some options from the help listing. + + * keyedit.c (print_and_check_one_sig): Use a new function to truncate + the output of the user ID. Suggested by Jan-Benedict Glaw. + +Wed Feb 23 10:07:57 CET 2000 Werner Koch <[email protected]> + + * helptext.c: typo fix. + +Thu Feb 17 13:39:32 CET 2000 Werner Koch <[email protected]> + + * revoke.c: Removed a bunch of commented code. + + * packet.h (SIGSUBPKT_REVOC_REASON): New. + * build-packet.c (build_sig_subpkt): Support new sub packet. + * parse-packet.c (parse_one_sig_subpkt): Ditto. + (dump_sig_subpkt): Ditto. + * revoke.c (ask_revocation_reason): New. + (release_revocation_reason_info): New. + (revocation_reason_build_cb): New. + (gen_revoke): Ask for reason. + * main.h (struct revocation_reason_info): Add declaration. + * keyedit.c (menu_revsig): Add support for revocation reason. + (menu_revkey): Ditto. + (sign_uid_mk_attrib): Renamed to ... + (sign_mk_attrib): ... this, made static and add support for reasons. + +Tue Feb 15 08:48:13 CET 2000 Werner Koch <[email protected]> + + * build-packet.c (build_packet): Fixed fixing of old comment packets. + + * import.c (import_keys): Fixed importing from stdin when called with + nnames set to zero as it normally happens. + +Mon Feb 14 14:30:20 CET 2000 Werner Koch <[email protected]> + + * sig-check.c (check_key_signature2): Add new arg r_expired. + (do_signature_check): New arg to pass it down to ... + (do_check): New arg r-expire which is set when the signature + has expired. + * trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set + the expiretime to zero so that thi signature will not be checked + anymore. + +Fri Feb 11 17:44:40 CET 2000 Werner Koch <[email protected]> + + * g10.c (g10_exit): Update the random seed_file. + (main): Set the random seed file. New option --no-random-seed-file. + +Thu Feb 10 17:39:44 CET 2000 Werner Koch <[email protected]> + + * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. + By R�mi. + +Thu Feb 10 11:39:41 CET 2000 Werner Koch <[email protected]> + + * keylist.c (list_keyblock): Don't print warnings in the middle of + regulat output lines. By R�mi. + + * sig-check.c: Include options.h + +Wed Feb 9 15:33:44 CET 2000 Werner Koch <[email protected]> + + * gpg.c: New option --ignore-time-conflict + * sig-check.c (do_check): Implemented this option. + * trustdb.c (check_trust): Ditto. + * sign.c (do_sign): Ditto. + * keygen.c (generate_subkeypair): Ditto. + + * encode.c (encode_simple): use iobuf_cancel after open failure. + Reported by Huy Le. + +Fri Jan 14 18:32:01 CET 2000 Werner Koch <[email protected]> + + * packet.h (STRING2KEY): Changed mode from byte to int. + * parse-packet.c (parse_key): Add the special GNU protection stuff + * build-packet.c (so_secret_key): Ditto. + * seckey-cert.c (do_check): Ditto. + * keyedit.c (change_passphrase): Ditto. + * export.c (export_secsubkeys): New. + (do_export_stream): Hack to export the primary key using mode 1001. + * g10.c: New command --export-secret-subkeys + +Thu Jan 13 19:31:58 CET 2000 Werner Koch <[email protected]> + + * armor.c (is_armored): Check for 1-pass-sig packets. Reported by + David Hallinan <[email protected]>. + (armor_filter): Replaced one LF by the LF macro. Reported by + Wolfgang Redtenbacher. + +Wed Jan 5 11:51:17 CET 2000 Werner Koch <[email protected]> + + * g10.c (main): Reset new global flag opt.pgp2_workarounds + when --openpgp is used. + * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only + when the global falg is set. + (proc_tree): Ditto. + * textfilter.c (copy_clearsig_text): Ditto. + * armor.c (armor_filter): Ditto. + + * g10.c: New option --list-only + * mainproc.c (proc_tree): Don't do it if opt.list_only is active. + (proc_pubkey_enc): Implement option. + + * status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New. + * cipher.c (cipher_filter): New status outputs. + * mainproc.c (proc_encrypted): New status outputs. + +Fri Dec 31 14:08:15 CET 1999 Werner Koch <[email protected]> + + * armor.c (armor_filter): Made the "Comment:" header translatable. + + * hkp.c (hkp_import): Make sure that the program does not return + success when there is a connection problem. Reported by Phillip Jones. + +Sun Dec 19 15:22:26 CET 1999 Werner Koch <[email protected]> + + * armor.c (LF): Use this new macro at all places where a line LF + is needed. This way DOSish textfiles should be created when the + input data is also in dos mode. + * sign.c (LF): Ditto. + * textfilter.c (LF): Ditto. + (copy_clearsig_text): Disabled the forcing of CR,LF sequences + for DOS systems. + + * plaintext.c (handle_plaintext): Fixes for line endings on DOS. + and react on a LF in cleartext. + * armor.c (fake_packet): Restore the original line ending after + removing trailing spaces. + + * signal.c (got_fatal_signal): DOS fix. + +Thu Dec 16 10:07:58 CET 1999 Werner Koch <[email protected]> + + * mainproc.c (print_failed_pkenc): Fix for unknown algorithm. + Found by [email protected]. + +Thu Dec 9 10:31:05 CET 1999 Werner Koch <[email protected]> + + * hkp.c: i18n the strings. + +Sat Dec 4 15:32:20 CET 1999 Werner Koch <[email protected]> + + * trustdb.c (verify_key): Shortcut for ultimately trusted keys. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (build_pk_list): Validate the trust using the namehash + if this one has been set by the key lookup. + + * g10.c: Add --delete-secret-key to the help page. + + * openfile.c (copy_options_file): Made static. + (try_make_homedir): New. + * ringedit.c (add_keyblock_resource): Use the try_make_hoemdir logic. + * tdbio.c (tdbio_set_dbname): Likewise. + + * keygen.c (generate_user_id): Use m_alloc_clear() here. We should + better use an allocation function specific to the user_id packet. + + * keygen.c (keygen_add_std_prefs): Changed symmetric preferences + to include Blowfish again. This is due to it's better speed compared + to CAST5. + + * g10.c (strusage): Print the home directory. + + * armor.c (armor_filter): Take action on the cancel control msg. + * filter.h (armor_filter_context_t): Add cancel flag. + +Mon Nov 29 21:52:11 CET 1999 Werner Koch <[email protected]> + + * g10.c: New option --fast-list-mode .. + * keylist.c (list_keyblock): .. and implemented. + * mainproc.c (list_node): Ditto. + + * import.c (mark_non_selfsigned_uids_valid): Fixed the case that there + is a uid without any packet following. + +Mon Nov 22 11:14:53 CET 1999 Werner Koch <[email protected]> + + * mainproc.c (proc_plaintext): Never enable the hash processing + when skip_verify is active. + + * armor.c (parse_header_line): Stop parsing on a WS line too. + Suggested by Aric Cyr. + + * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that + traditional cpp don't mess up the macros. Suggested by Jos Backus. + + * mainproc.c (list_node): Print the PK algo in the --with-colon mode. + * keylist.c (list_keyblock): Ditto. + + * signal.c (got_fatal_signal): Found the reason why exit(8) did not + work - it is better to set the disposition back to default before + raising the signal. Print the notice on stderr always. + +Fri Nov 12 20:33:19 CET 1999 Werner Koch <[email protected]> + + * g10.c (make_username): Swapped the logic. + * keylist.c (public_key_list): Now takes a STRLIST as arg and moved + the creation ot this list to the caller, so that he can copy with + UTF-conversion of user IDs. Changed all callers. + (secret_key_list): Likewise. + + * getkey.c (get_user_id_string_native): New and ... + * encode.c (write_pubkey_enc_from_list): ... use it here. + + * pubring.asc: Updated. + + * packet.h (PKT_PHOTO_ID): New. + * parse-packet.c (parse_photo_id): New. + * build-packet.c (do_user_id: Handle photo IDs. + (build_packet): Change CTB for photo IDs + * free-packet.c (free_user_id): Release memory used for photo IDs + * sig-check.c (hash_uid_node): Handle photo IDs too. + * trustdb.c (print_uid_from_keyblock): Hash photo ID. + (make_uid_records): Ditto. + * getkey.c (find_by_name): Ditto. + * keyedit.c (show_prefs): Ditto. + * keylist.c (list_keyblock): Ditto. + +Thu Oct 28 16:08:20 CEST 1999 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): Print a warning for systems + with a signed 32 time_t if the exiration time is beyoind 2038. + +Fri Oct 8 20:40:50 CEST 1999 Werner Koch <[email protected]> + + * ringedit.c (enum_keyblocks): The last fix way really stupid; + reverted and set rt to Unknown. + +Fri Oct 8 20:32:01 CEST 1999 Werner Koch <[email protected]> + + * ringedit.c (enum_keyblocks): Zero the entire kbpos out on open. + + * g10.c (oEntropyDLL): Removed option. + (main): Made the warning on development versions more verbose. + + * g10.c (oHonorHttpProxy): New option. + * hkp.c (hkp_ask_import,hkp_export): Implement this option. + * options.skel: Enable this option for new installations + +Mon Oct 4 21:23:04 CEST 1999 Werner Koch <[email protected]> + + * import.c (import_keys): Changed calling interface, adjusted caller. + (import): Moved printing of stats out ... + (print_stats): New. ... to here. + (import_keys_stream): Call stats print here. + (import_keys): Print stats as totals for all files. + + * tdbio.h (DIRF_NEWKEYS): New + * tdbio.c (tdbio_dump_record): Print the new flag. + * trustdb.c (check_trust_record): New arg sigs_only. Adapted all + callers. + (do_update_trust_record): Removed recheck arg and add a new sigs_only + do we can later improve on the performance. Changed all callers too. + (check_trustdb): Evalutate the new flag and add a status output. + Do a check when the dir record has not been checked. + (build_cert_tree): Evaluate the new flag. + (check_trust): Ditto. Do a trust_record check, when the dir record + is not marked as checked. + (mark_fresh_keys): New. + (clear_lid_table): New. + (sync_trustdb): New. + * import.c (import_keys): Call sync_trustdb() after processing. + (import_keys_stream): Ditto. + * tdbdump.c (import_ownertrust): Ditto. + + * import.c (import_revoke_cert): Notify the trust DB. + (do_update_trust_record): Use |= to set the REVOKED bit and not &=; + shame on me for this bad copy+paste introduced bug. + (do_we_trust): Add trustmask to allow revoked key override to work. + Chnaged are to allow return of a mofified trustlevel. Adapted the + one caller. + + * g10.c: New options --emulate-3des-s2k-bug + * passphrase.c (hash_passphrase): Implemented above. + + * mainproc.c (proc_tree): Check for standalone signatures. + (do_check_sig): Print a notice for a standalone revocation + (check_sig_and_print): Do not print an error for unchecked standalone + revocations. + +Tue Sep 28 20:54:37 CEST 1999 Werner Koch <[email protected]> + + * encode.c (encode_simple): Use new CTB when we don't have the + length of the file. This is somewhat strange as the comment above + indicates that this part is actually fixed for PGP 5 - maybe I simply + lost the source line, tsss. + + * armor.c (armor_filter): Set a flag if no OpenPGP data has been found. + * verify.c (verify_signatures): Add an error helptext. + +Thu Sep 23 19:24:30 CEST 1999 Werner Koch <[email protected]> + + * openfile.c (open_outfile): Fixed the 8dot3 handling. + + * passphrase.c (passphrase_to_dek): Print uid using utf8 func. + * delkey.c (delete_key): Ditto. + * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto + (do_we_trust_pre): Ditto. + * trustdb.c (print_user_id,check_uidsigs): Ditto. + * revoke.c (gen_revoke,ask_revoke_sig): Ditto. + +Thu Sep 23 09:52:58 CEST 1999 Werner Koch <[email protected]> + + * verify.c (print_file_status): New. + (verify_one_file): Moved status print to th new fnc. Add error status. + * status.c, status.h (STATUS_FILE_ERROR): New + +Wed Sep 22 10:14:17 CEST 1999 Werner Koch <[email protected]> + + * openfile.c (make_outfile_name): Use case-insenstive compare for + DOS systems. Add ".pgp" to the list of know extensions. + (open_outfile): For DOS systems try to replace the suffiy instead of + appending it. + + * status.c, status.h: Add STATUS_FILE_{START,DONE}. + * verify.c (verify_one_file): Emit these new stati. + + * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:" + line. Those headers are now only _not_ printed when there are + only old-style keys _and_ all hashs are MD5. + +Mon Sep 20 12:24:41 CEST 1999 Werner Koch <[email protected]> + + + * verify.c (verify_files, ferify_one_file): New. + * g10.c: New command --verify-files + +Fri Sep 17 12:56:42 CEST 1999 Werner Koch <[email protected]> + + * g10.c: Add UK spelling as alias for armor options ;-) + + * import.c (append_uid): Fixed a SEGV when there is no selfsig and + no subkey. + (merge_sigs): Ditto. Removed the assertion. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch <[email protected]> * g10.c: New option --entropy-dll-name Mon Sep 13 10:51:29 CEST 1999 Werner Koch <[email protected]> - * signal.c (got_fatal_signal): Print message using write(2) and only for development versions. - Mon Sep 6 19:59:08 CEST 1999 Werner Koch <[email protected]> * tdbio.c (tdbio_set_dbname): Use mkdir macro diff --git a/g10/Makefile.am b/g10/Makefile.am index af727cda8..6170b1691 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -4,7 +4,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl EXTRA_DIST = OPTIONS pubring.asc options.skel OMIT_DEPENDENCIES = zlib.h zconf.h LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@ -needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la +needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a #noinst_PROGRAMS = gpgd bin_PROGRAMS = gpg diff --git a/g10/OPTIONS b/g10/OPTIONS index 96290f6cf..b1a49e254 100644 --- a/g10/OPTIONS +++ b/g10/OPTIONS @@ -19,6 +19,6 @@ compress-sigs run-as-shm-coprocess [request-locked-shm-size] # very special :-) # You will have to use "--status-fd" too -# Note: This option dioes only work if given on the command line. +# Note: This option does only work if given on the command line. diff --git a/g10/armor.c b/g10/armor.c index 38c48fbbe..4384131ff 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -1,5 +1,5 @@ /* armor.c - Armor flter - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -37,6 +37,11 @@ #include "status.h" #include "i18n.h" +#ifdef HAVE_DOSISH_SYSTEM + #define LF "\r\n" +#else + #define LF "\n" +#endif #define MAX_LINELEN 20000 @@ -162,6 +167,7 @@ is_armored( const byte *buf ) switch( pkttype ) { case PKT_MARKER: case PKT_SYMKEY_ENC: + case PKT_ONEPASS_SIG: case PKT_PUBLIC_KEY: case PKT_SECRET_KEY: case PKT_PUBKEY_ENC: @@ -311,9 +317,15 @@ parse_header_line( armor_filter_context_t *afx, byte *line, unsigned len ) byte *p; int hashes=0; + /* fixme: why this double check? I think the original code w/o the + * second check for an empty line was done from an early draft of + * of OpenPGP - or simply very stupid code */ if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) ) return 0; /* empty line */ len = trim_trailing_ws( line, len ); + if( !len ) + return 0; /* WS only same as empty line */ + p = strchr( line, ':'); if( !p || !p[1] ) { log_error(_("invalid armor header: ")); @@ -479,13 +491,26 @@ fake_packet( armor_filter_context_t *afx, IOBUF a, if( !maxlen ) afx->truncated++; if( !afx->not_dash_escaped ) { + int crlf; + p = afx->buffer; + n = afx->buffer_len; + crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n'; + /* PGP2 does not treat a tab as white space character */ - afx->buffer_len = - trim_trailing_chars( afx->buffer, afx->buffer_len, + afx->buffer_len = trim_trailing_chars( p, n, afx->pgp2mode ? " \r\n" : " \t\r\n"); /* the buffer is always allocated with enough space to append - * a CR, LF, Nul */ - afx->buffer[afx->buffer_len++] = '\r'; + * the removed [CR], LF and a Nul + * The reason for this complicated procedure is to keep at least + * the original tupe of lineending - handling of the removed + * trailing spaces seems to be impossible in our method + * of faking a packet; either we have to use a temporary file + * or calculate the hash here in this module and somehow find + * a way to send the hash down the processing line (well, a special + * faked packet could do the job). + */ + if( crlf ) + afx->buffer[afx->buffer_len++] = '\r'; afx->buffer[afx->buffer_len++] = '\n'; afx->buffer[afx->buffer_len] = 0; } @@ -813,7 +838,8 @@ armor_filter( void *opaque, int control, hashes &= 1|2|4|8; if( !hashes ) { hashes |= 4; /* default to MD 5 */ - afx->pgp2mode = 1; + if( opt.pgp2_workarounds ) + afx->pgp2mode = 1; } n=0; do { @@ -868,44 +894,45 @@ armor_filter( void *opaque, int control, #endif *ret_len = n; } - else if( control == IOBUFCTRL_FLUSH ) { + else if( control == IOBUFCTRL_FLUSH && !afx->cancel ) { if( !afx->status ) { /* write the header line */ + const char *s; + if( afx->what >= DIM(head_strings) ) log_bug("afx->what=%d", afx->what); iobuf_writestr(a, "-----"); iobuf_writestr(a, head_strings[afx->what] ); - iobuf_writestr(a, "-----\n"); + iobuf_writestr(a, "-----" LF ); if( !opt.no_version ) iobuf_writestr(a, "Version: GnuPG v" VERSION " (" - PRINTABLE_OS_NAME ")\n"); - - if( opt.comment_string ) { - const char *s = opt.comment_string; - if( *s ) { - iobuf_writestr(a, "Comment: " ); - for( ; *s; s++ ) { - if( *s == '\n' ) - iobuf_writestr(a, "\\n" ); - else if( *s == '\r' ) - iobuf_writestr(a, "\\r" ); - else if( *s == '\v' ) - iobuf_writestr(a, "\\v" ); - else - iobuf_put(a, *s ); - } - iobuf_put(a, '\n' ); + PRINTABLE_OS_NAME ")" LF ); + + /* write the comment string or a default one */ + s = opt.comment_string ? opt.comment_string + : _("For info see http://www.gnupg.org"); + if( *s ) { + iobuf_writestr(a, "Comment: " ); + for( ; *s; s++ ) { + if( *s == '\n' ) + iobuf_writestr(a, "\\n" ); + else if( *s == '\r' ) + iobuf_writestr(a, "\\r" ); + else if( *s == '\v' ) + iobuf_writestr(a, "\\v" ); + else + iobuf_put(a, *s ); } + iobuf_writestr(a, LF ); } - else - iobuf_writestr(a, - "Comment: For info see http://www.gnupg.org\n"); + if( afx->hdrlines ) iobuf_writestr(a, afx->hdrlines); - iobuf_put(a, '\n'); + iobuf_writestr(a, LF ); afx->status++; afx->idx = 0; afx->idx2 = 0; afx->crc = CRCINIT; + } crc = afx->crc; idx = afx->idx; @@ -930,7 +957,7 @@ armor_filter( void *opaque, int control, c = bintoasc[radbuf[2]&077]; iobuf_put(a, c); if( ++idx2 >= (64/4) ) { /* pgp doesn't like 72 here */ - iobuf_put(a, '\n'); + iobuf_writestr(a, LF ); idx2=0; } } @@ -945,8 +972,13 @@ armor_filter( void *opaque, int control, if( !is_initialized ) initialize(); } + else if( control == IOBUFCTRL_CANCEL ) { + afx->cancel = 1; + } else if( control == IOBUFCTRL_FREE ) { - if( afx->status ) { /* pad, write cecksum, and bottom line */ + if( afx->cancel ) + ; + else if( afx->status ) { /* pad, write cecksum, and bottom line */ crc = afx->crc; idx = afx->idx; idx2 = afx->idx2; @@ -969,13 +1001,13 @@ armor_filter( void *opaque, int control, iobuf_put(a, '='); } if( ++idx2 >= (64/4) ) { /* pgp doesn't like 72 here */ - iobuf_put(a, '\n'); + iobuf_writestr(a, LF ); idx2=0; } } /* may need a linefeed */ if( idx2 ) - iobuf_put(a, '\n'); + iobuf_writestr(a, LF ); /* write the CRC */ iobuf_put(a, '='); radbuf[0] = crc >>16; @@ -989,16 +1021,17 @@ armor_filter( void *opaque, int control, iobuf_put(a, c); c = bintoasc[radbuf[2]&077]; iobuf_put(a, c); - iobuf_put(a, '\n'); + iobuf_writestr(a, LF ); /* and the the trailer */ if( afx->what >= DIM(tail_strings) ) log_bug("afx->what=%d", afx->what); iobuf_writestr(a, "-----"); iobuf_writestr(a, tail_strings[afx->what] ); - iobuf_writestr(a, "-----\n"); + iobuf_writestr(a, "-----" LF ); } else if( !afx->any_data && !afx->inp_bypass ) { log_error(_("no valid OpenPGP data found.\n")); + afx->no_openpgp_data = 1; write_status_text( STATUS_NODATA, "1" ); } if( afx->truncated ) diff --git a/g10/build-packet.c b/g10/build-packet.c index 4049f370f..238a2021b 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -1,5 +1,5 @@ /* build-packet.c - assemble packets and write them - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -67,25 +67,31 @@ int build_packet( IOBUF out, PACKET *pkt ) { int new_ctb=0, rc=0, ctb; + int pkttype; if( DBG_PACKET ) log_debug("build_packet() type=%d\n", pkt->pkttype ); assert( pkt->pkt.generic ); - switch( pkt->pkttype ) { - case PKT_OLD_COMMENT: pkt->pkttype = PKT_COMMENT; break; + switch( (pkttype = pkt->pkttype) ) { + case PKT_OLD_COMMENT: pkttype = pkt->pkttype = PKT_COMMENT; break; case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break; case PKT_ENCRYPTED: case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break; case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break; + case PKT_USER_ID: + if( pkt->pkt.user_id->photo ) + pkttype = PKT_PHOTO_ID; + break; default: break; } - if( new_ctb || pkt->pkttype > 15 ) /* new format */ - ctb = 0xc0 | (pkt->pkttype & 0x3f); + if( new_ctb || pkttype > 15 ) /* new format */ + ctb = 0xc0 | (pkttype & 0x3f); else - ctb = 0x80 | ((pkt->pkttype & 15)<<2); - switch( pkt->pkttype ) { + ctb = 0x80 | ((pkttype & 15)<<2); + switch( pkttype ) { + case PKT_PHOTO_ID: case PKT_USER_ID: rc = do_user_id( out, ctb, pkt->pkt.user_id ); break; @@ -149,6 +155,7 @@ calc_packet_length( PACKET *pkt ) n = calc_plaintext( pkt->pkt.plaintext ); new_ctb = pkt->pkt.plaintext->new_ctb; break; + case PKT_PHOTO_ID: case PKT_USER_ID: case PKT_COMMENT: case PKT_PUBLIC_KEY: @@ -196,9 +203,16 @@ do_comment( IOBUF out, int ctb, PKT_comment *rem ) static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) { - write_header(out, ctb, uid->len); - if( iobuf_write( out, uid->name, uid->len ) ) - return G10ERR_WRITE_FILE; + if( uid->photo ) { + write_header(out, ctb, uid->photolen); + if( iobuf_write( out, uid->photo, uid->photolen ) ) + return G10ERR_WRITE_FILE; + } + else { + write_header(out, ctb, uid->len); + if( iobuf_write( out, uid->name, uid->len ) ) + return G10ERR_WRITE_FILE; + } return 0; } @@ -357,19 +371,30 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) else { iobuf_put(a, 0xff ); iobuf_put(a, sk->protect.algo ); - iobuf_put(a, sk->protect.s2k.mode ); - iobuf_put(a, sk->protect.s2k.hash_algo ); + if( sk->protect.s2k.mode >= 1000 ) { + iobuf_put(a, 101 ); + iobuf_put(a, sk->protect.s2k.hash_algo ); + iobuf_write(a, "GNU", 3 ); + iobuf_put(a, sk->protect.s2k.mode - 1000 ); + } + else { + iobuf_put(a, sk->protect.s2k.mode ); + iobuf_put(a, sk->protect.s2k.hash_algo ); + } if( sk->protect.s2k.mode == 1 || sk->protect.s2k.mode == 3 ) iobuf_write(a, sk->protect.s2k.salt, 8 ); if( sk->protect.s2k.mode == 3 ) iobuf_put(a, sk->protect.s2k.count ); - iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); + if( sk->protect.s2k.mode != 1001 ) + iobuf_write(a, sk->protect.iv, sk->protect.ivlen ); } } else iobuf_put(a, 0 ); - if( sk->is_protected && sk->version >= 4 ) { + if( sk->protect.s2k.mode == 1001 ) + ; + else if( sk->is_protected && sk->version >= 4 ) { byte *p; assert( mpi_is_opaque( sk->skey[npkey] ) ); p = mpi_get_opaque( sk->skey[npkey], &i ); @@ -621,7 +646,6 @@ void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, const byte *buffer, size_t buflen ) { - byte *data; size_t hlen, dlen, nlen; int found=0; @@ -657,6 +681,7 @@ build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, case SIGSUBPKT_KEY_EXPIRE: case SIGSUBPKT_NOTATION: case SIGSUBPKT_POLICY: + case SIGSUBPKT_REVOC_REASON: hashed = 1; break; default: hashed = 0; break; } diff --git a/g10/cipher.c b/g10/cipher.c index 0de2a9d90..b270a4aee 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -1,5 +1,5 @@ /* cipher.c - En-/De-ciphering filter - * Copyright (C) 1998,1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,7 @@ #include "packet.h" #include "options.h" #include "main.h" +#include "status.h" #define MIN_PARTIAL_SIZE 512 @@ -54,7 +55,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); - md_start_debug( cfx->mdc_hash, "mdccreat" ); + /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; @@ -101,6 +102,7 @@ cipher_filter( void *opaque, int control, else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */ assert(a); if( !cfx->header ) { + write_status( STATUS_BEGIN_ENCRYPTION ); write_header( cfx, a ); } if( cfx->mdc_hash ) @@ -121,6 +123,7 @@ cipher_filter( void *opaque, int control, md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; } cipher_close(cfx->cipher_hd); + write_status( STATUS_END_ENCRYPTION ); } else if( control == IOBUFCTRL_DESC ) { *(char**)buf = "cipher_filter"; diff --git a/g10/compress.c b/g10/compress.c index 4862346ad..0cbb98ee1 100644 --- a/g10/compress.c +++ b/g10/compress.c @@ -1,5 +1,5 @@ /* compress.c - compress filter - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/dearmor.c b/g10/dearmor.c index e87dffcd9..bf31ed72a 100644 --- a/g10/dearmor.c +++ b/g10/dearmor.c @@ -1,5 +1,5 @@ /* dearmor.c - Armor utility - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/delkey.c b/g10/delkey.c index 8d4f1a5b0..31d7caaa4 100644 --- a/g10/delkey.c +++ b/g10/delkey.c @@ -1,5 +1,5 @@ /* delkey.c - delete keys - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -62,6 +62,7 @@ delete_key( const char *username, int secret ) : find_keyblock_byname( &kbpos, username ); if( rc ) { log_error(_("%s: user not found\n"), username ); + write_status_text( STATUS_DELETE_PROBLEM, "1" ); goto leave; } @@ -93,10 +94,12 @@ delete_key( const char *username, int secret ) "there is a secret key for this public key!\n")); log_info(_( "use option \"--delete-secret-key\" to delete it first.\n")); + write_status_text( STATUS_DELETE_PROBLEM, "2" ); rc = -1; } - else if( rc != G10ERR_NO_SECKEY ) + else if( rc != G10ERR_NO_SECKEY ) { log_error("%s: get secret key: %s\n", username, g10_errstr(rc) ); + } else rc = 0; } @@ -124,7 +127,7 @@ delete_key( const char *username, int secret ) pubkey_letter( pk->pubkey_algo ), keyid[1], datestr_from_pk(pk) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\n\n"); diff --git a/g10/encode.c b/g10/encode.c index bc03401ac..d1c02bbed 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -1,5 +1,5 @@ /* encode.c - encode data - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -116,7 +116,7 @@ encode_simple( const char *filename, int mode ) } if( (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) { - iobuf_close(inp); + iobuf_cancel(inp); m_free(cfx.dek); m_free(s2k); return rc; @@ -177,6 +177,7 @@ encode_simple( const char *filename, int mode ) pt->timestamp = make_timestamp(); pt->mode = opt.textmode? 't' : 'b'; pt->len = filesize; + pt->new_ctb = !pt->len && !opt.rfc1991; pt->buf = inp; pkt.pkttype = PKT_PLAINTEXT; pkt.pkt.plaintext = pt; @@ -478,7 +479,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) ); else { if( opt.verbose ) { - char *ustr = get_user_id_string( enc->keyid ); + char *ustr = get_user_id_string_native( enc->keyid ); log_info(_("%s/%s encrypted for: %s\n"), pubkey_algo_to_string(enc->pubkey_algo), cipher_algo_to_string(dek->algo), ustr ); diff --git a/g10/encr-data.c b/g10/encr-data.c index 0593efe97..d2aea0ff1 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -1,5 +1,5 @@ /* encr-data.c - process an encrypted data packet - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -165,7 +165,7 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, } if( n == 40 ) { /* we have enough stuff - flush the deferred stuff */ - /* (we have asserted that the buffer is large enough */ + /* (we have asserted that the buffer is large enough) */ if( !dfx->defer_filled ) /* the first time */ memcpy(buf, buf+20, 20 ); else diff --git a/g10/export.c b/g10/export.c index 911a71599..4c70c7ce5 100644 --- a/g10/export.c +++ b/g10/export.c @@ -1,5 +1,5 @@ /* export.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -71,6 +71,12 @@ export_seckeys( STRLIST users ) return do_export( users, 1, 0 ); } +int +export_secsubkeys( STRLIST users ) +{ + return do_export( users, 2, 0 ); +} + static int do_export( STRLIST users, int secret, int onlyrfc ) { @@ -168,6 +174,16 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any ) } } + /* we can't apply GNU mode 1001 on an unprotected key */ + if( secret == 2 + && (node = find_kbnode( keyblock, PKT_SECRET_KEY )) + && !node->pkt->pkt.secret_key->is_protected ) + { + log_info(_("key %08lX: not protected - skipped\n"), + (ulong)keyid_from_sk( node->pkt->pkt.secret_key, NULL) ); + continue; + } + /* and write it */ for( kbctx=NULL; (node = walk_kbnode( keyblock, &kbctx, 0 )); ) { /* don't export any comment packets but those in the @@ -183,7 +199,20 @@ do_export_stream( IOBUF out, STRLIST users, int secret, int onlyrfc, int *any ) continue; /* not exportable */ } - if( (rc = build_packet( out, node->pkt )) ) { + if( secret == 2 && node->pkt->pkttype == PKT_SECRET_KEY ) { + /* we don't want to export the secret parts of the + * primary key, this is done by using GNU protection mode 1001 + */ + int save_mode = node->pkt->pkt.secret_key->protect.s2k.mode; + node->pkt->pkt.secret_key->protect.s2k.mode = 1001; + rc = build_packet( out, node->pkt ); + node->pkt->pkt.secret_key->protect.s2k.mode = save_mode; + } + else { + rc = build_packet( out, node->pkt ); + } + + if( rc ) { log_error("build_packet(%d) failed: %s\n", node->pkt->pkttype, g10_errstr(rc) ); rc = G10ERR_WRITE_FILE; diff --git a/g10/filter.h b/g10/filter.h index 86a8e45b8..1adf0edaa 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -1,5 +1,5 @@ /* filter.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,6 +35,9 @@ typedef struct { int only_keyblocks; /* skip all headers but ".... key block" */ const char *hdrlines; /* write these headerlines */ + /* these fileds must be initialized to zero */ + int no_openpgp_data; /* output flag: "No valid OpenPGP data found" */ + /* the following fields must be initialized to zero */ int inp_checked; /* set if the input has been checked */ int inp_bypass; /* set if the input is not armored */ @@ -56,6 +59,7 @@ typedef struct { u32 crc; int status; /* an internal state flag */ + int cancel; int any_data; /* any valid armored data seen */ int pending_lf; /* used together with faked */ } armor_filter_context_t; diff --git a/g10/free-packet.c b/g10/free-packet.c index 0a61e222c..3082be686 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -1,5 +1,5 @@ /* free-packet.c - cleanup stuff for packets - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -220,6 +220,8 @@ free_comment( PKT_comment *rem ) void free_user_id( PKT_user_id *uid ) { + if( uid->photo ) + m_free( uid->photo ); m_free(uid); } @@ -1,5 +1,5 @@ /* g10.c - The GnuPG utility (main for gpg) - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -79,6 +79,7 @@ enum cmd_and_opt_values { aNull = 0, aImport, aFastImport, aVerify, + aVerifyFiles, aListKeys, aListSigs, aListSecretKeys, @@ -87,6 +88,7 @@ enum cmd_and_opt_values { aNull = 0, aExport, aExportAll, aExportSecret, + aExportSecretSub, aCheckKeys, aGenRevoke, aPrimegen, @@ -131,6 +133,7 @@ enum cmd_and_opt_values { aNull = 0, oDigestAlgo, oCompressAlgo, oPasswdFD, + oCommandFD, oQuickRandom, oNoVerbose, oTrustDBName, @@ -166,6 +169,7 @@ enum cmd_and_opt_values { aNull = 0, oEscapeFrom, oLockOnce, oLockMultiple, + oLockNever, oKeyServer, oEncryptTo, oNoEncryptTo, @@ -177,7 +181,12 @@ enum cmd_and_opt_values { aNull = 0, oAllowNonSelfsignedUID, oNoLiteral, oSetFilesize, - oEntropyDLLName, + oHonorHttpProxy, + oFastListMode, + oListOnly, + oIgnoreTimeConflict, + oNoRandomSeedFile, + oEmu3DESS2KBug, /* will be removed in 1.1 */ aTest }; @@ -193,6 +202,7 @@ static ARGPARSE_OPTS opts[] = { { aStore, "store", 256, N_("store only")}, { aDecrypt, "decrypt", 256, N_("decrypt data (default)")}, { aVerify, "verify" , 256, N_("verify a signature")}, + { aVerifyFiles, "verify-files" , 256, "@" }, { aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-public-keys", 256, "@" }, { aListSigs, "list-sigs", 256, N_("list keys and signatures")}, @@ -201,6 +211,8 @@ static ARGPARSE_OPTS opts[] = { { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aKeygen, "gen-key", 256, N_("generate a new key pair")}, { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")}, + { aDeleteSecretKey, "delete-secret-key",256, + N_("remove key from the secret keyring")}, { aSignKey, "sign-key" ,256, N_("sign a key")}, { aLSignKey, "lsign-key" ,256, N_("sign a key locally")}, { aEditKey, "edit-key" ,256, N_("sign or edit a key")}, @@ -210,6 +222,7 @@ static ARGPARSE_OPTS opts[] = { { aRecvKeys, "recv-keys" , 256, N_("import keys from a key server") }, { aExportAll, "export-all" , 256, "@" }, { aExportSecret, "export-secret-keys" , 256, "@" }, + { aExportSecretSub, "export-secret-subkeys" , 256, "@" }, { aImport, "import", 256 , N_("import/merge keys")}, { aFastImport, "fast-import", 256 , "@"}, { aListPackets, "list-packets",256,N_("list only the sequence of packets")}, @@ -223,7 +236,9 @@ static ARGPARSE_OPTS opts[] = { "check-trustdb",0 , N_("|[NAMES]|check the trust database")}, { aFixTrustDB, "fix-trustdb",0 , N_("fix a corrupted trust database")}, { aDeArmor, "dearmor", 256, N_("De-Armor a file or stdin") }, + { aDeArmor, "dearmour", 256, "@" }, { aEnArmor, "enarmor", 256, N_("En-Armor a file or stdin") }, + { aEnArmor, "enarmour", 256, "@" }, { aPrintMD, "print-md" , 256, N_("|algo [files]|print message digests")}, { aPrimegen, "gen-prime" , 256, "@" }, { aGenRandom, "gen-random" , 256, "@" }, @@ -231,6 +246,7 @@ static ARGPARSE_OPTS opts[] = { { 301, NULL, 0, N_("@\nOptions:\n ") }, { oArmor, "armor", 0, N_("create ascii armored output")}, + { oArmor, "armour", 0, "@" }, { oRecipient, "recipient", 2, N_("|NAME|encrypt for NAME")}, { oRecipient, "remote-user", 2, "@"}, /* old option name */ { oDefRecipient, "default-recipient" ,2, @@ -262,12 +278,12 @@ static ARGPARSE_OPTS opts[] = { { oCharset, "charset" , 2, N_("|NAME|set terminal charset to NAME") }, { oOptions, "options" , 2, N_("read options from file")}, - { oDebug, "debug" ,4|16, N_("set debugging flags")}, - { oDebugAll, "debug-all" ,0, N_("enable full debugging")}, + { oDebug, "debug" ,4|16, "@"}, + { oDebugAll, "debug-all" ,0, "@"}, { oStatusFD, "status-fd" ,1, N_("|FD|write status info to this FD") }, - { oNoComment, "no-comment", 0, N_("do not write comment packets")}, - { oCompletesNeeded, "completes-needed", 1, N_("(default is 1)")}, - { oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")}, + { oNoComment, "no-comment", 0, "@"}, + { oCompletesNeeded, "completes-needed", 1, "@"}, + { oMarginalsNeeded, "marginals-needed", 1, "@"}, { oMaxCertDepth, "max-cert-depth", 1, "@" }, { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, @@ -283,7 +299,11 @@ static ARGPARSE_OPTS opts[] = { { oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")}, { oNotation, "notation-data", 2, N_("|NAME=VALUE|use this notation data")}, - { 302, NULL, 0, N_("@\nExamples:\n\n" + { 302, NULL, 0, N_( + "@\n(See the man page for a complete listing of all commands and options)\n" + )}, + + { 303, NULL, 0, N_("@\nExamples:\n\n" " -se -r Bob [file] sign and encrypt for user Bob\n" " --clearsign [file] make a clear text signature\n" " --detach-sign [file] make a detached signature\n" @@ -297,12 +317,13 @@ static ARGPARSE_OPTS opts[] = { { aListTrustPath, "list-trust-path",0, "@"}, { oKOption, NULL, 0, "@"}, { oPasswdFD, "passphrase-fd",1, "@" }, - { aDeleteSecretKey, "delete-secret-key",0, "@" }, + { oCommandFD, "command-fd",1, "@" }, { oQuickRandom, "quick-random", 0, "@"}, { oNoVerbose, "no-verbose", 0, "@"}, { oTrustDBName, "trustdb-name", 2, "@" }, { oNoSecmemWarn, "no-secmem-warning", 0, "@" }, /* used only by regression tests */ { oNoArmor, "no-armor", 0, "@"}, + { oNoArmor, "no-armour", 0, "@"}, { oNoDefKeyring, "no-default-keyring", 0, "@" }, { oNoGreeting, "no-greeting", 0, "@" }, { oNoOptions, "no-options", 0, "@" }, /* shortcut for --options /dev/null */ @@ -329,6 +350,7 @@ static ARGPARSE_OPTS opts[] = { { oEscapeFrom, "escape-from-lines", 0, "@" }, { oLockOnce, "lock-once", 0, "@" }, { oLockMultiple, "lock-multiple", 0, "@" }, + { oLockNever, "lock-never", 0, "@" }, { oLoggerFD, "logger-fd",1, "@" }, { oUseEmbeddedFilename, "use-embedded-filename", 0, "@" }, { oUtf8Strings, "utf8-strings", 0, "@" }, @@ -339,7 +361,12 @@ static ARGPARSE_OPTS opts[] = { { oAllowNonSelfsignedUID, "allow-non-selfsigned-uid", 0, "@" }, { oNoLiteral, "no-literal", 0, "@" }, { oSetFilesize, "set-filesize", 20, "@" }, - { oEntropyDLLName, "entropy-dll-name", 2, "@" }, + { oHonorHttpProxy,"honor-http-proxy", 0, "@" }, + { oFastListMode,"fast-list-mode", 0, "@" }, + { oListOnly, "list-only", 0, "@"}, + { oIgnoreTimeConflict, "ignore-time-conflict", 0, "@" }, + { oNoRandomSeedFile, "no-random-seed-file", 0, "@" }, + { oEmu3DESS2KBug, "emulate-3des-s2k-bug", 0, "@"}, {0} }; @@ -381,26 +408,29 @@ strusage( int level ) "default operation depends on the input data\n"); break; - case 31: p = _("\nSupported algorithms:\n"); break; - case 32: + case 31: p = "\nHome: "; break; + case 32: p = opt.homedir; break; + case 33: p = _("\nSupported algorithms:\n"); break; + case 34: if( !ciphers ) ciphers = build_list("Cipher: ", cipher_algo_to_string, check_cipher_algo ); p = ciphers; break; - case 33: + case 35: if( !pubkeys ) pubkeys = build_list("Pubkey: ", pubkey_algo_to_string, check_pubkey_algo ); p = pubkeys; break; - case 34: + case 36: if( !digests ) digests = build_list("Hash: ", digest_algo_to_string, check_digest_algo ); p = digests; break; + default: p = default_strusage(level); } return p; @@ -471,9 +501,9 @@ make_username( const char *string ) { char *p; if( utf8_strings ) - p = native_to_utf8( string ); - else p = m_strdup(string); + else + p = native_to_utf8( string ); return p; } @@ -543,6 +573,7 @@ main( int argc, char **argv ) int default_keyring = 1; int greeting = 0; int nogreeting = 0; + int use_random_seed = 1; enum cmd_and_opt_values cmd = 0; const char *trustdb_name = NULL; char *def_cipher_string = NULL; @@ -567,6 +598,7 @@ main( int argc, char **argv ) init_signals(); create_dotlock(NULL); /* register locking cleanup */ i18n_init(); + opt.command_fd = -1; /* no command fd */ opt.compress = -1; /* defaults to standard compress level */ /* note: if you change these lines, look at oOpenPGP */ opt.def_cipher_algo = 0; @@ -578,7 +610,12 @@ main( int argc, char **argv ) opt.completes_needed = 1; opt.marginals_needed = 3; opt.max_cert_depth = 5; + opt.pgp2_workarounds = 1; + #ifdef __MINGW32__ + opt.homedir = read_w32_registry_string( NULL, "Software\\GNU\\GnuPG", "HomeDir" ); + #else opt.homedir = getenv("GNUPGHOME"); + #endif if( !opt.homedir || !*opt.homedir ) { #ifdef HAVE_DRIVE_LETTERS opt.homedir = "c:/gnupg"; @@ -676,13 +713,16 @@ main( int argc, char **argv ) case aListKeys: set_cmd( &cmd, aListKeys); break; case aListSigs: set_cmd( &cmd, aListSigs); break; case aExportSecret: set_cmd( &cmd, aExportSecret); break; + case aExportSecretSub: set_cmd( &cmd, aExportSecretSub); break; case aDeleteSecretKey: set_cmd( &cmd, aDeleteSecretKey); greeting=1; break; case aDeleteKey: set_cmd( &cmd, aDeleteKey); greeting=1; break; case aDetachedSign: detached_sig = 1; set_cmd( &cmd, aSign ); break; case aSym: set_cmd( &cmd, aSym); break; + case aDecrypt: set_cmd( &cmd, aDecrypt); break; + case aEncr: set_cmd( &cmd, aEncr); break; case aSign: set_cmd( &cmd, aSign ); break; case aKeygen: set_cmd( &cmd, aKeygen); greeting=1; break; @@ -693,6 +733,7 @@ main( int argc, char **argv ) case aClearsign: set_cmd( &cmd, aClearsign); break; case aGenRevoke: set_cmd( &cmd, aGenRevoke); break; case aVerify: set_cmd( &cmd, aVerify); break; + case aVerifyFiles: set_cmd( &cmd, aVerifyFiles); break; case aPrimegen: set_cmd( &cmd, aPrimegen); break; case aGenRandom: set_cmd( &cmd, aGenRandom); break; case aPrintMD: set_cmd( &cmd, aPrintMD); break; @@ -785,6 +826,7 @@ main( int argc, char **argv ) break; case oOpenPGP: opt.rfc1991 = 0; + opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.force_v3_sigs = 0; opt.compress_keys = 0; /* not mandated but we do it */ @@ -798,6 +840,7 @@ main( int argc, char **argv ) opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; + case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oCompressSigs: opt.compress_sigs = 1; break; case oRunAsShmCP: #ifndef USE_SHM_COPROCESSING @@ -833,6 +876,7 @@ main( int argc, char **argv ) break; case oCompress: opt.compress = pargs.r.ret_int; break; case oPasswdFD: pwfd = pargs.r.ret_int; break; + case oCommandFD: opt.command_fd = pargs.r.ret_int; break; case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break; case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break; case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break; @@ -844,6 +888,7 @@ main( int argc, char **argv ) case oNotDashEscaped: opt.not_dash_escaped = 1; break; case oEscapeFrom: opt.escape_from = 1; break; case oLockOnce: opt.lock_once = 1; break; + case oLockNever: disable_dotlock(); break; case oLockMultiple: opt.lock_once = 0; break; case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break; case oNotation: add_notation_data( pargs.r.ret_str ); break; @@ -855,22 +900,14 @@ main( int argc, char **argv ) case oDisablePubkeyAlgo: disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) ); break; - case oAllowNonSelfsignedUID: - opt.allow_non_selfsigned_uid = 1; - break; - case oNoLiteral: - opt.no_literal = 1; - break; - case oSetFilesize: - opt.set_filesize = pargs.r.ret_ulong; - break; - - case oEntropyDLLName: - #ifdef USE_STATIC_RNDW32 - log_info("set dllname to `%s'\n", pargs.r.ret_str ); - rndw32_set_dll_name( pargs.r.ret_str ); - #endif - break; + case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; break; + case oNoLiteral: opt.no_literal = 1; break; + case oSetFilesize: opt.set_filesize = pargs.r.ret_ulong; break; + case oHonorHttpProxy: opt.honor_http_proxy = 1; break; + case oFastListMode: opt.fast_list_mode = 1; break; + case oListOnly: opt.list_only=1; break; + case oIgnoreTimeConflict: opt.ignore_time_conflict = 1; break; + case oNoRandomSeedFile: use_random_seed = 0; break; default : pargs.err = configfp? 1:2; break; } @@ -893,8 +930,11 @@ main( int argc, char **argv ) fprintf(stderr, "%s\n", strusage(15) ); } #ifdef IS_DEVELOPMENT_VERSION - if( !opt.batch ) - log_info("NOTE: this is a development version!\n"); + if( !opt.batch ) { + log_info("NOTE: THIS IS A DEVELOPMENT VERSION!\n"); + log_info("It is only intended for test purposes and should NOT be\n"); + log_info("used in a production environment or with production keys!\n"); + } #endif if( opt.force_mdc ) { log_info("--force-mdc ignored because" @@ -971,8 +1011,16 @@ main( int argc, char **argv ) if( log_get_errorcount(0) ) g10_exit(2); - if( !cmd && opt.fingerprint && !with_fpr ) + /* set the random seed file */ + if( use_random_seed ) { + char *p = make_filename(opt.homedir, "random_seed", NULL ); + set_random_seed_file(p); + m_free(p); + } + + if( !cmd && opt.fingerprint && !with_fpr ) { set_cmd( &cmd, aListKeys); + } if( cmd == aKMode || cmd == aKModeC ) { /* kludge to be compatible to pgp */ if( cmd == aKModeC ) { @@ -1112,6 +1160,11 @@ main( int argc, char **argv ) log_error("verify signatures failed: %s\n", g10_errstr(rc) ); break; + case aVerifyFiles: + if( (rc = verify_files( argc, argv ) )) + log_error("verify files failed: %s\n", g10_errstr(rc) ); + break; + case aDecrypt: if( argc > 1 ) wrong_args(_("--decrypt [filename]")); @@ -1170,15 +1223,28 @@ main( int argc, char **argv ) case aListSigs: opt.list_sigs = 1; case aListKeys: - public_key_list( argc, argv ); + sl = NULL; + for( ; argc; argc--, argv++ ) + add_to_strlist2( &sl, *argv, utf8_strings ); + public_key_list( sl ); + free_strlist(sl); break; case aListSecretKeys: - secret_key_list( argc, argv ); + sl = NULL; + for( ; argc; argc--, argv++ ) + add_to_strlist2( &sl, *argv, utf8_strings ); + secret_key_list( sl ); + free_strlist(sl); break; case aKMode: /* list keyring -- NOTE: This will be removed soon */ - if( argc < 2 ) /* -kv [userid] */ - public_key_list( (argc && **argv)? 1:0, argv ); + if( argc < 2 ) { /* -kv [userid] */ + sl = NULL; + if (argc && **argv) + add_to_strlist2( &sl, *argv, utf8_strings ); + public_key_list( sl ); + free_strlist(sl); + } else if( argc == 2 ) { /* -kv userid keyring */ if( access( argv[1], R_OK ) ) { log_error(_("can't open %s: %s\n"), @@ -1188,32 +1254,33 @@ main( int argc, char **argv ) /* add keyring (default keyrings are not registered in this * special case */ add_keyblock_resource( argv[1], 0, 0 ); - public_key_list( **argv?1:0, argv ); + sl = NULL; + if (**argv) + add_to_strlist2( &sl, *argv, utf8_strings ); + public_key_list( sl ); + free_strlist(sl); } } else wrong_args(_("-k[v][v][v][c] [user-id] [keyring]") ); break; - case aKeygen: /* generate a key (interactive) */ - if( argc ) - wrong_args("--gen-key"); - generate_keypair(); + case aKeygen: /* generate a key */ + if( opt.batch ) { + if( argc > 1 ) + wrong_args("--gen-key [parameterfile]"); + generate_keypair( argc? *argv : NULL ); + } + else { + if( argc ) + wrong_args("--gen-key"); + generate_keypair(NULL); + } break; case aFastImport: case aImport: - if( !argc ) { - rc = import_keys( NULL, (cmd == aFastImport) ); - if( rc ) - log_error("import failed: %s\n", g10_errstr(rc) ); - } - for( ; argc; argc--, argv++ ) { - rc = import_keys( *argv, (cmd == aFastImport) ); - if( rc ) - log_error("import from `%s' failed: %s\n", - *argv, g10_errstr(rc) ); - } + import_keys( argc? argv:NULL, argc, (cmd == aFastImport) ); break; case aExport: @@ -1240,6 +1307,14 @@ main( int argc, char **argv ) free_strlist(sl); break; + case aExportSecretSub: + sl = NULL; + for( ; argc; argc--, argv++ ) + add_to_strlist2( &sl, *argv, utf8_strings ); + export_secsubkeys( sl ); + free_strlist(sl); + break; + case aGenRevoke: if( argc != 1 ) wrong_args("--gen-revoke user-id"); @@ -1379,7 +1454,7 @@ main( int argc, char **argv ) break; case aFixTrustDB: - log_error("this command ist not yet implemented.\"\n"); + log_error("this command is not yet implemented.\n"); log_error("A workaround is to use \"--export-ownertrust\", remove\n"); log_error("the trustdb file and do an \"--import-ownertrust\".\n" ); break; @@ -1449,6 +1524,7 @@ main( int argc, char **argv ) void g10_exit( int rc ) { + update_random_seed_file(); if( opt.debug & DBG_MEMSTAT_VALUE ) { m_print_stats("on exit"); random_dump_stats(); diff --git a/g10/getkey.c b/g10/getkey.c index fb5f1bc3e..26fcda686 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1,5 +1,5 @@ /* getkey.c - Get a key from the database - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -45,7 +45,11 @@ * that they are all valid. * Note: We must use numerical values here in case that this program * will be converted to those little blue HAL9000s with their strange - * EBCDIC character set (user ids are UTF-8). */ + * EBCDIC character set (user ids are UTF-8). + * wk 2000-04-13: Hmmm, does this really make sense, given the fact that + * we can run gpg now on a S/390 running GNU/Linux, where the code + * translation is done by the device drivers? + */ static const byte word_match_chars[256] = { /* 00 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 08 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -154,6 +158,7 @@ static int uid_cache_entries; /* number of entries in uid cache */ static char* prepare_word_match( const byte *name ); static int lookup_pk( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_kb ); static int lookup_sk( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_kb ); +static u32 subkeys_expiretime( KBNODE node, u32 *mainkid ); #if 0 @@ -696,6 +701,8 @@ key_byname( GETKEY_CTX *retctx, STRLIST namelist, STRLIST r; GETKEY_CTX ctx; + if( retctx ) /* reset the returned context in case of error */ + *retctx = NULL; assert( !pk ^ !sk ); /* build the search context */ @@ -1150,7 +1157,7 @@ merge_one_pk_and_selfsig( KBNODE keyblock, KBNODE knode, k = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !k ) BUG(); /* keyblock without primary key!!! */ - keyid_from_pk( knode->pkt->pkt.public_key, kid ); + keyid_from_pk( k->pkt->pkt.public_key, kid ); } else keyid_from_pk( pk, kid ); @@ -1208,6 +1215,10 @@ merge_keys_and_selfsig( KBNODE keyblock ) pk = NULL; /* not needed for old keys */ else if( k->pkt->pkttype == PKT_PUBLIC_KEY ) keyid_from_pk( pk, kid ); + else if( !pk->expiredate ) { /* and subkey */ + /* insert the expiration date here */ + pk->expiredate = subkeys_expiretime( k, kid ); + } sigdate = 0; } else if( k->pkt->pkttype == PKT_SECRET_KEY @@ -1222,8 +1233,11 @@ merge_keys_and_selfsig( KBNODE keyblock ) else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE && (sig=k->pkt->pkt.signature)->sig_class >= 0x10 && sig->sig_class <= 0x30 && sig->version > 3 + && !(sig->sig_class == 0x18 || sig->sig_class == 0x28) && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) { /* okay this is a self-signature which can be used. + * This is not used for subkey binding signature, becuase this + * is done above. * FIXME: We should only use this if the signature is valid * but this is time consuming - we must provide another * way to handle this @@ -1279,9 +1293,14 @@ find_by_name( KBNODE keyblock, PKT_public_key *pk, const char *name, u32 aki[2]; keyid_from_pk( kk->pkt->pkt.public_key, aki ); cache_user_id( k->pkt->pkt.user_id, aki ); - rmd160_hash_buffer( namehash, - k->pkt->pkt.user_id->name, - k->pkt->pkt.user_id->len ); + if( k->pkt->pkt.user_id->photo ) + rmd160_hash_buffer( namehash, + k->pkt->pkt.user_id->photo, + k->pkt->pkt.user_id->photolen ); + else + rmd160_hash_buffer( namehash, + k->pkt->pkt.user_id->name, + k->pkt->pkt.user_id->len ); *use_namehash = 1; return kk; } @@ -1516,6 +1535,56 @@ find_by_fpr_sk( KBNODE keyblock, PKT_secret_key *sk, } +/**************** + * Return the expiretime of a subkey. + */ +static u32 +subkeys_expiretime( KBNODE node, u32 *mainkid ) +{ + KBNODE k; + PKT_signature *sig; + u32 expires = 0, sigdate = 0; + + assert( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ); + for(k=node->next; k; k = k->next ) { + if( k->pkt->pkttype == PKT_SIGNATURE + && (sig=k->pkt->pkt.signature)->sig_class == 0x18 + && sig->keyid[0] == mainkid[0] + && sig->keyid[1] == mainkid[1] + && sig->version > 3 + && sig->timestamp > sigdate ) { + /* okay this is a key-binding which can be used. + * We use the latest self-signature. + * FIXME: We should only use this if the binding signature is valid + * but this is time consuming - we must provide another + * way to handle this + */ + const byte *p; + u32 ed; + + p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL ); + ed = p? node->pkt->pkt.public_key->timestamp + buffer_to_u32(p):0; + sigdate = sig->timestamp; + expires = ed; + } + else if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + break; /* stop at the next subkey */ + } + + return expires; +} + + +/**************** + * Check whether the subkey has expired. Node must point to the subkey + */ +static int +has_expired( KBNODE node, u32 *mainkid, u32 cur_time ) +{ + u32 expires = subkeys_expiretime( node, mainkid ); + return expires && expires <= cur_time; +} + static void finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, int use_namehash, int primary ) @@ -1534,6 +1603,10 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) { /* if the usage is not correct, try to use a subkey */ KBNODE save_k = k; + u32 mainkid[2]; + u32 cur_time = make_timestamp(); + + keyid_from_pk( keyblock->pkt->pkt.public_key, mainkid ); k = NULL; /* kludge for pgp 5: which doesn't accept type 20: @@ -1545,7 +1618,8 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, == PUBKEY_ALGO_ELGAMAL_E && !check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo, - pk->pubkey_usage ) ) + pk->pubkey_usage ) + && !has_expired(k, mainkid, cur_time) ) break; } } @@ -1555,7 +1629,10 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY && !check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo, - pk->pubkey_usage ) ) + pk->pubkey_usage ) + && ( pk->pubkey_usage != PUBKEY_USAGE_ENC + || !has_expired( k, mainkid, cur_time ) ) + ) break; } } @@ -1887,6 +1964,18 @@ get_user_id_string( u32 *keyid ) return p; } + +char* +get_user_id_string_native( u32 *keyid ) +{ + char *p = get_user_id_string( keyid ); + char *p2 = utf8_to_native( p, strlen(p) ); + + m_free(p); + return p2; +} + + char* get_long_user_id_string( u32 *keyid ) { @@ -1914,6 +2003,7 @@ get_user_id( u32 *keyid, size_t *rn ) user_id_db_t r; char *p; int pass=0; + /* try it two times; second pass reads from key resources */ do { for(r=user_id_db; r; r = r->next ) @@ -1924,9 +2014,8 @@ get_user_id( u32 *keyid, size_t *rn ) return p; } } while( ++pass < 2 && !get_pubkey( NULL, keyid ) ); - p = m_alloc( 19 ); - memcpy(p, "[User id not found]", 19 ); - *rn = 19; + p = m_strdup( _("[User id not found]") ); + *rn = strlen(p); return p; } diff --git a/g10/helptext.c b/g10/helptext.c index e42902512..4a7a14fde 100644 --- a/g10/helptext.c +++ b/g10/helptext.c @@ -1,5 +1,5 @@ /* helptext.c - English help texts - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -224,6 +224,29 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = { "file (which is shown in brackets) will be used." )}, +/* revoke.c (ask_revocation_reason) */ +{ "ask_revocation_reason.code", N_( + "You should specify a reason for the certification. Depending on the\n" + "context you have the ability to choose from this list:\n" + " \"Key has been compromised\"\n" + " Use this if you have a reason to believe that unauthorized persons\n" + " got access to your secret key.\n" + " \"Key is superseeded\"\n" + " Use this if you have replaced this key with a newer one.\n" + " \"Key is no longer used\"\n" + " Use this if you have retired this key.\n" + " \"User ID is no longer valid\"\n" + " Use this to state that the user ID should not longer be used;\n" + " this is normally used to mark an email address invalid.\n" +)}, + +/* revoke.c (ask_revocation_reason) */ +{ "ask_revocation_reason.text", N_( + "If you like, you can enter a text describing why you issue this\n" + "revocation certificate. Please keep this text concise.\n" + "An empty line ends the text.\n" +)}, + /* end of list */ { NULL, NULL } }; @@ -55,19 +55,24 @@ hkp_ask_import( u32 *keyid ) struct http_context hd; char *request; int rc; + unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; if( !opt.keyserver_name ) return -1; - log_info("requesting key %08lX from %s ...\n", (ulong)keyid[1], + log_info(_("requesting key %08lX from %s ...\n"), (ulong)keyid[1], opt.keyserver_name ); request = m_alloc( strlen( opt.keyserver_name ) + 100 ); /* hkp does not accept the long keyid - we should really write a - * nicer one */ + * nicer one :-) + * FIXME: request binary mode - need to pass no_armor mode + * down to the import function. Marc told that there is such a + * binary mode ... how? + */ sprintf( request, "x-hkp://%s:11371/pks/lookup?op=get&search=0x%08lX", opt.keyserver_name, (ulong)keyid[1] ); - rc = http_open_document( &hd, request, 0 ); + rc = http_open_document( &hd, request, hflags ); if( rc ) { - log_info("can't get key from keyserver: %s\n", + log_info(_("can't get key from keyserver: %s\n"), rc == G10ERR_NETWORK? strerror(errno) : g10_errstr(rc) ); } @@ -90,7 +95,7 @@ hkp_import( STRLIST users ) return -1; #else if( !opt.keyserver_name ) { - log_error("no keyserver known (use option --keyserver)\n"); + log_error(_("no keyserver known (use option --keyserver)\n")); return -1; } @@ -98,10 +103,15 @@ hkp_import( STRLIST users ) u32 kid[2]; int type = classify_user_id( users->d, kid, NULL, NULL, NULL ); if( type != 10 && type != 11 ) { - log_info("%s: not a valid key ID\n", users->d ); + log_info(_("%s: not a valid key ID\n"), users->d ); continue; } - hkp_ask_import( kid ); + /* because the function may use log_info in some situations, the + * errorcounter ist not increaed and the program will return + * with success - which is not good when this function is used. + */ + if( hkp_ask_import( kid ) ) + log_inc_errorcount(); } return 0; #endif @@ -120,9 +130,10 @@ hkp_export( STRLIST users ) struct http_context hd; char *request; unsigned int status; + unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; if( !opt.keyserver_name ) { - log_error("no keyserver known (use option --keyserver)\n"); + log_error(_("no keyserver known (use option --keyserver)\n")); return -1; } @@ -142,9 +153,9 @@ hkp_export( STRLIST users ) request = m_alloc( strlen( opt.keyserver_name ) + 100 ); sprintf( request, "x-hkp://%s:11371/pks/add", opt.keyserver_name ); - rc = http_open( &hd, HTTP_REQ_POST, request , 0 ); + rc = http_open( &hd, HTTP_REQ_POST, request , hflags ); if( rc ) { - log_error("can't connect to `%s': %s\n", + log_error(_("can't connect to `%s': %s\n"), opt.keyserver_name, rc == G10ERR_NETWORK? strerror(errno) : g10_errstr(rc) ); @@ -168,7 +179,7 @@ hkp_export( STRLIST users ) rc = http_wait_response( &hd, &status ); if( rc ) { - log_error("error sending to `%s': %s\n", + log_error(_("error sending to `%s': %s\n"), opt.keyserver_name, g10_errstr(rc) ); } else { @@ -180,10 +191,10 @@ hkp_export( STRLIST users ) } #endif if( (status/100) == 2 ) - log_info("success sending to `%s' (status=%u)\n", + log_info(_("success sending to `%s' (status=%u)\n"), opt.keyserver_name, status ); else - log_error("failed sending to `%s': status=%u\n", + log_error(_("failed sending to `%s': status=%u\n"), opt.keyserver_name, status ); } http_close( &hd ); @@ -1,5 +1,5 @@ /* hkp.h - Horrowitz Keyserver Protocol - * Copyright (C) 1999 Free Software Foundation, Inc. + * Copyright (C) 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/import.c b/g10/import.c index 85a45582e..35007deff 100644 --- a/g10/import.c +++ b/g10/import.c @@ -1,5 +1,5 @@ /* import.c - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -38,6 +38,7 @@ static struct { + ulong count; ulong no_user_id; ulong imported; ulong imported_rsa; @@ -53,6 +54,7 @@ static struct { static int import( IOBUF inp, int fast, const char* fname ); +static void print_stats(void); static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root ); static int import_one( const char *fname, KBNODE keyblock, int fast ); static int import_secret_one( const char *fname, KBNODE keyblock ); @@ -105,30 +107,51 @@ static int merge_keysigs( KBNODE dst, KBNODE src, int *n_sigs, * Key revocation certificates have special handling. * */ -int -import_keys( const char *fname, int fast ) +void +import_keys( char **fnames, int nnames, int fast ) { - IOBUF inp = NULL; - int rc; + int i; - inp = iobuf_open(fname); - if( !fname ) - fname = "[stdin]"; - if( !inp ) { - log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); - return G10ERR_OPEN_FILE; - } + /* fixme: don't use static variables */ + memset( &stats, 0, sizeof( stats ) ); - rc = import( inp, fast, fname ); + if( !fnames && !nnames ) + nnames = 1; /* Ohh what a ugly hack to jump into the loop */ - iobuf_close(inp); - return rc; + for(i=0; i < nnames; i++ ) { + const char *fname = fnames? fnames[i] : NULL; + IOBUF inp = iobuf_open(fname); + if( !fname ) + fname = "[stdin]"; + if( !inp ) + log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); + else { + int rc = import( inp, fast, fname ); + iobuf_close(inp); + if( rc ) + log_error("import from `%s' failed: %s\n", fname, + g10_errstr(rc) ); + } + if( !fname ) + break; + } + print_stats(); + if( !fast ) + sync_trustdb(); } int import_keys_stream( IOBUF inp, int fast ) { - return import( inp, fast, "[stream]" ); + int rc = 0; + + /* fixme: don't use static variables */ + memset( &stats, 0, sizeof( stats ) ); + rc = import( inp, fast, "[stream]" ); + print_stats(); + if( !fast ) + sync_trustdb(); + return rc; } static int @@ -137,10 +160,6 @@ import( IOBUF inp, int fast, const char* fname ) PACKET *pending_pkt = NULL; KBNODE keyblock; int rc = 0; - ulong count=0; - - /* fixme: don't use static variables */ - memset( &stats, 0, sizeof( stats ) ); getkey_disable_caches(); @@ -165,16 +184,23 @@ import( IOBUF inp, int fast, const char* fname ) release_kbnode(keyblock); if( rc ) break; - if( !(++count % 100) && !opt.quiet ) - log_info(_("%lu keys so far processed\n"), count ); + if( !(++stats.count % 100) && !opt.quiet ) + log_info(_("%lu keys so far processed\n"), stats.count ); } if( rc == -1 ) rc = 0; else if( rc && rc != G10ERR_INV_KEYRING ) log_error( _("error reading `%s': %s\n"), fname, g10_errstr(rc)); + return rc; +} + + +static void +print_stats() +{ if( !opt.quiet ) { - log_info(_("Total number processed: %lu\n"), count ); + log_info(_("Total number processed: %lu\n"), stats.count ); if( stats.no_user_id ) log_info(_(" w/o user IDs: %lu\n"), stats.no_user_id ); if( stats.imported || stats.imported_rsa ) { @@ -202,9 +228,9 @@ import( IOBUF inp, int fast, const char* fname ) } if( is_status_enabled() ) { - char buf[12*16]; + char buf[12*20]; sprintf(buf, "%lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu", - count, + stats.count, stats.no_user_id, stats.imported, stats.imported_rsa, @@ -218,8 +244,6 @@ import( IOBUF inp, int fast, const char* fname ) stats.secret_dups); write_status_text( STATUS_IMPORT_RES, buf ); } - - return rc; } @@ -354,8 +378,8 @@ import_one( const char *fname, KBNODE keyblock, int fast ) pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], datestr_from_pk(pk) ); if( uidnode ) - print_string( stderr, uidnode->pkt->pkt.user_id->name, - uidnode->pkt->pkt.user_id->len, 0 ); + print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name, + uidnode->pkt->pkt.user_id->len ); putc('\n', stderr); } if( !uidnode ) { @@ -545,8 +569,8 @@ import_secret_one( const char *fname, KBNODE keyblock ) pubkey_letter( sk->pubkey_algo ), (ulong)keyid[1], datestr_from_sk(sk) ); if( uidnode ) - print_string( stderr, uidnode->pkt->pkt.user_id->name, - uidnode->pkt->pkt.user_id->len, 0 ); + print_utf8_string( stderr, uidnode->pkt->pkt.user_id->name, + uidnode->pkt->pkt.user_id->len ); putc('\n', stderr); } stats.secret_read++; @@ -678,6 +702,15 @@ import_revoke_cert( const char *fname, KBNODE node ) log_info( _("key %08lX: revocation certificate imported\n"), (ulong)keyid[1]); stats.n_revoc++; + if( clear_trust_checked_flag( pk ) ) { + /* seems that we have to insert the record first */ + rc = insert_trust_record( keyblock ); + if( rc ) + log_error("key %08lX: trustdb insert failed: %s\n", + (ulong)keyid[1], g10_errstr(rc) ); + else + rc = clear_trust_checked_flag( pk ); + } leave: release_kbnode( keyblock ); @@ -764,7 +797,8 @@ mark_non_selfsigned_uids_valid( KBNODE keyblock, u32 *kid ) KBNODE node; for(node=keyblock->next; node; node = node->next ) { if( node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) ) { - if( node->next && node->next->pkt->pkttype == PKT_SIGNATURE ) { + if( (node->next && node->next->pkt->pkttype == PKT_SIGNATURE) + || !node->next ) { node->flag |= 1; log_info( _("key %08lX: accepted non self-signed user ID '"), (ulong)kid[1]); @@ -797,8 +831,8 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) if( opt.verbose ) { log_info( _("key %08lX: skipped user ID '"), (ulong)keyid[1]); - print_string( stderr, node->pkt->pkt.user_id->name, - node->pkt->pkt.user_id->len, 0 ); + print_utf8_string( stderr, node->pkt->pkt.user_id->name, + node->pkt->pkt.user_id->len ); fputs("'\n", stderr ); } delete_kbnode( node ); /* the user-id */ @@ -1124,7 +1158,7 @@ append_uid( KBNODE keyblock, KBNODE node, int *n_sigs, KBNODE n, n_where=NULL; assert(node->pkt->pkttype == PKT_USER_ID ); - if( node->next->pkt->pkttype == PKT_USER_ID ) { + if( !node->next || node->next->pkt->pkttype == PKT_USER_ID ) { log_error( _("key %08lX: our copy has no self-signature\n"), (ulong)keyid[1]); return G10ERR_GENERAL; @@ -1177,9 +1211,7 @@ merge_sigs( KBNODE dst, KBNODE src, int *n_sigs, assert(dst->pkt->pkttype == PKT_USER_ID ); assert(src->pkt->pkttype == PKT_USER_ID ); - /* at least a self signature comes next to the user IDs */ - assert(src->next->pkt->pkttype != PKT_USER_ID ); - if( dst->next->pkt->pkttype == PKT_USER_ID ) { + if( !dst->next || dst->next->pkt->pkttype == PKT_USER_ID ) { log_error( _("key %08lX: our copy has no self-signature\n"), (ulong)keyid[1]); return 0; diff --git a/g10/kbnode.c b/g10/kbnode.c index 282d8b42e..f24dc3527 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -1,5 +1,5 @@ /* kbnode.c - keyblock node utility functions - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -165,7 +165,7 @@ find_prev_kbnode( KBNODE root, KBNODE node, int pkttype ) KBNODE n1; for(n1=NULL ; root && root != node; root = root->next ) - if( !pkttype || root->pkt->pkttype == pkttype ) + if( !pkttype || root->pkt->pkttype == pkttype ) n1 = root; return n1; } diff --git a/g10/keydb.h b/g10/keydb.h index 20a8a6325..5cb8b5a5d 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -1,5 +1,5 @@ /* keydb.h - Key database - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -158,6 +158,7 @@ void get_seckey_end( GETKEY_CTX ctx ); int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ); void merge_keys_and_selfsig( KBNODE keyblock ); char*get_user_id_string( u32 *keyid ); +char*get_user_id_string_native( u32 *keyid ); char*get_long_user_id_string( u32 *keyid ); char*get_user_id( u32 *keyid, size_t *rn ); @@ -199,6 +200,7 @@ const char *enum_keyblock_resources( int *sequence, int secret ); int add_keyblock_resource( const char *resname, int force, int secret ); const char *keyblock_resource_name( KBPOS *kbpos ); int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ); +char *get_writable_keyblock_file( int secret ); int locate_keyblock_by_fpr( KBPOS *kbpos, const byte *fpr, int fprlen, int secret ); int locate_keyblock_by_keyid( KBPOS *kbpos, u32 *keyid, diff --git a/g10/keyedit.c b/g10/keyedit.c index 8daa7c4f5..cd297db60 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1,5 +1,5 @@ /* keyedit.c - keyedit stuff - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -74,8 +74,9 @@ static int enable_disable_key( KBNODE keyblock, int disable ); #define NODFLG_SELSIG (1<<10) /* indicate a selected signature */ -struct sign_uid_attrib { +struct sign_attrib { int non_exportable; + struct revocation_reason_info *reason; }; @@ -157,7 +158,7 @@ print_and_check_one_sig( KBNODE keyblock, KBNODE node, else { size_t n; char *p = get_user_id( sig->keyid, &n ); - tty_print_utf8_string( p, n > 40? 40 : n ); + tty_print_utf8_string2( p, n, 40 ); m_free(p); } tty_printf("\n"); @@ -239,16 +240,18 @@ check_all_keysigs( KBNODE keyblock, int only_selected ) -int -sign_uid_mk_attrib( PKT_signature *sig, void *opaque ) +static int +sign_mk_attrib( PKT_signature *sig, void *opaque ) { - struct sign_uid_attrib *attrib = opaque; + struct sign_attrib *attrib = opaque; byte buf[8]; if( attrib->non_exportable ) { buf[0] = 0; /* not exportable */ build_sig_subpkt( sig, SIGSUBPKT_EXPORTABLE, buf, 1 ); } + if( attrib->reason ) + revocation_reason_build_cb( sig, attrib->reason ); return 0; } @@ -353,7 +356,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local ) && (node->flag & NODFLG_MARK_A) ) { PACKET *pkt; PKT_signature *sig; - struct sign_uid_attrib attrib; + struct sign_attrib attrib; assert( primary_pk ); memset( &attrib, 0, sizeof attrib ); @@ -364,7 +367,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local ) NULL, sk, 0x10, 0, - sign_uid_mk_attrib, + sign_mk_attrib, &attrib ); if( rc ) { log_error(_("signing failed: %s\n"), g10_errstr(rc)); @@ -407,6 +410,7 @@ change_passphrase( KBNODE keyblock ) KBNODE node; PKT_secret_key *sk; char *passphrase = NULL; + int no_primary_secrets = 0; node = find_kbnode( keyblock, PKT_SECRET_KEY ); if( !node ) { @@ -423,10 +427,16 @@ change_passphrase( KBNODE keyblock ) tty_printf(_("This key is not protected.\n")); break; default: - tty_printf(_("Key is protected.\n")); - rc = check_secret_key( sk, 0 ); - if( !rc ) - passphrase = get_last_passphrase(); + if( sk->protect.s2k.mode == 1001 ) { + tty_printf(_("Secret parts of primary key are not available.\n")); + no_primary_secrets = 1; + } + else { + tty_printf(_("Key is protected.\n")); + rc = check_secret_key( sk, 0 ); + if( !rc ) + passphrase = get_last_passphrase(); + } break; } @@ -436,6 +446,8 @@ change_passphrase( KBNODE keyblock ) PKT_secret_key *subsk = node->pkt->pkt.secret_key; set_next_passphrase( passphrase ); rc = check_secret_key( subsk, 0 ); + if( !rc && !passphrase ) + passphrase = get_last_passphrase(); } } @@ -465,9 +477,12 @@ change_passphrase( KBNODE keyblock ) break; } else { /* okay */ - sk->protect.algo = dek->algo; - sk->protect.s2k = *s2k; - rc = protect_secret_key( sk, dek ); + rc = 0; + if( !no_primary_secrets ) { + sk->protect.algo = dek->algo; + sk->protect.s2k = *s2k; + rc = protect_secret_key( sk, dek ); + } for(node=keyblock; !rc && node; node = node->next ) { if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { PKT_secret_key *subsk = node->pkt->pkt.secret_key; @@ -558,41 +573,42 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, static struct { const char *name; enum cmdids id; int need_sk; + int not_with_sk; int signmode; const char *desc; } cmds[] = { - { N_("quit") , cmdQUIT , 0,1, N_("quit this menu") }, - { N_("q") , cmdQUIT , 0,1, NULL }, - { N_("save") , cmdSAVE , 0,1, N_("save and quit") }, - { N_("help") , cmdHELP , 0,1, N_("show this help") }, - { "?" , cmdHELP , 0,1, NULL }, - { N_("fpr") , cmdFPR , 0,1, N_("show fingerprint") }, - { N_("list") , cmdLIST , 0,1, N_("list key and user IDs") }, - { N_("l") , cmdLIST , 0,1, NULL }, - { N_("uid") , cmdSELUID , 0,1, N_("select user ID N") }, - { N_("key") , cmdSELKEY , 0,0, N_("select secondary key N") }, - { N_("check") , cmdCHECK , 0,1, N_("list signatures") }, - { N_("c") , cmdCHECK , 0,1, NULL }, - { N_("sign") , cmdSIGN , 0,1, N_("sign the key") }, - { N_("s") , cmdSIGN , 0,1, NULL }, - { N_("lsign") , cmdLSIGN , 0,1, N_("sign the key locally") }, - { N_("debug") , cmdDEBUG , 0,0, NULL }, - { N_("adduid") , cmdADDUID , 1,0, N_("add a user ID") }, - { N_("deluid") , cmdDELUID , 0,0, N_("delete user ID") }, - { N_("addkey") , cmdADDKEY , 1,0, N_("add a secondary key") }, - { N_("delkey") , cmdDELKEY , 0,0, N_("delete a secondary key") }, - { N_("delsig") , cmdDELSIG , 0,0, N_("delete signatures") }, - { N_("expire") , cmdEXPIRE , 1,0, N_("change the expire date") }, - { N_("toggle") , cmdTOGGLE , 1,0, N_("toggle between secret " - "and public key listing") }, - { N_("t" ) , cmdTOGGLE , 1,0, NULL }, - { N_("pref") , cmdPREF , 0,0, N_("list preferences") }, - { N_("passwd") , cmdPASSWD , 1,0, N_("change the passphrase") }, - { N_("trust") , cmdTRUST , 0,0, N_("change the ownertrust") }, - { N_("revsig") , cmdREVSIG , 0,0, N_("revoke signatures") }, - { N_("revkey") , cmdREVKEY , 1,0, N_("revoke a secondary key") }, - { N_("disable") , cmdDISABLEKEY, 0,0, N_("disable a key") }, - { N_("enable") , cmdENABLEKEY , 0,0, N_("enable a key") }, + { N_("quit") , cmdQUIT , 0,0,1, N_("quit this menu") }, + { N_("q") , cmdQUIT , 0,0,1, NULL }, + { N_("save") , cmdSAVE , 0,0,1, N_("save and quit") }, + { N_("help") , cmdHELP , 0,0,1, N_("show this help") }, + { "?" , cmdHELP , 0,0,1, NULL }, + { N_("fpr") , cmdFPR , 0,0,1, N_("show fingerprint") }, + { N_("list") , cmdLIST , 0,0,1, N_("list key and user IDs") }, + { N_("l") , cmdLIST , 0,0,1, NULL }, + { N_("uid") , cmdSELUID , 0,0,1, N_("select user ID N") }, + { N_("key") , cmdSELKEY , 0,0,0, N_("select secondary key N") }, + { N_("check") , cmdCHECK , 0,0,1, N_("list signatures") }, + { N_("c") , cmdCHECK , 0,0,1, NULL }, + { N_("sign") , cmdSIGN , 0,1,1, N_("sign the key") }, + { N_("s") , cmdSIGN , 0,1,1, NULL }, + { N_("lsign") , cmdLSIGN , 0,1,1, N_("sign the key locally") }, + { N_("debug") , cmdDEBUG , 0,1,0, NULL }, + { N_("adduid") , cmdADDUID , 1,1,0, N_("add a user ID") }, + { N_("deluid") , cmdDELUID , 0,1,0, N_("delete user ID") }, + { N_("addkey") , cmdADDKEY , 1,1,0, N_("add a secondary key") }, + { N_("delkey") , cmdDELKEY , 0,1,0, N_("delete a secondary key") }, + { N_("delsig") , cmdDELSIG , 0,1,0, N_("delete signatures") }, + { N_("expire") , cmdEXPIRE , 1,1,0, N_("change the expire date") }, + { N_("toggle") , cmdTOGGLE , 1,0,0, N_("toggle between secret " + "and public key listing") }, + { N_("t" ) , cmdTOGGLE , 1,0,0, NULL }, + { N_("pref") , cmdPREF , 0,1,0, N_("list preferences") }, + { N_("passwd") , cmdPASSWD , 1,1,0, N_("change the passphrase") }, + { N_("trust") , cmdTRUST , 0,1,0, N_("change the ownertrust") }, + { N_("revsig") , cmdREVSIG , 0,1,0, N_("revoke signatures") }, + { N_("revkey") , cmdREVKEY , 1,1,0, N_("revoke a secondary key") }, + { N_("disable") , cmdDISABLEKEY, 0,1,0, N_("disable a key") }, + { N_("enable") , cmdENABLEKEY , 0,1,0, N_("enable a key") }, { NULL, cmdNONE } }; enum cmdids cmd = 0; @@ -678,7 +694,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, have_commands = 0; } if( !have_commands ) { - answer = cpr_get("", _("Command> ")); + answer = cpr_get("keyedit.prompt", _("Command> ")); cpr_kill_prompt(); } trim_spaces(answer); @@ -711,6 +727,10 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, tty_printf(_("Need the secret key to do this.\n")); cmd = cmdNOP; } + else if( cmds[i].not_with_sk && sec_keyblock && toggle ) { + tty_printf(_("Please use the command \"toggle\" first.\n")); + cmd = cmdNOP; + } else cmd = cmds[i].id; } @@ -763,6 +783,11 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, if( !sign_uids( keyblock, locusr, &modified, cmd == cmdLSIGN ) && sign_mode ) goto do_cmd_save; + /* Actually we should do a update_trust_record() here so that + * the trust gets displayed correctly. however this is not possible + * because we would have to save the keyblock first - something + * we don't want to do without an explicit save command. + */ break; case cmdDEBUG: @@ -1005,7 +1030,10 @@ show_prefs( KBNODE keyblock, PKT_user_id *uid ) return; } - rmd160_hash_buffer( namehash, uid->name, uid->len ); + if( uid->photo ) + rmd160_hash_buffer( namehash, uid->photo, uid->photolen ); + else + rmd160_hash_buffer( namehash, uid->name, uid->len ); p = get_pref_data( pk->local_id, namehash, &n ); if( !p ) @@ -1076,7 +1104,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, || (with_subkeys && node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { PKT_secret_key *sk = node->pkt->pkt.secret_key; tty_printf("%s%c %4u%c/%08lX created: %s expires: %s\n", - node->pkt->pkttype == PKT_SECRET_KEY? "sec":"sbb", + node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb", (node->flag & NODFLG_SELKEY)? '*':' ', nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), @@ -1471,7 +1499,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) } else if( node->pkt->pkttype == PKT_USER_ID ) uid = node->pkt->pkt.user_id; - else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE ) { + else if( main_pk && node->pkt->pkttype == PKT_SIGNATURE + && sub_pk != NULL ) { PKT_signature *sig = node->pkt->pkt.signature; if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] && ( (mainkey && uid && (sig->sig_class&~3) == 0x10) @@ -1535,6 +1564,7 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) m_free( sn->pkt ); sn->pkt = newpkt; } + sub_pk = NULL; } } } @@ -1735,6 +1765,7 @@ menu_revsig( KBNODE keyblock ) int changed = 0; int upd_trust = 0; int rc, any; + struct revocation_reason_info *reason = NULL; /* FIXME: detect duplicates here */ tty_printf(_("You have signed these user IDs:\n")); @@ -1797,6 +1828,10 @@ menu_revsig( KBNODE keyblock ) _("Really create the revocation certificates? (y/N)")) ) return 0; /* forget it */ + reason = ask_revocation_reason( 0, 1, 0 ); + if( !reason ) { /* user decided to cancel */ + return 0; + } /* now we can sign the user ids */ reloop: /* (must use this, because we are modifing the list) */ @@ -1804,7 +1839,7 @@ menu_revsig( KBNODE keyblock ) for( node=keyblock; node; node = node->next ) { KBNODE unode; PACKET *pkt; - struct sign_uid_attrib attrib; + struct sign_attrib attrib; PKT_secret_key *sk; if( !(node->flag & NODFLG_MARK_A) @@ -1814,6 +1849,8 @@ menu_revsig( KBNODE keyblock ) assert( unode ); /* we already checked this */ memset( &attrib, 0, sizeof attrib ); + attrib.reason = reason; + node->flag &= ~NODFLG_MARK_A; sk = m_alloc_secure_clear( sizeof *sk ); if( get_seckey( sk, node->pkt->pkt.signature->keyid ) ) { @@ -1825,11 +1862,12 @@ menu_revsig( KBNODE keyblock ) NULL, sk, 0x30, 0, - sign_uid_mk_attrib, + sign_mk_attrib, &attrib ); free_secret_key(sk); if( rc ) { log_error(_("signing failed: %s\n"), g10_errstr(rc)); + release_revocation_reason_info( reason ); return changed; } changed = 1; /* we changed the keyblock */ @@ -1844,7 +1882,7 @@ menu_revsig( KBNODE keyblock ) if( upd_trust ) clear_trust_checked_flag( primary_pk ); - + release_revocation_reason_info( reason ); return changed; } @@ -1861,6 +1899,13 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) int changed = 0; int upd_trust = 0; int rc; + struct revocation_reason_info *reason = NULL; + + reason = ask_revocation_reason( 1, 0, 0 ); + if( !reason ) { /* user decided to cancel */ + return 0; + } + reloop: /* (better this way because we are modifing the keyring) */ mainpk = pub_keyblock->pkt->pkt.public_key; @@ -1871,14 +1916,20 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) PKT_signature *sig; PKT_secret_key *sk; PKT_public_key *subpk = node->pkt->pkt.public_key; + struct sign_attrib attrib; + + memset( &attrib, 0, sizeof attrib ); + attrib.reason = reason; node->flag &= ~NODFLG_SELKEY; sk = copy_secret_key( NULL, sec_keyblock->pkt->pkt.secret_key ); rc = make_keysig_packet( &sig, mainpk, NULL, subpk, sk, 0x28, 0, - NULL, NULL ); + sign_mk_attrib, + &attrib ); free_secret_key(sk); if( rc ) { log_error(_("signing failed: %s\n"), g10_errstr(rc)); + release_revocation_reason_info( reason ); return changed; } changed = 1; /* we changed the keyblock */ @@ -1897,6 +1948,7 @@ menu_revkey( KBNODE pub_keyblock, KBNODE sec_keyblock ) if( upd_trust ) clear_trust_checked_flag( mainpk ); + release_revocation_reason_info( reason ); return changed; } diff --git a/g10/keygen.c b/g10/keygen.c index ceff09d10..d0083d13d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1,5 +1,5 @@ /* keygen.c - generate a key pair - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -35,6 +35,58 @@ #include "status.h" #include "i18n.h" +enum para_name { + pKEYTYPE, + pKEYLENGTH, + pSUBKEYTYPE, + pSUBKEYLENGTH, + pNAMEREAL, + pNAMEEMAIL, + pNAMECOMMENT, + pUSERID, + pEXPIREDATE, + pKEYEXPIRE, /* in n seconds */ + pSUBKEYEXPIRE, /* in n seconds */ + pPASSPHRASE, + pPASSPHRASE_DEK, + pPASSPHRASE_S2K +}; + +struct para_data_s { + struct para_data_s *next; + int lnr; + enum para_name key; + union { + DEK *dek; + STRING2KEY *s2k; + u32 expire; + char value[1]; + } u; +}; + +struct output_control_s { + int lnr; + int dryrun; + int use_files; + struct { + char *fname; + char *newfname; + IOBUF stream; + armor_filter_context_t afx; + } pub; + struct { + char *fname; + char *newfname; + IOBUF stream; + armor_filter_context_t afx; + } sec; +}; + + +static void do_generate_keypair( struct para_data_s *para, + struct output_control_s *outctrl ); +static int write_keyblock( IOBUF out, KBNODE node ); + static void write_uid( KBNODE root, const char *s ) @@ -43,7 +95,7 @@ write_uid( KBNODE root, const char *s ) size_t n = strlen(s); pkt->pkttype = PKT_USER_ID; - pkt->pkt.user_id = m_alloc( sizeof *pkt->pkt.user_id + n - 1 ); + pkt->pkt.user_id = m_alloc_clear( sizeof *pkt->pkt.user_id + n - 1 ); pkt->pkt.user_id->len = n; strcpy(pkt->pkt.user_id->name, s); add_kbnode( root, new_kbnode( pkt ) ); @@ -84,8 +136,9 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque ) keygen_add_key_expire( sig, opaque ); buf[0] = CIPHER_ALGO_TWOFISH; - buf[1] = CIPHER_ALGO_CAST5; - build_sig_subpkt( sig, SIGSUBPKT_PREF_SYM, buf, 2 ); + buf[1] = CIPHER_ALGO_BLOWFISH; + buf[2] = CIPHER_ALGO_CAST5; + build_sig_subpkt( sig, SIGSUBPKT_PREF_SYM, buf, 3 ); buf[0] = DIGEST_ALGO_RMD160; buf[1] = DIGEST_ALGO_SHA1; @@ -191,8 +244,7 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk ) static int gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval, - int version ) + STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval ) { int rc; int i; @@ -203,6 +255,17 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, MPI *factors; assert( is_ELGAMAL(algo) ); + + if( nbits < 512 ) { + nbits = 1024; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } + + if( (nbits % 32) ) { + nbits = ((nbits + 31) / 32) * 32; + log_info(_("keysize rounded up to %u bits\n"), nbits ); + } + rc = pubkey_generate( algo, nbits, skey, &factors ); if( rc ) { log_error("pubkey_generate failed: %s\n", g10_errstr(rc) ); @@ -212,7 +275,7 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, sk = m_alloc_clear( sizeof *sk ); pk = m_alloc_clear( sizeof *pk ); sk->timestamp = pk->timestamp = make_timestamp(); - sk->version = pk->version = version; + sk->version = pk->version = 4; if( expireval ) { sk->expiredate = pk->expiredate = sk->timestamp + expireval; } @@ -266,7 +329,7 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, * Generate a DSA key */ static int -gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, +gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval ) { int rc; @@ -277,8 +340,15 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, MPI skey[5]; MPI *factors; - if( nbits > 1024 ) + if( nbits > 1024 || nbits < 512 ) { nbits = 1024; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } + + if( (nbits % 64) ) { + nbits = ((nbits + 63) / 64) * 64; + log_info(_("keysize rounded up to %u bits\n"), nbits ); + } rc = pubkey_generate( PUBKEY_ALGO_DSA, nbits, skey, &factors ); if( rc ) { @@ -378,7 +448,7 @@ check_valid_days( const char *s ) * Returns: 0 to create both a DSA and a ElGamal key. */ static int -ask_algo( int *ret_v4, int addmode ) +ask_algo( int addmode ) { char *answer; int algo; @@ -390,11 +460,7 @@ ask_algo( int *ret_v4, int addmode ) if( addmode ) tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 ); tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 ); - #if 0 - tty_printf( _(" (%d) ElGamal in a v3 packet\n"), 5 ); - #endif - *ret_v4 = 1; for(;;) { answer = cpr_get("keygen.algo",_("Your selection? ")); cpr_kill_prompt(); @@ -419,13 +485,6 @@ ask_algo( int *ret_v4, int addmode ) algo = PUBKEY_ALGO_DSA; break; } - #if 0 - else if( algo == 5 ) { - algo = PUBKEY_ALGO_ELGAMAL_E; - *ret_v4 = 0; - break; - } - #endif else tty_printf(_("Invalid selection.\n")); } @@ -499,6 +558,41 @@ ask_keysize( int algo ) } +/**************** + * Parse an expire string and return it's value in days. + * Returns -1 on error. + */ +static int +parse_expire_string( const char *string ) +{ + int mult; + u32 abs_date=0; + u32 curtime = make_timestamp(); + int valid_days; + + if( !*string ) + valid_days = 0; + else if( (abs_date = scan_isodatestr(string)) && abs_date > curtime ) { + /* This calculation is not perfectly okay because we + * are later going to simply multiply by 86400 and don't + * correct for leapseconds. A solution would be to change + * the whole implemenation to work with dates and not intervals + * which are required for v3 keys. + */ + valid_days = abs_date/86400-curtime/86400+1; + } + else if( (mult=check_valid_days(string)) ) { + valid_days = atoi(string) * mult; + if( valid_days < 0 || valid_days > 39447 ) + valid_days = 0; + } + else { + valid_days = -1; + } + return valid_days; +} + + static u32 ask_expire_interval(void) { @@ -518,32 +612,14 @@ ask_expire_interval(void) answer = NULL; for(;;) { - int mult; - u32 abs_date=0; - u32 curtime=0;; + u32 curtime=make_timestamp(); m_free(answer); answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); cpr_kill_prompt(); trim_spaces(answer); - curtime = make_timestamp(); - if( !*answer ) - valid_days = 0; - else if( (abs_date = scan_isodatestr(answer)) && abs_date > curtime ) { - /* This calculation is not perfectly okay because we - * are later going to simply multiply by 86400 and don't - * correct for leapseconds. A solution would be to change - * the whole implemenation to work with dates and not intervals - * which are required for v3 keys. - */ - valid_days = abs_date/86400-curtime/86400+1; - } - else if( (mult=check_valid_days(answer)) ) { - valid_days = atoi(answer) * mult; - if( valid_days < 0 || valid_days > 32767 ) - valid_days = 0; - } - else { + valid_days = parse_expire_string( answer ); + if( valid_days < 0 ) { tty_printf(_("invalid value\n")); continue; } @@ -556,7 +632,10 @@ ask_expire_interval(void) interval = valid_days * 86400L; /* print the date when the key expires */ tty_printf(_("Key expires at %s\n"), - asctimestamp(curtime + interval ) ); + asctimestamp((ulong)(curtime + interval) ) ); + if( (time_t)((ulong)(curtime+interval)) < 0 ) + tty_printf(_("Your system can't display dates beyond 2038.\n" + "However, it will be correctly handled up to 2106.\n")); } if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay", @@ -610,6 +689,7 @@ ask_user_id( int mode ) uid = aname = acomment = amail = NULL; for(;;) { char *p; + int fail=0; if( !aname ) { for(;;) { @@ -661,6 +741,7 @@ ask_user_id( int mode ) } } + m_free(uid); uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10); p = stpcpy(p, aname ); @@ -685,6 +766,12 @@ ask_user_id( int mode ) tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); /* fixme: add a warning if this user-id already exists */ + if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) { + fail = 1; + tty_printf(_("Please don't put the email address " + "into the real name or the comment\n") ); + } + for(;;) { char *ansstr = _("NnCcEeOoQq"); @@ -695,8 +782,9 @@ ask_user_id( int mode ) answer[1] = 0; } else { - answer = cpr_get("keygen.userid.cmd",_( - "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : + _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); cpr_kill_prompt(); } if( strlen(answer) > 1 ) @@ -714,10 +802,15 @@ ask_user_id( int mode ) break; } else if( *answer == ansstr[6] || *answer == ansstr[7] ) { - m_free(aname); aname = NULL; - m_free(acomment); acomment = NULL; - m_free(amail); amail = NULL; - break; + if( fail ) { + tty_printf(_("Please correct the error first\n")); + } + else { + m_free(aname); aname = NULL; + m_free(acomment); acomment = NULL; + m_free(amail); amail = NULL; + break; + } } else if( *answer == ansstr[8] || *answer == ansstr[9] ) { m_free(aname); aname = NULL; @@ -777,12 +870,12 @@ ask_passphrase( STRING2KEY **ret_s2k ) static int do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, - DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, u32 expiredate, - int v4_packet ) + DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, u32 expiredate ) { int rc=0; - tty_printf(_( + if( !opt.batch ) + tty_printf(_( "We need to generate a lot of random bytes. It is a good idea to perform\n" "some other action (type on the keyboard, move the mouse, utilize the\n" "disks) during the prime generation; this gives the random number\n" @@ -790,7 +883,7 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, - sk, expiredate, v4_packet? 4:3 ); + sk, expiredate ); else if( algo == PUBKEY_ALGO_DSA ) rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, expiredate); else @@ -824,61 +917,553 @@ generate_user_id() if( !p ) return NULL; n = strlen(p); - uid = m_alloc( sizeof *uid + n - 1 ); + uid = m_alloc_clear( sizeof *uid + n - 1 ); uid->len = n; strcpy(uid->name, p); return uid; } +static void +release_parameter_list( struct para_data_s *r ) +{ + struct para_data_s *r2; + + for( ; r ; r = r2 ) { + r2 = r->next; + if( r->key == pPASSPHRASE_DEK ) + m_free( r->u.dek ); + else if( r->key == pPASSPHRASE_S2K ) + m_free( r->u.s2k ); + + m_free(r); + } +} + +static struct para_data_s * +get_parameter( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r; + + for( r = para; r && r->key != key; r = r->next ) + ; + return r; +} + +static const char * +get_parameter_value( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + return (r && *r->u.value)? r->u.value : NULL; +} + +static int +get_parameter_algo( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + if( !r ) + return -1; + if( isdigit( *r->u.value ) ) + return atoi( r->u.value ); + return string_to_pubkey_algo( r->u.value ); +} + + +static u32 +get_parameter_u32( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + + if( !r ) + return 0; + if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE ) + return r->u.expire; + + return (unsigned int)strtoul( r->u.value, NULL, 10 ); +} + +static unsigned int +get_parameter_uint( struct para_data_s *para, enum para_name key ) +{ + return get_parameter_u32( para, key ); +} + +static DEK * +get_parameter_dek( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + return r? r->u.dek : NULL; +} + +static STRING2KEY * +get_parameter_s2k( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + return r? r->u.s2k : NULL; +} + + +static int +proc_parameter_file( struct para_data_s *para, const char *fname, + struct output_control_s *outctrl ) +{ + struct para_data_s *r; + const char *s1, *s2, *s3; + size_t n; + char *p; + int i; + + /* check that we have all required parameters */ + assert( get_parameter( para, pKEYTYPE ) ); + i = get_parameter_algo( para, pKEYTYPE ); + if( i < 1 || check_pubkey_algo2( i, PUBKEY_USAGE_SIG ) ) { + r = get_parameter( para, pKEYTYPE ); + log_error("%s:%d: invalid algorithm\n", fname, r->lnr ); + return -1; + } + + i = get_parameter_algo( para, pSUBKEYTYPE ); + if( i > 1 && check_pubkey_algo( i ) ) { + r = get_parameter( para, pSUBKEYTYPE ); + log_error("%s:%d: invalid algorithm\n", fname, r->lnr ); + return -1; + } + + if( !get_parameter_value( para, pUSERID ) ) { + /* create the formatted user ID */ + s1 = get_parameter_value( para, pNAMEREAL ); + s2 = get_parameter_value( para, pNAMECOMMENT ); + s3 = get_parameter_value( para, pNAMEEMAIL ); + if( s1 || s2 || s3 ) { + n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0); + r = m_alloc_clear( sizeof *r + n + 20 ); + r->key = pUSERID; + p = r->u.value; + if( s1 ) + p = stpcpy(p, s1 ); + if( s2 ) + p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")"); + if( s3 ) + p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">"); + r->next = para; + para = r; + } + } + + /* make DEK and S2K from the Passphrase */ + r = get_parameter( para, pPASSPHRASE ); + if( r && *r->u.value ) { + /* we have a plain text passphrase - create a DEK from it. + * It is a little bit ridiculous to keep it ih secure memory + * but becuase we do this alwasy, why not here */ + STRING2KEY *s2k; + DEK *dek; + + s2k = m_alloc_secure( sizeof *s2k ); + s2k->mode = opt.s2k_mode; + s2k->hash_algo = opt.s2k_digest_algo; + set_next_passphrase( r->u.value ); + dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k, 2 ); + set_next_passphrase( NULL ); + assert( dek ); + memset( r->u.value, 0, strlen(r->u.value) ); + + r = m_alloc_clear( sizeof *r ); + r->key = pPASSPHRASE_S2K; + r->u.s2k = s2k; + r->next = para; + para = r; + r = m_alloc_clear( sizeof *r ); + r->key = pPASSPHRASE_DEK; + r->u.dek = dek; + r->next = para; + para = r; + } + + /* make KEYEXPIRE from Expire-Date */ + r = get_parameter( para, pEXPIREDATE ); + if( r && *r->u.value ) { + i = parse_expire_string( r->u.value ); + if( i < 0 ) { + log_error("%s:%d: invalid expire date\n", fname, r->lnr ); + return -1; + } + r->u.expire = i * 86400L; + r->key = pKEYEXPIRE; /* change hat entry */ + /* also set it for the subkey */ + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYEXPIRE; + r->u.expire = i * 86400L; + r->next = para; + para = r; + } + + if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) { + log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr ); + return -1; + } + + do_generate_keypair( para, outctrl ); + return 0; +} + + +/**************** + * Kludge to allow non interactive key generation controlled + * by a parameter file (which currently is only stdin) + * Note, that string parameters are expected to be in UTF-8 + */ +static void +read_parameter_file( const char *fname ) +{ + static struct { const char *name; + enum para_name key; + } keywords[] = { + { "Key-Type", pKEYTYPE}, + { "Key-Length", pKEYLENGTH }, + { "Subkey-Type", pSUBKEYTYPE }, + { "Subkey-Length", pSUBKEYLENGTH }, + { "Name-Real", pNAMEREAL }, + { "Name-Email", pNAMEEMAIL }, + { "Name-Comment", pNAMECOMMENT }, + { "Expire-Date", pEXPIREDATE }, + { "Passphrase", pPASSPHRASE }, + { NULL, 0 } + }; + FILE *fp; + char line[1024], *p; + int lnr; + const char *err = NULL; + struct para_data_s *para, *r; + int i; + struct output_control_s outctrl; + + memset( &outctrl, 0, sizeof( outctrl ) ); + + if( !fname || !*fname || !strcmp(fname,"-") ) { + fp = stdin; + fname = "-"; + } + else { + fp = fopen( fname, "r" ); + if( !fp ) { + log_error(_("can't open `%s': %s\n"), fname, strerror(errno) ); + return; + } + } + + lnr = 0; + err = NULL; + para = NULL; + while( fgets( line, DIM(line)-1, fp ) ) { + char *keyword, *value; + + lnr++; + if( *line && line[strlen(line)-1] != '\n' ) { + err = "line too long"; + break; + } + for( p = line; isspace(*p); p++ ) + ; + if( !*p || *p == '#' ) + continue; + keyword = p; + if( *keyword == '%' ) { + for( ; !isspace(*p); p++ ) + ; + if( *p ) + *p++ = 0; + for( ; isspace(*p); p++ ) + ; + value = p; + trim_trailing_ws( value, strlen(value) ); + if( !stricmp( keyword, "%echo" ) ) + log_info("%s\n", value ); + else if( !stricmp( keyword, "%dry-run" ) ) + outctrl.dryrun = 1; + else if( !stricmp( keyword, "%commit" ) ) { + outctrl.lnr = lnr; + proc_parameter_file( para, fname, &outctrl ); + release_parameter_list( para ); + para = NULL; + } + else if( !stricmp( keyword, "%pubring" ) ) { + if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) ) + ; /* still the same file - ignore it */ + else { + m_free( outctrl.pub.newfname ); + outctrl.pub.newfname = m_strdup( value ); + outctrl.use_files = 1; + } + } + else if( !stricmp( keyword, "%secring" ) ) { + if( outctrl.sec.fname && !strcmp( outctrl.sec.fname, value ) ) + ; /* still the same file - ignore it */ + else { + m_free( outctrl.sec.newfname ); + outctrl.sec.newfname = m_strdup( value ); + outctrl.use_files = 1; + } + } + else + log_info("skipping control `%s' (%s)\n", keyword, value ); + + + continue; + } + + + if( !(p = strchr( p, ':' )) || p == keyword ) { + err = "missing colon"; + break; + } + if( *p ) + *p++ = 0; + for( ; isspace(*p); p++ ) + ; + if( !*p ) { + err = "missing argument"; + break; + } + value = p; + trim_trailing_ws( value, strlen(value) ); + + for(i=0; keywords[i].name; i++ ) { + if( !stricmp( keywords[i].name, keyword ) ) + break; + } + if( !keywords[i].name ) { + err = "unknown keyword"; + break; + } + if( keywords[i].key != pKEYTYPE && !para ) { + err = "parameter block does not start with \"Key-Type\""; + break; + } + + if( keywords[i].key == pKEYTYPE && para ) { + outctrl.lnr = lnr; + proc_parameter_file( para, fname, &outctrl ); + release_parameter_list( para ); + para = NULL; + } + else { + for( r = para; r; r = r->next ) { + if( r->key == keywords[i].key ) + break; + } + if( r ) { + err = "duplicate keyword"; + break; + } + } + r = m_alloc_clear( sizeof *r + strlen( value ) ); + r->lnr = lnr; + r->key = keywords[i].key; + strcpy( r->u.value, value ); + r->next = para; + para = r; + } + if( err ) + log_error("%s:%d: %s\n", fname, lnr, err ); + else if( ferror(fp) ) { + log_error("%s:%d: read error: %s\n", fname, lnr, strerror(errno) ); + } + else if( para ) { + outctrl.lnr = lnr; + proc_parameter_file( para, fname, &outctrl ); + } + + if( outctrl.use_files ) { /* close open streams */ + iobuf_close( outctrl.pub.stream ); + iobuf_close( outctrl.sec.stream ); + m_free( outctrl.pub.fname ); + m_free( outctrl.pub.newfname ); + m_free( outctrl.sec.fname ); + m_free( outctrl.sec.newfname ); + } + + release_parameter_list( para ); + if( strcmp( fname, "-" ) ) + fclose(fp); +} + + /**************** * Generate a keypair + * (fname is only used in batch mode) */ void -generate_keypair() +generate_keypair( const char *fname ) { - unsigned nbits; - char *pub_fname = NULL; - char *sec_fname = NULL; + unsigned int nbits; char *uid = NULL; - KBNODE pub_root = NULL; - KBNODE sec_root = NULL; - PKT_secret_key *sk = NULL; DEK *dek; STRING2KEY *s2k; - int rc; int algo; - u32 expire; - int v4; int both = 0; + u32 expire; + struct para_data_s *para = NULL; + struct para_data_s *r; + struct output_control_s outctrl; - if( opt.batch || opt.answer_yes || opt.answer_no ) { - log_error(_("Key generation can only be used in interactive mode\n")); + memset( &outctrl, 0, sizeof( outctrl ) ); + + if( opt.batch ) { + read_parameter_file( fname ); return; } - algo = ask_algo( &v4, 0 ); - if( !algo ) { - algo = PUBKEY_ALGO_ELGAMAL_E; + algo = ask_algo( 0 ); + if( !algo ) { /* default: DSA with ElG subkey of the specified size */ both = 1; + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA ); + r->next = para; + para = r; tty_printf(_("DSA keypair will have 1024 bits.\n")); + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pKEYLENGTH; + strcpy( r->u.value, "1024" ); + r->next = para; + para = r; + + algo = PUBKEY_ALGO_ELGAMAL_E; + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYTYPE; + sprintf( r->u.value, "%d", algo ); + r->next = para; + para = r; } + else { + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", algo ); + r->next = para; + para = r; + } + nbits = ask_keysize( algo ); + r = m_alloc_clear( sizeof *r + 20 ); + r->key = both? pSUBKEYLENGTH : pKEYLENGTH; + sprintf( r->u.value, "%u", nbits); + r->next = para; + para = r; + expire = ask_expire_interval(); + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + r = m_alloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + uid = ask_user_id(0); if( !uid ) { log_error(_("Key generation canceled.\n")); + release_parameter_list( para ); return; } + r = m_alloc_clear( sizeof *r + strlen(uid) ); + r->key = pUSERID; + strcpy( r->u.value, uid ); + r->next = para; + para = r; + dek = ask_passphrase( &s2k ); + if( dek ) { + r = m_alloc_clear( sizeof *r ); + r->key = pPASSPHRASE_DEK; + r->u.dek = dek; + r->next = para; + para = r; + r = m_alloc_clear( sizeof *r ); + r->key = pPASSPHRASE_S2K; + r->u.s2k = s2k; + r->next = para; + para = r; + } + + proc_parameter_file( para, "[internal]", &outctrl ); + release_parameter_list( para ); +} + + +static void +do_generate_keypair( struct para_data_s *para, + struct output_control_s *outctrl ) +{ + char *pub_fname = NULL; + char *sec_fname = NULL; + KBNODE pub_root = NULL; + KBNODE sec_root = NULL; + PKT_secret_key *sk = NULL; + const char *s; + int rc; + + if( outctrl->dryrun ) { + log_info("dry-run mode - key generation skipped\n"); + return; + } - /* now check whether we are allowed to write to the keyrings */ - pub_fname = make_filename(opt.homedir, "pubring.gpg", NULL ); - sec_fname = make_filename(opt.homedir, "secring.gpg", NULL ); + if( outctrl->use_files ) { + if( outctrl->pub.newfname ) { + iobuf_close(outctrl->pub.stream); + outctrl->pub.stream = NULL; + m_free( outctrl->pub.fname ); + outctrl->pub.fname = outctrl->pub.newfname; + outctrl->pub.newfname = NULL; + + outctrl->pub.stream = iobuf_create( outctrl->pub.fname ); + if( !outctrl->pub.stream ) { + log_error("can't create `%s': %s\n", outctrl->pub.newfname, + strerror(errno) ); + return; + } + if( opt.armor ) { + outctrl->pub.afx.what = 1; + iobuf_push_filter( outctrl->pub.stream, armor_filter, + &outctrl->pub.afx ); + } + } + if( outctrl->sec.newfname ) { + iobuf_close(outctrl->sec.stream); + outctrl->sec.stream = NULL; + m_free( outctrl->sec.fname ); + outctrl->sec.fname = outctrl->sec.newfname; + outctrl->sec.newfname = NULL; + + outctrl->sec.stream = iobuf_create( outctrl->sec.fname ); + if( !outctrl->sec.stream ) { + log_error("can't create `%s': %s\n", outctrl->sec.newfname, + strerror(errno) ); + return; + } + if( opt.armor ) { + outctrl->sec.afx.what = 5; + iobuf_push_filter( outctrl->sec.stream, armor_filter, + &outctrl->sec.afx ); + } + } + pub_fname = outctrl->pub.fname; /* only for info output */ + sec_fname = outctrl->sec.fname; /* only for info output */ + assert( outctrl->pub.stream ); + assert( outctrl->sec.stream ); + } + else { + pub_fname = get_writable_keyblock_file( 0 ); + sec_fname = get_writable_keyblock_file( 1 ); + } + if( opt.verbose ) { - tty_printf(_("writing public certificate to `%s'\n"), pub_fname ); - tty_printf(_("writing secret certificate to `%s'\n"), sec_fname ); + log_info(_("writing public key to `%s'\n"), pub_fname ); + log_info(_("writing secret key to `%s'\n"), sec_fname ); } /* we create the packets as a tree of kbnodes. Because the structure @@ -889,24 +1474,31 @@ generate_keypair() pub_root = make_comment_node("#"); delete_kbnode(pub_root); sec_root = make_comment_node("#"); delete_kbnode(sec_root); - if( both ) - rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root, - dek, s2k, &sk, expire, 1); - else - rc = do_create( algo, nbits, pub_root, sec_root, - dek, s2k, &sk, expire, v4); - if( !rc ) - write_uid(pub_root, uid ); - if( !rc ) - write_uid(sec_root, uid ); - if( !rc ) - rc = write_selfsig(pub_root, pub_root, sk); - if( !rc ) - rc = write_selfsig(sec_root, pub_root, sk); + rc = do_create( get_parameter_algo( para, pKEYTYPE ), + get_parameter_uint( para, pKEYLENGTH ), + pub_root, sec_root, + get_parameter_dek( para, pPASSPHRASE_DEK ), + get_parameter_s2k( para, pPASSPHRASE_S2K ), + &sk, + get_parameter_u32( para, pKEYEXPIRE ) ); + if( !rc && (s=get_parameter_value(para, pUSERID)) ) { + write_uid(pub_root, s ); + if( !rc ) + write_uid(sec_root, s ); + if( !rc ) + rc = write_selfsig(pub_root, pub_root, sk); + if( !rc ) + rc = write_selfsig(sec_root, pub_root, sk); + } - if( both ) { - rc = do_create( algo, nbits, pub_root, sec_root, - dek, s2k, NULL, expire, 1 ); + if( get_parameter( para, pSUBKEYTYPE ) ) { + rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ), + get_parameter_uint( para, pSUBKEYLENGTH ), + pub_root, sec_root, + get_parameter_dek( para, pPASSPHRASE_DEK ), + get_parameter_s2k( para, pPASSPHRASE_S2K ), + NULL, + get_parameter_u32( para, pSUBKEYEXPIRE ) ); if( !rc ) rc = write_keybinding(pub_root, pub_root, sk); if( !rc ) @@ -914,7 +1506,18 @@ generate_keypair() } - if( !rc ) { + if( !rc && outctrl->use_files ) { /* direct write to specified files */ + rc = write_keyblock( outctrl->pub.stream, pub_root ); + if( rc ) + log_error("can't write public key: %s\n", g10_errstr(rc) ); + if( !rc ) { + rc = write_keyblock( outctrl->sec.stream, sec_root ); + if( rc ) + log_error("can't write secret key: %s\n", g10_errstr(rc) ); + } + + } + else if( !rc ) { /* write to the standard keyrings */ KBPOS pub_kbpos; KBPOS sec_kbpos; int rc1 = -1; @@ -955,12 +1558,17 @@ generate_keypair() else if( (rc=insert_keyblock( &sec_kbpos, sec_root )) ) log_error("can't write secret key: %s\n", g10_errstr(rc) ); else { - tty_printf(_("public and secret key created and signed.\n") ); - if( algo == PUBKEY_ALGO_DSA ) + if( !opt.batch ) + tty_printf(_("public and secret key created and signed.\n") ); + if( !opt.batch + && get_parameter_algo( para, pKEYTYPE ) == PUBKEY_ALGO_DSA + && !get_parameter( para, pSUBKEYTYPE ) ) + { tty_printf(_("Note that this key cannot be used for " "encryption. You may want to use\n" "the command \"--edit-key\" to generate a " "secondary key for this purpose.\n") ); + } } if( !rc1 ) @@ -969,18 +1577,20 @@ generate_keypair() unlock_keyblock( &sec_kbpos ); } - - if( rc ) - tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) ); + if( rc ) { + if( opt.batch ) + log_error("key generation failed: %s\n", g10_errstr(rc) ); + else + tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) ); + } release_kbnode( pub_root ); release_kbnode( sec_root ); if( sk ) /* the unprotected secret key */ free_secret_key(sk); - m_free(uid); - m_free(dek); - m_free(s2k); - m_free(pub_fname); - m_free(sec_fname); + if( !outctrl->use_files ) { + m_free(pub_fname); + m_free(sec_fname); + } } @@ -994,7 +1604,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) int okay=0, rc=0; KBNODE node; PKT_secret_key *sk = NULL; /* this is the primary sk */ - int v4, algo; + int algo; u32 expire; unsigned nbits; char *passphrase = NULL; @@ -1019,8 +1629,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - rc = G10ERR_TIME_CONFLICT; - goto leave; + if( !opt.ignore_time_conflict ) { + rc = G10ERR_TIME_CONFLICT; + goto leave; + } } @@ -1043,7 +1655,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) goto leave; - algo = ask_algo( &v4, 1 ); + algo = ask_algo( 1 ); assert(algo); nbits = ask_keysize( algo ); expire = ask_expire_interval(); @@ -1060,7 +1672,7 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) } rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, - dek, s2k, NULL, expire, v4 ); + dek, s2k, NULL, expire ); if( !rc ) rc = write_keybinding(pub_keyblock, pub_keyblock, sk); if( !rc ) @@ -1080,3 +1692,20 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ) return okay; } +/**************** + * Write a keyblock to an output stream + */ +static int +write_keyblock( IOBUF out, KBNODE node ) +{ + for( ; node ; node = node->next ) { + int rc = build_packet( out, node->pkt ); + if( rc ) { + log_error("build_packet(%d) failed: %s\n", + node->pkt->pkttype, g10_errstr(rc) ); + return G10ERR_WRITE_FILE; + } + } + return 0; +} + diff --git a/g10/keyid.c b/g10/keyid.c index 665b3be86..d56c58711 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -1,5 +1,5 @@ /* keyid.c - jeyid and fingerprint handling - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/keylist.c b/g10/keylist.c index 91a13afaf..5fc89d765 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -1,5 +1,5 @@ /* keylist.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -43,34 +43,24 @@ static void fingerprint( PKT_public_key *pk, PKT_secret_key *sk ); /**************** * List the keys - * If NNAMES is 0; all available keys are listed + * If list is NULL, all available keys are listed */ void -public_key_list( int nnames, char **names ) +public_key_list( STRLIST list ) { - if( !nnames ) + if( !list ) list_all(0); - else { /* List by user id */ - STRLIST list = NULL; - for( ; nnames ; nnames--, names++ ) - add_to_strlist( &list, *names ); + else list_one( list, 0 ); - free_strlist( list ); - } } void -secret_key_list( int nnames, char **names ) +secret_key_list( STRLIST list ) { - if( !nnames ) + if( !list ) list_all(1); - else { /* List by user id */ - STRLIST list = NULL; - for( ; nnames ; nnames--, names++ ) - add_to_strlist( &list, *names ); + else /* List by user id */ list_one( list, 1 ); - free_strlist( list ); - } } @@ -145,6 +135,7 @@ list_one( STRLIST names, int secret ) return; } do { + merge_keys_and_selfsig( keyblock ); list_keyblock( keyblock, 0 ); release_kbnode( keyblock ); } while( !get_pubkey_next( ctx, NULL, &keyblock ) ); @@ -155,7 +146,7 @@ list_one( STRLIST names, int secret ) static void print_key_data( PKT_public_key *pk, u32 *keyid ) { - int n = pubkey_get_npkey( pk->pubkey_algo ); + int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0; int i; for(i=0; i < n; i++ ) { @@ -211,21 +202,26 @@ list_keyblock( KBNODE keyblock, int secret ) sk = NULL; keyid_from_pk( pk, keyid ); if( opt.with_colons ) { - trustletter = query_trust_info( pk, NULL ); - if( trustletter == 'u' ) - ulti_hack = 1; - printf("pub:%c:%u:%d:%08lX%08lX:%s:%s:", - trustletter, + if ( opt.fast_list_mode ) { + fputs( "pub::", stdout ); + trustletter = 0; + } + else { + trustletter = query_trust_info( pk, NULL ); + if( trustletter == 'u' ) + ulti_hack = 1; + printf("pub:%c:", trustletter ); + } + printf("%u:%d:%08lX%08lX:%s:%s:", nbits_from_pk( pk ), pk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], datestr_from_pk( pk ), - pk->expiredate? strtimestamp(pk->expiredate):"" - ); + pk->expiredate? strtimestamp(pk->expiredate):"" ); if( pk->local_id ) printf("%lu", pk->local_id ); putchar(':'); - if( pk->local_id ) + if( pk->local_id && !opt.fast_list_mode ) putchar( get_ownertrust_info( pk->local_id ) ); putchar(':'); } @@ -237,15 +233,20 @@ list_keyblock( KBNODE keyblock, int secret ) } for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { - if( node->pkt->pkttype == PKT_USER_ID ) { + if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) { if( any ) { - if( opt.with_colons ) { + if ( opt.with_colons ) { byte namehash[20]; if( pk && !ulti_hack ) { - rmd160_hash_buffer( namehash, - node->pkt->pkt.user_id->name, - node->pkt->pkt.user_id->len ); + if( node->pkt->pkt.user_id->photo ) + rmd160_hash_buffer( namehash, + node->pkt->pkt.user_id->name, + node->pkt->pkt.user_id->len ); + else + rmd160_hash_buffer( namehash, + node->pkt->pkt.user_id->name, + node->pkt->pkt.user_id->len ); trustletter = query_trust_info( pk, namehash ); } else @@ -288,8 +289,13 @@ list_keyblock( KBNODE keyblock, int secret ) keyid_from_pk( pk2, keyid2 ); if( opt.with_colons ) { - printf("sub:%c:%u:%d:%08lX%08lX:%s:%s:", - trustletter, + if ( opt.fast_list_mode ) { + fputs( "sub::", stdout ); + } + else { + printf("sub:%c:", trustletter ); + } + printf("%u:%d:%08lX%08lX:%s:%s:", nbits_from_pk( pk2 ), pk2->pubkey_algo, (ulong)keyid2[0],(ulong)keyid2[1], @@ -303,11 +309,16 @@ list_keyblock( KBNODE keyblock, int secret ) putchar(':'); putchar('\n'); } - else - printf("sub %4u%c/%08lX %s\n", nbits_from_pk( pk2 ), + else { + printf("sub %4u%c/%08lX %s", nbits_from_pk( pk2 ), pubkey_letter( pk2->pubkey_algo ), (ulong)keyid2[1], datestr_from_pk( pk2 ) ); + if( pk2->expiredate ) { + printf(_(" [expires: %s]"), expirestr_from_pk( pk2 ) ); + } + putchar('\n'); + } if( opt.fingerprint > 1 ) fingerprint( pk2, NULL ); if( opt.with_key_data ) @@ -346,6 +357,7 @@ list_keyblock( KBNODE keyblock, int secret ) else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; int sigrc; + char *sigstr; if( !any ) { /* no user id, (maybe a revocation follows)*/ if( sig->sig_class == 0x20 ) @@ -363,11 +375,11 @@ list_keyblock( KBNODE keyblock, int secret ) if( sig->sig_class == 0x20 || sig->sig_class == 0x28 || sig->sig_class == 0x30 ) - fputs("rev", stdout); + sigstr = "rev"; else if( (sig->sig_class&~3) == 0x10 ) - fputs("sig", stdout); + sigstr = "sig"; else if( sig->sig_class == 0x18 ) - fputs("sig", stdout); + sigstr = "sig"; else { if( opt.with_colons ) printf("sig::::::::::%02x:\n",sig->sig_class ); @@ -390,11 +402,13 @@ list_keyblock( KBNODE keyblock, int secret ) rc = 0; sigrc = ' '; } + fputs( sigstr, stdout ); if( opt.with_colons ) { putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], + printf("::%d:%08lX%08lX:%s::::", sig->pubkey_algo, + (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else @@ -404,7 +418,7 @@ list_keyblock( KBNODE keyblock, int secret ) printf("[%s] ", g10_errstr(rc) ); else if( sigrc == '?' ) ; - else { + else if ( !opt.fast_list_mode ) { size_t n; char *p = get_user_id( sig->keyid, &n ); if( opt.with_colons ) diff --git a/g10/ks-proto.h b/g10/ks-proto.h index bd58db5f9..7a7858ef9 100644 --- a/g10/ks-proto.h +++ b/g10/ks-proto.h @@ -1,5 +1,5 @@ /* ks-proto.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/main.h b/g10/main.h index df04f408d..9ec141ebc 100644 --- a/g10/main.h +++ b/g10/main.h @@ -1,5 +1,5 @@ /* main.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -81,7 +81,7 @@ int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ); /*-- sig-check.c --*/ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); int check_key_signature2( KBNODE root, KBNODE node, - int *is_selfsig, u32 *r_expire ); + int *is_selfsig, u32 *r_expiredate, int *r_expired ); /*-- delkey.c --*/ int delete_key( const char *username, int secure ); @@ -92,7 +92,7 @@ void keyedit_menu( const char *username, STRLIST locusr, STRLIST cmds, /*-- keygen.c --*/ u32 ask_expiredate(void); -void generate_keypair(void); +void generate_keypair( const char *fname ); int keygen_add_key_expire( PKT_signature *sig, void *opaque ); int keygen_add_std_prefs( PKT_signature *sig, void *opaque ); int generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock ); @@ -103,7 +103,7 @@ char *make_outfile_name( const char *iname ); char *ask_outfile_name( const char *name, size_t namelen ); int open_outfile( const char *iname, int mode, IOBUF *a ); IOBUF open_sigfile( const char *iname ); -void copy_options_file( const char *destdir ); +void try_make_homedir( const char *fname ); /*-- seskey.c --*/ void make_session_key( DEK *dek ); @@ -116,7 +116,7 @@ KBNODE make_comment_node( const char *s ); KBNODE make_mpi_comment_node( const char *s, MPI a ); /*-- import.c --*/ -int import_keys( const char *filename, int fast ); +void import_keys( char **fnames, int nnames, int fast ); int import_keys_stream( IOBUF inp, int fast ); int collapse_uids( KBNODE *keyblock ); @@ -124,20 +124,27 @@ int collapse_uids( KBNODE *keyblock ); int export_pubkeys( STRLIST users, int onlyrfc ); int export_pubkeys_stream( IOBUF out, STRLIST users, int onlyrfc ); int export_seckeys( STRLIST users ); +int export_secsubkeys( STRLIST users ); /* dearmor.c --*/ int dearmor_file( const char *fname ); int enarmor_file( const char *fname ); /*-- revoke.c --*/ +struct revocation_reason_info; int gen_revoke( const char *uname ); +int revocation_reason_build_cb( PKT_signature *sig, void *opaque ); +struct revocation_reason_info * + ask_revocation_reason( int key_rev, int cert_rev, int hint ); +void release_revocation_reason_info( struct revocation_reason_info *reason ); /*-- keylist.c --*/ -void public_key_list( int nnames, char **names ); -void secret_key_list( int nnames, char **names ); +void public_key_list( STRLIST list ); +void secret_key_list( STRLIST list ); /*-- verify.c --*/ int verify_signatures( int nfiles, char **files ); +int verify_files( int nfiles, char **files ); /*-- decrypt.c --*/ int decrypt_message( const char *filename ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 4c93b4877..7c5ed36aa 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1,5 +1,5 @@ -/* maPPPPinproc.c - handle packets - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. +/* mainproc.c - handle packets + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -225,10 +225,14 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) || is_RSA(enc->pubkey_algo) ) { if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) || !seckey_available( enc->keyid )) ) { - c->dek = m_alloc_secure( sizeof *c->dek ); - if( (result = get_session_key( enc, c->dek )) ) { - /* error: delete the DEK */ - m_free(c->dek); c->dek = NULL; + if( opt.list_only ) + result = -1; + else { + c->dek = m_alloc_secure( sizeof *c->dek ); + if( (result = get_session_key( enc, c->dek )) ) { + /* error: delete the DEK */ + m_free(c->dek); c->dek = NULL; + } } } else @@ -268,6 +272,8 @@ print_failed_pkenc( struct kidlist_item *list ) PKT_public_key *pk = m_alloc_clear( sizeof *pk ); const char *algstr = pubkey_algo_to_string( list->pubkey_algo ); + if( !algstr ) + algstr = "[?]"; pk->pubkey_algo = list->pubkey_algo; if( !get_pubkey( pk, list->kid ) ) { size_t n; @@ -310,10 +316,14 @@ proc_encrypted( CTX c, PACKET *pkt ) print_failed_pkenc( c->failed_pkenc ); + write_status( STATUS_BEGIN_DECRYPTION ); + /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ - if( !c->dek && !c->last_was_session_key ) { + if( opt.list_only ) + result = -1; + else if( !c->dek && !c->last_was_session_key ) { /* assume this is old conventional encrypted data - * Actually we should use IDEA and MD5 in this case, but becuase + * Actually we should use IDEA and MD5 in this case, but because * IDEA is patented we can't do so */ c->dek = passphrase_to_dek( NULL, 0, opt.def_cipher_algo ? opt.def_cipher_algo @@ -345,6 +355,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } free_packet(pkt); c->last_was_session_key = 0; + write_status( STATUS_END_DECRYPTION ); } @@ -397,12 +408,14 @@ proc_plaintext( CTX c, PACKET *pkt ) clearsig = 1; } } - if( !any ) { /* no onepass sig packet: enable all standard algos */ + + if( !any && !opt.skip_verify ) { + /* no onepass sig packet: enable all standard algos */ md_enable( c->mfx.md, DIGEST_ALGO_RMD160 ); md_enable( c->mfx.md, DIGEST_ALGO_SHA1 ); md_enable( c->mfx.md, DIGEST_ALGO_MD5 ); } - if( only_md5 ) { + if( opt.pgp2_workarounds && only_md5 && !opt.skip_verify ) { /* This is a kludge to work around a bug in pgp2. It does only * catch those mails which are armored. To catch the non-armored * pgp mails we could see whether there is the signature packet @@ -507,6 +520,11 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig ) || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { return check_key_signature( c->list, node, is_selfsig ); } + else if( sig->sig_class == 0x20 ) { + log_info(_("standalone revocation - " + "use \"gpg --import\" to apply\n")); + return G10ERR_NOT_PROCESSED; + } else { log_error("invalid root packet for sigclass %02x\n", sig->sig_class); @@ -534,8 +552,12 @@ print_userid( PACKET *pkt ) printf("ERROR: unexpected packet type %d", pkt->pkttype ); return; } - print_string( stdout, pkt->pkt.user_id->name, pkt->pkt.user_id->len, - opt.with_colons ); + if( opt.with_colons ) + print_string( stdout, pkt->pkt.user_id->name, + pkt->pkt.user_id->len, ':'); + else + print_utf8_string( stdout, pkt->pkt.user_id->name, + pkt->pkt.user_id->len ); } @@ -638,11 +660,13 @@ list_node( CTX c, KBNODE node ) keyid_from_pk( pk, keyid ); if( mainkey ) { c->local_id = pk->local_id; - c->trustletter = query_trust_info( pk, NULL ); + c->trustletter = opt.fast_list_mode? + 0 : query_trust_info( pk, NULL ); } - printf("%s:%c:%u:%d:%08lX%08lX:%s:%s:", - mainkey? "pub":"sub", - c->trustletter, + printf("%s:", mainkey? "pub":"sub" ); + if( c->trustletter ) + putchar( c->trustletter ); + printf(":%u:%d:%08lX%08lX:%s:%s:", nbits_from_pk( pk ), pk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], @@ -651,7 +675,7 @@ list_node( CTX c, KBNODE node ) if( c->local_id ) printf("%lu", c->local_id ); putchar(':'); - if( c->local_id ) + if( c->local_id && !opt.fast_list_mode ) putchar( get_ownertrust_info( c->local_id ) ); putchar(':'); if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) { @@ -669,6 +693,7 @@ list_node( CTX c, KBNODE node ) pubkey_letter( pk->pubkey_algo ), (ulong)keyid_from_pk( pk, NULL ), datestr_from_pk( pk ) ); + if( mainkey ) { /* and now list all userids with their signatures */ for( node = node->next; node; node = node->next ) { @@ -711,6 +736,10 @@ list_node( CTX c, KBNODE node ) } } } + else if( pk->expiredate ) { /* of subkey */ + printf(_(" [expires: %s]"), expirestr_from_pk( pk ) ); + } + if( !any ) putchar('\n'); if( !mainkey && opt.fingerprint > 1 ) @@ -823,7 +852,8 @@ list_node( CTX c, KBNODE node ) putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], + printf("::%d:%08lX%08lX:%s::::", sig->pubkey_algo, + (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else @@ -840,7 +870,7 @@ list_node( CTX c, KBNODE node ) if( opt.with_colons ) putchar(':'); } - else { + else if( !opt.fast_list_mode ) { p = get_user_id( sig->keyid, &n ); print_string( stdout, p, n, opt.with_colons ); m_free(p); @@ -1114,7 +1144,8 @@ check_sig_and_print( CTX c, KBNODE node ) buf[16] = 0; write_status_text( STATUS_NO_PUBKEY, buf ); } - log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); + if( rc != G10ERR_NOT_PROCESSED ) + log_error(_("Can't check signature: %s\n"), g10_errstr(rc) ); } return rc; } @@ -1129,7 +1160,7 @@ proc_tree( CTX c, KBNODE node ) KBNODE n1; int rc; - if( opt.list_packets ) + if( opt.list_packets || opt.list_only ) return; c->local_id = 0; @@ -1174,12 +1205,17 @@ proc_tree( CTX c, KBNODE node ) else if( node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; - if( !c->have_data ) { + if( sig->sig_class != 0x00 && sig->sig_class != 0x01 ) + log_info(_("standalone signature of class 0x%02x\n"), + sig->sig_class); + else if( !c->have_data ) { /* detached signature */ free_md_filter_context( &c->mfx ); c->mfx.md = md_open(sig->digest_algo, 0); - if( sig->digest_algo == DIGEST_ALGO_MD5 - && is_RSA( sig->pubkey_algo ) ) { + if( !opt.pgp2_workarounds ) + ; + else if( sig->digest_algo == DIGEST_ALGO_MD5 + && is_RSA( sig->pubkey_algo ) ) { /* enable a workaround for a pgp2 bug */ c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 ); } diff --git a/g10/mdfilter.c b/g10/mdfilter.c index 951fd730e..91739f9be 100644 --- a/g10/mdfilter.c +++ b/g10/mdfilter.c @@ -1,5 +1,5 @@ /* mdfilter.c - filter data and calculate a message digest - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/misc.c b/g10/misc.c index 3f18183b5..8706430e7 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1,5 +1,5 @@ /* misc.c - miscellaneous functions - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/openfile.c b/g10/openfile.c index 4d16db500..a00785e96 100644 --- a/g10/openfile.c +++ b/g10/openfile.c @@ -1,5 +1,5 @@ /* openfile.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -24,6 +24,9 @@ #include <string.h> #include <assert.h> #include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> #include <unistd.h> #include "util.h" #include "memory.h" @@ -39,6 +42,17 @@ #define SKELEXT ".skel" #endif +#ifdef HAVE_DRIVE_LETTERS + #define CMP_FILENAME(a,b) stricmp( (a), (b) ) +#else + #define CMP_FILENAME(a,b) strcmp( (a), (b) ) +#endif + +#ifdef MKDIR_TAKES_ONE_ARG +# undef mkdir +# define mkdir(a,b) mkdir(a) +#endif + /* FIXME: Implement opt.interactive. */ /**************** @@ -82,13 +96,11 @@ make_outfile_name( const char *iname ) if( (!iname || (*iname=='-' && !iname[1]) )) return m_strdup("-"); - #ifdef HAVE_DRIVE_LETTERS - #warning add case insensitive compare - #endif n = strlen(iname); - if( n > 4 && ( !strcmp(iname+n-4,".gpg") - || !strcmp(iname+n-4,".sig") - || !strcmp(iname+n-4,".asc") ) ) { + if( n > 4 && ( !CMP_FILENAME(iname+n-4,".gpg") + || !CMP_FILENAME(iname+n-4,".pgp") + || !CMP_FILENAME(iname+n-4,".sig") + || !CMP_FILENAME(iname+n-4,".asc") ) ) { char *buf = m_strdup( iname ); buf[n-4] = 0; return buf; @@ -169,11 +181,33 @@ open_outfile( const char *iname, int mode, IOBUF *a ) name = opt.outfile; else { #ifdef USE_ONLY_8DOT3 - #warning please implement 8.3 files - #endif + /* It is quite common DOS system to have only one dot in a + * a filename So if we have something like this, we simple + * replace the suffix execpt in cases where the suffix is + * larger than 3 characters and not the same as. + * We should really map the filenames to 8.3 but this tends to + * be more complicated and is probaly a duty of the filesystem + */ + char *dot; + const char *newsfx = mode==1 ? ".asc" : + mode==2 ? ".sig" : ".gpg"; + + buf = m_alloc(strlen(iname)+4+1); + strcpy(buf,iname); + dot = strchr(buf, '.' ); + if( dot && dot > buf && dot[1] && strlen(dot) <= 4 + && CMP_FILENAME(newsfx, dot) ) { + strcpy(dot, newsfx ); + } + else if( dot && !dot[1] ) /* don't duplicate a dot */ + strcpy( dot, newsfx+1 ); + else + strcat( buf, newsfx ); + #else buf = m_alloc(strlen(iname)+4+1); strcpy(stpcpy(buf,iname), mode==1 ? ".asc" : mode==2 ? ".sig" : ".gpg"); + #endif name = buf; } @@ -204,9 +238,6 @@ open_sigfile( const char *iname ) IOBUF a = NULL; size_t len; - #ifdef USE_ONLY_8DOT3 - #warning please implement 8.3 files - #endif if( iname && !(*iname == '-' && !iname[1]) ) { len = strlen(iname); if( len > 4 && ( !strcmp(iname + len - 4, ".sig") @@ -227,7 +258,7 @@ open_sigfile( const char *iname ) /**************** * Copy the option file skeleton to the given directory. */ -void +static void copy_options_file( const char *destdir ) { const char *datadir = GNUPG_DATADIR; @@ -270,3 +301,23 @@ copy_options_file( const char *destdir ) m_free(fname); } + +void +try_make_homedir( const char *fname ) +{ + if( opt.dry_run ) + return; + if( strlen(fname) >= 7 + && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) { + if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) ) + log_fatal( _("%s: can't create directory: %s\n"), + fname, strerror(errno) ); + else if( !opt.quiet ) + log_info( _("%s: directory created\n"), fname ); + copy_options_file( fname ); + log_info(_("you have to start GnuPG again, " + "so it can read the new options file\n") ); + g10_exit(1); + } +} + diff --git a/g10/options.h b/g10/options.h index 02613e3cc..b3bdc8a34 100644 --- a/g10/options.h +++ b/g10/options.h @@ -1,5 +1,5 @@ /* options.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,7 @@ struct { int compress; char *outfile; int dry_run; + int list_only; int textmode; int batch; /* run in batch mode */ int answer_yes; /* answer yes on most questions */ @@ -63,6 +64,7 @@ struct { int compress_sigs; int always_trust; int rfc1991; + int pgp2_workarounds; unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ int shm_coprocess; const char *set_filename; @@ -83,10 +85,15 @@ struct { int allow_non_selfsigned_uid; int no_literal; ulong set_filesize; + int honor_http_proxy; + int fast_list_mode; + int ignore_time_conflict; + int command_fd; } opt; #define EMUBUG_GPGCHKSUM 1 +#define EMUBUG_3DESS2K 2 #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ #define DBG_MPI_VALUE 2 /* debug mpi details */ diff --git a/g10/options.skel b/g10/options.skel index fa4ac3f28..646e0152b 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -79,3 +79,8 @@ lock-once # Use "host -l pgp.net | grep www" to figure out a keyserver. #keyserver wwwkeys.eu.pgp.net +# The environment variable http_proxy is only used when the +# this option is set. + +honor-http-proxy + diff --git a/g10/packet.h b/g10/packet.h index 50ea65b3f..fdc8af4a5 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -1,5 +1,5 @@ /* packet.h - packet read/write stuff - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -46,6 +46,7 @@ typedef enum { PKT_USER_ID =13, /* user id packet */ PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ + PKT_PHOTO_ID =17, /* PGP's photo ID */ PKT_COMMENT =61, /* new comment packet (private) */ PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */ } pkttype_t; @@ -53,7 +54,7 @@ typedef enum { typedef struct packet_struct PACKET; typedef struct { - byte mode; + int mode; byte hash_algo; byte salt[8]; u32 count; @@ -155,6 +156,8 @@ typedef struct { typedef struct { int len; /* length of the name */ + char *photo; /* if this is not NULL, the packet is a photo ID */ + int photolen; /* and the length of the photo */ char name[1]; } PKT_user_id; @@ -236,6 +239,7 @@ typedef enum { SIGSUBPKT_POLICY =26, /* policy URL */ SIGSUBPKT_KEY_FLAGS =27, /* key flags */ SIGSUBPKT_SIGNERS_UID =28, /* signer's user id */ + SIGSUBPKT_REVOC_REASON =29, /* reason for revocation */ SIGSUBPKT_PRIV_ADD_SIG =101,/* signatur is also valid for this uid */ SIGSUBPKT_FLAG_CRITICAL=128 diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e261b5366..48d601501 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1,5 +1,5 @@ /* parse-packet.c - read packets - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -61,6 +61,8 @@ static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen, byte *hdr, int hdrlen, PACKET *packet ); static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); +static int parse_photo_id( IOBUF inp, int pkttype, unsigned long pktlen, + PACKET *packet ); static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, @@ -417,6 +419,10 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, case PKT_USER_ID: rc = parse_user_id(inp, pkttype, pktlen, pkt ); break; + case PKT_PHOTO_ID: + pkt->pkttype = pkttype = PKT_USER_ID; /* must fix it */ + rc = parse_photo_id(inp, pkttype, pktlen, pkt); + break; case PKT_OLD_COMMENT: case PKT_COMMENT: rc = parse_comment(inp, pkttype, pktlen, pkt); @@ -805,6 +811,13 @@ dump_sig_subpkt( int hashed, int type, int critical, case SIGSUBPKT_SIGNERS_UID: p = "signer's user ID"; break; + case SIGSUBPKT_REVOC_REASON: + if( length ) { + printf("revocation reason 0x%02x (", *buffer ); + print_string( stdout, buffer+1, length-1, ')' ); + p = ")"; + } + break; case SIGSUBPKT_PRIV_ADD_SIG: p = "signs additional user ID"; break; @@ -842,6 +855,10 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type ) if( n < 8 ) /* minimum length needed */ break; return 0; + case SIGSUBPKT_REVOC_REASON: + if( !n ) + break; + return 0; case SIGSUBPKT_PREF_SYM: case SIGSUBPKT_PREF_HASH: case SIGSUBPKT_PREF_COMPR: @@ -879,7 +896,7 @@ can_handle_critical( const byte *buffer, size_t n, int type ) case SIGSUBPKT_PREF_COMPR: return 1; - case SIGSUBPKT_POLICY: /* Is enough to show the policy? */ + case SIGSUBPKT_POLICY: /* Is it enough to show the policy? */ default: return 0; } @@ -1318,6 +1335,24 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, sk->protect.algo = iobuf_get_noeof(inp); pktlen--; sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; + /* check for the special GNU extension */ + if( is_v4 && sk->protect.s2k.mode == 101 ) { + for(i=0; i < 4 && pktlen; i++, pktlen-- ) + temp[i] = iobuf_get_noeof(inp); + if( i < 4 || memcmp( temp, "GNU", 3 ) ) { + if( list_mode ) + printf( "\tunknown S2K %d\n", + sk->protect.s2k.mode ); + rc = G10ERR_INVALID_PACKET; + goto leave; + } + /* here we know that it is a gnu extension + * What follows is the GNU protection mode: + * All values have special meanings + * and they are mapped in the mode with a base of 1000. + */ + sk->protect.s2k.mode = 1000 + temp[3]; + } switch( sk->protect.s2k.mode ) { case 1: case 3: @@ -1333,10 +1368,13 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, break; case 3: if( list_mode ) printf( "\titer+salt S2K" ); break; + case 1001: if( list_mode ) printf( "\tgnu-dummy S2K" ); + break; default: if( list_mode ) - printf( "\tunknown S2K %d\n", - sk->protect.s2k.mode ); + printf( "\tunknown %sS2K %d\n", + sk->protect.s2k.mode < 1000? "":"GNU ", + sk->protect.s2k.mode ); rc = G10ERR_INVALID_PACKET; goto leave; } @@ -1389,6 +1427,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, default: sk->protect.ivlen = 8; } + if( sk->protect.s2k.mode == 1001 ) + sk->protect.ivlen = 0; + if( pktlen < sk->protect.ivlen ) { rc = G10ERR_INVALID_PACKET; goto leave; @@ -1409,7 +1450,12 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, * If the user is so careless, not to protect his secret key, * we can assume, that he operates an open system :=(. * So we put the key into secure memory when we unprotect it. */ - if( is_v4 && sk->is_protected ) { + if( sk->protect.s2k.mode == 1001 ) { + /* better set some dummy stuff here */ + sk->skey[npkey] = mpi_set_opaque(NULL, m_strdup("dummydata"), 10); + pktlen = 0; + } + else if( is_v4 && sk->is_protected ) { /* ugly; the length is encrypted too, so we read all * stuff up to the end of the packet into the first * skey element */ @@ -1475,6 +1521,8 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) packet->pkt.user_id = m_alloc(sizeof *packet->pkt.user_id + pktlen); packet->pkt.user_id->len = pktlen; + packet->pkt.user_id->photo = NULL; + packet->pkt.user_id->photolen = 0; p = packet->pkt.user_id->name; for( ; pktlen; pktlen--, p++ ) *p = iobuf_get_noeof(inp); @@ -1496,6 +1544,31 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) } +/**************** + * PGP generates a packet of type 17. We assume this is a photo ID and + * simply store it here as a comment packet. + */ +static int +parse_photo_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) +{ + byte *p; + + packet->pkt.user_id = m_alloc(sizeof *packet->pkt.user_id + 30); + sprintf( packet->pkt.user_id->name, "[image of size %lu]", pktlen ); + packet->pkt.user_id->len = strlen(packet->pkt.user_id->name); + + packet->pkt.user_id->photo = m_alloc(sizeof *packet->pkt.user_id + pktlen); + packet->pkt.user_id->photolen = pktlen; + p = packet->pkt.user_id->photo; + for( ; pktlen; pktlen--, p++ ) + *p = iobuf_get_noeof(inp); + + if( list_mode ) { + printf(":photo_id packet: %s\n", packet->pkt.user_id->name ); + } + return 0; +} + static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) diff --git a/g10/passphrase.c b/g10/passphrase.c index 6026ff7f9..b400ea257 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -1,5 +1,5 @@ /* passphrase.c - Get a passphrase - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -159,7 +159,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo, tty_printf(_("\nYou need a passphrase to unlock the secret key for\n" "user: \"") ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\"\n"); @@ -242,7 +242,13 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) md = md_open( s2k->hash_algo, 1); for(pass=0; used < dek->keylen ; pass++ ) { if( pass ) { - md_reset(md); + if( (opt.emulate_bugs & EMUBUG_3DESS2K)) { + int tmp = md->finalized; + md_reset( md ); + md->finalized = tmp; + } + else + md_reset(md); for(i=0; i < pass; i++ ) /* preset the hash context */ md_putc(md, 0 ); } diff --git a/g10/pkclist.c b/g10/pkclist.c index fab2f13a7..bf93988ce 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1,5 +1,5 @@ /* pkclist.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -96,6 +96,112 @@ fpr_info( PKT_public_key *pk ) } +/**************** + * Show the revocation reason as it is stored with the given signature + */ +static void +do_show_revocation_reason( PKT_signature *sig ) +{ + size_t n, nn; + const byte *p, *pp; + int seq = 0; + const char *text; + + while( (p = enum_sig_subpkt( sig->hashed_data, SIGSUBPKT_REVOC_REASON, + &n, &seq )) ) { + if( !n ) + continue; /* invalid - just skip it */ + + if( *p == 0 ) + text = _("No reason specified"); + else if( *p == 0x01 ) + text = _("Key is superseeded"); + else if( *p == 0x02 ) + text = _("Key has been compromised"); + else if( *p == 0x03 ) + text = _("Key is no longer used"); + else if( *p == 0x20 ) + text = _("User ID is no longer valid"); + else + text = NULL; + + log_info( _("Reason for revocation: ") ); + if( text ) + fputs( text, log_stream() ); + else + fprintf( log_stream(), "code=%02x", *p ); + putc( '\n', log_stream() ); + n--; p++; + pp = NULL; + do { + /* We don't want any empty lines, so skip them */ + while( n && *p == '\n' ) { + p++; + n--; + } + if( n ) { + pp = memchr( p, '\n', n ); + nn = pp? pp - p : n; + log_info( _("Revocation comment: ") ); + print_string( log_stream(), p, nn, 0 ); + putc( '\n', log_stream() ); + p += nn; n -= nn; + } + } while( pp ); + } +} + + +static void +show_revocation_reason( PKT_public_key *pk ) +{ + /* Hmmm, this is not so easy becuase we have to duplicate the code + * used in the trustbd to calculate the keyflags. We need to find + * a clean way to check revocation certificates on keys and signatures. + * And there should be no duplicate code. Because we enter this function + * only when the trustdb toldus, taht we have a revoked key, we could + * simplylook for a revocation cert and display this one, when there is + * only one. Let's try to do this until we have a better solution. + */ + KBNODE node, keyblock = NULL; + byte fingerprint[MAX_FINGERPRINT_LEN]; + size_t fingerlen; + int rc; + + /* get the keyblock */ + fingerprint_from_pk( pk, fingerprint, &fingerlen ); + rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen ); + if( rc ) { /* that should never happen */ + log_debug( "failed to get the keyblock\n"); + return; + } + + for( node=keyblock; node; node = node->next ) { + if( ( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + && !cmp_public_keys( node->pkt->pkt.public_key, pk ) ) + break; + } + if( !node ) { + log_debug("Oops, PK not in keyblock\n"); + release_kbnode( keyblock ); + return; + } + /* now find the revocation certificate */ + for( node = node->next; node ; node = node->next ) { + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + break; + if( node->pkt->pkttype == PKT_SIGNATURE + && (node->pkt->pkt.signature->sig_class == 0x20 + || node->pkt->pkt.signature->sig_class == 0x28 ) ) { + /* FIXME: we should check the signature here */ + do_show_revocation_reason ( node->pkt->pkt.signature ); + } + } + + release_kbnode( keyblock ); +} + static void show_paths( ulong lid, int only_first ) @@ -149,7 +255,7 @@ show_paths( ulong lid, int only_first ) putchar(' '); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); free_public_key( pk ); @@ -194,7 +300,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help ) for(;;) { /* a string with valid answers */ - char *ans = _("sSmMqQ"); + const char *ans = _("sSmMqQ"); if( !did_help ) { if( !mode ) { @@ -203,7 +309,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help ) nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], datestr_from_pk( pk ) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); print_fpr( pk ); @@ -337,38 +443,53 @@ _("Could not find a valid trust path to the key. Let's see whether we\n" /**************** * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL - * Returns: true if we trust. + * Returns: true if we trust. Might change the trustlevel */ static int -do_we_trust( PKT_public_key *pk, int trustlevel ) +do_we_trust( PKT_public_key *pk, int *trustlevel ) { int rc; int did_add = 0; + int trustmask = 0; retry: - if( (trustlevel & TRUST_FLAG_REVOKED) ) { + if( (*trustlevel & TRUST_FLAG_REVOKED) ) { log_info(_("key %08lX: key has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; if( !cpr_get_answer_is_yes("revoked_key.override", _("Use this key anyway? ")) ) return 0; + trustmask |= TRUST_FLAG_REVOKED; } - else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { + else if( (*trustlevel & TRUST_FLAG_SUB_REVOKED) ) { log_info(_("key %08lX: subkey has been revoked!\n"), (ulong)keyid_from_pk( pk, NULL) ); + show_revocation_reason( pk ); if( opt.batch ) return 0; if( !cpr_get_answer_is_yes("revoked_key.override", _("Use this key anyway? ")) ) return 0; + trustmask |= TRUST_FLAG_SUB_REVOKED; } + *trustlevel &= ~trustmask; + if( opt.always_trust) { + if( opt.verbose ) + log_info("No trust check due to --always-trust option\n"); + /* The problem with this, is that EXPIRE can't be checked as + * this needs to insert a ne key into the trustdb first and + * we don't want that */ + return 1; + } - switch( (trustlevel & TRUST_MASK) ) { + + switch( (*trustlevel & TRUST_MASK) ) { case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ rc = insert_trust_record_by_pk( pk ); if( rc ) { @@ -376,11 +497,12 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) g10_errstr(rc) ); return 0; /* no */ } - rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); + rc = check_trust( pk, trustlevel, NULL, NULL, NULL ); + *trustlevel &= ~trustmask; if( rc ) log_fatal("trust check after insert failed: %s\n", g10_errstr(rc) ); - if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) { + if( *trustlevel == TRUST_UNKNOWN || *trustlevel == TRUST_EXPIRED ) { log_debug("do_we_trust: oops at %d\n", __LINE__ ); return 0; } @@ -398,7 +520,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel ) else { int quit; - rc = add_ownertrust( pk, &quit, &trustlevel ); + rc = add_ownertrust( pk, &quit, trustlevel ); + *trustlevel &= ~trustmask; if( !rc && !did_add && !quit ) { did_add = 1; goto retry; @@ -444,7 +567,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) { int rc; - rc = do_we_trust( pk, trustlevel ); + rc = do_we_trust( pk, &trustlevel ); if( (trustlevel & TRUST_FLAG_REVOKED) && !rc ) return 0; @@ -460,7 +583,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel ) nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], datestr_from_pk( pk ) ); p = get_user_id( keyid, &n ); - tty_print_string( p, n ), + tty_print_utf8_string( p, n ), m_free(p); tty_printf("\"\n"); print_fpr( pk ); @@ -527,10 +650,12 @@ check_signatures_trust( PKT_signature *sig ) write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This key has been revoked by its owner!\n")); log_info(_(" This could mean that the signature is forgery.\n")); + show_revocation_reason( pk ); } else if( (trustlevel & TRUST_FLAG_SUB_REVOKED) ) { write_status( STATUS_KEYREVOKED ); log_info(_("WARNING: This subkey has been revoked by its owner!\n")); + show_revocation_reason( pk ); } @@ -769,7 +894,8 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) else { int trustlevel; - rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); + rc = check_trust( pk, &trustlevel, pk->namehash, + NULL, NULL ); if( rc ) { log_error("error checking pk of `%s': %s\n", answer, g10_errstr(rc) ); @@ -843,7 +969,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) { int trustlevel; - rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); + rc = check_trust( pk, &trustlevel, pk->namehash, NULL, NULL ); if( rc ) { free_public_key( pk ); pk = NULL; log_error(_("%s: error checking key: %s\n"), diff --git a/g10/plaintext.c b/g10/plaintext.c index f8f4dcaf7..4ab20278d 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -1,5 +1,5 @@ /* plaintext.c - process an plaintext packet - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -107,8 +107,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, } if( mfx->md ) md_putc(mfx->md, c ); - if( c == '\r' ) - continue; /* fixme: this hack might be too simple */ + #ifndef HAVE_DOSISH_SYSTEM + if( c == '\r' ) /* convert to native line ending */ + continue; /* fixme: this hack might be too simple */ + #endif if( fp ) { if( putc( c, fp ) == EOF ) { log_error("Error writing to `%s': %s\n", @@ -152,8 +154,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, while( (c = iobuf_get(pt->buf)) != -1 ) { if( mfx->md ) md_putc(mfx->md, c ); + #ifndef HAVE_DOSISH_SYSTEM if( convert && c == '\r' ) continue; /* fixme: this hack might be too simple */ + #endif if( fp ) { if( putc( c, fp ) == EOF ) { log_error("Error writing to `%s': %s\n", @@ -169,10 +173,10 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, int eof; for( eof=0; !eof; ) { /* Why do we check for len < 32768: - * If we won� we would practically read 2 EOFS but + * If we won't, we would practically read 2 EOFs but * the first one has already popped the block_filter * off and therefore we don't catch the boundary. - * Always assume EOF if iobuf_read returns less bytes + * So, always assume EOF if iobuf_read returns less bytes * then requested */ int len = iobuf_read( pt->buf, buffer, 32768 ); if( len == -1 ) @@ -217,6 +221,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, if( !state ) { if( c == '\r' ) state = 1; + else if( c == '\n' ) + state = 2; else md_putc(mfx->md, c ); } @@ -308,7 +314,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2, fp = open_sigfile( inname ); /* open default file */ if( !fp && !opt.batch ) { int any=0; - tty_printf("Detached signature.\n"); + tty_printf(_("Detached signature.\n")); do { m_free(answer); answer = cpr_get("detached_signature.filename", diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index af77a1e52..1806de8f8 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -1,5 +1,5 @@ /* pubkey-enc.c - public key encoded packet handling - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -152,6 +152,10 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) write_status(STATUS_RSA_OR_IDEA); rc = check_cipher_algo( dek->algo ); if( rc ) { + if( !opt.quiet && rc == G10ERR_CIPHER_ALGO ) { + log_info(_("cipher algorithm %d is unknown or disabled\n"), + dek->algo); + } dek->algo = 0; goto leave; } @@ -172,7 +176,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) } if( DBG_CIPHER ) log_hexdump("DEK is:", dek->key, dek->keylen ); - /* check that the algo is in the preferences */ + /* check that the algo is in the preferences and whether it has expired */ { PKT_public_key *pk = m_alloc_clear( sizeof *pk ); if( (rc = get_pubkey( pk, keyid )) ) @@ -191,10 +195,25 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) "NOTE: cipher algorithm %d not found in preferences\n"), dek->algo ); } + + + if( !rc && pk->expiredate && pk->expiredate <= make_timestamp() ) { + log_info(_("NOTE: secret key %08lX expired at %s\n"), + (ulong)keyid[1], asctimestamp( pk->expiredate) ); + } + + /* FIXME: check wheter the key has been revoked and display + * the revocation reason. Actually the user should know this himself, + * but the sender might not know already and therefor the user + * should get a notice that an revoked key has been used to decode + * the message. The user can than watch out for snakes send by + * one of those Eves outside his paradise :-) + */ free_public_key( pk ); rc = 0; } + leave: mpi_free(plain_dek); m_free(frame); diff --git a/g10/pubring.asc b/g10/pubring.asc index dc4e8bdb6..09b099bfe 100644 --- a/g10/pubring.asc +++ b/g10/pubring.asc @@ -1,225 +1,458 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v0.9.9 (GNU/Linux) +Version: GnuPG v1.0.0e (GNU/Linux) Comment: For info see http://www.gnupg.org -mQGiBDWiHh4RBAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT4 -3No/coPajDvhZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwW -G2dx39ME7DN+SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3 -RvZ/MREJmQq1+SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68 -N+wRWxhGPIxsOdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvy -TR641BceGHNdYiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxY -urUIBACi7d1rUlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnq -bAAW+EUUX2xpb54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9 -quf0yvby63kFCanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtv -Y2ggKGdudXBnIHNpZykgPGRkOWpuQGdudS5vcmc+iF0EExECAB0FAjZVoKYFCQht -DIgDCwQDBRUDAgYBAxYCAQIXgAAKCRBot6uJV1SNzS4+AKCHdeYHMmKQV9mC7REE -5Vz6d5rRBgCfVMcyRP7dxBwhytmwCDpAcCFvCLSJAV8DBRA1oh5DA28RuP8+qgsQ -A2MyBR0eiPUovYMz0DUXBbNs5606eaVeTJOn9WqkYGcS9xOKlGd8Xj0IcAKN30st -5AsC5hRqr82rrUjB5/CuVdbvk+Qkh6ixWCqo+RRrbgf8cKCg1x+lDj9PpeSD/B9U -U45ntxYamoXnPszxtzU+e73Nkbtrej5rgMK8tgTLkhTAbO8M15Mgtw2yOeDFfiCj -4xzDkYryvLiPI5p2vYXTVcgYnwpNRnMZBwUghb1PMSXj7AP0P/8wnpb656yIjH2O -AkE5is5HvTEs2wGUCEXXYKxgLIl9bRPGd2DHfJQ6broxy1RHVmaOrOeDibspx67R -RTm3WqbtLiK0/nRF0gEjFGxLjQiy92gp6xLRiQsMQdkz0Lwgr0dgSs6JejBlsQPp -5nXXkIm9q/hl6Cly3Zx3KbAIwO5ZF5NyBciezCxSurg64xmxibNhSknblI0vyG+I -RgQQEQIABgUCNaInPAAKCRBsfuG4YhzAE37WAJ9Xzmig1DrfnUt/KwfgidkPohJV -iQCg0T6afKuRspWzPAz5TKQpVjd02KmIRgQQEQIABgUCNu1ObAAKCRBd4kmWWwNY -omq2AJ9+alN2TpVRAhCxP91eqvfEN9HgGgCgrTvpWnB9EKtROr+AT//cujKCyIaZ -AaIENaIg8xEEALYPe0XNsPjx+inTQ+Izz527ZJnoc6BhWik/4a2bZYENSOQXAMKT -DQMv2lLeI0i6ceB967MNubhHeVdNeOWYHFSM1UGRfhmZERISho3bp+wVZvVG8GBV -wpw34PJjgYU/0tDwnJaJ8BzX6j0ecTSTjQPnaUEtdJ/u/gmG9j0218TzAKDihdNo -KJEU9IKUiSjdGomSuem/VwQArHfaucSiDmY8+zyZbVLLnK6UJMqtsIv1LvAg20xw -XoUk2bY8H3tXL4UZ8YcoSXYozwALq3cIo5UZJ0q9Of71mI8WLK2iFSYVplpTX0WM -ClAdkGt3HgVb7xtOhGt1mEKeRQjNZ2LteUQrRDD9MTQ+XxcvEN0IpAj4kBJe9bR6 -HzAD/iecCmGwSlHUZZrgqWzv78o79XxDdcuLdl4i2fL7kwEOf9jsDe7hGs27yrdJ -EmAG9QF9TOF9LJFmE1CqkgW+EpKxsY01Wjm0BFJB1R7iPUaUtFRZxYqfgXarmPjq -l2iBi+cVjLzGu+4BSojVAPgP/hhcnIowf4M4edPiICMP1GVjtCFXZXJuZXIgS29j -aCA8d2VybmVyLmtvY2hAZ3V1Zy5kZT6IWwQTEQIAGwUCNs8JNwUJCCCxRAMLCgMD -FQMCAxYCAQIXgAAKCRBsfuG4YhzAE2kgAJ92JKU+YcYHoRhX51+4s3fnPIyNEgCf -aiWeoyb15xgdO6etGiD2MYCWy5mJAHUDBRA1o3cUHRn0wQyYV6UBAT3zAv9HMaPu -MWFQKZRTtJyGMo0ID+w/DtLn8z7CMBd5L2+2+RTTY36fgwITehtBziIJC9xrFrQn -x+VB2pYvprTRSCg6U7a/hf5T6WT9zj887C2UuIWE6pjLNTvwAqvGsSoAIpWJAV8D -BRA1oicOA28RuP8+qgsQAwfcBR9Iuppp+q1mChXqSYV8oROMFqkTyQJ736IllJ7Q -6eGiEMrOpTkYoFVyFqOJOEivxR+fWJ8xe+e/Kq02Vv0XANGyKias6mqrDnU2BBWu -PXAo7y5wVuDnmyZS01LP555lNBVilvDsMC/qQrvHe3y0kp4IAbK1EMG3qbsNHCaH -LRTwM+U9Z0CYnkClbB2gjcC9nbtF3nzoBebowdYytat6eFMrBfYRHAUfZbRN0x6/ -or+I7WV5gtT+GrfVuSxVrGLsK9FN8iXGikiqdL/8BhFntif4BUGdIQdft+UawmT4 -IlrBL/Owh2hul7UPtx4YqwQibGIZjopFSqBGp+j4VFUdapVxMraQLd/PUwZ78nHg -F/IXBzhN3YrhryCxIGHrN4MN7OWZjO21F945tga1/FnIXsVBVECLiltnC9+/TBV0 -fE28aVca7EWBP+Ix2QWIRgQQEQIABgUCNu1OCwAKCRBd4kmWWwNYonyaAKCxLBst -eoVfwn5g5Lug9QgVCMV76QCfRgQKXQv9zl4oO7Aa1Qljm9zEM3C5AY0ENs8HCBAG -APc1hCpuXmaTDAUbIqS9CFHkihMnilIwAV+L2Dbq5eOPtoemPKx5+6xtZfzzY9/V -CVwZCxY9Y5PEN9r/twUA478L/FOXv5E4BpX+4R91klt/EZGcNfDl2Ar56FpGJ3iL -g4+vxx9m1TV5k2nNOUZAVD1L+MoapWhaZFXLMChrhDUcbo7/1Fr1Rfv9j/LkkIJJ -hqf3G8HzE5AvCQVSywUayYZdbmqdiY2bklZJVFAXs1X9zSTGoFc8eOxz6i1ZeMq+ -GwADBgX/T7o5R+SOTlJ72ac/g121f1kFX1dbRkQq2pCI95qTehp1AxdSwG3ur2sl -FCfi8ZDNUqkFXJrsv5mh1yfqq7zS5T6lGT5lOXCDZbAO2wqNZY1VKeeCdcvD2VMe -h8XxJfy8y1ZK/iE1p8qnokYpA3nFH+JIsdrXk5ceiN3nKk+aDamUkV1sJzeEm5F7 -QHe60oBKbVGIUF4EhGq6daVyeCeK4KhWuPYyiEgyaq5/xJZbR3uRcdW6X5AiGJWJ -OOQoGvWziEwEGBECAAwFAjbPBwgFCQbzyQAACgkQbH7huGIcwBN5FQCggakIOYzL -X3lNq2WWgcAkSNm7kpoAnA69b3z2E5vxyD3bhggVUDX7j8hrmQGiBDbtSOkRBACU -RhKnGIFyXIeX61GAY9hJA5FgG4UalV55ohdz4whBgDzDGLE3XYlO8HCn4ggKilll -6MOwY0yZeg6PEU9Y3SqTzpQSV6qj2M7MgcS8xOpi6bNCu0iyZUik0KklUXMdI8e/ -CVmBpQJT9CofbD1dsP6z4dC6z3jil0+5Wbfw6yIXzwCgy/7Fagq5mN0H760/JEii -XILS1n0D/3H26lTaxo1vGput9Td1FQN7Vn6YDP0/To5ipsOODROV3zyUwF5QleY+ -8zTFJA3qD5KxRfA726WELOF1mB6Mw44UdkPniOoGdMH5oSx6qnNnlVZBBu3U+e1q -fQwLQjHu0WX4Z2q00DKpWLThGv7Loh5NKi6OfTbMhfHoevCAzQnmA/wKc6J8Gqth -ENThKXxZaei3Ep0t+PlBmbUzuAYCXZhI6/0KyD6emyQ7LYIaPv9qEfMkMLhxicG0 -v/AAwOCBRKS3bkqc6wAYaO0bjUHJvem3HkWPux82t83+6YPyRnVjm/mwt0uEyKSv -t7Md2DVrO3lEcKRkRHiYuf0nonPhl5Rs5bQaV2VybmVyIEtvY2ggPHdrQGdudXBn -Lm9yZz6IWwQTEQIAGwUCNxrPkAUJDMl8gAMLCgMDFQMCAxYCAQIXgAAKCRBd4kmW -WwNYol3CAJ47+zjeQIsMwiwcJvYfcsLn1yULlQCfUTKupaT6pw5culAis/pBrdBK -ZciIRgQQEQIABgUCNxrRPQAKCRBsfuG4YhzAE4X0AJ43A7wbYbR6LTfPSD+fdBki -mNvO8QCdFoSpfY+4FsKVagg/qH3KtGUARtSJAHUDBRA3GtFjHRn0wQyYV6UBAdGu -Av9AM0o9XkmBbOLLNse8Qp9MjD8TC/oSXYxp1W9AjyRs83iqQ+vaZlbA/O5z2ud4 -I9DV4vwA50Lz5nLFbPHa+yuT8VxTl2icw5u9rZy3iSok3rGXzGOzENMmEFIVFqIE -mPGIRgQQEQIABgUCNxrRowAKCRBot6uJV1SNzS34AKCErfsfa9Nh5deJ40nxpmSI -8lK17gCfRYcU6i1B1Nbg2Zkkr5SqTnBtaWCIRgQQEQIABgUCN08fXQAKCRD27t8g -GEvE2S2+AJ4udDl47EAnP4K+RvsWcv8qjqpzlgCeOFZZblzWjeie8oQfYl7bBBrx -PqKIRgQQEQIABgUCN6cm/gAKCRCYNGXbIUOUIn7JAJ9LLXMt+0R8u4gdmxQeKz1T -QyWoswCfYQh/tMjUzk4rKxBy4UtELnwJ9x+0C1dlcm5lciBLb2NoiFsEExECABsF -AjbtSOoFCQzJfIADCwoDAxUDAgMWAgECF4AACgkQXeJJllsDWKK11gCfUgltInjq -S+wGOrxfjiGjJsNmVtYAoJLaNHln4KYwLlYOo16kdcB7dqUDiQIeBBAUAwAGBQI3 -L1nUAAoJEGxMMaWx1RVnDcUH/24NeFhidBljDUrrjjkdFmM1Gjbc2KYi0lci663l -7aPCwTcM24M49q2plu0YvrWCQBy4bbmvGYEnom5oAbmWrBfHW9ZuTTdWXBwVxk8r -AI6fip4nE2fTq4++Q/aN6EpjMkXIrBIa/oJI9LVYRnzgDgunim7n1bsmBQ1SMjsl -ARpVuwKXpswM2Hpn7Nw3Yx5/O5ZIxzFREjuHzOa7S7knO3AXy/3upY2lkHOVvEtI -CA79FbS9/aTFuAZaSmtua9eKCcsLlKb1gmbrLw5u2SZ6mf1poDh0FLMmLnU0TqRi -G5bDYPIqguoblqRkgUXbt6EUEYZKqX1XbM8+gQf5wMdNatsH/0PlPVyHdY8s8VC9 -UhoGmDH+kHcox0NaMbhSzcczOgvzNOvbcGzYFye9UbAw11cRWX0k40oh9dNAD/fv -YW+ZsnGly1Dl2A7zkhcxwXfy7IxTVa6xWw7OV8PnCxlRziIEeSFgH4LuXdTwGVPb -kFYHRp0H5mYN/N0Uj8b0d352c9axzVBpkusO8ehVW8WtUFNrd/IDWnCMBwEwD3Aa -ciS316M526YNwA24Ahsg4wcJ7j0BEJGMEWpG3M0a4HvCGj2W7dh2D6FLHblzGciS -PM+bb7u6VA8LOdZ1dRF9eQXDd/vmmOaVMgNSLWmg8pkFZqBW0AtATTMzDud3TJxZ -KOIuNpKIRgQQEQIABgUCNzr5owAKCRB1D2SVyJ2TPoaLAJ0Z7QpI/+9LIRkz8YKV -Be+MwPhG8wCgnDJMh1yM9ltCLMN4A7du2fYILBOIRgQQEQIABgUCNzcjxQAKCRD2 -7t8gGEvE2YdlAKCVZs8POchyc7F0Nb6TtiAD37+fTQCfVmNKImKm96tTEsQUcBtI -FYjQie2JARUDBRA3Q97TUoBXRHZTQB0BAchxB/9iTH4O9RoIshiUysQgMpncn9o9 -snx+sCO/NiSuAVleHNBP1d/Kvo6SGLJYoVfbfLPMNVyuZ4jGi8JQjsgVjpAz93nI -evhjz7Xwd3JpS9oUvPej1mdWnUB4AnkKQfN+5+eso9Gk7OC9cWq20lU9tpVMDIlO -j8GHR9kYfJ4fBbzdCGbG5Z9pzo+96gDUMzX5ZrHlChdV4eHJPMi60XeK+mpocQFQ -H3GBUSTeM3Sy93JoYJLdAA2ZcwMF5xI8HRx8u0rwCZNXnDTgPaRbDiW7587n3dWn -7Pwmxu/CPtCQ4YO+WdjcKvHio7CqojtM8/7xuclkp3Wb1pE1s9w929ca9SHdmQBt -AjBtg5QAAAEDALuW2Y7m90qyyiHDNcRl5i8NbaWXcJgPYj6u6I2rTJvGR8UGimr1 -zG1rQ69Uwvgsr9Mf7rR/8WrH3CDbKT0A9fJqiZ0utd9bJ9n3Vi00J+PcSULhcHiq -qbQdGfTBDJhXpQAFEbQhV2VybmVyIEtvY2ggPHdlcm5lci5rb2NoQGd1dWcuZGU+ -iQCVAwUQNF+g6Y4HfUaLoGaNAQHPCAP/Z8dx0Ne5FFj5Ie8hURLB6KOy0H7b+xVG -n4UIONHvgqDnvqwkd9MkLG1JKbOlpWl6VvnPhREYn8HKLkv0BTuELvlLVmcn4yMF -PpV4/KT+vS4GsyRT+UwbuWT/LYHLceWX552PMmx3Cfpqg0+LJ6fgKHhQZMSC7Fiw -urQcRL9S+iOJARUDBRM0QITaCen5CopyTkUBAf7UB/9AyVg+Usb7kTX2o/oCKUpB -TM2R3VNYx6ddNLrqEYhXCQtVAOLpEKKaGcsyr8XsQ0DxtJvLIy6dxoHPl0fiSN+I -OnWjrgtQtxOY3Utb1y2lMAh4sslmfDGgkuRRstRgoAMqogFccy3YHTNGaEU6oSNE -34+EjtcJwd4dYeIN5QHnxAozJ6gn9Ab/vMvCc2AM3Y9WqrYTvYLfJ7kU6Rgtwd9Y -rIFGufoF1SmEAHQvFm6NIaTyiFkVuJr7PGlZ0TzFIGFluNUaXAu6uZLZROOPEHIE -2KF5QPogLe7k/qmyV3Q5+qemuJmh8/QIE/ahOTrmvnb1//WWzLaR9atU9ggUlcSc -iQCVAwUQNDKd4aRYxL1Kcl8xAQEwEwP/UAO6GG5j2TI3s6PoM+sO3lKk9AMZLQm3 -DfK4g+h537HLOWsS4vYd5o6PU726umfxcs3tXbVqOTOWqzGcaQ66J9sT1RPrujZv -a8KV0JxjidXmf5TWycwPA2/5GRwSA1rwA2JaSbTdQi13v8WkcNA/QUiBs8Q/BGgE -3zsjiBp5t9GJAJUDBRA0NRLDFE2blK6PfPUBAYxMA/9RpdcyE/NyOMvEFbQBxxN0 -dS0uL4r6tLk83HF5/aedqwSEJ0rgaQz2fAmCw/QRnEIbdlIAiVYiBDcwrdkBXUC7 -mksqiVGMXIRkXjbTAC2ITtX7iXDcUKo2hcMkQULcFbjfWTHXACEOT1Vogcdp1hyh -/h12YwtA5bZwnssMQQFb9YkAlQMFEDQz9VAiZsaFTfdptQEBFygD/156sMFkY8K4 -bISZAFyvbgo8kda/8RkgqXkMz9ifPVhllvMty8QXDDfia9jSMJ+hVwIoh4UUEwqJ -Iqs4y2hULpxAwqmaET2FhFK3DgTRtx/QEP+y16l1W2nBGcbxIM/Zlua2DKNhP/tP -hi3r/R/o3/Q0LsT2p+rhmWlTe4IYa7/jiQCVAwUQNDPySnaw9XG4JAR1AQFzlgP9 -GLG8VwtM7UfOdtuWs7RYzNBz5HipDnQKYKlZwUzC9V5Aej9vGjEaCA0ya5VPRup/ -syiVkNIk1L3ogA3fa5/bm1geARGdBoyGaLVpIe9EOHiPEW7yAZWAvqVaK3+8ENb8 -GIUEIfqxkkmsZK5J2l5xO1pYLw4kYOgpM70+oAD8dBGJAHUDBRA0MlLHTXV4WztU -4BkBAZ0pAv95reoPY4/fBVPNe9+NAvUKixfjDIq6wEGF2327a85P4paSJGTWjfmc -g4a5kse1IVANjwJUM6SqDqDixVs5xOXxBTAcD4DgBUMifBObWbgGTih4IjCTgGnq -YN1bXWDbyT+JARUCBRI0MhY+b9jjA8N5ozEBAa8FCACoaHMD/bUrugv8vlLlfP/9 -47snyGC+qoZdZ3Xd2s3Ldsdso+ftPGKWQDdxrbiy37pg9kN1JQcswKqDXpg4zJAX -yASRftkdY9pxWhSkKZLPW5Denpbf67lQKRGmBA3zAFsnHlmkEGp6rmr/fWiRqg2P -MDaCERbJHkuX5TQLzsxjulzs+U0cYKvRk06GG1/WNT4f1qDlTJPp7EhiKbdCpZiu -6IItJRyKbSXfArssxbXD/tDpxZ8AVC+XesaO3euDo5aD0ngfaHm6R/kk2JHJuS6m -Zq1Qz45UxGR/3ePNTraRvJmkkEeJBm7HElouSGm/ZGBaJv2luR+3ATL9meaOTGUg -iQCVAwUQNC9aOHjfXfFhHz81AQHftAQAiL29H2H16efPxWLtE1TjXeHVmhmPF8Rs -6mRACMT8utn8vlaJZ2hK1KLKoIs+jI+lBp+JTydM6vUqZjhGBx4k2DEhbg6JIyhK -+uFzaSo/6yRvwDYHj7jsCqOvl9IBV9V+sMyoMaKt46C6FD+F/0E5iwzSCz5E523I -tY+0yNGcWW+IPwMFEDPypBKPqVFPlg4pchECe1IAn1K1IQwGgW+TyJFaldvr4sM0 -tRbMAJ9PyJjcjHC8wXqOMIetu7FCQvtyFIkBFQMFEDQww7vnr00jJ6oPcQEBMgAH -/i0I9nWwtY7TuDZkKmI/UeVil/k8Q1pe1pqwW+FZyHt5R7cOSy4wQ/MHkadq6hBk -CS6EQaSgR+t8vcBe1cf5Yyba3t0hxMEPindeR5n4+AmkqIBJcPK6X2u6Zde8zFIv -gpXtqv4XVknTJwLHavZq7Sms9qjvSEMDMtPLXqGtaC90dIrv7DBpg7lM8IvkkOZw -H50cpbvao1Q4PSnFt7S4KSRv6APF5VfbylkSQgg4wxX94Czluz+yZX54mpZP8TJ9 -UEOjuF4XZp7ImPl5zE044OvzzEoXuoSmprMJDjGG8Vj5ifr680Jxh+Shls6fRdAC -+p9rZVpv3ChUhVJoOOL+aU+JAHUDBRA0MLbfcV94PgdgYEkBAWHpAv9cKCbk7er2 -RamC2zUwcqgeiHu/FJJAZI/aTt+U0/VQHae/iwq/IYzx4koCm5E4ih1xORxwzipd -oG5e6cyvmQmW8Mk+b40vMrKG1A/Z9YjvEZjCIKIHb2CbUYUyN26vhqaJARUDBRA0 -MFH1+MN2oaLFF0kBAT6YB/4nKolkRUXA3BnaFIgx7B6QLWvs33un3biep9kqfOfr -B4WkTzQoglJa0RXMjRe8eVUI6dL5ZHGfvPHCs5NutwQ7LSChVs2BSw/nKllrb8Qz -njq7LIlO+APSfADjlDhs/mwaGOHQbrev1XCi/uK0V7hEMEYzyJsadlOv2Eejjr2O -miYdI15q9xpRjISpyvgZulCZ2klOef8fQD58yXtkdGhpyU3H1mSzGKG4JGuRC9Q5 -ve5EP2UUiEK83ARqt03rZ0o4oleafVM63Jqdm+eZaKBTkCYa6ToWmwKWbenm++WJ -3riLj19m329bmSuzZd9R69HigvQjJSX6pbYc3QMiUOIBiQCVAwUQNC9u/bByAnBQ -8yElAQFUEgP+I61LwJB8zG0bQSat9p5VRTxH+l6AGZVYMFQsCnwItO11/GNXOz/o -NfDRGiBcxFGXZoV+7VinTGEFiMgjoqq578XMAVdj1U0XWl6qc+3sAN16m1gymllr -ywaf0EFG70WzDr3PomTKq8yJXEZwrLdcSlUavQkfHxe3oFh2tQuIqvaJAHUDBRA0 -LryfqNlH+e2VR+0BAVpiAv41RgSP+xf0znGrU5FfRKxU8yk1qYc7ckFKZlIjOOKj -HkwCqgU4KKACSie7OTloHL9tEfLVyYME7F/iY2HOsfw3oiQa88TvRyKYOdsW+v6G -hlKMirG0Qs1mwu4tVq8s8BeJAJUDBRA0Lq9ahwK4eWctBcEBAdvWBAC6CnrZpXMM -K7Pie19eyaUZstjujmhldggp08/iuI6PiKZwmHpxKBgUvo4zN4in1Vb88ejaaTyS -R2TPm6J/kuo6QS4jGCtrunVir8svhhWFYZB4PyHCma766Vig87DjR1VhLfo/Cscg -f1p82GXw6vk7ZUgchaehD772vqDCeAVA7IkAlQMFEDMeeSHWw0q1fWuuhQEBamEE -AJ2G6qbsYeiJem1D9jkXoGK8KPGv1yH6A9KNosyGrSQEdU75NtfJV59VUZWAJi8U -+OjMzw8RXKRAC1j/94njvloZeMX4E4CGXbPQgyRAoIkwTGgQMdtyPSMggxnb/6m2 -C1sVLInYNDe+8J1vD/WTI8dM98/4va7jQZYwhhUFvKi6iQCVAwUQMx7v5RmzKaWf -scbZAQHMwQP/cvQPI8r+7o/IB3UB2mNQ4NORZNmNnpcDa5tzohdexlamYKAH/bi/ -yOwncMiy9QPcp7nmROvrFX5q76YCTA5CpZRNRZ9AKRKtIOVtQnVU8HOHJOm7OMGi -m17ujdHpdd9wuILmNjp4JfRC0saEqkuNOvm5GF/V9g4MawAZeYIHIO+JAHUCBRAz -LpQwHRn0wQyYV6UBAdXgAwCN0VQjIW2lOvmOTJlJ3fL//QkY7TP1T2EtXF4EELC9 -0RDGyul5O1V2ql4pnEc3UaE8Ji+AsVkBCVw+H8Zzy7247vBVKAlzfNgoVOEqlB69 -0X+vONMId+CKB/ki6LSqKoGJAJUDBRAzHbZsC3OAb8QPTp0BAWLSBACSiypMxbL7 -V5RduLZrMUrdFfkRF/3CU3uaqHtO/Bw9e9VbNQBGfBG/7iSTe45YjXyrlQ+Kzsof -cpg5V5Gs93xtunpKOEGHzai6tMRBRcsENCIjVXVxlmbDAR2WcCeEWeReAwE0zaru -gF59EcAN9gN8aj3TBfKtVUv4aKEM2nNTA4kAlQMFEDMdQWc5a99QvA5HcQEBs5gD -/3QkisqbGHA/qq5qF4U6OM+jEMYRmkYkQ7B6MQHJiP4CA40JGZBLcHJ225sD6eb/ -fYMV4byl792cW8Zz5CA1bnrSErbULYomPvaaGNGWD+druPPj8yYEC/mTrVDuuhaL -SvDH5H01IfGmyELwD3bOa+jzD9fNVKiALyknTiNydjpiiQCVAwUQMx0+21r0vCW+ -5ILdAQG88wP/dMkaugeEdiMeGISkNllWzN5FDRy9Uj+4suLnKrdbgXonLjsMXxVy -QDubDRtes4w0AI3sl7u7JpTzmq8kLbCChCkUZ0WWSOaQDAMCNH6SgTKyITwWiaI4 -eG8SkRj9KNJLiOPgg+aBXxWrrpeM/D6LtnRGw8s4h/rvJkfHKk2IGJiJAJUDBRAz -HHCkqurobv/vwPkBAejZBACOenorE6XpW+/mstD/iuPc56a8XshRSrfjFvbmL8FK -8YFSkNBVSaG/+oh9a8OpYZl53Iz4CU1J9RY9ac/jVLw4f6VwREfaDZ0YoaXuQfUX -YHEHJmWpEQebarrbjA88DflEte1cjHTrJiMu0ntv4UIBfo9SBmS1liTmDCN2gAas -LYkAlQMFEDMa9wIoLpzt/nc8ZQEBSjMD/2X+oqZypuLxG0uwpBKHe8d2z13bbNxu -S4k8FKg6/YPuLZUuyFpAWOr7ra5hkYTqdTVY/mxlwEO5aOhfi3g2t9+c4b/VH0PS -3W30XjsPvscnOO+j4nnZI3nbRgdxtPxWgd09GgQ5c83i3OG+fYZqlVV1oCVYzQwu -WiE0fcj2Nqn2iQB1AwUQMxmVQCfJeCVLKSvFAQGe7AL+NdsUv6POzYdAK6jiDJWs -+VSSxAIthmM2dm3DVxrr3sZXc2EGFJdH1YctAf5laelPODaIvdZhJ2L21s+zvyJj -UVJ3gQbwf1XvTShAbx2UgIXlbZWPNHt8HI2iwozvRZJdiQEVAwUQMxYGwYLLW315 -yRYdAQEfMwf+OauwfBI+sDlHTnlUJO4PN1LQAn625aSojKpBCmpuiy3z0fGl6vcy -aMslqz9Um/wSF65Te9D1rywbZKeVYou3MWqmTtMKTKr8fduW5vRqBERs2diEcdMZ -AUJglviVaNa8yN8/43mO+UtycOpA+Whd8A6DLtb3Q86ioWuy+HF2mdeCguvPI02N -rU7U1GP4J2/8aYlg2LqxB7jfOZdZ4DuzIsozDrTnyOgOoQkUqd2BKndnL/JeY5s5 -n8cLY4nADeDMRoC7w+p3Wy/AYgbOeq1M0Kf2TX6sy8k9rGCWDs9cglLbzaGYGX0B -wmXCaHYZQKzCX3+yP5ERZNvxKAlRuQVynokAlQMFEDB1uhUw9+yDGKhcwQEBD8sD -/0EVNn1P3k/9O2zF4LuWb2KaTaak1AIES9eTbzoVCcYW0Oh0Z8F9wflJ4odpQ3EV -pevf2sMZS2hMT3yIBfeqAISV/hXavOCgcum5DMKDdTfl1+zWsjGWlxIOTmK9oek9 -XdK/6aWpYvTj3L7dsZpl4CfAzqS8Yw/a5xxL1TpxuGnDiEYEEBECAAYFAjca1F8A -CgkQXeJJllsDWKKRZQCgilK5fO438Ijrd1m1PtEvtz8q1ZQAn3b1IC1Ov1KWlKDE -wLxWTVPWLn9JiQEVAwUTNxycWdImKUTOasbBAQEnHAf/ahq4b4mVQLfMFSyhaFFD -CqjsN2po+XuwfmgIYMpLjHgJEDbdTXk2JwMjujHoSLOTAKOTR1GvUR5Er5GovVv/ -ZPjYHqfKc4uFEbYDQE8dFEktygvicp+g9Kj/p0gL7eJWWIYSX3QplkPluc42tUlC -RGNkvwCj70imahiHxeNLnEwsQX2gBCoCQD3edUGbnqUqZovWSX4zd0kW00q1UHx1 -7VleJ8OzwfKQPjaphW1yx4IrFleELdRMblgs2E++BkofxYEKvfNxHXeEUPG55xSa -7QxWG8TOgrIFhi3SuuqfJavHBu/iBJNRYflluCxONzVJgpnHPqGs9Cd9hbM2TOeU -VYkBFQMFEzTEvjcJ3HA5OfN/XQEBM4IH/RDpaunPA8yh+MePngyIYspU/75h/DN2 -+ewfFWlNktnlTHwSsOycua9QamGctUQtnASQQZGOWftrX2H2gvxRhlpX4hxHq1DT -oVvWV1H6r7ede0FjMaGV5d2AlBIosmTM8Xva29jQMdQH/8ZRX0gEtAy98bwh/8AW -yKHiJeL3oM61QBt64iGcyVbAskV4aMsuxfW7odJfffHLhsZfq/9RwdtNJJhrHNv3 -YZH/Gk/Ze3ffaE4VGQNkvnaDbsdLRSsQlZ0BVluHbkptkSXsLrNf/zY5nmdMTOIe -jbR45Lo2u3b6AtJ4D1fmH/6pTHfSRM/PYtQ8FDIiosImQczz7SrmP1yJAKIDBRM0 -xL4dkV5OLNsIkwkBAWsaBGUQCQbUVhTi59PGxrGEVnLvG/XznbtjGmWzqZIKLUcv -nmcmhx7pMj5nfgyss5qJmWN5A/cRSDMD5yzWwVFqCjirPbBLwxyZD3DQU1BAzPi9 -WD0JWLUlRV3gRZi8mkDyzAN3lv34Ch1gUSx/G31ndo/4BxYVvXRGVVWw3D0SE5tz -ogyfAA4cIQj2+nkXPMWJAJUDBRA3HKvpTKNNLIhJ3D0BAd/7A/4r6rqEhDT22SBp -hoMuVYotu7F49eozig7vaqLvQaSDQ9XmdTiXfrxHpbnGBHxmTGVCWDzmwnRsvrBb -9KMzPuk/2GSE3CTTHcgWQYxNgbyLoa3w2bvHvR3MmiIL4Dj3o+vJgLSu8ZV/46by -Pm5N7EEGNv+OkmEBD9Iap4N4IeF44LQuV2VybmVyIEtvY2ggKG1laW4gYWx0ZXIg -a2V5KSA8d2tAY29tcHV0ZXIub3JnPokAdQMFEzYbYzIdGfTBDJhXpQEBIooC/jDO -Yrtr1n6DQof7pbx98iHOtCjzAMBT1fVYkrMmNLbTm3HiaZ2cC3nzJF4Fz/7kddMj -wgpHwiAX4tVcpYAa/k/kCoaGc8x5BIKzUlh1/0w+9t7fiMPzADUtNYVef179xYhG -BBARAgAGBQI3GtRpAAoJEF3iSZZbA1ii9GIAn10kFV+PH2UYBGgVeYCJ5iswYOub -AJkBDI7hajSe1D6Krh2j0zf8VMWOIA== -=TbxO +mQGiBDVBlNMRBADeX96LvyNiop30YPeeCBJZzeqQuQ3yQ+SK3AHoXLQ1qsGHrdoi +HfHbVV2GfulRq+H/z97vUtA3APE2NZ7HuvBJzhXZCOE93wT59OZV8Pp5ir6TAEYm +dvPCgvjYmwQvKgvaF0hG4eyvQst7SaevFUGV+jEz5DQhniy+/a2/W7nC/QCg/2SE +nBeZNJnZauf9cXQ34GnXV68D/1BspMcbrpY/YFXsdLUSbroG0EXGma4jY9UlcRV8 +8cIftxl2jh04l91bvzzCFgSGvFdxVbHWnIgbQ+PQ1cme7SsS3ZFFI3B3zykXGOi8 +shhOT/Gip1Tk4O6MwTyOWdTdnEGSjk+qoVwEMxhY/ZZDd3bbUkymrPK5jtfumreB +JjqwA/wL5fOdCzLWBev4/Xks2YENg0HVwN3a3iypNNGZOYCWTZKnFX5yel/mqiT0 +uEn1CJ5w29GKxRax/Ua9kr7ftMhpQ8lZdyy4Z/Br0NiU9fgvmWF/2WvOMx+hHf/k +LRUYewxzOSLfapiM1SOQs/L+29tnu4wfAsezSuFfKjKVZHlx4rQnQnJpYW4gV2Fy +bmVyIChob21lKSA8d2FybmVyQGxvdGhhci5jb20+iF0EExECAB0FAjZYxf4FCQPf +GysDCwQDBRUDAgYBAxYCAQIXgAAKCRCQOaC/0TnMTJJUAKC0jAhA3fXI2UCbfZ6J +Ti3CL0bcMQCgpA7pEUYM7edUlxqFJfWYtBblS5u5Ag0ENUGU1BAIAPZCV7cIfwgX +cqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyD +vWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5 +u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98 +iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlA +GBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqr +ol7DVekyCzsAAgIH/AlcnP6QSKd67ad/1lQpzMEBNyIX0X7//lns6XAGl/+U5Iqx +i+8sd+oJikFlgVH+n0JD6vq4dO8XCBzUgIi3xV2cuJqj16zVp7JdMXKqIxkDu5Q/ +By3/IL7WWkc06FxyDraigP1Hu3W78l0lySK8yEW+fVlkyzK6irkJ7EFWkSDaZqT2 +IrPd94hoGFEyQOIgkYdy2DHoK00nUd9FzIbhrrz2ZDJIfCMVp2go4oCu6Zk0LxJX +qTFU7K3SxVNN5jWsOCsPzWLyhKNrgnv8WzVaPKgqgMNdmdykAvC0iSTNat51p8Ad +4mGtY1nW0aOAiufjBTMUtILfHKsknItj/P2D4seITAQYEQIADAUCNljGDQUJA98b +OQAKCRCQOaC/0TnMTHKtAJsHojLJup9Niwsutt68U02uyl13BwCgpovl3ebeH41a +k2Kp37si/9RsdICZAaIENt243BEEAOCNfiVnzetemJ2DpFA51QnnGUihYs0beBQ2 +ptJP47uLlxsZbix2Gg3wDCP7HNgcEWlXc29vrd2oiA9nanKLcJzLYVL0lBBbPVX4 +8PGvRFKvJVHI17LWqpq3aOF8kOSf/4QyRIafWdGzxvAFycAiq2Bs1/B7BeUqmhWO +3FXs6VNLAKDqqMUc7apbVRFSV6/kbQ8PLTYw0QP/dRwVX9NtBEogFNoSU4jw1sRg ++nqGQplE9OXESMQO3fiszBkCWghsKk+/O+HcFrIiSAxRPR3y8nXCsaLQEf4WfrD7 +nKFeGWDIqPvi3KJOzuaqZP3DMf4LdfltmM/zHifZo4aBkkIQd6703vBFAYA0lONH ++W5qyx0ZnYr7XunDqkMD/2JC3cogap2H6IzaHl9oQegGKGwrCErBuJxCeL9i7h/+ +5Wg8ou6TE8kAGf1oMeeWwrWOBxub4xsUqfYk+mKM//O2OkCMfVFQgQQtjy5CtFQx +X5AErQ4Ukoy8XmNGOAi9ipWpL0450XwNvusaeff4D1ztJbCb+LMkqI9gYEQWSwxF +tCNKLiBNaWNoYWVsIEFzaGxleSA8amFzaGxleUBhY20ub3JnPohVBBMRAgAVBQI3 +RcCEAwsKAwMVAwIDFgIBAheAAAoJEAcDKpaJBMjiiuQAni3iUNjDvqvOQOlIgz1d +5ibjHrA8AKDWPy7kZN+W3Leptp3FYTIMTbDpU7kBDQQ23bjuEAQAl1Txo5tRemsP +8mNmoBlGQx/4EmN61ga/V8iBS7u7MvzI1zktNuHaK7rJItE4ilyGeivXitZ74eGV +7P2/rbNhWnOo1fMlvLvl8mDNmLD2nJovu4LVFXGhoYdGb75d2YbCCBN5Q/BSYh+l +b2wd6VewnqMy6A9iGULaAWz10G2IOYMAAwYD/iooRihzfIC6rw6K2kASGRiy/dts +3w0L9Iu5DsxLFH2tHUpv8fPVDuvGkRfwPuKaTHAvq90/I46/3BBTOOneMaW1+RAL +hM5f4ytsYNlDDerhRiuGyEjoGtXVjXye/3SwIxISrg0EO7UHNtr4rObQEfF69RcT +gjzKdO2n2WlP+7/qiEwEGBECAAwFAjdVLZwFCQHwga4ACgkQBwMqlokEyOIEvwCe +IHFkUaLTPmaZhAOs3yfwDtAC33gAn3f2BoDALaHL1uqu/unWQA1JZRTYmQGiBDfj +Y5kRBADMfdIcB6LbzfMZAe9+3GMqLgx5fUEhX9GVZIxb3w+ZBGbJGrERMtEigd+S +Y2xR9TWyhd/eVh80qcgGzA9Fyb6IOdVwN6HxtYdIz4CZP6ZmtSM8jecfbbKsf/Ol +BJQ6RZlAWNjE6F2r1D/gHpw1ZEl+lSlW3ObCEkeXBC/er/fIowCgwia77SmSgm3b +GgHEqfFQ8MID6lsD/0h45kDwi3K8WhI6lnZP0zpnNfA6753QaA9NqB8MY36YCVtx +OhBm7GUCgKyfh9zrTpZWwcBcAQyyB8Ld3K7cWi0uLy+gO2169cRApR0S1l6BlkbO +9wlv1zoRR1VT2gQCMGw6mjyne99v4Hst7UXV/nXvOsdrxdS5tTkAEL7Alzz0BACc +imFIsBD1CKqqN0fTdZooVrBZzpn6ZjTgzX1hKr61fuFyPgMkhzutN2jXy8tweCZw +FmN5XZ9cu7mxAdN9Xmwk7Kl0EGChwZdm7Sx9UTvu9kJnGOQvqtOkWB86Ts+r4fVb +w65BqcrZZzuMQrUqliM/YVUGazN/w2uyApNPByJUzbQ4TWljaGFlbCBSb3RoIChV +c2VkIGZvciBrZXkgc2lnbmF0dXJlcykgPG1yb3RoQGdudXBnLm9yZz6IVQQTEQIA +FQUCN+NjmQMLCgMDFQMCAxYCAQIXgAAKCRDKFfq6GxOtQUZWAJ40vGK1b1f2KN7u +BHOHLDAHvnuPLwCfXHyq3wGapWGDw6txlP9LMec1jf2JAJQDBRA342hqcwhlf6d9 +2r0BAenKA/d9luNiVpPciTyfM9W4GybmWSlLt0qxrY34WSNL5IOG6P2H335skdAC +xSUlwBSkD2IzoaQ0LAyGw0jsk8yWhfQqgjWxjZ0zcmKHZJZsMLwtvA4FeOSQuscf +kYsbA3vZWotYO1o9jyfAZTj0MeALzGEmxBeGUNiKUEnbBU0Lg+c8iEYEEBECAAYF +AjfjadIACgkQAJxC28xc8YI7iQCfboS4b2tqYvml31ouMT6XPHhTsYMAnRGQId+W +7mOHlWHvrddjwu8JHms6mQGiBDbYl60RBACxaonXMHpbmyzoQyxn7wYXGpEJZnKc +IWRc/sE++XSebUZMJOk09qkKhtg1TQ8D0Siv1/EjuqjoKP2f9+EOIW55+55vQsti +XwevF6pJBFYGGRluQPoFbUilDzCDmismFv0xwIEoOLftxvyvlmmw4Upx3/8TY83f +dQGzxSDvNbPEtwCguK4ARxZub/SQgLMy6S9/7itEfHcD/RXRVGmz3dDxXtgdAqwV +mY7RI+FOPQdn+DiFaaTjmqgP+NR6w5v72+jE5cdn/OnYmXQcERXc/4nZgWHdKmso +eLvLs0hpk9zFhgHkSufCWlo0ZYemaWRYrRI5mukGFIMbPdPEaySNQEqC78Rgj2wm +FJ2ttbAQlSRi332xTwFbzY4XA/9RppZOE9hGCh+2P4FgtHMgf7L8JUJVgR9tIKUv +GXjDkSWEqIMeyKeXFoPk5QdxNVM5sRYf6gmV6U3zHUOfEzlOf5GUJyPkmwl9RADE +6uyk4ySlW2d6+glsM0/Fd9Pyyzb0v6xfAPDFyTYU1X6vUDp0FyzPUijhbrdj4Fwm +fAVf3LQeTWljaGFlbCBSb3RoIDxtcm90aEBnbnVwZy5vcmc+iFsEExECABsFAjfi +yIQFCQlnNJ8DCwoDAxUDAgMWAgECF4AACgkQAJxC28xc8YKnHACeMFOdlg4xjXgE +FzyA7MQFxyXmyuoAnRCcbQ4bvEm/fxaaBFRnJgavm25LiQCVAwUQN+NpSnMIZX+n +fdq9AQF72gP7ByZG6W8yTz+1nv+CMvGIGLa4otN812X5lXvvIpH7bNgoWWD70xvH +5GP/Q5e3yUh4aGGN59uOVVQ5uoa3VFYl1ufWt2LvxaSW2q7f0FcvEref/5biu3gx +2O296DWENYPP3xZtaD+htaDP4h18RFBIvbZz9Ryp9C8myGEPQGcOxw+IRgQQEQIA +BgUCN+NqjQAKCRDKFfq6GxOtQfhaAJ9bMyNoYhAf3jkeMy1cnXoyr9ZbwQCfeWjK +xnAa+++nbYVEnuPP2gUdume0Hk1pY2hhZWwgUm90aCA8bXJvdGhAbmVzc2llLmRl +PohbBBMRAgAbBQI34siUBQkJZzSfAwsKAwMVAwIDFgIBAheAAAoJEACcQtvMXPGC +iF4AniaC76L0oLBvc0jA40NCXMDz4PX2AJ9RGPnHKf0XmaRXcTOlR8MiH1CeoLkB +zQQ22JgDEAcAqtpFls8cnLDIh1r6gSRf8sYiv5qd+a8CDd/LWHveWeGCeuBiVbwv +SG0q9ci13ZRIEtHXi0BVWLBpz/YqQCHJX4Vk2iV6yY7rCo0rFOEzyco+Glssjg1G +/ZCuVkGo4rpLKqOn6oXq92ojwBNjdYeBOOoZ78jp65gJ3OC0ckYanrRUe3J9bc0W +lAA+to/Dus91Ivkggu/iH5DEPrf/PQY14t7jxCcxBJCa8XaC04LrXVphPuuRziVe +gINTU02fdyrZlAyWf+0KZq5rMza1N+NwSxjkxBOzM+lbhA5PSekqHp8AAwUG/12f +DRpOtZ/GrKoUgkML8urMjxKFD4Hh6l1Wb5NCEe4tIm38yI+C/AwMCY5cDlf03YOZ +0ThTVjpvQfYT8EJuPbZ+2dGYEroY3OBLetcg6DDh4saKsVU2XSLHyCh2xPzOiusB +xNPrmvqd63S7JnRSSsEfgwYpKpA/GNMSJyyFpT4vtvK3jOON0v7uobYOBTLRuwj3 +OJMJfyQDa6WyiTJxUvsuQL0MK5cZG7oLUWTK9ZrFPuqzLeZAcpIgJ/QMJ/PnrRnZ +gUnXEbsnCVZ33NVBtiK/ktS2RTQKcvCNPtnimRqsiEwEGBECAAwFAjbYmAMFCQlm +AYAACgkQAJxC28xc8YJTTACgmUYdFZGR8pk9NbB4lpnKnum15WUAoIgDLWQA+qb1 +EPtpywwRBvqGOVUPmQGiBDgf7uARBADdNye00iQMSe4RULS0hDKVGNl1CFGzeol+ +AoNkW9bqXD3f9KNrWD11r9tef6C4OMN2fILO7cpD+YZwuHjXv6xSDAoZ31bmsxQn +N51YhwFhZRh8K/XheaULO9gedCZaXndQ8dvXGC/doKKOo/CNGK8gct+cPPr0N6cu +FztlgRpbqwCgm8u3ylalEvlWhXOjVYoTnEs04aMEAJVK0ZcYjHUdXWXi+TaDZCJq +ktk/r2E4M4/EsBTIkuAuy6RvPediVShRQ/CZl0MCQHM17ywdC+PXgOmQLeGbR8m8 +flK9HROJQebHB23/MK2knm/yKgqSJbtoDv23QRfZjNd1aox50uFLvv36CDMhAMQ4 +ENHrBzuj5bMZo8nMELVaBACPlGKAcAO2FP6DpmcJIXDnO+oVHvs4QMzADn+/aBQp +H3UQASAbu7aH/84SLBUH0h1Z9QNkKLuMtpC0rVHqRsw4d4FmOxoxvOF8hQnICiQr +2XRMDKZwR/+gH9Vh2XFRi4j/xHH2h787C6bKoOPd6UPJM1HdxNPQlG89fb4hgv/e +WbQ+TmlpYmUgWXV0YWthIChHTlUvTGludXggb24gU3VwZXJIIFByb2plY3QpIDxn +bmlpYmVAY2hyb290Lm9yZz6IWwQTEQIAGwUCOB/u4AUJA8JnAAMLCgMDFQMCAxYC +AQIXgAAKCRDj8lhUEo8OeTsQAJ96XKYFFJuwup2Mce9mDk6EOnEEdACdFp6gwm6x +T6Hm1FD53oKNgrnafhqIRgQQEQIABgUCOB/w/QAKCRC+6Lh52/bl/+myAJ0UubvN +9ydWvrdgkKbfokKJTrOC0wCgooxVzceD44Oo/C1kaHjXv5yFQeKIRgQQEQIABgUC +OClPHgAKCRBd4kmWWwNYol/nAJ0YXC3/sGqBaddoLqoLpo1kapcthACglrEi6n5z +6OcQO+II4Fe6wFOisYu5AQ0EOB/u8RAEALec6/ux2Py+0Wv/w5J/VmDzUNDOHQJM +kxTEQbp+vZ80Quf8FoMy8i9PciekoDl+oB8/zQDs92SgqGVD0+y8K9UPIEvmifjr +oPn+EsIrXf8M7dGGotCtwaiEwDxwmetlQMYLd84XqLj0LgGzdT3/7dMurhUiGZH7 +dpWMfUZAVNjHAAMFA/9iLg3F0Bqi1dVDeCMqOVCOcWKhulFG80il3TwS9Q7SpvJX +/4yZyoEdyJ/VYm4PakvDUyiy4MuhsvGSwCEyXD4IskEkmlf97jDoBiiktexkjlKI +vmp7P0XNQMURXFLqDilI9YY2jVAu4XNw+G0G1ImGgzbadbraUl1J1uJtvg+NOYhM +BBgRAgAMBQI4H+7xBQkDwmcAAAoJEOPyWFQSjw55J58An1UbKjszsK+9Awtz3a+5 +gNiuzdo5AKCE5Pv3w56DMeZLH8GyZkVqo1QsrZkBogQ3KcaNEQQAsRxnSrRpASl8 +e0lOtR3C7I1MoCuivlawh48JzC9WXgA/Pgn+VOLiDDob/zjQoNbBEoG+BHrwq+AC +CVBQFAiMMNur8u7qY+R4eLWD/KDKaNcydchdKehw0eiy7d9mv0hTHSmkUIgIpy4k +d+XvsbozP40+/G+yNjGEHvJf3tsO8ocAoP4wWPnUPNwWkuKn41tR3cb2m+ZlA/0Q +lIn4E3Na3o0AhhuLC3YrJ4X4rHJmUJg+i2mS3lJCM3HPJRCdz/eIlU4WiaBpNPve +PMEeg5KSluqdYOsCvBa6XsAGm8gxQ2Wzf6ZqsXdBxztjwXqcLeuBKFfuDUlwloYI +Rie+naIgPasYwu3ABG4peRJmc8aRXJCg39rE8MK4BAP+Pt+NqJQw9S9ykLDDIXDD +ucH7YOBxfvUo18lPr+iNuPcbXh3fQQoibk4qK0w699YLGD25KizP+FTiCrD2fy9i +knUplevJkGDTdeDLrAPYVYTM2hryLPcisSP55Yf0GW6SnkFbE5LKYHo5YQF+9rvp +yUCR4xXm6CXo9m9FKBuuk5i0Hk5pa2xhcyBIZXJuYWV1cyA8bmhAZGYubHRoLnNl +PohbBBMRAgAbBQI3KcaNBQklmAYAAwsKAwMVAwIDFgIBAheAAAoJEHUPZJXInZM+ +i40AoIykcWzV7PpBoEG4MbTXTNpKBeTIAJ9tJcXW7S/ox+iJGOrBXgSlB7bXnIhG +BBARAgAGBQI3NDnLAAoJEF3iSZZbA1iipZEAoKm4vkXn0/4KC0aZp5o2U5zyErZe +AKDF3mdMyHEumx4xSWJyX4TvDZ+3ybkCDQQ3Kc4MEAgAsgkRCXJQLlHgk4Fu1Jk+ +UKEDdMZYufSOGR0D57WxbRtArPqDMox1NqFHGi8Sg88TtDwH6/BnGkYCOuBQidaE +BPQtl7jeU6fQhXL4kRY3KB50/ChzzUB/G+LsT8COCUIsNDiBQxwEiLTEOMFAqbRA +ugQhZnUKrf0auZKnB53RPhAuIdGozC+k9+vJl0l76e+JcVr8AL6wWBQO00UbKgp+ +MKiWjFDSYIFtMNrXO9rfHW1n3jW79bvAVyFl9rwEbL0gbSWmaZKXIWI7D11J8aYF +3ppDk5UsCc0Cs70okV9d58s0PjnTqwAcVxZcyoO81qJVOPesRVJ4jURdGeSBTqNM +rwADBwgArjJRLMSTveaC2tELGSr7qBioUJ9FbFk0A5D8vH3Xcr34E/m0sgNGJSD3 +qWQNXN0OpH7hKdeiwEPLE8gR/Tnxwgb+r3S0dBViktQPMajdW5S/dJfusTdqBzo2 +LgdZ24lVl1O0ZKci+6SVWt5SBxbAYYtgSEjiGhbWUDdQoC52yNGUQvG9wL5OD1BK +y94wzKQZi9WV/NdNfJPMjZv+tx3pezfGYTPDnUpP1CoLXY/gre+APwr9yHAg46Hz +F+DQT+KAWQDTxahEUk9OE86nR3gO0zNN2KzGKb297ikcLWYusW9QQ46X3uIBTYmK +PZP9l/bR7322tj88GPaKPesZE8rR2ohMBBgRAgAMBQI3Kc4MBQklmAYAAAoJEHUP +ZJXInZM+GUwAn2qcZ8hOcrD1Bw7zZofZ+xm8wDL/AJ9DJQbxAae5kKnBDG1O28B4 +J0wF45kBogQ14HkWEQQA1qRbEQxVQzxv1QAvAgFoW3nT+BbWAs5fenhmvkWIMunk +xhB8cIeYaImzmdDK0YioSgQ03ER5O4x5AcVKXiUJKUWqIermAqSCk6W0z8iWD0Vu +boP8JrAJ6hd5WCWPpzb41OJumi5Xy3RzWdYWq2IOXOVZM2Wt1gnXA7p2PxS+ZqMA +oKLnKFiDGdQPqKH5zwG488A95X9lA/4mkc0LBxfBIipWEE3HzgkcmNRb0zdxzUGY +TGrHIYK3i7TZrfq09+jTA1dMbs2tX/nbUdd1oMaKefCqBw3hD50E685bla17TPFh +NXhBRCCGhH8IGGAg0o6P3B0+QQHJsp7eof/VKgIFN6NeXga+621vkal5eU6jHQ44 +sHHkkkk0fQQAu8a0B2kf4VFHIE4kDraDPgIkhWV2r7efsLJj671NOKBHOMzWB+PK +0eh0b6Tc34n44lyH6Cmc2F9xUzk7POa/uEi8aPB1z2/NdYeFg6nKTrkN4nYnQtYr +GG4oPgeX0+DoNHmlRJto+pYMU8PwJA9fCT1K+szRr5p072LImZ7lsk20LlBldGVy +IEdlcndpbnNraSAoRWxHL0RTQSkgPHBldGVyQGdlcndpbnNraS5kZT6IVwQTEQIA +FwUCNmGXiwMLBAMFFQMCBgEDFgIBAheAAAoJEJg0ZdshQ5Qir60An1Zl/jBAU7Cx +XINEaZupk1TmkdiDAKCFGR9orHjfKgw+xEA+idd/Ls0lDohGBBARAgAGBQI3pyH0 +AAoJEF3iSZZbA1iiXRAAnRCydbPV/ipvi0NfEzV9+RC8lBxNAJ9jQwXwCKt0HVc8 +/Y3OVY/WI1LnTbkCDQQ14Hp8EAgAoz58r9ogDLeyaL8NoMXoMhJ0ogHqC0jzt6xa +zw/h6t0AJE1He5tMF1yVkenXo+sah2oTjrm38fRVXODbACvmn1oP+WLcK7/bG82V +Ol4Zv0Iu+8X1KzXz2JGae+h0ogNcwyW7CXfPSEVhrCBTY7i7mdnAoyGFoW0yFSvt +8YcRXdN7GU16tdATfruMV276MuStGwNIWYYfjFtqwFBdaVOpwMfJs2golT7PLEIj +O2l1u1ZtAI6WvuEzQH4ftzzihmHQXMf4YsvtL5g/8TSJfmfUEFbbKFbU5bIbHzG4 +yj/O8uEBBj7u01oGpu/5UVFTgslvTIEAWx54sfT/oA06PvhsDwADBQf/VWZUn/wC +/gktKZfh6Aq7RRI2K5bJEXhXE5p0rPWLMQy+v4DPGcuDF3nLg1IZT5mbLUGEh+7n +zEgUsmLGPqBz54DgjhBxO1DfAfV3HVnYYpL7DO1u4ceCUh2O9PwLnp1+4W2XmND5 +nFrQ6gGChCgwb79/PxQdLEgj9dlf+vrv5SfajmTydiFCZ0+0GZRFDytdIda08TWv +DabV/41F3T0TSbCMGPWr/TgrfQ6yeyOUpO9lmVbS0u9gKWGAedVOofMYi7Lqp+Pt +zNQTwd9PKCP/HSjUxmm4xX3yVZuUxUV97ckucB8TOlr9deNnq32jnMuP9DeWpBz4 +05uwoBLYvOGNAYhGBBgRAgAGBQI14Hp8AAoJEJg0ZdshQ5QitJcAn0sn+TIAlbNC +3YS5YxlYbExg6UnxAJwM+TJoHjFG8+rZ0nW7/vVq6+hHl5kBogQ3zBNgEQQA7vY0 +FBndb1BOSmisOzqCtcqwzP7iMKF+hwEKDqRKrO/oZ7zqMXigROEDb+ar95oSh2EX +7tETk2b8ga9LA0UxT8nZ8e4eCOOchNggLyX4ZpsyrVTMGwahnjf8KsepIaKqfEnQ +lzE4KsnLsuC+LKodhDUoInZIn/9bC6cRrCfe/xMAoJdLRTMDNe0+ruy2LtnwQg14 +vRp7BADm9fBrVW89COBepWr/xVQ89mDA23oiAaLrKjiJb8LQg9NpmGa5AFuWBym2 +Y5MzjremPeqmjMfXGyXIu5o+9e1k5DQ72NB/m24FdrYkCW38sinIVVghDtvzLniG +fOwBL+c0iA0BweBCNuouoJjJegPQbzaliTgcV8ZjuCq4juyp4AQApBN45mj8JIwZ +wbsNnAmZ4mtv3gR03k20Tk4uCurktNjd0HvU28HOyg/ZehxeoKMd14R/8NZBE39W +vzJHnAVzfcsmNV1SQS7fSxD2f0FsWYxfF2ErBhwhK3GIuKAujPnlzjT57ZnhzBuH +cALohJ1izyVOcBwFIAc+mwZSBRAKILq0OFJpY2hhcmQgR3V5IEJyaWdncyAoZ3Bn +LWxhcCkgPHJnYkBjb25zY29vcC5vdHRhd2Eub24uY2E+iFsEExECABsFAjfME2AF +CQPCZwADCwoDAxUDAgMWAgECF4AACgkQNmdg8X0u14ixOACfcmzB1f4YZ2yC0jyX +efVFtbIZ/fMAn35OwFji+uU6/BFLYXnsMlsJMsOMuQENBDfME3QQBADQcXxUkW/f +6s6S7RXOUIIV9CgHiZpHPV7T23wQhQOOtVjO2akFLryNI6Z6a66JRhS6fRa3+eiL +9TB0umC8e297dHrzObs43bf5h7sTJB8xHTUI9v4rlMwC8Bk3oghnoCJ820MADttR +p+CUWMkPaBQoDTJJhyfju66lgxZoycLVMwADBgQApLUhOmpHB+zGMvluBUJgBEja +Z553bU/gLzRsTCvt1gnIXLjxYXkiKjLyXfym47mXNaGUGWC7b7yaMVjhfnF3bJ5t +xeIiL7/p3ei17aYOlzXx3MhmuPRhS1IJbXfXChPc7toCqDeSFmnGmVWJZ+zuleTm +OITYkgt5Lshp/N1NZXKITAQYEQIADAUCN8wTdAUJA8JnAAAKCRA2Z2DxfS7XiApb +AJ94BeAKtqsshjVPWijCZ/8SBcJogwCggQjLX5KwZzhHASEXQ/oMvAgS6OKZAaIE +Nuv2vBEEAJttf93iMoIaranZOJ8AR0V0ax+4bTo61nQ392tjaRiPv+9lWuY1O3rv +pHTzTtXP5Qtz1Uw51jn5rDAA43mwz0+cR93g873ecb41/9LRKF8I9CbmZO6N70Re +mLdGb4R1FQ2gMHAwIz+Z54esABLQgq1qUZ66k1+TL/3EZRLnRSk3AKD8fayzCfyw +Vxgy8C67Z35FdBsVGwP9HLfVXrDoAkl3St52A9cIqYKCjWk7Hbv3mdNZIz8pEuhY +7BlpPeMwP9p5cEqlTMjaQHfefHwm1K7GthihkGAHyWM2iZLZSQzIFPG1ER+feTCA +VjSSbvoDGyhHbW+uhGYaNwSLQC36+NrC6ULoTq6Uh86Klpa7mJzLAq+b/6XKhR8D +/jzTElA97kUJEzdpbm5YtqDsu9H16Zdlf+jO59MNi2rcElt3w+thNfucNHVo8fm0 +FGgTpXwNss0Ej4cBXKc8m1ujAWG/hC9s9MMaa1uUgbqngGhZrOvcXXFCJZwoWteW +K4rqucRx7BAl3hyQwl3KK8TY60Te329VBIcKJyVvb7TFtDFVbHJpayBEaWNrb3cg +KG9ubGluZSBHbnVQRyB0ZXN0KSA8dWtkQGthbXBzYXguZGs+iQCVAwUQNuwRdSDu +hu1tZgc9AQEAzwP9HnvIc9zYRmjQEsB44Aik6/pQvrBsSpLNzAWelEaMw6bFHaQT +1PtMnpFmGxbJR6MBBsWku2armlC8G4EUVn9AR07BtXGVGfn8xsHs4MK77QPO7C/I +eqOdotrEYr/OmpXMjBHTfB3B/9vu1p4+ubA8jrY/9DKxRLeWtoJcT19Pe/+JARUD +BRA2744i2gTMWm1DVDsBAQohCACL7/fi/RR7eZc6c0aXEqdytMmAoIg/056jdhwe +OiJITmXxDwNzaDbofOMWGm2IbDb3XfAU52WmKRsnlUFZFWEmHQurUaApx6xGqQiG +wJC38sBS+CfbMmhbvWBeu0XI4V/F/wfzpxYCbELULEHsAeDMXCa4TLhKfmZdrde5 +1RJgK+bNZx/HVCwwU5YtGHbyJ/lYDlg8FxxRCPAAb31mSviRJLLrdEwPWWdi9lGr +G8kp10nnDsfl3mxlItWKAa7ey7ntYi/1glIxSdqgXhfKiXCgZLRC98cQMyj0J3fY +HXF19fkugPCCx5itawmWLeS7sKAkMKBmsqcWKaYp3oy8WnR7iFsEExECABsFAjbr +9rwFCQF+UwADCwoDAxUDAgMWAgECF4AACgkQ9u7fIBhLxNmwfgCg6vEPiWfYZ4Bt +tUvCbLqw7qxl354AoMzEob55S7m8YjrkDP0iimJfHsKliEYEEBECAAYFAjc0ONQA +CgkQXeJJllsDWKKeoACbB7pifCZOprEAEwLyaJmaSvYOvUkAn1CaMjj9cxhwQxLg +7X1Db3FTm3PbuQINBDbr92cQCACHpMcXbJWET55YL4vcHhgZnlzdthEHunAp0EG4 +RznS4ESJX7D2Ll2jO74fD25XFQ/6HsvZl+ITZhMMDW5p8lTfniVBPRWRQaVSzjzw +A0UykQVSf093unT7bSIsGZAMmUymD1ucG5Jh0eHGQq4REmBuvSm6CKh6JRmAJbyk +TKWhfagX5TN0+mHD+CcFKzsgorYRh7KNlFLB6idtAZxFqdhHXkI64kysMVFt6ZlA +2CV5LCQy8m1lLc0WuXM58tWDZ84UeBCJfO+5N8EwkS1S4dRWouOxFWx8nJpje0NP +tb/vyZRQ+JMClVaKOLjmC017k4F8XxVYNqZ7Y5TWmr6sl2WnAAQLB/9iaLQ3eGPG +9GWv9pp/wAYIYzMiDsokdHXf7gOifZXG1DT3Gn1gXqgJmYP3DQN1l6b7NboH+ekB +Ua4D1Y9glIf4/HbdCtv6fGFGv2JWDwNWkU1H88ZrDmwAxcOS9vu9D78ElnACrV46 +OOfmc0PnDseZCgGSuAscXU8YM/zLIGFMvmeALzHxPVOLrLp/Ep0+kGNKdEEDV5ht +5F81uOpTMNkacASAdUqS5iseSjITYbo1sk4j5Fn8pTTn0U9445b/KjKiEH+jbn4x +fPcC03FaXvMnFP+1nAqLbgFmVJ2ljjgEBbgkDPumsrjIuU2ZgSN9CZZ4tQke/FU0 +7RttYHde48eziEwEGBECAAwFAjbr92cFCQF+UwAACgkQ9u7fIBhLxNmnUACgrtAG +GLWPUQbGR/6OQa9AZ6xLhnMAn0SZudBARwp97yCM3Wcm433S6xVDmQGiBDWiHh4R +BAD+l0rg5p9rW4M3sKvmeyzhs2mDxhRKDTVVUnTwpMIR2kIA9pT43No/coPajDvh +ZTaDM/vSz25IZDZWJ7gEu86RpoEdtr/eK8GuDcgsWvFs5+YpCDwWG2dx39ME7DN+ +SRvEE1xUm4E9G2Nnd2UNtLgg82wgi/ZK4Ih9CYDyo0a9awCgisn3RvZ/MREJmQq1 ++SjJgDx+c2sEAOEnxGYisqIKcOTdPOTTie7o7x+nem2uac7uOW68N+wRWxhGPIxs +OdueMIa7U94Wg/Ydn4f2WngJpBvKNaHYmW8j1Q5zvZXXpIWRXSvyTR641BceGHNd +YiR/PiDBJsGQ3ac7n7pwhV4qex3IViRDJWz5Dzr88x+Oju63KtxYurUIBACi7d1r +UlHr4ok7iBRlWHYXU2hpUIQ8C+UOE1XXT+HB7mZLSRONQnWMyXnqbAAW+EUUX2xp +b54CevAg4eOilt0es8GZMmU6c0wdUsnMWWqOKHBFFlDIvyI27aZ9quf0yvby63kF +CanQKc0QnqGXQKzuXbFqBYW2UQrYgjXji8rd8bQnV2VybmVyIEtvY2ggKGdudXBn +IHNpZykgPGRkOWpuQGdudS5vcmc+iF0EExECAB0FAjZVoKYFCQhtDIgDCwQDBRUD +AgYBAxYCAQIXgAAKCRBot6uJV1SNzS4+AKCHdeYHMmKQV9mC7REE5Vz6d5rRBgCf +VMcyRP7dxBwhytmwCDpAcCFvCLSJAV8DBRA1oh5DA28RuP8+qgsQA2MyBR0eiPUo +vYMz0DUXBbNs5606eaVeTJOn9WqkYGcS9xOKlGd8Xj0IcAKN30st5AsC5hRqr82r +rUjB5/CuVdbvk+Qkh6ixWCqo+RRrbgf8cKCg1x+lDj9PpeSD/B9UU45ntxYamoXn +PszxtzU+e73Nkbtrej5rgMK8tgTLkhTAbO8M15Mgtw2yOeDFfiCj4xzDkYryvLiP +I5p2vYXTVcgYnwpNRnMZBwUghb1PMSXj7AP0P/8wnpb656yIjH2OAkE5is5HvTEs +2wGUCEXXYKxgLIl9bRPGd2DHfJQ6broxy1RHVmaOrOeDibspx67RRTm3WqbtLiK0 +/nRF0gEjFGxLjQiy92gp6xLRiQsMQdkz0Lwgr0dgSs6JejBlsQPp5nXXkIm9q/hl +6Cly3Zx3KbAIwO5ZF5NyBciezCxSurg64xmxibNhSknblI0vyG+IRgQQEQIABgUC +NaInPAAKCRBsfuG4YhzAE37WAJ9Xzmig1DrfnUt/KwfgidkPohJViQCg0T6afKuR +spWzPAz5TKQpVjd02KmIRgQQEQIABgUCNu1ObAAKCRBd4kmWWwNYomq2AJ9+alN2 +TpVRAhCxP91eqvfEN9HgGgCgrTvpWnB9EKtROr+AT//cujKCyIaZAaIENaIg8xEE +ALYPe0XNsPjx+inTQ+Izz527ZJnoc6BhWik/4a2bZYENSOQXAMKTDQMv2lLeI0i6 +ceB967MNubhHeVdNeOWYHFSM1UGRfhmZERISho3bp+wVZvVG8GBVwpw34PJjgYU/ +0tDwnJaJ8BzX6j0ecTSTjQPnaUEtdJ/u/gmG9j0218TzAKDihdNoKJEU9IKUiSjd +GomSuem/VwQArHfaucSiDmY8+zyZbVLLnK6UJMqtsIv1LvAg20xwXoUk2bY8H3tX +L4UZ8YcoSXYozwALq3cIo5UZJ0q9Of71mI8WLK2iFSYVplpTX0WMClAdkGt3HgVb +7xtOhGt1mEKeRQjNZ2LteUQrRDD9MTQ+XxcvEN0IpAj4kBJe9bR6HzAD/iecCmGw +SlHUZZrgqWzv78o79XxDdcuLdl4i2fL7kwEOf9jsDe7hGs27yrdJEmAG9QF9TOF9 +LJFmE1CqkgW+EpKxsY01Wjm0BFJB1R7iPUaUtFRZxYqfgXarmPjql2iBi+cVjLzG +u+4BSojVAPgP/hhcnIowf4M4edPiICMP1GVjtCFXZXJuZXIgS29jaCA8d2VybmVy +LmtvY2hAZ3V1Zy5kZT6IWwQTEQIAGwUCNs8JNwUJCCCxRAMLCgMDFQMCAxYCAQIX +gAAKCRBsfuG4YhzAE2kgAJ92JKU+YcYHoRhX51+4s3fnPIyNEgCfaiWeoyb15xgd +O6etGiD2MYCWy5mJAHUDBRA1o3cUHRn0wQyYV6UBAT3zAv9HMaPuMWFQKZRTtJyG +Mo0ID+w/DtLn8z7CMBd5L2+2+RTTY36fgwITehtBziIJC9xrFrQnx+VB2pYvprTR +SCg6U7a/hf5T6WT9zj887C2UuIWE6pjLNTvwAqvGsSoAIpWJAV8DBRA1oicOA28R +uP8+qgsQAwfcBR9Iuppp+q1mChXqSYV8oROMFqkTyQJ736IllJ7Q6eGiEMrOpTkY +oFVyFqOJOEivxR+fWJ8xe+e/Kq02Vv0XANGyKias6mqrDnU2BBWuPXAo7y5wVuDn +myZS01LP555lNBVilvDsMC/qQrvHe3y0kp4IAbK1EMG3qbsNHCaHLRTwM+U9Z0CY +nkClbB2gjcC9nbtF3nzoBebowdYytat6eFMrBfYRHAUfZbRN0x6/or+I7WV5gtT+ +GrfVuSxVrGLsK9FN8iXGikiqdL/8BhFntif4BUGdIQdft+UawmT4IlrBL/Owh2hu +l7UPtx4YqwQibGIZjopFSqBGp+j4VFUdapVxMraQLd/PUwZ78nHgF/IXBzhN3Yrh +ryCxIGHrN4MN7OWZjO21F945tga1/FnIXsVBVECLiltnC9+/TBV0fE28aVca7EWB +P+Ix2QWIRgQQEQIABgUCNu1OCwAKCRBd4kmWWwNYonyaAKCxLBsteoVfwn5g5Lug +9QgVCMV76QCfRgQKXQv9zl4oO7Aa1Qljm9zEM3C5AY0ENs8HCBAGAPc1hCpuXmaT +DAUbIqS9CFHkihMnilIwAV+L2Dbq5eOPtoemPKx5+6xtZfzzY9/VCVwZCxY9Y5PE +N9r/twUA478L/FOXv5E4BpX+4R91klt/EZGcNfDl2Ar56FpGJ3iLg4+vxx9m1TV5 +k2nNOUZAVD1L+MoapWhaZFXLMChrhDUcbo7/1Fr1Rfv9j/LkkIJJhqf3G8HzE5Av +CQVSywUayYZdbmqdiY2bklZJVFAXs1X9zSTGoFc8eOxz6i1ZeMq+GwADBgX/T7o5 +R+SOTlJ72ac/g121f1kFX1dbRkQq2pCI95qTehp1AxdSwG3ur2slFCfi8ZDNUqkF +XJrsv5mh1yfqq7zS5T6lGT5lOXCDZbAO2wqNZY1VKeeCdcvD2VMeh8XxJfy8y1ZK +/iE1p8qnokYpA3nFH+JIsdrXk5ceiN3nKk+aDamUkV1sJzeEm5F7QHe60oBKbVGI +UF4EhGq6daVyeCeK4KhWuPYyiEgyaq5/xJZbR3uRcdW6X5AiGJWJOOQoGvWziEwE +GBECAAwFAjbPBwgFCQbzyQAACgkQbH7huGIcwBN5FQCggakIOYzLX3lNq2WWgcAk +SNm7kpoAnA69b3z2E5vxyD3bhggVUDX7j8hruQGNBDWiITwUBgCRCYCU5eLFvzCt +rzesTWLssIQ0vOW8FlYoFc3g416VkCeeQ6bsipGMyG0pEk3vnOpXIpRpTAMqOl/0 +nkra3vmZLEG2ds1Govdeh2Mcr3c5wBSTPdyLuK4L9vbgkjarhd5Ab+/hhHVWh0zT +MRDUgLQkKrg+Xf1BnJcl1kKtQW8xxermu41KV3O0GpMUVSIVuTDUW6D9nJcm97YV +VxuxFcWsHsQS7L6KJT+Rn81WIqTQvhPopEdWwSKuI2UKKJtbX18AAwUF/1Nu/rso +UwOsupBqf/ShJKh2MNAoMaq2iHspBggo9ep+pPxx533J3kwsXA8p/e3sBYbW5xbb +HXXwA1iQ9JTXbZROd0+xrHRxjheRofFo3Ck0UKi0ZDRRFKHEo2lypt1+/L7V3ymk +Rq+A7LGdXUk6QuNkkvArxuDEV1s9ZywkmeO64fc/DPzsLNOA5JhDEw+cjBBzHlu5 +khXk14Qsm1xtt3dFW5or8ZCG3xAmm5dKOLw2XUWKFgOMAJHxNpGUCHnQaYhGBCgR +AgAGBQI4K/uDAAoJEGx+4bhiHMAT2FMAn1xEe77uraGTGkV+eiTiZGKyh8JOAKDO +g+M0i5iKJXr7AsHmjXXsw1Y9kIhMBBgRAgAMBQI1oiE8BQkHhM4AAAoJEGx+4bhi +HMATDfUAoLstR8cg5QtHwSQ3nFCOKEREUFIwAKDID3K3hM+b6jW1o+tNX9dnjb+Y +MZkAbQIwbYOUAAABAwC7ltmO5vdKssohwzXEZeYvDW2ll3CYD2I+ruiNq0ybxkfF +Bopq9cxta0OvVML4LK/TH+60f/Fqx9wg2yk9APXyaomdLrXfWyfZ91YtNCfj3ElC +4XB4qqm0HRn0wQyYV6UABRG0IVdlcm5lciBLb2NoIDx3ZXJuZXIua29jaEBndXVn +LmRlPokAlQMFEDRfoOmOB31Gi6BmjQEBzwgD/2fHcdDXuRRY+SHvIVESweijstB+ +2/sVRp+FCDjR74Kg576sJHfTJCxtSSmzpaVpelb5z4URGJ/Byi5L9AU7hC75S1Zn +J+MjBT6VePyk/r0uBrMkU/lMG7lk/y2By3Hll+edjzJsdwn6aoNPiyen4Ch4UGTE +guxYsLq0HES/UvojiQEVAwUTNECE2gnp+QqKck5FAQH+1Af/QMlYPlLG+5E19qP6 +AilKQUzNkd1TWMenXTS66hGIVwkLVQDi6RCimhnLMq/F7ENA8bSbyyMuncaBz5dH +4kjfiDp1o64LULcTmN1LW9ctpTAIeLLJZnwxoJLkUbLUYKADKqIBXHMt2B0zRmhF +OqEjRN+PhI7XCcHeHWHiDeUB58QKMyeoJ/QG/7zLwnNgDN2PVqq2E72C3ye5FOkY +LcHfWKyBRrn6BdUphAB0LxZujSGk8ohZFbia+zxpWdE8xSBhZbjVGlwLurmS2UTj +jxByBNiheUD6IC3u5P6psld0OfqnpriZofP0CBP2oTk65r529f/1lsy2kfWrVPYI +FJXEnIkAlQMFEDQyneGkWMS9SnJfMQEBMBMD/1ADuhhuY9kyN7Oj6DPrDt5SpPQD +GS0Jtw3yuIPoed+xyzlrEuL2HeaOj1O9urpn8XLN7V21ajkzlqsxnGkOuifbE9UT +67o2b2vCldCcY4nV5n+U1snMDwNv+RkcEgNa8ANiWkm03UItd7/FpHDQP0FIgbPE +PwRoBN87I4gaebfRiQCVAwUQNDUSwxRNm5Suj3z1AQGMTAP/UaXXMhPzcjjLxBW0 +AccTdHUtLi+K+rS5PNxxef2nnasEhCdK4GkM9nwJgsP0EZxCG3ZSAIlWIgQ3MK3Z +AV1Au5pLKolRjFyEZF420wAtiE7V+4lw3FCqNoXDJEFC3BW431kx1wAhDk9VaIHH +adYcof4ddmMLQOW2cJ7LDEEBW/WJAJUDBRA0M/VQImbGhU33abUBARcoA/9eerDB +ZGPCuGyEmQBcr24KPJHWv/EZIKl5DM/Ynz1YZZbzLcvEFww34mvY0jCfoVcCKIeF +FBMKiSKrOMtoVC6cQMKpmhE9hYRStw4E0bcf0BD/stepdVtpwRnG8SDP2Zbmtgyj +YT/7T4Yt6/0f6N/0NC7E9qfq4ZlpU3uCGGu/44kAlQMFEDQz8kp2sPVxuCQEdQEB +c5YD/RixvFcLTO1HznbblrO0WMzQc+R4qQ50CmCpWcFMwvVeQHo/bxoxGggNMmuV +T0bqf7MolZDSJNS96IAN32uf25tYHgERnQaMhmi1aSHvRDh4jxFu8gGVgL6lWit/ +vBDW/BiFBCH6sZJJrGSuSdpecTtaWC8OJGDoKTO9PqAA/HQRiQB1AwUQNDJSx011 +eFs7VOAZAQGdKQL/ea3qD2OP3wVTzXvfjQL1CosX4wyKusBBhdt9u2vOT+KWkiRk +1o35nIOGuZLHtSFQDY8CVDOkqg6g4sVbOcTl8QUwHA+A4AVDInwTm1m4Bk4oeCIw +k4Bp6mDdW11g28k/iQEVAgUSNDIWPm/Y4wPDeaMxAQGvBQgAqGhzA/21K7oL/L5S +5Xz//eO7J8hgvqqGXWd13drNy3bHbKPn7TxilkA3ca24st+6YPZDdSUHLMCqg16Y +OMyQF8gEkX7ZHWPacVoUpCmSz1uQ3p6W3+u5UCkRpgQN8wBbJx5ZpBBqeq5q/31o +kaoNjzA2ghEWyR5Ll+U0C87MY7pc7PlNHGCr0ZNOhhtf1jU+H9ag5UyT6exIYim3 +QqWYruiCLSUcim0l3wK7LMW1w/7Q6cWfAFQvl3rGjt3rg6OWg9J4H2h5ukf5JNiR +ybkupmatUM+OVMRkf93jzU62kbyZpJBHiQZuxxJaLkhpv2RgWib9pbkftwEy/Znm +jkxlIIkAlQMFEDQvWjh4313xYR8/NQEB37QEAIi9vR9h9ennz8Vi7RNU413h1ZoZ +jxfEbOpkQAjE/LrZ/L5WiWdoStSiyqCLPoyPpQafiU8nTOr1KmY4RgceJNgxIW4O +iSMoSvrhc2kqP+skb8A2B4+47Aqjr5fSAVfVfrDMqDGireOguhQ/hf9BOYsM0gs+ +ROdtyLWPtMjRnFlviD8DBRAz8qQSj6lRT5YOKXIRAntSAJ9StSEMBoFvk8iRWpXb +6+LDNLUWzACfT8iY3IxwvMF6jjCHrbuxQkL7chSJARUDBRA0MMO7569NIyeqD3EB +ATIAB/4tCPZ1sLWO07g2ZCpiP1HlYpf5PENaXtaasFvhWch7eUe3DksuMEPzB5Gn +auoQZAkuhEGkoEfrfL3AXtXH+WMm2t7dIcTBD4p3XkeZ+PgJpKiASXDyul9rumXX +vMxSL4KV7ar+F1ZJ0ycCx2r2au0prPao70hDAzLTy16hrWgvdHSK7+wwaYO5TPCL +5JDmcB+dHKW72qNUOD0pxbe0uCkkb+gDxeVX28pZEkIIOMMV/eAs5bs/smV+eJqW +T/EyfVBDo7heF2aeyJj5ecxNOODr88xKF7qEpqazCQ4xhvFY+Yn6+vNCcYfkoZbO +n0XQAvqfa2Vab9woVIVSaDji/mlPiQB1AwUQNDC233FfeD4HYGBJAQFh6QL/XCgm +5O3q9kWpgts1MHKoHoh7vxSSQGSP2k7flNP1UB2nv4sKvyGM8eJKApuROIodcTkc +cM4qXaBuXunMr5kJlvDJPm+NLzKyhtQP2fWI7xGYwiCiB29gm1GFMjdur4amiQEV +AwUQNDBR9fjDdqGixRdJAQE+mAf+JyqJZEVFwNwZ2hSIMewekC1r7N97p924nqfZ +Knzn6weFpE80KIJSWtEVzI0XvHlVCOnS+WRxn7zxwrOTbrcEOy0goVbNgUsP5ypZ +a2/EM546uyyJTvgD0nwA45Q4bP5sGhjh0G63r9Vwov7itFe4RDBGM8ibGnZTr9hH +o469jpomHSNeavcaUYyEqcr4GbpQmdpJTnn/H0A+fMl7ZHRoaclNx9ZksxihuCRr +kQvUOb3uRD9lFIhCvNwEardN62dKOKJXmn1TOtyanZvnmWigU5AmGuk6FpsClm3p +5vvlid64i49fZt9vW5krs2XfUevR4oL0IyUl+qW2HN0DIlDiAYkAlQMFEDQvbv2w +cgJwUPMhJQEBVBID/iOtS8CQfMxtG0EmrfaeVUU8R/pegBmVWDBULAp8CLTtdfxj +Vzs/6DXw0RogXMRRl2aFfu1Yp0xhBYjII6Kque/FzAFXY9VNF1peqnPt7ADdeptY +MppZa8sGn9BBRu9Fsw69z6JkyqvMiVxGcKy3XEpVGr0JHx8Xt6BYdrULiKr2iQB1 +AwUQNC68n6jZR/ntlUftAQFaYgL+NUYEj/sX9M5xq1ORX0SsVPMpNamHO3JBSmZS +Izjiox5MAqoFOCigAkonuzk5aBy/bRHy1cmDBOxf4mNhzrH8N6IkGvPE70cimDnb +Fvr+hoZSjIqxtELNZsLuLVavLPAXiQCVAwUQNC6vWocCuHlnLQXBAQHb1gQAugp6 +2aVzDCuz4ntfXsmlGbLY7o5oZXYIKdPP4riOj4imcJh6cSgYFL6OMzeIp9VW/PHo +2mk8kkdkz5uif5LqOkEuIxgra7p1Yq/LL4YVhWGQeD8hwpmu+ulYoPOw40dVYS36 +PwrHIH9afNhl8Or5O2VIHIWnoQ++9r6gwngFQOyJAJUDBRAzHnkh1sNKtX1rroUB +AWphBACdhuqm7GHoiXptQ/Y5F6BivCjxr9ch+gPSjaLMhq0kBHVO+TbXyVefVVGV +gCYvFPjozM8PEVykQAtY//eJ475aGXjF+BOAhl2z0IMkQKCJMExoEDHbcj0jIIMZ +2/+ptgtbFSyJ2DQ3vvCdbw/1kyPHTPfP+L2u40GWMIYVBbyouokAlQMFEDMe7+UZ +symln7HG2QEBzMED/3L0DyPK/u6PyAd1AdpjUODTkWTZjZ6XA2ubc6IXXsZWpmCg +B/24v8jsJ3DIsvUD3Ke55kTr6xV+au+mAkwOQqWUTUWfQCkSrSDlbUJ1VPBzhyTp +uzjBopte7o3R6XXfcLiC5jY6eCX0QtLGhKpLjTr5uRhf1fYODGsAGXmCByDviQB1 +AgUQMy6UMB0Z9MEMmFelAQHV4AMAjdFUIyFtpTr5jkyZSd3y//0JGO0z9U9hLVxe +BBCwvdEQxsrpeTtVdqpeKZxHN1GhPCYvgLFZAQlcPh/Gc8u9uO7wVSgJc3zYKFTh +KpQevdF/rzjTCHfgigf5Iui0qiqBiQCVAwUQMx22bAtzgG/ED06dAQFi0gQAkosq +TMWy+1eUXbi2azFK3RX5ERf9wlN7mqh7TvwcPXvVWzUARnwRv+4kk3uOWI18q5UP +is7KH3KYOVeRrPd8bbp6SjhBh82ourTEQUXLBDQiI1V1cZZmwwEdlnAnhFnkXgMB +NM2q7oBefRHADfYDfGo90wXyrVVL+GihDNpzUwOJAJUDBRAzHUFnOWvfULwOR3EB +AbOYA/90JIrKmxhwP6quaheFOjjPoxDGEZpGJEOwejEByYj+AgONCRmQS3Bydtub +A+nm/32DFeG8pe/dnFvGc+QgNW560hK21C2KJj72mhjRlg/na7jz4/MmBAv5k61Q +7roWi0rwx+R9NSHxpshC8A92zmvo8w/XzVSogC8pJ04jcnY6YokAlQMFEDMdPtta +9LwlvuSC3QEBvPMD/3TJGroHhHYjHhiEpDZZVszeRQ0cvVI/uLLi5yq3W4F6Jy47 +DF8VckA7mw0bXrOMNACN7Je7uyaU85qvJC2wgoQpFGdFlkjmkAwDAjR+koEysiE8 +FomiOHhvEpEY/SjSS4jj4IPmgV8Vq66XjPw+i7Z0RsPLOIf67yZHxypNiBiYiQCV +AwUQMxxwpKrq6G7/78D5AQHo2QQAjnp6KxOl6Vvv5rLQ/4rj3OemvF7IUUq34xb2 +5i/BSvGBUpDQVUmhv/qIfWvDqWGZedyM+AlNSfUWPWnP41S8OH+lcERH2g2dGKGl +7kH1F2BxByZlqREHm2q624wPPA35RLXtXIx06yYjLtJ7b+FCAX6PUgZktZYk5gwj +doAGrC2JAJUDBRAzGvcCKC6c7f53PGUBAUozA/9l/qKmcqbi8RtLsKQSh3vHds9d +22zcbkuJPBSoOv2D7i2VLshaQFjq+62uYZGE6nU1WP5sZcBDuWjoX4t4NrffnOG/ +1R9D0t1t9F47D77HJzjvo+J52SN520YHcbT8VoHdPRoEOXPN4tzhvn2GapVVdaAl +WM0MLlohNH3I9jap9okAdQMFEDMZlUAnyXglSykrxQEBnuwC/jXbFL+jzs2HQCuo +4gyVrPlUksQCLYZjNnZtw1ca697GV3NhBhSXR9WHLQH+ZWnpTzg2iL3WYSdi9tbP +s78iY1FSd4EG8H9V700oQG8dlICF5W2VjzR7fByNosKM70WSXYkBFQMFEDMWBsGC +y1t9eckWHQEBHzMH/jmrsHwSPrA5R055VCTuDzdS0AJ+tuWkqIyqQQpqbost89Hx +per3MmjLJas/VJv8EheuU3vQ9a8sG2SnlWKLtzFqpk7TCkyq/H3blub0agREbNnY +hHHTGQFCYJb4lWjWvMjfP+N5jvlLcnDqQPloXfAOgy7W90POoqFrsvhxdpnXgoLr +zyNNja1O1NRj+Cdv/GmJYNi6sQe43zmXWeA7syLKMw6058joDqEJFKndgSp3Zy/y +XmObOZ/HC2OJwA3gzEaAu8Pqd1svwGIGznqtTNCn9k1+rMvJPaxglg7PXIJS282h +mBl9AcJlwmh2GUCswl9/sj+REWTb8SgJUbkFcp6JAJUDBRAwdboVMPfsgxioXMEB +AQ/LA/9BFTZ9T95P/TtsxeC7lm9imk2mpNQCBEvXk286FQnGFtDodGfBfcH5SeKH +aUNxFaXr39rDGUtoTE98iAX3qgCElf4V2rzgoHLpuQzCg3U35dfs1rIxlpcSDk5i +vaHpPV3Sv+mlqWL049y+3bGaZeAnwM6kvGMP2uccS9U6cbhpw4hGBBARAgAGBQI3 +GtRfAAoJEF3iSZZbA1iikWUAoIpSuXzuN/CI63dZtT7RL7c/KtWUAJ929SAtTr9S +lpSgxMC8Vk1T1i5/SYkBFQMFEzccnFnSJilEzmrGwQEBJxwH/2oauG+JlUC3zBUs +oWhRQwqo7DdqaPl7sH5oCGDKS4x4CRA23U15NicDI7ox6EizkwCjk0dRr1EeRK+R +qL1b/2T42B6nynOLhRG2A0BPHRRJLcoL4nKfoPSo/6dIC+3iVliGEl90KZZD5bnO +NrVJQkRjZL8Ao+9IpmoYh8XjS5xMLEF9oAQqAkA93nVBm56lKmaL1kl+M3dJFtNK +tVB8de1ZXifDs8HykD42qYVtcseCKxZXhC3UTG5YLNhPvgZKH8WBCr3zcR13hFDx +uecUmu0MVhvEzoKyBYYt0rrqnyWrxwbv4gSTUWH5ZbgsTjc1SYKZxz6hrPQnfYWz +NkznlFWJARUDBRM0xL43CdxwOTnzf10BATOCB/0Q6WrpzwPMofjHj54MiGLKVP++ +YfwzdvnsHxVpTZLZ5Ux8ErDsnLmvUGphnLVELZwEkEGRjln7a19h9oL8UYZaV+Ic +R6tQ06Fb1ldR+q+3nXtBYzGhleXdgJQSKLJkzPF72tvY0DHUB//GUV9IBLQMvfG8 +If/AFsih4iXi96DOtUAbeuIhnMlWwLJFeGjLLsX1u6HSX33xy4bGX6v/UcHbTSSY +axzb92GR/xpP2Xt332hOFRkDZL52g27HS0UrEJWdAVZbh25KbZEl7C6zX/82OZ5n +TEziHo20eOS6Nrt2+gLSeA9X5h/+qUx30kTPz2LUPBQyIqLCJkHM8+0q5j9ciQCi +AwUTNMS+HZFeTizbCJMJAQFrGgRlEAkG1FYU4ufTxsaxhFZy7xv18527Yxpls6mS +Ci1HL55nJoce6TI+Z34MrLOaiZljeQP3EUgzA+cs1sFRago4qz2wS8McmQ9w0FNQ +QMz4vVg9CVi1JUVd4EWYvJpA8swDd5b9+AodYFEsfxt9Z3aP+AcWFb10RlVVsNw9 +EhObc6IMnwAOHCEI9vp5FzzFiQCVAwUQNxyr6UyjTSyISdw9AQHf+wP+K+q6hIQ0 +9tkgaYaDLlWKLbuxePXqM4oO72qi70Gkg0PV5nU4l368R6W5xgR8ZkxlQlg85sJ0 +bL6wW/SjMz7pP9hkhNwk0x3IFkGMTYG8i6Gt8Nm7x70dzJoiC+A496PryYC0rvGV +f+Om8j5uTexBBjb/jpJhAQ/SGqeDeCHheOC0Lldlcm5lciBLb2NoIChtZWluIGFs +dGVyIGtleSkgPHdrQGNvbXB1dGVyLm9yZz6JAHUDBRM2G2MyHRn0wQyYV6UBASKK +Av4wzmK7a9Z+g0KH+6W8ffIhzrQo8wDAU9X1WJKzJjS205tx4mmdnAt58yReBc/+ +5HXTI8IKR8IgF+LVXKWAGv5P5AqGhnPMeQSCs1JYdf9MPvbe34jD8wA1LTWFXn9e +/cWIRgQQEQIABgUCNxrUaQAKCRBd4kmWWwNYovRiAJ9dJBVfjx9lGARoFXmAieYr +MGDrmwCZAQyO4Wo0ntQ+iq4do9M3/FTFjiCZAaIENu1I6REEAJRGEqcYgXJch5fr +UYBj2EkDkWAbhRqVXnmiF3PjCEGAPMMYsTddiU7wcKfiCAqKWWXow7BjTJl6Do8R +T1jdKpPOlBJXqqPYzsyBxLzE6mLps0K7SLJlSKTQqSVRcx0jx78JWYGlAlP0Kh9s +PV2w/rPh0LrPeOKXT7lZt/DrIhfPAKDL/sVqCrmY3QfvrT8kSKJcgtLWfQP/cfbq +VNrGjW8am631N3UVA3tWfpgM/T9OjmKmw44NE5XfPJTAXlCV5j7zNMUkDeoPkrFF +8DvbpYQs4XWYHozDjhR2Q+eI6gZ0wfmhLHqqc2eVVkEG7dT57Wp9DAtCMe7RZfhn +arTQMqlYtOEa/suiHk0qLo59NsyF8eh68IDNCeYD/Apzonwaq2EQ1OEpfFlp6LcS +nS34+UGZtTO4BgJdmEjr/QrIPp6bJDstgho+/2oR8yQwuHGJwbS/8ADA4IFEpLdu +SpzrABho7RuNQcm96bceRY+7Hza3zf7pg/JGdWOb+bC3S4TIpK+3sx3YNWs7eURw +pGREeJi5/Seic+GXlGzltBpXZXJuZXIgS29jaCA8d2tAZ251cGcub3JnPohbBBMR +AgAbBQI3Gs+QBQkMyXyAAwsKAwMVAwIDFgIBAheAAAoJEF3iSZZbA1iiXcIAnjv7 +ON5AiwzCLBwm9h9ywufXJQuVAJ9RMq6lpPqnDly6UCKz+kGt0EplyIhGBBARAgAG +BQI3GtE9AAoJEGx+4bhiHMAThfQAnjcDvBthtHotN89IP590GSKY287xAJ0WhKl9 +j7gWwpVqCD+ofcq0ZQBG1IkAdQMFEDca0WMdGfTBDJhXpQEB0a4C/0AzSj1eSYFs +4ss2x7xCn0yMPxML+hJdjGnVb0CPJGzzeKpD69pmVsD87nPa53gj0NXi/ADnQvPm +csVs8dr7K5PxXFOXaJzDm72tnLeJKiTesZfMY7MQ0yYQUhUWogSY8YhGBBARAgAG +BQI3GtGjAAoJEGi3q4lXVI3NLfgAoISt+x9r02Hl14njSfGmZIjyUrXuAJ9FhxTq +LUHU1uDZmSSvlKpOcG1pYIhGBBARAgAGBQI3Tx9dAAoJEPbu3yAYS8TZLb4Ani50 +OXjsQCc/gr5G+xZy/yqOqnOWAJ44VlluXNaN6J7yhB9iXtsEGvE+oohGBBARAgAG +BQI3pyb+AAoJEJg0ZdshQ5QifskAn0stcy37RHy7iB2bFB4rPVNDJaizAJ9hCH+0 +yNTOTisrEHLhS0QufAn3H4hFBBARAgAGBQI34UEzAAoJEDZnYPF9LteIeecAn3eT +mQldy/AIYuEFvyaF1FPmQdDNAJj3trsO1mAyzs7+PB++rZunMveeiEYEEBECAAYF +AjgqYg8ACgkQ4/JYVBKPDnkbHQCfRR7qUYmwTxtrf+Fw6hfsYjCy//AAn1eRdkkd +CExOJPwvrHEtZydSmVA1tAtXZXJuZXIgS29jaIhbBBMRAgAbBQI27UjqBQkMyXyA +AwsKAwMVAwIDFgIBAheAAAoJEF3iSZZbA1iitdYAn1IJbSJ46kvsBjq8X44hoybD +ZlbWAKCS2jR5Z+CmMC5WDqNepHXAe3alA4kCHgQQFAMABgUCNy9Z1AAKCRBsTDGl +sdUVZw3FB/9uDXhYYnQZYw1K6445HRZjNRo23NimItJXIuut5e2jwsE3DNuDOPat +qZbtGL61gkAcuG25rxmBJ6JuaAG5lqwXx1vWbk03VlwcFcZPKwCOn4qeJxNn06uP +vkP2jehKYzJFyKwSGv6CSPS1WEZ84A4Lp4pu59W7JgUNUjI7JQEaVbsCl6bMDNh6 +Z+zcN2MefzuWSMcxURI7h8zmu0u5JztwF8v97qWNpZBzlbxLSAgO/RW0vf2kxbgG +WkprbmvXignLC5Sm9YJm6y8Obtkmepn9aaA4dBSzJi51NE6kYhuWw2DyKoLqG5ak +ZIFF27ehFBGGSql9V2zPPoEH+cDHTWrbB/9D5T1ch3WPLPFQvVIaBpgx/pB3KMdD +WjG4Us3HMzoL8zTr23Bs2BcnvVGwMNdXEVl9JONKIfXTQA/372FvmbJxpctQ5dgO +85IXMcF38uyMU1WusVsOzlfD5wsZUc4iBHkhYB+C7l3U8BlT25BWB0adB+ZmDfzd +FI/G9Hd+dnPWsc1QaZLrDvHoVVvFrVBTa3fyA1pwjAcBMA9wGnIkt9ejOdumDcAN +uAIbIOMHCe49ARCRjBFqRtzNGuB7who9lu3Ydg+hSx25cxnIkjzPm2+7ulQPCznW +dXURfXkFw3f75pjmlTIDUi1poPKZBWagVtALQE0zMw7nd0ycWSjiLjaSiEYEEBEC +AAYFAjc6+aMACgkQdQ9klcidkz6GiwCdGe0KSP/vSyEZM/GClQXvjMD4RvMAoJwy +TIdcjPZbQizDeAO3btn2CCwTiEYEEBECAAYFAjc3I8UACgkQ9u7fIBhLxNmHZQCg +lWbPDznIcnOxdDW+k7YgA9+/n00An1ZjSiJipverUxLEFHAbSBWI0IntiQEVAwUQ +N0Pe01KAV0R2U0AdAQHIcQf/Ykx+DvUaCLIYlMrEIDKZ3J/aPbJ8frAjvzYkrgFZ +XhzQT9Xfyr6OkhiyWKFX23yzzDVcrmeIxovCUI7IFY6QM/d5yHr4Y8+18HdyaUva +FLz3o9ZnVp1AeAJ5CkHzfufnrKPRpOzgvXFqttJVPbaVTAyJTo/Bh0fZGHyeHwW8 +3QhmxuWfac6PveoA1DM1+Wax5QoXVeHhyTzIutF3ivpqaHEBUB9xgVEk3jN0svdy +aGCS3QANmXMDBecSPB0cfLtK8AmTV5w04D2kWw4lu+fO593Vp+z8Jsbvwj7QkOGD +vlnY3Crx4qOwqqI7TPP+8bnJZKd1m9aRNbPcPdvXGvUh3YhGBBARAgAGBQI4KmIe +AAoJEOPyWFQSjw55D5AAoJs5OxzJSdYdKsOjh8jLQxOESOE6AJ4vgpvtNaR384dB +JxUE7yxNTPT7aA== +=gKwz -----END PGP PUBLIC KEY BLOCK----- diff --git a/g10/revoke.c b/g10/revoke.c index d93c7a462..3ceb5212f 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -1,5 +1,5 @@ /* revoke.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -24,6 +24,7 @@ #include <string.h> #include <errno.h> #include <assert.h> +#include <ctype.h> #include "options.h" #include "packet.h" @@ -37,6 +38,38 @@ #include "i18n.h" +struct revocation_reason_info { + int code; + char *desc; +}; + + +int +revocation_reason_build_cb( PKT_signature *sig, void *opaque ) +{ + struct revocation_reason_info *reason = opaque; + char *ud = NULL; + byte *buffer; + size_t buflen = 1; + + if( reason->desc ) { + ud = native_to_utf8( reason->desc ); + buflen += strlen(ud); + } + buffer = m_alloc( buflen ); + *buffer = reason->code; + if( ud ) { + memcpy(buffer+1, ud, strlen(ud) ); + m_free( ud ); + } + + build_sig_subpkt( sig, SIGSUBPKT_REVOC_REASON, buffer, buflen ); + m_free( buffer ); + return 0; +} + + + /**************** * Generate a revocation certificate for UNAME */ @@ -55,6 +88,7 @@ gen_revoke( const char *uname ) KBNODE keyblock = NULL; KBNODE node; KBPOS kbpos; + struct revocation_reason_info *reason = NULL; if( opt.batch ) { log_error(_("sorry, can't do this in batch mode\n")); @@ -62,19 +96,6 @@ gen_revoke( const char *uname ) } - /* FIXME: ask for the reason of revocation - 0x00 - No reason specified (key revocations or cert revocations) - Does not make sense! - - 0x01 - Key is superceded (key revocations) - 0x02 - Key material has been compromised (key revocations) - 0x03 - Key is no longer used (key revocations) - 0x20 - User id information is no longer valid (cert revocations) - - Following the revocation code is a string of octets which gives - information about the reason for revocation in human-readable form - */ - memset( &afx, 0, sizeof afx); memset( &zfx, 0, sizeof zfx); init_packet( &pkt ); @@ -113,7 +134,7 @@ gen_revoke( const char *uname ) { size_t n; char *p = get_user_id( sk_keyid, &n ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); m_free(p); tty_printf("\n"); } @@ -136,6 +157,13 @@ gen_revoke( const char *uname ) goto leave; } + /* get the reason for the revocation */ + reason = ask_revocation_reason( 1, 0, 1 ); + if( !reason ) { /* user decided to cancel */ + rc = 0; + goto leave; + } + switch( is_secret_key_protected( sk ) ) { case -1: log_error(_("unknown protection algorithm\n")); @@ -163,7 +191,9 @@ gen_revoke( const char *uname ) iobuf_push_filter( out, armor_filter, &afx ); /* create it */ - rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, NULL, NULL); + rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, + revocation_reason_build_cb, + reason ); if( rc ) { log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc)); goto leave; @@ -198,193 +228,127 @@ gen_revoke( const char *uname ) iobuf_cancel(out); else iobuf_close(out); + release_revocation_reason_info( reason ); return rc; } -#if 0 /* The code is not complete but anyway, now we use */ - /* the edit menu to revoke signature */ -/**************** - * Return true if there is already a revocation signature for KEYID - * in KEYBLOCK at point node. - */ -static int -already_revoked( const KBNODE keyblock, const KBNODE node, u32 *keyid ) ) { -{ - const KBNODE n = find_prev_kbnode( keyblock, node, PKT_USER_ID ); - - for( ; n; n = n->next ) { - PKT_signature *sig; - if( n->pkt->pkttype == PKT_SIGNATURE - && (sig = node->pkt->pkt.signature)->sig_class == 0x30 - && sig->keyid[0] == keyid[0] - && sig->keyid[1] == keyid[1] ) - return 1; - } - else if( n->pkt->pkttype == PKT_USER_ID - break; - else if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY - break; - } - return 0; -} -/**************** - * Ask whether the signature should be revoked. If the user commits this, - * flag bit 0 is set. - */ -static void -ask_revoke_sig( KBNODE keyblock, KBNODE node, PKT_signature *sig ) ) { -{ - KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID ); - if( !unode ) { - log_error("Oops: no user ID for signature\n"); - return; - } - - tty_printf(_("user ID: \"")); - tty_print_string( unode->pkt->pkt.user_id->name, - unode->pkt->pkt.user_id->len, 0 ); - tty_printf(_("\"\nsigned with your key %08lX at %s\n"), - sig->keyid[1], datestr_from_sig(sig) ); - - if( cpr_get_answer_is_yes("ask_revoke_sig.one", - _("Create a revocation certificate for this signature? (y/N)")) ) { - node->flag |= 1; - } -} - -/**************** - * Generate a signature revocation certificate for UNAME - */ -int -gen_sig_revoke( const char *uname ) +struct revocation_reason_info * +ask_revocation_reason( int key_rev, int cert_rev, int hint ) { - int rc = 0; - armor_filter_context_t afx; - compress_filter_context_t zfx; - PACKET pkt; - IOBUF out = NULL; - KBNODE keyblock = NULL; - KBNODE node; - KBPOS kbpos; - int uidchg; - - if( opt.batch ) { - log_error(_("sorry, can't do this in batch mode\n")); - return G10ERR_GENERAL; - } - - - memset( &afx, 0, sizeof afx); - memset( &zfx, 0, sizeof zfx); - init_packet( &pkt ); - - - /* get the keyblock */ - rc = find_keyblock_byname( &kbpos, uname ); - if( rc ) { - log_error(_("public key for user `%s' not found\n"), uname ); - goto leave; - } - - /* read the keyblock */ - rc = read_keyblock( &kbpos, &keyblock ); - if( rc ) { - log_error(_("error reading the certificate: %s\n"), g10_errstr(rc) ); - goto leave; - } - - /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); - if( !node ) { - log_error(_("Oops; public key lost!\n")); - rc = G10ERR_GENERAL; - goto leave; - } - - if( (rc = open_outfile( NULL, 0, &out )) ) - goto leave; - - if( opt.armor ) { - afx.what = 1; - iobuf_push_filter( out, armor_filter, &afx ); - } + int code; + char *description = NULL; + struct revocation_reason_info *reason; + const char *text_1 = _("Key has been compromised"); + const char *text_2 = _("Key is superseded"); + const char *text_3 = _("Key is no longer used"); + const char *text_4 = _("User ID is non longer valid"); + const char *code_text = NULL; + + do { + m_free(description); + description = NULL; + + tty_printf(_("Please select the reason for the revocation:\n")); + if( key_rev ) + tty_printf(" 1 = %s\n", text_1 ); + if( key_rev ) + tty_printf(" 2 = %s\n", text_2 ); + if( key_rev ) + tty_printf(" 3 = %s\n", text_3 ); + if( cert_rev ) + tty_printf(" 4 = %s\n", text_4 ); + tty_printf( " 0 = %s\n", _("Cancel") ); + if( hint ) + tty_printf(_("(Probably you want to select %d here)\n"), hint ); + + for(code = 0; !code;) { + int n; + char *answer = cpr_get("ask_revocation_reason.code", + _("Your decision? ")); + trim_spaces( answer ); + cpr_kill_prompt(); + if( *answer == 'q' || *answer == 'Q' ) + n = 0; + else if( !isdigit( *answer ) ) + n = -1; + else if( hint && !*answer ) + n = hint; + else + n = atoi(answer); + m_free(answer); + if( !n ) + return NULL; /* cancel */ + else if( key_rev && n == 1 ) { + code = 0x02; /* key has been compromised */ + code_text = text_1; + } + else if( key_rev && n == 2 ) { + code = 0x01; /* key is superseded */ + code_text = text_2; + } + else if( key_rev && n == 3 ) { + code = 0x03; /* key is no longer used */ + code_text = text_3; + } + else if( cert_rev && n == 4 ) { + code = 0x20; /* uid is non longer valid */ + code_text = text_4; + } + else + tty_printf(_("Invalid selection.\n")); + } - /* Now walk over all signatures which we did with one of - * our secret keys. Hmmm: Should we check for duplicate signatures */ - clear_kbnode_flags( flags ); - for( node = keyblock; node; node = node->next ) { - PKT_signature *sig; - if( node->pkt->pkttype == PKT_SIGNATURE - && ((sig = node->pkt->pkt.signature)->sig_class&~3) == 0x10 - && seckey_available( sig->keyid ) - && !already_revoked( keyblock, node, sig->keyid ) ) { ) { - ask_revoke_sig( keyblock, node, sig ) + tty_printf(_("Enter an optional description; " + "end it with an empty line:\n") ); + for(;;) { + char *answer = cpr_get("ask_revocation_reason.text", "> " ); + trim_trailing_ws( answer, strlen(answer) ); + cpr_kill_prompt(); + if( !*answer ) { + m_free(answer); + break; + } + + { + char *p = make_printable_string( answer, strlen(answer), 0 ); + m_free(answer); + answer = p; + } + + if( !description ) + description = m_strdup(answer); + else { + char *p = m_alloc( strlen(description) + strlen(answer) + 2 ); + strcpy(stpcpy(stpcpy( p, description),"\n"),answer); + m_free(description); + description = p; + } + m_free(answer); } - else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY - break; - } + tty_printf(_("Reason for revocation: %s\n"), code_text ); + if( !description ) + tty_printf(_("(No description given)\n") ); + else + tty_printf("%s\n", description ); - for( node = keyblock; node; node = node->next ) { { - if( (node->flag & 1) ) - break; - } - if( !node ) { - log_info(_("nothing to revoke\n")); - iobuf_cancel(out); - out = NULL; - goto leave; - } + } while( !cpr_get_answer_is_yes("ask_revocation_reason.okay", + _("Is this okay? ")) ); - init_packet( &pkt ); - pkt.pkttype = PKT_PUBLIC_KEY; - pkt.pkt.public_key = keyblock->pkt->pkt.public_key; - rc = build_packet( out, &pkt ); - if( rc ) { - log_error(_("build_packet failed: %s\n"), g10_errstr(rc) ); - goto leave; - } - uidchg = 1; - for( node = keyblock; node; node = node->next ) { - if( node->pkt->pkttype == PKT_USER_ID ) - uidchg = 1; - if( !(node->flag & 1) ) - continue; - - if( uidchg ) { - /* create a user ID packet */ - ....... - uidchg = 0; - } + reason = m_alloc( sizeof *reason ); + reason->code = code; + reason->desc = description; + return reason; +} - /* create it */ - rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x30, 0, NULL, NULL); - if( rc ) { - log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc)); - goto leave; - } - init_packet( &pkt ); - pkt.pkttype = PKT_SIGNATURE; - pkt.pkt.signature = sig; - - rc = build_packet( out, &pkt ); - if( rc ) { - log_error(_("build_packet failed: %s\n"), g10_errstr(rc) ); - goto leave; - } +void +release_revocation_reason_info( struct revocation_reason_info *reason ) +{ + if( reason ) { + m_free( reason->desc ); + m_free( reason ); } - - leave: - release_kbnode( keyblock ); - if( !out ) - ; - else if( rc ) - iobuf_cancel(out); - else - iobuf_close(out); - return rc; } -#endif /* unused code */ diff --git a/g10/ringedit.c b/g10/ringedit.c index 04d6753de..5fcd458b0 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -1,5 +1,5 @@ /* ringedit.c - Function for key ring editing - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -63,10 +63,6 @@ #include "i18n.h" -#ifdef MKDIR_TAKES_ONE_ARG -# undef mkdir -# define mkdir(a,b) mkdir(a) -#endif struct resource_table_struct { @@ -185,7 +181,6 @@ enum_keyblock_resources( int *sequence, int secret ) } - /**************** * Register a resource (which currently may only be a keyring file). * The first keyring which is added by this function is @@ -291,24 +286,13 @@ add_keyblock_resource( const char *url, int force, int secret ) *last_slash_in_filename = 0; if( access(filename, F_OK) ) { - if( strlen(filename) >= 7 - && !strcmp(filename+strlen(filename)-7, "/.gnupg") ) { - if( mkdir(filename, S_IRUSR|S_IWUSR|S_IXUSR) ) - { - log_error( _("%s: can't create directory: %s\n"), - filename, strerror(errno)); - rc = G10ERR_OPEN_FILE; - goto leave; - } - else if( !opt.quiet ) - log_info( _("%s: directory created\n"), filename ); - copy_options_file( filename ); - } - else - { - rc = G10ERR_OPEN_FILE; - goto leave; - } + /* on the first time we try to create the default homedir and + * in this case the process will be terminated, so that on the + * next invocation it can read the options file in on startup + */ + try_make_homedir( filename ); + rc = G10ERR_OPEN_FILE; + goto leave; } *last_slash_in_filename = '/'; @@ -435,6 +419,35 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) } +/**************** + * Return the filename of the firstkeyblock resource which is intended + * for write access. This will either be the default resource or in + * case this is not writable one of the others. If no writable is found, + * the default filename in the homedirectory will be returned. + * Caller must free, will never return NULL. + */ +char * +get_writable_keyblock_file( int secret ) +{ + int i = secret? default_secret_resource : default_public_resource; + + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + for(i=0; i < MAX_RESOURCES; i++ ) { + if( resource_table[i].used && !resource_table[i].secret == !secret ) { + if( !access( resource_table[i].fname, R_OK|W_OK ) ) { + return m_strdup( resource_table[i].fname ); + } + } + } + /* Assume the home dir is always writable */ + return make_filename(opt.homedir, secret? "secring.gpg" + : "pubring.gpg", NULL ); +} + /**************** * Search a keyblock which starts with the given packet and puts all @@ -737,7 +750,9 @@ enum_keyblocks( int mode, KBPOS *kbpos, KBNODE *ret_root ) if( !mode || mode == 5 || mode == 100 ) { int i; + kbpos->fp = NULL; + kbpos->rt = rt_UNKNOWN; if( !mode ) { kbpos->secret = 0; i = 0; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index a8fae04d6..283e4e816 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -1,5 +1,5 @@ /* seckey-cert.c - secret key certificate packet handling - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -49,6 +49,10 @@ do_check( PKT_secret_key *sk ) CIPHER_HANDLE cipher_hd=NULL; PKT_secret_key *save_sk; + if( sk->protect.s2k.mode == 1001 ) { + log_info(_("secret key parts are not available\n")); + return G10ERR_GENERAL; + } if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); if( check_cipher_algo( sk->protect.algo ) ) { diff --git a/g10/seskey.c b/g10/seskey.c index bb158abc0..d0fe5f9bf 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -1,5 +1,5 @@ /* seskey.c - make sesssion keys etc. - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/sig-check.c b/g10/sig-check.c index 773eff7ca..cb00b86dc 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -1,5 +1,5 @@ /* sig-check.c - Check a signature - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -32,6 +32,7 @@ #include "main.h" #include "status.h" #include "i18n.h" +#include "options.h" struct cmp_help_context_s { PKT_signature *sig; @@ -40,9 +41,9 @@ struct cmp_help_context_s { static int do_signature_check( PKT_signature *sig, MD_HANDLE digest, - u32 *r_expire ); + u32 *r_expiredate, int *r_expired ); static int do_check( PKT_public_key *pk, PKT_signature *sig, - MD_HANDLE digest ); + MD_HANDLE digest, int *r_expired ); /**************** @@ -54,11 +55,13 @@ int signature_check( PKT_signature *sig, MD_HANDLE digest ) { u32 dummy; - return do_signature_check( sig, digest, &dummy ); + int dum2; + return do_signature_check( sig, digest, &dummy, &dum2 ); } static int -do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) +do_signature_check( PKT_signature *sig, MD_HANDLE digest, + u32 *r_expiredate, int *r_expired ) { PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; @@ -66,12 +69,12 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire ) if( is_RSA(sig->pubkey_algo) ) write_status(STATUS_RSA_OR_IDEA); - *r_expire = 0; + *r_expiredate = 0; if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else { - *r_expire = pk->expiredate; - rc = do_check( pk, sig, digest ); + *r_expiredate = pk->expiredate; + rc = do_check( pk, sig, digest, r_expired ); } free_public_key( pk ); @@ -284,13 +287,15 @@ cmp_help( void *opaque, MPI result ) static int -do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) +do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest, + int *r_expired ) { MPI result = NULL; int rc=0; struct cmp_help_context_s ctx; u32 cur_time; + *r_expired = 0; if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_info(_("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n")); @@ -303,7 +308,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) ? _("public key is %lu second newer than the signature\n") : _("public key is %lu seconds newer than the signature\n"), d ); - return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; /* pubkey newer than signature */ } cur_time = make_timestamp(); @@ -313,13 +319,15 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } if( pk->expiredate && pk->expiredate < cur_time ) { log_info(_("NOTE: signature key expired %s\n"), asctimestamp( pk->expiredate ) ); write_status(STATUS_SIGEXPIRED); + *r_expired = 1; } @@ -390,16 +398,30 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) PKT_user_id *uid = unode->pkt->pkt.user_id; assert( unode->pkt->pkttype == PKT_USER_ID ); - if( sig->version >=4 ) { - byte buf[5]; - buf[0] = 0xb4; /* indicates a userid packet */ - buf[1] = uid->len >> 24; /* always use 4 length bytes */ - buf[2] = uid->len >> 16; - buf[3] = uid->len >> 8; - buf[4] = uid->len; - md_write( md, buf, 5 ); + if( uid->photo ) { + if( sig->version >=4 ) { + byte buf[5]; + buf[0] = 0xd1; /* packet of type 17 */ + buf[1] = uid->photolen >> 24; /* always use 4 length bytes */ + buf[2] = uid->photolen >> 16; + buf[3] = uid->photolen >> 8; + buf[4] = uid->photolen; + md_write( md, buf, 5 ); + } + md_write( md, uid->photo, uid->photolen ); + } + else { + if( sig->version >=4 ) { + byte buf[5]; + buf[0] = 0xb4; /* indicates a userid packet */ + buf[1] = uid->len >> 24; /* always use 4 length bytes */ + buf[2] = uid->len >> 16; + buf[3] = uid->len >> 8; + buf[4] = uid->len; + md_write( md, buf, 5 ); + } + md_write( md, uid->name, uid->len ); } - md_write( md, uid->name, uid->len ); } /**************** @@ -411,11 +433,13 @@ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) { u32 dummy; - return check_key_signature2(root, node, is_selfsig, &dummy ); + int dum2; + return check_key_signature2(root, node, is_selfsig, &dummy, &dum2 ); } int -check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) +check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, + u32 *r_expiredate, int *r_expired ) { MD_HANDLE md; PKT_public_key *pk; @@ -425,7 +449,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) if( is_selfsig ) *is_selfsig = 0; - *r_expire = 0; + *r_expiredate = 0; + *r_expired = 0; assert( node->pkt->pkttype == PKT_SIGNATURE ); assert( root->pkt->pkttype == PKT_PUBLIC_KEY ); @@ -445,7 +470,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) if( sig->sig_class == 0x20 ) { md = md_open( algo, 0 ); hash_public_key( md, pk ); - rc = do_check( pk, sig, md ); + rc = do_check( pk, sig, md, r_expired ); md_close(md); } else if( sig->sig_class == 0x28 ) { /* subkey revocation */ @@ -455,7 +480,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) md = md_open( algo, 0 ); hash_public_key( md, pk ); hash_public_key( md, snode->pkt->pkt.public_key ); - rc = do_check( pk, sig, md ); + rc = do_check( pk, sig, md, r_expired ); md_close(md); } else { @@ -477,7 +502,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) md = md_open( algo, 0 ); hash_public_key( md, pk ); hash_public_key( md, snode->pkt->pkt.public_key ); - rc = do_check( pk, sig, md ); + rc = do_check( pk, sig, md, r_expired ); md_close(md); } else { @@ -498,10 +523,10 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire) if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { if( is_selfsig ) *is_selfsig = 1; - rc = do_check( pk, sig, md ); + rc = do_check( pk, sig, md, r_expired ); } else - rc = do_signature_check( sig, md, r_expire ); + rc = do_signature_check( sig, md, r_expiredate, r_expired ); md_close(md); } else { diff --git a/g10/sign.c b/g10/sign.c index eb53794dc..e4b1b8f4e 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -1,5 +1,5 @@ /* sign.c - sign data - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -39,6 +39,12 @@ #include "i18n.h" +#ifdef HAVE_DOSISH_SYSTEM + #define LF "\r\n" +#else + #define LF "\n" +#endif + /**************** * Create a notation. It is assumed that the stings in STRLIST @@ -106,7 +112,8 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, "in future (time warp or clock problem)\n") : _("key has been created %lu seconds " "in future (time warp or clock problem)\n"), d ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } @@ -582,7 +589,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) else if( (rc = open_outfile( fname, 1, &out )) ) goto leave; - iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" ); + iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----" LF ); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; @@ -594,21 +601,28 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } } - if( old_style || only_md5 ) + if( old_style && only_md5 ) iobuf_writestr(out, "\n" ); else { const char *s; int any = 0; + byte hashs_seen[256]; + memset( hashs_seen, 0, sizeof hashs_seen ); iobuf_writestr(out, "Hash: " ); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - s = digest_algo_to_string( hash_for(sk->pubkey_algo) ); - if( s ) { - if( any ) - iobuf_put(out, ',' ); - iobuf_writestr(out, s ); - any = 1; + int i = hash_for(sk->pubkey_algo); + + if( !hashs_seen[ i & 0xff ] ) { + s = digest_algo_to_string( i ); + if( s ) { + hashs_seen[ i & 0xff ] = 1; + if( any ) + iobuf_put(out, ',' ); + iobuf_writestr(out, s ); + any = 1; + } } } assert(any); diff --git a/g10/signal.c b/g10/signal.c index 6ed23e5a0..cf8dbd5eb 100644 --- a/g10/signal.c +++ b/g10/signal.c @@ -1,5 +1,5 @@ /* signal.c - signal handling - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -59,14 +59,23 @@ got_fatal_signal( int sig ) caught_fatal_sig = 1; secmem_term(); - #ifdef IS_DEVELOPMENT_VERSION + /* better don't transtale these messages */ write(2, "\n", 1 ); s = log_get_name(); if( s ) write(2, s, strlen(s) ); write(2, ": ", 2 ); s = get_signal_name(sig); write(2, s, strlen(s) ); write(2, " caught ... exiting\n", 21 ); + + #ifndef HAVE_DOSISH_SYSTEM + { /* reset action to default action and raise signal again */ + struct sigaction nact; + nact.sa_handler = SIG_DFL; + sigemptyset( &nact.sa_mask ); + nact.sa_flags = 0; + sigaction( sig, &nact, NULL); + } #endif - exit(8); /* Hmmm, for some reasons rais2e does not work */ + raise( sig ); } diff --git a/g10/skclist.c b/g10/skclist.c index df8b683f3..3d4b930ce 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -1,5 +1,5 @@ /* skclist.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/status.c b/g10/status.c index 9f1c5a669..38f2c145f 100644 --- a/g10/status.c +++ b/g10/status.c @@ -1,5 +1,5 @@ /* status.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -44,6 +44,7 @@ #include "options.h" #include "main.h" #include "i18n.h" +#include "cipher.h" /* for progress functions */ static int fd = -1; #ifdef USE_SHM_COPROCESSING @@ -53,10 +54,29 @@ static int fd = -1; static int shm_is_locked; #endif /*USE_SHM_COPROCESSING*/ + +static void +progress_cb ( void *ctx, int c ) +{ + char buf[50]; + + if ( c == '\n' ) + sprintf ( buf, "%.20s X 100 100", (char*)ctx ); + else + sprintf ( buf, "%.20s %c 0 0", (char*)ctx, c ); + write_status_text ( STATUS_PROGRESS, buf ); +} + + void set_status_fd ( int newfd ) { fd = newfd; + if ( fd != -1 ) { + register_primegen_progress ( progress_cb, "primegen" ); + register_pk_dsa_progress ( progress_cb, "pk_dsa" ); + register_pk_elg_progress ( progress_cb, "pk_elg" ); + } } int @@ -95,6 +115,10 @@ write_status_text ( int no, const char *text) case STATUS_TRUST_MARGINAL : s = "TRUST_MARGINAL\n"; break; case STATUS_TRUST_FULLY : s = "TRUST_FULLY\n"; break; case STATUS_TRUST_ULTIMATE : s = "TRUST_ULTIMATE\n"; break; + case STATUS_GET_BOOL : s = "GET_BOOL\n"; break; + case STATUS_GET_LINE : s = "GET_LINE\n"; break; + case STATUS_GET_HIDDEN : s = "GET_HIDDEN\n"; break; + case STATUS_GOT_IT : s = "GOT_IT\n"; break; case STATUS_SHM_INFO : s = "SHM_INFO\n"; break; case STATUS_SHM_GET : s = "SHM_GET\n"; break; case STATUS_SHM_GET_BOOL : s = "SHM_GET_BOOL\n"; break; @@ -117,6 +141,15 @@ write_status_text ( int no, const char *text) case STATUS_ERRMDC : s = "ERRMDC\n"; break; case STATUS_IMPORTED : s = "IMPORTED\n"; break; case STATUS_IMPORT_RES : s = "IMPORT_RES\n"; break; + case STATUS_FILE_START : s = "FILE_START\n"; break; + case STATUS_FILE_DONE : s = "FILE_DONE\n"; break; + case STATUS_FILE_ERROR : s = "FILE_ERROR\n"; break; + case STATUS_BEGIN_DECRYPTION:s = "BEGIN_DECRYPTION\n"; break; + case STATUS_END_DECRYPTION : s = "END_DECRYPTION\n"; break; + case STATUS_BEGIN_ENCRYPTION:s = "BEGIN_ENCRYPTION\n"; break; + case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION\n"; break; + case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break; + case STATUS_PROGRESS : s = "PROGRESS\n"; break; default: s = "?\n"; break; } @@ -268,10 +301,50 @@ do_shm_get( const char *keyword, int hidden, int bool ) #endif /* USE_SHM_COPROCESSING */ +/**************** + * Request a string from the client over the command-fd + * If bool, returns static string on true (do not free) or NULL for false + */ +static char * +do_get_from_fd( const char *keyword, int hidden, int bool ) +{ + int i, len; + char *string; + + write_status_text( bool? STATUS_GET_BOOL : + hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword ); + + for( string = NULL, i = len = 200; ; i++ ) { + if( i >= len-1 ) { + char *save = string; + len += 100; + string = hidden? m_alloc_secure ( len ) : m_alloc ( len ); + if( save ) + memcpy(string, save, i ); + else + i=0; + } + /* Hmmm: why not use our read_line function here */ + if( read( fd, string+i, 1) != 1 || string[i] == '\n' ) + break; + } + string[i] = 0; + + write_status( STATUS_GOT_IT ); + + if( bool ) /* Fixme: is this correct??? */ + return string[0] == 'Y' ? "" : NULL; + + return string; +} + + int cpr_enabled() { + if( opt.command_fd != -1 ) + return 1; #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return 1; @@ -284,6 +357,8 @@ cpr_get( const char *keyword, const char *prompt ) { char *p; + if( opt.command_fd != -1 ) + return do_get_from_fd ( keyword, 0, 0 ); #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return do_shm_get( keyword, 0, 0 ); @@ -317,6 +392,8 @@ cpr_get_hidden( const char *keyword, const char *prompt ) { char *p; + if( opt.command_fd != -1 ) + return do_get_from_fd ( keyword, 1, 0 ); #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return do_shm_get( keyword, 1, 0 ); @@ -335,6 +412,8 @@ cpr_get_hidden( const char *keyword, const char *prompt ) void cpr_kill_prompt(void) { + if( opt.command_fd != -1 ) + return; #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return; @@ -349,6 +428,8 @@ cpr_get_answer_is_yes( const char *keyword, const char *prompt ) int yes; char *p; + if( opt.command_fd != -1 ) + return !!do_get_from_fd ( keyword, 0, 1 ); #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return !!do_shm_get( keyword, 0, 1 ); @@ -375,6 +456,8 @@ cpr_get_answer_yes_no_quit( const char *keyword, const char *prompt ) int yes; char *p; + if( opt.command_fd != -1 ) + return !!do_get_from_fd ( keyword, 0, 1 ); #ifdef USE_SHM_COPROCESSING if( opt.shm_coprocess ) return !!do_shm_get( keyword, 0, 1 ); diff --git a/g10/status.h b/g10/status.h index 817b34a3c..667565560 100644 --- a/g10/status.h +++ b/g10/status.h @@ -1,5 +1,5 @@ /* status.h - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -65,7 +65,21 @@ #define STATUS_ERRMDC 35 #define STATUS_IMPORTED 36 #define STATUS_IMPORT_RES 37 +#define STATUS_FILE_START 38 +#define STATUS_FILE_DONE 39 +#define STATUS_FILE_ERROR 40 +#define STATUS_BEGIN_DECRYPTION 41 +#define STATUS_END_DECRYPTION 42 +#define STATUS_BEGIN_ENCRYPTION 43 +#define STATUS_END_ENCRYPTION 44 + +#define STATUS_DELETE_PROBLEM 45 +#define STATUS_GET_BOOL 46 +#define STATUS_GET_LINE 47 +#define STATUS_GET_HIDDEN 48 +#define STATUS_GOT_IT 49 +#define STATUS_PROGRESS 50 /*-- status.c --*/ void set_status_fd ( int fd ); diff --git a/g10/tdbdump.c b/g10/tdbdump.c index 799309e05..3b84103e8 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -1,5 +1,5 @@ /* tdbdump.c - * Copyright (C) 1999 Free Software Foundation, Inc. + * Copyright (C) 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -43,8 +43,8 @@ #include "tdbio.h" -#define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \ - (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10)) +#define HEXTOBIN(x) ( (x) >= '0' && (x) <= '9' ? ((x)-'0') : \ + (x) >= 'A' && (x) <= 'F' ? ((x)-'A'+10) : ((x)-'a'+10)) /**************** * Read a record but die if it does not exist @@ -520,5 +520,6 @@ import_ownertrust( const char *fname ) if( !is_stdin ) fclose(fp); do_sync(); + sync_trustdb(); } diff --git a/g10/tdbio.c b/g10/tdbio.c index b840d723a..8ea24c744 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -1,5 +1,5 @@ /* tdbio.c - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -40,11 +40,6 @@ #include "tdbio.h" -#ifdef MKDIR_TAKES_ONE_ARG -# undef mkdir -# define mkdir(a,b) mkdir(a) -#endif - /**************** * Yes, this is a very simple implementation. We should really * use a page aligned buffer and read complete pages. @@ -439,17 +434,8 @@ tdbio_set_dbname( const char *new_dbname, int create ) assert(p); *p = 0; if( access( fname, F_OK ) ) { - if( strlen(fname) >= 7 - && !strcmp(fname+strlen(fname)-7, "/.gnupg" ) ) { - if( mkdir( fname, S_IRUSR|S_IWUSR|S_IXUSR ) ) - log_fatal( _("%s: can't create directory: %s\n"), - fname, strerror(errno) ); - else if( !opt.quiet ) - log_info( _("%s: directory created\n"), fname ); - copy_options_file( fname ); - } - else - log_fatal( _("%s: directory does not exist!\n"), fname ); + try_make_homedir( fname ); + log_fatal( _("%s: directory does not exist!\n"), fname ); } *p = '/'; @@ -1130,6 +1116,8 @@ tdbio_dump_record( TRUSTREC *rec, FILE *fp ) fputs(", expired", fp ); if( rec->r.dir.dirflags & DIRF_REVOKED ) fputs(", revoked", fp ); + if( rec->r.dir.dirflags & DIRF_NEWKEYS ) + fputs(", newkeys", fp ); } putc('\n', fp); break; diff --git a/g10/tdbio.h b/g10/tdbio.h index a64f21b5f..4cc51353a 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -1,5 +1,5 @@ /* tdbio.h - Trust database I/O functions - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -52,6 +52,7 @@ /* one uid with a selfsignature or an revocation */ #define DIRF_EXPIRED 4 /* the complete key has expired */ #define DIRF_REVOKED 8 /* the complete key has been revoked */ +#define DIRF_NEWKEYS 128 /* new keys are available: we can check the sigs */ #define KEYF_CHECKED 1 /* This key has been checked */ #define KEYF_VALID 2 /* This is a valid (sub)key */ @@ -121,7 +122,7 @@ struct trust_record { } uid; struct { /* preference record */ ulong lid; /* point back to the directory record */ - /* or 0 for a glocal pref record */ + /* or 0 for a global pref record */ ulong next; /* points to next pref record */ byte data[ITEMS_PER_PREF_RECORD]; } pref; diff --git a/g10/textfilter.c b/g10/textfilter.c index 3125925b6..414d3ec0e 100644 --- a/g10/textfilter.c +++ b/g10/textfilter.c @@ -1,5 +1,5 @@ /* textfilter.c - * Copyright (C) 1998,1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -31,7 +31,13 @@ #include "util.h" #include "filter.h" #include "i18n.h" +#include "options.h" +#ifdef HAVE_DOSISH_SYSTEM + #define LF "\r\n" +#else + #define LF "\n" +#endif #define MAX_LINELEN 19995 /* a little bit smaller than in armor.c */ /* to make sure that a warning is displayed while */ @@ -151,6 +157,9 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, int truncated = 0; int pending_lf = 0; + if( !opt.pgp2_workarounds ) + pgp2mode = 0; + if( !escape_dash ) escape_from = 0; @@ -183,12 +192,37 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, iobuf_put( out, '-' ); iobuf_put( out, ' ' ); } + + #if 0 /*defined(HAVE_DOSISH_SYSTEM)*/ + /* We don't use this anymore because my interpretation of rfc2440 7.1 + * is that there is no conversion needed. If one decides to + * clearsign a unix file on a DOS box he will get a mixed line endings. + * If at some point it turns out, that a conversion is a nice feature + * we can make an option out of it. + */ + /* make sure the lines do end in CR,LF */ + if( n > 1 && ( (buffer[n-2] == '\r' && buffer[n-1] == '\n' ) + || (buffer[n-2] == '\n' && buffer[n-1] == '\r'))) { + iobuf_write( out, buffer, n-2 ); + iobuf_put( out, '\r'); + iobuf_put( out, '\n'); + } + else if( n && buffer[n-1] == '\n' ) { + iobuf_write( out, buffer, n-1 ); + iobuf_put( out, '\r'); + iobuf_put( out, '\n'); + } + else + iobuf_write( out, buffer, n ); + + #else iobuf_write( out, buffer, n ); + #endif } /* at eof */ if( !pending_lf ) { /* make sure that the file ends with a LF */ - iobuf_put( out, '\n'); + iobuf_writestr( out, LF ); if( !escape_dash ) md_putc( md, '\n' ); } diff --git a/g10/trustdb.c b/g10/trustdb.c index 96b77a4ef..54fe34d88 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1,5 +1,5 @@ /* trustdb.c - * Copyright (C) 1998, 1999 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -110,7 +110,6 @@ static int alloced_tns; static int max_alloced_tns; - static LOCAL_ID_TABLE new_lid_table(void); static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag ); static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag ); @@ -125,13 +124,22 @@ static int do_check( TRUSTREC *drec, unsigned *trustlevel, unsigned *retflgs); static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec ); static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, - int recheck, int *modified ); -static int check_trust_record( TRUSTREC *drec ); + int sigs_only, int *modified ); +static int check_trust_record( TRUSTREC *drec, int sigs_only ); +static void mark_fresh_keys(void); /* a table used to keep track of ultimately trusted keys * which are the ones from our secrings and the trusted keys */ static LOCAL_ID_TABLE ultikey_table; + +/* a table to keep track of newly importted keys. This one is + * create by the insert_trust_record function and from time to time + * used to verify key signature which have been done with these new keys */ +static LOCAL_ID_TABLE fresh_imported_keys; +static int fresh_imported_keys_count; +#define FRESH_KEY_CHECK_THRESHOLD 200 + /* list of unused lid items and tables */ static LOCAL_ID_TABLE unused_lid_tables; static struct local_id_item *unused_lid_items; @@ -245,6 +253,27 @@ release_lid_table( LOCAL_ID_TABLE tbl ) } #endif + +/**************** + * Remove all items from a LID table + */ +static void +clear_lid_table( LOCAL_ID_TABLE tbl ) +{ + struct local_id_item *a, *a2; + int i; + + for(i=0; i < 16; i++ ) { + for(a=tbl->items[i]; a; a = a2 ) { + a2 = a->next; + a->next = unused_lid_items; + unused_lid_items = a; + } + tbl->items[i] = NULL; + } +} + + /**************** * Add a new item to the table or return 1 if we already have this item */ @@ -454,7 +483,7 @@ verify_own_keys(void) if( DBG_TRUST ) log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] ); - if( is_secret_key_protected( sk ) < 1 ) + if( !opt.quiet && is_secret_key_protected( sk ) < 1 ) log_info(_("NOTE: secret key %08lX is NOT protected.\n"), (ulong)keyid[1] ); @@ -572,6 +601,18 @@ init_trustdb() +/**************** + * This function should be called in certain cases to sync the internal state + * of the trustdb with the file image. Currently it is needed after + * a sequence of insert_trust_record() calls. + */ +void +sync_trustdb() +{ + if( fresh_imported_keys && fresh_imported_keys_count ) + mark_fresh_keys(); +} + /*********************************************** @@ -586,13 +627,13 @@ print_user_id( FILE *fp, const char *text, u32 *keyid ) p = get_user_id( keyid, &n ); if( fp ) { fprintf( fp, "%s \"", text ); - print_string( fp, p, n, 0 ); + print_utf8_string( fp, p, n ); putc('\"', fp); putc('\n', fp); } else { tty_printf( "%s \"", text ); - tty_print_string( p, n ); + tty_print_utf8_string( p, n ); tty_printf( "\"\n" ); } m_free(p); @@ -652,7 +693,7 @@ print_path( int pathlen, TN ME .........., FILE *fp, ulong highlight ) p = get_user_id( keyid, &n ); putc(' ', fp); putc('\"', fp); - print_string( fp, p, n > 40? 40:n, 0 ); + print_utf8_string( fp, p, n > 40? 40:n ); putc('\"', fp); m_free(p); putc('\n', fp ); @@ -683,7 +724,10 @@ print_uid_from_keyblock( FILE *fp, KBNODE keyblock, ulong urecno ) if( node->pkt->pkttype == PKT_USER_ID ) { PKT_user_id *uidpkt = node->pkt->pkt.user_id; - rmd160_hash_buffer( uhash, uidpkt->name, uidpkt->len ); + if( uidpkt->photo ) + rmd160_hash_buffer( uhash, uidpkt->photo, uidpkt->photolen ); + else + rmd160_hash_buffer( uhash, uidpkt->name, uidpkt->len ); if( !memcmp( uhash, urec.r.uid.namehash, 20 ) ) { print_string( fp, uidpkt->name, uidpkt->len, ':' ); return; @@ -1082,17 +1126,17 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid, static unsigned int check_sig_record( KBNODE keyblock, KBNODE signode, ulong siglid, int sigidx, u32 *keyid, ulong lid, - u32 *r_expire ) + u32 *r_expiretime, int *mod_down, int *mod_up ) { PKT_signature *sig = signode->pkt->pkt.signature; unsigned int sigflag = 0; TRUSTREC tmp; - int revocation=0, rc; + int revocation=0, expired=0, rc; if( DBG_TRUST ) log_debug("check_sig_record: %08lX.%lu %lu[%d]\n", (ulong)keyid[1], lid, siglid, sigidx ); - *r_expire = 0; + *r_expiretime = 0; if( (sig->sig_class&~3) == 0x10 ) /* regular certification */ ; else if( sig->sig_class == 0x30 ) /* cert revocation */ @@ -1103,7 +1147,8 @@ check_sig_record( KBNODE keyblock, KBNODE signode, read_record( siglid, &tmp, 0 ); if( tmp.rectype == RECTYPE_DIR ) { /* the public key is in the trustdb: check sig */ - rc = check_key_signature2( keyblock, signode, NULL, r_expire ); + rc = check_key_signature2( keyblock, signode, NULL, + r_expiretime, &expired ); if( !rc ) { /* valid signature */ if( opt.verbose ) log_info("sig %08lX.%lu/%lu[%d]/%08lX: %s\n", @@ -1112,18 +1157,25 @@ check_sig_record( KBNODE keyblock, KBNODE signode, revocation? _("Valid certificate revocation") : _("Good certificate") ); sigflag |= SIGF_CHECKED | SIGF_VALID; + if( expired ) { + sigflag |= SIGF_EXPIRED; + /* We have to reset the expiretime, so that this signature + * does not get checked over and over due to the reached + * expiretime */ + *r_expiretime = 0; + } if( revocation ) { sigflag |= SIGF_REVOKED; - /**mod_down = 1;*/ + *mod_down = 1; } else - /**mod_up = 1*/; + *mod_up = 1; } else if( rc == G10ERR_NO_PUBKEY ) { /* This may happen if the key is still in the trustdb * but not available in the keystorage */ sigflag |= SIGF_NOPUBKEY; - /**mod_down = 1;*/ + *mod_down = 1; if( revocation ) sigflag |= SIGF_REVOKED; } @@ -1137,7 +1189,7 @@ check_sig_record( KBNODE keyblock, KBNODE signode, sigflag |= SIGF_CHECKED; if( revocation ) { sigflag |= SIGF_REVOKED; - /**mod_down = 1;*/ + *mod_down = 1; } } } @@ -1168,14 +1220,15 @@ check_sig_record( KBNODE keyblock, KBNODE signode, */ static ulong make_sig_records( KBNODE keyblock, KBNODE uidnode, - ulong lid, u32 *mainkid, u32 *min_expire ) + ulong lid, u32 *mainkid, u32 *min_expire, + int *mod_down, int *mod_up ) { TRUSTREC *srecs, **s_end, *s=NULL, *s2; KBNODE node; PKT_signature *sig; ulong sigrecno, siglid; int i, sigidx = 0; - u32 expire; + u32 expiretime; srecs = NULL; s_end = &srecs; for( node=uidnode->next; node; node = node->next ) { @@ -1190,6 +1243,12 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, siglid = find_or_create_lid( sig ); /* smash dups */ + /* FIXME: Here we have a problem: + * We can't distinguish between a certification and a certification + * revocation without looking at class of the signature - we have + * to see how we can store the sigclass in the sigrecord.. + * Argg- I hope I can get rid of this ugly trustdb ASAP. + */ for( s2 = s; s2 ; s2 = s2->next ) { for(i=0; i < sigidx; i++ ) { if( s2->r.sig.sig[i].lid == siglid ) @@ -1218,7 +1277,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, s->r.sig.sig[sigidx].lid = siglid; s->r.sig.sig[sigidx].flag= check_sig_record( keyblock, node, siglid, sigidx, - mainkid, lid, &expire ); + mainkid, lid, &expiretime, + mod_down, mod_up ); sigidx++; if( sigidx == SIGS_PER_RECORD ) { @@ -1228,8 +1288,8 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode, sigidx = 0; } /* keep track of signers pk expire time */ - if( expire && (!*min_expire || *min_expire > expire ) ) - *min_expire = expire; + if( expiretime && (!*min_expire || *min_expire > expiretime ) ) + *min_expire = expiretime; } if( sigidx ) { s->recnum = tdbio_new_recnum(); @@ -1319,7 +1379,8 @@ make_pref_record( PKT_signature *sig, ulong lid ) static ulong -make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) +make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire, + int *mod_down, int *mod_up ) { TRUSTREC *urecs, **uend, *u, *u2; KBNODE node; @@ -1334,7 +1395,10 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) if( node->pkt->pkttype != PKT_USER_ID ) continue; uid = node->pkt->pkt.user_id; - rmd160_hash_buffer( uidhash, uid->name, uid->len ); + if( uid->photo ) + rmd160_hash_buffer( uidhash, uid->photo, uid->photolen ); + else + rmd160_hash_buffer( uidhash, uid->name, uid->len ); /* create the uid record */ u = m_alloc_clear( sizeof *u ); @@ -1351,9 +1415,21 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) && (u->r.uid.uidflags & UIDF_VALID) ) { u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0; } + + /* the next test is really bad because we should modify + * out modification timestamps only if we really have a change. + * But because we are deleting the uid records first it is somewhat + * difficult to track those changes. fixme */ + if( !( u->r.uid.uidflags & UIDF_VALID ) + || ( u->r.uid.uidflags & UIDF_REVOKED ) ) + *mod_down=1; + else + *mod_up=1; + /* create the list of signatures */ u->r.uid.siglist = make_sig_records( keyblock, node, - lid, keyid, min_expire ); + lid, keyid, min_expire, + mod_down, mod_up ); } uidrecno = urecs? urecs->recnum : 0; @@ -1380,6 +1456,8 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) TRUSTREC drec; int rc; + /* NOTE: We don't need recheck anymore, but this might chnage again in + * the future */ if( opt.dry_run ) return 0; if( modified ) @@ -1390,26 +1468,27 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified ) if( rc ) return rc; - rc = do_update_trust_record( keyblock, &drec, recheck, modified ); + rc = do_update_trust_record( keyblock, &drec, 0, modified ); return rc; } /**************** - * Same as update_trust_record, but tghis functions expects the dir record. - * On exit the dirrecord will reflect any changes made. + * Same as update_trust_record, but this functions expects the dir record. + * On exit the dir record will reflect any changes made. + * With sigs_only set only foreign key signatures are checked. */ static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, - int recheck, int *modified ) + int sigs_only, int *modified ) { PKT_public_key *primary_pk; TRUSTREC krec, urec, prec, helprec; int i, rc = 0; u32 keyid[2]; /* keyid of primary key */ -/* int mod_up = 0; - int mod_down = 0; */ + int mod_up = 0; + int mod_down = 0; ulong recno, r2; - u32 expire; + u32 expiretime; primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key; if( !primary_pk->local_id ) @@ -1424,7 +1503,7 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, if( rc ) return rc; - /* delete the old stuff */ + /* delete the old stuff FIXME: implementend sigs_only */ for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) { read_record( recno, &krec, RECTYPE_KEY ); delete_record( recno ); @@ -1447,22 +1526,13 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, /* insert new stuff */ drec->r.dir.dirflags &= ~DIRF_REVOKED; + drec->r.dir.dirflags &= ~DIRF_NEWKEYS; drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i ); if( i ) /* primary key has been revoked */ - drec->r.dir.dirflags &= DIRF_REVOKED; - expire = 0; + drec->r.dir.dirflags |= DIRF_REVOKED; + expiretime = 0; drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid, - &expire ); - #if 0 - if( orig_uidflags != urec.r.uid.uidflags ) { - write_record( &urec ); - if( !( urec.r.uid.uidflags & UIDF_VALID ) - || ( urec.r.uid.uidflags & UIDF_REVOKED ) ) - *mod_down=1; - else - *mod_up=1; /*(maybe a new user id)*/ - #endif - + &expiretime, &mod_down, &mod_up ); if( rc ) rc = tdbio_cancel_transaction(); else { @@ -1470,9 +1540,9 @@ do_update_trust_record( KBNODE keyblock, TRUSTREC *drec, *modified = 1; drec->r.dir.dirflags |= DIRF_CHECKED; drec->r.dir.valcheck = 0; - drec->r.dir.checkat = expire; + drec->r.dir.checkat = expiretime; write_record( drec ); - /*tdbio_write_modify_stamp( mod_up, mod_down );*/ + tdbio_write_modify_stamp( mod_up, mod_down ); rc = tdbio_end_transaction(); } return rc; @@ -1537,16 +1607,28 @@ insert_trust_record( KBNODE keyblock ) } } + /* mark tdb as modified upwards */ tdbio_write_modify_stamp( 1, 0 ); /* and put all the other stuff into the keydb */ - rc = do_update_trust_record( keyblock, &dirrec, 1, NULL ); + rc = do_update_trust_record( keyblock, &dirrec, 0, NULL ); do_sync(); + + /* keep track of new keys */ + if( !fresh_imported_keys ) + fresh_imported_keys = new_lid_table(); + ins_lid_table_item( fresh_imported_keys, pk->local_id, 0 ); + if( ++fresh_imported_keys_count > FRESH_KEY_CHECK_THRESHOLD ) + mark_fresh_keys(); + return rc; } + + + /**************** * Insert a trust record indentified by a PK into the TrustDB */ @@ -1584,7 +1666,7 @@ insert_trust_record_by_pk( PKT_public_key *pk ) * Currently we only do an update_trust_record. */ static int -check_trust_record( TRUSTREC *drec ) +check_trust_record( TRUSTREC *drec, int sigs_only ) { KBNODE keyblock; int modified, rc; @@ -1596,7 +1678,7 @@ check_trust_record( TRUSTREC *drec ) return rc; } - rc = do_update_trust_record( keyblock, drec, 0, &modified ); + rc = do_update_trust_record( keyblock, drec, sigs_only, &modified ); release_kbnode( keyblock ); return rc; @@ -1673,7 +1755,7 @@ update_trustdb() /**************** - * Do all required check in the trustdb. This function walks over all + * Do all required checks in the trustdb. This function walks over all * records in the trustdb and does scheduled processing. */ void @@ -1681,7 +1763,7 @@ check_trustdb( const char *username ) { TRUSTREC rec; ulong recnum; - ulong count=0, upd_count=0, err_count=0, skip_count=0; + ulong count=0, upd_count=0, err_count=0, skip_count=0, sigonly_count=0; ulong current_time = make_timestamp(); if( username ) @@ -1690,15 +1772,25 @@ check_trustdb( const char *username ) init_trustdb(); for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { + int sigs_only; + if( rec.rectype != RECTYPE_DIR ) continue; /* we only want the dir records */ if( count && !(count % 100) && !opt.quiet ) log_info(_("%lu keys so far processed\n"), count); count++; - if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) { - skip_count++; - continue; /* not scheduled for checking */ + sigs_only = 0; + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + ; + else if( !rec.r.dir.checkat || rec.r.dir.checkat > current_time ) { + if( !(rec.r.dir.dirflags & DIRF_NEWKEYS) ) { + skip_count++; + continue; /* not scheduled for checking */ + } + sigs_only = 1; /* new public keys - check them */ + sigonly_count++; } if( !rec.r.dir.keylist ) { @@ -1707,11 +1799,12 @@ check_trustdb( const char *username ) continue; } - check_trust_record( &rec ); - + check_trust_record( &rec, sigs_only ); } log_info(_("%lu keys processed\n"), count); + if( sigonly_count ) + log_info(_("\t%lu due to new pubkeys\n"), sigonly_count); if( skip_count ) log_info(_("\t%lu keys skipped\n"), skip_count); if( err_count ) @@ -1771,8 +1864,12 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot ) return NULL; } - if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) - check_trust_record( &dirrec ); + if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() ) { + check_trust_record( &dirrec, 0 ); + } + else if( (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) { + check_trust_record( &dirrec, 1 ); + } keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK; @@ -1923,10 +2020,10 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs ) } /* loop over all user ids */ - for( ur=node->list; ur && max_validity < TRUST_FULLY; ur = ur->next ) { + for( ur=node->list; ur && max_validity <= TRUST_FULLY; ur = ur->next ) { assert( ur->is_uid ); /* loop over all signators */ - for(kr=ur->list; kr && max_validity < TRUST_FULLY; kr = kr->next ) { + for(kr=ur->list; kr && max_validity <= TRUST_FULLY; kr = kr->next ) { if( propagate_validity( root, kr, add_fnc, retflgs ) ) return -1; /* quit */ if( kr->n.k.validity == TRUST_ULTIMATE ) { @@ -2000,8 +2097,12 @@ verify_key( int max_depth, TRUSTREC *drec, const char *namehash, if( !tree ) return TRUST_UNDEFINED; pv_result = propagate_validity( tree, tree, add_fnc, retflgs ); - if( namehash ) { + if( namehash && tree->n.k.validity != TRUST_ULTIMATE ) { /* find the matching user id. + * We don't do this here if the key is ultimately trusted; in + * this case there will be no lids for the user IDs and frankly + * it does not make sense to compare by the name if we do + * have the secret key. * fixme: the way we handle this is too inefficient */ TN ur; TRUSTREC rec; @@ -2074,6 +2175,7 @@ do_check( TRUSTREC *dr, unsigned *validity, } else if( !add_fnc && tdbio_db_matches_options() + /* FIXME, TODO: This comparision is WRONG ! */ && dr->r.dir.valcheck > tdbio_read_modify_stamp( (dr->r.dir.validity < TRUST_FULLY) ) && dr->r.dir.validity ) @@ -2239,10 +2341,16 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel, log_info(_("key %08lX.%lu: created in future " "(time warp or clock problem)\n"), (ulong)keyid[1], pk->local_id ); - return G10ERR_TIME_CONFLICT; + if( !opt.ignore_time_conflict ) + return G10ERR_TIME_CONFLICT; } - if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time ) - check_trust_record( &rec ); + + if( !(rec.r.dir.dirflags & DIRF_CHECKED) ) + check_trust_record( &rec, 0 ); + else if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time ) + check_trust_record( &rec, 0 ); + else if( (rec.r.dir.dirflags & DIRF_NEWKEYS) ) + check_trust_record( &rec, 1 ); if( pk->expiredate && pk->expiredate <= cur_time ) { log_info(_("key %08lX.%lu: expired at %s\n"), @@ -2298,6 +2406,51 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel, } +/**************** + * scan the whole trustdb and mark all signature records whose keys + * are freshly imported. + */ +static void +mark_fresh_keys() +{ + TRUSTREC dirrec, rec; + ulong recnum, lid; + int i; + + memset( &dirrec, 0, sizeof dirrec ); + + for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) { + if( rec.rectype != RECTYPE_SIG ) + continue; + /* if we have already have the dir record, we can check it now */ + if( dirrec.recnum == rec.r.sig.lid + && (dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) + continue; /* flag is already set */ + + for(i=0; i < SIGS_PER_RECORD; i++ ) { + if( !(lid=rec.r.sig.sig[i].lid) ) + continue; /* skip deleted sigs */ + if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) ) + continue; /* skip checked signatures */ + if( qry_lid_table_flag( fresh_imported_keys, lid, NULL ) ) + continue; /* not in the list of new keys */ + read_record( rec.r.sig.lid, &dirrec, RECTYPE_DIR ); + if( !(dirrec.r.dir.dirflags & DIRF_NEWKEYS) ) { + dirrec.r.dir.dirflags |= DIRF_NEWKEYS; + write_record( &dirrec ); + } + break; + } + } + + do_sync(); + + clear_lid_table( fresh_imported_keys ); + fresh_imported_keys_count = 0; +} + + + int query_trust_info( PKT_public_key *pk, const byte *namehash ) { @@ -2531,7 +2684,7 @@ enum_cert_paths_print( void **context, FILE *fp, /* * Return an allocated buffer with the preference values for * the key with LID and the userid which is identified by the - * HAMEHASH or the firstone if namehash is NULL. ret_n receives + * HAMEHASH or the first one if namehash is NULL. ret_n receives * the length of the allocated buffer. Structure of the buffer is * a repeated sequences of 2 bytes; where the first byte describes the * type of the preference and the second one the value. The constants diff --git a/g10/trustdb.h b/g10/trustdb.h index 6396fde45..a3e9225cf 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -1,5 +1,5 @@ /* trustdb.h - Trust database - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -49,6 +49,7 @@ void check_trustdb( const char *username ); void update_trustdb( void ); int setup_trustdb( int level, const char *dbname ); void init_trustdb( void ); +void sync_trustdb( void ); int check_trust( PKT_public_key *pk, unsigned *r_trustlevel, const byte* nh, int (*add_fnc)(ulong), unsigned *retflgs ); int query_trust_info( PKT_public_key *pk, const byte *nh ); diff --git a/g10/verify.c b/g10/verify.c index 589b1b7bb..fcc2f09ad 100644 --- a/g10/verify.c +++ b/g10/verify.c @@ -1,5 +1,5 @@ /* verify.c - verify signed data - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -33,6 +33,7 @@ #include "memory.h" #include "util.h" #include "main.h" +#include "status.h" #include "filter.h" #include "ttyio.h" #include "i18n.h" @@ -58,6 +59,7 @@ verify_signatures( int nfiles, char **files ) int i, rc; STRLIST sl; + memset( &afx, 0, sizeof afx); sigfile = nfiles? *files : NULL; /* open the signature file */ @@ -67,6 +69,51 @@ verify_signatures( int nfiles, char **files ) return G10ERR_OPEN_FILE; } + if( !opt.no_armor && use_armor_filter( fp ) ) + iobuf_push_filter( fp, armor_filter, &afx ); + + sl = NULL; + for(i=1 ; i < nfiles; i++ ) + add_to_strlist( &sl, files[i] ); + rc = proc_signature_packets( NULL, fp, sl, sigfile ); + free_strlist(sl); + iobuf_close(fp); + if( afx.no_openpgp_data && rc == -1 ) { + log_error(_("the signature could not be verified.\n" + "Please remember that the signature file (.sig or .asc)\n" + "should be the first file given on the command line.\n") ); + rc = 0; + } + + return rc; +} + + +static void +print_file_status( int status, const char *name, int what ) +{ + char *p = m_alloc(strlen(name)+10); + sprintf(p, "%d %s", what, name ); + write_status_text( status, p ); + m_free(p); +} + + +static int +verify_one_file( const char *name ) +{ + IOBUF fp; + armor_filter_context_t afx; + int rc; + + print_file_status( STATUS_FILE_START, name, 1 ); + fp = iobuf_open(name); + if( !fp ) { + print_file_status( STATUS_FILE_ERROR, name, 1 ); + log_error(_("can't open `%s'\n"), print_fname_stdin(name)); + return G10ERR_OPEN_FILE; + } + if( !opt.no_armor ) { if( use_armor_filter( fp ) ) { memset( &afx, 0, sizeof afx); @@ -74,14 +121,44 @@ verify_signatures( int nfiles, char **files ) } } - sl = NULL; - for(i=1 ; i < nfiles; i++ ) - add_to_strlist( &sl, files[i] ); - rc = proc_signature_packets( NULL, fp, sl, sigfile ); - free_strlist(sl); + rc = proc_signature_packets( NULL, fp, NULL, name ); iobuf_close(fp); + write_status( STATUS_FILE_DONE ); return rc; } +/**************** + * Verify each file given in the files array or read the names of the + * files from stdin. + * Note: This function can not handle detached signatures. + */ +int +verify_files( int nfiles, char **files ) +{ + int i; + + if( !nfiles ) { /* read the filenames from stdin */ + char line[2048]; + unsigned int lno = 0; + while( fgets(line, DIM(line), stdin) ) { + lno++; + if( !*line || line[strlen(line)-1] != '\n' ) { + log_error(_("input line %u too long or missing LF\n"), lno ); + return G10ERR_GENERAL; + } + /* This code does not work on MSDOS but how cares there are + * also no script languages available. We don't strip any + * spaces, so that we can process nearly all filenames */ + line[strlen(line)-1] = 0; + verify_one_file( line ); + } + + } + else { /* take filenames from the array */ + for(i=0; i < nfiles; i++ ) + verify_one_file( files[i] ); + } + return 0; +} |