diff options
| author | Werner Koch <[email protected]> | 2013-12-11 09:20:15 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2013-12-11 09:20:15 +0000 |
| commit | 101a54add351ff62793cbfbf3877787c4791f833 (patch) | |
| tree | 7bf96a96fc6c3cf47ec70f5e78e0ccb97b75d257 | |
| parent | gpg: Change OID of Ed25519 and add Brainpool oids. (diff) | |
| download | gnupg-101a54add351ff62793cbfbf3877787c4791f833.tar.gz gnupg-101a54add351ff62793cbfbf3877787c4791f833.zip | |
gpg: Change --show-session-key to print the session key earlier.
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--
This feature can be used to return the session key for just a part of
a file. For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key. The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.
GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to '')
| -rw-r--r-- | doc/DETAILS | 7 | ||||
| -rw-r--r-- | g10/cpr.c | 34 | ||||
| -rw-r--r-- | g10/decrypt-data.c | 17 | ||||
| -rw-r--r-- | g10/main.h | 2 | ||||
| -rw-r--r-- | g10/mainproc.c | 11 |
5 files changed, 50 insertions, 21 deletions
diff --git a/doc/DETAILS b/doc/DETAILS index a52f51cec..3f9e747d5 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -459,9 +459,10 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB: *** SESSION_KEY <algo>:<hexdigits> The session key used to decrypt the message. This message will - only be emitted when the special option --show-session-key is - used. The format is suitable to be passed to the option - --override-session-key + only be emitted if the option --show-session-key is used. The + format is suitable to be passed as value for the option + --override-session-key. It is not an indication that the + decryption will or has succeeded. *** BEGIN_ENCRYPTION <mdc_method> <sym_algo> Mark the start of the actual encryption process. @@ -139,9 +139,14 @@ write_status ( int no ) } +/* Write a status line with code NO followed by the string TEXT and + directly followed by the remaining strings up to a NULL. */ void -write_status_text (int no, const char *text) +write_status_strings (int no, const char *text, ...) { + va_list arg_ptr; + const char *s; + if (!statusfp || !status_currently_allowed (no) ) return; /* Not enabled or allowed. */ @@ -150,15 +155,22 @@ write_status_text (int no, const char *text) if ( text ) { es_putc ( ' ', statusfp); - for (; *text; text++) + va_start (arg_ptr, text); + s = text; + do { - if (*text == '\n') - es_fputs ("\\n", statusfp); - else if (*text == '\r') - es_fputs ("\\r", statusfp); - else - es_fputc ( *(const byte *)text, statusfp); + for (; *s; s++) + { + if (*s == '\n') + es_fputs ("\\n", statusfp); + else if (*s == '\r') + es_fputs ("\\r", statusfp); + else + es_fputc (*(const byte *)s, statusfp); + } } + while ((s = va_arg (arg_ptr, const char*))); + va_end (arg_ptr); } es_putc ('\n', statusfp); if (es_fflush (statusfp) && opt.exit_on_status_write_error) @@ -166,6 +178,12 @@ write_status_text (int no, const char *text) } +void +write_status_text (int no, const char *text) +{ + write_status_strings (no, text, NULL); +} + /* Wrte an ERROR status line using a full gpg-error error value. */ void write_status_error (const char *where, gpg_error_t err) diff --git a/g10/decrypt-data.c b/g10/decrypt-data.c index e219898ee..4ad47cb8e 100644 --- a/g10/decrypt-data.c +++ b/g10/decrypt-data.c @@ -106,6 +106,23 @@ decrypt_data (ctrl_t ctrl, void *procctx, PKT_encrypted *ed, DEK *dek) write_status_text (STATUS_DECRYPTION_INFO, buf); } + if (opt.show_session_key) + { + char numbuf[25]; + char *hexbuf; + + snprintf (numbuf, sizeof numbuf, "%d:", dek->algo); + hexbuf = bin2hex (dek->key, dek->keylen, NULL); + if (!hexbuf) + { + rc = gpg_error_from_syserror (); + goto leave; + } + log_info ("session key: '%s%s'\n", numbuf, hexbuf); + write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL); + xfree (hexbuf); + } + rc = openpgp_cipher_test_algo (dek->algo); if (rc) goto leave; diff --git a/g10/main.h b/g10/main.h index fd4e5e9ec..1b619e0d1 100644 --- a/g10/main.h +++ b/g10/main.h @@ -167,6 +167,8 @@ void write_status ( int no ); void write_status_error (const char *where, gpg_error_t err); void write_status_errcode (const char *where, int errcode); void write_status_text ( int no, const char *text ); +void write_status_strings (int no, const char *text, + ...) GNUPG_GCC_A_SENTINEL(0); void write_status_buffer ( int no, const char *buffer, size_t len, int wrap ); void write_status_text_and_buffer ( int no, const char *text, diff --git a/g10/mainproc.c b/g10/mainproc.c index bd5cac5bc..18fe7e70b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -570,6 +570,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } else if( !c->dek ) result = G10ERR_NO_SECKEY; + if (!result) result = decrypt_data (c->ctrl, c, pkt->pkt.encrypted, c->dek ); @@ -584,16 +585,6 @@ proc_encrypted( CTX c, PACKET *pkt ) write_status( STATUS_GOODMDC ); else if(!opt.no_mdc_warn) log_info (_("WARNING: message was not integrity protected\n")); - if(opt.show_session_key) - { - int i; - char *buf = xmalloc ( c->dek->keylen*2 + 20 ); - sprintf ( buf, "%d:", c->dek->algo ); - for(i=0; i < c->dek->keylen; i++ ) - sprintf(buf+strlen(buf), "%02X", c->dek->key[i] ); - log_info( "session key: '%s'\n", buf ); - write_status_text ( STATUS_SESSION_KEY, buf ); - } } else if( result == G10ERR_BAD_SIGN ) { glo_ctrl.lasterr = result; |