diff options
| author | Werner Koch <[email protected]> | 2007-12-12 10:28:30 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2007-12-12 10:28:30 +0000 |
| commit | bae4b256c79c24e5306c692adf9bb5891433c7d5 (patch) | |
| tree | c0aae4de008d75964074146240257f81b8ded0b1 /sm/encrypt.c | |
| parent | Allow decryption using type 20 Elgamal keys. (diff) | |
| download | gnupg-bae4b256c79c24e5306c692adf9bb5891433c7d5.tar.gz gnupg-bae4b256c79c24e5306c692adf9bb5891433c7d5.zip | |
Support DSA2.
Support Camellia for testing.
More audit stuff.
Diffstat (limited to 'sm/encrypt.c')
| -rw-r--r-- | sm/encrypt.c | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/sm/encrypt.c b/sm/encrypt.c index 1e36e960c..5f79be1bf 100644 --- a/sm/encrypt.c +++ b/sm/encrypt.c @@ -1,5 +1,5 @@ /* encrypt.c - Encrypt a message - * Copyright (C) 2001, 2003, 2004 Free Software Foundation, Inc. + * Copyright (C) 2001, 2003, 2004, 2007 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -318,9 +318,12 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) int recpno; FILE *data_fp = NULL; certlist_t cl; + int count; memset (&encparm, 0, sizeof encparm); + audit_set_type (ctrl->audit, AUDIT_TYPE_ENCRYPT); + /* Check that the certificate list is not empty and that at least one certificate is not flagged as encrypt_to; i.e. is a real recipient. */ @@ -331,10 +334,15 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) { log_error(_("no valid recipients given\n")); gpgsm_status (ctrl, STATUS_NO_RECP, "0"); + audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, 0); rc = gpg_error (GPG_ERR_NO_PUBKEY); goto leave; } + for (count = 0, cl = recplist; cl; cl = cl->next) + count++; + audit_log_i (ctrl->audit, AUDIT_GOT_RECIPIENTS, count); + kh = keydb_new (0); if (!kh) { @@ -385,6 +393,8 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) goto leave; } + audit_log (ctrl->audit, AUDIT_GOT_DATA); + /* We are going to create enveloped data with uninterpreted data as inner content */ err = ksba_cms_set_content_type (cms, 0, KSBA_CT_ENVELOPED_DATA); @@ -432,6 +442,8 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) rc = out_of_core (); goto leave; } + + audit_log_s (ctrl->audit, AUDIT_SESSION_KEY, dek->algoid); /* Gather certificates of recipients, encrypt the session key for each and store them in the CMS object */ @@ -442,6 +454,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) rc = encrypt_dek (dek, cl->cert, &encval); if (rc) { + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, rc); log_error ("encryption failed for recipient no. %d: %s\n", recpno, gpg_strerror (rc)); goto leave; @@ -450,6 +463,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) err = ksba_cms_add_recipient (cms, cl->cert); if (err) { + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); log_error ("ksba_cms_add_recipient failed: %s\n", gpg_strerror (err)); rc = err; @@ -459,6 +473,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) err = ksba_cms_set_enc_val (cms, recpno, encval); xfree (encval); + audit_log_cert (ctrl->audit, AUDIT_ENCRYPTED_TO, cl->cert, err); if (err) { log_error ("ksba_cms_set_enc_val failed: %s\n", @@ -466,7 +481,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) rc = err; goto leave; } - } + } /* Main control loop for encryption. */ recpno = 0; @@ -496,6 +511,7 @@ gpgsm_encrypt (ctrl_t ctrl, certlist_t recplist, int data_fd, FILE *out_fp) log_error ("write failed: %s\n", gpg_strerror (rc)); goto leave; } + audit_log (ctrl->audit, AUDIT_ENCRYPTION_DONE); log_info ("encrypted data created\n"); leave: |