gnupg.git
11 months agobuild: Make TPM2 support conditional tpm-work
James Bottomley [Tue, 6 Mar 2018 23:02:43 +0000 (15:02 -0800)]
build: Make TPM2 support conditional

* configure.ac (HAVE_LIBTSS): New acdefine and am_conditional.
* agent/Makefile.am: (gpg_agent_SOURCES): Move tpm files to ...
(gpg_agent_SOURCES) [HAVE_LIBTSS]: ... here.
* agent/agent.h (divert_tpm2_pksign, divert_tpm2_pkdecrypt)
(divert_tpm2_writekey) [!HAVE_LIBTSS]: Add stub functions.

--
This adds a configure stanza to check for the necessary libtss to
support TPM functions.  If found, the library functions will be
dynamically loaded, meaning that a system built with TPM2 support will
still execute correctly (obviously minus TPM2 support) if installed
without libtss being present.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
11 months agoagent: Minor cleanup of the TPM patches.
Werner Koch [Fri, 9 Mar 2018 09:36:14 +0000 (10:36 +0100)]
agent: Minor cleanup of the TPM patches.

* configure.ac (AC_CHECK_HEADERS): Add tss2/tss.h.
* agent/divert-tpm2.c: Print an error if that file is not available.
* agent/Makefile.am (gpg_agent_SOURCES): Add tpm.h
* agent/command.c (do_one_keyinfo): Replace xstrdup by xtrystrdup.
* agent/protect.c (agent_get_shadow_info_type): Check error of
xtrystrdup.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agotpm2: add handling for elliptic curve keys
James Bottomley [Mon, 5 Mar 2018 19:18:15 +0000 (11:18 -0800)]
tpm2: add handling for elliptic curve keys

* agent/divert-tpm2.c: Support ECC.

--
This adds handling for the way gnupg does elliptic keys, namely ECDSA
for signatures and using ECDH with an ephemeral key to generate an
encrypted message.  The main problem is that the TPM2 usually has a
very small list of built in curves and it won't handle any others.
Thanks to TCG mandates, all TPM2 systems in the USA should come with
NIST P-256, but do not come with the Bernstien curve 25519, so the
only way to use the TPM2 to protect an elliptic curve key is first to
create it with a compatible algorithm.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
11 months agog10: add ability to transfer a private key to the tpm
James Bottomley [Mon, 5 Mar 2018 19:16:40 +0000 (11:16 -0800)]
g10: add ability to transfer a private key to the tpm

* g10/keyedit.c (cmdKEYTOTPM): New enum value.
(cmds): New command "keytotpm".
(keyedit_menu): Implement cmdKEYTOTPM.

--

Exactly like the gpg --edit-key command keytosc, keytotpm has been
added which immedately converts the private key file to TPM shadowed
form.  Once this is done, the key cannot be recovered and may only be
used via the TPM of the computer system on which the conversion was
done.  If that system is ever lost, or its TPM cleared, the shadowed
key becomes unusable.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
11 months agoagent: plumb in TPM handling
James Bottomley [Mon, 5 Mar 2018 19:15:29 +0000 (11:15 -0800)]
agent: plumb in TPM handling

* agent/divert-tpm2.c: New.
* Makefile.am (gpg_agent_SOURCES): Add it.
* agent/command.c (do_one_keyinfo): Fake serialno for TPM.
(cmd_keytotpm): New.
(register_commands): Register KEYTOTPM command.
* agent/pkdecrypt.c (agent_pkdecrypt): Divert to TPM.
* agent/pksign.c (agent_pksign_do): Divert to TPM.

--
This code installs diversions for pksign and pkdecrypt to do the
operations via the TPM if a TPM shadowed key is present.  It also adds
an extra assuan command KEYTOTPM which moves an existing private key
to a TPM shadowed key.

The way TPM shadowing works is that the public and private key parts
are fed in to the TPM command TPM2_Import.  The output of this command
is a TPM specific public and private key data where the private key
data is symmetrically encrypted using a TPM internal key.  If this
physical TPM is ever lost or cleared, that TPM internal key will
likewise be lost and nothing will ever be able to read the private
key.  Once the import is done, the shadow information for the key is
updated to be a three part list consisting of the parent key (hard
coded to 81000001 which is the Microsoft preferred RSA incarnation of
the storage seed) and the public and private TPM data blobs.

Now when a TPM shadowed key is used, the data blobs must be loaded
into the TPM with TPM2_Load before any operation can be performed.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
- Added ChangeLog entries

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agoagent: add tpm specific functions
James Bottomley [Mon, 5 Mar 2018 19:14:34 +0000 (11:14 -0800)]
agent: add tpm specific functions

* agent/tpm2.c: New.
* agent/Makefile.am (gpg_agent_SOURCES): Add new file.
(gpg_agent_LDFLAGS): Add DL_LIBS.
* agent/tpm2.h: New.
--

This commit adds code to handle the three specific functions needed to
make the agent TPM aware, namely the ability to load a key from shadow
information, the ability to sign a digest with that key, the ability
to decrypt with the key and the ability to import a key to the TPM.

The TPM2 is a bit of an esoteric beast, so all TPM specific callouts
are confined inside this code.  Additionaly, it requires the tss2
library to function, so the code is designed such that if the library
isn't present then all TPM functions simply fail.  This allows the
code to be compiled with TPM support, but not require that the support
library be present on the system.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
- Added ChangeLog entries.
- Added DL_LIBS.
- Removed one -Wdeclaration-after-statement case.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agoagent: expose shadow key type
James Bottomley [Mon, 5 Mar 2018 19:13:25 +0000 (11:13 -0800)]
agent: expose shadow key type

* agent/findkey.c (agent_key_info_from_file): Add new return arg
r_shadow_info_type.
* agent/protect.c (agent_shadow_key): Factor code out to ...
(agent_shadow_key_type): new.  Add arg 'type'.
(agent_get_shadow_info): Factor code out to ...
(agent_get_shadow_info_type): new. Add arg 'shadow_type'.
(agent_is_tpm2_key): New.
(agent_get_shadow_type): New.
* agent/command.c (do_one_keyinfo): Get and check the
shadow_info_type.
--

For TPM support it is necessary to indroduce another type of shadow
key, so allow other agent functions to extract the type so they can
make the right decisions based on it.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Added ChangeLog entries.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agoMerge branch 'STABLE-BRANCH-2-2' into wk-master
Werner Koch [Tue, 6 Mar 2018 15:26:26 +0000 (16:26 +0100)]
Merge branch 'STABLE-BRANCH-2-2' into wk-master

11 months agoagent: Also evict cached items via a timer.
Werner Koch [Tue, 6 Mar 2018 15:22:42 +0000 (16:22 +0100)]
agent: Also evict cached items via a timer.

* agent/cache.c (agent_cache_housekeeping): New func.
* agent/gpg-agent.c (handle_tick): Call it.
--

This change mitigates the risk of having cached items in a post mortem
dump.

GnuPG-bug-id: 3829
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Fix regression in last --card-status patch
Werner Koch [Thu, 1 Mar 2018 18:10:10 +0000 (19:10 +0100)]
gpg: Fix regression in last --card-status patch

--

Sorry, I accidentally pushed the last commit without having amended it
with this fix.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Print the keygrip with --card-status
Werner Koch [Thu, 1 Mar 2018 18:03:23 +0000 (19:03 +0100)]
gpg: Print the keygrip with --card-status

* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--

Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpgconf, w32: Allow UNC paths
Andre Heinecke [Wed, 28 Feb 2018 15:29:56 +0000 (16:29 +0100)]
gpgconf, w32: Allow UNC paths

* tools/gpgconf-comp.c (get_config_filename): Allow UNC paths.

--
The homedir of GnuPG on Windows can be on a network share
e.g. if %APPDATA% is redirected to a network share. The
file API calls work and GnuPG itself works nicely
with such paths so gpgconf should work with them, too.

GnuPG-Bug-Id: T3818
Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
11 months agogpg: Avoid writing a zero length last chunk in AEAD mode.
Werner Koch [Wed, 28 Feb 2018 08:31:39 +0000 (09:31 +0100)]
gpg: Avoid writing a zero length last chunk in AEAD mode.

* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk.  Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--

This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length).  We also need to
adjust the decryption part because that assumed this zero length last
chunk.

Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.

GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Merge two functions in cipher-aead.c
Werner Koch [Wed, 28 Feb 2018 07:36:46 +0000 (08:36 +0100)]
gpg: Merge two functions in cipher-aead.c

* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--

There is no need to have separate functions here.  We should also
print a error message for writing the final tag.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Simplify the AEAD decryption function.
Werner Koch [Tue, 27 Feb 2018 20:11:20 +0000 (21:11 +0100)]
gpg: Simplify the AEAD decryption function.

* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function.  Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--

The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Factor common code out of the AEAD decryption function.
Werner Koch [Tue, 27 Feb 2018 18:50:54 +0000 (19:50 +0100)]
gpg: Factor common code out of the AEAD decryption function.

* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--

Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"

# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
  echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
  len="${len%.*}"
  cbyte="${cbyte#c}"
  [ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
  echo "checking mode=$mode chunkbyte=$cbyte length=$len"
  if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
             -d < $file >tmp.plain 2>/dev/null; then
      echo "Decryption failed for $file" >&2
      exit 2
  fi
  plainlen=$(wc -c <tmp.plain)
  if [ $plainlen -ne $len ]; then
      echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
      exit 2
  fi

  )
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Rename cipher.c to cipher-cfb.c
Werner Koch [Tue, 27 Feb 2018 12:57:24 +0000 (13:57 +0100)]
gpg: Rename cipher.c to cipher-cfb.c

* g10/cipher.c: Rename to ...
* g10/cipher-cfb.c: this.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Fix corner cases in AEAD encryption.
Werner Koch [Tue, 27 Feb 2018 12:53:52 +0000 (13:53 +0100)]
gpg: Fix corner cases in AEAD encryption.

* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise.  Also handle a other
corner cases.  Add more debug output.
--

GnuPG-bug-id: 3774

This fixes the reported case when the encrypted data is a multiple of
the chunk size.  Then the chunk index for the final chunk was wrongly
incremented by 2.  The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case.  There is also some other
reorganizing to help with debugging.  The thing seems to work now but
the code is not very clean - should be reworked.  Creating test files
can be done with this script:

--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
   awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
     | gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
           --s2k-count 1025 --s2k-digest-algo sha256 -z0 \
           --force-aead --aead-algo eax --cipher aes -a \
           --chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---

A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Try to mitigate the problem of wrong CFB symkey passphrases.
Werner Koch [Fri, 23 Feb 2018 09:49:19 +0000 (10:49 +0100)]
gpg: Try to mitigate the problem of wrong CFB symkey passphrases.

* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
--

GnuPG-bug-id: 3795
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agodirmngr: Handle failures related to missing IPv6 gracefully
Michał Górny [Wed, 31 Jan 2018 15:57:19 +0000 (16:57 +0100)]
dirmngr: Handle failures related to missing IPv6 gracefully

* dirmngr/ks-engine-hkp.c (handle_send_request_error): Handle two more
error codes.

--
Handle the two possible connect failures related to missing IPv6 support
gracefully by marking the host dead and retrying with another one.
If IPv6 is disabled via procfs, connect() will return EADDRNOTAVAIL.
If IPv6 is not compiled into the kernel, it will return EAFNOSUPPORT.
This makes it possible to use dual-stack hkp servers on hosts not having
IPv6 without random connection failures.

GnuPG-bug-id: 3331

--

The above description seems to be for Linux, so it is possible that
other systems might behave different.  However, it is worth to try
this patch.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agodoc: Fix recently introduced typo in gpgsm.texi.
Werner Koch [Thu, 22 Feb 2018 15:39:52 +0000 (16:39 +0100)]
doc: Fix recently introduced typo in gpgsm.texi.

--

11 months agobuild: Update swdb tags and include release info from 2.2.5
Werner Koch [Thu, 22 Feb 2018 15:34:36 +0000 (16:34 +0100)]
build: Update swdb tags and include release info from 2.2.5

11 months agoMerge branch 'STABLE-BRANCH-2-2'
Werner Koch [Thu, 22 Feb 2018 15:19:56 +0000 (16:19 +0100)]
Merge branch 'STABLE-BRANCH-2-2'

11 months agoPost release updates.
Werner Koch [Thu, 22 Feb 2018 15:10:20 +0000 (16:10 +0100)]
Post release updates.

--

11 months agoRelease 2.2.5 gnupg-2.2.5
Werner Koch [Thu, 22 Feb 2018 14:32:36 +0000 (15:32 +0100)]
Release 2.2.5

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agogpg: Don't let gpg return failure on an invalid packet in a keyblock.
Werner Koch [Thu, 22 Feb 2018 13:23:01 +0000 (14:23 +0100)]
gpg: Don't let gpg return failure on an invalid packet in a keyblock.

* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--

log_info should be sufficient and makes this more robust.  Some
tools (e.g. Enigmail) are too picky on return codes from gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agog10: Select a secret key by checking availability under gpg-agent.
NIIBE Yutaka [Tue, 26 Sep 2017 02:02:05 +0000 (11:02 +0900)]
g10: Select a secret key by checking availability under gpg-agent.

* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

--

GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)

11 months agodoc: Clarify -export-secret-key-p12
Werner Koch [Thu, 22 Feb 2018 09:24:24 +0000 (10:24 +0100)]
doc: Clarify -export-secret-key-p12

--

GnuPG-bug-id: 3788
Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agobuild: Update autogen.sh to set a git PATCH prefix.
Werner Koch [Wed, 21 Feb 2018 17:03:59 +0000 (18:03 +0100)]
build: Update autogen.sh to set a git PATCH prefix.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agobuild: Update autogen.sh
Werner Koch [Wed, 21 Feb 2018 16:56:40 +0000 (17:56 +0100)]
build: Update autogen.sh

--

Now installs a git patch prefix.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agodoc: Add extra hint on unattended use of gpg.
Werner Koch [Wed, 21 Feb 2018 09:17:20 +0000 (10:17 +0100)]
doc: Add extra hint on unattended use of gpg.

--

11 months agowks: Add special mode to --install-key.
Werner Koch [Tue, 20 Feb 2018 14:23:19 +0000 (15:23 +0100)]
wks: Add special mode to --install-key.

* tools/gpg-wks-client.c (get_key_status_parm_s)
(get_key_status_cb, get_key): Move to ...
* tools/wks-util.c: ...here.
(get_key): Rename to wks_get_key.
* tools/gpg-wks-server.c: Include userids.h.
(command_install_key): Allow use of a fingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agowks: Implement server command --install-key.
Werner Koch [Tue, 20 Feb 2018 10:45:58 +0000 (11:45 +0100)]
wks: Implement server command --install-key.

* tools/wks-util.c (wks_filter_uid): Add arg 'binary'.
* tools/gpg-wks-server.c (main): Expect 2 args for --install-key.
(write_to_file): New.
(check_and_publish): Factor some code out to ...
(compute_hu_fname): ... new.
(command_install_key): Implement.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agowks: Support alternative submission address.
Werner Koch [Tue, 20 Feb 2018 08:00:00 +0000 (09:00 +0100)]
wks: Support alternative submission address.

* tools/gpg-wks.h (policy_flags_s): Add field 'submission_address'.
* tools/wks-util.c (wks_parse_policy): Parse that field.
(wks_free_policy): New.
* tools/gpg-wks-client.c (command_send): Also try to take the
submission-address from the policy file.  Free POLICY.
* tools/gpg-wks-server.c (process_new_key): Free POLICYBUF.
(command_list_domains): Free POLICY.

Signed-off-by: Werner Koch <wk@gnupg.org>
11 months agospeedo: Use --enable-wks-tools for non-W32 builds.
Werner Koch [Tue, 20 Feb 2018 07:57:28 +0000 (08:57 +0100)]
speedo: Use --enable-wks-tools for non-W32 builds.

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agospeedo: Add new option STATIC=1
Werner Koch [Mon, 19 Feb 2018 09:51:27 +0000 (10:51 +0100)]
speedo: Add new option STATIC=1

--

This can be used to build GnuPG with static versions of the core
gnupg libraries.  For example:

 make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
     INSTALL_PREFIX=/somewhere/gnupg22  native

The SELFCHECK=0 is only needed to build from a non-released version.
You don't need it with a released tarball.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agokbx: Fix detection of corrupted keyblocks on 32 bit systems.
Werner Koch [Thu, 15 Feb 2018 10:17:28 +0000 (11:17 +0100)]
kbx: Fix detection of corrupted keyblocks on 32 bit systems.

* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--

On most 32 bit systems size_t is 32 bit and thus the check

  size_t cert_off = get32 (buffer+8);
  size_t cert_len = get32 (buffer+12);
  if (cert_off+cert_len > length)
    return gpg_error (GPG_ERR_TOO_SHORT);

does not work as intended for all supplied values.  The simplest
solution here is to cast them to 64 bit.

In general it will be better to avoid size_t at all and work with
uint64_t.  We did not do this in the past because uint64_t was not
universally available.

GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Fix reversed messages for --only-sign-text-ids.
NIIBE Yutaka [Thu, 15 Feb 2018 05:22:06 +0000 (14:22 +0900)]
gpg: Fix reversed messages for --only-sign-text-ids.

* g10/keyedit.c (keyedit_menu): Fix messages.

--

GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoagent: Avoid appending a '\0' byte to the response of READKEY
Katsuhiro Ueno [Wed, 7 Feb 2018 09:52:37 +0000 (18:52 +0900)]
agent: Avoid appending a '\0' byte to the response of READKEY

* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.

12 months agosm: Fix minor memory leak in --export-p12.
Werner Koch [Wed, 14 Feb 2018 13:54:51 +0000 (14:54 +0100)]
sm: Fix minor memory leak in --export-p12.

* sm/export.c (gpgsm_p12_export): Free KEYGRIP.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agosm: Fix a wrong key parameter in an exported private key file
Katsuhiro Ueno [Wed, 7 Feb 2018 09:46:54 +0000 (18:46 +0900)]
sm: Fix a wrong key parameter in an exported private key file

* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--

This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:

$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d

--
Let me(wk) add this:

This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
used gpg-protect-tool which got it right.  We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoRegister DCO for Jussi.
Werner Koch [Wed, 14 Feb 2018 13:01:36 +0000 (14:01 +0100)]
Register DCO for Jussi.

--

Also sorted the list.

12 months agocommon: Use new function to print status strings.
Werner Koch [Wed, 14 Feb 2018 11:21:23 +0000 (12:21 +0100)]
common: Use new function to print status strings.

* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
12 months agoscd: Improve KDF-DO support
Arnaud Fontaine [Thu, 8 Feb 2018 18:03:08 +0000 (19:03 +0100)]
scd: Improve KDF-DO support

* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
12 months agoscd: Fix handling for Data Object with no data.
NIIBE Yutaka [Mon, 12 Feb 2018 09:56:58 +0000 (18:56 +0900)]
scd: Fix handling for Data Object with no data.

* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agodoc: Add compliance de-vs to gpgsm in vsnfd.prf
Andre Heinecke [Fri, 9 Feb 2018 08:45:28 +0000 (09:45 +0100)]
doc: Add compliance de-vs to gpgsm in vsnfd.prf

* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.

12 months agoscd: Use pipe to kick the loop on NetBSD.
NIIBE Yutaka [Wed, 7 Feb 2018 03:43:07 +0000 (12:43 +0900)]
scd: Use pipe to kick the loop on NetBSD.

* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.

--

On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason.  Use pipe instead, for such systems.

GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agogpg: Fix packet length checking in symkeyenc parser.
Werner Koch [Tue, 6 Feb 2018 16:34:08 +0000 (17:34 +0100)]
gpg: Fix packet length checking in symkeyenc parser.

* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end.  Add additional check to cope for the 0je extra bytes needed for
AEAD.
--

Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780

12 months agogpg: Update list of card vendors from master
Werner Koch [Thu, 1 Feb 2018 11:05:19 +0000 (12:05 +0100)]
gpg: Update list of card vendors from master

--

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoAdd a new OpenPGP card vendor.
Werner Koch [Thu, 1 Feb 2018 11:02:13 +0000 (12:02 +0100)]
Add a new OpenPGP card vendor.

--

12 months agotests: Fix for NetBSD with __func__.
NIIBE Yutaka [Mon, 29 Jan 2018 00:34:37 +0000 (09:34 +0900)]
tests: Fix for NetBSD with __func__.

* tests/asschk.c: Don't define __func__ if available.

--

NetBSD 7.0 has __func__ defined.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agogpg: Rename a misnomed arg in open_outfile.
Werner Koch [Sun, 28 Jan 2018 17:59:18 +0000 (18:59 +0100)]
gpg: Rename a misnomed arg in open_outfile.

* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodirmngr: Improve assuan error comment for cmd keyserver.
Werner Koch [Sat, 27 Jan 2018 18:46:19 +0000 (19:46 +0100)]
dirmngr: Improve assuan error comment for cmd keyserver.

* dirmngr/server.c: Add error comment in case --resolve fails in
ensure_keyserver.
--

GnuPG-bug-id: 3756
Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoagent: Fix sending connecting process uid to pinentry.
NIIBE Yutaka [Fri, 26 Jan 2018 01:52:56 +0000 (10:52 +0900)]
agent: Fix sending connecting process uid to pinentry.

* agent/command-ssh.c (get_client_info): Use LOCAL_PEERCRED.

--

LOCAL_PEERUID was wrong (while there is LOCAL_PEERUUID).
For FreeBSD and macOS, we can use LOCAL_PEERCRED to get uid.

GnuPG-bug-id: 3757
Fixes-commit: 28aa6890588cc108639951bb4bef03ac17743046
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoMerge branch 'STABLE-BRANCH-2-2' into master
NIIBE Yutaka [Fri, 26 Jan 2018 01:47:28 +0000 (10:47 +0900)]
Merge branch 'STABLE-BRANCH-2-2' into master

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoagent: Fix last commit.
NIIBE Yutaka [Fri, 26 Jan 2018 01:42:31 +0000 (10:42 +0900)]
agent: Fix last commit.

* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.

--

It was T2981, adding ucred.h for Solaris.  We also need sys/ucred.h
for FreeBSD and macOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoagent: More fix for get_client_pid for portability.
NIIBE Yutaka [Fri, 26 Jan 2018 01:08:29 +0000 (10:08 +0900)]
agent: More fix for get_client_pid for portability.

    * configure.ac: Check sys/ucred.h instead of ucred.h.
    * agent/command-ssh.c: Include sys/ucred.h.

--

It's *BSD and macOS thing.

Fixes-commit: f7f806afa5083617f4aba02fc3b285b06a7d73d4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Thu, 25 Jan 2018 15:48:07 +0000 (16:48 +0100)]
Merge branch 'STABLE-BRANCH-2-2' into master

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agodoc: Note --quick-gen-key as an alias for --quick-generate-key
Werner Koch [Thu, 25 Jan 2018 14:14:37 +0000 (15:14 +0100)]
doc: Note --quick-gen-key as an alias for --quick-generate-key

--

12 months agogpg: New maintainer option --debug-set-iobuf-size.
Werner Koch [Wed, 24 Jan 2018 17:29:08 +0000 (18:29 +0100)]
gpg: New maintainer option --debug-set-iobuf-size.

* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoiobuf: Increase the size of the buffer. Add iobuf_set_buffer_size.
Werner Koch [Wed, 24 Jan 2018 17:37:55 +0000 (18:37 +0100)]
iobuf: Increase the size of the buffer.  Add iobuf_set_buffer_size.

* common/iobuf.c (IOBUF_BUFFER_SIZE): Rename to
DEFAULT_IOBUF_BUFFER_SIZE and increase to 64k.
(iobuf_buffer_size): New var.  Always use this instead of the macro.
(iobuf_set_buffer_size): New.
(struct file_filter_ctx_t): Add field delayed_rc.
(file_filter) [!W32]: Try to fill the supplied buffer.
--

I did some test to see whether this has an effect.  A test program
piped 100 million random bytes to gpg to symmetric encryption only w/0
compression.  Single read means the old behaviour, multi read the new
behaviour which fills up the buffer when the read(2) returned only 4k
in once call.

8k buffer single read
        User time (seconds): 0.09
        System time (seconds): 0.04
        Percent of CPU this job got: 6%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.04

8k buffer multi read
       User time (seconds): 0.08
       System time (seconds): 0.05
       Percent of CPU this job got: 6%
       Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.04

64k buffer single read
        User time (seconds): 0.09
        System time (seconds): 0.06
        Percent of CPU this job got: 6%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.20

64k buffer multi read
        User time (seconds): 0.11
        System time (seconds): 0.06
        Percent of CPU this job got: 8%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.01

128k buffer single read
        User time (seconds): 0.09
        System time (seconds): 0.05
        Percent of CPU this job got: 7%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.05

128k buffer multi read
        User time (seconds): 0.11
        System time (seconds): 0.05
        Percent of CPU this job got: 8%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.01

512k buffer single read:
        User time (seconds): 0.08
        System time (seconds): 0.08
        Percent of CPU this job got: 7%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.21

512k buffer multi read:
        User time (seconds): 0.10
        System time (seconds): 0.06
        Percent of CPU this job got: 7%
        Elapsed (wall clock) time (h:mm:ss or m:ss): 0:02.05

Does not make much of a difference :-(.  Maybe it changes depending on
the type of used filters.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
Werner Koch [Wed, 24 Jan 2018 12:45:05 +0000 (13:45 +0100)]
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.

* g10/cipher-aead.c (do_flush): Init ERR.  Fix remaining chunklen
computation.
(do_free): Add dummy encryption.  Close the cipher handle.
* g10/decrypt-data.c (aead_underflow): Rewrite.
--

Until we have integrated test into the test suite extensive tests can
also be done with a script like this:

--8<---------------cut here---------------start------------->8---
#!/bin/sh

set -e
GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback"
GPG="$GPG --passphrase abc --batch"
MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata"

for chunksize in 6 7 12 13 14 30; do
for count in $(seq 1 200) $(seq 8100 8200) \
             $(seq 16350 16400) $(seq 20000 20100); do
  if [ ! -f "testfile-$count" ]; then
    $MKTDATA $count >"testfile-$count"
  fi
  echo "testing chunk size 2^$chunksize with $count bytes"
  $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \
      -c --chunk-size $chunksize \
       <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null
  $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null
  if ! cmp "testfile-$count" "testfile-$count.out"; then
    echo "FAILED comparing count $count" >&2
    exit 1
  fi
done
done
echo All good
--8<---------------cut here---------------end--------------->8---

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Rename a variable in decrypt-data for clarity.
Werner Koch [Wed, 24 Jan 2018 07:59:06 +0000 (08:59 +0100)]
gpg: Rename a variable in decrypt-data for clarity.

* g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
Change all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: New option --chunk-size.
Werner Koch [Tue, 23 Jan 2018 18:08:16 +0000 (19:08 +0100)]
gpg: New option --chunk-size.

* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.

* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--

And that new option immediatley revealed bugs in our chunking code :-(.

12 months agogpg: Copy the AEAD prefs to the user ID struct.
Werner Koch [Tue, 23 Jan 2018 11:50:11 +0000 (12:50 +0100)]
gpg: Copy the AEAD prefs to the user ID struct.

* g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
--

With this patch AEAD preferences are now properly created and
displayed.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Clear the symmetric passphrase cache for encrypted session keys.
Werner Koch [Tue, 23 Jan 2018 10:54:02 +0000 (11:54 +0100)]
gpg: Clear the symmetric passphrase cache for encrypted session keys.

* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
error.
(proc_encrypted): Need to take are of the checksum error.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Implement AEAD for SKESK packets.
Werner Koch [Tue, 23 Jan 2018 11:07:25 +0000 (12:07 +0100)]
gpg: Implement AEAD for SKESK packets.

* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.

* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--

For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Unify AEAD parameter retrieval.
Werner Koch [Mon, 22 Jan 2018 15:23:02 +0000 (16:23 +0100)]
gpg: Unify AEAD parameter retrieval.

* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function.  Also allow for chunkbytes other
than 10.
--

Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: Refactor function encrypt_seskey.
Werner Koch [Mon, 22 Jan 2018 14:50:24 +0000 (15:50 +0100)]
gpg: Refactor function encrypt_seskey.

* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
encrypted key and returns that buffer and its length.
(encrypt_simple): Adjust for above change.
(write_symkey_enc): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agoscd: Support KDF Data Object of OpenPGPcard V3.3.
NIIBE Yutaka [Mon, 22 Jan 2018 10:46:14 +0000 (19:46 +0900)]
scd: Support KDF Data Object of OpenPGPcard V3.3.

* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

--

GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
12 months agogpg: Support EAX if for latest Libgcrypt.
Werner Koch [Sun, 21 Jan 2018 15:42:29 +0000 (16:42 +0100)]
gpg: Support EAX if for latest Libgcrypt.

* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
(write_header): Use it.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
(decrypt_data): Use it.
* g10/misc.c (openpgp_aead_test_algo): Allow EAX.
--

This allows the use of EAX when the latest Libgcrypt master is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
12 months agogpg: First take on PKT_ENCRYPTED_AEAD.
Werner Koch [Sun, 21 Jan 2018 15:24:43 +0000 (16:24 +0100)]
gpg: First take on PKT_ENCRYPTED_AEAD.

* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
* g10/filter.h (cipher_filter_context_t):  Add new fields for AEAD.
* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
chunkbyte.
* g10/build-packet.c (do_encrypted_aead): New.
(build_packet): Call it.
* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
(parse_one_sig_subpkt, can_handle_critical): Ditto.
(parse_encrypted): Clear new PKT_ENCRYPTED fields.
(parse_encrypted_aead): New.
(parse): Call it.
* g10/gpg.c (main): Take care of --rfc4880bis option when checking
compliance.
* g10/cipher-aead.c: Replace the stub by real code.
* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
AEAD.
(aead_set_nonce): New.
(aead_set_ad): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/encrypt.c (use_aead): Make that new fucntion work.
(encrypt_simple): Use default_aead_algo() instead of EAX.
* g10/mainproc.c (proc_encrypted): Support AEAD.
(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
--

This code has seen only a very few manual tests.  Encrypting always
uses a 64k chunks and decryption has not been tested with larger
chunks.  Those small chunks make debugging much faster.

Tests can be done using:

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \
      --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \
      -v -z 0 --status-fd 2 -c <INFILE >OUTFILE

and

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \
      --status-fd 2 -v -d <INFILE >OUTFILE

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Fix the use of future-default with --quick-add-key.
Werner Koch [Thu, 18 Jan 2018 12:38:23 +0000 (13:38 +0100)]
gpg: Fix the use of future-default with --quick-add-key.

* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback.  Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--

The problem here was that future-default gives the primary and subkey
algorithm.  However, when using future-default for adding a key, the
second part was always used which is for encryption.  If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.

  gpg --batch --passphrase "" --quick-add-key FPR future-default encr

aready worked as did

  gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign

but

  gpg --batch --passphrase "" --quick-add-key FPR future-default sign

does only work with this fix.

GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Add stub function for encrypting AEAD.
Werner Koch [Wed, 10 Jan 2018 16:33:50 +0000 (17:33 +0100)]
gpg: Add stub function for encrypting AEAD.

* g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
* g10/cipher-aead.c: New.  Right now only with a stub function.
* g10/Makefile.am (gpg_sources): Add file.
* g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
cipher_filter_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: New option --force-aead
Werner Koch [Wed, 10 Jan 2018 16:07:11 +0000 (17:07 +0100)]
gpg: New option --force-aead

* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars.  Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--

This patch should be enough to detect whether AEAD can be used.
Not tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Add option and preference framework for AEAD.
Werner Koch [Wed, 10 Jan 2018 10:42:38 +0000 (11:42 +0100)]
gpg: Add option and preference framework for AEAD.

* common/openpgpdefs.h (aead_algo_t): New.
(SIGSUBPKT_PREF_AEAD): New.
* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
(opts): New options --aead-algo and --personal-aead-preferences.
(set_compliance_option): Clar aead algo.
(main): Parse and check the new options
* g10/options.h (struct opt): Add fields def_aead_algo and
personal_aead_prefs.
* g10/packet.h (PREFTYPE_AEAD): New enum value.
(PKT_user_id): Add field flags.aead.
(PKT_public_key): Add field flags.aead.
* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
* g10/getkey.c (fixup_uidnode): Set AEAD flag.
(merge_selfsigs): Ditto.
* g10/kbnode.c (dump_kbnode): Show aead flag.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
(set_one_pref): Suppport PREFTYPE_AEAD.
(keygen_set_std_prefs): Parse AEAD preferences.
(keygen_get_std_prefs): Ditto.
(add_feature_aead): New.
(keygen_upd_std_prefs): Call that and build AEAD pref  packet.
* g10/main.h (DEFAULT_AEAD_ALGO): New const.
* g10/misc.c (openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(string_to_aead_algo): New.
(default_aead_algo): New.
--

This is only used in --rfc4880bis mode and not really tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agodoc: Note pinentry-mode for passphrase opts
Andre Heinecke [Mon, 8 Jan 2018 18:09:28 +0000 (19:09 +0100)]
doc: Note pinentry-mode for passphrase opts

* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
13 months agogpg: Print all keys with --decrypt --list-only.
Werner Koch [Mon, 8 Jan 2018 08:30:31 +0000 (09:30 +0100)]
gpg: Print all keys with --decrypt --list-only.

* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Allow "futuredefault" as alias for "future-default".
Werner Koch [Mon, 1 Jan 2018 13:59:30 +0000 (14:59 +0100)]
gpg: Allow "futuredefault" as alias for "future-default".

* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string.  And while at it we also
allow case-insensitivity.

GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agogpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
Werner Koch [Fri, 29 Dec 2017 19:18:20 +0000 (20:18 +0100)]
gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.

* g10/keygen.c (gen_ecc): Map curve names.
--

See
https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html

Signed-off-by: Werner Koch <wk@gnupg.org>
13 months agoscd: Fix for inactive card at start by internal CCID driver.
NIIBE Yutaka [Wed, 27 Dec 2017 08:20:03 +0000 (17:20 +0900)]
scd: Fix for inactive card at start by internal CCID driver.

* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.

--

Many card readers automatically turn on inserted card, but some
defaults to turning off at start.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
13 months agobuild: Increase libassuan min version to 2.5.0
Kristian Fiskerstrand [Wed, 20 Dec 2017 20:12:01 +0000 (21:12 +0100)]
build: Increase libassuan min version to 2.5.0

--
assuan_sock_set_system_hooks is used unconditionally in gnupg since
commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d, and as such it requires
libassuan 2.5.0 (function introduced in
commit 90dc81682b13a7cf716a8a26b891051cbd4b0caf)

For a detailed description see:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-December/033323.html

13 months agokbx: Simplify by removing custom memory functions.
Werner Koch [Fri, 22 Dec 2017 11:55:32 +0000 (12:55 +0100)]
kbx: Simplify by removing custom memory functions.

* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agocommon: Use larger buffer for homedir in case of 64 bit UIDs.
Werner Koch [Wed, 20 Dec 2017 14:37:29 +0000 (15:37 +0100)]
common: Use larger buffer for homedir in case of 64 bit UIDs.

* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2acdc3b7f00711272aa51e5be2476921
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agodoc: Include NEWS from 2.2.4
Werner Koch [Wed, 20 Dec 2017 09:25:16 +0000 (10:25 +0100)]
doc: Include NEWS from 2.2.4

--

14 months agoPost release updates
Werner Koch [Wed, 20 Dec 2017 09:13:54 +0000 (10:13 +0100)]
Post release updates

--

14 months agoRelease 2.2.4 gnupg-2.2.4
Werner Koch [Wed, 20 Dec 2017 07:31:22 +0000 (08:31 +0100)]
Release 2.2.4

14 months agopo: Auto-update
Werner Koch [Wed, 20 Dec 2017 07:30:40 +0000 (08:30 +0100)]
po: Auto-update

--

14 months agopo: Update Czech translation
Petr Pisar [Tue, 19 Dec 2017 18:50:30 +0000 (19:50 +0100)]
po: Update Czech translation

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agopo: Update Russian translation
Ineiev [Wed, 13 Dec 2017 13:40:02 +0000 (13:40 +0000)]
po: Update Russian translation

14 months agowks: New server options --check, --with-dir, with-file.
Werner Koch [Tue, 19 Dec 2017 16:42:10 +0000 (17:42 +0100)]
wks: New server options --check, --with-dir, with-file.

* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
(opts): New options --check, --with-dir, and --with-file.
(main): Call command_check_key.
(command_list_domains): Implement option --with-dir.
(fname_from_userid): New.
(command_check_key): New.
(command_remove_key): Implement existsing command.
(command_revoke_key): Call command_remove_key as a simple
implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agopo: Auto-update
Werner Koch [Tue, 19 Dec 2017 11:39:25 +0000 (12:39 +0100)]
po: Auto-update

--

Mainly due to removed translations in debug messages.

14 months agopo: Fix a string in de and nl. Mark a string in ro and sk fuzzy.
Werner Koch [Tue, 19 Dec 2017 11:36:49 +0000 (12:36 +0100)]
po: Fix a string in de and nl.  Mark a string in ro and sk fuzzy.

--

These wrong translations are propably due to accidently removing a
fuzzy mark.

A German translation (gpgsm audit feature) was actually reversed.

A Dutch translation has an unused ": %s" at the end.

I am not 100% of the Romanian and Slovak strings, thus I marked them
as fuzzy.

GnuPG-bug-id: 3619
Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agoconf: New option --status-fd.
Werner Koch [Mon, 18 Dec 2017 16:46:05 +0000 (17:46 +0100)]
conf: New option --status-fd.

* tools/gpgconf.c (oStatusFD): New const.
(opts): New option --status-fd.
(statusfp): New var.
(set_status_fd): New.
(gpgconf_write_status): New.
(gpgconf_failure): New.
(main): Set status fd and replace exit by gpgconf_failure.
* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
(gc_process_gpgconf_conf): Print a few warning status messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agoMerge branch 'STABLE-BRANCH-2-2' into master
Werner Koch [Mon, 18 Dec 2017 15:38:02 +0000 (16:38 +0100)]
Merge branch 'STABLE-BRANCH-2-2' into master

--

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agogpgconf: Show --compliance in expert mode.
Werner Koch [Mon, 18 Dec 2017 15:31:54 +0000 (16:31 +0100)]
gpgconf: Show --compliance in expert mode.

* tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
(gc_options_gpgsm): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agosm: Allow explicit setting of the default --compliance=gnupg
Werner Koch [Mon, 18 Dec 2017 11:05:02 +0000 (12:05 +0100)]
sm: Allow explicit setting of the default --compliance=gnupg

* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--

This is required so that we can use this option in in gpgconf.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
14 months agopo: Update Japanese translation.
NIIBE Yutaka [Mon, 18 Dec 2017 05:09:53 +0000 (14:09 +0900)]
po: Update Japanese translation.

* po/ja.po: Fix message with no "%s".

--

Backport of master commit from: 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agopo: Update Japanese translation.
NIIBE Yutaka [Mon, 18 Dec 2017 05:09:53 +0000 (14:09 +0900)]
po: Update Japanese translation.

* po/ja.po: Fix message with no "%s".

--

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
14 months agogpg: Print a warning for too much data encrypted with 3DES et al.
Werner Koch [Wed, 13 Dec 2017 12:02:34 +0000 (13:02 +0100)]
gpg: Print a warning for too much data encrypted with 3DES et al.

* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>