gnupg.git
6 years agoscd: fix Vega for Alpha reader.
NIIBE Yutaka [Tue, 27 Aug 2013 01:15:46 +0000 (10:15 +0900)]
scd: fix Vega for Alpha reader.

* scd/ccid-driver.c (ccid_vendor_specific_init): Fix error handling
and size of command.

--

Signed-off-by: NIIBE Yutaka
6 years agoscd: Make SPRx32 pinpad work with PC/SC on Windows.
Werner Koch [Wed, 21 Aug 2013 14:45:48 +0000 (16:45 +0200)]
scd: Make SPRx32 pinpad work with PC/SC on Windows.

* scd/apdu.c (CM_IOCTL_GET_FEATURE_REQUEST): Use SCARD_CTL_CODE.
(SCARD_CTL_CODE): Define if not defined.
(reader_table_s): Add is_spr532.
(new_reader_slot): Clear it.
(check_pcsc_pinpad): Set it.
(pcsc_pinpad_verify, pcsc_pinpad_modify): Add fix for SPR532.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoscd: Improve --enable-pinpad-varlen.
Werner Koch [Wed, 21 Aug 2013 13:44:52 +0000 (15:44 +0200)]
scd: Improve --enable-pinpad-varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Add
enable-pinpad-varlen.
* scd/apdu.c (check_pcsc_pinpad): Detect SPRx32 reader.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: Extend cmd KEYINFO to return data from sshcontrol.
Werner Koch [Thu, 8 Aug 2013 19:22:38 +0000 (21:22 +0200)]
agent: Extend cmd KEYINFO to return data from sshcontrol.

* agent/command-ssh.c (struct control_file_s): Rename to
ssh_control_file_s.
(ssh_open_control_file, ssh_close_control_file)
(ssh_read_control_file, ssh_search_control_file): New.
(control_file_t):  Rename and move to ...
* agent/agent.h (ssh_control_file_t): here.
* agent/command.c (do_one_keyinfo): Add args is_ssh, ttl, disabled,
and confirm. Rename unknown keytype indicator from '-' to 'X'.  Extend
output.
(cmd_keyinfo): Add options --ssh-list and --with-ssh.
--

This extension allows the development of frontends to manage the
sshcontrol file.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agogpg: No need to create a trustdb when encrypting with --always-trust.
Werner Koch [Fri, 2 Aug 2013 07:10:17 +0000 (09:10 +0200)]
gpg: No need to create a trustdb when encrypting with --always-trust.

* g10/gpg.c (main): Special case setup_trustdb for --encrypt.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agow32: Fix recent patch 9ff72e4.
Werner Koch [Thu, 1 Aug 2013 17:54:11 +0000 (19:54 +0200)]
w32: Fix recent patch 9ff72e4.

* common/homedir.c (check_portable_app): Fix the name of the control
file.

6 years agoagent: Include missing prototype.
Werner Koch [Thu, 1 Aug 2013 09:32:05 +0000 (11:32 +0200)]
agent: Include missing prototype.

* agent/protect.c: Include cvt-openpgp.h.

6 years agow32: Add code to support a portable use of GnuPG.
Werner Koch [Thu, 1 Aug 2013 09:20:48 +0000 (11:20 +0200)]
w32: Add code to support a portable use of GnuPG.

* common/homedir.c (w32_bin_is_bin, w32_portable_app) [W32]: New.
(check_portable_app) [W32]: New.
(standard_homedir, default_homedir) [W32]: Support the portable flag.
(w32_rootdir, w32_commondir) [W32]: Ditto.
(gnupg_bindir, gnupg_cachedir, dirmngr_socket_name) [W32]: Ditto.
* common/logging.h (JNLIB_LOG_NO_REGISTRY): New.
* common/logging.c (no_registry): New variable.
(log_set_prefix, log_get_prefix): Set/get that variable.
(do_logv): Do not check the registry if that variable is set.
--

Beware: This code has not been tested because it is not yet possible
to build GnuPG 2.1 for Windows.  However, the code will be the base
for an implementation in 2.0.

A portable use of GnuPG under Windows means that GnuPG uses a home
directory depending on the location of the actual binary.  No registry
variables are considered.  The portable mode is enabled if in the
installation directory of the the binary "gpgconf.exe" and a
file "gpgconf.ctl" are found.  The latter file is empty or consists
only of empty or '#' comment lines.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoSilence compiler warning about deprecated Libgcrypt symbols
Werner Koch [Thu, 1 Aug 2013 09:06:22 +0000 (11:06 +0200)]
Silence compiler warning about deprecated Libgcrypt symbols

* configure.ac (AH_BOTTOM): Define GCRYPT_NO_DEPRECATED.
--

Some gcc versions emit deprecated warning for such flagged Libgcrypt
symbols; even if they are not used.

6 years agow32: Change autogen.sh to use npth.
Werner Koch [Thu, 1 Aug 2013 09:03:24 +0000 (11:03 +0200)]
w32: Change autogen.sh to use npth.

--

6 years agodirmngr: Define missing LDAP constant
Werner Koch [Thu, 1 Aug 2013 09:02:03 +0000 (11:02 +0200)]
dirmngr: Define missing LDAP constant

* dirmngr/ldap-url.c (LDAP_SCOPE_DEFAULT): Define if missing.

6 years agoscd: Fix a syntax error for Apple and Windows.
Werner Koch [Thu, 1 Aug 2013 09:01:01 +0000 (11:01 +0200)]
scd: Fix a syntax error for Apple and Windows.

* scd/apdu.c (pcsc_dword_t) [W32]: Fix syntax error.

6 years agocommon: Fix a build error when using adns.
Werner Koch [Thu, 1 Aug 2013 08:30:27 +0000 (10:30 +0200)]
common: Fix a build error when using adns.

* common/dns-cert.c (get_dns_cert) [USE_ADNS]: Fix synatx error.
--

(fixes commit 31f548a18aed729c05ea367f2d8a8104480430d5)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agocommon: Comment out unused code.
Werner Koch [Wed, 31 Jul 2013 14:15:01 +0000 (16:15 +0200)]
common: Comment out unused code.

* common/w32-reg.c (write_w32_registry_string): Comment out.

6 years agodirmngr: Remove unused file.
Werner Koch [Wed, 31 Jul 2013 14:14:00 +0000 (16:14 +0200)]
dirmngr: Remove unused file.

* dirmngr/get-path.c: Remove.

6 years agosm: Remove cruft from source files.
Werner Koch [Thu, 27 Jun 2013 09:40:12 +0000 (11:40 +0200)]
sm: Remove cruft from source files.

* sm/keydb.c, sm/keydb.h: Remove disabled code parts.

6 years agoModernize two format string file name quotes.
Werner Koch [Thu, 27 Jun 2013 07:28:43 +0000 (09:28 +0200)]
Modernize two format string file name quotes.

--

6 years agoPrepare for newer automake versions.
Werner Koch [Thu, 27 Jun 2013 07:22:00 +0000 (09:22 +0200)]
Prepare for newer automake versions.

* configure.ac (AM_INIT_AUTOMAKE): Replace 2 argument form by the
option form.  Add options from the top Makefile.
(AM_CONFIG_HEADER): Rename to AC_CONFIG_HEADER.
* Makefile.am (AUTOMAKE_OPTIONS): Remove.

* kbx/Makefile.am: Remove INCLUDES.  Include cmacros.am.  FActor some
AM_CPPFLAGS options to  AM_CFLAGS.

6 years agoUpdate AUTHORS.
Werner Koch [Wed, 26 Jun 2013 21:37:40 +0000 (23:37 +0200)]
Update AUTHORS.

--

6 years agoFix Makefile regression.
Werner Koch [Wed, 26 Jun 2013 21:23:18 +0000 (23:23 +0200)]
Fix Makefile regression.

* agent/Makefile.am (gpg_agent_DEPENDENCIES): Remove cruft from wrong
resolve conflict 2013-04-25.
(gpg_agent_DEPENDENCIES): Remove obsolete gpg_agent_res_deps
(gpg_agent_LDFLAGS): Remove obsolete gpg_agent_res_ldflags.
--

This fixes 88e24341e57c96e31a25e92e09d67989e64cc1c1.  Thanks to
Christian Aistleitner for pinpointing this bug.  Am sorry for accusing
automake to have introduced this bug; I should have washed my own eyes.

GnuPG-bug-id: 1511

6 years agoImplement unattended OpenPGP secret key import.
Werner Koch [Wed, 22 May 2013 08:50:12 +0000 (09:50 +0100)]
Implement unattended OpenPGP secret key import.

* agent/command.c (cmd_import_key): Add option --unattended.
* agent/cvt-openpgp.c (convert_transfer_key): New.
(do_unprotect): Factor some code out to ...
(prepare_unprotect): new function.
(convert_from_openpgp): Factor all code out to ...
(convert_from_openpgp_main): this.  Add arg 'passphrase'.  Implement
openpgp-native protection modes.
(convert_from_openpgp_native): New.
* agent/t-protect.c (convert_from_openpgp_native): New dummy fucntion
* agent/protect-tool.c (convert_from_openpgp_native): Ditto.
* agent/protect.c (agent_unprotect): Add arg CTRL.  Adjust all
callers.  Support openpgp-native protection.
* g10/call-agent.c (agent_import_key): Add arg 'unattended'.
* g10/import.c (transfer_secret_keys): Use unattended in batch mode.
--

With the gpg-agent taking care of the secret keys, the user needs to
migrate existing keys from secring.gpg to the agent.  This and also
the standard import of secret keys required the user to unprotect the
secret keys first, so that gpg-agent was able to re-protected them
using its own scheme.  With many secret keys this is quite some
usability hurdle.  In particular if a passphrase is not instantly
available.

To make this migration smoother, this patch implements an unattended
key import/migration which delays the conversion to the gpg-agent
format until the key is actually used.  For example:

   gpg2 --batch --import mysecretkey.gpg

works without any user interaction due to the use of --batch.  Now if
a key is used (e.g. "gpg2 -su USERID_FROM_MYSECRETKEY foo"), gpg-agent
has to ask for the passphrase anyway, converts the key from the
openpgp format to the internal format, signs, re-encrypts the key and
tries to store it in the gpg-agent format to the disk.  The next time,
the internal format of the key is used.

This patch has only been tested with the old demo keys, more tests
with other protection formats and no protection are needed.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoNew debug functions log_printcanon and log_printsexp.
Werner Koch [Tue, 21 May 2013 13:00:00 +0000 (14:00 +0100)]
New debug functions log_printcanon and log_printsexp.

* common/sexputil.c (sexp_to_string, canon_sexp_to_string): New.
(log_printcanon, log_printsexp): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: Fix length detection of canonical formatted openpgp keys.
Werner Koch [Tue, 21 May 2013 12:00:16 +0000 (13:00 +0100)]
agent: Fix length detection of canonical formatted openpgp keys.

* agent/command.c (cmd_import_key): Pass 0 instead of KEYLEN to
gcry_sexp_canon_len.
--

We used to pass KEYLEN to the gcry_sexp_canon_len for no good reason:
convert_from_openpgp is guaranteed to return a valid canonical
S-expression and KEYLEN would thus act only as an upper limit.  This
is not a problem because usually the original input key is longer than
the returned unprotected key.  A future patch may change this
assertion and thus we better fix this bug now.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoagent: New option --disable-check-own-socket.
Werner Koch [Tue, 21 May 2013 11:10:00 +0000 (12:10 +0100)]
agent: New option --disable-check-own-socket.

* agent/gpg-agent.c (oDisableCheckOwnSocket): New.
(disable_check_own_socket): New.
(parse_rereadable_options): Set new option.
(check_own_socket): Implement new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agow32: Add icons and version information.
Werner Koch [Thu, 25 Apr 2013 11:00:16 +0000 (12:00 +0100)]
w32: Add icons and version information.

* common/gnupg.ico: New.  Take from artwork/gnupg-favicon-1.ico.
* agent/gpg-agent-w32info.rc: New.
* g10/gpg-w32info.rc: New.
* scd/scdaemon-w32info.rc: New.
* sm/gpgsm-w32info.rc: New.
* tools/gpg-connect-agent-w32info.rc: New.
* common/w32info-rc.h.in: New.
* configure.ac (BUILD_REVISION, BUILD_FILEVERSION, BUILD_TIMESTAMP)
(BUILD_HOSTNAME): New.
(AC_CONFIG_FILES): Add w32info-rc.h.
* am/cmacros.am (.rc.o): New rule.
* agent/Makefile.am, common/Makefile.am, g10/Makefile.am
* scd/Makefile.am, sm/Makefile.am, tools/Makefile.am: Add stuff to
build resource files.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 049b3d9ca0285d15c00c215ac9b533c994196ca4)

Solved conflicts in:

agent/Makefile.am
common/Makefile.am
g10/Makefile.am
scd/Makefile.am
sm/Makefile.am
tools/Makefile.am

6 years agodoc: fix some Texinfo warnings.
Ian Abbott [Thu, 25 Apr 2013 11:00:16 +0000 (12:00 +0100)]
doc: fix some Texinfo warnings.

* doc/gpg.texi: Fix syntax and add missing menu entries.
* doc/gpgsm.texi: Fix subsectioning.
--

These five patches fix some warnings from Texinfo 5 by adding some
missing nodes and changing some sections to subsections, and moving an
'@end ifset' to the start of a line.  I also noticed the 'Deprecated
options' subsection didn't appear in the GPG options menu, so I added
it.  (Texinfo never warned about it because it was after the last node
in the menu.)

1) doc/gpg.texi: move '@end ifset' to start of line
2) doc/gpg.texi: Add missing node for 'Compliance options' section.
3) doc/gpg.texi: add node for 'Deprecated options' subsection.
4) doc/gpg.texi: make 'Unattended key generation' a subsection
5) doc/gpgsm.texi: fix subsectioning for Unattended Usage

(all 5 merged into one patch by wk)

(cherry picked from commit 4d67f59a336bfa0ff19fc23209940724196fd886)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoFix potential heap corruption in "gpg -v --version".
Werner Koch [Sat, 15 Dec 2012 10:28:00 +0000 (11:28 +0100)]
Fix potential heap corruption in "gpg -v --version".

* g10/gpg.c (build_list): Rewrite to cope with buffer overflow in
certain locales.
--

This fixes an obvious bug in locales where the translated string is
longer than the original.  The bug could be exhibited by using
LANG=ru_RU.utf8 gpg -v --version.

En passant we also removed the trailing white space on continued
lines.

Reported-by: Dmitry V. Levin" <ldv at altlinux.org>
(cherry picked from commit 3402a84720e7d8c6ad04fc50eacb338a8ca05ca1)

Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agogpgsm: Remove non-implemented commands from --help.
Werner Koch [Thu, 18 Apr 2013 12:40:43 +0000 (14:40 +0200)]
gpgsm: Remove non-implemented commands from --help.

* sm/gpgsm.c (opts): Removed commands --clearsign, --symmetric,
--send-keys, and --recv-keys.

--

GnuPG-bug-id: 1064
Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoMake sure to call fflush if estream_t is backed with stdio
Daiki Ueno [Tue, 2 Apr 2013 06:45:58 +0000 (15:45 +0900)]
Make sure to call fflush if estream_t is backed with stdio

* common/estream.c (es_func_fp_write): Call fflush after fwrite.

6 years agodoc: Formatting fixes.
Werner Koch [Thu, 18 Apr 2013 12:40:43 +0000 (14:40 +0200)]
doc: Formatting fixes.

* doc/Makefile.am (.fig.jpg): Correct to use -L jpeg.
* doc/gpg.texi: Fix cross reference for --options.
* doc/gpgsm.texi: Likewise.
* doc/gpl.texi: Fix enumerate and re-indent examples.
--

Reported-by: Ian Abbott
Signed-off-by: Werner Koch <wk@gnupg.org>
6 years agoAdd missing file.
Werner Koch [Wed, 17 Apr 2013 09:26:27 +0000 (11:26 +0200)]
Add missing file.

--

6 years agoFix doc for the Expire-Date key generation parameter.
Werner Koch [Thu, 4 Apr 2013 12:24:11 +0000 (14:24 +0200)]
Fix doc for the Expire-Date key generation parameter.

--

6 years agoscd: move SCDaemon to libexecdir.
NIIBE Yutaka [Mon, 1 Apr 2013 02:42:11 +0000 (11:42 +0900)]
scd: move SCDaemon to libexecdir.

* common/homedir.c (gnupg_module_name): It's now libexecdir.
* scd/Makefile.am (libexec_PROGRAMS): Add scdaemon
(bin_PROGRAMS): Remove scdaemon.

6 years agocopyright assignments are not anymore required.
Werner Koch [Fri, 29 Mar 2013 08:13:05 +0000 (09:13 +0100)]
copyright assignments are not anymore required.

6 years agoscd: PC/SC status fix.
NIIBE Yutaka [Tue, 26 Mar 2013 03:43:24 +0000 (12:43 +0900)]
scd: PC/SC status fix.

* scd/apdu.c (pcsc_get_status_direct): Check PCSC_STATE_MUTE only when
PCSC_STATE_PRESENT.

* scd/pcsc-wrapper.c (handle_status): Ditto.

6 years agoscd: PC/SC cleanup (more).
NIIBE Yutaka [Tue, 26 Mar 2013 00:03:55 +0000 (09:03 +0900)]
scd: PC/SC cleanup (more).

* scd/apdu.c (control_pcsc_direct, control_pcsc_wrapped, control_pcsc)
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify): Use
pcsc_dword_t.

6 years agoscd: call update_card_removed only when detecting removal.
NIIBE Yutaka [Mon, 25 Mar 2013 23:43:15 +0000 (08:43 +0900)]
scd: call update_card_removed only when detecting removal.

* scd/command.c (update_reader_status_file): Add condition
vr->status == 0.

--

To reproduce the bug: (1) insert card,
  (2) run "gpg2 --card-status",
  (3) remove card, (4) invoke "gpg2 --card-edit",
  (5) invoke some command like "verify"
The last step fails (but with no error message to user).

6 years agoscd: PC/SC cleanup.
NIIBE Yutaka [Fri, 22 Mar 2013 01:41:59 +0000 (10:41 +0900)]
scd: PC/SC cleanup.

* scd/apdu.c (pcsc_dword_t): New.  It was named as DWORD (double-word)
when a word was 16-bit.
(struct reader_table_s): Fixes for types.
(struct pcsc_readerstate_s) [__APPLE__]: Enable #pragma pack(1).
Throughout: Fixes for types.

* scd/pcsc-wrapper.c: Likewise.

--

Problem reported for 1.4.x by the issue 1358.

6 years agopo: Enable ja.po.
NIIBE Yutaka [Thu, 21 Mar 2013 00:11:15 +0000 (09:11 +0900)]
po: Enable ja.po.

* po/LINGUAS: Enable ja.po.

6 years agoscd: change default value of pinpad maxlen.
NIIBE Yutaka [Thu, 21 Mar 2013 00:04:13 +0000 (09:04 +0900)]
scd: change default value of pinpad maxlen.

* scd/apdu.c (pcsc_pinpad_verify, pcsc_pinpad_modify): Default value
of maxlen for pinpad input is now 15 (was: 25).

* scd/ccid-driver.c (ccid_transceive_secure): Likewise.

--

For newer PC/SC, it is better to use FEATURE_GET_TLV_PROPERTIES to get
bMaxPINSize.

6 years agoMerge branch 'master' into key-storage-work key-storage-work
Werner Koch [Wed, 20 Mar 2013 09:00:12 +0000 (10:00 +0100)]
Merge branch 'master' into key-storage-work

--

6 years agoAdd code to allow for late memory cleanup.
Werner Koch [Fri, 28 Dec 2012 18:26:59 +0000 (19:26 +0100)]
Add code to allow for late memory cleanup.

* common/init.c (mem_cleanup_item_t): New.
(run_mem_cleanup): New.
(_init_common_subsystems): Add an atexit for it.
(register_mem_cleanup_func): New.

* g10/kbnode.c (cleanup_registered): New.
(release_unused_nodes): New.
(alloc_node): Call register_mem_cleanup_func.
--

It is often time consuming to figure out whether still allocated
memory at process termination is fine (e.g. a cache) or a problem.  To
help for that register_mem_cleanup_func may now be used to cleanup
such memory.  The run time of the program will be longer; if that
turns out to be a problem we can change the code to only run in
debugging mode.

6 years agokbx: Remove unused macro.
Werner Koch [Fri, 28 Dec 2012 16:28:43 +0000 (17:28 +0100)]
kbx: Remove unused macro.

* kbx/keybox.h (KEYBOX_WITH_OPENPGP): Remove unused macro.

6 years agopo: Autoupdates for de and fr. Update gitignore.
Werner Koch [Wed, 20 Mar 2013 08:50:03 +0000 (09:50 +0100)]
po: Autoupdates for de and fr.  Update gitignore.

--

6 years agogpg: Print indicator for unknown key capability.
Werner Koch [Tue, 19 Mar 2013 16:23:56 +0000 (17:23 +0100)]
gpg: Print indicator for unknown key capability.

* g10/keylist.c (print_capabilities): Print '?' for unknown usage.

6 years agogpg: Allow setting of all zero key flags
Daniel Kahn Gillmor [Tue, 19 Mar 2013 15:25:25 +0000 (11:25 -0400)]
gpg: Allow setting of all zero key flags

* g10/keygen.c (do_add_key_flags): Do not check for empty key flags.

6 years agogpg: Distinguish between missing and cleared key flags.
Werner Koch [Fri, 15 Mar 2013 14:46:03 +0000 (15:46 +0100)]
gpg: Distinguish between missing and cleared key flags.

* include/cipher.h (PUBKEY_USAGE_NONE): New.
* g10/getkey.c (parse_key_usage): Set new flag.
--

We do not want to use the default capabilities (derived from the
algorithm) if any key flags are given in a signature.  Thus if key
flags are used in any way, the default key capabilities are never
used.

This allows to create a key with key flags set to all zero so it can't
be used.  This better reflects common sense.

6 years agoscd: ccid-driver supporting larger APDU.
NIIBE Yutaka [Thu, 14 Mar 2013 23:34:32 +0000 (08:34 +0900)]
scd: ccid-driver supporting larger APDU.

* scd/ccid-driver.c (ccid_transceive_apdu_level): Support larger
APDU.

--
This is still ad hoc change, but it's OK.  Supporting full extended
APDU exchange level is not worth yet.

6 years agoscd: fix missing close paren.
NIIBE Yutaka [Thu, 14 Mar 2013 23:33:13 +0000 (08:33 +0900)]
scd: fix missing close paren.

* scd/app-openpgp.c (du_auth): Fix.

--

6 years agoscd: support ECDSA signing.
NIIBE Yutaka [Sat, 9 Mar 2013 00:36:21 +0000 (09:36 +0900)]
scd: support ECDSA signing.

* scd/app-openpgp.c (do_sign): Only prepend message digest block
for RSA or do_auth.
(do_auth): Remove message digest block for ECDSA.

--

If we don't need to check the message digest block by SCDaemon, we
don't requite the message digest block for ECDSA by gpg-agent.

6 years agoscd: support ECDSA public key.
NIIBE Yutaka [Fri, 8 Mar 2013 02:40:37 +0000 (11:40 +0900)]
scd: support ECDSA public key.

* scd/app-openpgp.c (key_type_t): New.
(CURVE_NIST_P256, CURVE_NIST_P384, CURVE_NIST_P521): New.
(struct app_local_s): Change keyattr to have key_type and union.
(get_ecc_key_parameters, get_curve_name): New.
(send_key_attr, get_public_key): Support ECDSA.
(build_privkey_template, do_writekey, do_genkey): Follow the change
of the member KEY_ATTR.
(parse_historical): New.
(parse_algorithm_attribute): Support ECDSA.
--

Add ECDSA support to OpenPGP card.

6 years agoUpdate RFC references to RFC 4880
Daniel Kahn Gillmor [Tue, 5 Mar 2013 09:24:54 +0000 (04:24 -0500)]
Update RFC references to RFC 4880

--

6 years agoRequire libgpg-error 1.11.
Werner Koch [Mon, 25 Feb 2013 12:40:10 +0000 (13:40 +0100)]
Require libgpg-error 1.11.

* configure.ac: Require libgpg-error 1.11.
* common/util.h (GPG_ERR_NO_KEYSERVER, GPG_ERR_INV_CURVE)
(GPG_ERR_UNKNOWN_CURVE): Remove fallback definitions.

6 years agoagent: pksign result conversion to sexp to upper layer.
NIIBE Yutaka [Thu, 28 Feb 2013 02:17:47 +0000 (11:17 +0900)]
agent: pksign result conversion to sexp to upper layer.

* agent/agent.h (divert_pksign): Add R_SIGLEN argument.
* agent/divert-scd.c (divert_pksign): Return length at R_SIGLEN.
* agent/call-scd.c (agent_card_pksign): Move composition of
S-expression to...
* agent/pksign.c (agent_pksign_do): ... here.
--

Composing S-expression would be better to be done by SCDaemon.

6 years agoUse has_leading_keyword in the assuan callbacks.
Werner Koch [Fri, 22 Feb 2013 09:56:13 +0000 (10:56 +0100)]
Use has_leading_keyword in the assuan callbacks.

* agent/call-pinentry.c (inq_quality): Use has_leading_keyword.
* agent/call-scd.c (inq_needpin, inq_writekey_parms): Ditto.
* g10/call-agent.c (inq_writecert_parms, keyinfo_status_cb): Ditto.
(inq_genkey_parms, inq_ciphertext_cb, inq_import_key_parms): Ditto.
* g10/call-dirmngr.c (ks_put_inq_cb): Ditto.
* sm/call-agent.c (default_inq_cb, inq_ciphertext_cb): Ditto.
(inq_genkey_parms, istrusted_status_cb, learn_status_cb): Ditto.
(keyinfo_status_cb, inq_import_key_parms): Ditto.
* sm/call-dirmngr.c (inq_certificate, isvalid_status_cb): Ditto.
(lookup_status_cb, run_command_inq_cb, run_command_status_cb): Ditto.

6 years agoRemove some unused variables.
Werner Koch [Tue, 12 Feb 2013 18:28:54 +0000 (19:28 +0100)]
Remove some unused variables.

* tools/gpgconf-comp.c (gc_process_gpgconf_conf): Remove unused
used_components.
* agent/command-ssh.c (ssh_signature_encoder_ecdsa): Mark unused arg.
* g13/g13.c (main): Comment variable of yet unimplemented options.

6 years agogpg: Fix a memory leak in batch key generation
Werner Koch [Thu, 21 Feb 2013 19:35:10 +0000 (20:35 +0100)]
gpg: Fix a memory leak in batch key generation

* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.

6 years agogpg: Handle the agent's NEW_PASSPHRASE inquiry.
Werner Koch [Thu, 21 Feb 2013 19:27:20 +0000 (20:27 +0100)]
gpg: Handle the agent's NEW_PASSPHRASE inquiry.

* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.

6 years agocommon: Add func has_leading_keyword.
Werner Koch [Thu, 21 Feb 2013 19:25:12 +0000 (20:25 +0100)]
common: Add func has_leading_keyword.

* common/stringhelp.c (has_leading_keyword): New.

6 years agoRemove build hacks for FreeBSD.
Werner Koch [Wed, 20 Feb 2013 19:31:52 +0000 (20:31 +0100)]
Remove build hacks for FreeBSD.

* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--

Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib .  It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.

6 years agoagent: fix two bugs.
NIIBE Yutaka [Fri, 22 Feb 2013 03:55:11 +0000 (12:55 +0900)]
agent: fix two bugs.

* agent/command.c (cmd_keytocard): Decrement KEYDATALEN.
* agent/findkey.c (agent_public_key_from_file): Increment for ELEMS.

--
For ECDSA and ECDH, there are 6 elements.

6 years agogpg: fix keytocard and support ECC card for key attribute.
NIIBE Yutaka [Fri, 22 Feb 2013 02:00:27 +0000 (11:00 +0900)]
gpg: fix keytocard and support ECC card for key attribute.

* g10/call-agent.c (agent_keytocard): Supply PARM arg.
* g10/card-util.c (card_status): Support ECC.
(card_store_subkey): Don't assume RSA.

6 years agogpg: Fix a memory leak in batch key generation
Werner Koch [Thu, 21 Feb 2013 19:35:10 +0000 (20:35 +0100)]
gpg: Fix a memory leak in batch key generation

* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.

* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--

Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released.  If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.

6 years agogpg: Handle the agent's NEW_PASSPHRASE inquiry.
Werner Koch [Thu, 21 Feb 2013 19:27:20 +0000 (20:27 +0100)]
gpg: Handle the agent's NEW_PASSPHRASE inquiry.

* g10/call-agent.c (default_inq_cb): Take care of NEW_PASSPHRASE.

6 years agocommon: Add func has_leading_keyword.
Werner Koch [Thu, 21 Feb 2013 19:25:12 +0000 (20:25 +0100)]
common: Add func has_leading_keyword.

* common/stringhelp.c (has_leading_keyword): New.

6 years agoRemove build hacks for FreeBSD.
Werner Koch [Wed, 20 Feb 2013 19:31:52 +0000 (20:31 +0100)]
Remove build hacks for FreeBSD.

* configure.ac [freebsd]: Do not add /usr/local to CPPFLAGS and
LDFLAGS.
--

Back in ~2000 we introduced a quick hack to make building of Libgcrypt
on FreeBSD easier by always adding -I/usr/local/include and
-L/usr/local/lib .  It turned out that this is a bad idea if one wants
to build with library version which is not installed in /usr/local.
The hack made was eventually (in 2003) copied from Libgcrypt to
GnuPG-2.

6 years agoUpdate .gitignore for non-VPATH builds.
Werner Koch [Tue, 12 Feb 2013 18:28:54 +0000 (19:28 +0100)]
Update .gitignore for non-VPATH builds.

--

6 years agoUpdate .gitignore for non-VPATH builds.
Werner Koch [Tue, 12 Feb 2013 18:28:54 +0000 (19:28 +0100)]
Update .gitignore for non-VPATH builds.

--

6 years agoMerge branch 'master' into key-storage-work
Werner Koch [Tue, 12 Feb 2013 18:17:42 +0000 (19:17 +0100)]
Merge branch 'master' into key-storage-work

6 years agogpg: Implement card_store_subkey again.
NIIBE Yutaka [Wed, 6 Feb 2013 05:01:23 +0000 (14:01 +0900)]
gpg: Implement card_store_subkey again.

* g10/call-agent.h (agent_keytocard): New.
* g10/call-agent.c (agent_keytocard): New.
* g10/card-util.c (replace_existing_key_p): Returns 1 when replace.
(card_generate_subkey): Check return value of replace_existing_key_p.
(card_store_subkey): Implement again using agent_keytocard.

6 years agoagent: Add KEYTOCARD command.
NIIBE Yutaka [Wed, 6 Feb 2013 05:00:05 +0000 (14:00 +0900)]
agent: Add KEYTOCARD command.

* agent/agent.h (divert_writekey, agent_card_writekey): New.
* agent/call-scd.c (inq_writekey_parms, agent_card_writekey): New.
* agent/command.c (cmd_keytocard, hlp_keytocard): New.
(register_commands): Add cmd_keytocard.
* agent/divert-scd.c (divert_writekey): New.

6 years agoJapanese: update po and doc.
NIIBE Yutaka [Tue, 12 Feb 2013 05:14:12 +0000 (14:14 +0900)]
Japanese: update po and doc.

* doc/help.ja.txt, po/ja.po: Updated.

6 years agoscd: Rename 'keypad' to 'pinpad'.
NIIBE Yutaka [Thu, 7 Feb 2013 01:07:51 +0000 (10:07 +0900)]
scd: Rename 'keypad' to 'pinpad'.

* NEWS: Mention scd changes.

* agent/divert-scd.c (getpin_cb): Change message.

* agent/call-scd.c (inq_needpin): Change the protocol to
POPUPPINPADPROMPT and DISMISSPINPADPROMPT.
* scd/command.c (pin_cb): Likewise.

* scd/apdu.c (struct reader_table_s): Rename member functions.
(check_pcsc_pinpad, pcsc_pinpad_verify, pcsc_pinpad_modify,
check_ccid_pinpad, ccid_pinpad_operation, apdu_check_pinpad
apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/apdu.h (SW_HOST_NO_PINPAD, apdu_check_pinpad)
(apdu_pinpad_verify, apdu_pinpad_modify): Rename.

* scd/iso7816.h (iso7816_check_pinpad): Rename.

* scd/iso7816.c (map_sw): Use SW_HOST_NO_PINPAD.
(iso7816_check_pinpad): Rename.
(iso7816_verify_kp, iso7816_change_reference_data_kp): Follow
the change.

* scd/ccid-driver.h (CCID_DRIVER_ERR_NO_PINPAD): Rename.
* scd/ccid-driver.c (ccid_transceive_secure): Use it.

* scd/app-dinsig.c (verify_pin): Follow the change.
* scd/app-nks.c (verify_pin): Follow the change.

* scd/app-openpgp.c (check_pinpad_request): Rename.
(parse_login_data, verify_a_chv, verify_chv3, do_change_pin): Follow
the change.

* scd/scdaemon.c (oDisablePinpad, oEnablePinpadVarlen): Rename.

* scd/scdaemon.h (opt): Rename to disable_pinpad,
enable_pinpad_varlen.

* tools/gpgconf-comp.c (gc_options_scdaemon): Rename to
disable-pinpad.

6 years agogpg: Add pinentry-mode feature.
Werner Koch [Thu, 7 Feb 2013 19:37:58 +0000 (20:37 +0100)]
gpg: Add pinentry-mode feature.

* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry.  Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.

* g10/call-agent.c (struct default_inq_parm_s): New.  Change all
similar structs to reference this one.  Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs.  This change will help to eventually get rid of global
variables.
--

This new features allows to use gpg without a Pinentry.  As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry).  For example

  gpg2 --pinentry-mode=loopback FILE.gpg

may be used to decrypt FILE.gpg while entering the passphrase on the
tty.  If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process.  Note that there are no try-again prompts in case of a bad
passphrase.

6 years agodoc: Fix description for NEED_PASSPHRASE status.
Werner Koch [Thu, 7 Feb 2013 19:18:31 +0000 (20:18 +0100)]
doc: Fix description for NEED_PASSPHRASE status.

--

6 years agoagent: Move a typedef to common and provide parse_pinentry_mode.
Werner Koch [Wed, 6 Feb 2013 11:49:52 +0000 (12:49 +0100)]
agent: Move a typedef to common and provide parse_pinentry_mode.

* common/agent-opt.c: New.
* common/shareddefs.h: New.
* common/Makefile.am: Add new files.
* agent/agent.h: Include shareddefs.h.
(pinentry_mode_t): Factor out to shareddefs.h.
* agent/command.c (option_handler): Use parse_pinentry_mode.

6 years agoagent: Return a better error code if no passphrase was given.
Werner Koch [Wed, 6 Feb 2013 11:42:07 +0000 (12:42 +0100)]
agent: Return a better error code if no passphrase was given.

* agent/protect.c (hash_passphrase): Handle an empty passphrase.
--

This is mostly useful in loopback pinentry-mode.

6 years agoscd: Fix check_keypad_request.
NIIBE Yutaka [Tue, 5 Feb 2013 05:59:29 +0000 (14:59 +0900)]
scd: Fix check_keypad_request.

* scd/app-openpgp.c (check_keypad_request): 0 means not to use pinpad.

6 years agoSCD: Add vendor specific initalization.
NIIBE Yutaka [Mon, 28 Jan 2013 02:46:40 +0000 (11:46 +0900)]
SCD: Add vendor specific initalization.

* scd/ccid-driver.c (ccid_vendor_specific_init): New.
(ccid_open_reader): Call ccid_vendor_specific_init.

6 years agoSCD: Support P=N format for login data.
NIIBE Yutaka [Sun, 13 Jan 2013 03:12:10 +0000 (12:12 +0900)]
SCD: Support P=N format for login data.

* scd/app-openpgp.c (parse_login_data): Support P=N format.

6 years agoSCD: Better interoperability.
NIIBE Yutaka [Fri, 11 Jan 2013 04:19:17 +0000 (13:19 +0900)]
SCD: Better interoperability.

* scd/apdu.c: Fill bTeoPrologue[2] field.
--
ccid-1.4.5 or older requires this field is filled by application.

6 years agoSCD: Defaults to use pinpad if the reader has the capability.
NIIBE Yutaka [Fri, 11 Jan 2013 01:41:38 +0000 (10:41 +0900)]
SCD: Defaults to use pinpad if the reader has the capability.

* scd/app-openpgp.c (struct app_local_s): Remove VARLEN.
(parse_login_data): "P=0" means to disable pinpad.
(check_keypad_request): Default is to use pinpad if available.

6 years agoSCD: handle keypad request on the card.
NIIBE Yutaka [Thu, 10 Jan 2013 06:58:43 +0000 (15:58 +0900)]
SCD: handle keypad request on the card.

* scd/app-openpgp.c: Add 2013.
(struct app_local_s): Add keypad structure.
(parse_login_data): Add parsing keypad request on the card.
(check_keypad_request): New.
(verify_a_chv, verify_chv3, do_change_pin): Call check_keypad_request
to determine use of keypad.

6 years agoSCD: Minor fix of ccid-driver.
NIIBE Yutaka [Thu, 10 Jan 2013 06:52:24 +0000 (15:52 +0900)]
SCD: Minor fix of ccid-driver.

* scd/ccid-driver.c (VENDOR_VEGA): Fix typo.

6 years agoSCD: Add support of Covadis VEGA_ALPHA reader.
NIIBE Yutaka [Thu, 10 Jan 2013 01:49:27 +0000 (10:49 +0900)]
SCD: Add support of Covadis VEGA_ALPHA reader.

* scd/ccid-driver.c: Add 2013.
(VENDER_VEGA, VEGA_ALPHA):New.
(ccid_transceive_secure): VEGA_ALPHA is same firmware as GEMPC_PINPAD.
Change bNumberMessage to 0x01, as it works better (was: 0xff).

6 years agoSCD: Support fixed length PIN input for keypad (PC/SC).
NIIBE Yutaka [Wed, 9 Jan 2013 07:40:41 +0000 (16:40 +0900)]
SCD: Support fixed length PIN input for keypad (PC/SC).

* scd/apdu.c (pcsc_keypad_verify): SUpport fixed length PIN input for
keypad.
(pcsc_keypad_modify): Likewise.
* scd/ccid-driver.c (ccid_transceive_secure): Clean up.

6 years agoSCD: Support fixed length PIN input for keypad.
NIIBE Yutaka [Wed, 9 Jan 2013 07:23:55 +0000 (16:23 +0900)]
SCD: Support fixed length PIN input for keypad.

* scd/iso7816.h (struct pininfo_s): Remove MODE and add FIXEDLEN.
* scd/app-dinsig.c (verify_pin): Initialize FIXEDLEN to unknown.
* scd/app-nks.c (verify_pin): Likewise.
* scd/app-openpgp.c (verify_a_chv, verify_chv3, do_change_pin):
Likewise.
* scd/apdu.c (check_pcsc_keypad): Add comment.
(pcsc_keypad_verify, pcsc_keypad_modify): PC/SC driver only support
readers with the feature of variable length input (yet).
(apdu_check_keypad): Set FIXEDLEN.
* scd/ccid-driver.c (ccid_transceive_secure): Add GEMPC_PINPAD
specific settings.
Support fixed length PIN input for keypad.

6 years agoSCD: API cleanup for keypad handling.
NIIBE Yutaka [Wed, 9 Jan 2013 05:10:08 +0000 (14:10 +0900)]
SCD: API cleanup for keypad handling.

* scd/iso7816.h (struct pininfo_s): Rename from iso7816_pininfo_s.
Change meaning of MODE.
(pininfo_t): Rename from iso7816_pininfo_t.
* scd/sc-copykeys.c: Include "iso7816.h".
* scd/scdaemon.c, scd/command.c: Likewise.
* scd/ccid-driver.c: Include "scdaemon.h" and "iso7816.h".
(ccid_transceive_secure): Follow the change of PININFO_T.
* scd/app.c: Include "apdu.h" after "iso7816.h".
* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Follow the change of API.
* scd/apdu.c (struct reader_table_s): Change API of CHECK_KEYPAD,
KEYPAD_VERIFY, KEYPAD_MODIFY to have arg of PININFO_T.
(check_pcsc_keypad, check_ccid_keypad): Likewise.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify): Likewise.
(pcsc_keypad_verify, pcsc_keypad_modify, ct_send_apdu)
(pcsc_send_apdu_direct,  pcsc_send_apdu_wrapped, pcsc_send_apdu)
(send_apdu_ccid, ccid_keypad_operation, my_rapdu_send_apdu, send_apdu)
(send_le): Follow the change of API.
* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Change the API.
* scd/app-dinsig.c, scd/app-nks.c, scd/app-openpgp.c: Follow the
change.

6 years agoSCD: Clean up. Remove PADLEN for keypad input.
NIIBE Yutaka [Mon, 7 Jan 2013 05:20:55 +0000 (14:20 +0900)]
SCD: Clean up.  Remove PADLEN for keypad input.

* scd/apdu.c (struct pininfo_s): Use iso7816_pininfo_s.
(struct reader_table_s): Remove last arg from check_keypad method.
(check_pcsc_keypad, check_pcsc_keypad): Remove PIN_PADLEN.
(pcsc_keypad_verify, pcsc_keypad_modify): Don't check PIN_PADLEN.
(send_apdu_ccid, ccid_keypad_operation): Remove PIN_PADLEN.
(apdu_check_keypad, apdu_keypad_verify, apdu_keypad_modify):
Likewise.

* scd/apdu.h (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Remove PIN_PADLEN.

* scd/ccid-driver.c (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/ccid-driver.h (ccid_transceive_secure): Remove PIN_PADLEN.

* scd/iso7816.c (iso7816_check_keypad, iso7816_verify_kp)
(iso7816_change_reference_data_kp): Remove PADLEN.

* scd/iso7816.h (struct iso7816_pininfo_s): Remove PADLEN, PADCHAR.
--
In the OpenPGPcard specification, password comes with no padding.  In
GnuPG, we support keypad input for OpenPGPcard only.  Thus, it is
useless to try to support padding for keypad input.

6 years agoSCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.
NIIBE Yutaka [Wed, 9 Jan 2013 04:24:57 +0000 (13:24 +0900)]
SCD: Add option enable-keypad-varlen and support for GEMPC_PINPAD.

* scd/scdaemon.h (opt): Add enable_keypad_varlen.
* scd/scdaemon.c (cmd_and_opt_values): Add oEnableKeypadVarlen.
(opts, main): Add oEnableKeypadVarlen.
* scd/ccid-driver.c (GEMPC_PINPAD): New.
(ccid_transceive_secure): Add enable_varlen handling.
Enable GEMPC_PINPAD.
--
Note that GEMPC_PINPAD doesn't support variable length keypad input.
The feature of fixed length keypad input will be added soon.

6 years agoConvert doc/DETAILS to org-mode
Werner Koch [Wed, 30 Jan 2013 17:54:23 +0000 (18:54 +0100)]
Convert doc/DETAILS to org-mode

--
Also restructure the file and fix some obviously wrong things.

6 years agoRemove unused status codes
Werner Koch [Wed, 30 Jan 2013 17:51:56 +0000 (18:51 +0100)]
Remove unused status codes

* common/status.h (STATUS_BEGIN_STREAM, STATUS_END_STREAM)
(STATUS_SIEXPIRED): Remove unused codes.

6 years agogpg: Add status line PINENTRY_LAUNCHED.
Werner Koch [Wed, 30 Jan 2013 11:00:29 +0000 (12:00 +0100)]
gpg: Add status line PINENTRY_LAUNCHED.

* common/status.h (STATUS_PINENTRY_LAUNCHED): New.
* g10/server.c (server_local_s): Add field allow_pinentry_notify.
(option_handler): Add option "allow-pinentry-notify".
(gpg_proxy_pinentry_notify): New.
* g10/call-agent.c (default_inq_cb): Factor code out to the new
function.

6 years agoagent: Fix a bug of handling return code from npth_join.
NIIBE Yutaka [Fri, 25 Jan 2013 05:17:29 +0000 (14:17 +0900)]
agent: Fix a bug of handling return code from npth_join.

* agent/call-pinentry.c (agent_popup_message_stop): Fix npth_join
return code.
--
pth_join returns TRUE (1) on success.  But npth_join (and pthread_join)
returns 0 on success, returns error number on error.

6 years agogpg: Fix honoring --cert-digest-algo when recreating a cert
Christian Aistleitner [Sun, 14 Oct 2012 18:30:20 +0000 (20:30 +0200)]
gpg: Fix honoring --cert-digest-algo when recreating a cert

* g10/sign.c (update_keysig_packet): Override original signature's
digest algo in hashed data and for hash computation.

6 years agoFix spurious cruft from configure summary output.
Werner Koch [Mon, 7 Jan 2013 08:58:35 +0000 (09:58 +0100)]
Fix spurious cruft from configure summary output.

* configure.ac (build_scdaemon_extra): Remove $tmp cruft.

6 years agoSCD: Hold lock for pinpad input.
NIIBE Yutaka [Fri, 11 Jan 2013 02:18:39 +0000 (11:18 +0900)]
SCD: Hold lock for pinpad input.

* scd/apdu.c (apdu_check_keypad, apdu_keypad_verify)
(apdu_keypad_modify): Hold lock to serialize communication.

6 years agokbx: Switch from MD5 to SHA-1 for the checksum.
Werner Koch [Tue, 8 Jan 2013 17:15:49 +0000 (18:15 +0100)]
kbx: Switch from MD5 to SHA-1 for the checksum.

* kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
(create_blob_finish): Write just the needed space.
(create_blob_finish): Switch to SHA-1.
* kbx/keybox-dump.c (print_checksum): New.
(_keybox_dump_blob): Print the checksum and the verification status.
--

The checksum was never used in the past.  Due to fast SHA-1
computations in modern CPUs we now use SHA-1.  Eventually we will
support a First blob flag to enable the use of a secret or public
HMAC-SHA1.  The first may be used for authentication of keyblocks and
the latter to mitigate collission attacks on SHA-1.  It is not clear
whether this will be useful at all.

6 years agokbx: Update blob specification
Werner Koch [Tue, 8 Jan 2013 16:40:56 +0000 (17:40 +0100)]
kbx: Update blob specification

--
Mainly formatting updates.  The only actual change is the checksum
which is now declared as SHA-1.

6 years agogpg: Cache keybox searches.
Werner Koch [Tue, 8 Jan 2013 13:44:49 +0000 (14:44 +0100)]
gpg: Cache keybox searches.

* common/iobuf.c (iobuf_seek): Fix for temp streams.
* g10/pubkey-enc.c (get_session_key, get_it): Add some log_clock calls.
* g10/keydb.c (dump_search_desc): New.
(enum_keyblock_states, struct keyblock_cache): New.
(keyblock_cache_clear): New.
(keydb_get_keyblock, keydb_search): Implement a keyblock cache.
(keydb_update_keyblock, keydb_insert_keyblock, keydb_delete_keyblock)
(keydb_rebuild_caches, keydb_search_reset): Clear the cache.
--

Gpg uses the key database at several places without a central
coordination.  This leads to several scans of the keybox for the same
key.  To improve that we now use a simple cache to store a retrieved
keyblock in certain cases.  In theory this caching could also be done
for old keyrings, but it is a bit more work and questionable whether
it is needed; the keybox scheme is anyway much faster than keyrings.

Using a keybox with 20000 384 bit ECDSA/ECHD keypairs and a 252 byte
sample text we get these values for encrypt and decrypt operations on
an Core i5 4*3.33Ghz system.  The option --trust-model=always is used.
Times are given in milliseconds wall time.

|           | enc | dec | dec,q |
|-----------+-----+-----+-------|
| key 1     |  48 |  96 |    70 |
| key 10000 |  60 |  98 |    80 |
| key 20000 |  69 | 106 |    88 |
| 10 keys   | 540 | 290 |    70 |

The 10 keys test uses a mix of keys, the first one is used for
decryption but all keys are looked up so that information about are
printed.  The last column gives decryption results w/o information
printing (--quiet).

The keybox is always scanned sequentially without using any index.  By
adding an index to the keybox it will be possible to further reduce
the time required for keys stored to the end of the file.