[git] GnuPG - branch, master, updated. post-nuke-of-trailing-ws-6-gd290f29
by Werner Koch
cvs at cvs.gnupg.org
Thu Feb 10 21:08:25 CET 2011
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via d290f2914abe0a279b7674c915e1b752353812b8 (commit)
via ba23e88faa00eeb9682f8dc6fe1586735a99179a (commit)
via 1cdcab68924a58623c3ea75eb47544973f24420c (commit)
from f02d972aec94e3ec8fdadd080d159d5a34c96722 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit d290f2914abe0a279b7674c915e1b752353812b8
Author: Werner Koch <wk at gnupg.org>
Date: Thu Feb 10 20:16:06 2011 +0100
Add ECC import regression tests and fixed a regression.
The import test imports the keys as needed and because they are
passphrase protected we now need a pinentry script to convey the
passphrase to gpg-agent.
diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog
index ac71bdd..c1ce3bf 100644
--- a/dirmngr/ChangeLog
+++ b/dirmngr/ChangeLog
@@ -1,6 +1,6 @@
2011-02-09 Werner Koch <wk at g10code.com>
- * ks-engine-kdns.c: New. Based on the former gpgkeys_kdns.
+ * ks-engine-kdns.c: New but only the framework.
* server.c (cmd_keyserver): Add option --help.
(dirmngr_status_help): New.
diff --git a/dirmngr/ks-engine-kdns.c b/dirmngr/ks-engine-kdns.c
new file mode 100644
index 0000000..748274d
--- /dev/null
+++ b/dirmngr/ks-engine-kdns.c
@@ -0,0 +1,79 @@
+/* ks-engine-kdns.c - KDNS OpenPGP key access
+ * Copyright (C) 2011 Free Software Foundation, Inc.
+ *
+ * This file is part of GnuPG.
+ *
+ * GnuPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <config.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "dirmngr.h"
+#include "misc.h"
+#include "userids.h"
+#include "ks-engine.h"
+
+/* Print a help output for the schemata supported by this module. */
+gpg_error_t
+ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri)
+{
+ const char const data[] =
+ "This keyserver engine accepts URLs of the form:\n"
+ " kdns://[NAMESERVER]/[ROOT][?at=STRING]\n"
+ "with\n"
+ " NAMESERVER used for queries (default: system standard)\n"
+ " ROOT a DNS name appended to the query (default: none)\n"
+ " STRING a string to replace the '@' (default: \".\")\n"
+ "If a long answer is expected add the parameter \"usevc=1\".\n"
+ "Supported methods: fetch\n"
+ "Example:\n"
+ "A query for \"hacker at gnupg.org\" with\n"
+ " kdns://10.0.0.1/example.net?at=_key_&usevc=1\n"
+ "setup as --auto-key-lookup in gpg does a CERT record query\n"
+ "with type PGP on the nameserver 10.0.0.1 for\n"
+ " hacker._key_.gnupg.org.example.net";
+ gpg_error_t err;
+
+ if (!uri)
+ err = ks_print_help (ctrl, " kdns");
+ else if (!strcmp (uri->scheme, "kdns"))
+ err = ks_print_help (ctrl, data);
+ else
+ err = 0;
+
+ return err;
+}
+
+
+/* Get the key from URI which is expected to specify a kdns scheme.
+ On success R_FP has an open stream to read the data. */
+gpg_error_t
+ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp)
+{
+ gpg_error_t err;
+
+ (void)ctrl;
+ *r_fp = NULL;
+
+ if (strcmp (uri->scheme, "kdns"))
+ return gpg_error (GPG_ERR_INV_ARG);
+
+ err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+ return err;
+}
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 351475f..0eebbef 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,8 @@
+2011-02-10 Werner Koch <wk at g10code.com>
+
+ * seskey.c (encode_md_value): Change last fix to avoid a
+ regression for DSA with SHA-2 hashes.
+
2011-02-09 Werner Koch <wk at g10code.com>
* keyserver.c: Replace all printf by es_printf.
diff --git a/g10/seskey.c b/g10/seskey.c
index f3796f0..b210ae0 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -297,18 +297,17 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL;
}
+
+ /* ECDSA 521 is special has it is larger than the largest hash
+ we have (SHA-512). Thus we chnage the size for further
+ processing to 512. */
+ if (pkalgo == GCRY_PK_ECDSA && qbits > 512)
+ qbits = 512;
+
/* Check if we're too short. Too long is safe as we'll
- automatically left-truncate.
-
- FIXME: Check against FIPS.
- This checks would require the use of SHA512 with ECDSA 512. I
- think this is overkill to fail in this case. Therefore,
- relax the check, but only for ECDSA keys. We may need to
- adjust it later for general case. (Note that the check will
- never pass for ECDSA 521 anyway as the only hash that
- intended to match it is SHA 512, but 512 < 521). */
+ automatically left-truncate. */
mdlen = gcry_md_get_algo_dlen (hash_algo);
- if (mdlen < ((pkalgo == GCRY_PK_ECDSA && qbits > 521) ? 512: qbits)/8)
+ if (mdlen < qbits/8)
{
log_error (_("%s key %s requires a %zu bit or larger hash "
"(hash is %s\n"),
@@ -318,13 +317,10 @@ encode_md_value (PKT_public_key *pk, gcry_md_hd_t md, int hash_algo)
return NULL;
}
- /* By passing MDLEN as length to mpi_scan, we do the truncation
- of the hash.
-
- Note that in case of ECDSA 521 the hash is always smaller
- than the key size. */
+ /* Note that we do the truncation by passing QBITS/8 as length to
+ mpi_scan. */
if (gcry_mpi_scan (&frame, GCRYMPI_FMT_USG,
- gcry_md_read (md, hash_algo), mdlen, NULL))
+ gcry_md_read (md, hash_algo), qbits/8, NULL))
BUG();
}
else
diff --git a/tests/openpgp/ChangeLog b/tests/openpgp/ChangeLog
index d7c444b..18fbad8 100644
--- a/tests/openpgp/ChangeLog
+++ b/tests/openpgp/ChangeLog
@@ -1,3 +1,12 @@
+2011-02-10 Werner Koch <wk at g10code.com>
+
+ * ecc.test: New.
+ * pinentry.sh: New.
+ * defs.inc: Do not create a log when running tests with envvar
+ verbose > 1. Add pinentry-program to gpg-agent.conf.
+ * Makefile.am (sample_keys): New.
+ (EXTRA_DIST): Add them.
+
2010-10-15 Werner Koch <wk at g10code.com>
* Makefile.am (clean-local): New.
@@ -154,7 +163,7 @@
* verify.test: More tests.
* multisig.test: Better error printing.
(sig_1ls1ls_valid, sig_ls_valid): Moved to the non-valid group.
-
+
2006-02-14 Werner Koch <wk at gnupg.org>
* verify.test: New.
@@ -236,7 +245,7 @@
2002-05-10 Werner Koch <wk at gnupg.org>
* Makefile.am: Add gpg_dearmor to all targets where it is used.
- Noted by Andreas Haumer.
+ Noted by Andreas Haumer.
2002-04-19 Werner Koch <wk at gnupg.org>
@@ -264,7 +273,7 @@
2001-09-28 Werner Koch <wk at gnupg.org>
- * defs.inc: Write a log file for each test.
+ * defs.inc: Write a log file for each test.
* run-gpg, run-gpgm, run-gpg.patterns: Removed. Replaced in all
tests by a simple macro from defs.inc.
* Makefile.am (CLEANFILES): Remove log files.
@@ -275,7 +284,7 @@
armencryptp.test, armencrypt.test, encryptp.test, seat.test,
encrypt-dsa.test, encrypt.test: Use --always-trust because the
test are not designed to check the validity.
-
+
2001-09-06 Werner Koch <wk at gnupg.org>
* genkey1024.test: Simplified by using a parameter file.
@@ -303,7 +312,7 @@
2001-03-20 Werner Koch <wk at gnupg.org>
- * Makefile.am: Import the pubdemo.asc file
+ * Makefile.am: Import the pubdemo.asc file
* sigs.test (hash_algo_list): s/tiger/tiger192/
@@ -402,5 +411,3 @@ Mon May 18 15:40:02 1998 Werner Koch (wk at isil.d.shuttle.de)
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-
diff --git a/tests/openpgp/Makefile.am b/tests/openpgp/Makefile.am
index 54132a9..8d6e590 100644
--- a/tests/openpgp/Makefile.am
+++ b/tests/openpgp/Makefile.am
@@ -8,12 +8,12 @@
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
-#
+#
# GnuPG is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
-#
+#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# Process this file with automake to create Makefile.in
@@ -38,7 +38,7 @@ TESTS = version.test mds.test \
armdetachm.test detachm.test genkey1024.test \
conventional.test conventional-mdc.test \
multisig.test verify.test armor.test \
- import.test finish.test
+ import.test ecc.test finish.test
TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
@@ -60,15 +60,21 @@ priv_keys = privkeys/50B2D4FA4122C212611048BC5FC31BD44393626E.asc \
privkeys/76F7E2B35832976B50A27A282D9B87E44577EB66.asc \
privkeys/A0747D5F9425E6664F4FFBEED20FBCA79FDED2BD.asc
+sample_keys = samplekeys/ecc-sample-1-pub.asc \
+ samplekeys/ecc-sample-2-pub.asc \
+ samplekeys/ecc-sample-3-pub.asc \
+ samplekeys/ecc-sample-1-sec.asc \
+ samplekeys/ecc-sample-2-sec.asc \
+ samplekeys/ecc-sample-3-sec.asc
-EXTRA_DIST = defs.inc $(TESTS) $(TEST_FILES) \
- mkdemodirs signdemokey $(priv_keys)
+EXTRA_DIST = defs.inc pinentry.sh $(TESTS) $(TEST_FILES) \
+ mkdemodirs signdemokey $(priv_keys) $(sample_keys)
CLEANFILES = prepared.stamp x y yy z out err $(data_files) \
plain-1 plain-2 plain-3 trustdb.gpg *.lock .\#lk* \
*.test.log gpg_dearmor gpg.conf gpg-agent.conf S.gpg-agent \
pubring.gpg secring.gpg pubring.pkr secring.skr \
- gnupg-test.stop pubring.gpg~ random_seed
+ gnupg-test.stop pubring.gpg~ random_seed gpg-agent.log
clean-local:
-rm -rf private-keys-v1.d
@@ -77,5 +83,3 @@ clean-local:
# We need to depend on a couple of programs so that the tests don't
# start before all programs are built.
all-local: $(required_pgms)
-
-
diff --git a/tests/openpgp/defs.inc b/tests/openpgp/defs.inc
index bc0d76e..b9af8fe 100755
--- a/tests/openpgp/defs.inc
+++ b/tests/openpgp/defs.inc
@@ -58,7 +58,7 @@ error () {
defs_error_seen=yes
echo "$pgmname:" $* >&5
if [ x$defs_stop_on_error != xyes ]; then
- exit 1
+ exit 1
fi
}
@@ -163,12 +163,12 @@ pgmname=`basename $0`
[ -z "$srcdir" ] && fatal "not called from make"
-#
+#
if [ -f gnupg-test.stop ]; then
if [ $pgmname = "version.test" ]; then
rm gnupg-test.stop
else
- # Skip the rest of the tests.
+ # Skip the rest of the tests.
exit 77
fi
fi
@@ -195,22 +195,33 @@ GPG_CONNECT_AGENT="../../tools/gpg-connect-agent"
GPGCONF="../../tools/gpgconf"
GPG_PRESET_PASSPHRASE="../../agent/gpg-preset-passphrase"
MKTDATA="../../tools/mk-tdata"
+PINENTRY="$(cd $srcdir && /bin/pwd)/pinentry.sh"
+# Default to empty passphrase for pinentry.sh
+PINENTRY_USER_DATA=
# Make sure we have a valid option files even with VPATH builds.
-for f in gpg.conf gpg-agent.conf ; do
+for f in gpg.conf gpg-agent.conf ; do
if [ -f ./$f ]; then
:
elif [ -f $srcdir/$f.tmpl ]; then
cat $srcdir/$f.tmpl >$f
- if [ "$f" = "gpg.conf" ]; then
- echo "agent-program $GPG_AGENT" >>gpg.conf
- fi
+ case "$f" in
+ gpg.conf)
+ echo "agent-program $GPG_AGENT" >>"$f"
+ ;;
+ gpg-agent.conf)
+ echo "pinentry-program $PINENTRY" >>"$f"
+ ;;
+ esac
fi
done
-echo "Test: $pgmname" > ${pgmname}.log
-echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
-exec 5>&2 2>>${pgmname}.log
-
+if [ "${verbose:-0}" -gt "1" ]; then
+ exec 5>/dev/null
+else
+ echo "Test: $pgmname" > ${pgmname}.log
+ echo "GNUPGHOME=$GNUPGHOME" >> ${pgmname}.log
+ exec 5>&2 2>>${pgmname}.log
+fi
:
# end
diff --git a/tests/openpgp/ecc.test b/tests/openpgp/ecc.test
new file mode 100755
index 0000000..ce49308
--- /dev/null
+++ b/tests/openpgp/ecc.test
@@ -0,0 +1,89 @@
+#!/bin/sh
+# Copyright 2011 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+. $srcdir/defs.inc || exit 3
+
+keygrips='8E06A180EFFE4C65B812150CAF19BF30C0689A4C
+ E4403F3FD7A443FAC29FEF288FA0D20AC212851E
+ 0B7554421FFB14A06CB9F63FB49A85A58E97ABAC
+ 303ACC892C2D786C8A789677C0BE54DA8538F903
+ 9FE5C36985351524B6AFA19FDCBC1A3A750B6F5F
+ 145A52CC7ED3FD41C5B0A26BE220FEED36AF24DE'
+mainkeyids='BAA59D9C
+ 0F54719F
+ 45AF2FFE'
+
+
+if have_pubkey_algo "ECDH"; then
+ :
+else
+ info "No ECC support due to an old Libgcrypt"
+ exit 77
+fi
+
+
+info "Preparing for ECC test."
+for i in $keygrips ; do
+ rm private-keys-v1.d/$i.key 2>/dev/null || true
+ $GPG_PRESET_PASSPHRASE --preset -P ecc $i
+done
+
+
+info "Importing ECC public keys."
+for k in $mainkeyids ; do
+ $GPG --delete-key --batch --yes $k 2>/dev/null || true
+done
+for i in 1 2 3; do
+ k="ecc-sample-$i-pub.asc"
+ if $GPG --import $srcdir/samplekeys/$k; then
+ :
+ else
+ error "$k: import failed"
+ fi
+done
+
+
+info "Importing ECC secret keys."
+# Note that the PGP generated secret keys are not self-signed, thus we
+# need to pass an appropriate option.
+for i in 1 2 3; do
+ k="ecc-sample-$i-sec.asc"
+ if [ "$i" -gt "1" ]; then
+ extraopts="--allow-non-selfsigned-uid"
+ else
+ extraopts=""
+ fi
+ if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
+ :
+ else
+ error "$k: import failed"
+ fi
+done
+
+
+info "Importing ECC secret keys directly."
+for i in $keygrips ; do
+ rm private-keys-v1.d/$i.key 2>/dev/null || true
+done
+for k in $mainkeyids ; do
+ $GPG --delete-key --batch --yes $k 2>/dev/null || true
+done
+for i in 1 2 3; do
+ k="ecc-sample-$i-sec.asc"
+ if [ "$i" -gt "1" ]; then
+ extraopts="--allow-non-selfsigned-uid"
+ else
+ extraopts=""
+ fi
+ if PINENTRY_USER_DATA=ecc $GPG $extraopts --import $srcdir/samplekeys/$k; then
+ :
+ else
+ error "$k: import failed"
+ fi
+done
diff --git a/tests/openpgp/pinentry.sh b/tests/openpgp/pinentry.sh
new file mode 100755
index 0000000..c8d0552
--- /dev/null
+++ b/tests/openpgp/pinentry.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright 2011 Free Software Foundation, Inc.
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved. This file is
+# distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY, to the extent permitted by law; without even the implied
+# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+exec 2>>/tmp/pinentry.err
+
+echo "OK - what's up?"
+while read cmd rest; do
+ echo "cmd=$cmd rest=$rest" >&2
+ case "$cmd" in
+ \#*)
+ ;;
+ GETPIN)
+ echo "D ${PINENTRY_USER_DATA}"
+ echo "OK"
+ ;;
+ BYE)
+ echo "OK"
+ exit 0
+ ;;
+ *)
+ echo "OK"
+ ;;
+ esac
+done
diff --git a/tests/openpgp/samplekeys/README b/tests/openpgp/samplekeys/README
index fd05aa3..4bfd61f 100644
--- a/tests/openpgp/samplekeys/README
+++ b/tests/openpgp/samplekeys/README
@@ -1,5 +1,112 @@
no-creation-time.gpg A key with a zero creation time.
-ecc-sample-1-pub.asc The first ECC sample key.
-ecc-sample-1-sec.asc The first ECC sample key (secret).
+ecc-sample-1-pub.asc A NIST P-256 ECC sample key.
+ecc-sample-1-sec.asc Ditto, but the secret keyblock.
+ecc-sample-2-pub.asc A NIST P-384 ECC sample key.
+ecc-sample-2-sec.asc Ditto, but the secret keyblock.
+ecc-sample-3-pub.asc A NIST P-521 ECC sample key.
+ecc-sample-3-sec.asc Ditto, but the secret keyblock.
+
+�
+Signed message
+
+The following is an opaque ECDSA signature on a message "This is one
+line\n" (17 byte long) by the master key:
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2.1.0-ecc (GNU/Linux)
+
+owGbwMvMwCHMvVT3w66lc+cwrlFK4k5N1k3KT6nUK6ko8Zl8MSEkI7NYAYjy81IV
+cjLzUrk64lgYhDkY2FiZQNIMXJwCMO31rxgZ+tW/zesUPxWzdKWrtLGW/LkP5rXL
+V/Yvnr/EKjBbQuvZSYa/klsum6XFmTze+maVgclT6Rc6hzqqxNy6o6qdTTmLJuvp
+AQA=
+=GDv4
+-----END PGP MESSAGE----
+
+Encrypted message
+
+The following block encrypts the text "This is one line\n", 17 bytes,
+with the subkey 0x4089AB73.
+
+-----BEGIN PGP MESSAGE-----
+Version: GnuPG v2.1.0-ecc (GNU/Linux)
+
+hH4Dd863o0CJq3MSAgMEHdIYZQx+rV1cjy7qitIOEICFFzp4cjsRX4r+rDdMcQUs
+h7VZmbP1c9C0s9sgCKwubWfkcYUl2ZOju4gy+s4MYTBb4/j8JjnJ9Bqn6LWutTXJ
+zwsdP13VIJLnhiNqISdR3/6xWQ0ICRYzwb95nUZ1c1DSVgFpjPgUvi4pgYbTpcDB
+jzILKWBfBDT/jck169XE8vgtbcqVQYZ7lZpaY9CzEbC+4dXZmV1gm5MafpTyFWgH
+VnyrZB4gad9Lp9e0RKHHcOOE7s/NeLuu
+=odUZ
+-----END PGP MESSAGE-----
+
+
+
+�
+Signed message
+
+The following is an opaque ECDSA signature on a message "This is one
+line\n" (17 byte long) by the master key:
+
+-----BEGIN PGP MESSAGE-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+qANQR1DIqwE7wsvMwCnM2WDcwR9SOJ/xtFISd25qcXFieqpeSUUJAxCEZGQWKwBR
+fl6qQk5mXirXoXJmVgbfYC5xmC5hzsDPjHXqbDLzpXpTBXSZV3L6bAgP3Kq7Ykmo
+7Ds1v4UfBS+3CSSon7Pzq79WLjzXXEH54MkjPxnrw+8cfMVnY7Bi18J702Nnsa7a
+9lMv/PM0/ao9CZ3KX7Q+Tv1rllTZ5Hj4V1frw431QnHfAA==
+=elKT
+-----END PGP MESSAGE-----
+
+Encrypted message
+
+The following block encrypts the text "This is one line\n", 17 bytes,
+with the subkey:
+
+-----BEGIN PGP MESSAGE-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+qANQR1DBngOqi5OPmiAZRhIDAwQqIr/00cJyf+QP+VA4QKVkk77KMHdz9OVaR2XK
+0VYu0F/HPm89vL2orfm2hrAZxY9G2R0PG4Wk5Lg04UjKca/O72uWtjdPYulFidmo
+uB0QpzXFz22ZZinxeVPLPEr19Pow0EwCc95cg4HAgrD0nV9vRcTJ/+juVfvsJhAO
+isMKqrFNMvwnK5A1ECeyVXe7oLZl0lUBRhLr59QTtvf85QJjg/m5kaGy8XCJvLv3
+61pZa6KUmw89PjtPak7ebcjnINL01vwmyeg1PAyW/xjeGGvcO+R4P1b4ewyFnJyR
+svzIJcP7d4DqYOw7
+=oiTJ
+-----END PGP MESSAGE-----
+
+
+
+Signed message
+
+The following is an opaque ECDSA signature on a message "This is one
+line\n" (17 byte long) by the master key:
+
+-----BEGIN PGP MESSAGE-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+qANQR1DIwA8BO8LLzMAlnO3Y8tB1vf4/xtNKSdy5qcXFiempeiUVJQxAEJKRWawA
+RPl5qQo5mXmpXIdmMLMy+AaLnoLpEubatpeJY2Lystd7Qt32q2UcvRS5kNPWtDB7
+ryufvcrWtFM7Jx8qXKDxZuqr7b9PGv1Ssk+I8TzB2O9dZC+n/jv+PAdbuu7mLe33
+Gf9pLd3weV3Qno6FOqxGa5ZszQx+uer2xH3/El9x/2pVeO4l15ScsL7qWMTmffmG
+Ic1RdzgeCfosMF+l/zVRchcLKzenEQA=
+=ATtX
+-----END PGP MESSAGE-----
+
+Encrypted message
+
+The following block encrypts the text "This is one line\n", 17 bytes,
+with the subkey:
+
+-----BEGIN PGP MESSAGE-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+qANQR1DBwAIDB+qqSKgcSDgSBCMEAKpzTUxB4c56C7g09ekD9I+ttC5ER/xzDmXU
+OJmFqU5w3FllhFj4TgGxxdH+8fv4W2Ag0IKoJvIY9V1V7oUCClfqAR01QbN7jGH/
+I9GFFnH19AYEgMKgFmh14ZwN1BS6/VHh+H4apaYqapbx8/09EL+DV9zWLX4GRLXQ
+VqCR1N2rXE29MJFzGmDOCueQNkUjcbuenoCSKcNT+6xhO27U9IYVCg4BhRUDGfD6
+dhfRzBLxL+bKR9JVAe46+K8NLjRVu/bd4Iounx4UF5dBk8ERy+/8k9XantDoQgo6
+RPqCad4Dg/QqkpbK3y574ds3VFNJmc4dVpsXm7lGV5w0FBxhVNPoWNhhECMlTroX
+Rg==
+=5GqW
+-----END PGP MESSAGE-----
diff --git a/tests/openpgp/samplekeys/ecc-sample-2-pub.asc b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc
new file mode 100644
index 0000000..f898012
--- /dev/null
+++ b/tests/openpgp/samplekeys/ecc-sample-2-pub.asc
@@ -0,0 +1,25 @@
+ECC NIST P-384 key taken from
+https://sites.google.com/site/brainhub/pgpecckeys
+
+The sample key has ECDSA top key 0x098033880F54719F and a single ECDH
+encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and
+AES-256 with KDF.
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+mQBvBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn
+OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj
+E+HhEI66Bjvh5ksQ5pUOeZwttCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJyYWlu
+aHViLm9yZz6JAMsEEBMJAFMFAk1TBZIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWls
+LWVuY29kaW5nQHBncC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAE
+FQkKCAAKCRAJgDOID1Rxn8orAYCqNzUJaL1fEVr9jOe8exA4IhUtv/BtCvzag1Mp
+UQkFuYy0abogj6q4fHQSt5nntjMBf1g2TqSA6KGj8lOgxfIsRG6L6an85iEBNu4w
+gRq71JE53ii1vfjcNtBq50hXnp/1A7kAcwRNUwWSEgUrgQQAIgMDBC+qhAJKILZz
+XEiX76W/tBv4W37v6rXKDLn/yOoEpGrLJVNKV3aU+eJTQKSrUiOp3R7aUwyKouZx
+jbENfmclWMdzb+CTaepXOaKjVUvxbUH6pQVi8RxtObvV3/trmp7JGAMBCQmJAIQE
+GBMJAAwFAk1TBZIFGwwAAAAACgkQCYAziA9UcZ+AlwGA7uem2PzuQe5PkonfF/m8
++dlV3KJcWDuUM286Ky1Jhtxc9Be40tyG90Gp4abSNsDjAX0cdldUWKDPuTroorJ0
+/MZc7s16ke7INla6EyGZafBpRbSMVr0EFSw6BVPF8vS9Emc=
+=I76R
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/ecc-sample-2-sec.asc b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc
new file mode 100644
index 0000000..b163f63
--- /dev/null
+++ b/tests/openpgp/samplekeys/ecc-sample-2-sec.asc
@@ -0,0 +1,22 @@
+ECC NIST P-384 key taken from
+https://sites.google.com/site/brainhub/pgpecckeys
+
+The sample key has ECDSA top key 0x098033880F54719F and a single ECDH
+encryption subkey 0xAA8B938F9A201946. ECDH subkey uses SHA-384 and
+AES-256 with KDF. The password for the key is "ecc".
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+lQDSBE1TBZITBSuBBAAiAwME9rjFrO1bhO+fSiCdsuSp37cNKMuMEOzVdnSp+lpn
+OJlCti1eUTZ99Me/0/jlAP7s8H7SZaYhqOu75T6UfseMZ366FDvRUzwrNQ4cKfgj
+E+HhEI66Bjvh5ksQ5pUOeZwt/gcDAkrFTsfF6LKsqD/tW6Eot2DDE8znJjnQQ/Nr
+H98XT1WQ9V0ED8l9DDIIj7z80ED3NR8XMSI8Ew/A/0w6NDPL978BX0MGvpaeBaWV
+tEuH1EPAxiA+hFALwftY+a8s1zLktCRlY19kc2FfZGhfMzg0IDxvcGVucGdwQGJy
+YWluaHViLm9yZz6dANYETVMFkhIFK4EEACIDAwQvqoQCSiC2c1xIl++lv7Qb+Ft+
+7+q1ygy5/8jqBKRqyyVTSld2lPniU0Ckq1Ijqd0e2lMMiqLmcY2xDX5nJVjHc2/g
+k2nqVzmio1VL8W1B+qUFYvEcbTm71d/7a5qeyRgDAQkJ/gkDAqqmkngPLoJGqI4O
+rHyyU3wrrPzDDDURkseoUEZlDZINjyto26A8N825mqLqeFytJuuABYH1UnLs4d2x
+ZJZIYjEoFMPcFPuUtx+IZnECa1Vcyq2aRFCixVO0G/xrSFar
+=a4k3
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/ecc-sample-3-pub.asc b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc
new file mode 100644
index 0000000..14b49d3
--- /dev/null
+++ b/tests/openpgp/samplekeys/ecc-sample-3-pub.asc
@@ -0,0 +1,28 @@
+ECC NIST P-521 key taken from
+https://sites.google.com/site/brainhub/pgpecckeys
+
+The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH
+encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and
+AES-256 with KDF.
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+mQCTBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy
+NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv
+IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb
+w7C6jY+3tCRlY19kc2FfZGhfNTIxIDxvcGVucGdwQGJyYWluaHViLm9yZz6JAO0E
+EBMKAFMFAk1TFQIwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBn
+cC5jb21wZ3BtaW1lBAsJCAcCGQEFGwMAAAACFgIFHgEAAAAEFQoJCAAKCRBrQYTh
+Ra8v/sm3Agjl0YO73iEpu1z1wGtlUnACi21ti2PJNGlyi84yvDQED0+mxhhTRQYz
+3ESaS1s/+4psP4aH0jeVQhce15a9RqfX+AIHam7i8K/tiKFweEjpyMCB594zLzY6
+lWbUf1/1a+tNv3B6yuIwFB1LY1B4HNrze5DUnngEOkmQf2esw/4nQGB87Rm5AJcE
+TVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18cq2GaphSGXqZtyvtHQt7PKmVNrSw
+UuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiNsdJkcIgAlAayAGB556GKHEmP1JC7
+lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwFFt3V4mga/OyTGXOpnauHZ22pVLCz
+6kADAQoJiQCoBBgTCgAMBQJNUxUCBRsMAAAAAAoJEGtBhOFFry/++p0CCQFJgUCn
+kiTKCNfP8Q/MO2BCp1QyESk53GJlCgIBAoa7U6X2fQxe2+OU+PNCjicJmZiSrV6x
+6nYfGJ5Jx753sqJWtwIJAc9ZxCQhj4V52FmbPYexZPPneIdeCDjtowD6KUZxiS0K
+eD8EzdmeJQWBQsnPtJC/JJL4zz6JyYMXf4jIb5JyGNQC
+=5yaB
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/openpgp/samplekeys/ecc-sample-3-sec.asc b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc
new file mode 100644
index 0000000..6552e7a
--- /dev/null
+++ b/tests/openpgp/samplekeys/ecc-sample-3-sec.asc
@@ -0,0 +1,24 @@
+ECC NIST P-521 key taken from
+https://sites.google.com/site/brainhub/pgpecckeys
+
+The sample key has ECDSA top key 0x6B4184E145AF2FFE and a single ECDH
+encryption subkey 0x07EAAA48A81C4838. ECDH subkey uses SHA-512 and
+AES-256 with KDF. The password for the key is "ecc".
+
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: PGP Command Line v10.0.0 (Linux)
+
+lQEIBE1TFQITBSuBBAAjBCMEAWuwULfE2XoQmJhSQZ8rT5Ecr/kooudn4043gXHy
+NZEdTeFfY2G7kwEaxj8TXfd1U1b4PkEoqhzKxhz/MHK/lwi2ARzW1XQiJ1/kFPsv
+IUnQI1CUS099WKKQhD8JMPPyje1dKfjFjm2gzyF3TOMX1Cyy8wFyF0MiHVgB3ezb
+w7C6jY+3/gcDAv+CotECRPpSqGkqKrz+xAhAqswHXzFIBprFF0XiDooWktZSTAUR
+JVB2U6m28wC4rE3RkqFeR1B+kg4nxEAJ9k6BI8oDE0iyOY5aklF2TxPpTs/BA+N2
+O4hnXb1l5qXfuyd3bSwDeyfq3CdFe4TeKp7vtCRlY19kc2FfZGhfNTIxIDxvcGVu
+cGdwQGJyYWluaHViLm9yZz6dAQwETVMVAhIFK4EEACMEIwQBsRFES0RLIOcCyO18
+cq2GaphSGXqZtyvtHQt7PKmVNrSwUuxNClntOe8/DLdq5mYDwNsbT8vi08PyQgiN
+sdJkcIgAlAayAGB556GKHEmP1JC7lCUxRi/2ecJS0bf6iTTqTqZWEFhYs2aXESwF
+Ft3V4mga/OyTGXOpnauHZ22pVLCz6kADAQoJ/gkDAki71k/zBW2qqGyScDNNuWaA
+9A5aWhpNNyRrFembt7f/W+b591G3twdNmdCIh29VoOmQw3fO8wwgsPTUxQFgd8J3
+ncft0zciEcDZi/ztLZA3+rIIP2myZLIs9xLG+k+gf3nXpeED4uYqQX3GL+32PKwg
+=Qnd8
+-----END PGP PRIVATE KEY BLOCK-----
diff --git a/tests/openpgp/version.test b/tests/openpgp/version.test
index ed0f6c4..cae8b68 100755
--- a/tests/openpgp/version.test
+++ b/tests/openpgp/version.test
@@ -28,7 +28,7 @@ else
fi
if [ -d private-keys-v1.d ]; then
rm private-keys-v1.d/* 2>/dev/null || true
- rmdir private-keys-v1.d
+ rmdir private-keys-v1.d
fi
for i in pubring.gpg pubring.gpg~ trustdb.gpg trustdb.gpg~ ; do
[ -d "$i" ] && rm "$i"
@@ -102,5 +102,3 @@ info "Printing the GPG version"
$GPG --version
#fixme: check that the output is as expected
-
-
commit ba23e88faa00eeb9682f8dc6fe1586735a99179a
Author: Werner Koch <wk at gnupg.org>
Date: Wed Feb 9 19:46:00 2011 +0100
Replace printf by es_printf in keyserver.c
This is similar to the change in keylist.c and elsewhere.
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 8594110..351475f 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,7 @@
+2011-02-09 Werner Koch <wk at g10code.com>
+
+ * keyserver.c: Replace all printf by es_printf.
+
2011-02-08 Werner Koch <wk at g10code.com>
* call-dirmngr.c (gpg_dirmngr_ks_fetch): New.
diff --git a/g10/keyserver.c b/g10/keyserver.c
index be0049a..31c7133 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -18,9 +18,6 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-/* !!! FIXME: Replace all printf by es_printf. FIXME !!! */
-
-
#include <config.h>
#include <ctype.h>
#include <stdio.h>
@@ -501,19 +498,19 @@ print_keyrec(int number,struct keyrec *keyrec)
iobuf_writebyte(keyrec->uidbuf,0);
iobuf_flush_temp(keyrec->uidbuf);
- printf("(%d)\t%s ",number,iobuf_get_temp_buffer(keyrec->uidbuf));
+ es_printf ("(%d)\t%s ", number, iobuf_get_temp_buffer (keyrec->uidbuf));
- if(keyrec->size>0)
- printf("%d bit ",keyrec->size);
+ if (keyrec->size>0)
+ es_printf ("%d bit ", keyrec->size);
if(keyrec->type)
{
const char *str = gcry_pk_algo_name (keyrec->type);
if(str)
- printf("%s ",str);
+ es_printf ("%s ",str);
else
- printf("unknown ");
+ es_printf ("unknown ");
}
switch(keyrec->desc.mode)
@@ -522,28 +519,28 @@ print_keyrec(int number,struct keyrec *keyrec)
choice but to use it. Do check --keyid-format to add a 0x if
needed. */
case KEYDB_SEARCH_MODE_SHORT_KID:
- printf("key %s%08lX",
- (opt.keyid_format==KF_0xSHORT
- || opt.keyid_format==KF_0xLONG)?"0x":"",
- (ulong)keyrec->desc.u.kid[1]);
+ es_printf ("key %s%08lX",
+ (opt.keyid_format==KF_0xSHORT
+ || opt.keyid_format==KF_0xLONG)?"0x":"",
+ (ulong)keyrec->desc.u.kid[1]);
break;
/* However, if it gave us a long keyid, we can honor
--keyid-format */
case KEYDB_SEARCH_MODE_LONG_KID:
- printf("key %s",keystr(keyrec->desc.u.kid));
+ es_printf ("key %s",keystr(keyrec->desc.u.kid));
break;
case KEYDB_SEARCH_MODE_FPR16:
- printf("key ");
+ es_printf ("key ");
for(i=0;i<16;i++)
- printf("%02X",keyrec->desc.u.fpr[i]);
+ es_printf ("%02X",keyrec->desc.u.fpr[i]);
break;
case KEYDB_SEARCH_MODE_FPR20:
- printf("key ");
+ es_printf ("key ");
for(i=0;i<20;i++)
- printf("%02X",keyrec->desc.u.fpr[i]);
+ es_printf ("%02X", keyrec->desc.u.fpr[i]);
break;
default:
@@ -553,24 +550,24 @@ print_keyrec(int number,struct keyrec *keyrec)
if(keyrec->createtime>0)
{
- printf(", ");
- printf(_("created: %s"),strtimestamp(keyrec->createtime));
+ es_printf (", ");
+ es_printf (_("created: %s"), strtimestamp(keyrec->createtime));
}
if(keyrec->expiretime>0)
{
- printf(", ");
- printf(_("expires: %s"),strtimestamp(keyrec->expiretime));
+ es_printf (", ");
+ es_printf (_("expires: %s"), strtimestamp(keyrec->expiretime));
}
- if(keyrec->flags&1)
- printf(" (%s)",_("revoked"));
+ if (keyrec->flags&1)
+ es_printf (" (%s)", _("revoked"));
if(keyrec->flags&2)
- printf(" (%s)",_("disabled"));
+ es_printf (" (%s)", _("disabled"));
if(keyrec->flags&4)
- printf(" (%s)",_("expired"));
+ es_printf (" (%s)", _("expired"));
- printf("\n");
+ es_printf ("\n");
}
/* Returns a keyrec (which must be freed) once a key is complete, and
@@ -756,7 +753,7 @@ show_prompt (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int numdesc,
gpg_error_t err;
char *answer = NULL;
- fflush (stdout);
+ es_fflush (es_stdout);
if (count && opt.command_fd == -1)
{
commit 1cdcab68924a58623c3ea75eb47544973f24420c
Author: Werner Koch <wk at gnupg.org>
Date: Wed Feb 9 17:48:00 2011 +0100
Add framework to print keyserver engine information
diff --git a/dirmngr/ChangeLog b/dirmngr/ChangeLog
index 757eb78..ac71bdd 100644
--- a/dirmngr/ChangeLog
+++ b/dirmngr/ChangeLog
@@ -1,5 +1,15 @@
2011-02-09 Werner Koch <wk at g10code.com>
+ * ks-engine-kdns.c: New. Based on the former gpgkeys_kdns.
+
+ * server.c (cmd_keyserver): Add option --help.
+ (dirmngr_status_help): New.
+ * ks-action.c (ks_print_help): New.
+ (ks_action_help): New.
+ * ks-engine-finger.c (ks_finger_help): New.
+ * ks-engine-http.c (ks_http_help): New.
+ * ks-engine-hkp.c (ks_hkp_help): New.
+
* ks-action.c (ks_action_fetch): Support http URLs.
* ks-engine-http.c: New.
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 6b27c7a..6bdb598 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -51,7 +51,7 @@ dirmngr_SOURCES = dirmngr.c dirmngr.h server.c crlcache.c crlfetch.c \
cdb.h cdblib.c ldap.c misc.c dirmngr-err.h w32-ldap-help.h \
ocsp.c ocsp.h validate.c validate.h ldap-wrapper.h $(ldap_url) \
ks-action.c ks-action.h ks-engine.h \
- ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c
+ ks-engine-hkp.c ks-engine-http.c ks-engine-finger.c ks-engine-kdns.c
if USE_LDAPWRAPPER
dirmngr_SOURCES += ldap-wrapper.c
diff --git a/dirmngr/dirmngr.h b/dirmngr/dirmngr.h
index de243ee..4f5cbd1 100644
--- a/dirmngr/dirmngr.h
+++ b/dirmngr/dirmngr.h
@@ -192,6 +192,7 @@ ksba_cert_t get_cert_local_ski (ctrl_t ctrl,
gpg_error_t get_istrusted_from_client (ctrl_t ctrl, const char *hexfpr);
void start_command_handler (gnupg_fd_t fd);
gpg_error_t dirmngr_status (ctrl_t ctrl, const char *keyword, ...);
+gpg_error_t dirmngr_status_help (ctrl_t ctrl, const char *text);
gpg_error_t dirmngr_tick (ctrl_t ctrl);
diff --git a/dirmngr/ks-action.c b/dirmngr/ks-action.c
index ec691fe..1f876d0 100644
--- a/dirmngr/ks-action.c
+++ b/dirmngr/ks-action.c
@@ -49,6 +49,50 @@ copy_stream (estream_t in, estream_t out)
}
+/* Called by the engine's help functions to print the actual help. */
+gpg_error_t
+ks_print_help (ctrl_t ctrl, const char *text)
+{
+ return dirmngr_status_help (ctrl, text);
+}
+
+
+/* Run the help command for the engine responsible for URI. */
+gpg_error_t
+ks_action_help (ctrl_t ctrl, const char *url)
+{
+ gpg_error_t err;
+ parsed_uri_t parsed_uri; /* The broken down URI. */
+
+ if (!url || !*url)
+ {
+ ks_print_help (ctrl, "Known schemata:\n");
+ parsed_uri = NULL;
+ }
+ else
+ {
+ err = http_parse_uri (&parsed_uri, url, 1);
+ if (err)
+ return err;
+ }
+
+ /* Call all engines to geive them a chance to print a help sting. */
+ err = ks_hkp_help (ctrl, parsed_uri);
+ if (!err)
+ err = ks_http_help (ctrl, parsed_uri);
+ if (!err)
+ err = ks_finger_help (ctrl, parsed_uri);
+ if (!err)
+ err = ks_kdns_help (ctrl, parsed_uri);
+
+ if (!parsed_uri)
+ ks_print_help (ctrl,
+ "(Use the schema followed by a colon for specific help.)");
+ else
+ http_release_parsed_uri (parsed_uri);
+ return err;
+}
+
/* Search all configured keyservers for keys matching PATTERNS and
write the result to the provided output stream. */
@@ -187,6 +231,15 @@ ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp)
es_fclose (infp);
}
}
+ else if (!strcmp (parsed_uri->scheme, "kdns"))
+ {
+ err = ks_kdns_fetch (ctrl, parsed_uri, &infp);
+ if (!err)
+ {
+ err = copy_stream (infp, outfp);
+ es_fclose (infp);
+ }
+ }
else
err = gpg_error (GPG_ERR_INV_URI);
diff --git a/dirmngr/ks-action.h b/dirmngr/ks-action.h
index bba53bc..3dca90f 100644
--- a/dirmngr/ks-action.h
+++ b/dirmngr/ks-action.h
@@ -20,6 +20,7 @@
#ifndef DIRMNGR_KS_ACTION_H
#define DIRMNGR_KS_ACTION_H 1
+gpg_error_t ks_action_help (ctrl_t ctrl, const char *url);
gpg_error_t ks_action_search (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
gpg_error_t ks_action_get (ctrl_t ctrl, strlist_t patterns, estream_t outfp);
gpg_error_t ks_action_fetch (ctrl_t ctrl, const char *url, estream_t outfp);
diff --git a/dirmngr/ks-engine-finger.c b/dirmngr/ks-engine-finger.c
index c9e897f..57dd340 100644
--- a/dirmngr/ks-engine-finger.c
+++ b/dirmngr/ks-engine-finger.c
@@ -29,6 +29,28 @@
#include "userids.h"
#include "ks-engine.h"
+/* Print a help output for the schemata supported by this module. */
+gpg_error_t
+ks_finger_help (ctrl_t ctrl, parsed_uri_t uri)
+{
+ char const data[] =
+ "Handler for FINGER:\n"
+ " finger:<user>@<host>\n"
+ "Supported methods: fetch\n"
+ "Example:\n"
+ " finger:joe at example.org\n";
+ gpg_error_t err;
+
+ if (!uri)
+ err = ks_print_help (ctrl, " finger");
+ else if (!strcmp (uri->scheme, "finger"))
+ err = ks_print_help (ctrl, data);
+ else
+ err = 0;
+
+ return err;
+}
+
/* Get the key from URI which is expected to specify a finger scheme.
On success R_FP has an open stream to read the data. */
diff --git a/dirmngr/ks-engine-hkp.c b/dirmngr/ks-engine-hkp.c
index 3467a6d..5ad61fd 100644
--- a/dirmngr/ks-engine-hkp.c
+++ b/dirmngr/ks-engine-hkp.c
@@ -36,6 +36,26 @@
/* How many redirections do we allow. */
#define MAX_REDIRECTS 2
+/* Print a help output for the schemata supported by this module. */
+gpg_error_t
+ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri)
+{
+ const char const data[] =
+ "Handler for HKP URLs:\n"
+ " hkp://\n"
+ "Supported methods: search, get, put\n";
+ gpg_error_t err;
+
+ if (!uri)
+ err = ks_print_help (ctrl, " hkp");
+ else if (uri->is_http)
+ err = ks_print_help (ctrl, data);
+ else
+ err = 0;
+
+ return err;
+}
+
/* Send an HTTP request. On success returns an estream object at
R_FP. HOSTPORTSTR is only used for diagnostics. If POST_CB is not
diff --git a/dirmngr/ks-engine-http.c b/dirmngr/ks-engine-http.c
index 304e793..2ce1b19 100644
--- a/dirmngr/ks-engine-http.c
+++ b/dirmngr/ks-engine-http.c
@@ -31,6 +31,26 @@
/* How many redirections do we allow. */
#define MAX_REDIRECTS 2
+/* Print a help output for the schemata supported by this module. */
+gpg_error_t
+ks_http_help (ctrl_t ctrl, parsed_uri_t uri)
+{
+ const char const data[] =
+ "Handler for HTTP URLs:\n"
+ " http://\n"
+ "Supported methods: fetch\n";
+ gpg_error_t err;
+
+ if (!uri)
+ err = ks_print_help (ctrl, " http");
+ else if (uri->is_http)
+ err = ks_print_help (ctrl, data);
+ else
+ err = 0;
+
+ return err;
+}
+
/* Get the key from URL which is expected to specify a http style
scheme. On success R_FP has an open stream to read the data. */
diff --git a/dirmngr/ks-engine.h b/dirmngr/ks-engine.h
index 9d2afdf..8b55144 100644
--- a/dirmngr/ks-engine.h
+++ b/dirmngr/ks-engine.h
@@ -23,7 +23,11 @@
#include "../common/estream.h"
#include "../common/http.h"
+/*-- ks-action.c --*/
+gpg_error_t ks_print_help (ctrl_t ctrl, const char *text);
+
/*-- ks-engine-hkp.c --*/
+gpg_error_t ks_hkp_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_hkp_search (ctrl_t ctrl, parsed_uri_t uri, const char *pattern,
estream_t *r_fp);
gpg_error_t ks_hkp_get (ctrl_t ctrl, parsed_uri_t uri,
@@ -32,12 +36,18 @@ gpg_error_t ks_hkp_put (ctrl_t ctrl, parsed_uri_t uri,
const void *data, size_t datalen);
/*-- ks-engine-http.c --*/
+gpg_error_t ks_http_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_http_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp);
/*-- ks-engine-finger.c --*/
+gpg_error_t ks_finger_help (ctrl_t ctrl, parsed_uri_t uri);
gpg_error_t ks_finger_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
+/*-- ks-engine-kdns.c --*/
+gpg_error_t ks_kdns_help (ctrl_t ctrl, parsed_uri_t uri);
+gpg_error_t ks_kdns_fetch (ctrl_t ctrl, parsed_uri_t uri, estream_t *r_fp);
+
#endif /*DIRMNGR_KS_ENGINE_H*/
diff --git a/dirmngr/server.c b/dirmngr/server.c
index 403a136..1a244c8 100644
--- a/dirmngr/server.c
+++ b/dirmngr/server.c
@@ -1359,7 +1359,7 @@ cmd_validate (assuan_context_t ctx, char *line)
�
static const char hlp_keyserver[] =
- "KEYSERVER [--clear] [<uri>]\n"
+ "KEYSERVER [--clear|--help] [<uri>]\n"
"\n"
"If called without arguments list all configured keyserver URLs.\n"
"If called with option \"--clear\" remove all configured keyservers\n"
@@ -1374,14 +1374,21 @@ cmd_keyserver (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err;
- int clear_flag, add_flag;
+ int clear_flag, add_flag, help_flag;
uri_item_t item = NULL; /* gcc 4.4.5 is not able to detect that it
is always initialized. */
clear_flag = has_option (line, "--clear");
+ help_flag = has_option (line, "--help");
line = skip_options (line);
add_flag = !!*line;
+ if (help_flag)
+ {
+ err = ks_action_help (ctrl, line);
+ goto leave;
+ }
+
if (add_flag)
{
item = xtrymalloc (sizeof *item + strlen (line));
@@ -1409,7 +1416,7 @@ cmd_keyserver (assuan_context_t ctx, char *line)
ctrl->keyservers = item;
}
- if (!add_flag && !clear_flag) /* List configured keyservers. */
+ if (!add_flag && !clear_flag && !help_flag) /* List configured keyservers. */
{
uri_item_t u;
@@ -1947,7 +1954,7 @@ start_command_handler (assuan_fd_t fd)
/* Send a status line back to the client. KEYWORD is the status
- keyword, the optioal string argumenst are blank separated added to
+ keyword, the optional string arguments are blank separated added to
the line, the last argument must be a NULL. */
gpg_error_t
dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
@@ -1985,6 +1992,36 @@ dirmngr_status (ctrl_t ctrl, const char *keyword, ...)
}
+/* Print a help status line. TEXTLEN gives the length of the text
+ from TEXT to be printed. The function splits text at LFs. */
+gpg_error_t
+dirmngr_status_help (ctrl_t ctrl, const char *text)
+{
+ gpg_error_t err = 0;
+
+ if (ctrl->server_local)
+ {
+ assuan_context_t ctx = ctrl->server_local->assuan_ctx;
+ char buf[950], *p;
+ size_t n;
+
+ do
+ {
+ p = buf;
+ n = 0;
+ for ( ; *text && *text != '\n' && n < DIM (buf)-2; n++)
+ *p++ = *text++;
+ if (*text == '\n')
+ text++;
+ *p = 0;
+ err = assuan_write_status (ctx, "#", buf);
+ }
+ while (!err && *text);
+ }
+
+ return err;
+}
+
/* Send a tick progress indicator back. Fixme: This is only does for
the currently active channel. */
gpg_error_t
-----------------------------------------------------------------------
Summary of changes:
dirmngr/ChangeLog | 10 ++
dirmngr/Makefile.am | 2 +-
dirmngr/dirmngr.h | 1 +
dirmngr/ks-action.c | 53 ++++++++++++
dirmngr/ks-action.h | 1 +
dirmngr/ks-engine-finger.c | 22 +++++
dirmngr/ks-engine-hkp.c | 20 +++++
dirmngr/ks-engine-http.c | 20 +++++
dirmngr/ks-engine-kdns.c | 79 ++++++++++++++++++
dirmngr/ks-engine.h | 10 ++
dirmngr/server.c | 45 +++++++++-
g10/ChangeLog | 9 ++
g10/keyserver.c | 51 ++++++------
g10/seskey.c | 28 +++----
tests/openpgp/ChangeLog | 21 +++--
tests/openpgp/Makefile.am | 20 +++--
tests/openpgp/defs.inc | 33 +++++---
tests/openpgp/ecc.test | 89 ++++++++++++++++++++
tests/openpgp/{armsigs.test => pinentry.sh} | 29 +++++--
tests/openpgp/samplekeys/README | 111 ++++++++++++++++++++++++-
tests/openpgp/samplekeys/ecc-sample-2-pub.asc | 25 ++++++
tests/openpgp/samplekeys/ecc-sample-2-sec.asc | 22 +++++
tests/openpgp/samplekeys/ecc-sample-3-pub.asc | 28 ++++++
tests/openpgp/samplekeys/ecc-sample-3-sec.asc | 24 ++++++
tests/openpgp/version.test | 4 +-
25 files changed, 669 insertions(+), 88 deletions(-)
create mode 100644 dirmngr/ks-engine-kdns.c
create mode 100755 tests/openpgp/ecc.test
copy tests/openpgp/{armsigs.test => pinentry.sh} (54%)
create mode 100644 tests/openpgp/samplekeys/ecc-sample-2-pub.asc
create mode 100644 tests/openpgp/samplekeys/ecc-sample-2-sec.asc
create mode 100644 tests/openpgp/samplekeys/ecc-sample-3-pub.asc
create mode 100644 tests/openpgp/samplekeys/ecc-sample-3-sec.asc
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list