[git] GnuPG - branch, master, updated. gnupg-2.1.1-51-gb1d5ed6
by Werner Koch
cvs at cvs.gnupg.org
Wed Jan 28 09:13:22 CET 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via b1d5ed6ac842469afcb84868d0f6641dc286a6c7 (commit)
via 795965437732e50f6216d7f5db0e6174e90548a9 (commit)
from f6d3c6e5263d84b94ebe13df9ff39b02109a2acb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b1d5ed6ac842469afcb84868d0f6641dc286a6c7
Author: Werner Koch <wk at gnupg.org>
Date: Wed Jan 28 09:11:02 2015 +0100
gpg: Allow predefined names as answer to the keygen.algo prompt.
* g10/keygen.c (ask_algo): Add list of strings.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/DETAILS b/doc/DETAILS
index ba2725f..59ccaec 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -1236,3 +1236,33 @@ Status codes are:
This can be implemented using Hurd's translator mechanism.
However, I think the whole key server stuff has to be re-thought;
I have some ideas and probably create a white paper.
+** Algorithm names for the "keygen.algo" prompt
+
+ When using a --command-fd controlled key generation or "addkey"
+ there is way to know the number to enter on the "keygen.algo"
+ prompt. The displayed numbers are for human reception and may
+ change with releases. To provide a stable way to enter a desired
+ algorithm choice the prompt also accepts predefined names for the
+ algorithms, which will not change.
+
+ | Name | No | Description |
+ |---------+----+---------------------------------|
+ | rsa+rsa | 1 | RSA and RSA (default) |
+ | dsa+elg | 2 | DSA and Elgamal |
+ | dsa | 3 | DSA (sign only) |
+ | rsa/s | 4 | RSA (sign only) |
+ | elg | 5 | Elgamal (encrypt only) |
+ | rsa/e | 6 | RSA (encrypt only) |
+ | dsa/* | 7 | DSA (set your own capabilities) |
+ | rsa/* | 8 | RSA (set your own capabilities) |
+ | ecc+ecc | 9 | ECC and ECC |
+ | ecc/s | 10 | ECC (sign only) |
+ | ecc/* | 11 | ECC (set your own capabilities) |
+ | ecc/e | 12 | ECC (encrypt only) |
+ | keygrip | 13 | Existing key |
+
+ If one of the "foo/*" names are used a "keygen.flags" prompt needs
+ to be answered as well. Instead of toggling the predefined flags,
+ it is also possible to set them direct: Use a "=" character
+ directly followed by a comination of "a" (for authentication), "s"
+ (for signing), or "c" (for certification).
diff --git a/g10/keygen.c b/g10/keygen.c
index 50fb67d..0789571 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1820,7 +1820,7 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
char **r_keygrip)
{
char *keygrip = NULL;
- char *answer;
+ char *answer = NULL;
int algo;
int dummy_algo;
@@ -1875,84 +1875,86 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
{
*r_usage = 0;
*r_subkey_algo = 0;
+ xfree (answer);
answer = cpr_get ("keygen.algo", _("Your selection? "));
cpr_kill_prompt ();
algo = *answer? atoi (answer) : 1;
- xfree(answer);
- answer = NULL;
- if (algo == 1 && !addmode)
+ if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode)
{
algo = PUBKEY_ALGO_RSA;
*r_subkey_algo = PUBKEY_ALGO_RSA;
break;
}
- else if (algo == 2 && !addmode)
+ else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode)
{
algo = PUBKEY_ALGO_DSA;
*r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
break;
}
- else if (algo == 3)
+ else if (algo == 3 || !strcmp (answer, "dsa"))
{
algo = PUBKEY_ALGO_DSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
- else if (algo == 4)
+ else if (algo == 4 || !strcmp (answer, "rsa/s"))
{
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
- else if (algo == 5 && addmode)
+ else if ((algo == 5 || !strcmp (answer, "elg")) && addmode)
{
algo = PUBKEY_ALGO_ELGAMAL_E;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
- else if (algo == 6 && addmode)
+ else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode)
{
algo = PUBKEY_ALGO_RSA;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
- else if (algo == 7 && opt.expert)
+ else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert)
{
algo = PUBKEY_ALGO_DSA;
*r_usage = ask_key_flags (algo, addmode);
break;
}
- else if (algo == 8 && opt.expert)
+ else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert)
{
algo = PUBKEY_ALGO_RSA;
*r_usage = ask_key_flags (algo, addmode);
break;
}
- else if (algo == 9 && opt.expert && !addmode)
+ else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
+ && opt.expert && !addmode)
{
algo = PUBKEY_ALGO_ECDSA;
*r_subkey_algo = PUBKEY_ALGO_ECDH;
break;
}
- else if (algo == 10 && opt.expert)
+ else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
{
algo = PUBKEY_ALGO_ECDSA;
*r_usage = PUBKEY_USAGE_SIG;
break;
}
- else if (algo == 11 && opt.expert)
+ else if ((algo == 11 || !strcmp (answer, "ecc/*")) && opt.expert)
{
algo = PUBKEY_ALGO_ECDSA;
*r_usage = ask_key_flags (algo, addmode);
break;
}
- else if (algo == 12 && opt.expert && addmode)
+ else if ((algo == 12 || !strcmp (answer, "ecc/e"))
+ && opt.expert && addmode)
{
algo = PUBKEY_ALGO_ECDH;
*r_usage = PUBKEY_USAGE_ENC;
break;
}
- else if (algo == 13 && opt.expert && r_keygrip)
+ else if ((algo == 13 || !strcmp (answer, "keygrip"))
+ && opt.expert && r_keygrip)
{
for (;;)
{
@@ -1984,8 +1986,10 @@ ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
}
else
tty_printf (_("Invalid selection.\n"));
+
}
+ xfree(answer);
if (r_keygrip)
*r_keygrip = keygrip;
return algo;
commit 795965437732e50f6216d7f5db0e6174e90548a9
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jan 27 10:22:47 2015 +0100
agent: Add some extra robustness to extract_private_key
* agent/cvt-openpgp.c (extract_private_key): Add arg "arraysize".
Make sure that R_FLAGS and R_CURVE are set to NULL.
--
Given that extract_private_key is not file local it is good to have some
extra asserts to protect against future wrong use.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/agent/agent.h b/agent/agent.h
index 0560835..4536242 100644
--- a/agent/agent.h
+++ b/agent/agent.h
@@ -501,7 +501,8 @@ int agent_handle_learn (ctrl_t ctrl, int send, void *assuan_context);
gpg_error_t
extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
const char **r_algoname, int *r_npkey, int *r_nskey,
- const char **r_format, gcry_mpi_t *mpi_array,
+ const char **r_format,
+ gcry_mpi_t *mpi_array, int arraysize,
gcry_sexp_t *r_curve, gcry_sexp_t *r_flags);
#endif /*AGENT_H*/
diff --git a/agent/cvt-openpgp.c b/agent/cvt-openpgp.c
index dff6b7c..8cf0023 100644
--- a/agent/cvt-openpgp.c
+++ b/agent/cvt-openpgp.c
@@ -1187,13 +1187,15 @@ apply_protection (gcry_mpi_t *array, int npkey, int nskey,
* R_NSKEY is pointer to number of private key data.
* R_ELEMS is static string which is no need to free by caller.
* ARRAY contains public and private key data.
+ * ARRAYSIZE is the allocated size of the array for cross-checking.
* R_CURVE is pointer to S-Expression of the curve (can be NULL).
* R_FLAGS is pointer to S-Expression of the flags (can be NULL).
*/
gpg_error_t
extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
const char **r_algoname, int *r_npkey, int *r_nskey,
- const char **r_elems, gcry_mpi_t *array,
+ const char **r_elems,
+ gcry_mpi_t *array, int arraysize,
gcry_sexp_t *r_curve, gcry_sexp_t *r_flags)
{
gpg_error_t err;
@@ -1204,6 +1206,9 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
gcry_sexp_t curve = NULL;
gcry_sexp_t flags = NULL;
+ *r_curve = NULL;
+ *r_flags = NULL;
+
if (!req_private_key_data)
{
list = gcry_sexp_find_token (s_key, "shadowed-private-key", 0 );
@@ -1231,6 +1236,9 @@ extract_private_key (gcry_sexp_t s_key, int req_private_key_data,
return gpg_error (GPG_ERR_INV_OBJ); /* Invalid structure of object. */
}
+ if (arraysize < 7)
+ BUG ();
+
/* Map NAME to a name as used by Libgcrypt. We do not use the
Libgcrypt function here because we need a lowercase name and
require special treatment for some algorithms. */
@@ -1375,7 +1383,7 @@ convert_to_openpgp (ctrl_t ctrl, gcry_sexp_t s_key, const char *passphrase,
array[i] = NULL;
err = extract_private_key (s_key, 1, &algoname, &npkey, &nskey, NULL,
- array, &curve, &flags);
+ array, DIM (array), &curve, &flags);
if (err)
return err;
diff --git a/agent/findkey.c b/agent/findkey.c
index 064f7d2..156102b 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -1005,7 +1005,7 @@ agent_public_key_from_file (ctrl_t ctrl,
array[i] = NULL;
err = extract_private_key (s_skey, 0, &algoname, &npkey, NULL, &elems,
- array, &curve, &flags);
+ array, DIM (array), &curve, &flags);
if (err)
{
gcry_sexp_release (s_skey);
-----------------------------------------------------------------------
Summary of changes:
agent/agent.h | 3 ++-
agent/cvt-openpgp.c | 12 ++++++++++--
agent/findkey.c | 2 +-
doc/DETAILS | 30 ++++++++++++++++++++++++++++++
g10/keygen.c | 36 ++++++++++++++++++++----------------
5 files changed, 63 insertions(+), 20 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list