See ChangeLog: Tue May 25 19:50:32 CEST 1999 Werner Koch

7 files changed, 181 insertions, 4 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 7d46c88c9..ecf7a6853 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+Tue May 25 19:50:32 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
+
+	* sign.c (sign_file): Always use compression algo 1 for signed
+	onyl file becuase we canī be sure the the verifier supports other
+	algorithms.
+
+	* build-packet.c (build_sig_subpkt): Support for notation data.
+	* sign.c (sign_file,clearsign_file,make_keysig_packet): Ditto.
+	(mk_notation): New.
+	* g10.c (add_notation_data): New and add option -N
+	* mainproc.c (print_notation_data): New.
+	(check_sig_and_print): Print any notation data of the signed text.
+
 Sun May 23 14:20:22 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 
 	* pkclist.c (check_signatures_trust): Print a warning and return
diff --git a/g10/build-packet.c b/g10/build-packet.c
index f90790343..0db12a727 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -646,6 +646,7 @@ build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
       case SIGSUBPKT_PREF_COMPR:
       case SIGSUBPKT_KS_FLAGS:
       case SIGSUBPKT_KEY_EXPIRE:
+      case SIGSUBPKT_NOTATION:
 	       hashed = 1; break;
       default: hashed = 0; break;
     }
diff --git a/g10/g10.c b/g10/g10.c
index 34e0da3ae..d0635d692 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -63,6 +63,7 @@ enum cmd_and_opt_values { aNull = 0,
     oUser	  = 'u',
     oVerbose	  = 'v',
     oCompress	  = 'z',
+    oNotation	  = 'N',
     oBatch	  = 500,
     aClearsign,
     aStore,
@@ -254,6 +255,7 @@ static ARGPARSE_OPTS opts[] = {
     { oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
     { oCompressAlgo, "compress-algo", 1 , N_("|N|use compress algorithm N")},
     { oThrowKeyid, "throw-keyid", 0, N_("throw keyid field of encrypted packets")},
+    { oNotation,   "notation-data", 2, N_("|NAME=VALUE|use this notation data")},
 
     { 302, NULL, 0, N_("@\nExamples:\n\n"
     " -se -r Bob [file]          sign and encrypt for user Bob\n"
@@ -312,6 +314,7 @@ static void set_cmd( enum cmd_and_opt_values *ret_cmd,
 			enum cmd_and_opt_values new_cmd );
 static void print_hex( byte *p, size_t n );
 static void print_mds( const char *fname, int algo );
+static void add_notation_data( const char *string );
 
 const char *
 strusage( int level )
@@ -741,6 +744,7 @@ main( int argc, char **argv )
 	  case oEscapeFrom: opt.escape_from = 1; break;
 	  case oLockOnce: opt.lock_once = 1; break;
 	  case oKeyServer: opt.keyserver_name = pargs.r.ret_str; break;
+	  case oNotation: add_notation_data( pargs.r.ret_str ); break;
 
 	  default : pargs.err = configfp? 1:2; break;
 	}
@@ -1382,3 +1386,53 @@ print_mds( const char *fname, int algo )
 	fclose(fp);
 }
 
+
+/****************
+ * Check the supplied name,value string and add it to the notation
+ * data to be used for signatures.
+ */
+static void
+add_notation_data( const char *string )
+{
+    const char *s = string;
+    const char *s2;
+    int highbit=0;
+
+    if( !*s || (*s & 0x80) || (!isalpha(*s) && *s != '_') ) {
+	log_error(_("the first character of a notation name "
+		    "must be a letter or an underscore\n") );
+	return;
+    }
+    for(s++; *s != '='; s++ ) {
+	if( !*s || (*s & 0x80) || (!isalnum(*s) && *s != '_' && *s != '.' ) ) {
+	    log_error(_("a notation name must have only letters, "
+			"digits, dots or underscores and end with an '='\n") );
+	    return;
+	}
+    }
+    if( s[-1] == '.' || ((s2=strstr(string, "..")) && s2 < s ) ) {
+	log_error(_("dots in a notation name must be surrounded "
+		    "by other characters\n") );
+	return;
+    }
+    /* we do only support printabe text - therefore we enforce the use
+     * of only printable characters (an empty value is valid) */
+    for( s++; *s ; s++ ) {
+	if( iscntrl(*s) ) {
+	    log_error(_("a notation value must not use "
+			"any control characters\n") );
+	    return;
+	}
+	else if( *s & 0x80 )
+	    highbit = 1;
+    }
+
+    if( highbit ) {  /* must use UTF8 encoding */
+	char *p = native_to_utf8( string );
+	add_to_strlist( &opt.notation_data, p );
+	m_free( p );
+    }
+    else
+	add_to_strlist( &opt.notation_data, string );
+}
+
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 6d16d624a..6eb587fe9 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -492,6 +492,35 @@ print_fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
     putchar('\n');
 }
 
+static void
+print_notation_data( PKT_signature *sig )
+{
+    size_t n, n1, n2;
+    const byte *p;
+
+    /* FIXME: we can not handle multiple notaion data packets yet */
+    p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_NOTATION, &n );
+    if( !p )
+	return;
+    if( n < 8 ) {
+	log_info(_("WARNING: invalid notation data found\n"));
+	return;
+    }
+    if( !(*p & 0x80) )
+	return; /* not human readable */
+    n1 = (p[4] << 8) | p[5];
+    n2 = (p[6] << 8) | p[7];
+    p += 8;
+    if( 8+n1+n2 != n ) {
+	log_info(_("WARNING: invalid notation data found\n"));
+	return;
+    }
+    log_info(_("Notation: ") );
+    print_string( log_stream(), p, n1, 0 );
+    putc( '=', log_stream() );
+    print_string( log_stream(), p+n1, n2, 0 );
+    putc( '\n', log_stream() );
+}
 
 /****************
  * List the certificate in a user friendly way
@@ -935,7 +964,8 @@ check_sig_and_print( CTX c, KBNODE node )
 	    fputs("[?]\"\n", log_stream() );
 	}
 	release_kbnode( keyblock );
-
+	if( !rc )
+	    print_notation_data( sig );
 
 	if( !rc && is_status_enabled() ) {
 	    /* print a status response with the fingerprint */
diff --git a/g10/options.h b/g10/options.h
index 3e81044be..8d3b3c61c 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -20,6 +20,7 @@
 #ifndef G10_OPTIONS_H
 #define G10_OPTIONS_H
 
+#include <types.h>
 
 #undef ENABLE_COMMENT_PACKETS  /* don't create comment packets */
 
@@ -73,6 +74,7 @@ struct {
     const char *keyserver_name;
     int no_encrypt_to;
     int interactive;
+    STRLIST notation_data;
 } opt;
 
 
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 47d28e396..7d5958adf 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -745,7 +745,28 @@ dump_sig_subpkt( int hashed, int type, int critical,
 		      (ulong)buffer_to_u32(buffer+4) );
 	break;
       case SIGSUBPKT_NOTATION:
-	p = "notation data";
+	{
+	    fputs("notation: ", stdout );
+	    if( length < 8 )
+		p = "[too short]";
+	    else if( !(*buffer & 0x80) )
+		p = "[not human readable]";
+	    else {
+		const byte *s = buffer;
+		size_t n1, n2;
+
+		n1 = (s[4] << 8) | s[5];
+		n2 = (s[6] << 8) | s[7];
+		s += 8;
+		if( 8+n1+n2 != length )
+		    p = "[error]";
+		else {
+		    print_string( stdout, s, n1, 0 );
+		    putc( '=', stdout );
+		    print_string( stdout, s+n1, n2, 0 );
+		}
+	    }
+	}
 	break;
       case SIGSUBPKT_PREF_HASH:
 	fputs("pref-hash-algos:", stdout );
@@ -808,6 +829,10 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
 	if( n < 8 )
 	    break;
 	return 0;
+      case SIGSUBPKT_NOTATION:
+	if( n < 8 ) /* minimum length needed */
+	    break;
+	return 0;
       case SIGSUBPKT_PREF_SYM:
       case SIGSUBPKT_PREF_HASH:
       case SIGSUBPKT_PREF_COMPR:
diff --git a/g10/sign.c b/g10/sign.c
index a74ee867e..e62bbbaef 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -39,6 +39,46 @@
 #include "i18n.h"
 
 
+
+/****************
+ * Create a notation.  It is assumed that the stings in STRLIST
+ * are already checked to contain only printable data and have a valid
+ * NAME=VALUE format.
+ */
+static void
+mk_notation( PKT_signature *sig, STRLIST nd )
+{
+    const char *string, *s;
+    byte *buf;
+    unsigned n1, n2;
+
+    if( sig->version < 4 ) {
+	log_info("can't put notation data into v3 signatures\n");
+	return;
+    }
+
+    for( ; nd; nd = nd->next )	{
+	string = nd->d;
+	s = strchr( string, '=' );
+	if( !s )
+	    BUG(); /* we have already parsed this */
+	n1 = s - string;
+	s++;
+	n2 = strlen(s);
+	buf = m_alloc( 8 + n1 + n2 );
+	buf[0] = 0x80; /* human readable */
+	buf[1] = buf[2] = buf[3] = 0;
+	buf[4] = n1 >> 8;
+	buf[5] = n1;
+	buf[6] = n2 >> 8;
+	buf[7] = n2;
+	memcpy(buf+8, string, n1 );
+	memcpy(buf+8+n1, s, n2 );
+	build_sig_subpkt( sig, SIGSUBPKT_NOTATION, buf, 8+n1+n2 );
+    }
+}
+
+
 static int
 do_sign( PKT_secret_key *sk, PKT_signature *sig,
 	 MD_HANDLE md, int digest_algo )
@@ -253,8 +293,10 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	if( !compr_algo )
 	    ; /* don't use compression */
 	else {
-	    if( old_style || compr_algo == 1 )
-		zfx.algo = 1;
+	    if( old_style
+		|| compr_algo == 1
+		|| (compr_algo == -1 && !encrypt) )
+		zfx.algo = 1; /* use the non optional algorithm */
 	    iobuf_push_filter( out, compress_filter, &zfx );
 	}
     }
@@ -392,6 +434,10 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
 	    build_sig_subpkt_from_sig( sig );
 	    md_putc( md, sig->version );
 	}
+
+	if( opt.notation_data )
+	     mk_notation( sig, opt.notation_data );
+
 	md_putc( md, sig->sig_class );
 	if( sig->version < 4 ) {
 	    u32 a = sig->timestamp;
@@ -578,6 +624,10 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
 	    build_sig_subpkt_from_sig( sig );
 	    md_putc( md, sig->version );
 	}
+
+	if( opt.notation_data )
+	     mk_notation( sig, opt.notation_data );
+
 	md_putc( md, sig->sig_class );
 	if( sig->version < 4 ) {
 	    u32 a = sig->timestamp;
@@ -706,6 +756,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
 	rc = (*mksubpkt)( sig, opaque );
 
     if( !rc ) {
+	if( opt.notation_data )
+	     mk_notation( sig, opt.notation_data );
 	if( sig->version >= 4 )
 	    md_putc( md, sig->version );
 	md_putc( md, sig->sig_class );