summaryrefslogtreecommitdiffstats
path: root/tools (follow)
Commit message (Collapse)AuthorAgeFilesLines
* build: Fix several "include file not found" problemsIngo Klöcker2021-09-201-4/+5
| | | | | | | | | | | | | * dirmngr/Makefile.am (t_ldap_parse_uri_CFLAGS): Add KSBA_CFLAGS. * kbx/Makefile.am (libkeybox_a_CFLAGS, libkeybox509_a_CFLAGS): Add NPTH_CFLAGS. * tools/Makefile.am (gpgtar_CFLAGS, gpg_wks_server_CFLAGS, gpg_wks_client_CFLAGS, gpg_pair_tool_CFLAGS): Add LIBGCRYPT_CFLAGS. -- The tools include gcrypt.h via common/util.h. GnuPG-bug-id: 5592
* wkd: Properly unescape the user-id from a key listing.Werner Koch2021-08-201-6/+16
| | | | * tools/wks-util.c (append_to_uidinfo_list): Unescape UID.
* wkd: Fix client issue with leading or trailing spaces in user-ids.Werner Koch2021-08-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/recsel.c (recsel_parse_expr): Add flag -t. * common/stringhelp.c: Remove assert.h. (strtokenize): Factor code out to do_strtokenize. (strtokenize_nt): New. (do_strtokenize): Add arg trim to support the strtokenize_nt. * common/t-stringhelp.c (test_strtokenize_nt): New test cases. * tools/wks-util.c (wks_list_key): Use strtokenize_nt and the recsel flag -t. -- This fixes a bug with user ids with leading spaces because: wks-client lists all mail addresses from the key and matches them to the requested mail address. If there are several user-ids all with the same mail address wks-client picks one of them and then extracts exactly that user id. However, here it does not match by the mail address but by the full user-id so that we can be sure that there will be only one user-id in the final key. The filter built expression unfortunately strips leading blanks but requires a verbatim match. Thus it won't find the user id again and errors out. The new -t flag and a non-trimming strtokenize solves the problem. Signed-off-by: Werner Koch <wk@gnupg.org>
* agent: New option --check-sym-passphrase-pattern.Werner Koch2021-08-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * agent/gpg-agent.c (oCheckSymPassphrasePattern): New. (opts): Add --check-sym-passphrase-pattern. (parse_rereadable_options): Set option. (main): Return option info. * tools/gpgconf-comp.c: Add new option. * agent/agent.h (opt): Add var check_sym_passphrase_pattern. (struct pin_entry_info_s): Add var constraints_flags. (CHECK_CONSTRAINTS_NOT_EMPTY): New to replace a hardwired 1. (CHECK_CONSTRAINTS_NEW_SYMKEY): New. * agent/genkey.c (check_passphrase_pattern): Rename to ... (do_check_passphrase_pattern): this to make code reading easier. Handle the --check-sym-passphrase-pattern option. (check_passphrase_constraints): Replace arg no_empty by a generic flags arg. Also handle --check-sym-passphrase-pattern here. * agent/command.c (cmd_get_passphrase): In --newsymkey mode pass CHECK_CONSTRAINTS_NEW_SYMKEY flag. * agent/call-pinentry.c (struct entry_parm_s): Add constraints_flags. (struct inq_cb_parm_s): New. (inq_cb): Use new struct for parameter passing. Pass flags to teh constraints checking. (do_getpin): Pass constraints flag down. (agent_askpin): Take constrainst flag from the supplied pinentry struct. -- Requirements for a passphrase to protect a private key and for a passphrase used for symmetric encryption are different. Thus a the use of a different pattern file will be useful. Note that a pattern file can be used to replace the other passphrase constraints options and thus we don't need to duplicate them for symmetric encryption. GnuPG-bug-id: 5517 Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Move socketdir to LCOAL_APPDATAWerner Koch2021-08-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * common/homedir.c (is_gnupg_default_homedir): Use standard_homedir instead of the constant which makes a difference on Windows. (_gnupg_socketdir_internal) [W32]: Move the directory to LOCAL_APPDATA. (gnupg_cachedir): Remove unsued function. * common/sysutils.c (gnupg_rmdir): New. * tools/gpgconf.c (main): s/rmdir/gnupg_rmdir/. -- That is actually a more correct directory than APPDATA. This fixes a problem with installations where the APPDATA is non a network drive and the resulting socket filename is truncated in our socket helper function (because we use sockaddr also for our local socket emulation on Windows). LOCAL_APPDATA is expected to be on the local box and thus in the majority of cases the resulting socket file name will be short enough. GnuPG-bug-id: 5537 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf,w32: Print more registry diagnostics with --list-dirs.Werner Koch2021-08-111-2/+36
| | | | | | * tools/gpgconf.c (list_dirs): Figure out classes with the key. Signed-off-by: Werner Koch <wk@gnupg.org>
* build: Simplify for string.h and getopt.h.NIIBE Yutaka2021-08-051-3/+0
| | | | | | | | | | | | | * configure.ac (AC_CHECK_HEADERS): Remove string.h and getopt.h. * dirmngr/ks-engine-ldap.c: Remove including getopt.h. * tools/make-dns-cert.c: Likewise. -- Checking string.h is supported by AC_HEADER_STDC. Use of getopt.h is only needed for getopt_long of GNU extention. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* tools: Extend gpg-check-pattern.Werner Koch2021-07-291-24/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools/gpg-check-pattern.c: Major rewrite. -- Signed-off-by: Werner Koch <wk@gnupg.org> Here is a simple pattern file: ==================== # Pattern to reject passwords which do not comply to # - at least 1 uppercase letter # - at least 1 lowercase letter # - at least one number # - at least one special character # and a few extra things to show the reject mode # Reject is the default mode, ignore case is the default #[reject] #[icase] # If the password starts with "foo" (case insensitive) it is rejected. /foo.*/ [case] # If the password starts with "bar" (case sensitive) it is rejected. /bar.*/ # Switch to accept mode: Only if all patterns up to the next "accept" # or "reject" tag or EOF match, the password is accepted. Otherwise # the password is rejected. [accept] /[A-Z]+/ /[a-z]+/ /[0-9]+/ /[^A-Za-z0-9]+/ ================= Someone™ please write regression tests.
* tools: Tweak ccidmon output.Werner Koch2021-06-251-4/+4
| | | | --
* tools: Extend ccidmon to print T=1 APDUsWerner Koch2021-06-221-1/+93
| | | | | | | | | * tools/ccidmon.c (print_as_ascii): New. (print_t1_block): New. (print_p2r_xfrblock): Print APDUs (print_r2p_datablock): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Fix typo in help messageJiri Kerestes2021-06-121-1/+1
| | | | | -- Signed-off-by: Jiri Kerestes <jiri.kerestes@trustica.cz>
* gpgtar,w32: Fix file size computationWerner Koch2021-06-091-1/+1
| | | | | | | | | | | | | * tools/gpgtar-create.c (fillup_entry_w32): Move parentheses. -- Fixes-commit: 8b8925a2bdbb12dd537dde20a27cdb1416c2f1ae The bug is so obvious that I wonder why it was not reported more often on Windows. (Adding 1 to MAXDWORD (0xfffffff) always gives 0 for the product). Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf: Make runtime changes with different homedir work.Werner Koch2021-05-281-4/+4
| | | | * tools/gpgconf-comp.c (dirmngr_runtime_change): Pass --homedir first.
* card: Intialize pointer to avoid double freeJakub Jelen2021-05-201-0/+1
| | | | | | | | | * tools/gpg-card.c (cmd_salut): Initialize data pointer -- Signed-off-by: Jakub Jelen <jjelen@redhat.com> GnuPG-bug-id: 5393
* tools: Fix for --disable-tpm2d.NIIBE Yutaka2021-04-231-0/+8
| | | | | | | | | * tools/gpgconf-comp.c: Conditionalize with BUILD_WITH_TPM2D. -- GnuPG-bug-id: 5408 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* card: New option --shadow for command list.Werner Koch2021-04-213-29/+50
| | | | | | | * tools/card-call-scd.c (scd_readkey): Add arg create_shadow. * tools/gpg-card.c (list_one_kinfo): Add arg create_shadow and pass it down to scd-readkey. Change all callers to convey this arg. (cmd_list): Add option --shadow.
* gpgconf: Fix a diagnostic output.Werner Koch2021-04-201-1/+4
| | | | | | | * tools/gpgconf-comp.c (gc_component_launch): Fix diagnostic. * doc/examples/common.conf: Fix example. Signed-off-by: Werner Koch <wk@gnupg.org>
* build: Fix build problems on macOS for gpgsm tests and gpg-card.Werner Koch2021-04-191-0/+1
| | | | | | | | | * tools/gpg-card.c: Include ctype.h. * sm/Makefile.am (t_common_ldadd): Add LIBICONV. -- GnuPG-bug-id: 5400 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,gpgsm: Move use-keyboxd to the new conf file common.confWerner Koch2021-04-191-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * common/comopt.c, common/comopt.h: New. * common/Makefile.am: Add them. * g10/gpg.c: Include comopt.h. (main): Also parse common.conf. * sm/gpgsm.c: Include comopt.h. (main): Set a flag for the --no-logfile option. Parse common.conf. * tools/gpgconf-comp.c (known_options_gpg): Remove "use-keyboxd", add pseudo option "use_keyboxd". (known_pseudo_options_gpg): Add pseudo option "use_keyboxd". (known_options_gpgsm): Remove "use-keyboxd". * tests/openpgp/defs.scm (create-gpghome): Create common.conf. * doc/examples/common.conf: New. -- Note that --use-keybox still works but prints a warning. We will eventually remove this option becuase it was marked as an experimental feature anyway. It would be too confusing if gpg and gpgsm use different key storages. Further, other components (e.g. dirmngr or gpg-wks-client) which call gpg or gpgsm need to be aware that the keyboxd is used and pass that option on the command line. Now that common.conf is always read (even if --no-options is used) those tools will work instantly.
* tools: Fix memory leaks.Jakub Jelen2021-04-131-4/+16
| | | | | | | | | * tools/gpgsplit.c (write_part): Free BLOB on error. -- GnuPG-bug-id: 5393 Signed-off-by: Jakub Jelen <jjelen@redhat.com>
* gpgconf: Return a new pseudo option compliance_de_vs.Werner Koch2021-04-011-2/+6
| | | | | | | | | | | | | * tools/gpgconf-comp.c (known_pseudo_options_gpg): Add "compliance_de_vs". * g10/gpg.c (gpgconf_list): Returh that pseudo option. -- Of course this will always return false for this version of gnupg. But as soon as this version has been approved we have everything ready for a runtime check. Signed-off-by: Werner Koch <wk@gnupg.org>
* card: New flag --reread for LIST.Werner Koch2021-04-013-11/+16
| | | | | | | | | | * tools/gpg-card.c (cmd_list): Add flag --reread. * tools/card-call-scd.c (scd_learn): New arg reread. * tools/card-call-scd.c (release_card_info): Fix releasing of the new label var. Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Print the key's label if available.Werner Koch2021-03-303-8/+60
| | | | | | | | | | | | | | * tools/gpg-card.h (struct key_info_s): Add field 'label'. * tools/card-call-scd.c (learn_status_cb): Parse KEY-LABEL. (scd_learn): Always request KEY-LABEL. * tools/gpg-card.c (nullnone): New. (list_one_kinfo, list_card): Use it. Print the label. -- PKCS#15 defines label which help to understand for what a key is intended. Print them. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf: Do not i18n an empty string to the PO files meta data.Werner Koch2021-03-281-0/+3
| | | | | | | * tools/gpgconf-comp.c (my_dgettext): Ignore empty strings. -- GnuPG-bug-id: 5363
* gpgconf: Fix another argv overflow if --homedir is used.Werner Koch2021-03-261-2/+3
| | | | | | | | | | | | | * tools/gpgconf-comp.c (gc_component_check_options): Increase array. -- I missed to fix that one with the last patch. Note that there was no problem in 2.2 at thismlocation - probably because it had been manually backported once. GnuPG-bug-id: 5366 Signed-off-by: Werner Koch <wk@gnupg.org>
* gpgconf: Fix argv overflow if --homedir is used.Werner Koch2021-03-261-28/+43
| | | | | | | | | | | | | | * tools/gpgconf-comp.c (gc_component_launch): Fix crasg due to too small array. (gpg_agent_runtime_change): Fix error message. (scdaemon_runtime_change): Ditto. (tpm2daemon_runtime_change): Ditto. (dirmngr_runtime_change): Ditto. (keyboxd_runtime_change): Ditto. -- GnuPG-bug-id: 5366 Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Add option --use-default-pin to command "login".Werner Koch2021-03-241-3/+18
| | | | * tools/gpg-card.c (cmd_login): Add option.
* gpgconf: Fix listing of default_pubkey_algo.Werner Koch2021-03-231-28/+108
| | | | | | | | | | | | | | | | | | | | | * tools/gpgconf-comp.c (known_options_gpg, known_options_gpgsm): No flags needed for pseudo options. (known_pseudo_options_gpg, known_pseudo_options_gpgsm): New. (gc_component): Add field known_pseudo_options. (struct read_line_wrapper_parm_s): New. (read_line_wrapper): New. (retrieve_options_from_program): Use read_line_wrapper to handle pseudo options. -- GnuPG-bug-id: 5341 Due to reading the list of options from the argparser of the component, we had no more information about the pseudo options and thus could not emit them. Well, there is just one pseudo option right now, but with this change we have a generalized concept for them: Pseudo options are used to convey information from a component to gpgconf; for example build-in values.
* gpgconf: Support use-keyboxd.Werner Koch2021-03-221-0/+5
| | | | | | | -- We flag this option as invisible so that it does not show up in a GUI but it will be possible to grep for the option.
* card: Support OpenPGP.1 and OpenPGP.2 for readcert and writecert.Werner Koch2021-03-191-6/+20
| | | | | | | | | | * tools/gpg-card.c (cmd_writecert): Allow the other key references. (cmd_readcert): Ditto. -- See previous commit for testing info. Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Print PIN descriptions and fix number of printed retry counters.Werner Koch2021-03-183-1/+15
| | | | | | | | | | * tools/gpg-card.h (struct card_info_s): Add fields nmaxlen, nchvinfo, and chvlabels. * tools/card-call-scd.c (release_card_info): Free chvlabels. (learn_status_cb): Parse CHV-LABEL. Set nmaxlen and nchvinfo. * tools/gpg-card.c (list_retry_counter): Print CHV labels. Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Generalize the CHV counter printing.Werner Koch2021-03-161-55/+38
| | | | | | * tools/gpg-card.c (list_retry_counter): New. Factored out from the other functions. (cmd_verify): Re-read the chv status.
* tpm2d: Add tpm2daemon codeJames Bottomley2021-03-102-1/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tpm2d: New directory. * Makefile.am (SUBDIRS): Add directory. * configure.ac: Detect libtss and decide whether to build tpm2d. * am/cmacros.am: Add a define. * util.h (GNUPG_MODULE_NAME_TPM2DAEMON): New. * common/homedir.c (gnupg_module_name): Add tpm2d. * common/mapstrings.c (macros): Add "TPM2DAEMON". * tools/gpgconf.h (GC_COMPONENT_TPM2DAEMON): New. * tools/gpgconf-comp.c (known_options_tpm2daemon): New. (gc_component): Add TPM2. (tpm2daemon_runtime_change): New. * tpm2d/Makefile.am: New. * tpm2d/command.c: New. * tpm2d/ibm-tss.h: New. * tpm2d/tpm2.c: New. * tpm2d/tpm2.h: New. * tpm2d/tpm2daemon.c: New. * tpm2d/tpm2daemon.h: New. --- This commit adds and plumbs in a tpm2daemon to the build to mirror the operation of scdaemon. The architecture of the code is that tpm2daemon.c itself is pretty much a clone of scd/scdaemon.c just with updated function prefixes (this argues there could be some further consolidation of the daemon handling code). Note that although this commit causes the daemon to be built and installed, nothing actually starts it or uses it yet. Command handling ---------------- command.c is copied from the command handler in scd.c except that the command implementation is now done in terms of tpm2 commands and the wire protocol is far simpler. The tpm2daemon only responds to 4 commands IMPORT: import a standard s-expression private key and export it to TPM2 format. This conversion cannot be undone and the private key now can *only* be used by the TPM2. To anyone who gets hold of the private key now, it's just an encrypted binary blob. PKSIGN: create a signature from the tpm2 key. The TPM2 form private key is retrieved by KEYDATA and the hash to be signed by EXTRA. Note there is no hash specifier because the tpm2 tss deduces the hash type from the length of the EXTRA data. This is actually a limitation of the tpm2 command API and it will be interesting to see how this fares if the tpm2 ever supports say sha3-256 hashes. PKDECRYPT: decrypt (RSA case) or derive (ECC case) a symmetric key. The tpm2 for private key is retrieved by KEYDATA and the information used to create the symmetric key by EXTRA. KILLTPM2D: stop the daemon All the tpm2 primitives used by command.c are in tpm2.h and all the tpm2 specific gunk is confined to tpm2.c, which is the only piece of this that actually does calls into the tss library. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Changes from James' patch: - gpgconf: The displayed name is "TPM" and not "TPM2". That string is used by GUIs and should be something the user understands. For example we also use "network" instead of "Dirmngr". - Removed some commented includes. - Use 16 as emulation of GPG_ERR_SOURCE_TPM2. - Silenced a C90 compiler warning and flags unused parameters. - Removed "if HAVE_LIBS" from tpm2/Makefile.am and add missing files so that make distcheck works. Signed-off-by: Werner Koch <wk@gnupg.org>
* w32: Always use Unicode for console input and output.Werner Koch2021-03-051-1/+5
| | | | | | | | | | | | | | | | | * common/init.c (_init_common_subsystems) [W32]: Set the codepage to UTF-8 for input and putput. Switch gettext to UTF-8. * tools/gpgconf.c (main): Display the input and output codepage if they differ. * g10/gpg.c (utf8_strings) [W32]: Make sure this is always set. -- With this patch the former patch to use ReadConsoleW and WriteConsoleW in ttyio.c are kind of superfluous because the ANSI version of these functions are also able to read/write UTF-8 directly given the console code page has been set correctly. However, this seems to work only with recent versions of Windows-10. GnuPG-bug-id: 4365
* kbx: Log debug fixesWerner Koch2021-02-251-1/+1
| | | | --
* tools,w32: Add resource and manifest files to all binaries.Beta-2.3.0-beta1598Werner Koch2021-02-2113-11/+347
| | | | --
* wkd: Install gpg-wks-client under bin and add wrapper for libexecWerner Koch2021-02-191-4/+18
| | | | | | | -- gpg-wks-client is a pretty useful command on the command line. Thus we now install it at bin and provide a compatibility wrapper.
* build: Remove now obsolete HAVE_NEWER_LIBGCRYPT AM conditional.Werner Koch2021-02-191-3/+1
| | | | | | | | * configure.ac (HAVE_NEWER_LIBGCRYPT): Remove conditional. * tools/Makefile.am (gpg_pair_tool_SOURCES): We build it always. -- This is because we require libgcrypt 1.9 anyway.
* doc: Improve the gpg-card man page.Werner Koch2021-02-111-4/+5
| | | | --
* tools: Remove the symcryptrun tool.Werner Koch2021-02-092-1031/+1
| | | | | | | | | | | | | * tools/symcryptrun.c: Remove. * tools/Makefile.am: Ditto. * doc/tools.texi: Remove man page. * configure.ac: Remove build option and tests used only by this tool. * Makefile.am (AM_DISTCHECK_CONFIGURE_FLAGS): Do not build symcryptrun. -- symcryptrun is too ancient to be of any use and has not been tested in many years. Thus we should not distribute it anymore.
* card: List keys of pkcs#15 cards.Werner Koch2021-02-021-0/+19
| | | | | * tools/gpg-card.c (list_p15): New. (list_card): Call it.
* Require Libgcrypt 1.9Werner Koch2021-01-191-2/+0
| | | | | | | | | | | * configure.ac: Require at least Libgcrypt 1.9.0. Remove all GCRYPT_VERSION_NUMBER dependent code. -- Only Libgcrypt 1.9 implements EAX which is a mandatory algorithm in RFC4880bis. Signed-off-by: Werner Koch <wk@gnupg.org>
* tools: Add option --clock to watchgnupgWerner Koch2021-01-121-1/+28
| | | | | | * tools/watchgnupg.c (print_fd_and_time) [ENABLE_LOG_CLOCK]: Use clock_gettime. (print_version): New option --clock.
* wkd: Minor permission fix for created files.Werner Koch2020-12-301-2/+2
| | | | | | | | | | | * tools/wks-util.c (wks_cmd_install_key): Don't set u+x on the file. (ensure_policy_file): No need to make the policy file group writable. -- The policy file is rarely changed thus no need to g+w. Setting +x on a plain file does not make sense at all. GnuPG-bug-id: 5214
* wks-client: Improve an error messageWerner Koch2020-12-091-1/+1
| | | | | | | | | | * tools/gpg-wks-client.c (read_confirmation_request): Print trust letter. -- The trust letter gives a hint on what's wrong with the key. Signed-off-by: Werner Koch <wk@gnupg.org>
* gpg,card: Allow no version information of Yubikey.NIIBE Yutaka2020-12-071-1/+2
| | | | | | | | | | * g10/call-agent.c (learn_status_cb): Assume >= 2 when no version. * tools/card-call-scd.c (learn_status_cb): Likewise. -- GnuPG-bug-id: 5100 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* card: Let the APDU command prints a description of the status word.Werner Koch2020-11-273-1/+43
| | | | | | | | * tools/card-call-scd.c (scd_apdu_strerror): New. * tools/gpg-card.c (cmd_apdu): Print a description. -- Pretty convenient to explore smartcards.
* card: Netkey improvement for passwd.Werner Koch2020-11-271-13/+22
| | | | | * tools/gpg-card.c (cmd_passwd) [Netkey]: No Standard/QES menu if the card does not support it. Print no error in cases the user canceled.
* gpgconf: Yet another fix for --apply-profile.Werner Koch2020-11-121-4/+4
| | | | | | | | | * tools/gpgconf.c (main): Use gnupg_homedir instead of default_homedir. Check for existance of the directory. -- Fixes-commit: 7d95f2e7e7a09e3d433d449b117e3470f9dd38c7 Signed-off-by: Werner Koch <wk@gnupg.org>
* card: Run factory-reset in locked stated also in gpg-card.Werner Koch2020-11-093-10/+54
| | | | | | | | | | | | * tools/card-call-scd.c (scd_apdu): Add more pseudo APDUs. * tools/card-misc.c (send_apdu): Handle them. * tools/gpg-card.c (cmd_factoryreset): Use lock commands. -- This is port of the code used with gpg-card-edit. Note that the command "apdu" now also understands some extra keywords. Signed-off-by: Werner Koch <wk@gnupg.org>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 08:13:06 +0100