From 67c978946c29690759261070564473c74c68e6fc Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Fri, 4 Oct 2013 16:30:24 -0300
Subject: Add option to choose cipher and digest algorithms.

---
 changes/feature_4030-add-cipher-and-digest-algo |  2 ++
 src/leap/keymanager/__init__.py                 | 20 +++++++++++++++++---
 src/leap/keymanager/openpgp.py                  | 22 ++++++++++++++++++----
 3 files changed, 37 insertions(+), 7 deletions(-)
 create mode 100644 changes/feature_4030-add-cipher-and-digest-algo

diff --git a/changes/feature_4030-add-cipher-and-digest-algo b/changes/feature_4030-add-cipher-and-digest-algo
new file mode 100644
index 0000000..a05e589
--- /dev/null
+++ b/changes/feature_4030-add-cipher-and-digest-algo
@@ -0,0 +1,2 @@
+  o Add option to choose cipher and digest algorithms when signing and
+    encrypting. Closes #4030.
diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index 76be226..edd0ba1 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -391,7 +391,8 @@ class KeyManager(object):
     # encrypt/decrypt and sign/verify API
     #
 
-    def encrypt(self, data, pubkey, passphrase=None, sign=None):
+    def encrypt(self, data, pubkey, passphrase=None, sign=None,
+                cipher_algo='AES256'):
         """
         Encrypt C{data} using public @{key} and sign with C{sign} key.
 
@@ -401,6 +402,8 @@ class KeyManager(object):
         :type pubkey: EncryptionKey
         :param sign: The key used for signing.
         :type sign: EncryptionKey
+        :param cipher_algo: The cipher algorithm to use.
+        :type cipher_algo: str
 
         :return: The encrypted data.
         :rtype: str
@@ -436,7 +439,8 @@ class KeyManager(object):
         return self._wrapper_map[privkey.__class__].decrypt(
             data, privkey, passphrase, verify)
 
-    def sign(self, data, privkey):
+    def sign(self, data, privkey, digest_algo='SHA512', clearsign=False,
+             detach=True, binary=False):
         """
         Sign C{data} with C{privkey}.
 
@@ -445,6 +449,14 @@ class KeyManager(object):
 
         :param privkey: The private key to be used to sign.
         :type privkey: EncryptionKey
+        :param digest_algo: The hash digest to use.
+        :type digest_algo: str
+        :param clearsign: If True, create a cleartext signature.
+        :type clearsign: bool
+        :param detach: If True, create a detached signature.
+        :type detach: bool
+        :param binary: If True, do not ascii armour the output.
+        :type binary: bool
 
         :return: The signed data.
         :rtype: str
@@ -454,7 +466,9 @@ class KeyManager(object):
             privkey.__class__ in self._wrapper_map,
             'Unknown key type.')
         leap_assert(privkey.private is True, 'Key is not private.')
-        return self._wrapper_map[privkey.__class__].sign(data, privkey)
+        return self._wrapper_map[privkey.__class__].sign(
+            data, privkey, digest_algo=digest_algo, clearsign=clearsign,
+            detach=detach, binary=binary)
 
     def verify(self, data, pubkey):
         """
diff --git a/src/leap/keymanager/openpgp.py b/src/leap/keymanager/openpgp.py
index 9d8d89a..6412331 100644
--- a/src/leap/keymanager/openpgp.py
+++ b/src/leap/keymanager/openpgp.py
@@ -433,7 +433,8 @@ class OpenPGPScheme(EncryptionScheme):
             raise errors.EncryptionDecryptionFailed(
                 'Failed to encrypt/decrypt: %s' % stderr)
 
-    def encrypt(self, data, pubkey, passphrase=None, sign=None):
+    def encrypt(self, data, pubkey, passphrase=None, sign=None,
+                cipher_algo='AES256'):
         """
         Encrypt C{data} using public @{pubkey} and sign with C{sign} key.
 
@@ -443,6 +444,8 @@ class OpenPGPScheme(EncryptionScheme):
         :type pubkey: OpenPGPKey
         :param sign: The key used for signing.
         :type sign: OpenPGPKey
+        :param cipher_algo: The cipher algorithm to use.
+        :type cipher_algo: str
 
         :return: The encrypted data.
         :rtype: str
@@ -459,7 +462,7 @@ class OpenPGPScheme(EncryptionScheme):
                 data, pubkey.fingerprint,
                 default_key=sign.key_id if sign else None,
                 passphrase=passphrase, symmetric=False,
-                cipher_algo='AES256')
+                cipher_algo=cipher_algo)
             # Here we cannot assert for correctness of sig because the sig is
             # in the ciphertext.
             # result.ok    - (bool) indicates if the operation succeeded
@@ -517,7 +520,8 @@ class OpenPGPScheme(EncryptionScheme):
             gpgutil = GPGUtilities(gpg)
             return gpgutil.is_encrypted_asym(data)
 
-    def sign(self, data, privkey):
+    def sign(self, data, privkey, digest_algo='SHA512', clearsign=False,
+             detach=True, binary=False):
         """
         Sign C{data} with C{privkey}.
 
@@ -526,6 +530,14 @@ class OpenPGPScheme(EncryptionScheme):
 
         :param privkey: The private key to be used to sign.
         :type privkey: OpenPGPKey
+        :param digest_algo: The hash digest to use.
+        :type digest_algo: str
+        :param clearsign: If True, create a cleartext signature.
+        :type clearsign: bool
+        :param detach: If True, create a detached signature.
+        :type detach: bool
+        :param binary: If True, do not ascii armour the output.
+        :type binary: bool
 
         :return: The ascii-armored signed data.
         :rtype: str
@@ -536,7 +548,9 @@ class OpenPGPScheme(EncryptionScheme):
         # result.fingerprint - contains the fingerprint of the key used to
         #                      sign.
         with self._temporary_gpgwrapper(privkey) as gpg:
-            result = gpg.sign(data, default_key=privkey.key_id)
+            result = gpg.sign(data, default_key=privkey.key_id,
+                              digest_algo=digest_algo, clearsign=clearsign,
+                              detach=detach, binary=binary)
             rfprint = privkey.fingerprint
             privkey = gpg.list_keys(secret=True).pop()
             kfprint = privkey['fingerprint']
-- 
cgit v1.2.3


From ef0dc72fb5a61fc273592a402ac185796627fada Mon Sep 17 00:00:00 2001
From: drebs <drebs@leap.se>
Date: Wed, 9 Oct 2013 11:58:33 -0300
Subject: Set gnupg dep version to 1.2.3.

---
 pkg/requirements.pip | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/requirements.pip b/pkg/requirements.pip
index 5ebd803..acb783c 100644
--- a/pkg/requirements.pip
+++ b/pkg/requirements.pip
@@ -1,4 +1,4 @@
 leap.common>=0.3.0
 simplejson
 requests
-gnupg
+gnupg>=1.2.3
-- 
cgit v1.2.3


From caed9561be46254dd3eed1d6d23bc1cf474f727e Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@futeisha.org>
Date: Wed, 9 Oct 2013 12:23:35 -0300
Subject: bump also the gnupg sanity check

---
 pkg/requirements.pip            | 2 ++
 src/leap/keymanager/__init__.py | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/requirements.pip b/pkg/requirements.pip
index acb783c..1515204 100644
--- a/pkg/requirements.pip
+++ b/pkg/requirements.pip
@@ -1,4 +1,6 @@
 leap.common>=0.3.0
 simplejson
 requests
+# if we bump the gnupg version, bump also the sanity check
+# in keymanager.__init__
 gnupg>=1.2.3
diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index edd0ba1..f2cffd5 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -25,7 +25,7 @@ try:
     assert(GPGUtilities)  # pyflakes happy
     from gnupg import __version__
     from distutils.version import LooseVersion as V
-    assert(V(__version__) >= V('1.2.2'))
+    assert(V(__version__) >= V('1.2.3'))
 
 except ImportError, AssertionError:
     print "Ooops! It looks like there is a conflict in the installed version "
-- 
cgit v1.2.3


From 1ba5cb91ea5d0f29f16316d984dc685e8180b88f Mon Sep 17 00:00:00 2001
From: Kali Kaneko <kali@futeisha.org>
Date: Wed, 9 Oct 2013 13:03:30 -0300
Subject: fix exception catching

---
 src/leap/keymanager/__init__.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index f2cffd5..a550598 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -27,14 +27,17 @@ try:
     from distutils.version import LooseVersion as V
     assert(V(__version__) >= V('1.2.3'))
 
-except ImportError, AssertionError:
+except (ImportError, AssertionError):
+    print "*******"
     print "Ooops! It looks like there is a conflict in the installed version "
     print "of gnupg."
+    print
     print "Disclaimer: Ideally, we would need to work a patch and propose the "
     print "merge to upstream. But until then do: "
     print
     print "% pip uninstall python-gnupg"
     print "% pip install gnupg"
+    print "*******"
     sys.exit(1)
 
 import logging
-- 
cgit v1.2.3


From 4cd1e5e6cb4f6014cc01ade07e84c959535ab407 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Touceda?= <chiiph@leap.se>
Date: Fri, 18 Oct 2013 09:05:37 -0300
Subject: Fold in changes

---
 CHANGELOG                                       | 4 ++++
 changes/feature_4030-add-cipher-and-digest-algo | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)
 delete mode 100644 changes/feature_4030-add-cipher-and-digest-algo

diff --git a/CHANGELOG b/CHANGELOG
index 6ec2624..8371498 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,7 @@
+0.3.4 Oct 18:
+  o Add option to choose cipher and digest algorithms when signing and
+    encrypting. Closes #4030.
+
 0.3.3 Oct 4:
   o Add a sanity check for the correct version of gnupg.
   o Update code to use gnupg 1.2.2 python module. Closes #2342.
diff --git a/changes/feature_4030-add-cipher-and-digest-algo b/changes/feature_4030-add-cipher-and-digest-algo
deleted file mode 100644
index a05e589..0000000
--- a/changes/feature_4030-add-cipher-and-digest-algo
+++ /dev/null
@@ -1,2 +0,0 @@
-  o Add option to choose cipher and digest algorithms when signing and
-    encrypting. Closes #4030.
-- 
cgit v1.2.3