-/* misc.c - miscellaneous functions
- * Copyright (C) 1998, 1999, 2000, 2001, 2002,
- * 2003 Free Software Foundation, Inc.
+/* misc.c - miscellaneous functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ * 2008, 2009, 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Werner Koch
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
-#include <assert.h>
#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
#include <asm/sysinfo.h>
#include <asm/unistd.h>
#include <sys/time.h>
#include <sys/resource.h>
#endif
+#ifdef ENABLE_SELINUX_HACKS
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_W32_SYSTEM
+#include <time.h>
+#include <process.h>
+#ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif
+#include <windows.h>
+#include <shlobj.h>
+#ifndef CSIDL_APPDATA
+#define CSIDL_APPDATA 0x001a
+#endif
+#ifndef CSIDL_LOCAL_APPDATA
+#define CSIDL_LOCAL_APPDATA 0x001c
+#endif
+#ifndef CSIDL_FLAG_CREATE
+#define CSIDL_FLAG_CREATE 0x8000
+#endif
+#endif /*HAVE_W32_SYSTEM*/
#include "gpg.h"
+#ifdef HAVE_W32_SYSTEM
+# include "status.h"
+#endif /*HAVE_W32_SYSTEM*/
#include "util.h"
#include "main.h"
#include "photoid.h"
#include "options.h"
+#include "call-agent.h"
#include "i18n.h"
-
-#define MAX_EXTERN_MPI_BITS 16384
+#include "zb32.h"
-#if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
-static int
-setsysinfo(unsigned long op, void *buffer, unsigned long size,
- int *start, void *arg, unsigned long flag)
+#ifdef ENABLE_SELINUX_HACKS
+/* A object and a global variable to keep track of files marked as
+ secured. */
+struct secured_file_item
{
- return syscall(__NR_osf_setsysinfo, op, buffer, size, start, arg, flag);
-}
+ struct secured_file_item *next;
+ ino_t ino;
+ dev_t dev;
+};
+static struct secured_file_item *secured_files;
+#endif /*ENABLE_SELINUX_HACKS*/
+
+
+
+/* For the sake of SELinux we want to restrict access through gpg to
+ certain files we keep under our own control. This function
+ registers such a file and is_secured_file may then be used to
+ check whether a file has ben registered as secured. */
void
-trap_unaligned(void)
+register_secured_file (const char *fname)
{
- unsigned int buf[2];
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ /* Note that we stop immediately if something goes wrong here. */
+ if (stat (fname, &buf))
+ log_fatal (_("fstat of '%s' failed in %s: %s\n"), fname,
+ "register_secured_file", strerror (errno));
+/* log_debug ("registering '%s' i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return; /* Already registered. */
+ }
- buf[0] = SSIN_UACPROC;
- buf[1] = UAC_SIGBUS | UAC_NOPRINT;
- setsysinfo(SSI_NVPAIRS, buf, 1, 0, 0, 0);
+ sf = xmalloc (sizeof *sf);
+ sf->ino = buf.st_ino;
+ sf->dev = buf.st_dev;
+ sf->next = secured_files;
+ secured_files = sf;
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
}
-#else
+
+/* Remove a file registered as secure. */
void
-trap_unaligned(void)
-{ /* dummy */
+unregister_secured_file (const char *fname)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf, *sfprev;
+
+ if (stat (fname, &buf))
+ {
+ log_error (_("fstat of '%s' failed in %s: %s\n"), fname,
+ "unregister_secured_file", strerror (errno));
+ return;
+ }
+/* log_debug ("unregistering '%s' i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sfprev=NULL,sf=secured_files; sf; sfprev=sf, sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ {
+ if (sfprev)
+ sfprev->next = sf->next;
+ else
+ secured_files = sf->next;
+ xfree (sf);
+ return;
+ }
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
}
-#endif
+/* Return true if FD is corresponds to a secured file. Using -1 for
+ FS is allowed and will return false. */
+int
+is_secured_file (int fd)
+{
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ if (fd == -1)
+ return 0; /* No file descriptor so it can't be secured either. */
+
+ /* Note that we print out a error here and claim that a file is
+ secure if something went wrong. */
+ if (fstat (fd, &buf))
+ {
+ log_error (_("fstat(%d) failed in %s: %s\n"), fd,
+ "is_secured_file", strerror (errno));
+ return 1;
+ }
+/* log_debug ("is_secured_file (%d) i=%lu.%lu\n", fd, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return 1; /* Yes. */
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fd;
+#endif /*!ENABLE_SELINUX_HACKS*/
+ return 0; /* No. */
+}
+/* Return true if FNAME is corresponds to a secured file. Using NULL,
+ "" or "-" for FS is allowed and will return false. This function is
+ used before creating a file, thus it won't fail if the file does
+ not exist. */
int
-disable_core_dumps()
+is_secured_filename (const char *fname)
{
-#ifdef HAVE_DOSISH_SYSTEM
+#ifdef ENABLE_SELINUX_HACKS
+ struct stat buf;
+ struct secured_file_item *sf;
+
+ if (iobuf_is_pipe_filename (fname) || !*fname)
return 0;
-#else
-#ifdef HAVE_SETRLIMIT
- struct rlimit limit;
- limit.rlim_cur = 0;
- limit.rlim_max = 0;
- if( !setrlimit( RLIMIT_CORE, &limit ) )
- return 0;
- if( errno != EINVAL && errno != ENOSYS )
- log_fatal(_("can't disable core dumps: %s\n"), strerror(errno) );
-#endif
- return 1;
-#endif
+ /* Note that we print out a error here and claim that a file is
+ secure if something went wrong. */
+ if (stat (fname, &buf))
+ {
+ if (errno == ENOENT || errno == EPERM || errno == EACCES)
+ return 0;
+ log_error (_("fstat of '%s' failed in %s: %s\n"), fname,
+ "is_secured_filename", strerror (errno));
+ return 1;
+ }
+/* log_debug ("is_secured_filename (%s) i=%lu.%lu\n", fname, */
+/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
+ for (sf=secured_files; sf; sf = sf->next)
+ {
+ if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
+ return 1; /* Yes. */
+ }
+#else /*!ENABLE_SELINUX_HACKS*/
+ (void)fname;
+#endif /*!ENABLE_SELINUX_HACKS*/
+ return 0; /* No. */
}
}
u16
-checksum_mpi( gcry_mpi_t a )
+checksum_mpi (gcry_mpi_t a)
{
- int rc;
u16 csum;
byte *buffer;
size_t nbytes;
- rc = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a );
- if (rc)
+ if ( gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a) )
BUG ();
- /* fixme: for numbers not in secure memory we should use a stack
- * based buffer and only allocate a larger one if mpi_print return
- * an error */
- buffer = gcry_is_secure(a)? gcry_xmalloc_secure(nbytes):gcry_xmalloc(nbytes);
- rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, NULL, a );
- if (rc)
+ /* Fixme: For numbers not in secure memory we should use a stack
+ * based buffer and only allocate a larger one if mpi_print returns
+ * an error. */
+ buffer = (gcry_is_secure(a)?
+ gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes));
+ if ( gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, NULL, a) )
BUG ();
- csum = checksum (buffer, nbytes );
- xfree (buffer );
+ csum = checksum (buffer, nbytes);
+ xfree (buffer);
return csum;
}
-u32
-buffer_to_u32( const byte *buffer )
+
+void
+print_pubkey_algo_note (pubkey_algo_t algo)
{
- unsigned long a;
- a = *buffer << 24;
- a |= buffer[1] << 16;
- a |= buffer[2] << 8;
- a |= buffer[3];
- return a;
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ es_fflush (es_stdout);
+ log_info (_("WARNING: using experimental public key algorithm %s\n"),
+ openpgp_pk_algo_name (algo));
+ }
+ }
+ else if (algo == PUBKEY_ALGO_ELGAMAL)
+ {
+ es_fflush (es_stdout);
+ log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
+ }
}
+void
+print_cipher_algo_note (cipher_algo_t algo)
+{
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ es_fflush (es_stdout);
+ log_info (_("WARNING: using experimental cipher algorithm %s\n"),
+ openpgp_cipher_algo_name (algo));
+ }
+ }
+}
-static void
-no_exp_algo(void)
+void
+print_digest_algo_note (digest_algo_t algo)
{
- static int did_note = 0;
+ const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
+ const struct weakhash *weak;
- if( !did_note ) {
- did_note = 1;
- log_info(_("Experimental algorithms should not be used!\n"));
+ if(algo >= 100 && algo <= 110)
+ {
+ static int warn=0;
+ if(!warn)
+ {
+ warn=1;
+ es_fflush (es_stdout);
+ log_info (_("WARNING: using experimental digest algorithm %s\n"),
+ gcry_md_algo_name (galgo));
+ }
}
+ else
+ for (weak = opt.weak_digests; weak != NULL; weak = weak->next)
+ if (weak->algo == galgo)
+ {
+ es_fflush (es_stdout);
+ log_info (_("WARNING: digest algorithm %s is deprecated\n"),
+ gcry_md_algo_name (galgo));
+ }
}
+
void
-print_pubkey_algo_note( int algo )
+print_digest_rejected_note (enum gcry_md_algos algo)
{
- if( algo >= 100 && algo <= 110 )
- no_exp_algo();
+ struct weakhash* weak;
+ int show = 1;
+ for (weak = opt.weak_digests; weak; weak = weak->next)
+ if (weak->algo == algo)
+ {
+ if (weak->rejection_shown)
+ show = 0;
+ else
+ weak->rejection_shown = 1;
+ break;
+ }
+
+ if (show)
+ {
+ es_fflush (es_stdout);
+ log_info
+ (_("Note: signatures using the %s algorithm are rejected\n"),
+ gcry_md_algo_name(algo));
+ }
}
+
+/* Print a message
+ * "(reported error: %s)\n
+ * in verbose mode to further explain an error. If the error code has
+ * the value IGNORE_EC no message is printed. A message is also not
+ * printed if ERR is 0. */
void
-print_cipher_algo_note( int algo )
-{
- if( algo >= 100 && algo <= 110 )
- no_exp_algo();
- else if( algo == CIPHER_ALGO_3DES
- || algo == CIPHER_ALGO_CAST5
- || algo == CIPHER_ALGO_BLOWFISH
- || algo == CIPHER_ALGO_TWOFISH
- || algo == CIPHER_ALGO_RIJNDAEL
- || algo == CIPHER_ALGO_RIJNDAEL192
- || algo == CIPHER_ALGO_RIJNDAEL256
- )
- ;
- else {
- static int did_note = 0;
-
- if( !did_note ) {
- did_note = 1;
- log_info(_("this cipher algorithm is deprecated; "
- "please use a more standard one!\n"));
- }
- }
+print_reported_error (gpg_error_t err, gpg_err_code_t ignore_ec)
+{
+ if (!opt.verbose)
+ return;
+
+ if (!gpg_err_code (err))
+ ;
+ else if (gpg_err_code (err) == ignore_ec)
+ ;
+ else if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
+ log_info (_("(reported error: %s)\n"),
+ gpg_strerror (err));
+ else
+ log_info (_("(reported error: %s <%s>)\n"),
+ gpg_strerror (err), gpg_strsource (err));
+
}
+
+/* Print a message
+ * "(further info: %s)\n
+ * in verbose mode to further explain an error. That message is
+ * intended to help debug a problem and should not be translated.
+ */
void
-print_digest_algo_note( int algo )
+print_further_info (const char *format, ...)
{
- if( algo >= 100 && algo <= 110 )
- no_exp_algo();
+ va_list arg_ptr;
+
+ if (!opt.verbose)
+ return;
+
+ log_info (_("(further info: "));
+ va_start (arg_ptr, format);
+ log_logv (GPGRT_LOG_CONT, format, arg_ptr);
+ va_end (arg_ptr);
+ log_printf (")\n");
}
-/* Return a string which is used as a kind of process ID */
-const byte *
-get_session_marker( size_t *rlen )
+/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
+ this for algorithms we implemented in Libgcrypt after they become
+ part of OpenPGP. */
+enum gcry_cipher_algos
+map_cipher_openpgp_to_gcry (cipher_algo_t algo)
{
- static byte marker[SIZEOF_UNSIGNED_LONG*2];
- static int initialized;
+ switch (algo)
+ {
+ case CIPHER_ALGO_NONE: return GCRY_CIPHER_NONE;
+
+#ifdef GPG_USE_IDEA
+ case CIPHER_ALGO_IDEA: return GCRY_CIPHER_IDEA;
+#else
+ case CIPHER_ALGO_IDEA: return 0;
+#endif
+
+ case CIPHER_ALGO_3DES: return GCRY_CIPHER_3DES;
+
+#ifdef GPG_USE_CAST5
+ case CIPHER_ALGO_CAST5: return GCRY_CIPHER_CAST5;
+#else
+ case CIPHER_ALGO_CAST5: return 0;
+#endif
- if ( !initialized ) {
- volatile ulong aa, bb; /* we really want the uninitialized value */
- ulong a, b;
+#ifdef GPG_USE_BLOWFISH
+ case CIPHER_ALGO_BLOWFISH: return GCRY_CIPHER_BLOWFISH;
+#else
+ case CIPHER_ALGO_BLOWFISH: return 0;
+#endif
+
+#ifdef GPG_USE_AES128
+ case CIPHER_ALGO_AES: return GCRY_CIPHER_AES;
+#else
+ case CIPHER_ALGO_AES: return 0;
+#endif
+
+#ifdef GPG_USE_AES192
+ case CIPHER_ALGO_AES192: return GCRY_CIPHER_AES192;
+#else
+ case CIPHER_ALGO_AES192: return 0;
+#endif
- initialized = 1;
- /* also this marker is guessable it is not easy to use this
- * for a faked control packet because an attacker does not
- * have enough control about the time the verification does
- * take place. Of course, we can add just more random but
- * than we need the random generator even for verification
- * tasks - which does not make sense. */
- a = aa ^ (ulong)getpid();
- b = bb ^ (ulong)time(NULL);
- memcpy( marker, &a, SIZEOF_UNSIGNED_LONG );
- memcpy( marker+SIZEOF_UNSIGNED_LONG, &b, SIZEOF_UNSIGNED_LONG );
+#ifdef GPG_USE_AES256
+ case CIPHER_ALGO_AES256: return GCRY_CIPHER_AES256;
+#else
+ case CIPHER_ALGO_AES256: return 0;
+#endif
+
+#ifdef GPG_USE_TWOFISH
+ case CIPHER_ALGO_TWOFISH: return GCRY_CIPHER_TWOFISH;
+#else
+ case CIPHER_ALGO_TWOFISH: return 0;
+#endif
+
+#ifdef GPG_USE_CAMELLIA128
+ case CIPHER_ALGO_CAMELLIA128: return GCRY_CIPHER_CAMELLIA128;
+#else
+ case CIPHER_ALGO_CAMELLIA128: return 0;
+#endif
+
+#ifdef GPG_USE_CAMELLIA192
+ case CIPHER_ALGO_CAMELLIA192: return GCRY_CIPHER_CAMELLIA192;
+#else
+ case CIPHER_ALGO_CAMELLIA192: return 0;
+#endif
+
+#ifdef GPG_USE_CAMELLIA256
+ case CIPHER_ALGO_CAMELLIA256: return GCRY_CIPHER_CAMELLIA256;
+#else
+ case CIPHER_ALGO_CAMELLIA256: return 0;
+#endif
+ }
+ return 0;
+}
+
+/* The inverse function of above. */
+static cipher_algo_t
+map_cipher_gcry_to_openpgp (enum gcry_cipher_algos algo)
+{
+ switch (algo)
+ {
+ case GCRY_CIPHER_NONE: return CIPHER_ALGO_NONE;
+ case GCRY_CIPHER_IDEA: return CIPHER_ALGO_IDEA;
+ case GCRY_CIPHER_3DES: return CIPHER_ALGO_3DES;
+ case GCRY_CIPHER_CAST5: return CIPHER_ALGO_CAST5;
+ case GCRY_CIPHER_BLOWFISH: return CIPHER_ALGO_BLOWFISH;
+ case GCRY_CIPHER_AES: return CIPHER_ALGO_AES;
+ case GCRY_CIPHER_AES192: return CIPHER_ALGO_AES192;
+ case GCRY_CIPHER_AES256: return CIPHER_ALGO_AES256;
+ case GCRY_CIPHER_TWOFISH: return CIPHER_ALGO_TWOFISH;
+ case GCRY_CIPHER_CAMELLIA128: return CIPHER_ALGO_CAMELLIA128;
+ case GCRY_CIPHER_CAMELLIA192: return CIPHER_ALGO_CAMELLIA192;
+ case GCRY_CIPHER_CAMELLIA256: return CIPHER_ALGO_CAMELLIA256;
+ default: return 0;
+ }
+}
+
+/* Map Gcrypt public key algorithm numbers to those used by OpenPGP.
+ FIXME: This mapping is used at only two places - we should get rid
+ of it. */
+pubkey_algo_t
+map_pk_gcry_to_openpgp (enum gcry_pk_algos algo)
+{
+ switch (algo)
+ {
+ case GCRY_PK_ECDSA: return PUBKEY_ALGO_ECDSA;
+ case GCRY_PK_ECDH: return PUBKEY_ALGO_ECDH;
+ default: return algo < 110 ? algo : 0;
+ }
+}
+
+
+/* Return the block length of an OpenPGP cipher algorithm. */
+int
+openpgp_cipher_blocklen (cipher_algo_t algo)
+{
+ /* We use the numbers from OpenPGP to be sure that we get the right
+ block length. This is so that the packet parsing code works even
+ for unknown algorithms (for which we assume 8 due to tradition).
+
+ NOTE: If you change the the returned blocklen above 16, check
+ the callers because they may use a fixed size buffer of that
+ size. */
+ switch (algo)
+ {
+ case CIPHER_ALGO_AES:
+ case CIPHER_ALGO_AES192:
+ case CIPHER_ALGO_AES256:
+ case CIPHER_ALGO_TWOFISH:
+ case CIPHER_ALGO_CAMELLIA128:
+ case CIPHER_ALGO_CAMELLIA192:
+ case CIPHER_ALGO_CAMELLIA256:
+ return 16;
+
+ default:
+ return 8;
}
- *rlen = sizeof(marker);
- return marker;
}
/****************
- * Wrapper around the libgcrypt function with addional checks on
- * openPGP contraints for the algo ID.
+ * Wrapper around the libgcrypt function with additional checks on
+ * the OpenPGP contraints for the algo ID.
*/
int
-openpgp_cipher_test_algo( int algo )
+openpgp_cipher_test_algo (cipher_algo_t algo)
{
- if( algo < 0 || algo > 110 )
- return GPG_ERR_CIPHER_ALGO;
- return gcry_cipher_test_algo (algo);
+ enum gcry_cipher_algos ga;
+
+ ga = map_cipher_openpgp_to_gcry (algo);
+ if (!ga)
+ return gpg_error (GPG_ERR_CIPHER_ALGO);
+
+ return gcry_cipher_test_algo (ga);
}
+/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *
+openpgp_cipher_algo_name (cipher_algo_t algo)
+{
+ switch (algo)
+ {
+ case CIPHER_ALGO_NONE: break;
+ case CIPHER_ALGO_IDEA: return "IDEA";
+ case CIPHER_ALGO_3DES: return "3DES";
+ case CIPHER_ALGO_CAST5: return "CAST5";
+ case CIPHER_ALGO_BLOWFISH: return "BLOWFISH";
+ case CIPHER_ALGO_AES: return "AES";
+ case CIPHER_ALGO_AES192: return "AES192";
+ case CIPHER_ALGO_AES256: return "AES256";
+ case CIPHER_ALGO_TWOFISH: return "TWOFISH";
+ case CIPHER_ALGO_CAMELLIA128: return "CAMELLIA128";
+ case CIPHER_ALGO_CAMELLIA192: return "CAMELLIA192";
+ case CIPHER_ALGO_CAMELLIA256: return "CAMELLIA256";
+ }
+ return "?";
+}
+
+
+/* Return 0 if ALGO is a supported OpenPGP public key algorithm. */
+int
+openpgp_pk_test_algo (pubkey_algo_t algo)
+{
+ return openpgp_pk_test_algo2 (algo, 0);
+}
+
+
+/* Return 0 if ALGO is a supported OpenPGP public key algorithm and
+ allows the usage USE. */
int
-openpgp_pk_test_algo( int algo, unsigned int usage_flags )
+openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
{
- size_t value = usage_flags;
+ enum gcry_pk_algos ga = 0;
+ size_t use_buf = use;
+
+ switch (algo)
+ {
+#ifdef GPG_USE_RSA
+ case PUBKEY_ALGO_RSA: ga = GCRY_PK_RSA; break;
+ case PUBKEY_ALGO_RSA_E: ga = GCRY_PK_RSA_E; break;
+ case PUBKEY_ALGO_RSA_S: ga = GCRY_PK_RSA_S; break;
+#else
+ case PUBKEY_ALGO_RSA: break;
+ case PUBKEY_ALGO_RSA_E: break;
+ case PUBKEY_ALGO_RSA_S: break;
+#endif
+
+ case PUBKEY_ALGO_ELGAMAL_E: ga = GCRY_PK_ELG; break;
+ case PUBKEY_ALGO_DSA: ga = GCRY_PK_DSA; break;
+
+#ifdef GPG_USE_ECDH
+ case PUBKEY_ALGO_ECDH: ga = GCRY_PK_ECC; break;
+#else
+ case PUBKEY_ALGO_ECDH: break;
+#endif
- if (algo == GCRY_PK_ELG_E)
- algo = GCRY_PK_ELG;
-#ifdef __GNUC__
-#warning need to handle the usage here?
+#ifdef GPG_USE_ECDSA
+ case PUBKEY_ALGO_ECDSA: ga = GCRY_PK_ECC; break;
+#else
+ case PUBKEY_ALGO_ECDSA: break;
#endif
- if (algo < 0 || algo > 110)
- return GPG_ERR_PUBKEY_ALGO;
- return gcry_pk_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, &value);
+
+#ifdef GPG_USE_EDDSA
+ case PUBKEY_ALGO_EDDSA: ga = GCRY_PK_ECC; break;
+#else
+ case PUBKEY_ALGO_EDDSA: break;
+#endif
+
+ case PUBKEY_ALGO_ELGAMAL:
+ /* Dont't allow type 20 keys unless in rfc2440 mode. */
+ if (RFC2440)
+ ga = GCRY_PK_ELG;
+ break;
+ }
+ if (!ga)
+ return gpg_error (GPG_ERR_PUBKEY_ALGO);
+
+ /* No check whether Libgcrypt has support for the algorithm. */
+ return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
}
-int
+
+int
openpgp_pk_algo_usage ( int algo )
{
- int use = 0;
-
- /* they are hardwired in gpg 1.0 */
- switch ( algo ) {
+ int use = 0;
+
+ /* They are hardwired in gpg 1.0. */
+ switch ( algo ) {
case PUBKEY_ALGO_RSA:
- use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
+ use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
+ | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH);
break;
case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_ECDH:
use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_RSA_S:
- use = PUBKEY_USAGE_SIG;
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
+ break;
+ case PUBKEY_ALGO_ELGAMAL:
+ if (RFC2440)
+ use = PUBKEY_USAGE_ENC;
break;
case PUBKEY_ALGO_ELGAMAL_E:
use = PUBKEY_USAGE_ENC;
break;
- case PUBKEY_ALGO_DSA:
- use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
- break;
- case PUBKEY_ALGO_ELGAMAL:
- use = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH;
+ case PUBKEY_ALGO_DSA:
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break;
+ case PUBKEY_ALGO_ECDSA:
+ case PUBKEY_ALGO_EDDSA:
+ use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
default:
break;
}
return use;
}
-int
-openpgp_md_test_algo( int algo )
+/* Map the OpenPGP pubkey algorithm whose ID is contained in ALGO to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *
+openpgp_pk_algo_name (pubkey_algo_t algo)
{
- if( algo < 0 || algo > 110 )
- return GPG_ERR_DIGEST_ALGO;
- return gcry_md_test_algo (algo);
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S: return "RSA";
+ case PUBKEY_ALGO_ELGAMAL:
+ case PUBKEY_ALGO_ELGAMAL_E: return "ELG";
+ case PUBKEY_ALGO_DSA: return "DSA";
+ case PUBKEY_ALGO_ECDH: return "ECDH";
+ case PUBKEY_ALGO_ECDSA: return "ECDSA";
+ case PUBKEY_ALGO_EDDSA: return "EDDSA";
+ }
+ return "?";
}
-int
-openpgp_md_map_name (const char *string)
+
+/* Explicit mapping of OpenPGP digest algos to Libgcrypt. */
+/* FIXME: We do not yes use it everywhere. */
+enum gcry_md_algos
+map_md_openpgp_to_gcry (digest_algo_t algo)
{
- int i = gcry_md_map_name (string);
+ switch (algo)
+ {
+#ifdef GPG_USE_MD5
+ case DIGEST_ALGO_MD5: return GCRY_MD_MD5;
+#else
+ case DIGEST_ALGO_MD5: return 0;
+#endif
- if (!i && (string[0]=='H' || string[0]=='h'))
- { /* Didn't find it, so try the Hx format */
- long val;
- char *endptr;
+ case DIGEST_ALGO_SHA1: return GCRY_MD_SHA1;
- string++;
-
- val=strtol(string,&endptr,10);
- if (*string!='\0' && *endptr=='\0' && !openpgp_md_test_algo(val))
- i = val;
- }
- return i < 0 || i > 110? 0 : i;
-}
+#ifdef GPG_USE_RMD160
+ case DIGEST_ALGO_RMD160: return GCRY_MD_RMD160;
+#else
+ case DIGEST_ALGO_RMD160: return 0;
+#endif
-int
-openpgp_cipher_map_name (const char *string)
-{
- int i = gcry_cipher_map_name (string);
+#ifdef GPG_USE_SHA224
+ case DIGEST_ALGO_SHA224: return GCRY_MD_SHA224;
+#else
+ case DIGEST_ALGO_SHA224: return 0;
+#endif
- if (!i && (string[0]=='S' || string[0]=='s'))
- { /* Didn't find it, so try the Sx format */
- long val;
- char *endptr;
+ case DIGEST_ALGO_SHA256: return GCRY_MD_SHA256;
- string++;
-
- val=strtol(string,&endptr,10);
- if (*string!='\0' && *endptr=='\0' && !openpgp_cipher_test_algo(val))
- i = val;
+#ifdef GPG_USE_SHA384
+ case DIGEST_ALGO_SHA384: return GCRY_MD_SHA384;
+#else
+ case DIGEST_ALGO_SHA384: return 0;
+#endif
+
+#ifdef GPG_USE_SHA512
+ case DIGEST_ALGO_SHA512: return GCRY_MD_SHA512;
+#else
+ case DIGEST_ALGO_SHA512: return 0;
+#endif
}
- return i < 0 || i > 110? 0 : i;
+ return 0;
}
+
+/* Return 0 if ALGO is suitable and implemented OpenPGP hash
+ algorithm. */
int
-openpgp_pk_map_name (const char *string)
+openpgp_md_test_algo (digest_algo_t algo)
{
- int i = gcry_pk_map_name (string);
- return i < 0 || i > 110? 0 : i;
+ enum gcry_md_algos ga;
+
+ ga = map_md_openpgp_to_gcry (algo);
+ if (!ga)
+ return gpg_error (GPG_ERR_DIGEST_ALGO);
+
+ return gcry_md_test_algo (ga);
}
-#ifdef USE_IDEA
-/* Special warning for the IDEA cipher */
-void
-idea_cipher_warn(int show)
-{
- static int warned=0;
- if(!warned || show)
+/* Map the OpenPGP digest algorithm whose ID is contained in ALGO to a
+ string representation of the algorithm name. For unknown algorithm
+ IDs this function returns "?". */
+const char *
+openpgp_md_algo_name (int algo)
+{
+ switch (algo)
{
- log_info(_("the IDEA cipher plugin is not present\n"));
- log_info(_("please see http://www.gnupg.org/why-not-idea.html "
- "for more information\n"));
- warned=1;
+ case DIGEST_ALGO_MD5: return "MD5";
+ case DIGEST_ALGO_SHA1: return "SHA1";
+ case DIGEST_ALGO_RMD160: return "RIPEMD160";
+ case DIGEST_ALGO_SHA256: return "SHA256";
+ case DIGEST_ALGO_SHA384: return "SHA384";
+ case DIGEST_ALGO_SHA512: return "SHA512";
+ case DIGEST_ALGO_SHA224: return "SHA224";
}
+ return "?";
}
+
+
+static unsigned long
+get_signature_count (PKT_public_key *pk)
+{
+#ifdef ENABLE_CARD_SUPPORT
+ struct agent_card_info_s info;
+
+ (void)pk;
+ if (!agent_scd_getattr ("SIG-COUNTER",&info))
+ return info.sig_counter;
+ else
+ return 0;
+#else
+ (void)pk;
+ return 0;
#endif
+}
-/* Expand %-strings. Returns a string which must be m_freed. Returns
+/* Expand %-strings. Returns a string which must be xfreed. Returns
NULL if the string cannot be expanded (too large). */
char *
pct_expando(const char *string,struct expando_args *args)
if(args->pk)
keyid_from_pk(args->pk,pk_keyid);
- if(args->sk)
- keyid_from_sk(args->sk,sk_keyid);
+ if(args->pksk)
+ keyid_from_pk (args->pksk, sk_keyid);
/* This is used so that %k works in photoid command strings in
--list-secret-keys (which of course has a sk, but no pk). */
- if(!args->pk && args->sk)
- keyid_from_sk(args->sk,pk_keyid);
+ if(!args->pk && args->pksk)
+ keyid_from_pk (args->pksk, pk_keyid);
while(*ch!='\0')
{
- char *str=NULL;
-
if(!done)
{
/* 8192 is way bigger than we'll need here */
goto fail;
maxlen+=1024;
- ret= xrealloc(ret,maxlen);
+ ret=xrealloc(ret,maxlen);
}
done=0;
}
break;
- case 'p': /* primary pk fingerprint of a sk */
- case 'f': /* pk fingerprint */
- case 'g': /* sk fingerprint */
+ case 'U': /* z-base-32 encoded user id hash. */
+ if (args->namehash)
+ {
+ char *tmp = zb32_encode (args->namehash, 8*20);
+ if (tmp)
+ {
+ if (idx + strlen (tmp) < maxlen)
+ {
+ strcpy (ret+idx, tmp);
+ idx += strlen (tmp);
+ }
+ xfree (tmp);
+ done = 1;
+ }
+ }
+ break;
+
+ case 'c': /* signature count from card, if any. */
+ if(idx+10<maxlen)
+ {
+ sprintf (&ret[idx],"%lu", get_signature_count (args->pksk));
+ idx+=strlen(&ret[idx]);
+ done=1;
+ }
+ break;
+
+ case 'f': /* Fingerprint of key being signed */
+ case 'p': /* Fingerprint of the primary key making the signature. */
+ case 'g': /* Fingerprint of the key making the signature. */
{
byte array[MAX_FINGERPRINT_LEN];
size_t len;
int i;
- if( ch[1]=='p' && args->sk)
+ if ((*(ch+1))=='f' && args->pk)
+ fingerprint_from_pk (args->pk, array, &len);
+ else if ((*(ch+1))=='p' && args->pksk)
{
- if(args->sk->is_primary)
- fingerprint_from_sk(args->sk,array,&len);
- else if(args->sk->main_keyid[0] || args->sk->main_keyid[1])
+ if(args->pksk->flags.primary)
+ fingerprint_from_pk (args->pksk, array, &len);
+ else if (args->pksk->main_keyid[0]
+ || args->pksk->main_keyid[1])
{
- PKT_public_key *pk= xcalloc(1, sizeof(PKT_public_key));
+ /* Not the primary key: Find the fingerprint
+ of the primary key. */
+ PKT_public_key *pk=
+ xmalloc_clear(sizeof(PKT_public_key));
- if(get_pubkey_fast(pk,args->sk->main_keyid)==0)
- fingerprint_from_pk(pk,array,&len);
+ if (!get_pubkey_fast (pk,args->pksk->main_keyid))
+ fingerprint_from_pk (pk, array, &len);
else
- memset(array,0,(len=MAX_FINGERPRINT_LEN));
- free_public_key(pk);
+ memset (array, 0, (len=MAX_FINGERPRINT_LEN));
+ free_public_key (pk);
}
- else
+ else /* Oops: info about the primary key missing. */
memset(array,0,(len=MAX_FINGERPRINT_LEN));
}
- else if( ch[1]=='f' && args->pk)
- fingerprint_from_pk(args->pk,array,&len);
- else if( ch[1]=='g' && args->sk)
- fingerprint_from_sk(args->sk,array,&len);
+ else if((*(ch+1))=='g' && args->pksk)
+ fingerprint_from_pk (args->pksk, array, &len);
else
- memset(array, 0, (len=MAX_FINGERPRINT_LEN));
+ memset(array,0,(len=MAX_FINGERPRINT_LEN));
if(idx+(len*2)<maxlen)
{
}
break;
- case 't': /* e.g. "jpg" */
- str=image_type_to_string(args->imagetype,0);
- /* fall through */
-
- case 'T': /* e.g. "image/jpeg" */
- if(str==NULL)
- str=image_type_to_string(args->imagetype,2);
-
- if(idx+strlen(str)<maxlen)
+ case 'v': /* validity letters */
+ if(args->validity_info && idx+1<maxlen)
{
- strcpy(&ret[idx],str);
- idx+=strlen(str);
+ ret[idx++]=args->validity_info;
+ ret[idx]='\0';
done=1;
}
break;
+ /* The text string types */
+ case 't':
+ case 'T':
+ case 'V':
+ {
+ const char *str=NULL;
+
+ switch(*(ch+1))
+ {
+ case 't': /* e.g. "jpg" */
+ str=image_type_to_string(args->imagetype,0);
+ break;
+
+ case 'T': /* e.g. "image/jpeg" */
+ str=image_type_to_string(args->imagetype,2);
+ break;
+
+ case 'V': /* e.g. "full", "expired", etc. */
+ str=args->validity_string;
+ break;
+ }
+
+ if(str && idx+strlen(str)<maxlen)
+ {
+ strcpy(&ret[idx],str);
+ idx+=strlen(str);
+ done=1;
+ }
+ }
+ break;
+
case '%':
if(idx+1<maxlen)
{
return ret;
fail:
- xfree (ret);
+ xfree(ret);
return NULL;
}
-int
-hextobyte( const char *s )
-{
- int c;
-
- if( *s >= '0' && *s <= '9' )
- c = 16 * (*s - '0');
- else if( *s >= 'A' && *s <= 'F' )
- c = 16 * (10 + *s - 'A');
- else if( *s >= 'a' && *s <= 'f' )
- c = 16 * (10 + *s - 'a');
- else
- return -1;
- s++;
- if( *s >= '0' && *s <= '9' )
- c += *s - '0';
- else if( *s >= 'A' && *s <= 'F' )
- c += 10 + *s - 'A';
- else if( *s >= 'a' && *s <= 'f' )
- c += 10 + *s - 'a';
- else
- return -1;
- return c;
-}
-
void
deprecated_warning(const char *configname,unsigned int configlineno,
const char *option,const char *repl1,const char *repl2)
log_info(_("please use \"%s%s\" instead\n"),repl1,repl2);
}
+
+void
+deprecated_command (const char *name)
+{
+ log_info(_("WARNING: \"%s\" is a deprecated command - do not use it\n"),
+ name);
+}
+
+
+void
+obsolete_scdaemon_option (const char *configname, unsigned int configlineno,
+ const char *name)
+{
+ if (configname)
+ log_info (_("%s:%u: \"%s\" is obsolete in this file"
+ " - it only has effect in %s\n"),
+ configname, configlineno, name, SCDAEMON_NAME EXTSEP_S "conf");
+ else
+ log_info (_("WARNING: \"%s%s\" is an obsolete option"
+ " - it has no effect except on %s\n"),
+ "--", name, SCDAEMON_NAME);
+}
+
+
+/*
+ * Wrapper around gcry_cipher_map_name to provide a fallback using the
+ * "Sn" syntax as used by the preference strings.
+ */
+int
+string_to_cipher_algo (const char *string)
+{
+ int val;
+
+ val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
+ if (!val && string && (string[0]=='S' || string[0]=='s'))
+ {
+ char *endptr;
+
+ string++;
+ val = strtol (string, &endptr, 10);
+ if (!*string || *endptr || openpgp_cipher_test_algo (val))
+ val = 0;
+ }
+
+ return val;
+}
+
+/*
+ * Wrapper around gcry_md_map_name to provide a fallback using the
+ * "Hn" syntax as used by the preference strings.
+ */
+int
+string_to_digest_algo (const char *string)
+{
+ int val;
+
+ /* FIXME: We should make use of our wrapper function and not assume
+ that there is a 1 to 1 mapping between OpenPGP and Libgcrypt. */
+ val = gcry_md_map_name (string);
+ if (!val && string && (string[0]=='H' || string[0]=='h'))
+ {
+ char *endptr;
+
+ string++;
+ val = strtol (string, &endptr, 10);
+ if (!*string || *endptr || openpgp_md_test_algo (val))
+ val = 0;
+ }
+
+ return val;
+}
+
+
+
const char *
compress_algo_to_string(int algo)
{
- const char *s="?";
+ const char *s=NULL;
switch(algo)
{
- case 0:
- s="Uncompressed";
+ case COMPRESS_ALGO_NONE:
+ s=_("Uncompressed");
break;
- case 1:
+ case COMPRESS_ALGO_ZIP:
s="ZIP";
break;
- case 2:
+ case COMPRESS_ALGO_ZLIB:
s="ZLIB";
break;
+
+#ifdef HAVE_BZIP2
+ case COMPRESS_ALGO_BZIP2:
+ s="BZIP2";
+ break;
+#endif
}
return s;
int
string_to_compress_algo(const char *string)
{
- if(ascii_strcasecmp(string,"uncompressed")==0)
+ /* TRANSLATORS: See doc/TRANSLATE about this string. */
+ if(match_multistr(_("uncompressed|none"),string))
+ return 0;
+ else if(ascii_strcasecmp(string,"uncompressed")==0)
+ return 0;
+ else if(ascii_strcasecmp(string,"none")==0)
return 0;
else if(ascii_strcasecmp(string,"zip")==0)
return 1;
else if(ascii_strcasecmp(string,"zlib")==0)
return 2;
+#ifdef HAVE_BZIP2
+ else if(ascii_strcasecmp(string,"bzip2")==0)
+ return 3;
+#endif
else if(ascii_strcasecmp(string,"z0")==0)
return 0;
else if(ascii_strcasecmp(string,"z1")==0)
return 1;
else if(ascii_strcasecmp(string,"z2")==0)
return 2;
+#ifdef HAVE_BZIP2
+ else if(ascii_strcasecmp(string,"z3")==0)
+ return 3;
+#endif
else
return -1;
}
int
check_compress_algo(int algo)
{
- if(algo>=0 && algo<=2)
- return 0;
-
- return GPG_ERR_COMPR_ALGO;
+ switch (algo)
+ {
+ case 0: return 0;
+#ifdef HAVE_ZIP
+ case 1:
+ case 2: return 0;
+#endif
+#ifdef HAVE_BZIP2
+ case 3: return 0;
+#endif
+ default: return GPG_ERR_COMPR_ALGO;
+ }
}
int
}
/* There is no default_digest_algo function, but see
- sign.c:hash_for */
+ sign.c:hash_for() */
int
default_compress_algo(void)
{
- if(opt.def_compress_algo!=-1)
- return opt.def_compress_algo;
+ if(opt.compress_algo!=-1)
+ return opt.compress_algo;
else if(opt.personal_compress_prefs)
return opt.personal_compress_prefs[0].value;
else
const char *
compliance_option_string(void)
{
+ char *ver="???";
+
switch(opt.compliance)
{
- case CO_RFC2440:
- return "--openpgp";
- case CO_PGP2:
- return "--pgp2";
- case CO_PGP6:
- return "--pgp6";
- case CO_PGP7:
- return "--pgp7";
- case CO_PGP8:
- return "--pgp8";
- default:
- return "???";
+ case CO_GNUPG: return "--gnupg";
+ case CO_RFC4880: return "--openpgp";
+ case CO_RFC2440: return "--rfc2440";
+ case CO_PGP6: return "--pgp6";
+ case CO_PGP7: return "--pgp7";
+ case CO_PGP8: return "--pgp8";
+ case CO_DE_VS: return "--compliance=de-vs";
}
+
+ return ver;
}
-static const char *
-compliance_string(void)
+void
+compliance_failure(void)
{
+ char *ver="???";
+
switch(opt.compliance)
{
+ case CO_GNUPG:
+ ver="GnuPG";
+ break;
+
+ case CO_RFC4880:
+ ver="OpenPGP";
+ break;
+
case CO_RFC2440:
- return "OpenPGP";
- case CO_PGP2:
- return "PGP 2.x";
+ ver="OpenPGP (older)";
+ break;
+
case CO_PGP6:
- return "PGP 6.x";
+ ver="PGP 6.x";
+ break;
+
case CO_PGP7:
- return "PGP 7.x";
+ ver="PGP 7.x";
+ break;
+
case CO_PGP8:
- return "PGP 8.x";
- default:
- return "???";
+ ver="PGP 8.x";
+ break;
+
+ case CO_DE_VS:
+ ver="DE-VS applications";
+ break;
}
+
+ log_info(_("this message may not be usable by %s\n"),ver);
+ opt.compliance=CO_GNUPG;
}
-void
-compliance_failure(void)
+/* Break a string into successive option pieces. Accepts single word
+ options and key=value argument options. */
+char *
+optsep(char **stringp)
{
- log_info(_("this message may not be usable by %s\n"),compliance_string());
- opt.compliance=CO_GNUPG;
+ char *tok,*end;
+
+ tok=*stringp;
+ if(tok)
+ {
+ end=strpbrk(tok," ,=");
+ if(end)
+ {
+ int sawequals=0;
+ char *ptr=end;
+
+ /* what we need to do now is scan along starting with *end,
+ If the next character we see (ignoring spaces) is an =
+ sign, then there is an argument. */
+
+ while(*ptr)
+ {
+ if(*ptr=='=')
+ sawequals=1;
+ else if(*ptr!=' ')
+ break;
+ ptr++;
+ }
+
+ /* There is an argument, so grab that too. At this point,
+ ptr points to the first character of the argument. */
+ if(sawequals)
+ {
+ /* Is it a quoted argument? */
+ if(*ptr=='"')
+ {
+ ptr++;
+ end=strchr(ptr,'"');
+ if(end)
+ end++;
+ }
+ else
+ end=strpbrk(ptr," ,");
+ }
+
+ if(end && *end)
+ {
+ *end='\0';
+ *stringp=end+1;
+ }
+ else
+ *stringp=NULL;
+ }
+ else
+ *stringp=NULL;
+ }
+
+ return tok;
+}
+
+/* Breaks an option value into key and value. Returns NULL if there
+ is no value. Note that "string" is modified to remove the =value
+ part. */
+char *
+argsplit(char *string)
+{
+ char *equals,*arg=NULL;
+
+ equals=strchr(string,'=');
+ if(equals)
+ {
+ char *quote,*space;
+
+ *equals='\0';
+ arg=equals+1;
+
+ /* Quoted arg? */
+ quote=strchr(arg,'"');
+ if(quote)
+ {
+ arg=quote+1;
+
+ quote=strchr(arg,'"');
+ if(quote)
+ *quote='\0';
+ }
+ else
+ {
+ size_t spaces;
+
+ /* Trim leading spaces off of the arg */
+ spaces=strspn(arg," ");
+ arg+=spaces;
+ }
+
+ /* Trim tailing spaces off of the tag */
+ space=strchr(string,' ');
+ if(space)
+ *space='\0';
+ }
+
+ return arg;
+}
+
+/* Return the length of the initial token, leaving off any
+ argument. */
+static size_t
+optlen(const char *s)
+{
+ char *end=strpbrk(s," =");
+
+ if(end)
+ return end-s;
+ else
+ return strlen(s);
}
int
-parse_options(char *str,unsigned int *options,struct parse_options *opts)
+parse_options(char *str,unsigned int *options,
+ struct parse_options *opts,int noisy)
{
char *tok;
- while((tok=strsep(&str," ,")))
+ if (str && !strcmp (str, "help"))
+ {
+ int i,maxlen=0;
+
+ /* Figure out the longest option name so we can line these up
+ neatly. */
+ for(i=0;opts[i].name;i++)
+ if(opts[i].help && maxlen<strlen(opts[i].name))
+ maxlen=strlen(opts[i].name);
+
+ for(i=0;opts[i].name;i++)
+ if(opts[i].help)
+ es_printf("%s%*s%s\n",opts[i].name,
+ maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help));
+
+ g10_exit(0);
+ }
+
+ while((tok=optsep(&str)))
{
int i,rev=0;
+ char *otok=tok;
if(tok[0]=='\0')
continue;
for(i=0;opts[i].name;i++)
{
- if(ascii_strcasecmp(opts[i].name,tok)==0)
+ size_t toklen=optlen(tok);
+
+ if(ascii_strncasecmp(opts[i].name,tok,toklen)==0)
{
+ /* We have a match, but it might be incomplete */
+ if(toklen!=strlen(opts[i].name))
+ {
+ int j;
+
+ for(j=i+1;opts[j].name;j++)
+ {
+ if(ascii_strncasecmp(opts[j].name,tok,toklen)==0)
+ {
+ if(noisy)
+ log_info(_("ambiguous option '%s'\n"),otok);
+ return 0;
+ }
+ }
+ }
+
if(rev)
- *options&=~opts[i].bit;
+ {
+ *options&=~opts[i].bit;
+ if(opts[i].value)
+ *opts[i].value=NULL;
+ }
else
- *options|=opts[i].bit;
+ {
+ *options|=opts[i].bit;
+ if(opts[i].value)
+ *opts[i].value=argsplit(tok);
+ }
break;
}
}
if(!opts[i].name)
- return 0;
+ {
+ if(noisy)
+ log_info(_("unknown option '%s'\n"),otok);
+ return 0;
+ }
}
return 1;
}
-
-/* Temporary helper. */
+/* Similar to access(2), but uses PATH to find the file. */
int
-pubkey_get_npkey( int algo )
+path_access(const char *file,int mode)
{
- size_t n;
+ char *envpath;
+ int ret=-1;
- if (algo == GCRY_PK_ELG_E)
- algo = GCRY_PK_ELG;
- if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
- n = 0;
- return n;
+ envpath=getenv("PATH");
+
+ if(!envpath
+#ifdef HAVE_DRIVE_LETTERS
+ || (((file[0]>='A' && file[0]<='Z')
+ || (file[0]>='a' && file[0]<='z'))
+ && file[1]==':')
+#else
+ || file[0]=='/'
+#endif
+ )
+ return access(file,mode);
+ else
+ {
+ /* At least as large as, but most often larger than we need. */
+ char *buffer=xmalloc(strlen(envpath)+1+strlen(file)+1);
+ char *split,*item,*path=xstrdup(envpath);
+
+ split=path;
+
+ while((item=strsep(&split,PATHSEP_S)))
+ {
+ strcpy(buffer,item);
+ strcat(buffer,"/");
+ strcat(buffer,file);
+ ret=access(buffer,mode);
+ if(ret==0)
+ break;
+ }
+
+ xfree(path);
+ xfree(buffer);
+ }
+
+ return ret;
}
-/* Temporary helper. */
+
+\f
+/* Return the number of public key parameters as used by OpenPGP. */
int
-pubkey_get_nskey( int algo )
+pubkey_get_npkey (pubkey_algo_t algo)
{
- size_t n;
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S: return 2;
+ case PUBKEY_ALGO_ELGAMAL_E: return 3;
+ case PUBKEY_ALGO_DSA: return 4;
+ case PUBKEY_ALGO_ECDH: return 3;
+ case PUBKEY_ALGO_ECDSA: return 2;
+ case PUBKEY_ALGO_ELGAMAL: return 3;
+ case PUBKEY_ALGO_EDDSA: return 2;
+ }
+ return 0;
+}
- if (algo == GCRY_PK_ELG_E)
- algo = GCRY_PK_ELG;
- if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
- n = 0;
- return n;
+
+/* Return the number of secret key parameters as used by OpenPGP. */
+int
+pubkey_get_nskey (pubkey_algo_t algo)
+{
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S: return 6;
+ case PUBKEY_ALGO_ELGAMAL_E: return 4;
+ case PUBKEY_ALGO_DSA: return 5;
+ case PUBKEY_ALGO_ECDH: return 4;
+ case PUBKEY_ALGO_ECDSA: return 3;
+ case PUBKEY_ALGO_ELGAMAL: return 4;
+ case PUBKEY_ALGO_EDDSA: return 3;
+ }
+ return 0;
}
/* Temporary helper. */
int
-pubkey_get_nsig( int algo )
+pubkey_get_nsig (pubkey_algo_t algo)
{
- size_t n;
-
- if (algo == GCRY_PK_ELG_E)
- algo = GCRY_PK_ELG;
- if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
- n = 0;
- return n;
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S: return 1;
+ case PUBKEY_ALGO_ELGAMAL_E: return 0;
+ case PUBKEY_ALGO_DSA: return 2;
+ case PUBKEY_ALGO_ECDH: return 0;
+ case PUBKEY_ALGO_ECDSA: return 2;
+ case PUBKEY_ALGO_ELGAMAL: return 2;
+ case PUBKEY_ALGO_EDDSA: return 2;
+ }
+ return 0;
}
+
/* Temporary helper. */
int
-pubkey_get_nenc( int algo )
-{
- size_t n;
-
- if (algo == GCRY_PK_ELG_E)
- algo = GCRY_PK_ELG;
- if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
- n = 0;
- return n;
+pubkey_get_nenc (pubkey_algo_t algo)
+{
+ switch (algo)
+ {
+ case PUBKEY_ALGO_RSA:
+ case PUBKEY_ALGO_RSA_E:
+ case PUBKEY_ALGO_RSA_S: return 1;
+ case PUBKEY_ALGO_ELGAMAL_E: return 2;
+ case PUBKEY_ALGO_DSA: return 0;
+ case PUBKEY_ALGO_ECDH: return 2;
+ case PUBKEY_ALGO_ECDSA: return 0;
+ case PUBKEY_ALGO_ELGAMAL: return 2;
+ case PUBKEY_ALGO_EDDSA: return 0;
+ }
+ return 0;
}
unsigned int
pubkey_nbits( int algo, gcry_mpi_t *key )
{
- int rc, nbits;
- gcry_sexp_t sexp;
+ int rc, nbits;
+ gcry_sexp_t sexp;
- if( algo == GCRY_PK_DSA ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- key[0], key[1], key[2], key[3] );
+ if (algo == PUBKEY_ALGO_DSA
+ && key[0] && key[1] && key[2] && key[3])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ key[0], key[1], key[2], key[3] );
}
- else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(elg(p%m)(g%m)(y%m)))",
- key[0], key[1], key[2] );
+ else if ((algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
+ && key[0] && key[1] && key[2])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(elg(p%m)(g%m)(y%m)))",
+ key[0], key[1], key[2] );
}
- else if( algo == GCRY_PK_RSA ) {
- rc = gcry_sexp_build ( &sexp, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- key[0], key[1] );
+ else if (is_RSA (algo)
+ && key[0] && key[1])
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ key[0], key[1] );
}
- else
- return 0;
+ else if ((algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH
+ || algo == PUBKEY_ALGO_EDDSA)
+ && key[0] && key[1])
+ {
+ char *curve = openpgp_oid_to_str (key[0]);
+ if (!curve)
+ rc = gpg_error_from_syserror ();
+ else
+ {
+ rc = gcry_sexp_build (&sexp, NULL,
+ "(public-key(ecc(curve%s)(q%m)))",
+ curve, key[1]);
+ xfree (curve);
+ }
+ }
+ else
+ return 0;
- if ( rc )
- BUG ();
+ if (rc)
+ BUG ();
- nbits = gcry_pk_get_nbits( sexp );
- gcry_sexp_release( sexp );
- return nbits;
+ nbits = gcry_pk_get_nbits (sexp);
+ gcry_sexp_release (sexp);
+ return nbits;
}
-\f
-/* MPI helper functions. */
-/****************
- * write an mpi to out.
- */
int
-mpi_write( iobuf_t out, gcry_mpi_t a )
+mpi_print (estream_t fp, gcry_mpi_t a, int mode)
{
- char buffer[(MAX_EXTERN_MPI_BITS+7)/8];
- size_t nbytes;
- int rc;
-
- nbytes = (MAX_EXTERN_MPI_BITS+7)/8;
- rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
- if( !rc )
- rc = iobuf_write( out, buffer, nbytes );
+ int n = 0;
+ size_t nwritten;
- return rc;
+ if (!a)
+ return es_fprintf (fp, "[MPI_NULL]");
+ if (!mode)
+ {
+ unsigned int n1;
+ n1 = gcry_mpi_get_nbits(a);
+ n += es_fprintf (fp, "[%u bits]", n1);
+ }
+ else if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
+ {
+ unsigned int nbits;
+ unsigned char *p = gcry_mpi_get_opaque (a, &nbits);
+ if (!p)
+ n += es_fprintf (fp, "[invalid opaque value]");
+ else
+ {
+ if (!es_write_hexstring (fp, p, (nbits + 7)/8, 0, &nwritten))
+ n += nwritten;
+ }
+ }
+ else
+ {
+ unsigned char *buffer;
+ size_t buflen;
+
+ if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &buflen, a))
+ BUG ();
+ if (!es_write_hexstring (fp, buffer, buflen, 0, &nwritten))
+ n += nwritten;
+ gcry_free (buffer);
+ }
+ return n;
}
-/****************
- * Writyeg a MPI to out, but in this case it is an opaque one,
- * s used vor v3 protected keys.
- */
-int
-mpi_write_opaque( iobuf_t out, gcry_mpi_t a )
-{
- size_t nbytes, nbits;
- int rc;
- char *p;
- assert( gcry_mpi_get_flag( a, GCRYMPI_FLAG_OPAQUE ) );
- p = gcry_mpi_get_opaque( a, &nbits );
- nbytes = (nbits+7) / 8;
- iobuf_put( out, nbits >> 8 );
- iobuf_put( out, nbits );
- rc = iobuf_write( out, p, nbytes );
- return rc;
+/* pkey[1] or skey[1] is Q for ECDSA, which is an uncompressed point,
+ i.e. 04 <x> <y> */
+unsigned int
+ecdsa_qbits_from_Q (unsigned int qbits)
+{
+ if ((qbits%8) > 3)
+ {
+ log_error (_("ECDSA public key is expected to be in SEC encoding "
+ "multiple of 8 bits\n"));
+ return 0;
+ }
+ qbits -= qbits%8;
+ qbits /= 2;
+ return qbits;
}
-/****************
- * Read an external representation of an mpi and return the MPI
- * The external format is a 16 bit unsigned value stored in network byte order,
- * giving the number of bits for the following integer. The integer is stored
- * with MSB first (left padded with zeroes to align on a byte boundary).
- */
-gcry_mpi_t
-mpi_read(iobuf_t inp, unsigned int *ret_nread, int secure)
-{
- int c, c1, c2, i;
- unsigned int nbits, nbytes, nread=0;
- gcry_mpi_t a = NULL;
- byte *buf = NULL;
- byte *p;
-
- if( (c = c1 = iobuf_get(inp)) == -1 )
- goto leave;
- nbits = c << 8;
- if( (c = c2 = iobuf_get(inp)) == -1 )
- goto leave;
- nbits |= c;
- if( nbits > MAX_EXTERN_MPI_BITS ) {
- log_error("mpi too large (%u bits)\n", nbits);
- goto leave;
- }
- nread = 2;
- nbytes = (nbits+7) / 8;
- buf = secure? gcry_xmalloc_secure( nbytes+2 ) : gcry_xmalloc( nbytes+2 );
- p = buf;
- p[0] = c1;
- p[1] = c2;
- for( i=0 ; i < nbytes; i++ ) {
- p[i+2] = iobuf_get(inp) & 0xff;
- nread++;
- }
- nread += nbytes;
- if( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
- a = NULL;
-
- leave:
- gcry_free(buf);
- if( nread > *ret_nread )
- log_bug("mpi larger than packet");
- else
- *ret_nread = nread;
- return a;
-}
-
-/****************
- * Same as mpi_read but the value is stored as an opaque MPI.
- * This function is used to read encrypted MPI of v3 packets.
+/* Ignore signatures and certifications made over certain digest
+ * algorithms by default, MD5 is considered weak. This allows users
+ * to deprecate support for other algorithms as well.
*/
-gcry_mpi_t
-mpi_read_opaque(iobuf_t inp, unsigned *ret_nread )
-{
- int c, c1, c2, i;
- unsigned nbits, nbytes, nread=0;
- gcry_mpi_t a = NULL;
- byte *buf = NULL;
- byte *p;
-
- if( (c = c1 = iobuf_get(inp)) == -1 )
- goto leave;
- nbits = c << 8;
- if( (c = c2 = iobuf_get(inp)) == -1 )
- goto leave;
- nbits |= c;
- if( nbits > MAX_EXTERN_MPI_BITS ) {
- log_error("mpi too large (%u bits)\n", nbits);
- goto leave;
- }
- nread = 2;
- nbytes = (nbits+7) / 8;
- buf = gcry_xmalloc( nbytes );
- p = buf;
- for( i=0 ; i < nbytes; i++ ) {
- p[i] = iobuf_get(inp) & 0xff;
- }
- nread += nbytes;
- a = gcry_mpi_set_opaque(NULL, buf, nbits );
- buf = NULL;
-
- leave:
- gcry_free(buf);
- if( nread > *ret_nread )
- log_bug("mpi larger than packet");
- else
- *ret_nread = nread;
- return a;
-}
-
-
-int
-mpi_print( FILE *fp, gcry_mpi_t a, int mode )
+void
+additional_weak_digest (const char* digestname)
{
- int n=0;
+ struct weakhash *weak = NULL;
+ const enum gcry_md_algos algo = string_to_digest_algo(digestname);
- if( !a )
- return fprintf(fp, "[MPI_NULL]");
- if( !mode ) {
- unsigned int n1;
- n1 = gcry_mpi_get_nbits(a);
- n += fprintf(fp, "[%u bits]", n1);
+ if (algo == GCRY_MD_NONE)
+ {
+ log_error (_("unknown weak digest '%s'\n"), digestname);
+ return;
}
- else {
- int rc;
- char *buffer;
- rc = gcry_mpi_aprint( GCRYMPI_FMT_HEX, &buffer, NULL, a );
- assert( !rc );
- fputs( buffer, fp );
- n += strlen(buffer);
- gcry_free( buffer );
- }
- return n;
+ /* Check to ensure it's not already present. */
+ for (weak = opt.weak_digests; weak; weak = weak->next)
+ if (algo == weak->algo)
+ return;
+
+ /* Add it to the head of the list. */
+ weak = xmalloc(sizeof(*weak));
+ weak->algo = algo;
+ weak->rejection_shown = 0;
+ weak->next = opt.weak_digests;
+ opt.weak_digests = weak;
}
-
-
projects / gnupg.git / blobdiff