1 /* misc.c - miscellaneous functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
27 #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
28 #include <asm/sysinfo.h>
29 #include <asm/unistd.h>
34 #include <sys/resource.h>
36 #ifdef ENABLE_SELINUX_HACKS
40 #ifdef HAVE_W32_SYSTEM
43 #ifdef HAVE_WINSOCK2_H
44 # include <winsock2.h>
49 #define CSIDL_APPDATA 0x001a
51 #ifndef CSIDL_LOCAL_APPDATA
52 #define CSIDL_LOCAL_APPDATA 0x001c
54 #ifndef CSIDL_FLAG_CREATE
55 #define CSIDL_FLAG_CREATE 0x8000
57 #endif /*HAVE_W32_SYSTEM*/
60 #ifdef HAVE_W32_SYSTEM
62 #endif /*HAVE_W32_SYSTEM*/
67 #include "call-agent.h"
72 string_count_chr (const char *string, int c)
76 for (count=0; *string; string++ )
84 #ifdef ENABLE_SELINUX_HACKS
85 /* A object and a global variable to keep track of files marked as
87 struct secured_file_item
89 struct secured_file_item *next;
93 static struct secured_file_item *secured_files;
94 #endif /*ENABLE_SELINUX_HACKS*/
99 /* For the sake of SELinux we want to restrict access through gpg to
100 certain files we keep under our own control. This function
101 registers such a file and is_secured_file may then be used to
102 check whether a file has ben registered as secured. */
104 register_secured_file (const char *fname)
106 #ifdef ENABLE_SELINUX_HACKS
108 struct secured_file_item *sf;
110 /* Note that we stop immediatley if something goes wrong here. */
111 if (stat (fname, &buf))
112 log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname,
113 "register_secured_file", strerror (errno));
114 /* log_debug ("registering `%s' i=%lu.%lu\n", fname, */
115 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
116 for (sf=secured_files; sf; sf = sf->next)
118 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
119 return; /* Already registered. */
122 sf = xmalloc (sizeof *sf);
123 sf->ino = buf.st_ino;
124 sf->dev = buf.st_dev;
125 sf->next = secured_files;
127 #else /*!ENABLE_SELINUX_HACKS*/
129 #endif /*!ENABLE_SELINUX_HACKS*/
132 /* Remove a file registered as secure. */
134 unregister_secured_file (const char *fname)
136 #ifdef ENABLE_SELINUX_HACKS
138 struct secured_file_item *sf, *sfprev;
140 if (stat (fname, &buf))
142 log_error (_("fstat of `%s' failed in %s: %s\n"), fname,
143 "unregister_secured_file", strerror (errno));
146 /* log_debug ("unregistering `%s' i=%lu.%lu\n", fname, */
147 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
148 for (sfprev=NULL,sf=secured_files; sf; sfprev=sf, sf = sf->next)
150 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
153 sfprev->next = sf->next;
155 secured_files = sf->next;
160 #else /*!ENABLE_SELINUX_HACKS*/
162 #endif /*!ENABLE_SELINUX_HACKS*/
165 /* Return true if FD is corresponds to a secured file. Using -1 for
166 FS is allowed and will return false. */
168 is_secured_file (int fd)
170 #ifdef ENABLE_SELINUX_HACKS
172 struct secured_file_item *sf;
175 return 0; /* No file descriptor so it can't be secured either. */
177 /* Note that we print out a error here and claim that a file is
178 secure if something went wrong. */
179 if (fstat (fd, &buf))
181 log_error (_("fstat(%d) failed in %s: %s\n"), fd,
182 "is_secured_file", strerror (errno));
185 /* log_debug ("is_secured_file (%d) i=%lu.%lu\n", fd, */
186 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
187 for (sf=secured_files; sf; sf = sf->next)
189 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
192 #else /*!ENABLE_SELINUX_HACKS*/
194 #endif /*!ENABLE_SELINUX_HACKS*/
198 /* Return true if FNAME is corresponds to a secured file. Using NULL,
199 "" or "-" for FS is allowed and will return false. This function is
200 used before creating a file, thus it won't fail if the file does
203 is_secured_filename (const char *fname)
205 #ifdef ENABLE_SELINUX_HACKS
207 struct secured_file_item *sf;
209 if (iobuf_is_pipe_filename (fname) || !*fname)
212 /* Note that we print out a error here and claim that a file is
213 secure if something went wrong. */
214 if (stat (fname, &buf))
216 if (errno == ENOENT || errno == EPERM || errno == EACCES)
218 log_error (_("fstat of `%s' failed in %s: %s\n"), fname,
219 "is_secured_filename", strerror (errno));
222 /* log_debug ("is_secured_filename (%s) i=%lu.%lu\n", fname, */
223 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
224 for (sf=secured_files; sf; sf = sf->next)
226 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
229 #else /*!ENABLE_SELINUX_HACKS*/
231 #endif /*!ENABLE_SELINUX_HACKS*/
238 checksum_u16( unsigned n )
249 checksum( byte *p, unsigned n )
259 checksum_mpi (gcry_mpi_t a)
265 if ( gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a) )
267 /* Fixme: For numbers not in secure memory we should use a stack
268 * based buffer and only allocate a larger one if mpi_print returns
270 buffer = (gcry_is_secure(a)?
271 gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes));
272 if ( gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, NULL, a) )
274 csum = checksum (buffer, nbytes);
280 print_pubkey_algo_note( int algo )
282 if(algo >= 100 && algo <= 110)
288 log_info (_("WARNING: using experimental public key algorithm %s\n"),
289 openpgp_pk_algo_name (algo));
294 log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
299 print_cipher_algo_note( int algo )
301 if(algo >= 100 && algo <= 110)
307 log_info (_("WARNING: using experimental cipher algorithm %s\n"),
308 openpgp_cipher_algo_name (algo));
314 print_digest_algo_note( int algo )
316 if(algo >= 100 && algo <= 110)
322 log_info (_("WARNING: using experimental digest algorithm %s\n"),
323 gcry_md_algo_name (algo));
326 else if(algo==DIGEST_ALGO_MD5)
327 log_info (_("WARNING: digest algorithm %s is deprecated\n"),
328 gcry_md_algo_name (algo));
333 print_md5_rejected_note (void)
341 (_("Note: signatures using the %s algorithm are rejected\n"),
348 /* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
349 this for algorithms we implemented in Libgcrypt after they become
352 map_cipher_openpgp_to_gcry (int algo)
356 case CIPHER_ALGO_CAMELLIA128: return 310;
357 case CIPHER_ALGO_CAMELLIA192: return 311;
358 case CIPHER_ALGO_CAMELLIA256: return 312;
359 default: return algo;
363 /* The inverse fucntion of above. */
365 map_cipher_gcry_to_openpgp (int algo)
369 case 310: return CIPHER_ALGO_CAMELLIA128;
370 case 311: return CIPHER_ALGO_CAMELLIA192;
371 case 312: return CIPHER_ALGO_CAMELLIA256;
372 default: return algo;
377 /* Return the block length of an OpenPGP cipher algorithm. */
379 openpgp_cipher_blocklen (int algo)
381 /* We use the numbers from OpenPGP to be sure that we get the right
382 block length. This is so that the packet parsing code works even
383 for unknown algorithms (for which we assume 8 due to tradition).
385 NOTE: If you change the the returned blocklen above 16, check
386 the callers because they may use a fixed size buffer of that
390 case 7: case 8: case 9: /* AES */
391 case 10: /* Twofish */
392 case 11: case 12: case 13: /* Camellia */
401 * Wrapper around the libgcrypt function with additonal checks on
402 * the OpenPGP contraints for the algo ID.
405 openpgp_cipher_test_algo( int algo )
407 /* (5 and 6 are marked reserved by rfc4880.) */
408 if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 )
409 return gpg_error (GPG_ERR_CIPHER_ALGO);
411 return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo));
414 /* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
415 string representation of the algorithm name. For unknown algorithm
416 IDs this function returns "?". */
418 openpgp_cipher_algo_name (int algo)
420 return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo));
424 /* Map OpenPGP public key algorithm numbers to those used by
427 map_pk_openpgp_to_gcry (int algo)
431 case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
432 case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
433 case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
434 default: return algo;
440 openpgp_pk_test_algo( int algo )
442 /* ECC is not yet supported even if supported by Libgcrypt. */
443 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
444 return gpg_error (GPG_ERR_PUBKEY_ALGO);
446 /* Dont't allow type 20 keys unless in rfc2440 mode. */
447 if (!RFC2440 && algo == 20)
448 return gpg_error (GPG_ERR_PUBKEY_ALGO);
450 if (algo == PUBKEY_ALGO_ELGAMAL_E)
453 if (algo < 0 || algo > 110)
454 return gpg_error (GPG_ERR_PUBKEY_ALGO);
455 return gcry_pk_test_algo (map_pk_openpgp_to_gcry (algo));
459 openpgp_pk_test_algo2( int algo, unsigned int use )
461 size_t use_buf = use;
463 /* ECC is not yet supported even if supported by Libgcrypt. */
464 if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
465 return gpg_error (GPG_ERR_PUBKEY_ALGO);
467 /* Dont't allow type 20 keys unless in rfc2440 mode. */
468 if (!RFC2440 && algo == 20)
469 return gpg_error (GPG_ERR_PUBKEY_ALGO);
471 if (algo == PUBKEY_ALGO_ELGAMAL_E)
474 if (algo < 0 || algo > 110)
475 return gpg_error (GPG_ERR_PUBKEY_ALGO);
477 return gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
478 GCRYCTL_TEST_ALGO, NULL, &use_buf);
482 openpgp_pk_algo_usage ( int algo )
486 /* They are hardwired in gpg 1.0. */
488 case PUBKEY_ALGO_RSA:
489 use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
490 | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH);
492 case PUBKEY_ALGO_RSA_E:
493 use = PUBKEY_USAGE_ENC;
495 case PUBKEY_ALGO_RSA_S:
496 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
498 case PUBKEY_ALGO_ELGAMAL:
500 use = PUBKEY_USAGE_ENC;
502 case PUBKEY_ALGO_ELGAMAL_E:
503 use = PUBKEY_USAGE_ENC;
505 case PUBKEY_ALGO_DSA:
506 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
508 case PUBKEY_ALGO_ECDH:
509 use = PUBKEY_USAGE_ENC;
511 case PUBKEY_ALGO_ECDSA:
512 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
521 /* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
522 string representation of the algorithm name. For unknown algorithm
523 IDs this function returns "?". */
525 openpgp_pk_algo_name (int algo)
527 return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
532 openpgp_md_test_algo( int algo )
534 /* Note: If the list of actual supported OpenPGP algorithms changes,
535 make sure that our hard coded values at
536 print_status_begin_signing() gets updated. */
537 /* 4, 5, 6, 7 are defined by rfc2440 but will be removed from the
538 next revision of the standard. */
539 if (algo < 0 || algo > 110 || (algo >= 4 && algo <= 7))
540 return gpg_error (GPG_ERR_DIGEST_ALGO);
541 return gcry_md_test_algo (algo);
545 /* Special warning for the IDEA cipher */
547 idea_cipher_warn(int show)
553 log_info(_("the IDEA cipher plugin is not present\n"));
554 log_info(_("please see %s for more information\n"),
555 "https://gnupg.org/faq/why-not-idea.html");
563 get_signature_count (PKT_secret_key *sk)
565 #ifdef ENABLE_CARD_SUPPORT
566 if(sk && sk->is_protected && sk->protect.s2k.mode==1002)
568 struct agent_card_info_s info;
569 if(agent_scd_getattr("SIG-COUNTER",&info)==0)
570 return info.sig_counter;
574 /* How to do this without a card? */
579 /* Expand %-strings. Returns a string which must be xfreed. Returns
580 NULL if the string cannot be expanded (too large). */
582 pct_expando(const char *string,struct expando_args *args)
584 const char *ch=string;
585 int idx=0,maxlen=0,done=0;
586 u32 pk_keyid[2]={0,0},sk_keyid[2]={0,0};
590 keyid_from_pk(args->pk,pk_keyid);
593 keyid_from_sk(args->sk,sk_keyid);
595 /* This is used so that %k works in photoid command strings in
596 --list-secret-keys (which of course has a sk, but no pk). */
597 if(!args->pk && args->sk)
598 keyid_from_sk(args->sk,pk_keyid);
604 /* 8192 is way bigger than we'll need here */
609 ret=xrealloc(ret,maxlen);
618 case 's': /* short key id */
621 sprintf(&ret[idx],"%08lX",(ulong)sk_keyid[1]);
627 case 'S': /* long key id */
630 sprintf(&ret[idx],"%08lX%08lX",
631 (ulong)sk_keyid[0],(ulong)sk_keyid[1]);
637 case 'k': /* short key id */
640 sprintf(&ret[idx],"%08lX",(ulong)pk_keyid[1]);
646 case 'K': /* long key id */
649 sprintf(&ret[idx],"%08lX%08lX",
650 (ulong)pk_keyid[0],(ulong)pk_keyid[1]);
656 case 'U': /* z-base-32 encoded user id hash. */
659 char *tmp = zb32_encode (args->namehash, 8*20);
662 if (idx + strlen (tmp) < maxlen)
664 strcpy (ret+idx, tmp);
673 case 'c': /* signature count from card, if any. */
676 sprintf(&ret[idx],"%lu",get_signature_count(args->sk));
677 idx+=strlen(&ret[idx]);
682 case 'p': /* primary pk fingerprint of a sk */
683 case 'f': /* pk fingerprint */
684 case 'g': /* sk fingerprint */
686 byte array[MAX_FINGERPRINT_LEN];
690 if((*(ch+1))=='p' && args->sk)
692 if(args->sk->is_primary)
693 fingerprint_from_sk(args->sk,array,&len);
694 else if(args->sk->main_keyid[0] || args->sk->main_keyid[1])
697 xmalloc_clear(sizeof(PKT_public_key));
699 if(get_pubkey_fast(pk,args->sk->main_keyid)==0)
700 fingerprint_from_pk(pk,array,&len);
702 memset(array,0,(len=MAX_FINGERPRINT_LEN));
706 memset(array,0,(len=MAX_FINGERPRINT_LEN));
708 else if((*(ch+1))=='f' && args->pk)
709 fingerprint_from_pk(args->pk,array,&len);
710 else if((*(ch+1))=='g' && args->sk)
711 fingerprint_from_sk(args->sk,array,&len);
713 memset(array,0,(len=MAX_FINGERPRINT_LEN));
715 if(idx+(len*2)<maxlen)
719 sprintf(&ret[idx],"%02X",array[i]);
727 case 'v': /* validity letters */
728 if(args->validity_info && idx+1<maxlen)
730 ret[idx++]=args->validity_info;
736 /* The text string types */
741 const char *str=NULL;
745 case 't': /* e.g. "jpg" */
746 str=image_type_to_string(args->imagetype,0);
749 case 'T': /* e.g. "image/jpeg" */
750 str=image_type_to_string(args->imagetype,2);
753 case 'V': /* e.g. "full", "expired", etc. */
754 str=args->validity_string;
758 if(str && idx+strlen(str)<maxlen)
760 strcpy(&ret[idx],str);
776 /* Any unknown %-keys (like %i, %o, %I, and %O) are
777 passed through for later expansion. Note this also
778 handles the case where the last character in the
779 string is a '%' - the terminating \0 will end up here
780 and properly terminate the string. */
817 deprecated_warning(const char *configname,unsigned int configlineno,
818 const char *option,const char *repl1,const char *repl2)
822 if(strncmp("--",option,2)==0)
825 if(strncmp("--",repl1,2)==0)
828 log_info(_("%s:%d: deprecated option \"%s\"\n"),
829 configname,configlineno,option);
832 log_info(_("WARNING: \"%s\" is a deprecated option\n"),option);
834 log_info(_("please use \"%s%s\" instead\n"),repl1,repl2);
839 deprecated_command (const char *name)
841 log_info(_("WARNING: \"%s\" is a deprecated command - do not use it\n"),
847 obsolete_option (const char *configname, unsigned int configlineno,
851 log_info (_("%s:%u: obsolete option \"%s\" - it has no effect\n"),
852 configname, configlineno, name);
854 log_info (_("WARNING: \"%s\" is an obsolete option - it has no effect\n"),
860 obsolete_scdaemon_option (const char *configname, unsigned int configlineno,
864 log_info (_("%s:%u: \"%s%s\" is obsolete in this file"
865 " - it only has effect in %s\n"),
866 configname, configlineno, name, "--", "scdaemon.conf");
868 log_info (_("WARNING: \"%s%s\" is an obsolete option"
869 " - it has no effect except on %s\n"), "--", name, "scdaemon");
874 * Wrapper around gcry_cipher_map_name to provide a fallback using the
875 * "Sn" syntax as used by the preference strings.
878 string_to_cipher_algo (const char *string)
882 val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
883 if (!val && string && (string[0]=='S' || string[0]=='s'))
888 val = strtol (string, &endptr, 10);
889 if (!*string || *endptr || openpgp_cipher_test_algo (val))
897 * Wrapper around gcry_md_map_name to provide a fallback using the
898 * "Hn" syntax as used by the preference strings.
901 string_to_digest_algo (const char *string)
905 val = gcry_md_map_name (string);
906 if (!val && string && (string[0]=='H' || string[0]=='h'))
911 val = strtol (string, &endptr, 10);
912 if (!*string || *endptr || openpgp_md_test_algo (val))
922 compress_algo_to_string(int algo)
928 case COMPRESS_ALGO_NONE:
932 case COMPRESS_ALGO_ZIP:
936 case COMPRESS_ALGO_ZLIB:
941 case COMPRESS_ALGO_BZIP2:
951 string_to_compress_algo(const char *string)
953 /* TRANSLATORS: See doc/TRANSLATE about this string. */
954 if(match_multistr(_("uncompressed|none"),string))
956 else if(ascii_strcasecmp(string,"uncompressed")==0)
958 else if(ascii_strcasecmp(string,"none")==0)
960 else if(ascii_strcasecmp(string,"zip")==0)
962 else if(ascii_strcasecmp(string,"zlib")==0)
965 else if(ascii_strcasecmp(string,"bzip2")==0)
968 else if(ascii_strcasecmp(string,"z0")==0)
970 else if(ascii_strcasecmp(string,"z1")==0)
972 else if(ascii_strcasecmp(string,"z2")==0)
975 else if(ascii_strcasecmp(string,"z3")==0)
983 check_compress_algo(int algo)
986 if(algo>=0 && algo<=3)
989 if(algo>=0 && algo<=2)
993 return G10ERR_COMPR_ALGO;
997 default_cipher_algo(void)
999 if(opt.def_cipher_algo)
1000 return opt.def_cipher_algo;
1001 else if(opt.personal_cipher_prefs)
1002 return opt.personal_cipher_prefs[0].value;
1004 return opt.s2k_cipher_algo;
1007 /* There is no default_digest_algo function, but see
1008 sign.c:hash_for() */
1011 default_compress_algo(void)
1013 if(opt.compress_algo!=-1)
1014 return opt.compress_algo;
1015 else if(opt.personal_compress_prefs)
1016 return opt.personal_compress_prefs[0].value;
1018 return DEFAULT_COMPRESS_ALGO;
1022 compliance_option_string(void)
1026 switch(opt.compliance)
1028 case CO_GNUPG: return "--gnupg";
1029 case CO_RFC4880: return "--openpgp";
1030 case CO_RFC2440: return "--rfc2440";
1031 case CO_RFC1991: return "--rfc1991";
1032 case CO_PGP2: return "--pgp2";
1033 case CO_PGP6: return "--pgp6";
1034 case CO_PGP7: return "--pgp7";
1035 case CO_PGP8: return "--pgp8";
1042 compliance_failure(void)
1046 switch(opt.compliance)
1057 ver="OpenPGP (older)";
1081 log_info(_("this message may not be usable by %s\n"),ver);
1082 opt.compliance=CO_GNUPG;
1085 /* Break a string into successive option pieces. Accepts single word
1086 options and key=value argument options. */
1088 optsep(char **stringp)
1095 end=strpbrk(tok," ,=");
1101 /* what we need to do now is scan along starting with *end,
1102 If the next character we see (ignoring spaces) is an =
1103 sign, then there is an argument. */
1114 /* There is an argument, so grab that too. At this point,
1115 ptr points to the first character of the argument. */
1118 /* Is it a quoted argument? */
1122 end=strchr(ptr,'"');
1127 end=strpbrk(ptr," ,");
1145 /* Breaks an option value into key and value. Returns NULL if there
1146 is no value. Note that "string" is modified to remove the =value
1149 argsplit(char *string)
1151 char *equals,*arg=NULL;
1153 equals=strchr(string,'=');
1162 quote=strchr(arg,'"');
1167 quote=strchr(arg,'"');
1175 /* Trim leading spaces off of the arg */
1176 spaces=strspn(arg," ");
1180 /* Trim tailing spaces off of the tag */
1181 space=strchr(string,' ');
1189 /* Return the length of the initial token, leaving off any
1192 optlen(const char *s)
1194 char *end=strpbrk(s," =");
1203 parse_options(char *str,unsigned int *options,
1204 struct parse_options *opts,int noisy)
1208 if (str && !strcmp (str, "help"))
1212 /* Figure out the longest option name so we can line these up
1214 for(i=0;opts[i].name;i++)
1215 if(opts[i].help && maxlen<strlen(opts[i].name))
1216 maxlen=strlen(opts[i].name);
1218 for(i=0;opts[i].name;i++)
1220 printf("%s%*s%s\n",opts[i].name,
1221 maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help));
1226 while((tok=optsep(&str)))
1234 if(ascii_strncasecmp("no-",tok,3)==0)
1240 for(i=0;opts[i].name;i++)
1242 size_t toklen=optlen(tok);
1244 if(ascii_strncasecmp(opts[i].name,tok,toklen)==0)
1246 /* We have a match, but it might be incomplete */
1247 if(toklen!=strlen(opts[i].name))
1251 for(j=i+1;opts[j].name;j++)
1253 if(ascii_strncasecmp(opts[j].name,tok,toklen)==0)
1256 log_info(_("ambiguous option `%s'\n"),otok);
1264 *options&=~opts[i].bit;
1266 *opts[i].value=NULL;
1270 *options|=opts[i].bit;
1272 *opts[i].value=argsplit(tok);
1281 log_info(_("unknown option `%s'\n"),otok);
1290 /* Check whether the string has characters not valid in an RFC-822
1291 address. To cope with OpenPGP we ignore non-ascii characters
1292 so that for example umlauts are legal in an email address. An
1293 OpenPGP user ID must be utf-8 encoded but there is no strict
1294 requirement for RFC-822. Thus to avoid IDNA encoding we put the
1295 address verbatim as utf-8 into the user ID under the assumption
1296 that mail programs handle IDNA at a lower level and take OpenPGP
1297 user IDs as utf-8. Note that we can't do an utf-8 encoding
1298 checking here because in keygen.c this function is called with the
1299 native encoding and native to utf-8 encoding is only done later. */
1301 has_invalid_email_chars (const char *s)
1304 const char *valid_chars=
1305 "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
1310 continue; /* We only care about ASCII. */
1313 else if ( !at_seen && !( !!strchr( valid_chars, *s ) || *s == '+' ) )
1315 else if ( at_seen && !strchr( valid_chars, *s ) )
1322 /* Check whether NAME represents a valid mailbox according to
1323 RFC822. Returns true if so. */
1325 is_valid_mailbox (const char *name)
1329 || has_invalid_email_chars (name)
1330 || string_count_chr (name,'@') != 1
1332 || name[strlen(name)-1] == '@'
1333 || name[strlen(name)-1] == '.'
1334 || strstr (name, "..") );
1338 /* Similar to access(2), but uses PATH to find the file. */
1340 path_access(const char *file,int mode)
1345 envpath=getenv("PATH");
1348 #ifdef HAVE_DRIVE_LETTERS
1349 || (((file[0]>='A' && file[0]<='Z')
1350 || (file[0]>='a' && file[0]<='z'))
1356 return access(file,mode);
1359 /* At least as large as, but most often larger than we need. */
1360 char *buffer=xmalloc(strlen(envpath)+1+strlen(file)+1);
1361 char *split,*item,*path=xstrdup(envpath);
1365 while((item=strsep(&split,PATHSEP_S)))
1367 strcpy(buffer,item);
1369 strcat(buffer,file);
1370 ret=access(buffer,mode);
1384 /* Temporary helper. */
1386 pubkey_get_npkey( int algo )
1390 /* ECC is special in that domain parameters are given by an OID. */
1391 if (algo == PUBKEY_ALGO_ECDSA)
1392 return 0; /* We don't support the key format. */
1393 else if (algo == PUBKEY_ALGO_ECDH)
1394 return 0; /* We don't support the key format. */
1396 if (algo == GCRY_PK_ELG_E)
1398 else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
1401 if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
1402 GCRYCTL_GET_ALGO_NPKEY, NULL, &n))
1407 /* Temporary helper. */
1409 pubkey_get_nskey( int algo )
1413 /* ECC is special in that domain parameters are given by an OID. */
1414 if (algo == PUBKEY_ALGO_ECDSA)
1415 return 0; /* We don't support the key format. */
1416 else if (algo == PUBKEY_ALGO_ECDH)
1417 return 0; /* We don't support the key format. */
1419 if (algo == GCRY_PK_ELG_E)
1421 else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
1424 if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
1425 GCRYCTL_GET_ALGO_NSKEY, NULL, &n ))
1430 /* Temporary helper. */
1432 pubkey_get_nsig( int algo )
1436 /* ECC is special. */
1437 if (algo == PUBKEY_ALGO_ECDSA)
1438 return 0; /* We don't support the key format. */
1439 else if (algo == PUBKEY_ALGO_ECDH)
1442 if (algo == GCRY_PK_ELG_E)
1444 else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
1447 if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
1448 GCRYCTL_GET_ALGO_NSIGN, NULL, &n))
1453 /* Temporary helper. */
1455 pubkey_get_nenc( int algo )
1459 /* ECC is special. */
1460 if (algo == PUBKEY_ALGO_ECDSA)
1462 else if (algo == PUBKEY_ALGO_ECDH)
1463 return 0; /* We don't support the key format. */
1465 if (algo == GCRY_PK_ELG_E)
1467 else if (algo == GCRY_PK_RSA_E || algo == GCRY_PK_RSA_S)
1470 if (gcry_pk_algo_info (map_pk_openpgp_to_gcry (algo),
1471 GCRYCTL_GET_ALGO_NENCR, NULL, &n ))
1477 /* Temporary helper. */
1479 pubkey_nbits( int algo, gcry_mpi_t *key )
1484 if( algo == GCRY_PK_DSA ) {
1485 rc = gcry_sexp_build ( &sexp, NULL,
1486 "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
1487 key[0], key[1], key[2], key[3] );
1489 else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
1490 rc = gcry_sexp_build ( &sexp, NULL,
1491 "(public-key(elg(p%m)(g%m)(y%m)))",
1492 key[0], key[1], key[2] );
1494 else if (algo == GCRY_PK_RSA
1495 || algo == GCRY_PK_RSA_S
1496 || algo == GCRY_PK_RSA_E ) {
1497 rc = gcry_sexp_build ( &sexp, NULL,
1498 "(public-key(rsa(n%m)(e%m)))",
1507 nbits = gcry_pk_get_nbits( sexp );
1508 gcry_sexp_release( sexp );
1514 /* FIXME: Use gcry_mpi_print directly. */
1516 mpi_print( FILE *fp, gcry_mpi_t a, int mode )
1521 return fprintf(fp, "[MPI_NULL]");
1524 n1 = gcry_mpi_get_nbits(a);
1525 n += fprintf(fp, "[%u bits]", n1);
1528 unsigned char *buffer;
1530 if (gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buffer, NULL, a))
1532 fputs( buffer, fp );
1533 n += strlen(buffer);
1534 gcry_free( buffer );