1 /* misc.c - miscellaneous functions
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
3 * 2008, 2009, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
28 #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2
29 #include <asm/sysinfo.h>
30 #include <asm/unistd.h>
35 #include <sys/resource.h>
37 #ifdef ENABLE_SELINUX_HACKS
41 #ifdef HAVE_W32_SYSTEM
44 #ifdef HAVE_WINSOCK2_H
45 # define WIN32_LEAN_AND_MEAN 1
46 # include <winsock2.h>
51 #define CSIDL_APPDATA 0x001a
53 #ifndef CSIDL_LOCAL_APPDATA
54 #define CSIDL_LOCAL_APPDATA 0x001c
56 #ifndef CSIDL_FLAG_CREATE
57 #define CSIDL_FLAG_CREATE 0x8000
59 #endif /*HAVE_W32_SYSTEM*/
62 #ifdef HAVE_W32_SYSTEM
63 # include "../common/status.h"
64 #endif /*HAVE_W32_SYSTEM*/
65 #include "../common/util.h"
69 #include "call-agent.h"
70 #include "../common/i18n.h"
71 #include "../common/zb32.h"
74 /* FIXME: Libgcrypt 1.9 will support EAX. Until we name this a
75 * requirement we hardwire the enum used for EAX. */
76 #define MY_GCRY_CIPHER_MODE_EAX 14
79 #ifdef ENABLE_SELINUX_HACKS
80 /* A object and a global variable to keep track of files marked as
82 struct secured_file_item
84 struct secured_file_item *next;
88 static struct secured_file_item *secured_files;
89 #endif /*ENABLE_SELINUX_HACKS*/
94 /* For the sake of SELinux we want to restrict access through gpg to
95 certain files we keep under our own control. This function
96 registers such a file and is_secured_file may then be used to
97 check whether a file has ben registered as secured. */
99 register_secured_file (const char *fname)
101 #ifdef ENABLE_SELINUX_HACKS
103 struct secured_file_item *sf;
105 /* Note that we stop immediately if something goes wrong here. */
106 if (gnupg_stat (fname, &buf))
107 log_fatal (_("fstat of '%s' failed in %s: %s\n"), fname,
108 "register_secured_file", strerror (errno));
109 /* log_debug ("registering '%s' i=%lu.%lu\n", fname, */
110 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
111 for (sf=secured_files; sf; sf = sf->next)
113 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
114 return; /* Already registered. */
117 sf = xmalloc (sizeof *sf);
118 sf->ino = buf.st_ino;
119 sf->dev = buf.st_dev;
120 sf->next = secured_files;
122 #else /*!ENABLE_SELINUX_HACKS*/
124 #endif /*!ENABLE_SELINUX_HACKS*/
127 /* Remove a file registered as secure. */
129 unregister_secured_file (const char *fname)
131 #ifdef ENABLE_SELINUX_HACKS
133 struct secured_file_item *sf, *sfprev;
135 if (gnupg_stat (fname, &buf))
137 log_error (_("fstat of '%s' failed in %s: %s\n"), fname,
138 "unregister_secured_file", strerror (errno));
141 /* log_debug ("unregistering '%s' i=%lu.%lu\n", fname, */
142 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
143 for (sfprev=NULL,sf=secured_files; sf; sfprev=sf, sf = sf->next)
145 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
148 sfprev->next = sf->next;
150 secured_files = sf->next;
155 #else /*!ENABLE_SELINUX_HACKS*/
157 #endif /*!ENABLE_SELINUX_HACKS*/
160 /* Return true if FD is corresponds to a secured file. Using -1 for
161 FS is allowed and will return false. */
163 is_secured_file (int fd)
165 #ifdef ENABLE_SELINUX_HACKS
167 struct secured_file_item *sf;
170 return 0; /* No file descriptor so it can't be secured either. */
172 /* Note that we print out a error here and claim that a file is
173 secure if something went wrong. */
174 if (fstat (fd, &buf))
176 log_error (_("fstat(%d) failed in %s: %s\n"), fd,
177 "is_secured_file", strerror (errno));
180 /* log_debug ("is_secured_file (%d) i=%lu.%lu\n", fd, */
181 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
182 for (sf=secured_files; sf; sf = sf->next)
184 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
187 #else /*!ENABLE_SELINUX_HACKS*/
189 #endif /*!ENABLE_SELINUX_HACKS*/
193 /* Return true if FNAME is corresponds to a secured file. Using NULL,
194 "" or "-" for FS is allowed and will return false. This function is
195 used before creating a file, thus it won't fail if the file does
198 is_secured_filename (const char *fname)
200 #ifdef ENABLE_SELINUX_HACKS
202 struct secured_file_item *sf;
204 if (iobuf_is_pipe_filename (fname) || !*fname)
207 /* Note that we print out a error here and claim that a file is
208 secure if something went wrong. */
209 if (gnupg_stat (fname, &buf))
211 if (errno == ENOENT || errno == EPERM || errno == EACCES)
213 log_error (_("fstat of '%s' failed in %s: %s\n"), fname,
214 "is_secured_filename", strerror (errno));
217 /* log_debug ("is_secured_filename (%s) i=%lu.%lu\n", fname, */
218 /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
219 for (sf=secured_files; sf; sf = sf->next)
221 if (sf->ino == buf.st_ino && sf->dev == buf.st_dev)
224 #else /*!ENABLE_SELINUX_HACKS*/
226 #endif /*!ENABLE_SELINUX_HACKS*/
233 checksum_u16( unsigned n )
244 checksum (const byte *p, unsigned n)
254 checksum_mpi (gcry_mpi_t a)
261 * This code can be skipped when gcry_mpi_print
262 * supports opaque MPI.
264 if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
269 p = gcry_mpi_get_opaque (a, &nbits);
274 csum += (nbits & 0xff);
275 csum += checksum (p, (nbits+7)/8);
279 if ( gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0, &nbytes, a) )
281 /* Fixme: For numbers not in secure memory we should use a stack
282 * based buffer and only allocate a larger one if mpi_print returns
284 buffer = (gcry_is_secure(a)?
285 gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes));
286 if ( gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, NULL, a) )
288 csum = checksum (buffer, nbytes);
295 print_pubkey_algo_note (pubkey_algo_t algo)
297 if(algo >= 100 && algo <= 110)
303 es_fflush (es_stdout);
304 log_info (_("WARNING: using experimental public key algorithm %s\n"),
305 openpgp_pk_algo_name (algo));
308 else if (algo == PUBKEY_ALGO_ELGAMAL)
310 es_fflush (es_stdout);
311 log_info (_("WARNING: Elgamal sign+encrypt keys are deprecated\n"));
316 print_cipher_algo_note (cipher_algo_t algo)
318 if(algo >= 100 && algo <= 110)
324 es_fflush (es_stdout);
325 log_info (_("WARNING: using experimental cipher algorithm %s\n"),
326 openpgp_cipher_algo_name (algo));
332 print_digest_algo_note (digest_algo_t algo)
334 if(algo >= 100 && algo <= 110)
337 const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
342 es_fflush (es_stdout);
343 log_info (_("WARNING: using experimental digest algorithm %s\n"),
344 gcry_md_algo_name (galgo));
347 else if (is_weak_digest (algo))
349 const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
350 es_fflush (es_stdout);
351 log_info (_("WARNING: digest algorithm %s is deprecated\n"),
352 gcry_md_algo_name (galgo));
358 print_digest_rejected_note (enum gcry_md_algos algo)
360 struct weakhash* weak;
366 for (weak = opt.weak_digests; weak; weak = weak->next)
367 if (weak->algo == algo)
369 if (weak->rejection_shown)
372 weak->rejection_shown = 1;
378 es_fflush (es_stdout);
380 (_("Note: signatures using the %s algorithm are rejected\n"),
381 gcry_md_algo_name(algo));
387 print_sha1_keysig_rejected_note (void)
391 if (shown || opt.quiet)
395 es_fflush (es_stdout);
396 log_info (_("Note: third-party key signatures using"
397 " the %s algorithm are rejected\n"),
398 gcry_md_algo_name (GCRY_MD_SHA1));
400 log_info (_("(use option \"%s\" to override)\n"),
401 "--allow-weak-key-signatures");
406 * "(reported error: %s)\n
407 * in verbose mode to further explain an error. If the error code has
408 * the value IGNORE_EC no message is printed. A message is also not
409 * printed if ERR is 0. */
411 print_reported_error (gpg_error_t err, gpg_err_code_t ignore_ec)
416 if (!gpg_err_code (err))
418 else if (gpg_err_code (err) == ignore_ec)
420 else if (gpg_err_source (err) == GPG_ERR_SOURCE_DEFAULT)
421 log_info (_("(reported error: %s)\n"),
424 log_info (_("(reported error: %s <%s>)\n"),
425 gpg_strerror (err), gpg_strsource (err));
431 * "(further info: %s)\n
432 * in verbose mode to further explain an error. That message is
433 * intended to help debug a problem and should not be translated.
436 print_further_info (const char *format, ...)
443 log_info (_("(further info: "));
444 va_start (arg_ptr, format);
445 log_logv (GPGRT_LOGLVL_CONT, format, arg_ptr);
451 /* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
452 this for algorithms we implemented in Libgcrypt after they become
454 enum gcry_cipher_algos
455 map_cipher_openpgp_to_gcry (cipher_algo_t algo)
459 case CIPHER_ALGO_NONE: return GCRY_CIPHER_NONE;
462 case CIPHER_ALGO_IDEA: return GCRY_CIPHER_IDEA;
464 case CIPHER_ALGO_IDEA: return 0;
467 case CIPHER_ALGO_3DES: return GCRY_CIPHER_3DES;
470 case CIPHER_ALGO_CAST5: return GCRY_CIPHER_CAST5;
472 case CIPHER_ALGO_CAST5: return 0;
475 #ifdef GPG_USE_BLOWFISH
476 case CIPHER_ALGO_BLOWFISH: return GCRY_CIPHER_BLOWFISH;
478 case CIPHER_ALGO_BLOWFISH: return 0;
481 #ifdef GPG_USE_AES128
482 case CIPHER_ALGO_AES: return GCRY_CIPHER_AES;
484 case CIPHER_ALGO_AES: return 0;
487 #ifdef GPG_USE_AES192
488 case CIPHER_ALGO_AES192: return GCRY_CIPHER_AES192;
490 case CIPHER_ALGO_AES192: return 0;
493 #ifdef GPG_USE_AES256
494 case CIPHER_ALGO_AES256: return GCRY_CIPHER_AES256;
496 case CIPHER_ALGO_AES256: return 0;
499 #ifdef GPG_USE_TWOFISH
500 case CIPHER_ALGO_TWOFISH: return GCRY_CIPHER_TWOFISH;
502 case CIPHER_ALGO_TWOFISH: return 0;
505 #ifdef GPG_USE_CAMELLIA128
506 case CIPHER_ALGO_CAMELLIA128: return GCRY_CIPHER_CAMELLIA128;
508 case CIPHER_ALGO_CAMELLIA128: return 0;
511 #ifdef GPG_USE_CAMELLIA192
512 case CIPHER_ALGO_CAMELLIA192: return GCRY_CIPHER_CAMELLIA192;
514 case CIPHER_ALGO_CAMELLIA192: return 0;
517 #ifdef GPG_USE_CAMELLIA256
518 case CIPHER_ALGO_CAMELLIA256: return GCRY_CIPHER_CAMELLIA256;
520 case CIPHER_ALGO_CAMELLIA256: return 0;
526 /* The inverse function of above. */
528 map_cipher_gcry_to_openpgp (enum gcry_cipher_algos algo)
532 case GCRY_CIPHER_NONE: return CIPHER_ALGO_NONE;
533 case GCRY_CIPHER_IDEA: return CIPHER_ALGO_IDEA;
534 case GCRY_CIPHER_3DES: return CIPHER_ALGO_3DES;
535 case GCRY_CIPHER_CAST5: return CIPHER_ALGO_CAST5;
536 case GCRY_CIPHER_BLOWFISH: return CIPHER_ALGO_BLOWFISH;
537 case GCRY_CIPHER_AES: return CIPHER_ALGO_AES;
538 case GCRY_CIPHER_AES192: return CIPHER_ALGO_AES192;
539 case GCRY_CIPHER_AES256: return CIPHER_ALGO_AES256;
540 case GCRY_CIPHER_TWOFISH: return CIPHER_ALGO_TWOFISH;
541 case GCRY_CIPHER_CAMELLIA128: return CIPHER_ALGO_CAMELLIA128;
542 case GCRY_CIPHER_CAMELLIA192: return CIPHER_ALGO_CAMELLIA192;
543 case GCRY_CIPHER_CAMELLIA256: return CIPHER_ALGO_CAMELLIA256;
549 /* Return the block length of an OpenPGP cipher algorithm. */
551 openpgp_cipher_blocklen (cipher_algo_t algo)
553 /* We use the numbers from OpenPGP to be sure that we get the right
554 block length. This is so that the packet parsing code works even
555 for unknown algorithms (for which we assume 8 due to tradition).
557 NOTE: If you change the returned blocklen above 16, check
558 the callers because they may use a fixed size buffer of that
562 case CIPHER_ALGO_AES:
563 case CIPHER_ALGO_AES192:
564 case CIPHER_ALGO_AES256:
565 case CIPHER_ALGO_TWOFISH:
566 case CIPHER_ALGO_CAMELLIA128:
567 case CIPHER_ALGO_CAMELLIA192:
568 case CIPHER_ALGO_CAMELLIA256:
577 * Wrapper around the libgcrypt function with additional checks on
578 * the OpenPGP constraints for the algo ID.
581 openpgp_cipher_test_algo (cipher_algo_t algo)
583 enum gcry_cipher_algos ga;
585 ga = map_cipher_openpgp_to_gcry (algo);
587 return gpg_error (GPG_ERR_CIPHER_ALGO);
589 return gcry_cipher_test_algo (ga);
592 /* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
593 string representation of the algorithm name. For unknown algorithm
594 IDs this function returns "?". */
596 openpgp_cipher_algo_name (cipher_algo_t algo)
600 case CIPHER_ALGO_IDEA: return "IDEA";
601 case CIPHER_ALGO_3DES: return "3DES";
602 case CIPHER_ALGO_CAST5: return "CAST5";
603 case CIPHER_ALGO_BLOWFISH: return "BLOWFISH";
604 case CIPHER_ALGO_AES: return "AES";
605 case CIPHER_ALGO_AES192: return "AES192";
606 case CIPHER_ALGO_AES256: return "AES256";
607 case CIPHER_ALGO_TWOFISH: return "TWOFISH";
608 case CIPHER_ALGO_CAMELLIA128: return "CAMELLIA128";
609 case CIPHER_ALGO_CAMELLIA192: return "CAMELLIA192";
610 case CIPHER_ALGO_CAMELLIA256: return "CAMELLIA256";
611 case CIPHER_ALGO_NONE:
617 /* Same as openpgp_cipher_algo_name but returns a string in the form
618 * "ALGO.MODE". If AEAD is 0 "CFB" is used for the mode. */
620 openpgp_cipher_algo_mode_name (cipher_algo_t algo, aead_algo_t aead)
622 return map_static_strings ("openpgp_cipher_algo_mode_name", algo, aead,
623 openpgp_cipher_algo_name (algo),
625 aead? openpgp_aead_algo_name (aead) : "CFB",
630 /* Return 0 if ALGO is supported. Return an error if not. */
632 openpgp_aead_test_algo (aead_algo_t algo)
634 /* FIXME: We currently have no easy way to test whether libgcrypt
635 * implements a mode. The only way we can do this is to open a
636 * cipher context with that mode and close it immediately. That is
637 * a bit costly. Thus in case we add another algo we need to look
638 * at the libgcrypt version and assume nothing has been patched out. */
649 return gpg_error (GPG_ERR_INV_CIPHER_MODE);
653 /* Map the OpenPGP AEAD algorithm with ID ALGO to a string
654 * representation of the algorithm name. For unknown algorithm IDs
655 * this function returns "?". */
657 openpgp_aead_algo_name (aead_algo_t algo)
661 case AEAD_ALGO_NONE: break;
662 case AEAD_ALGO_EAX: return "EAX";
663 case AEAD_ALGO_OCB: return "OCB";
670 /* Return information for the AEAD algorithm ALGO. The corresponding
671 * Libgcrypt ciphermode is stored at R_MODE and the required number of
672 * octets for the nonce at R_NONCELEN. On error and error code is
673 * returned. Note that the taglen is always 128 bits. */
675 openpgp_aead_algo_info (aead_algo_t algo, enum gcry_cipher_modes *r_mode,
676 unsigned int *r_noncelen)
681 *r_mode = GCRY_CIPHER_MODE_OCB;
686 *r_mode = MY_GCRY_CIPHER_MODE_EAX;
691 log_error ("unsupported AEAD algo %d\n", algo);
692 return gpg_error (GPG_ERR_INV_CIPHER_MODE);
698 /* Return 0 if ALGO is a supported OpenPGP public key algorithm. */
700 openpgp_pk_test_algo (pubkey_algo_t algo)
702 return openpgp_pk_test_algo2 (algo, 0);
706 /* Return 0 if ALGO is a supported OpenPGP public key algorithm and
707 allows the usage USE. */
709 openpgp_pk_test_algo2 (pubkey_algo_t algo, unsigned int use)
711 enum gcry_pk_algos ga = 0;
712 size_t use_buf = use;
717 case PUBKEY_ALGO_RSA: ga = GCRY_PK_RSA; break;
718 case PUBKEY_ALGO_RSA_E: ga = GCRY_PK_RSA_E; break;
719 case PUBKEY_ALGO_RSA_S: ga = GCRY_PK_RSA_S; break;
721 case PUBKEY_ALGO_RSA: break;
722 case PUBKEY_ALGO_RSA_E: break;
723 case PUBKEY_ALGO_RSA_S: break;
726 case PUBKEY_ALGO_ELGAMAL_E: ga = GCRY_PK_ELG; break;
727 case PUBKEY_ALGO_DSA: ga = GCRY_PK_DSA; break;
730 case PUBKEY_ALGO_ECDH: ga = GCRY_PK_ECC; break;
732 case PUBKEY_ALGO_ECDH: break;
736 case PUBKEY_ALGO_ECDSA: ga = GCRY_PK_ECC; break;
738 case PUBKEY_ALGO_ECDSA: break;
742 case PUBKEY_ALGO_EDDSA: ga = GCRY_PK_ECC; break;
744 case PUBKEY_ALGO_EDDSA: break;
747 case PUBKEY_ALGO_ELGAMAL:
748 /* Don't allow type 20 keys unless in rfc2440 mode. */
757 return gpg_error (GPG_ERR_PUBKEY_ALGO);
759 /* Elgamal in OpenPGP used to support signing and Libgcrypt still
760 * does. However, we removed the signing capability from gpg ages
761 * ago. This function should reflect this so that errors are thrown
762 * early and not only when we try to sign using Elgamal. */
763 if (ga == GCRY_PK_ELG && (use & (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)))
764 return gpg_error (GPG_ERR_WRONG_PUBKEY_ALGO);
766 /* Now check whether Libgcrypt has support for the algorithm. */
767 return gcry_pk_algo_info (ga, GCRYCTL_TEST_ALGO, NULL, &use_buf);
772 openpgp_pk_algo_usage ( int algo )
776 /* They are hardwired in gpg 1.0. */
778 case PUBKEY_ALGO_RSA:
779 use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
780 | PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC | PUBKEY_USAGE_AUTH);
782 case PUBKEY_ALGO_RSA_E:
783 case PUBKEY_ALGO_ECDH:
784 use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC;
786 case PUBKEY_ALGO_RSA_S:
787 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG;
789 case PUBKEY_ALGO_ELGAMAL:
791 use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC;
793 case PUBKEY_ALGO_ELGAMAL_E:
794 use = PUBKEY_USAGE_ENC | PUBKEY_USAGE_RENC;
796 case PUBKEY_ALGO_DSA:
797 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
799 case PUBKEY_ALGO_ECDSA:
800 case PUBKEY_ALGO_EDDSA:
801 use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
808 /* Map the OpenPGP pubkey algorithm whose ID is contained in ALGO to a
809 string representation of the algorithm name. For unknown algorithm
810 IDs this function returns "?". */
812 openpgp_pk_algo_name (pubkey_algo_t algo)
816 case PUBKEY_ALGO_RSA:
817 case PUBKEY_ALGO_RSA_E:
818 case PUBKEY_ALGO_RSA_S: return "RSA";
819 case PUBKEY_ALGO_ELGAMAL:
820 case PUBKEY_ALGO_ELGAMAL_E: return "ELG";
821 case PUBKEY_ALGO_DSA: return "DSA";
822 case PUBKEY_ALGO_ECDH: return "ECDH";
823 case PUBKEY_ALGO_ECDSA: return "ECDSA";
824 case PUBKEY_ALGO_EDDSA: return "EDDSA";
830 /* Explicit mapping of OpenPGP digest algos to Libgcrypt. */
831 /* FIXME: We do not yes use it everywhere. */
833 map_md_openpgp_to_gcry (digest_algo_t algo)
838 case DIGEST_ALGO_MD5: return GCRY_MD_MD5;
840 case DIGEST_ALGO_MD5: return 0;
843 case DIGEST_ALGO_SHA1: return GCRY_MD_SHA1;
845 #ifdef GPG_USE_RMD160
846 case DIGEST_ALGO_RMD160: return GCRY_MD_RMD160;
848 case DIGEST_ALGO_RMD160: return 0;
851 #ifdef GPG_USE_SHA224
852 case DIGEST_ALGO_SHA224: return GCRY_MD_SHA224;
854 case DIGEST_ALGO_SHA224: return 0;
857 case DIGEST_ALGO_SHA256: return GCRY_MD_SHA256;
859 #ifdef GPG_USE_SHA384
860 case DIGEST_ALGO_SHA384: return GCRY_MD_SHA384;
862 case DIGEST_ALGO_SHA384: return 0;
865 #ifdef GPG_USE_SHA512
866 case DIGEST_ALGO_SHA512: return GCRY_MD_SHA512;
868 case DIGEST_ALGO_SHA512: return 0;
875 /* Return 0 if ALGO is suitable and implemented OpenPGP hash
878 openpgp_md_test_algo (digest_algo_t algo)
880 enum gcry_md_algos ga;
882 ga = map_md_openpgp_to_gcry (algo);
884 return gpg_error (GPG_ERR_DIGEST_ALGO);
886 return gcry_md_test_algo (ga);
890 /* Map the OpenPGP digest algorithm whose ID is contained in ALGO to a
891 string representation of the algorithm name. For unknown algorithm
892 IDs this function returns "?". */
894 openpgp_md_algo_name (int algo)
898 case DIGEST_ALGO_MD5: return "MD5";
899 case DIGEST_ALGO_SHA1: return "SHA1";
900 case DIGEST_ALGO_RMD160: return "RIPEMD160";
901 case DIGEST_ALGO_SHA256: return "SHA256";
902 case DIGEST_ALGO_SHA384: return "SHA384";
903 case DIGEST_ALGO_SHA512: return "SHA512";
904 case DIGEST_ALGO_SHA224: return "SHA224";
911 get_signature_count (PKT_public_key *pk)
913 #ifdef ENABLE_CARD_SUPPORT
914 struct agent_card_info_s info;
917 if (!agent_scd_getattr ("SIG-COUNTER",&info))
918 return info.sig_counter;
927 /* Expand %-strings. Returns a string which must be xfreed. Returns
928 NULL if the string cannot be expanded (too large). */
930 pct_expando (ctrl_t ctrl, const char *string,struct expando_args *args)
932 const char *ch=string;
933 int idx=0,maxlen=0,done=0;
934 u32 pk_keyid[2]={0,0},sk_keyid[2]={0,0};
937 /* The parser below would return NULL for an empty string, thus we
938 * catch it here. Also catch NULL here. */
939 if (!string || !*string)
943 keyid_from_pk(args->pk,pk_keyid);
946 keyid_from_pk (args->pksk, sk_keyid);
948 /* This is used so that %k works in photoid command strings in
949 --list-secret-keys (which of course has a sk, but no pk). */
950 if(!args->pk && args->pksk)
951 keyid_from_pk (args->pksk, pk_keyid);
957 /* 8192 is way bigger than we'll need here */
962 ret=xrealloc(ret,maxlen);
971 case 's': /* short key id */
974 sprintf(&ret[idx],"%08lX",(ulong)sk_keyid[1]);
980 case 'S': /* long key id */
983 sprintf(&ret[idx],"%08lX%08lX",
984 (ulong)sk_keyid[0],(ulong)sk_keyid[1]);
990 case 'k': /* short key id */
993 sprintf(&ret[idx],"%08lX",(ulong)pk_keyid[1]);
999 case 'K': /* long key id */
1002 sprintf(&ret[idx],"%08lX%08lX",
1003 (ulong)pk_keyid[0],(ulong)pk_keyid[1]);
1009 case 'U': /* z-base-32 encoded user id hash. */
1012 char *tmp = zb32_encode (args->namehash, 8*20);
1015 if (idx + strlen (tmp) < maxlen)
1017 strcpy (ret+idx, tmp);
1018 idx += strlen (tmp);
1026 case 'c': /* signature count from card, if any. */
1029 sprintf (&ret[idx],"%lu", get_signature_count (args->pksk));
1030 idx+=strlen(&ret[idx]);
1035 case 'f': /* Fingerprint of key being signed */
1036 case 'p': /* Fingerprint of the primary key making the signature. */
1037 case 'g': /* Fingerprint of the key making the signature. */
1039 byte array[MAX_FINGERPRINT_LEN];
1043 if ((*(ch+1))=='f' && args->pk)
1044 fingerprint_from_pk (args->pk, array, &len);
1045 else if ((*(ch+1))=='p' && args->pksk)
1047 if(args->pksk->flags.primary)
1048 fingerprint_from_pk (args->pksk, array, &len);
1049 else if (args->pksk->main_keyid[0]
1050 || args->pksk->main_keyid[1])
1052 /* Not the primary key: Find the fingerprint
1053 of the primary key. */
1055 xmalloc_clear(sizeof(PKT_public_key));
1057 if (!get_pubkey_fast (ctrl, pk,args->pksk->main_keyid))
1058 fingerprint_from_pk (pk, array, &len);
1060 memset (array, 0, (len=MAX_FINGERPRINT_LEN));
1061 free_public_key (pk);
1063 else /* Oops: info about the primary key missing. */
1064 memset(array,0,(len=MAX_FINGERPRINT_LEN));
1066 else if((*(ch+1))=='g' && args->pksk)
1067 fingerprint_from_pk (args->pksk, array, &len);
1069 memset(array,0,(len=MAX_FINGERPRINT_LEN));
1071 if(idx+(len*2)<maxlen)
1075 sprintf(&ret[idx],"%02X",array[i]);
1083 case 'v': /* validity letters */
1084 if(args->validity_info && idx+1<maxlen)
1086 ret[idx++]=args->validity_info;
1092 /* The text string types */
1097 const char *str=NULL;
1101 case 't': /* e.g. "jpg" */
1102 str=image_type_to_string(args->imagetype,0);
1105 case 'T': /* e.g. "image/jpeg" */
1106 str=image_type_to_string(args->imagetype,2);
1109 case 'V': /* e.g. "full", "expired", etc. */
1110 str=args->validity_string;
1114 if(str && idx+strlen(str)<maxlen)
1116 strcpy(&ret[idx],str);
1132 /* Any unknown %-keys (like %i, %o, %I, and %O) are
1133 passed through for later expansion. Note this also
1134 handles the case where the last character in the
1135 string is a '%' - the terminating \0 will end up here
1136 and properly terminate the string. */
1173 deprecated_warning(const char *configname,unsigned int configlineno,
1174 const char *option,const char *repl1,const char *repl2)
1178 if(strncmp("--",option,2)==0)
1181 if(strncmp("--",repl1,2)==0)
1184 log_info(_("%s:%d: deprecated option \"%s\"\n"),
1185 configname,configlineno,option);
1188 log_info(_("WARNING: \"%s\" is a deprecated option\n"),option);
1190 log_info(_("please use \"%s%s\" instead\n"),repl1,repl2);
1195 deprecated_command (const char *name)
1197 log_info(_("WARNING: \"%s\" is a deprecated command - do not use it\n"),
1203 obsolete_scdaemon_option (const char *configname, unsigned int configlineno,
1207 log_info (_("%s:%u: \"%s\" is obsolete in this file"
1208 " - it only has effect in %s\n"),
1209 configname, configlineno, name, SCDAEMON_NAME EXTSEP_S "conf");
1211 log_info (_("WARNING: \"%s%s\" is an obsolete option"
1212 " - it has no effect except on %s\n"),
1213 "--", name, SCDAEMON_NAME);
1218 * Wrapper around gcry_cipher_map_name to provide a fallback using the
1219 * "Sn" syntax as used by the preference strings.
1222 string_to_cipher_algo (const char *string)
1226 val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
1227 if (!val && string && (string[0]=='S' || string[0]=='s'))
1232 val = strtol (string, &endptr, 10);
1233 if (!*string || *endptr || openpgp_cipher_test_algo (val))
1242 * Map an AEAD mode string to a an AEAD algorithm number as defined by
1243 * rfc4880bis. Also support the "An" syntax as used by the preference
1247 string_to_aead_algo (const char *string)
1253 else if (!ascii_strcasecmp (string, "EAX"))
1255 else if (!ascii_strcasecmp (string, "OCB"))
1257 else if ((string[0]=='A' || string[0]=='a'))
1262 result = strtol (string, &endptr, 10);
1263 if (!*string || *endptr || result < 1 || result > 2)
1274 * Wrapper around gcry_md_map_name to provide a fallback using the
1275 * "Hn" syntax as used by the preference strings.
1278 string_to_digest_algo (const char *string)
1282 /* FIXME: We should make use of our wrapper function and not assume
1283 that there is a 1 to 1 mapping between OpenPGP and Libgcrypt. */
1284 val = gcry_md_map_name (string);
1285 if (!val && string && (string[0]=='H' || string[0]=='h'))
1290 val = strtol (string, &endptr, 10);
1291 if (!*string || *endptr || openpgp_md_test_algo (val))
1301 compress_algo_to_string(int algo)
1307 case COMPRESS_ALGO_NONE:
1308 s=_("Uncompressed");
1311 case COMPRESS_ALGO_ZIP:
1315 case COMPRESS_ALGO_ZLIB:
1320 case COMPRESS_ALGO_BZIP2:
1330 string_to_compress_algo(const char *string)
1332 /* TRANSLATORS: See doc/TRANSLATE about this string. */
1333 if(match_multistr(_("uncompressed|none"),string))
1335 else if(ascii_strcasecmp(string,"uncompressed")==0)
1337 else if(ascii_strcasecmp(string,"none")==0)
1339 else if(ascii_strcasecmp(string,"zip")==0)
1341 else if(ascii_strcasecmp(string,"zlib")==0)
1344 else if(ascii_strcasecmp(string,"bzip2")==0)
1347 else if(ascii_strcasecmp(string,"z0")==0)
1349 else if(ascii_strcasecmp(string,"z1")==0)
1351 else if(ascii_strcasecmp(string,"z2")==0)
1354 else if(ascii_strcasecmp(string,"z3")==0)
1362 check_compress_algo(int algo)
1374 default: return GPG_ERR_COMPR_ALGO;
1379 default_cipher_algo(void)
1381 if(opt.def_cipher_algo)
1382 return opt.def_cipher_algo;
1383 else if(opt.personal_cipher_prefs)
1384 return opt.personal_cipher_prefs[0].value;
1386 return opt.s2k_cipher_algo;
1390 /* There is no default_digest_algo function, but see
1391 sign.c:hash_for() */
1394 default_compress_algo(void)
1396 if(opt.compress_algo!=-1)
1397 return opt.compress_algo;
1398 else if(opt.personal_compress_prefs)
1399 return opt.personal_compress_prefs[0].value;
1401 return DEFAULT_COMPRESS_ALGO;
1406 compliance_failure(void)
1410 switch(opt.compliance)
1421 ver="OpenPGP (older)";
1433 ver="DE-VS applications";
1437 log_info(_("this message may not be usable by %s\n"),ver);
1438 opt.compliance=CO_GNUPG;
1441 /* Break a string into successive option pieces. Accepts single word
1442 options and key=value argument options. */
1444 optsep(char **stringp)
1451 end=strpbrk(tok," ,=");
1457 /* what we need to do now is scan along starting with *end,
1458 If the next character we see (ignoring spaces) is an =
1459 sign, then there is an argument. */
1470 /* There is an argument, so grab that too. At this point,
1471 ptr points to the first character of the argument. */
1474 /* Is it a quoted argument? */
1478 end=strchr(ptr,'"');
1483 end=strpbrk(ptr," ,");
1501 /* Breaks an option value into key and value. Returns NULL if there
1502 is no value. Note that "string" is modified to remove the =value
1505 argsplit(char *string)
1507 char *equals,*arg=NULL;
1509 equals=strchr(string,'=');
1518 quote=strchr(arg,'"');
1523 quote=strchr(arg,'"');
1531 /* Trim leading spaces off of the arg */
1532 spaces=strspn(arg," ");
1536 /* Trim tailing spaces off of the tag */
1537 space=strchr(string,' ');
1545 /* Return the length of the initial token, leaving off any
1548 optlen(const char *s)
1550 char *end=strpbrk(s," =");
1559 /* Note: This function returns true on success. */
1561 parse_options(char *str,unsigned int *options,
1562 struct parse_options *opts,int noisy)
1566 if (str && (!strcmp (str, "help") || !strcmp (str, "full-help")))
1569 int full = *str == 'f';
1571 /* Figure out the longest option name so we can line these up
1573 for(i=0;opts[i].name;i++)
1574 if(opts[i].help && maxlen<strlen(opts[i].name))
1575 maxlen=strlen(opts[i].name);
1577 for(i=0;opts[i].name;i++)
1579 es_printf("%s%*s%s\n",opts[i].name,
1580 maxlen+2-(int)strlen(opts[i].name),"",_(opts[i].help));
1582 for (i=0; opts[i].name; i++)
1584 es_printf("%s\n",opts[i].name);
1589 while((tok=optsep(&str)))
1597 if(ascii_strncasecmp("no-",tok,3)==0)
1603 for(i=0;opts[i].name;i++)
1605 size_t toklen=optlen(tok);
1607 if(ascii_strncasecmp(opts[i].name,tok,toklen)==0)
1609 /* We have a match, but it might be incomplete */
1610 if(toklen!=strlen(opts[i].name))
1614 for(j=i+1;opts[j].name;j++)
1616 if(ascii_strncasecmp(opts[j].name,tok,toklen)==0)
1619 log_info(_("ambiguous option '%s'\n"),otok);
1627 *options&=~opts[i].bit;
1629 *opts[i].value=NULL;
1633 *options|=opts[i].bit;
1635 *opts[i].value=argsplit(tok);
1644 log_info(_("unknown option '%s'\n"),otok);
1653 /* Similar to access(2), but uses PATH to find the file. */
1655 path_access(const char *file,int mode)
1660 envpath=getenv("PATH");
1663 #ifdef HAVE_DRIVE_LETTERS
1664 || (((file[0]>='A' && file[0]<='Z')
1665 || (file[0]>='a' && file[0]<='z'))
1671 return access(file,mode);
1674 /* At least as large as, but most often larger than we need. */
1675 char *buffer=xmalloc(strlen(envpath)+1+strlen(file)+1);
1676 char *split,*item,*path=xstrdup(envpath);
1680 while((item=strsep(&split,PATHSEP_S)))
1682 strcpy(buffer,item);
1684 strcat(buffer,file);
1685 ret=access(buffer,mode);
1699 /* Return the number of public key parameters as used by OpenPGP. */
1701 pubkey_get_npkey (pubkey_algo_t algo)
1705 case PUBKEY_ALGO_RSA:
1706 case PUBKEY_ALGO_RSA_E:
1707 case PUBKEY_ALGO_RSA_S: return 2;
1708 case PUBKEY_ALGO_ELGAMAL_E: return 3;
1709 case PUBKEY_ALGO_DSA: return 4;
1710 case PUBKEY_ALGO_ECDH: return 3;
1711 case PUBKEY_ALGO_ECDSA: return 2;
1712 case PUBKEY_ALGO_ELGAMAL: return 3;
1713 case PUBKEY_ALGO_EDDSA: return 2;
1719 /* Return the number of secret key parameters as used by OpenPGP. */
1721 pubkey_get_nskey (pubkey_algo_t algo)
1725 case PUBKEY_ALGO_RSA:
1726 case PUBKEY_ALGO_RSA_E:
1727 case PUBKEY_ALGO_RSA_S: return 6;
1728 case PUBKEY_ALGO_ELGAMAL_E: return 4;
1729 case PUBKEY_ALGO_DSA: return 5;
1730 case PUBKEY_ALGO_ECDH: return 4;
1731 case PUBKEY_ALGO_ECDSA: return 3;
1732 case PUBKEY_ALGO_ELGAMAL: return 4;
1733 case PUBKEY_ALGO_EDDSA: return 3;
1738 /* Temporary helper. */
1740 pubkey_get_nsig (pubkey_algo_t algo)
1744 case PUBKEY_ALGO_RSA:
1745 case PUBKEY_ALGO_RSA_E:
1746 case PUBKEY_ALGO_RSA_S: return 1;
1747 case PUBKEY_ALGO_ELGAMAL_E: return 0;
1748 case PUBKEY_ALGO_DSA: return 2;
1749 case PUBKEY_ALGO_ECDH: return 0;
1750 case PUBKEY_ALGO_ECDSA: return 2;
1751 case PUBKEY_ALGO_ELGAMAL: return 2;
1752 case PUBKEY_ALGO_EDDSA: return 2;
1758 /* Temporary helper. */
1760 pubkey_get_nenc (pubkey_algo_t algo)
1764 case PUBKEY_ALGO_RSA:
1765 case PUBKEY_ALGO_RSA_E:
1766 case PUBKEY_ALGO_RSA_S: return 1;
1767 case PUBKEY_ALGO_ELGAMAL_E: return 2;
1768 case PUBKEY_ALGO_DSA: return 0;
1769 case PUBKEY_ALGO_ECDH: return 2;
1770 case PUBKEY_ALGO_ECDSA: return 0;
1771 case PUBKEY_ALGO_ELGAMAL: return 2;
1772 case PUBKEY_ALGO_EDDSA: return 0;
1778 /* Temporary helper. */
1780 pubkey_nbits( int algo, gcry_mpi_t *key )
1785 if (algo == PUBKEY_ALGO_DSA
1786 && key[0] && key[1] && key[2] && key[3])
1788 rc = gcry_sexp_build (&sexp, NULL,
1789 "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
1790 key[0], key[1], key[2], key[3] );
1792 else if ((algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E)
1793 && key[0] && key[1] && key[2])
1795 rc = gcry_sexp_build (&sexp, NULL,
1796 "(public-key(elg(p%m)(g%m)(y%m)))",
1797 key[0], key[1], key[2] );
1799 else if (is_RSA (algo)
1800 && key[0] && key[1])
1802 rc = gcry_sexp_build (&sexp, NULL,
1803 "(public-key(rsa(n%m)(e%m)))",
1806 else if ((algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_ECDH
1807 || algo == PUBKEY_ALGO_EDDSA)
1808 && key[0] && key[1])
1810 char *curve = openpgp_oid_to_str (key[0]);
1812 rc = gpg_error_from_syserror ();
1815 rc = gcry_sexp_build (&sexp, NULL,
1816 "(public-key(ecc(curve%s)(q%m)))",
1827 nbits = gcry_pk_get_nbits (sexp);
1828 gcry_sexp_release (sexp);
1835 mpi_print (estream_t fp, gcry_mpi_t a, int mode)
1841 return es_fprintf (fp, "[MPI_NULL]");
1845 n1 = gcry_mpi_get_nbits(a);
1846 n += es_fprintf (fp, "[%u bits]", n1);
1848 else if (gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
1851 unsigned char *p = gcry_mpi_get_opaque (a, &nbits);
1853 n += es_fprintf (fp, "[invalid opaque value]");
1856 if (!es_write_hexstring (fp, p, (nbits + 7)/8, 0, &nwritten))
1862 unsigned char *buffer;
1865 if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &buflen, a))
1867 if (!es_write_hexstring (fp, buffer, buflen, 0, &nwritten))
1875 /* pkey[1] or skey[1] is Q for ECDSA, which is an uncompressed point,
1878 ecdsa_qbits_from_Q (unsigned int qbits)
1882 log_error (_("ECDSA public key is expected to be in SEC encoding "
1883 "multiple of 8 bits\n"));
1892 /* Ignore signatures and certifications made over certain digest
1893 * algorithms by default, MD5 is considered weak. This allows users
1894 * to deprecate support for other algorithms as well.
1897 additional_weak_digest (const char* digestname)
1899 struct weakhash *weak = NULL;
1900 const enum gcry_md_algos algo = string_to_digest_algo(digestname);
1902 if (algo == GCRY_MD_NONE)
1904 log_error (_("unknown weak digest '%s'\n"), digestname);
1908 /* Check to ensure it's not already present. */
1909 for (weak = opt.weak_digests; weak; weak = weak->next)
1910 if (algo == weak->algo)
1913 /* Add it to the head of the list. */
1914 weak = xmalloc(sizeof(*weak));
1916 weak->rejection_shown = 0;
1917 weak->next = opt.weak_digests;
1918 opt.weak_digests = weak;
1922 /* Return true if ALGO is in the list of weak digests. */
1924 is_weak_digest (digest_algo_t algo)
1926 const enum gcry_md_algos galgo = map_md_openpgp_to_gcry (algo);
1927 const struct weakhash *weak;
1929 for (weak = opt.weak_digests; weak; weak = weak->next)
1930 if (weak->algo == galgo)