diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:14:06 +0000 |
commit | eee068778cb28ecf3c14e1bf843a95547d72c42d (patch) | |
tree | 0e07b30ddc5ea579d682d5dbe57998200d1c9ab7 /g10/keygen.c | |
parent | Initial commit. (diff) | |
download | gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.tar.xz gnupg2-eee068778cb28ecf3c14e1bf843a95547d72c42d.zip |
Adding upstream version 2.2.40.upstream/2.2.40
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'g10/keygen.c')
-rw-r--r-- | g10/keygen.c | 5766 |
1 files changed, 5766 insertions, 0 deletions
diff --git a/g10/keygen.c b/g10/keygen.c new file mode 100644 index 0000000..80d65c4 --- /dev/null +++ b/g10/keygen.c @@ -0,0 +1,5766 @@ +/* keygen.c - Generate a key pair + * Copyright (C) 1998-2007, 2009-2011 Free Software Foundation, Inc. + * Copyright (C) 2014, 2015, 2016 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +#include "gpg.h" +#include "../common/util.h" +#include "main.h" +#include "packet.h" +#include "../common/ttyio.h" +#include "options.h" +#include "keydb.h" +#include "trustdb.h" +#include "../common/status.h" +#include "../common/i18n.h" +#include "keyserver-internal.h" +#include "call-agent.h" +#include "pkglue.h" +#include "../common/shareddefs.h" +#include "../common/host2net.h" +#include "../common/mbox-util.h" + + +/* The default algorithms. You should also check that the value + is inside the bounds enforced by ask_keysize and gen_xxx. See also + get_keysize_range which encodes the allowed ranges. */ +#define DEFAULT_STD_KEY_PARAM "rsa3072/cert,sign+rsa3072/encr" +#define FUTURE_STD_KEY_PARAM "ed25519/cert,sign+cv25519/encr" + +/* When generating keys using the streamlined key generation dialog, + use this as a default expiration interval. */ +const char *default_expiration_interval = "2y"; + +/* Flag bits used during key generation. */ +#define KEYGEN_FLAG_NO_PROTECTION 1 +#define KEYGEN_FLAG_TRANSIENT_KEY 2 + +/* Maximum number of supported algorithm preferences. */ +#define MAX_PREFS 30 + +enum para_name { + pKEYTYPE, + pKEYLENGTH, + pKEYCURVE, + pKEYUSAGE, + pSUBKEYTYPE, + pSUBKEYLENGTH, + pSUBKEYCURVE, + pSUBKEYUSAGE, + pAUTHKEYTYPE, + pNAMEREAL, + pNAMEEMAIL, + pNAMECOMMENT, + pPREFERENCES, + pREVOKER, + pUSERID, + pCREATIONDATE, + pKEYCREATIONDATE, /* Same in seconds since epoch. */ + pEXPIREDATE, + pKEYEXPIRE, /* in n seconds */ + pSUBKEYEXPIRE, /* in n seconds */ + pPASSPHRASE, + pSERIALNO, + pCARDBACKUPKEY, + pHANDLE, + pKEYSERVER, + pKEYGRIP, + pSUBKEYGRIP, +}; + +struct para_data_s { + struct para_data_s *next; + int lnr; + enum para_name key; + union { + u32 expire; + u32 creation; + unsigned int usage; + struct revocation_key revkey; + char value[1]; + } u; +}; + +struct output_control_s +{ + int lnr; + int dryrun; + unsigned int keygen_flags; + int use_files; + struct { + char *fname; + char *newfname; + IOBUF stream; + armor_filter_context_t *afx; + } pub; +}; + + +struct opaque_data_usage_and_pk { + unsigned int usage; + PKT_public_key *pk; +}; + + +static int prefs_initialized = 0; +static byte sym_prefs[MAX_PREFS]; +static int nsym_prefs; +static byte hash_prefs[MAX_PREFS]; +static int nhash_prefs; +static byte zip_prefs[MAX_PREFS]; +static int nzip_prefs; +static int mdc_available,ks_modify; + +static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, + const char *algostr, const char *usagestr, + const char *expirestr, + int *r_algo, unsigned int *r_usage, + u32 *r_expire, unsigned int *r_nbits, + const char **r_curve, + char **r_keygrip); +static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, + struct output_control_s *outctrl, int card ); +static int write_keyblock (iobuf_t out, kbnode_t node); +static gpg_error_t gen_card_key (int keyno, int algo, int is_primary, + kbnode_t pub_root, u32 *timestamp, + u32 expireval); +static unsigned int get_keysize_range (int algo, + unsigned int *min, unsigned int *max); + + + +/* Return the algo string for a default new key. */ +const char * +get_default_pubkey_algo (void) +{ + if (opt.def_new_key_algo) + { + if (*opt.def_new_key_algo && !strchr (opt.def_new_key_algo, ':')) + return opt.def_new_key_algo; + /* To avoid checking that option every time we delay that until + * here. The only thing we really need to make sure is that + * there is no colon in the string so that the --gpgconf-list + * command won't mess up its output. */ + log_info (_("invalid value for option '%s'\n"), "--default-new-key-algo"); + } + return DEFAULT_STD_KEY_PARAM; +} + + +static void +print_status_key_created (int letter, PKT_public_key *pk, const char *handle) +{ + byte array[MAX_FINGERPRINT_LEN], *s; + char *buf, *p; + size_t i, n; + + if (!handle) + handle = ""; + + buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1); + + p = buf; + if (letter || pk) + { + *p++ = letter; + if (pk) + { + *p++ = ' '; + fingerprint_from_pk (pk, array, &n); + s = array; + /* Fixme: Use bin2hex */ + for (i=0; i < n ; i++, s++, p += 2) + snprintf (p, 3, "%02X", *s); + } + } + if (*handle) + { + *p++ = ' '; + for (i=0; handle[i] && i < 100; i++) + *p++ = isspace ((unsigned int)handle[i])? '_':handle[i]; + } + *p = 0; + write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED, + buf); + xfree (buf); +} + +static void +print_status_key_not_created (const char *handle) +{ + print_status_key_created (0, NULL, handle); +} + + + +static gpg_error_t +write_uid (kbnode_t root, const char *s) +{ + PACKET *pkt = xmalloc_clear (sizeof *pkt); + size_t n = strlen (s); + + if (n > MAX_UID_PACKET_LENGTH - 10) + return gpg_error (GPG_ERR_INV_USER_ID); + + pkt->pkttype = PKT_USER_ID; + pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n); + pkt->pkt.user_id->len = n; + pkt->pkt.user_id->ref = 1; + strcpy (pkt->pkt.user_id->name, s); + add_kbnode (root, new_kbnode (pkt)); + return 0; +} + +static void +do_add_key_flags (PKT_signature *sig, unsigned int use) +{ + byte buf[1]; + + buf[0] = 0; + + /* The spec says that all primary keys MUST be able to certify. */ + if(sig->sig_class!=0x18) + buf[0] |= 0x01; + + if (use & PUBKEY_USAGE_SIG) + buf[0] |= 0x02; + if (use & PUBKEY_USAGE_ENC) + buf[0] |= 0x04 | 0x08; + if (use & PUBKEY_USAGE_AUTH) + buf[0] |= 0x20; + + build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); +} + + +int +keygen_add_key_expire (PKT_signature *sig, void *opaque) +{ + PKT_public_key *pk = opaque; + byte buf[8]; + u32 u; + + if (pk->expiredate) + { + if (pk->expiredate > pk->timestamp) + u = pk->expiredate - pk->timestamp; + else + u = 1; + + buf[0] = (u >> 24) & 0xff; + buf[1] = (u >> 16) & 0xff; + buf[2] = (u >> 8) & 0xff; + buf[3] = u & 0xff; + build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4); + } + else + { + /* Make sure we don't leave a key expiration subpacket lying + around */ + delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE); + } + + return 0; +} + + +/* Add the key usage (i.e. key flags) in SIG from the public keys + * pubkey_usage field. OPAQUE has the public key. */ +int +keygen_add_key_flags (PKT_signature *sig, void *opaque) +{ + PKT_public_key *pk = opaque; + + do_add_key_flags (sig, pk->pubkey_usage); + return 0; +} + + +static int +keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque) +{ + struct opaque_data_usage_and_pk *oduap = opaque; + + do_add_key_flags (sig, oduap->usage); + return keygen_add_key_expire (sig, oduap->pk); +} + + +static int +set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf) +{ + int i; + + for (i=0; i < *nbuf; i++ ) + if (buf[i] == val) + { + log_info (_("preference '%s' duplicated\n"), item); + return -1; + } + + if (*nbuf >= MAX_PREFS) + { + if(type==1) + log_info(_("too many cipher preferences\n")); + else if(type==2) + log_info(_("too many digest preferences\n")); + else if(type==3) + log_info(_("too many compression preferences\n")); + else + BUG(); + + return -1; + } + + buf[(*nbuf)++] = val; + return 0; +} + +/* + * Parse the supplied string and use it to set the standard + * preferences. The string may be in a form like the one printed by + * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual + * cipher/hash/compress names. Use NULL to set the default + * preferences. Returns: 0 = okay + */ +int +keygen_set_std_prefs (const char *string,int personal) +{ + byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS]; + int nsym=0, nhash=0, nzip=0, val, rc=0; + int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */ + char dummy_string[20*4+1]; /* Enough for 20 items. */ + + if (!string || !ascii_strcasecmp (string, "default")) + { + if (opt.def_preference_list) + string=opt.def_preference_list; + else + { + int any_compress = 0; + dummy_string[0]='\0'; + + /* The rationale why we use the order AES256,192,128 is + for compatibility reasons with PGP. If gpg would + define AES128 first, we would get the somewhat + confusing situation: + + gpg -r pgpkey -r gpgkey ---gives--> AES256 + gpg -r gpgkey -r pgpkey ---gives--> AES + + Note that by using --personal-cipher-preferences it is + possible to prefer AES128. + */ + + /* Make sure we do not add more than 15 items here, as we + could overflow the size of dummy_string. We currently + have at most 12. */ + if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) ) + strcat(dummy_string,"S9 "); + if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) ) + strcat(dummy_string,"S8 "); + if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) ) + strcat(dummy_string,"S7 "); + strcat(dummy_string,"S2 "); /* 3DES */ + + if (personal) + { + /* The default internal hash algo order is: + * SHA-256, SHA-384, SHA-512, SHA-224, SHA-1. + */ + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) + strcat (dummy_string, "H8 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) + strcat (dummy_string, "H9 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) + strcat (dummy_string, "H10 "); + } + else + { + /* The default advertised hash algo order is: + * SHA-512, SHA-384, SHA-256, SHA-224, SHA-1. + */ + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512)) + strcat (dummy_string, "H10 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384)) + strcat (dummy_string, "H9 "); + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256)) + strcat (dummy_string, "H8 "); + } + + if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224)) + strcat (dummy_string, "H11 "); + + strcat (dummy_string, "H2 "); /* SHA-1 */ + + if(!check_compress_algo(COMPRESS_ALGO_ZLIB)) + { + strcat(dummy_string,"Z2 "); + any_compress = 1; + } + + if(!check_compress_algo(COMPRESS_ALGO_BZIP2)) + { + strcat(dummy_string,"Z3 "); + any_compress = 1; + } + + if(!check_compress_algo(COMPRESS_ALGO_ZIP)) + { + strcat(dummy_string,"Z1 "); + any_compress = 1; + } + + /* In case we have no compress algo at all, declare that + we prefer no compresssion. */ + if (!any_compress) + strcat(dummy_string,"Z0 "); + + /* Remove the trailing space. */ + if (*dummy_string && dummy_string[strlen (dummy_string)-1] == ' ') + dummy_string[strlen (dummy_string)-1] = 0; + + string=dummy_string; + } + } + else if (!ascii_strcasecmp (string, "none")) + string = ""; + + if(strlen(string)) + { + char *prefstringbuf; + char *tok, *prefstring; + + /* We need a writable string. */ + prefstring = prefstringbuf = xstrdup (string); + + while((tok=strsep(&prefstring," ,"))) + { + if((val=string_to_cipher_algo (tok))) + { + if(set_one_pref(val,1,tok,sym,&nsym)) + rc=-1; + } + else if((val=string_to_digest_algo (tok))) + { + if(set_one_pref(val,2,tok,hash,&nhash)) + rc=-1; + } + else if((val=string_to_compress_algo(tok))>-1) + { + if(set_one_pref(val,3,tok,zip,&nzip)) + rc=-1; + } + else if (ascii_strcasecmp(tok,"mdc")==0) + mdc=1; + else if (ascii_strcasecmp(tok,"no-mdc")==0) + mdc=0; + else if (ascii_strcasecmp(tok,"ks-modify")==0) + modify=1; + else if (ascii_strcasecmp(tok,"no-ks-modify")==0) + modify=0; + else + { + log_info (_("invalid item '%s' in preference string\n"),tok); + rc=-1; + } + } + + xfree (prefstringbuf); + } + + if(!rc) + { + if(personal) + { + if(personal==PREFTYPE_SYM) + { + xfree(opt.personal_cipher_prefs); + + if(nsym==0) + opt.personal_cipher_prefs=NULL; + else + { + int i; + + opt.personal_cipher_prefs= + xmalloc(sizeof(prefitem_t *)*(nsym+1)); + + for (i=0; i<nsym; i++) + { + opt.personal_cipher_prefs[i].type = PREFTYPE_SYM; + opt.personal_cipher_prefs[i].value = sym[i]; + } + + opt.personal_cipher_prefs[i].type = PREFTYPE_NONE; + opt.personal_cipher_prefs[i].value = 0; + } + } + else if(personal==PREFTYPE_HASH) + { + xfree(opt.personal_digest_prefs); + + if(nhash==0) + opt.personal_digest_prefs=NULL; + else + { + int i; + + opt.personal_digest_prefs= + xmalloc(sizeof(prefitem_t *)*(nhash+1)); + + for (i=0; i<nhash; i++) + { + opt.personal_digest_prefs[i].type = PREFTYPE_HASH; + opt.personal_digest_prefs[i].value = hash[i]; + } + + opt.personal_digest_prefs[i].type = PREFTYPE_NONE; + opt.personal_digest_prefs[i].value = 0; + } + } + else if(personal==PREFTYPE_ZIP) + { + xfree(opt.personal_compress_prefs); + + if(nzip==0) + opt.personal_compress_prefs=NULL; + else + { + int i; + + opt.personal_compress_prefs= + xmalloc(sizeof(prefitem_t *)*(nzip+1)); + + for (i=0; i<nzip; i++) + { + opt.personal_compress_prefs[i].type = PREFTYPE_ZIP; + opt.personal_compress_prefs[i].value = zip[i]; + } + + opt.personal_compress_prefs[i].type = PREFTYPE_NONE; + opt.personal_compress_prefs[i].value = 0; + } + } + } + else + { + memcpy (sym_prefs, sym, (nsym_prefs=nsym)); + memcpy (hash_prefs, hash, (nhash_prefs=nhash)); + memcpy (zip_prefs, zip, (nzip_prefs=nzip)); + mdc_available = mdc; + ks_modify = modify; + prefs_initialized = 1; + } + } + + return rc; +} + +/* Return a fake user ID containing the preferences. Caller must + free. */ +PKT_user_id * +keygen_get_std_prefs(void) +{ + int i,j=0; + PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id)); + + if(!prefs_initialized) + keygen_set_std_prefs(NULL,0); + + uid->ref=1; + + uid->prefs=xmalloc((sizeof(prefitem_t *)* + (nsym_prefs+nhash_prefs+nzip_prefs+1))); + + for(i=0;i<nsym_prefs;i++,j++) + { + uid->prefs[j].type=PREFTYPE_SYM; + uid->prefs[j].value=sym_prefs[i]; + } + + for(i=0;i<nhash_prefs;i++,j++) + { + uid->prefs[j].type=PREFTYPE_HASH; + uid->prefs[j].value=hash_prefs[i]; + } + + for(i=0;i<nzip_prefs;i++,j++) + { + uid->prefs[j].type=PREFTYPE_ZIP; + uid->prefs[j].value=zip_prefs[i]; + } + + uid->prefs[j].type=PREFTYPE_NONE; + uid->prefs[j].value=0; + + uid->flags.mdc=mdc_available; + uid->flags.ks_modify=ks_modify; + + return uid; +} + +static void +add_feature_mdc (PKT_signature *sig,int enabled) +{ + const byte *s; + size_t n; + int i; + char *buf; + + s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n ); + /* Already set or cleared */ + if (s && n && + ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01)))) + return; + + if (!s || !n) { /* create a new one */ + n = 1; + buf = xmalloc_clear (n); + } + else { + buf = xmalloc (n); + memcpy (buf, s, n); + } + + if(enabled) + buf[0] |= 0x01; /* MDC feature */ + else + buf[0] &= ~0x01; + + /* Are there any bits set? */ + for(i=0;i<n;i++) + if(buf[i]!=0) + break; + + if(i==n) + delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES); + else + build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n); + + xfree (buf); +} + +static void +add_keyserver_modify (PKT_signature *sig,int enabled) +{ + const byte *s; + size_t n; + int i; + char *buf; + + /* The keyserver modify flag is a negative flag (i.e. no-modify) */ + enabled=!enabled; + + s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n ); + /* Already set or cleared */ + if (s && n && + ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80)))) + return; + + if (!s || !n) { /* create a new one */ + n = 1; + buf = xmalloc_clear (n); + } + else { + buf = xmalloc (n); + memcpy (buf, s, n); + } + + if(enabled) + buf[0] |= 0x80; /* no-modify flag */ + else + buf[0] &= ~0x80; + + /* Are there any bits set? */ + for(i=0;i<n;i++) + if(buf[i]!=0) + break; + + if(i==n) + delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS); + else + build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n); + + xfree (buf); +} + + +int +keygen_upd_std_prefs (PKT_signature *sig, void *opaque) +{ + (void)opaque; + + if (!prefs_initialized) + keygen_set_std_prefs (NULL, 0); + + if (nsym_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM); + } + + if (nhash_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH); + } + + if (nzip_prefs) + build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs); + else + { + delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR); + delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR); + } + + /* Make sure that the MDC feature flag is set if needed. */ + add_feature_mdc (sig,mdc_available); + add_keyserver_modify (sig,ks_modify); + keygen_add_keyserver_url(sig,NULL); + + return 0; +} + + +/**************** + * Add preference to the self signature packet. + * This is only called for packets with version > 3. + */ +int +keygen_add_std_prefs (PKT_signature *sig, void *opaque) +{ + PKT_public_key *pk = opaque; + + do_add_key_flags (sig, pk->pubkey_usage); + keygen_add_key_expire (sig, opaque ); + keygen_upd_std_prefs (sig, opaque); + keygen_add_keyserver_url (sig,NULL); + + return 0; +} + +int +keygen_add_keyserver_url(PKT_signature *sig, void *opaque) +{ + const char *url=opaque; + + if(!url) + url=opt.def_keyserver_url; + + if(url) + build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url)); + else + delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS); + + return 0; +} + +int +keygen_add_notations(PKT_signature *sig,void *opaque) +{ + struct notation *notation; + + /* We always start clean */ + delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION); + delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION); + sig->flags.notation=0; + + for(notation=opaque;notation;notation=notation->next) + if(!notation->flags.ignore) + { + unsigned char *buf; + unsigned int n1,n2; + + n1=strlen(notation->name); + if(notation->altvalue) + n2=strlen(notation->altvalue); + else if(notation->bdat) + n2=notation->blen; + else + n2=strlen(notation->value); + + buf = xmalloc( 8 + n1 + n2 ); + + /* human readable or not */ + buf[0] = notation->bdat?0:0x80; + buf[1] = buf[2] = buf[3] = 0; + buf[4] = n1 >> 8; + buf[5] = n1; + buf[6] = n2 >> 8; + buf[7] = n2; + memcpy(buf+8, notation->name, n1 ); + if(notation->altvalue) + memcpy(buf+8+n1, notation->altvalue, n2 ); + else if(notation->bdat) + memcpy(buf+8+n1, notation->bdat, n2 ); + else + memcpy(buf+8+n1, notation->value, n2 ); + build_sig_subpkt( sig, SIGSUBPKT_NOTATION | + (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0), + buf, 8+n1+n2 ); + xfree(buf); + } + + return 0; +} + +int +keygen_add_revkey (PKT_signature *sig, void *opaque) +{ + struct revocation_key *revkey = opaque; + byte buf[2+MAX_FINGERPRINT_LEN]; + + buf[0] = revkey->class; + buf[1] = revkey->algid; + memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN); + + build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN); + + /* All sigs with revocation keys set are nonrevocable. */ + sig->flags.revocable = 0; + buf[0] = 0; + build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1); + + parse_revkeys (sig); + + return 0; +} + + + +/* Create a back-signature. If TIMESTAMP is not NULL, use it for the + signature creation time. */ +gpg_error_t +make_backsig (ctrl_t ctrl, PKT_signature *sig, PKT_public_key *pk, + PKT_public_key *sub_pk, PKT_public_key *sub_psk, + u32 timestamp, const char *cache_nonce) +{ + gpg_error_t err; + PKT_signature *backsig; + + cache_public_key (sub_pk); + + err = make_keysig_packet (ctrl, &backsig, pk, NULL, sub_pk, sub_psk, 0x19, + 0, timestamp, 0, NULL, NULL, cache_nonce); + if (err) + log_error ("make_keysig_packet failed for backsig: %s\n", + gpg_strerror (err)); + else + { + /* Get it into a binary packed form. */ + IOBUF backsig_out = iobuf_temp(); + PACKET backsig_pkt; + + init_packet (&backsig_pkt); + backsig_pkt.pkttype = PKT_SIGNATURE; + backsig_pkt.pkt.signature = backsig; + err = build_packet (backsig_out, &backsig_pkt); + free_packet (&backsig_pkt, NULL); + if (err) + log_error ("build_packet failed for backsig: %s\n", gpg_strerror (err)); + else + { + size_t pktlen = 0; + byte *buf = iobuf_get_temp_buffer (backsig_out); + + /* Remove the packet header. */ + if(buf[0]&0x40) + { + if (buf[1] < 192) + { + pktlen = buf[1]; + buf += 2; + } + else if(buf[1] < 224) + { + pktlen = (buf[1]-192)*256; + pktlen += buf[2]+192; + buf += 3; + } + else if (buf[1] == 255) + { + pktlen = buf32_to_size_t (buf+2); + buf += 6; + } + else + BUG (); + } + else + { + int mark = 1; + + switch (buf[0]&3) + { + case 3: + BUG (); + break; + + case 2: + pktlen = (size_t)buf[mark++] << 24; + pktlen |= buf[mark++] << 16; + /* fall through */ + case 1: + pktlen |= buf[mark++] << 8; + /* fall through */ + case 0: + pktlen |= buf[mark++]; + } + + buf += mark; + } + + /* Now make the binary blob into a subpacket. */ + build_sig_subpkt (sig, SIGSUBPKT_SIGNATURE, buf, pktlen); + + iobuf_close (backsig_out); + } + } + + return err; +} + + +/* Write a direct key signature to the first key in ROOT using the key + PSK. REVKEY is describes the direct key signature and TIMESTAMP is + the timestamp to set on the signature. */ +static gpg_error_t +write_direct_sig (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk, + struct revocation_key *revkey, u32 timestamp, + const char *cache_nonce) +{ + gpg_error_t err; + PACKET *pkt; + PKT_signature *sig; + KBNODE node; + PKT_public_key *pk; + + if (opt.verbose) + log_info (_("writing direct signature\n")); + + /* Get the pk packet from the pub_tree. */ + node = find_kbnode (root, PKT_PUBLIC_KEY); + if (!node) + BUG (); + pk = node->pkt->pkt.public_key; + + /* We have to cache the key, so that the verification of the + signature creation is able to retrieve the public key. */ + cache_public_key (pk); + + /* Make the signature. */ + err = make_keysig_packet (ctrl, &sig, pk, NULL,NULL, psk, 0x1F, + 0, timestamp, 0, + keygen_add_revkey, revkey, cache_nonce); + if (err) + { + log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err) ); + return err; + } + + pkt = xmalloc_clear (sizeof *pkt); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + add_kbnode (root, new_kbnode (pkt)); + return err; +} + + + +/* Write a self-signature to the first user id in ROOT using the key + PSK. USE and TIMESTAMP give the extra data we need for the + signature. */ +static gpg_error_t +write_selfsigs (ctrl_t ctrl, kbnode_t root, PKT_public_key *psk, + unsigned int use, u32 timestamp, const char *cache_nonce) +{ + gpg_error_t err; + PACKET *pkt; + PKT_signature *sig; + PKT_user_id *uid; + KBNODE node; + PKT_public_key *pk; + + if (opt.verbose) + log_info (_("writing self signature\n")); + + /* Get the uid packet from the list. */ + node = find_kbnode (root, PKT_USER_ID); + if (!node) + BUG(); /* No user id packet in tree. */ + uid = node->pkt->pkt.user_id; + + /* Get the pk packet from the pub_tree. */ + node = find_kbnode (root, PKT_PUBLIC_KEY); + if (!node) + BUG(); + pk = node->pkt->pkt.public_key; + + /* The usage has not yet been set - do it now. */ + pk->pubkey_usage = use; + + /* We have to cache the key, so that the verification of the + signature creation is able to retrieve the public key. */ + cache_public_key (pk); + + /* Make the signature. */ + err = make_keysig_packet (ctrl, &sig, pk, uid, NULL, psk, 0x13, + 0, timestamp, 0, + keygen_add_std_prefs, pk, cache_nonce); + if (err) + { + log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err)); + return err; + } + + pkt = xmalloc_clear (sizeof *pkt); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + add_kbnode (root, new_kbnode (pkt)); + + return err; +} + + +/* Write the key binding signature. If TIMESTAMP is not NULL use the + signature creation time. PRI_PSK is the key use for signing. + SUB_PSK is a key used to create a back-signature; that one is only + used if USE has the PUBKEY_USAGE_SIG capability. */ +static int +write_keybinding (ctrl_t ctrl, kbnode_t root, + PKT_public_key *pri_psk, PKT_public_key *sub_psk, + unsigned int use, u32 timestamp, const char *cache_nonce) +{ + gpg_error_t err; + PACKET *pkt; + PKT_signature *sig; + KBNODE node; + PKT_public_key *pri_pk, *sub_pk; + struct opaque_data_usage_and_pk oduap; + + if (opt.verbose) + log_info(_("writing key binding signature\n")); + + /* Get the primary pk packet from the tree. */ + node = find_kbnode (root, PKT_PUBLIC_KEY); + if (!node) + BUG(); + pri_pk = node->pkt->pkt.public_key; + + /* We have to cache the key, so that the verification of the + * signature creation is able to retrieve the public key. */ + cache_public_key (pri_pk); + + /* Find the last subkey. */ + sub_pk = NULL; + for (node = root; node; node = node->next ) + { + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + sub_pk = node->pkt->pkt.public_key; + } + if (!sub_pk) + BUG(); + + /* Make the signature. */ + oduap.usage = use; + oduap.pk = sub_pk; + err = make_keysig_packet (ctrl, &sig, pri_pk, NULL, sub_pk, pri_psk, 0x18, + 0, timestamp, 0, + keygen_add_key_flags_and_expire, &oduap, + cache_nonce); + if (err) + { + log_error ("make_keysig_packeto failed: %s\n", gpg_strerror (err)); + return err; + } + + /* Make a backsig. */ + if (use & PUBKEY_USAGE_SIG) + { + err = make_backsig (ctrl, + sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce); + if (err) + return err; + } + + pkt = xmalloc_clear ( sizeof *pkt ); + pkt->pkttype = PKT_SIGNATURE; + pkt->pkt.signature = sig; + add_kbnode (root, new_kbnode (pkt) ); + return err; +} + + +static gpg_error_t +ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo) +{ + gpg_error_t err; + gcry_sexp_t list, l2; + char *curve = NULL; + int i; + const char *oidstr; + unsigned int nbits; + + array[0] = NULL; + array[1] = NULL; + array[2] = NULL; + + list = gcry_sexp_find_token (sexp, "public-key", 0); + if (!list) + return gpg_error (GPG_ERR_INV_OBJ); + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + if (!list) + return gpg_error (GPG_ERR_NO_OBJ); + + l2 = gcry_sexp_find_token (list, "curve", 0); + if (!l2) + { + err = gpg_error (GPG_ERR_NO_OBJ); + goto leave; + } + curve = gcry_sexp_nth_string (l2, 1); + if (!curve) + { + err = gpg_error (GPG_ERR_NO_OBJ); + goto leave; + } + gcry_sexp_release (l2); + oidstr = openpgp_curve_to_oid (curve, &nbits, NULL); + if (!oidstr) + { + /* That can't happen because we used one of the curves + gpg_curve_to_oid knows about. */ + err = gpg_error (GPG_ERR_INV_OBJ); + goto leave; + } + err = openpgp_oid_from_str (oidstr, &array[0]); + if (err) + goto leave; + + l2 = gcry_sexp_find_token (list, "q", 0); + if (!l2) + { + err = gpg_error (GPG_ERR_NO_OBJ); + goto leave; + } + array[1] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + if (!array[1]) + { + err = gpg_error (GPG_ERR_INV_OBJ); + goto leave; + } + gcry_sexp_release (list); + + if (algo == PUBKEY_ALGO_ECDH) + { + array[2] = pk_ecdh_default_params (nbits); + if (!array[2]) + { + err = gpg_error_from_syserror (); + goto leave; + } + } + + leave: + xfree (curve); + if (err) + { + for (i=0; i < 3; i++) + { + gcry_mpi_release (array[i]); + array[i] = NULL; + } + } + return err; +} + + +/* Extract key parameters from SEXP and store them in ARRAY. ELEMS is + a string where each character denotes a parameter name. TOPNAME is + the name of the top element above the elements. */ +static int +key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, + const char *topname, const char *elems) +{ + gcry_sexp_t list, l2; + const char *s; + int i, idx; + int rc = 0; + + list = gcry_sexp_find_token (sexp, topname, 0); + if (!list) + return gpg_error (GPG_ERR_INV_OBJ); + l2 = gcry_sexp_cadr (list); + gcry_sexp_release (list); + list = l2; + if (!list) + return gpg_error (GPG_ERR_NO_OBJ); + + for (idx=0,s=elems; *s; s++, idx++) + { + l2 = gcry_sexp_find_token (list, s, 1); + if (!l2) + { + rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */ + goto leave; + } + array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); + gcry_sexp_release (l2); + if (!array[idx]) + { + rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */ + goto leave; + } + } + gcry_sexp_release (list); + + leave: + if (rc) + { + for (i=0; i<idx; i++) + { + gcry_mpi_release (array[i]); + array[i] = NULL; + } + gcry_sexp_release (list); + } + return rc; +} + + +/* Create a keyblock using the given KEYGRIP. ALGO is the OpenPGP + algorithm of that keygrip. */ +static int +do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip, + kbnode_t pub_root, u32 timestamp, u32 expireval, + int is_subkey) +{ + int err; + PACKET *pkt; + PKT_public_key *pk; + gcry_sexp_t s_key; + const char *algoelem; + + if (hexkeygrip[0] == '&') + hexkeygrip++; + + switch (algo) + { + case PUBKEY_ALGO_RSA: algoelem = "ne"; break; + case PUBKEY_ALGO_DSA: algoelem = "pqgy"; break; + case PUBKEY_ALGO_ELGAMAL_E: algoelem = "pgy"; break; + case PUBKEY_ALGO_ECDH: + case PUBKEY_ALGO_ECDSA: algoelem = ""; break; + case PUBKEY_ALGO_EDDSA: algoelem = ""; break; + default: return gpg_error (GPG_ERR_INTERNAL); + } + + + /* Ask the agent for the public key matching HEXKEYGRIP. */ + { + unsigned char *public; + + err = agent_readkey (ctrl, 0, hexkeygrip, &public); + if (err) + return err; + err = gcry_sexp_sscan (&s_key, NULL, + public, gcry_sexp_canon_len (public, 0, NULL, NULL)); + xfree (public); + if (err) + return err; + } + + /* Build a public key packet. */ + pk = xtrycalloc (1, sizeof *pk); + if (!pk) + { + err = gpg_error_from_syserror (); + gcry_sexp_release (s_key); + return err; + } + + pk->timestamp = timestamp; + pk->version = 4; + if (expireval) + pk->expiredate = pk->timestamp + expireval; + pk->pubkey_algo = algo; + + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH ) + err = ecckey_from_sexp (pk->pkey, s_key, algo); + else + err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem); + if (err) + { + log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) ); + gcry_sexp_release (s_key); + free_public_key (pk); + return err; + } + gcry_sexp_release (s_key); + + pkt = xtrycalloc (1, sizeof *pkt); + if (!pkt) + { + err = gpg_error_from_syserror (); + free_public_key (pk); + return err; + } + + pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY; + pkt->pkt.public_key = pk; + add_kbnode (pub_root, new_kbnode (pkt)); + + return 0; +} + + +/* Common code for the key generation function gen_xxx. */ +static int +common_gen (const char *keyparms, int algo, const char *algoelem, + kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + int err; + PACKET *pkt; + PKT_public_key *pk; + gcry_sexp_t s_key; + + err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms, + !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION), + passphrase, timestamp, + &s_key); + if (err) + { + log_error ("agent_genkey failed: %s\n", gpg_strerror (err) ); + return err; + } + + pk = xtrycalloc (1, sizeof *pk); + if (!pk) + { + err = gpg_error_from_syserror (); + gcry_sexp_release (s_key); + return err; + } + + pk->timestamp = timestamp; + pk->version = 4; + if (expireval) + pk->expiredate = pk->timestamp + expireval; + pk->pubkey_algo = algo; + + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH ) + err = ecckey_from_sexp (pk->pkey, s_key, algo); + else + err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem); + if (err) + { + log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) ); + gcry_sexp_release (s_key); + free_public_key (pk); + return err; + } + gcry_sexp_release (s_key); + + pkt = xtrycalloc (1, sizeof *pkt); + if (!pkt) + { + err = gpg_error_from_syserror (); + free_public_key (pk); + return err; + } + + pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY; + pkt->pkt.public_key = pk; + add_kbnode (pub_root, new_kbnode (pkt)); + + return 0; +} + + +/* + * Generate an Elgamal key. + */ +static int +gen_elg (int algo, unsigned int nbits, KBNODE pub_root, + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + int err; + char *keyparms; + char nbitsstr[35]; + + log_assert (is_ELGAMAL (algo)); + + if (nbits < 1024) + { + nbits = 2048; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + else if (nbits > 4096) + { + nbits = 4096; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + + if ((nbits % 32)) + { + nbits = ((nbits + 31) / 32) * 32; + log_info (_("keysize rounded up to %u bits\n"), nbits ); + } + + /* Note that we use transient-key only if no-protection has also + been enabled. */ + snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); + keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))", + algo == GCRY_PK_ELG_E ? "openpgp-elg" : + algo == GCRY_PK_ELG ? "elg" : "x-oops" , + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); + if (!keyparms) + err = gpg_error_from_syserror (); + else + { + err = common_gen (keyparms, algo, "pgy", + pub_root, timestamp, expireval, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + xfree (keyparms); + } + + return err; +} + + +/* + * Generate an DSA key + */ +static gpg_error_t +gen_dsa (unsigned int nbits, KBNODE pub_root, + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + int err; + unsigned int qbits; + char *keyparms; + char nbitsstr[35]; + char qbitsstr[35]; + + if (nbits < 768) + { + nbits = 2048; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } + else if ( nbits > 3072 ) + { + nbits = 3072; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } + + if( (nbits % 64) ) + { + nbits = ((nbits + 63) / 64) * 64; + log_info(_("keysize rounded up to %u bits\n"), nbits ); + } + + /* To comply with FIPS rules we round up to the next value unless in + expert mode. */ + if (!opt.expert && nbits > 1024 && (nbits % 1024)) + { + nbits = ((nbits + 1023) / 1024) * 1024; + log_info(_("keysize rounded up to %u bits\n"), nbits ); + } + + /* + Figure out a q size based on the key size. FIPS 180-3 says: + + L = 1024, N = 160 + L = 2048, N = 224 + L = 2048, N = 256 + L = 3072, N = 256 + + 2048/256 is an odd pair since there is also a 2048/224 and + 3072/256. Matching sizes is not a very exact science. + + We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024 + but less than 2048, and 160 for 1024 (DSA1). + */ + + if (nbits > 2047) + qbits = 256; + else if ( nbits > 1024) + qbits = 224; + else + qbits = 160; + + if (qbits != 160 ) + log_info (_("WARNING: some OpenPGP programs can't" + " handle a DSA key with this digest size\n")); + + snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); + snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits); + keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))", + strlen (nbitsstr), nbitsstr, + strlen (qbitsstr), qbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); + if (!keyparms) + err = gpg_error_from_syserror (); + else + { + err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy", + pub_root, timestamp, expireval, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + xfree (keyparms); + } + + return err; +} + + + +/* + * Generate an ECC key + */ +static gpg_error_t +gen_ecc (int algo, const char *curve, kbnode_t pub_root, + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + gpg_error_t err; + char *keyparms; + + log_assert (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH); + + if (!curve || !*curve) + return gpg_error (GPG_ERR_UNKNOWN_CURVE); + + /* Map the displayed short forms of some curves to their canonical + * names. */ + if (!ascii_strcasecmp (curve, "cv25519")) + curve = "Curve25519"; + else if (!ascii_strcasecmp (curve, "ed25519")) + curve = "Ed25519"; + + /* Note that we use the "comp" flag with EdDSA to request the use of + a 0x40 compression prefix octet. */ + if (algo == PUBKEY_ALGO_EDDSA) + keyparms = xtryasprintf + ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))", + strlen (curve), curve, + (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + " transient-key" : "")); + else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519")) + keyparms = xtryasprintf + ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))", + strlen (curve), curve, + (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + " transient-key" : "")); + else + keyparms = xtryasprintf + ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))", + strlen (curve), curve, + (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + " transient-key" : "")); + + if (!keyparms) + err = gpg_error_from_syserror (); + else + { + err = common_gen (keyparms, algo, "", + pub_root, timestamp, expireval, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + xfree (keyparms); + } + + return err; +} + + +/* + * Generate an RSA key. + */ +static int +gen_rsa (int algo, unsigned int nbits, KBNODE pub_root, + u32 timestamp, u32 expireval, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + int err; + char *keyparms; + char nbitsstr[35]; + const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096); + + log_assert (is_RSA(algo)); + + if (!nbits) + nbits = get_keysize_range (algo, NULL, NULL); + + if (nbits < 1024) + { + nbits = 3072; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + else if (nbits > maxsize) + { + nbits = maxsize; + log_info (_("keysize invalid; using %u bits\n"), nbits ); + } + + if ((nbits % 32)) + { + nbits = ((nbits + 31) / 32) * 32; + log_info (_("keysize rounded up to %u bits\n"), nbits ); + } + + snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits); + keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))", + strlen (nbitsstr), nbitsstr, + ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY) + && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))? + "(transient-key)" : "" ); + if (!keyparms) + err = gpg_error_from_syserror (); + else + { + err = common_gen (keyparms, algo, "ne", + pub_root, timestamp, expireval, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + xfree (keyparms); + } + + return err; +} + + +/**************** + * check valid days: + * return 0 on error or the multiplier + */ +static int +check_valid_days( const char *s ) +{ + if( !digitp(s) ) + return 0; + for( s++; *s; s++) + if( !digitp(s) ) + break; + if( !*s ) + return 1; + if( s[1] ) + return 0; /* e.g. "2323wc" */ + if( *s == 'd' || *s == 'D' ) + return 1; + if( *s == 'w' || *s == 'W' ) + return 7; + if( *s == 'm' || *s == 'M' ) + return 30; + if( *s == 'y' || *s == 'Y' ) + return 365; + return 0; +} + + +static void +print_key_flags(int flags) +{ + if(flags&PUBKEY_USAGE_SIG) + tty_printf("%s ",_("Sign")); + + if(flags&PUBKEY_USAGE_CERT) + tty_printf("%s ",_("Certify")); + + if(flags&PUBKEY_USAGE_ENC) + tty_printf("%s ",_("Encrypt")); + + if(flags&PUBKEY_USAGE_AUTH) + tty_printf("%s ",_("Authenticate")); +} + + +/* Ask for the key flags and return them. CURRENT gives the current + * usage which should normally be given as 0. MASK gives the allowed + * flags. */ +unsigned int +ask_key_flags_with_mask (int algo, int subkey, unsigned int current, + unsigned int mask) +{ + /* TRANSLATORS: Please use only plain ASCII characters for the + * translation. If this is not possible use single digits. The + * string needs to 8 bytes long. Here is a description of the + * functions: + * + * s = Toggle signing capability + * e = Toggle encryption capability + * a = Toggle authentication capability + * q = Finish + */ + const char *togglers = _("SsEeAaQq"); + char *answer = NULL; + const char *s; + unsigned int possible; + + if ( strlen(togglers) != 8 ) + { + tty_printf ("NOTE: Bad translation at %s:%d. " + "Please report.\n", __FILE__, __LINE__); + togglers = "11223300"; + } + + /* Mask the possible usage flags. This is for example used for a + * card based key. */ + possible = (openpgp_pk_algo_usage (algo) & mask); + + /* However, only primary keys may certify. */ + if (subkey) + possible &= ~PUBKEY_USAGE_CERT; + + /* Preload the current set with the possible set, without + * authentication if CURRENT is 0. If CURRENT is non-zero we mask + * with all possible usages. */ + if (current) + current &= possible; + else + current = (possible&~PUBKEY_USAGE_AUTH); + + for (;;) + { + tty_printf("\n"); + tty_printf(_("Possible actions for a %s key: "), + (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA) + ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo)); + print_key_flags(possible); + tty_printf("\n"); + tty_printf(_("Current allowed actions: ")); + print_key_flags(current); + tty_printf("\n\n"); + + if(possible&PUBKEY_USAGE_SIG) + tty_printf(_(" (%c) Toggle the sign capability\n"), + togglers[0]); + if(possible&PUBKEY_USAGE_ENC) + tty_printf(_(" (%c) Toggle the encrypt capability\n"), + togglers[2]); + if(possible&PUBKEY_USAGE_AUTH) + tty_printf(_(" (%c) Toggle the authenticate capability\n"), + togglers[4]); + + tty_printf(_(" (%c) Finished\n"),togglers[6]); + tty_printf("\n"); + + xfree(answer); + answer = cpr_get("keygen.flags",_("Your selection? ")); + cpr_kill_prompt(); + + if (*answer == '=') + { + /* Hack to allow direct entry of the capabilities. */ + current = 0; + for (s=answer+1; *s; s++) + { + if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG)) + current |= PUBKEY_USAGE_SIG; + else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC)) + current |= PUBKEY_USAGE_ENC; + else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH)) + current |= PUBKEY_USAGE_AUTH; + else if (!subkey && *s == 'c') + { + /* Accept 'c' for the primary key because USAGE_CERT + will be set anyway. This is for folks who + want to experiment with a cert-only primary key. */ + current |= PUBKEY_USAGE_CERT; + } + } + break; + } + else if (strlen(answer)>1) + tty_printf(_("Invalid selection.\n")); + else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7]) + break; + else if((*answer==togglers[0] || *answer==togglers[1]) + && possible&PUBKEY_USAGE_SIG) + { + if(current&PUBKEY_USAGE_SIG) + current&=~PUBKEY_USAGE_SIG; + else + current|=PUBKEY_USAGE_SIG; + } + else if((*answer==togglers[2] || *answer==togglers[3]) + && possible&PUBKEY_USAGE_ENC) + { + if(current&PUBKEY_USAGE_ENC) + current&=~PUBKEY_USAGE_ENC; + else + current|=PUBKEY_USAGE_ENC; + } + else if((*answer==togglers[4] || *answer==togglers[5]) + && possible&PUBKEY_USAGE_AUTH) + { + if(current&PUBKEY_USAGE_AUTH) + current&=~PUBKEY_USAGE_AUTH; + else + current|=PUBKEY_USAGE_AUTH; + } + else + tty_printf(_("Invalid selection.\n")); + } + + xfree(answer); + + return current; +} + + +unsigned int +ask_key_flags (int algo, int subkey, unsigned int current) +{ + return ask_key_flags_with_mask (algo, subkey, current, ~0); +} + + +/* Check whether we have a key for the key with HEXGRIP. Returns 0 if + there is no such key or the OpenPGP algo number for the key. */ +static int +check_keygrip (ctrl_t ctrl, const char *hexgrip) +{ + gpg_error_t err; + unsigned char *public; + size_t publiclen; + int algo; + + if (hexgrip[0] == '&') + hexgrip++; + + err = agent_readkey (ctrl, 0, hexgrip, &public); + if (err) + return 0; + publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL); + + algo = get_pk_algo_from_canon_sexp (public, publiclen); + xfree (public); + + return map_pk_gcry_to_openpgp (algo); +} + + + +/* Ask for an algorithm. The function returns the algorithm id to + * create. If ADDMODE is false the function won't show an option to + * create the primary and subkey combined and won't set R_USAGE + * either. If a combined algorithm has been selected, the subkey + * algorithm is stored at R_SUBKEY_ALGO. If R_KEYGRIP is given, the + * user has the choice to enter the keygrip of an existing key. That + * keygrip is then stored at this address. The caller needs to free + * it. */ +static int +ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage, + char **r_keygrip) +{ + gpg_error_t err; + char *keygrip = NULL; + char *answer = NULL; + int algo; + int dummy_algo; + char *p; + + if (!r_subkey_algo) + r_subkey_algo = &dummy_algo; + + tty_printf (_("Please select what kind of key you want:\n")); + +#if GPG_USE_RSA + if (!addmode) + tty_printf (_(" (%d) RSA and RSA (default)\n"), 1 ); +#endif + + if (!addmode && opt.compliance != CO_DE_VS) + tty_printf (_(" (%d) DSA and Elgamal\n"), 2 ); + + if (opt.compliance != CO_DE_VS) + tty_printf (_(" (%d) DSA (sign only)\n"), 3 ); +#if GPG_USE_RSA + tty_printf (_(" (%d) RSA (sign only)\n"), 4 ); +#endif + + if (addmode) + { + if (opt.compliance != CO_DE_VS) + tty_printf (_(" (%d) Elgamal (encrypt only)\n"), 5 ); +#if GPG_USE_RSA + tty_printf (_(" (%d) RSA (encrypt only)\n"), 6 ); +#endif + } + if (opt.expert) + { + if (opt.compliance != CO_DE_VS) + tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 ); +#if GPG_USE_RSA + tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 ); +#endif + } + +#if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA + if (opt.expert && !addmode) + tty_printf (_(" (%d) ECC and ECC\n"), 9 ); + if (opt.expert) + tty_printf (_(" (%d) ECC (sign only)\n"), 10 ); + if (opt.expert) + tty_printf (_(" (%d) ECC (set your own capabilities)\n"), 11 ); + if (opt.expert && addmode) + tty_printf (_(" (%d) ECC (encrypt only)\n"), 12 ); +#endif + + if (opt.expert && r_keygrip) + tty_printf (_(" (%d) Existing key\n"), 13 ); + if (r_keygrip) + tty_printf (_(" (%d) Existing key from card\n"), 14 ); + + for (;;) + { + *r_usage = 0; + *r_subkey_algo = 0; + xfree (answer); + answer = cpr_get ("keygen.algo", _("Your selection? ")); + cpr_kill_prompt (); + algo = *answer? atoi (answer) : 1; + + if (opt.compliance == CO_DE_VS + && (algo == 2 || algo == 3 || algo == 5 || algo == 7)) + { + tty_printf (_("Invalid selection.\n")); + } + else if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode) + { + algo = PUBKEY_ALGO_RSA; + *r_subkey_algo = PUBKEY_ALGO_RSA; + break; + } + else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode) + { + algo = PUBKEY_ALGO_DSA; + *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E; + break; + } + else if (algo == 3 || !strcmp (answer, "dsa")) + { + algo = PUBKEY_ALGO_DSA; + *r_usage = PUBKEY_USAGE_SIG; + break; + } + else if (algo == 4 || !strcmp (answer, "rsa/s")) + { + algo = PUBKEY_ALGO_RSA; + *r_usage = PUBKEY_USAGE_SIG; + break; + } + else if ((algo == 5 || !strcmp (answer, "elg")) && addmode) + { + algo = PUBKEY_ALGO_ELGAMAL_E; + *r_usage = PUBKEY_USAGE_ENC; + break; + } + else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode) + { + algo = PUBKEY_ALGO_RSA; + *r_usage = PUBKEY_USAGE_ENC; + break; + } + else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert) + { + algo = PUBKEY_ALGO_DSA; + *r_usage = ask_key_flags (algo, addmode, 0); + break; + } + else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert) + { + algo = PUBKEY_ALGO_RSA; + *r_usage = ask_key_flags (algo, addmode, 0); + break; + } + else if ((algo == 9 || !strcmp (answer, "ecc+ecc")) + && opt.expert && !addmode) + { + algo = PUBKEY_ALGO_ECDSA; + *r_subkey_algo = PUBKEY_ALGO_ECDH; + break; + } + else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert) + { + algo = PUBKEY_ALGO_ECDSA; + *r_usage = PUBKEY_USAGE_SIG; + break; + } + else if ((algo == 11 || !strcmp (answer, "ecc/*")) && opt.expert) + { + algo = PUBKEY_ALGO_ECDSA; + *r_usage = ask_key_flags (algo, addmode, 0); + break; + } + else if ((algo == 12 || !strcmp (answer, "ecc/e")) + && opt.expert && addmode) + { + algo = PUBKEY_ALGO_ECDH; + *r_usage = PUBKEY_USAGE_ENC; + break; + } + else if ((algo == 13 || !strcmp (answer, "keygrip")) + && opt.expert && r_keygrip) + { + for (;;) + { + xfree (answer); + answer = cpr_get ("keygen.keygrip", _("Enter the keygrip: ")); + cpr_kill_prompt (); + trim_spaces (answer); + if (!*answer) + { + xfree (answer); + answer = NULL; + continue; + } + + if (strlen (answer) != 40 && + !(answer[0] == '&' && strlen (answer+1) == 40)) + tty_printf + (_("Not a valid keygrip (expecting 40 hex digits)\n")); + else if (!(algo = check_keygrip (ctrl, answer)) ) + tty_printf (_("No key with this keygrip\n")); + else + break; /* Okay. */ + } + xfree (keygrip); + keygrip = answer; + answer = NULL; + *r_usage = ask_key_flags (algo, addmode, 0); + break; + } + else if ((algo == 14 || !strcmp (answer, "cardkey")) && r_keygrip) + { + char *serialno; + strlist_t keypairlist, sl; + int count, selection; + + err = agent_scd_serialno (&serialno, NULL); + if (err) + { + tty_printf (_("error reading the card: %s\n"), + gpg_strerror (err)); + goto ask_again; + } + tty_printf (_("Serial number of the card: %s\n"), serialno); + xfree (serialno); + + err = agent_scd_keypairinfo (ctrl, &keypairlist); + if (err) + { + tty_printf (_("error reading the card: %s\n"), + gpg_strerror (err)); + goto ask_again; + } + + do + { + tty_printf (_("Available keys:\n")); + for (count=1,sl=keypairlist; sl; sl = sl->next, count++) + { + gcry_sexp_t s_pkey; + char *algostr = NULL; + enum gcry_pk_algos algoid = 0; + const char *keyref; + int any = 0; + + keyref = strchr (sl->d, ' '); + if (keyref) + { + keyref++; + if (!agent_scd_readkey (keyref, &s_pkey)) + { + algostr = pubkey_algo_string (s_pkey, &algoid); + gcry_sexp_release (s_pkey); + } + } + /* We use the flags also encode the algo for use + * below. We need to tweak the algo in case + * GCRY_PK_ECC is returned becuase pubkey_algo_string + * is not aware of the OpenPGP algo mapping. + * FIXME: This is an ugly hack. */ + sl->flags &= 0xff; + if (algoid == GCRY_PK_ECC + && algostr && !strncmp (algostr, "nistp", 5) + && !(sl->flags & GCRY_PK_USAGE_ENCR)) + sl->flags |= (PUBKEY_ALGO_ECDSA << 8); + else if (algoid == GCRY_PK_ECC + && algostr && !strncmp (algostr, "brainpool", 9) + && !(sl->flags & GCRY_PK_USAGE_ENCR)) + sl->flags |= (PUBKEY_ALGO_ECDSA << 8); + else if (algoid == GCRY_PK_ECC + && algostr && !strcmp (algostr, "ed25519") + && !(sl->flags & GCRY_PK_USAGE_ENCR)) + sl->flags = (PUBKEY_ALGO_EDDSA << 8); + else + sl->flags |= (map_pk_gcry_to_openpgp (algoid) << 8); + + tty_printf (" (%d) %s %s", count, sl->d, algostr); + if ((sl->flags & GCRY_PK_USAGE_CERT)) + { + tty_printf ("%scert", any?",":" ("); + any = 1; + } + if ((sl->flags & GCRY_PK_USAGE_SIGN)) + { + tty_printf ("%ssign", any?",":" ("); + any = 1; + } + if ((sl->flags & GCRY_PK_USAGE_AUTH)) + { + tty_printf ("%sauth", any?",":" ("); + any = 1; + } + if ((sl->flags & GCRY_PK_USAGE_ENCR)) + { + tty_printf ("%sencr", any?",":" ("); + any = 1; + } + tty_printf ("%s\n", any?")":""); + xfree (algostr); + } + + xfree (answer); + answer = cpr_get ("keygen.cardkey", _("Your selection? ")); + cpr_kill_prompt (); + trim_spaces (answer); + selection = atoi (answer); + } + while (!(selection > 0 && selection < count)); + + for (count=1,sl=keypairlist; sl; sl = sl->next, count++) + if (count == selection) + break; + if (!sl) + { + /* Just in case COUNT is zero (no keys). */ + free_strlist (keypairlist); + goto ask_again; + } + + xfree (keygrip); + keygrip = xstrdup (sl->d); + if ((p = strchr (keygrip, ' '))) + *p = 0; + algo = (sl->flags >>8); + if (opt.expert) + *r_usage = ask_key_flags_with_mask (algo, addmode, + (sl->flags & 0xff), + (sl->flags & 0xff)); + else + { + *r_usage = (sl->flags & 0xff); + if (addmode) + *r_usage &= ~GCRY_PK_USAGE_CERT; + } + free_strlist (keypairlist); + break; + } + else + tty_printf (_("Invalid selection.\n")); + + ask_again: + ; + } + + xfree(answer); + if (r_keygrip) + *r_keygrip = keygrip; + return algo; +} + + +static unsigned int +get_keysize_range (int algo, unsigned int *min, unsigned int *max) +{ + unsigned int def; + unsigned int dummy1, dummy2; + + if (!min) + min = &dummy1; + if (!max) + max = &dummy2; + + switch(algo) + { + case PUBKEY_ALGO_DSA: + *min = opt.expert? 768 : 1024; + *max=3072; + def=2048; + break; + + case PUBKEY_ALGO_ECDSA: + case PUBKEY_ALGO_ECDH: + *min=256; + *max=521; + def=256; + break; + + case PUBKEY_ALGO_EDDSA: + *min=255; + *max=441; + def=255; + break; + + default: + *min = opt.compliance == CO_DE_VS ? 2048: 1024; + *max = 4096; + def = 3072; + break; + } + + return def; +} + + +/* Return a fixed up keysize depending on ALGO. */ +static unsigned int +fixup_keysize (unsigned int nbits, int algo, int silent) +{ + if (algo == PUBKEY_ALGO_DSA && (nbits % 64)) + { + nbits = ((nbits + 63) / 64) * 64; + if (!silent) + tty_printf (_("rounded up to %u bits\n"), nbits); + } + else if (algo == PUBKEY_ALGO_EDDSA) + { + if (nbits != 255 && nbits != 441) + { + if (nbits < 256) + nbits = 255; + else + nbits = 441; + if (!silent) + tty_printf (_("rounded to %u bits\n"), nbits); + } + } + else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA) + { + if (nbits != 256 && nbits != 384 && nbits != 521) + { + if (nbits < 256) + nbits = 256; + else if (nbits < 384) + nbits = 384; + else + nbits = 521; + if (!silent) + tty_printf (_("rounded to %u bits\n"), nbits); + } + } + else if ((nbits % 32)) + { + nbits = ((nbits + 31) / 32) * 32; + if (!silent) + tty_printf (_("rounded up to %u bits\n"), nbits ); + } + + return nbits; +} + + +/* Ask for the key size. ALGO is the algorithm. If PRIMARY_KEYSIZE + is not 0, the function asks for the size of the encryption + subkey. */ +static unsigned +ask_keysize (int algo, unsigned int primary_keysize) +{ + unsigned int nbits; + unsigned int min, def, max; + int for_subkey = !!primary_keysize; + int autocomp = 0; + + def = get_keysize_range (algo, &min, &max); + + if (primary_keysize && !opt.expert) + { + /* Deduce the subkey size from the primary key size. */ + if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072) + nbits = 3072; /* For performance reasons we don't support more + than 3072 bit DSA. However we won't see this + case anyway because DSA can't be used as an + encryption subkey ;-). */ + else + nbits = primary_keysize; + autocomp = 1; + goto leave; + } + + tty_printf(_("%s keys may be between %u and %u bits long.\n"), + openpgp_pk_algo_name (algo), min, max); + + for (;;) + { + char *prompt, *answer; + + if (for_subkey) + prompt = xasprintf (_("What keysize do you want " + "for the subkey? (%u) "), def); + else + prompt = xasprintf (_("What keysize do you want? (%u) "), def); + answer = cpr_get ("keygen.size", prompt); + cpr_kill_prompt (); + nbits = *answer? atoi (answer): def; + xfree(prompt); + xfree(answer); + + if(nbits<min || nbits>max) + tty_printf(_("%s keysizes must be in the range %u-%u\n"), + openpgp_pk_algo_name (algo), min, max); + else + break; + } + + tty_printf (_("Requested keysize is %u bits\n"), nbits); + + leave: + nbits = fixup_keysize (nbits, algo, autocomp); + return nbits; +} + + +/* Ask for the curve. ALGO is the selected algorithm which this + function may adjust. Returns a const string of the name of the + curve. */ +const char * +ask_curve (int *algo, int *subkey_algo, const char *current) +{ + /* NB: We always use a complete algo list so that we have stable + numbers in the menu regardless on how Gpg was configured. */ + struct { + const char *name; + const char* eddsa_curve; /* Corresponding EdDSA curve. */ + const char *pretty_name; + unsigned int supported : 1; /* Supported by gpg. */ + unsigned int de_vs : 1; /* Allowed in CO_DE_VS. */ + unsigned int expert_only : 1; /* Only with --expert */ + unsigned int available : 1; /* Available in Libycrypt (runtime checked) */ + } curves[] = { +#if GPG_USE_ECDSA || GPG_USE_ECDH +# define MY_USE_ECDSADH 1 +#else +# define MY_USE_ECDSADH 0 +#endif + { "Curve25519", "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 }, + { "Curve448", "Ed448", "Curve 448", 0/*reserved*/ , 0, 1, 0 }, + { "NIST P-256", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, + { "NIST P-384", NULL, NULL, MY_USE_ECDSADH, 0, 0, 0 }, + { "NIST P-521", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, + { "brainpoolP256r1", NULL, "Brainpool P-256", MY_USE_ECDSADH, 1, 1, 0 }, + { "brainpoolP384r1", NULL, "Brainpool P-384", MY_USE_ECDSADH, 1, 1, 0 }, + { "brainpoolP512r1", NULL, "Brainpool P-512", MY_USE_ECDSADH, 1, 1, 0 }, + { "secp256k1", NULL, NULL, MY_USE_ECDSADH, 0, 1, 0 }, + }; +#undef MY_USE_ECDSADH + int idx; + char *answer; + const char *result = NULL; + gcry_sexp_t keyparms; + + tty_printf (_("Please select which elliptic curve you want:\n")); + + keyparms = NULL; + for (idx=0; idx < DIM(curves); idx++) + { + int rc; + + curves[idx].available = 0; + if (!curves[idx].supported) + continue; + + if (opt.compliance==CO_DE_VS) + { + if (!curves[idx].de_vs) + continue; /* Not allowed. */ + } + else if (!opt.expert && curves[idx].expert_only) + continue; + + /* We need to switch from the ECDH name of the curve to the + EDDSA name of the curve if we want a signing key. */ + gcry_sexp_release (keyparms); + rc = gcry_sexp_build (&keyparms, NULL, + "(public-key(ecc(curve %s)))", + curves[idx].eddsa_curve? curves[idx].eddsa_curve + /**/ : curves[idx].name); + if (rc) + continue; + if (!gcry_pk_get_curve (keyparms, 0, NULL)) + continue; + if (subkey_algo && curves[idx].eddsa_curve) + { + /* Both Curve 25519 (or 448) keys are to be created. Check that + Libgcrypt also supports the real Curve25519 (or 448). */ + gcry_sexp_release (keyparms); + rc = gcry_sexp_build (&keyparms, NULL, + "(public-key(ecc(curve %s)))", + curves[idx].name); + if (rc) + continue; + if (!gcry_pk_get_curve (keyparms, 0, NULL)) + continue; + } + + curves[idx].available = 1; + tty_printf (" (%d) %s\n", idx + 1, + curves[idx].pretty_name? + curves[idx].pretty_name:curves[idx].name); + } + gcry_sexp_release (keyparms); + + + for (;;) + { + answer = cpr_get ("keygen.curve", _("Your selection? ")); + cpr_kill_prompt (); + idx = *answer? atoi (answer) : 1; + if (!*answer && current) + { + xfree(answer); + return NULL; + } + else if (*answer && !idx) + { + /* See whether the user entered the name of the curve. */ + for (idx=0; idx < DIM(curves); idx++) + { + if (!opt.expert && curves[idx].expert_only) + continue; + if (!stricmp (curves[idx].name, answer) + || (curves[idx].pretty_name + && !stricmp (curves[idx].pretty_name, answer))) + break; + } + if (idx == DIM(curves)) + idx = -1; + } + else + idx--; + xfree(answer); + answer = NULL; + if (idx < 0 || idx >= DIM (curves) || !curves[idx].available) + tty_printf (_("Invalid selection.\n")); + else + { + /* If the user selected a signing algorithm and Curve25519 + we need to set the algo to EdDSA and update the curve name. + If switching away from EdDSA, we need to set the algo back + to ECDSA. */ + if (*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA) + { + if (curves[idx].eddsa_curve) + { + if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA) + *subkey_algo = PUBKEY_ALGO_EDDSA; + *algo = PUBKEY_ALGO_EDDSA; + result = curves[idx].eddsa_curve; + } + else + { + if (subkey_algo && *subkey_algo == PUBKEY_ALGO_EDDSA) + *subkey_algo = PUBKEY_ALGO_ECDSA; + *algo = PUBKEY_ALGO_ECDSA; + result = curves[idx].name; + } + } + else + result = curves[idx].name; + break; + } + } + + if (!result) + result = curves[0].name; + + return result; +} + + +/**************** + * Parse an expire string and return its value in seconds. + * Returns (u32)-1 on error. + * This isn't perfect since scan_isodatestr returns unix time, and + * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset. + * Because of this, we only permit setting expirations up to 2106, but + * OpenPGP could theoretically allow up to 2242. I think we'll all + * just cope for the next few years until we get a 64-bit time_t or + * similar. + */ +u32 +parse_expire_string( const char *string ) +{ + int mult; + u32 seconds; + u32 abs_date = 0; + u32 curtime = make_timestamp (); + time_t tt; + + if (!string || !*string || !strcmp (string, "none") + || !strcmp (string, "never") || !strcmp (string, "-")) + seconds = 0; + else if (!strncmp (string, "seconds=", 8)) + seconds = atoi (string+8); + else if ((abs_date = scan_isodatestr(string)) + && (abs_date+86400/2) > curtime) + seconds = (abs_date+86400/2) - curtime; + else if ((tt = isotime2epoch (string)) != (time_t)(-1)) + seconds = (u32)tt - curtime; + else if ((mult = check_valid_days (string))) + seconds = atoi (string) * 86400L * mult; + else + seconds = (u32)(-1); + + return seconds; +} + +/* Parse a Creation-Date string which is either "1986-04-26" or + "19860426T042640". Returns 0 on error. */ +static u32 +parse_creation_string (const char *string) +{ + u32 seconds; + + if (!*string) + seconds = 0; + else if ( !strncmp (string, "seconds=", 8) ) + seconds = atoi (string+8); + else if ( !(seconds = scan_isodatestr (string))) + { + time_t tmp = isotime2epoch (string); + seconds = (tmp == (time_t)(-1))? 0 : tmp; + } + return seconds; +} + + +/* object == 0 for a key, and 1 for a sig */ +u32 +ask_expire_interval(int object,const char *def_expire) +{ + u32 interval; + char *answer; + + switch(object) + { + case 0: + if(def_expire) + BUG(); + tty_printf(_("Please specify how long the key should be valid.\n" + " 0 = key does not expire\n" + " <n> = key expires in n days\n" + " <n>w = key expires in n weeks\n" + " <n>m = key expires in n months\n" + " <n>y = key expires in n years\n")); + break; + + case 1: + if(!def_expire) + BUG(); + tty_printf(_("Please specify how long the signature should be valid.\n" + " 0 = signature does not expire\n" + " <n> = signature expires in n days\n" + " <n>w = signature expires in n weeks\n" + " <n>m = signature expires in n months\n" + " <n>y = signature expires in n years\n")); + break; + + default: + BUG(); + } + + /* Note: The elgamal subkey for DSA has no expiration date because + * it must be signed with the DSA key and this one has the expiration + * date */ + + answer = NULL; + for(;;) + { + u32 curtime; + + xfree(answer); + if(object==0) + answer = cpr_get("keygen.valid",_("Key is valid for? (0) ")); + else + { + char *prompt; + + prompt = xasprintf (_("Signature is valid for? (%s) "), def_expire); + answer = cpr_get("siggen.valid",prompt); + xfree(prompt); + + if(*answer=='\0') + answer=xstrdup(def_expire); + } + cpr_kill_prompt(); + trim_spaces(answer); + curtime = make_timestamp (); + interval = parse_expire_string( answer ); + if( interval == (u32)-1 ) + { + tty_printf(_("invalid value\n")); + continue; + } + + if( !interval ) + { + tty_printf((object==0) + ? _("Key does not expire at all\n") + : _("Signature does not expire at all\n")); + } + else + { + tty_printf(object==0 + ? _("Key expires at %s\n") + : _("Signature expires at %s\n"), + asctimestamp((ulong)(curtime + interval) ) ); +#if SIZEOF_TIME_T <= 4 && !defined (HAVE_UNSIGNED_TIME_T) + if ( (time_t)((ulong)(curtime+interval)) < 0 ) + tty_printf (_("Your system can't display dates beyond 2038.\n" + "However, it will be correctly handled up to" + " 2106.\n")); + else +#endif /*SIZEOF_TIME_T*/ + if ( (time_t)((unsigned long)(curtime+interval)) < curtime ) + { + tty_printf (_("invalid value\n")); + continue; + } + } + + if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay", + _("Is this correct? (y/N) ")) ) + break; + } + + xfree(answer); + return interval; +} + +u32 +ask_expiredate() +{ + u32 x = ask_expire_interval(0,NULL); + return x? make_timestamp() + x : 0; +} + + + +static PKT_user_id * +uid_from_string (const char *string) +{ + size_t n; + PKT_user_id *uid; + + n = strlen (string); + uid = xmalloc_clear (sizeof *uid + n); + uid->len = n; + strcpy (uid->name, string); + uid->ref = 1; + return uid; +} + + +/* Return true if the user id UID already exists in the keyblock. */ +static int +uid_already_in_keyblock (kbnode_t keyblock, const char *uid) +{ + PKT_user_id *uidpkt = uid_from_string (uid); + kbnode_t node; + int result = 0; + + for (node=keyblock; node && !result; node=node->next) + if (!is_deleted_kbnode (node) + && node->pkt->pkttype == PKT_USER_ID + && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id)) + result = 1; + free_user_id (uidpkt); + return result; +} + + +/* Ask for a user ID. With a MODE of 1 an extra help prompt is + printed for use during a new key creation. If KEYBLOCK is not NULL + the function prevents the creation of an already existing user + ID. IF FULL is not set some prompts are not shown. */ +static char * +ask_user_id (int mode, int full, KBNODE keyblock) +{ + char *answer; + char *aname, *acomment, *amail, *uid; + + if ( !mode ) + { + /* TRANSLATORS: This is the new string telling the user what + gpg is now going to do (i.e. ask for the parts of the user + ID). Note that if you do not translate this string, a + different string will be used, which might still have + a correct translation. */ + const char *s1 = + N_("\n" + "GnuPG needs to construct a user ID to identify your key.\n" + "\n"); + const char *s2 = _(s1); + + if (!strcmp (s1, s2)) + { + /* There is no translation for the string thus we to use + the old info text. gettext has no way to tell whether + a translation is actually available, thus we need to + to compare again. */ + /* TRANSLATORS: This string is in general not anymore used + but you should keep your existing translation. In case + the new string is not translated this old string will + be used. */ + const char *s3 = N_("\n" +"You need a user ID to identify your key; " + "the software constructs the user ID\n" +"from the Real Name, Comment and Email Address in this form:\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n"); + const char *s4 = _(s3); + if (strcmp (s3, s4)) + s2 = s3; /* A translation exists - use it. */ + } + tty_printf ("%s", s2) ; + } + uid = aname = acomment = amail = NULL; + for(;;) { + char *p; + int fail=0; + + if( !aname ) { + for(;;) { + xfree(aname); + aname = cpr_get("keygen.name",_("Real name: ")); + trim_spaces(aname); + cpr_kill_prompt(); + + if( opt.allow_freeform_uid ) + break; + + if( strpbrk( aname, "<>" ) ) + { + tty_printf(_("Invalid character in name\n")); + tty_printf(_("The characters '%s' and '%s' may not " + "appear in name\n"), "<", ">"); + } + else if( digitp(aname) ) + tty_printf(_("Name may not start with a digit\n")); + else if (*aname && strlen (aname) < 5) + { + tty_printf(_("Name must be at least 5 characters long\n")); + /* However, we allow an empty name. */ + } + else + break; + } + } + if( !amail ) { + for(;;) { + xfree(amail); + amail = cpr_get("keygen.email",_("Email address: ")); + trim_spaces(amail); + cpr_kill_prompt(); + if( !*amail || opt.allow_freeform_uid ) + break; /* no email address is okay */ + else if ( !is_valid_mailbox (amail) ) + tty_printf(_("Not a valid email address\n")); + else + break; + } + } + if (!acomment) { + if (full) { + for(;;) { + xfree(acomment); + acomment = cpr_get("keygen.comment",_("Comment: ")); + trim_spaces(acomment); + cpr_kill_prompt(); + if( !*acomment ) + break; /* no comment is okay */ + else if( strpbrk( acomment, "()" ) ) + tty_printf(_("Invalid character in comment\n")); + else + break; + } + } + else { + xfree (acomment); + acomment = xstrdup (""); + } + } + + + xfree(uid); + uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10); + if (!*aname && *amail && !*acomment && !random_is_faked ()) + { /* Empty name and comment but with mail address. Use + simplified form with only the non-angle-bracketed mail + address. */ + p = stpcpy (p, amail); + } + else + { + p = stpcpy (p, aname ); + if (*acomment) + p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")"); + if (*amail) + p = stpcpy(stpcpy(stpcpy(p," <"), amail),">"); + } + + /* Append a warning if the RNG is switched into fake mode. */ + if ( random_is_faked () ) + strcpy(p, " (insecure!)" ); + + /* print a note in case that UTF8 mapping has to be done */ + for(p=uid; *p; p++ ) { + if( *p & 0x80 ) { + tty_printf(_("You are using the '%s' character set.\n"), + get_native_charset() ); + break; + } + } + + tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); + + if( !*amail && !opt.allow_freeform_uid + && (strchr( aname, '@' ) || strchr( acomment, '@'))) { + fail = 1; + tty_printf(_("Please don't put the email address " + "into the real name or the comment\n") ); + } + + if (!fail && keyblock) + { + if (uid_already_in_keyblock (keyblock, uid)) + { + tty_printf (_("Such a user ID already exists on this key!\n")); + fail = 1; + } + } + + for(;;) { + /* TRANSLATORS: These are the allowed answers in + lower and uppercase. Below you will find the matching + string which should be translated accordingly and the + letter changed to match the one in the answer string. + + n = Change name + c = Change comment + e = Change email + o = Okay (ready, continue) + q = Quit + */ + const char *ansstr = _("NnCcEeOoQq"); + + if( strlen(ansstr) != 10 ) + BUG(); + if( cpr_enabled() ) { + answer = xstrdup (ansstr + (fail?8:6)); + answer[1] = 0; + } + else if (full) { + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") : + _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? ")); + cpr_kill_prompt(); + } + else { + answer = cpr_get("keygen.userid.cmd", fail? + _("Change (N)ame, (E)mail, or (Q)uit? ") : + _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? ")); + cpr_kill_prompt(); + } + if( strlen(answer) > 1 ) + ; + else if( *answer == ansstr[0] || *answer == ansstr[1] ) { + xfree(aname); aname = NULL; + break; + } + else if( *answer == ansstr[2] || *answer == ansstr[3] ) { + xfree(acomment); acomment = NULL; + break; + } + else if( *answer == ansstr[4] || *answer == ansstr[5] ) { + xfree(amail); amail = NULL; + break; + } + else if( *answer == ansstr[6] || *answer == ansstr[7] ) { + if( fail ) { + tty_printf(_("Please correct the error first\n")); + } + else { + xfree(aname); aname = NULL; + xfree(acomment); acomment = NULL; + xfree(amail); amail = NULL; + break; + } + } + else if( *answer == ansstr[8] || *answer == ansstr[9] ) { + xfree(aname); aname = NULL; + xfree(acomment); acomment = NULL; + xfree(amail); amail = NULL; + xfree(uid); uid = NULL; + break; + } + xfree(answer); + } + xfree(answer); + if (!amail && !acomment) + break; + xfree(uid); uid = NULL; + } + if( uid ) { + char *p = native_to_utf8( uid ); + xfree( uid ); + uid = p; + } + return uid; +} + + +/* Basic key generation. Here we divert to the actual generation + routines based on the requested algorithm. */ +static int +do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root, + u32 timestamp, u32 expiredate, int is_subkey, + int keygen_flags, const char *passphrase, + char **cache_nonce_addr, char **passwd_nonce_addr) +{ + gpg_error_t err; + + /* Fixme: The entropy collecting message should be moved to a + libgcrypt progress handler. */ + if (!opt.batch) + tty_printf (_( +"We need to generate a lot of random bytes. It is a good idea to perform\n" +"some other action (type on the keyboard, move the mouse, utilize the\n" +"disks) during the prime generation; this gives the random number\n" +"generator a better chance to gain enough entropy.\n") ); + + if (algo == PUBKEY_ALGO_ELGAMAL_E) + err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + else if (algo == PUBKEY_ALGO_DSA) + err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + else if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + else if (algo == PUBKEY_ALGO_RSA) + err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey, + keygen_flags, passphrase, + cache_nonce_addr, passwd_nonce_addr); + else + BUG(); + + return err; +} + + +/* Generate a new user id packet or return NULL if canceled. If + KEYBLOCK is not NULL the function prevents the creation of an + already existing user ID. If UIDSTR is not NULL the user is not + asked but UIDSTR is used to create the user id packet; if the user + id already exists NULL is returned. UIDSTR is expected to be utf-8 + encoded and should have already been checked for a valid length + etc. */ +PKT_user_id * +generate_user_id (KBNODE keyblock, const char *uidstr) +{ + PKT_user_id *uid; + char *p; + + if (uidstr) + { + if (uid_already_in_keyblock (keyblock, uidstr)) + return NULL; /* Already exists. */ + uid = uid_from_string (uidstr); + } + else + { + p = ask_user_id (1, 1, keyblock); + if (!p) + return NULL; /* Canceled. */ + uid = uid_from_string (p); + xfree (p); + } + return uid; +} + + +/* Helper for parse_key_parameter_string for one part of the + * specification string; i.e. ALGO/FLAGS. If STRING is NULL or empty + * success is returned. On error an error code is returned. Note + * that STRING may be modified by this function. NULL may be passed + * for any parameter. FOR_SUBKEY shall be true if this is used as a + * subkey. If CLEAR_CERT is set a default CERT usage will be cleared; + * this is useful if for example the default algorithm is used for a + * subkey. */ +static gpg_error_t +parse_key_parameter_part (ctrl_t ctrl, + char *string, int for_subkey, int clear_cert, + int *r_algo, unsigned int *r_size, + unsigned int *r_keyuse, + char const **r_curve, + char **r_keygrip) +{ + gpg_error_t err; + char *flags; + int algo; + char *endp; + const char *curve = NULL; + int ecdh_or_ecdsa = 0; + unsigned int size; + int keyuse; + int i; + const char *s; + int from_card = 0; + char *keygrip = NULL; + + if (!string || !*string) + return 0; /* Success. */ + + flags = strchr (string, '/'); + if (flags) + *flags++ = 0; + + algo = 0; + if (!ascii_strcasecmp (string, "card")) + from_card = 1; + else if (strlen (string) >= 3 && (digitp (string+3) || !string[3])) + { + if (!ascii_memcasecmp (string, "rsa", 3)) + algo = PUBKEY_ALGO_RSA; + else if (!ascii_memcasecmp (string, "dsa", 3)) + algo = PUBKEY_ALGO_DSA; + else if (!ascii_memcasecmp (string, "elg", 3)) + algo = PUBKEY_ALGO_ELGAMAL_E; + } + + if (from_card) + ; /* We need the flags before we can figure out the key to use. */ + else if (algo) + { + if (!string[3]) + size = get_keysize_range (algo, NULL, NULL); + else + { + size = strtoul (string+3, &endp, 10); + if (size < 512 || size > 16384 || *endp) + return gpg_error (GPG_ERR_INV_VALUE); + } + } + else if ((curve = openpgp_is_curve_supported (string, &algo, &size))) + { + if (!algo) + { + algo = PUBKEY_ALGO_ECDH; /* Default ECC algorithm. */ + ecdh_or_ecdsa = 1; /* We may need to switch the algo. */ + } + } + else + return gpg_error (GPG_ERR_UNKNOWN_CURVE); + + /* Parse the flags. */ + keyuse = 0; + if (flags) + { + char **tokens = NULL; + + tokens = strtokenize (flags, ","); + if (!tokens) + return gpg_error_from_syserror (); + + for (i=0; (s = tokens[i]); i++) + { + if (!*s) + ; + else if (!ascii_strcasecmp (s, "sign")) + keyuse |= PUBKEY_USAGE_SIG; + else if (!ascii_strcasecmp (s, "encrypt") + || !ascii_strcasecmp (s, "encr")) + keyuse |= PUBKEY_USAGE_ENC; + else if (!ascii_strcasecmp (s, "auth")) + keyuse |= PUBKEY_USAGE_AUTH; + else if (!ascii_strcasecmp (s, "cert")) + keyuse |= PUBKEY_USAGE_CERT; + else if (!ascii_strcasecmp (s, "ecdsa") && !from_card) + { + if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA) + algo = PUBKEY_ALGO_ECDSA; + else + { + xfree (tokens); + return gpg_error (GPG_ERR_INV_FLAG); + } + ecdh_or_ecdsa = 0; + } + else if (!ascii_strcasecmp (s, "ecdh") && !from_card) + { + if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA) + algo = PUBKEY_ALGO_ECDH; + else + { + xfree (tokens); + return gpg_error (GPG_ERR_INV_FLAG); + } + ecdh_or_ecdsa = 0; + } + else if (!ascii_strcasecmp (s, "eddsa") && !from_card) + { + /* Not required but we allow it for consistency. */ + if (algo == PUBKEY_ALGO_EDDSA) + ; + else + { + xfree (tokens); + return gpg_error (GPG_ERR_INV_FLAG); + } + } + else + { + xfree (tokens); + return gpg_error (GPG_ERR_UNKNOWN_FLAG); + } + } + + xfree (tokens); + } + + /* If not yet decided switch between ecdh and ecdsa unless we want + * to read the algo from the current card. */ + if (from_card) + { + strlist_t keypairlist, sl; + char *reqkeyref; + + if (!keyuse) + keyuse = (for_subkey? PUBKEY_USAGE_ENC + /* */ : (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)); + + /* Access the card to make sure we have one and to show the S/N. */ + { + char *serialno; + + err = agent_scd_serialno (&serialno, NULL); + if (err) + { + log_error (_("error reading the card: %s\n"), gpg_strerror (err)); + return err; + } + if (!opt.quiet) + log_info (_("Serial number of the card: %s\n"), serialno); + xfree (serialno); + } + + err = agent_scd_keypairinfo (ctrl, &keypairlist); + if (err) + { + log_error (_("error reading the card: %s\n"), gpg_strerror (err)); + return err; + } + agent_scd_getattr_one ((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)) + ? "$SIGNKEYID":"$ENCRKEYID", &reqkeyref); + + algo = 0; /* Should already be the case. */ + for (sl=keypairlist; sl && !algo; sl = sl->next) + { + gcry_sexp_t s_pkey; + char *algostr = NULL; + enum gcry_pk_algos algoid = 0; + const char *keyref; + + if (!reqkeyref) + continue; /* Card does not provide the info (skip all). */ + + keyref = strchr (sl->d, ' '); + if (!keyref) + continue; /* Ooops. */ + keyref++; + if (strcmp (reqkeyref, keyref)) + continue; /* This is not the requested keyref. */ + + if ((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_CERT)) + && (sl->flags & (GCRY_PK_USAGE_SIGN|GCRY_PK_USAGE_CERT))) + ; /* Okay */ + else if ((keyuse & PUBKEY_USAGE_ENC) + && (sl->flags & GCRY_PK_USAGE_ENCR)) + ; /* Okay */ + else + continue; /* Not usable for us. */ + + if (agent_scd_readkey (keyref, &s_pkey)) + continue; /* Could not read the key. */ + + algostr = pubkey_algo_string (s_pkey, &algoid); + gcry_sexp_release (s_pkey); + + + /* Map to OpenPGP algo number. + * We need to tweak the algo in case GCRY_PK_ECC is returned + * because pubkey_algo_string is not aware of the OpenPGP + * algo mapping. FIXME: This is an ugly hack. */ + if (algoid == GCRY_PK_ECC + && algostr && !strncmp (algostr, "nistp", 5) + && !(sl->flags & GCRY_PK_USAGE_ENCR)) + algo = PUBKEY_ALGO_ECDSA; + else if (algoid == GCRY_PK_ECC + && algostr && !strcmp (algostr, "ed25519") + && !(sl->flags & GCRY_PK_USAGE_ENCR)) + algo = PUBKEY_ALGO_EDDSA; + else + algo = map_pk_gcry_to_openpgp (algoid); + + xfree (algostr); + xfree (keygrip); + keygrip = xtrystrdup (sl->d); + if (!keygrip) + { + err = gpg_error_from_syserror (); + xfree (reqkeyref); + free_strlist (keypairlist); + return err; + } + if ((endp = strchr (keygrip, ' '))) + *endp = 0; + } + + xfree (reqkeyref); + free_strlist (keypairlist); + if (!algo || !keygrip) + { + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + log_error ("no usable key on the card: %s\n", gpg_strerror (err)); + xfree (keygrip); + return err; + } + } + else if (ecdh_or_ecdsa && keyuse) + algo = (keyuse & PUBKEY_USAGE_ENC)? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA; + else if (ecdh_or_ecdsa) + algo = for_subkey? PUBKEY_ALGO_ECDH : PUBKEY_ALGO_ECDSA; + + /* Set or fix key usage. */ + if (!keyuse) + { + if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_DSA) + keyuse = PUBKEY_USAGE_SIG; + else if (algo == PUBKEY_ALGO_RSA) + keyuse = for_subkey? PUBKEY_USAGE_ENC : PUBKEY_USAGE_SIG; + else + keyuse = PUBKEY_USAGE_ENC; + } + else if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_DSA) + { + keyuse &= ~PUBKEY_USAGE_ENC; /* Forbid encryption. */ + } + else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ELGAMAL_E) + { + keyuse = PUBKEY_USAGE_ENC; /* Allow only encryption. */ + } + + /* Make sure a primary key can certify. */ + if (!for_subkey) + keyuse |= PUBKEY_USAGE_CERT; + + /* But if requested remove th cert usage. */ + if (clear_cert) + keyuse &= ~PUBKEY_USAGE_CERT; + + /* Check that usage is actually possible. */ + if (/**/((keyuse & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)) + && !pubkey_get_nsig (algo)) + || ((keyuse & PUBKEY_USAGE_ENC) + && !pubkey_get_nenc (algo)) + || (for_subkey && (keyuse & PUBKEY_USAGE_CERT))) + { + xfree (keygrip); + return gpg_error (GPG_ERR_WRONG_KEY_USAGE); + } + + /* Return values. */ + if (r_algo) + *r_algo = algo; + if (r_size) + { + unsigned int min, def, max; + + /* Make sure the keysize is in the allowed range. */ + def = get_keysize_range (algo, &min, &max); + if (!size) + size = def; + else if (size < min) + size = min; + else if (size > max) + size = max; + + *r_size = fixup_keysize (size, algo, 1); + } + + if (r_keyuse) + *r_keyuse = keyuse; + if (r_curve) + *r_curve = curve; + + if (r_keygrip) + *r_keygrip = keygrip; + else + xfree (keygrip); + + return 0; +} + +/* Parse and return the standard key generation parameter. + * The string is expected to be in this format: + * + * ALGO[/FLAGS][+SUBALGO[/FLAGS]] + * + * Here ALGO is a string in the same format as printed by the + * keylisting. For example: + * + * rsa3072 := RSA with 3072 bit. + * dsa2048 := DSA with 2048 bit. + * elg2048 := Elgamal with 2048 bit. + * ed25519 := EDDSA using curve Ed25519. + * cv25519 := ECDH using curve Curve25519. + * nistp256:= ECDSA or ECDH using curve NIST P-256 + * + * All strings with an unknown prefix are considered an elliptic + * curve. Curves which have no implicit algorithm require that FLAGS + * is given to select whether ECDSA or ECDH is used; this can either + * be done using an algorithm keyword or usage keywords. + * + * FLAGS is a comma delimited string of keywords: + * + * cert := Allow usage Certify + * sign := Allow usage Sign + * encr := Allow usage Encrypt + * auth := Allow usage Authentication + * encrypt := Alias for "encr" + * ecdsa := Use algorithm ECDSA. + * eddsa := Use algorithm EdDSA. + * ecdh := Use algorithm ECDH. + * + * There are several defaults and fallbacks depending on the + * algorithm. PART can be used to select which part of STRING is + * used: + * -1 := Both parts + * 0 := Only the part of the primary key + * 1 := If there is one part parse that one, if there are + * two parts parse the part which best matches the + * SUGGESTED_USE or in case that can't be evaluated the second part. + * Always return using the args for the primary key (R_ALGO,....). + * + */ +gpg_error_t +parse_key_parameter_string (ctrl_t ctrl, + const char *string, int part, + unsigned int suggested_use, + int *r_algo, unsigned int *r_size, + unsigned int *r_keyuse, + char const **r_curve, + char **r_keygrip, + int *r_subalgo, unsigned int *r_subsize, + unsigned int *r_subkeyuse, + char const **r_subcurve, + char **r_subkeygrip) +{ + gpg_error_t err = 0; + char *primary, *secondary; + + if (r_algo) + *r_algo = 0; + if (r_size) + *r_size = 0; + if (r_keyuse) + *r_keyuse = 0; + if (r_curve) + *r_curve = NULL; + if (r_keygrip) + *r_keygrip = NULL; + if (r_subalgo) + *r_subalgo = 0; + if (r_subsize) + *r_subsize = 0; + if (r_subkeyuse) + *r_subkeyuse = 0; + if (r_subcurve) + *r_subcurve = NULL; + if (r_subkeygrip) + *r_subkeygrip = NULL; + + if (!string || !*string + || !ascii_strcasecmp (string, "default") || !strcmp (string, "-")) + string = get_default_pubkey_algo (); + else if (!ascii_strcasecmp (string, "future-default") + || !ascii_strcasecmp (string, "futuredefault")) + string = FUTURE_STD_KEY_PARAM; + else if (!ascii_strcasecmp (string, "card")) + string = "card/cert,sign+card/encr"; + + primary = xstrdup (string); + secondary = strchr (primary, '+'); + if (secondary) + *secondary++ = 0; + if (part == -1 || part == 0) + { + err = parse_key_parameter_part (ctrl, primary, + 0, 0, r_algo, r_size, + r_keyuse, r_curve, r_keygrip); + if (!err && part == -1) + err = parse_key_parameter_part (ctrl, secondary, + 1, 0, r_subalgo, r_subsize, + r_subkeyuse, r_subcurve, + r_subkeygrip); + } + else if (part == 1) + { + /* If we have SECONDARY, use that part. If there is only one + * part consider this to be the subkey algo. In case a + * SUGGESTED_USE has been given and the usage of the secondary + * part does not match SUGGESTED_USE try again using the primary + * part. Noet thar when falling back to the primary key we need + * to force clearing the cert usage. */ + if (secondary) + { + err = parse_key_parameter_part (ctrl, secondary, + 1, 0, + r_algo, r_size, r_keyuse, r_curve, + r_keygrip); + if (!err && suggested_use && r_keyuse && !(suggested_use & *r_keyuse)) + err = parse_key_parameter_part (ctrl, primary, + 1, 1 /*(clear cert)*/, + r_algo, r_size, r_keyuse, r_curve, + r_keygrip); + } + else + err = parse_key_parameter_part (ctrl, primary, + 1, 0, + r_algo, r_size, r_keyuse, r_curve, + r_keygrip); + } + + xfree (primary); + + return err; +} + + + +/* Append R to the linked list PARA. */ +static void +append_to_parameter (struct para_data_s *para, struct para_data_s *r) +{ + log_assert (para); + while (para->next) + para = para->next; + para->next = r; +} + +/* Release the parameter list R. */ +static void +release_parameter_list (struct para_data_s *r) +{ + struct para_data_s *r2; + + for (; r ; r = r2) + { + r2 = r->next; + if (r->key == pPASSPHRASE && *r->u.value) + wipememory (r->u.value, strlen (r->u.value)); + xfree (r); + } +} + +static struct para_data_s * +get_parameter( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r; + + for( r = para; r && r->key != key; r = r->next ) + ; + return r; +} + +static const char * +get_parameter_value( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + return (r && *r->u.value)? r->u.value : NULL; +} + + +/* This is similar to get_parameter_value but also returns the empty + string. This is required so that quick_generate_keypair can use an + empty Passphrase to specify no-protection. */ +static const char * +get_parameter_passphrase (struct para_data_s *para) +{ + struct para_data_s *r = get_parameter (para, pPASSPHRASE); + return r ? r->u.value : NULL; +} + + +static int +get_parameter_algo (ctrl_t ctrl, struct para_data_s *para, enum para_name key, + int *r_default) +{ + int i; + struct para_data_s *r = get_parameter( para, key ); + + if (r_default) + *r_default = 0; + + if (!r) + return -1; + + /* Note that we need to handle the ECC algorithms specified as + strings directly because Libgcrypt folds them all to ECC. */ + if (!ascii_strcasecmp (r->u.value, "default")) + { + /* Note: If you change this default algo, remember to change it + * also in gpg.c:gpgconf_list. */ + /* FIXME: We only allow the algo here and have a separate thing + * for the curve etc. That is a ugly but demanded for backward + * compatibility with the batch key generation. It would be + * better to make full use of parse_key_parameter_string. */ + parse_key_parameter_string (ctrl, NULL, 0, 0, + &i, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL); + if (r_default) + *r_default = 1; + } + else if (digitp (r->u.value)) + i = atoi( r->u.value ); + else if (!strcmp (r->u.value, "ELG-E") + || !strcmp (r->u.value, "ELG")) + i = PUBKEY_ALGO_ELGAMAL_E; + else if (!ascii_strcasecmp (r->u.value, "EdDSA")) + i = PUBKEY_ALGO_EDDSA; + else if (!ascii_strcasecmp (r->u.value, "ECDSA")) + i = PUBKEY_ALGO_ECDSA; + else if (!ascii_strcasecmp (r->u.value, "ECDH")) + i = PUBKEY_ALGO_ECDH; + else + i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value)); + + if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S) + i = 0; /* we don't want to allow generation of these algorithms */ + return i; +} + + +/* Parse a usage string. The usage keywords "auth", "sign", "encr" + * may be delimited by space, tab, or comma. On error -1 is returned + * instead of the usage flags. */ +static int +parse_usagestr (const char *usagestr) +{ + gpg_error_t err; + char **tokens = NULL; + const char *s; + int i; + unsigned int use = 0; + + tokens = strtokenize (usagestr, " \t,"); + if (!tokens) + { + err = gpg_error_from_syserror (); + log_error ("strtokenize failed: %s\n", gpg_strerror (err)); + return -1; + } + + for (i=0; (s = tokens[i]); i++) + { + if (!*s) + ; + else if (!ascii_strcasecmp (s, "sign")) + use |= PUBKEY_USAGE_SIG; + else if (!ascii_strcasecmp (s, "encrypt") + || !ascii_strcasecmp (s, "encr")) + use |= PUBKEY_USAGE_ENC; + else if (!ascii_strcasecmp (s, "auth")) + use |= PUBKEY_USAGE_AUTH; + else if (!ascii_strcasecmp (s, "cert")) + use |= PUBKEY_USAGE_CERT; + else + { + xfree (tokens); + return -1; /* error */ + } + } + + xfree (tokens); + return use; +} + + +/* + * Parse the usage parameter and set the keyflags. Returns -1 on + * error, 0 for no usage given or 1 for usage available. + */ +static int +parse_parameter_usage (const char *fname, + struct para_data_s *para, enum para_name key) +{ + struct para_data_s *r = get_parameter( para, key ); + int i; + + if (!r) + return 0; /* none (this is an optional parameter)*/ + + i = parse_usagestr (r->u.value); + if (i == -1) + { + log_error ("%s:%d: invalid usage list\n", fname, r->lnr ); + return -1; /* error */ + } + + r->u.usage = i; + return 1; +} + + +static int +parse_revocation_key (const char *fname, + struct para_data_s *para, enum para_name key) +{ + struct para_data_s *r = get_parameter( para, key ); + struct revocation_key revkey; + char *pn; + int i; + + if( !r ) + return 0; /* none (this is an optional parameter) */ + + pn = r->u.value; + + revkey.class=0x80; + revkey.algid=atoi(pn); + if(!revkey.algid) + goto fail; + + /* Skip to the fpr */ + while(*pn && *pn!=':') + pn++; + + if(*pn!=':') + goto fail; + + pn++; + + for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2) + { + int c=hextobyte(pn); + if(c==-1) + goto fail; + + revkey.fpr[i]=c; + } + + /* skip to the tag */ + while(*pn && *pn!='s' && *pn!='S') + pn++; + + if(ascii_strcasecmp(pn,"sensitive")==0) + revkey.class|=0x40; + + memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key)); + + return 0; + + fail: + log_error("%s:%d: invalid revocation key\n", fname, r->lnr ); + return -1; /* error */ +} + + +static u32 +get_parameter_u32( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + + if( !r ) + return 0; + if( r->key == pKEYCREATIONDATE ) + return r->u.creation; + if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE ) + return r->u.expire; + if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE ) + return r->u.usage; + + return (unsigned int)strtoul( r->u.value, NULL, 10 ); +} + +static unsigned int +get_parameter_uint( struct para_data_s *para, enum para_name key ) +{ + return get_parameter_u32( para, key ); +} + +static struct revocation_key * +get_parameter_revkey( struct para_data_s *para, enum para_name key ) +{ + struct para_data_s *r = get_parameter( para, key ); + return r? &r->u.revkey : NULL; +} + +static int +proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname, + struct output_control_s *outctrl, int card ) +{ + struct para_data_s *r; + const char *s1, *s2, *s3; + size_t n; + char *p; + int is_default = 0; + int have_user_id = 0; + int err, algo; + + /* Check that we have all required parameters. */ + r = get_parameter( para, pKEYTYPE ); + if(r) + { + algo = get_parameter_algo (ctrl, para, pKEYTYPE, &is_default); + if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG)) + { + log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); + return -1; + } + } + else + { + log_error ("%s: no Key-Type specified\n",fname); + return -1; + } + + err = parse_parameter_usage (fname, para, pKEYUSAGE); + if (!err) + { + /* Default to algo capabilities if key-usage is not provided and + no default algorithm has been requested. */ + r = xmalloc_clear(sizeof(*r)); + r->key = pKEYUSAGE; + r->u.usage = (is_default + ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG) + : openpgp_pk_algo_usage(algo)); + append_to_parameter (para, r); + } + else if (err == -1) + return -1; + else + { + r = get_parameter (para, pKEYUSAGE); + if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + { + log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n", + fname, r->lnr, algo); + return -1; + } + } + + is_default = 0; + r = get_parameter( para, pSUBKEYTYPE ); + if(r) + { + algo = get_parameter_algo (ctrl, para, pSUBKEYTYPE, &is_default); + if (openpgp_pk_test_algo (algo)) + { + log_error ("%s:%d: invalid algorithm\n", fname, r->lnr ); + return -1; + } + + err = parse_parameter_usage (fname, para, pSUBKEYUSAGE); + if (!err) + { + /* Default to algo capabilities if subkey-usage is not + provided */ + r = xmalloc_clear (sizeof(*r)); + r->key = pSUBKEYUSAGE; + r->u.usage = (is_default + ? PUBKEY_USAGE_ENC + : openpgp_pk_algo_usage (algo)); + append_to_parameter (para, r); + } + else if (err == -1) + return -1; + else + { + r = get_parameter (para, pSUBKEYUSAGE); + if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo))) + { + log_error ("%s:%d: specified Subkey-Usage not allowed" + " for algo %d\n", fname, r->lnr, algo); + return -1; + } + } + } + + + if( get_parameter_value( para, pUSERID ) ) + have_user_id=1; + else + { + /* create the formatted user ID */ + s1 = get_parameter_value( para, pNAMEREAL ); + s2 = get_parameter_value( para, pNAMECOMMENT ); + s3 = get_parameter_value( para, pNAMEEMAIL ); + if( s1 || s2 || s3 ) + { + n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0); + r = xmalloc_clear( sizeof *r + n + 20 ); + r->key = pUSERID; + p = r->u.value; + if( s1 ) + p = stpcpy(p, s1 ); + if( s2 ) + p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")"); + if( s3 ) + { + /* If we have only the email part, do not add the space + * and the angle brackets. */ + if (*r->u.value) + p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">"); + else + p = stpcpy (p, s3); + } + append_to_parameter (para, r); + have_user_id=1; + } + } + + if(!have_user_id) + { + log_error("%s: no User-ID specified\n",fname); + return -1; + } + + /* Set preferences, if any. */ + keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0); + + /* Set keyserver, if any. */ + s1=get_parameter_value( para, pKEYSERVER ); + if(s1) + { + struct keyserver_spec *spec; + + spec = parse_keyserver_uri (s1, 1); + if(spec) + { + free_keyserver_spec(spec); + opt.def_keyserver_url=s1; + } + else + { + r = get_parameter (para, pKEYSERVER); + log_error("%s:%d: invalid keyserver url\n", fname, r->lnr ); + return -1; + } + } + + /* Set revoker, if any. */ + if (parse_revocation_key (fname, para, pREVOKER)) + return -1; + + + /* Make KEYCREATIONDATE from Creation-Date. */ + r = get_parameter (para, pCREATIONDATE); + if (r && *r->u.value) + { + u32 seconds; + + seconds = parse_creation_string (r->u.value); + if (!seconds) + { + log_error ("%s:%d: invalid creation date\n", fname, r->lnr ); + return -1; + } + r->u.creation = seconds; + r->key = pKEYCREATIONDATE; /* Change that entry. */ + } + + /* Make KEYEXPIRE from Expire-Date. */ + r = get_parameter( para, pEXPIREDATE ); + if( r && *r->u.value ) + { + u32 seconds; + + seconds = parse_expire_string( r->u.value ); + if( seconds == (u32)-1 ) + { + log_error("%s:%d: invalid expire date\n", fname, r->lnr ); + return -1; + } + r->u.expire = seconds; + r->key = pKEYEXPIRE; /* change hat entry */ + /* also set it for the subkey */ + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYEXPIRE; + r->u.expire = seconds; + append_to_parameter (para, r); + } + + do_generate_keypair (ctrl, para, outctrl, card ); + return 0; +} + + +/**************** + * Kludge to allow non interactive key generation controlled + * by a parameter file. + * Note, that string parameters are expected to be in UTF-8 + */ +static void +read_parameter_file (ctrl_t ctrl, const char *fname ) +{ + static struct { const char *name; + enum para_name key; + } keywords[] = { + { "Key-Type", pKEYTYPE}, + { "Key-Length", pKEYLENGTH }, + { "Key-Curve", pKEYCURVE }, + { "Key-Usage", pKEYUSAGE }, + { "Subkey-Type", pSUBKEYTYPE }, + { "Subkey-Length", pSUBKEYLENGTH }, + { "Subkey-Curve", pSUBKEYCURVE }, + { "Subkey-Usage", pSUBKEYUSAGE }, + { "Name-Real", pNAMEREAL }, + { "Name-Email", pNAMEEMAIL }, + { "Name-Comment", pNAMECOMMENT }, + { "Expire-Date", pEXPIREDATE }, + { "Creation-Date", pCREATIONDATE }, + { "Passphrase", pPASSPHRASE }, + { "Preferences", pPREFERENCES }, + { "Revoker", pREVOKER }, + { "Handle", pHANDLE }, + { "Keyserver", pKEYSERVER }, + { "Keygrip", pKEYGRIP }, + { "Key-Grip", pKEYGRIP }, + { "Subkey-grip", pSUBKEYGRIP }, + { NULL, 0 } + }; + IOBUF fp; + byte *line; + unsigned int maxlen, nline; + char *p; + int lnr; + const char *err = NULL; + struct para_data_s *para, *r; + int i; + struct output_control_s outctrl; + + memset( &outctrl, 0, sizeof( outctrl ) ); + outctrl.pub.afx = new_armor_context (); + + if( !fname || !*fname) + fname = "-"; + + fp = iobuf_open (fname); + if (fp && is_secured_file (iobuf_get_fd (fp))) + { + iobuf_close (fp); + fp = NULL; + gpg_err_set_errno (EPERM); + } + if (!fp) { + log_error (_("can't open '%s': %s\n"), fname, strerror(errno) ); + return; + } + iobuf_ioctl (fp, IOBUF_IOCTL_NO_CACHE, 1, NULL); + + lnr = 0; + err = NULL; + para = NULL; + maxlen = 1024; + line = NULL; + nline = 0; + while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) { + char *keyword, *value; + + lnr++; + if( !maxlen ) { + err = "line too long"; + break; + } + for( p = line; isspace(*(byte*)p); p++ ) + ; + if( !*p || *p == '#' ) + continue; + keyword = p; + if( *keyword == '%' ) { + for( ; !isspace(*(byte*)p); p++ ) + ; + if( *p ) + *p++ = 0; + for( ; isspace(*(byte*)p); p++ ) + ; + value = p; + trim_trailing_ws( value, strlen(value) ); + if( !ascii_strcasecmp( keyword, "%echo" ) ) + log_info("%s\n", value ); + else if( !ascii_strcasecmp( keyword, "%dry-run" ) ) + outctrl.dryrun = 1; + else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) ) + ; /* Dummy for backward compatibility. */ + else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) ) + ; /* Dummy for backward compatibility. */ + else if( !ascii_strcasecmp( keyword, "%no-protection" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION; + else if( !ascii_strcasecmp( keyword, "%transient-key" ) ) + outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY; + else if( !ascii_strcasecmp( keyword, "%commit" ) ) { + outctrl.lnr = lnr; + if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 )) + print_status_key_not_created + (get_parameter_value (para, pHANDLE)); + release_parameter_list( para ); + para = NULL; + } + else if( !ascii_strcasecmp( keyword, "%pubring" ) ) { + if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) ) + ; /* still the same file - ignore it */ + else { + xfree( outctrl.pub.newfname ); + outctrl.pub.newfname = xstrdup( value ); + outctrl.use_files = 1; + } + } + else if( !ascii_strcasecmp( keyword, "%secring" ) ) { + /* Ignore this command. */ + } + else + log_info("skipping control '%s' (%s)\n", keyword, value ); + + + continue; + } + + + if( !(p = strchr( p, ':' )) || p == keyword ) { + err = "missing colon"; + break; + } + if( *p ) + *p++ = 0; + for( ; isspace(*(byte*)p); p++ ) + ; + if( !*p ) { + err = "missing argument"; + break; + } + value = p; + trim_trailing_ws( value, strlen(value) ); + + for(i=0; keywords[i].name; i++ ) { + if( !ascii_strcasecmp( keywords[i].name, keyword ) ) + break; + } + if( !keywords[i].name ) { + err = "unknown keyword"; + break; + } + if( keywords[i].key != pKEYTYPE && !para ) { + err = "parameter block does not start with \"Key-Type\""; + break; + } + + if( keywords[i].key == pKEYTYPE && para ) { + outctrl.lnr = lnr; + if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 )) + print_status_key_not_created + (get_parameter_value (para, pHANDLE)); + release_parameter_list( para ); + para = NULL; + } + else { + for( r = para; r; r = r->next ) { + if( r->key == keywords[i].key ) + break; + } + if( r ) { + err = "duplicate keyword"; + break; + } + } + r = xmalloc_clear( sizeof *r + strlen( value ) ); + r->lnr = lnr; + r->key = keywords[i].key; + strcpy( r->u.value, value ); + r->next = para; + para = r; + } + if( err ) + log_error("%s:%d: %s\n", fname, lnr, err ); + else if( iobuf_error (fp) ) { + log_error("%s:%d: read error\n", fname, lnr); + } + else if( para ) { + outctrl.lnr = lnr; + if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 )) + print_status_key_not_created (get_parameter_value (para, pHANDLE)); + } + + if( outctrl.use_files ) { /* close open streams */ + iobuf_close( outctrl.pub.stream ); + + /* Must invalidate that ugly cache to actually close it. */ + if (outctrl.pub.fname) + iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, + 0, (char*)outctrl.pub.fname); + + xfree( outctrl.pub.fname ); + xfree( outctrl.pub.newfname ); + } + + xfree (line); + release_parameter_list( para ); + iobuf_close (fp); + release_armor_context (outctrl.pub.afx); +} + + +/* Helper for quick_generate_keypair. */ +static struct para_data_s * +quickgen_set_para (struct para_data_s *para, int for_subkey, + int algo, int nbits, const char *curve, unsigned int use, + const char *keygrip) +{ + struct para_data_s *r; + + r = xmalloc_clear (sizeof *r + 30); + r->key = for_subkey? pSUBKEYUSAGE : pKEYUSAGE; + if (use) + snprintf (r->u.value, 30, "%s%s%s%s", + (use & PUBKEY_USAGE_ENC)? "encr " : "", + (use & PUBKEY_USAGE_SIG)? "sign " : "", + (use & PUBKEY_USAGE_AUTH)? "auth " : "", + (use & PUBKEY_USAGE_CERT)? "cert " : ""); + else + strcpy (r->u.value, for_subkey ? "encr" : "sign"); + r->next = para; + para = r; + r = xmalloc_clear (sizeof *r + 20); + r->key = for_subkey? pSUBKEYTYPE : pKEYTYPE; + snprintf (r->u.value, 20, "%d", algo); + r->next = para; + para = r; + + if (keygrip) + { + r = xmalloc_clear (sizeof *r + strlen (keygrip)); + r->key = for_subkey? pSUBKEYGRIP : pKEYGRIP; + strcpy (r->u.value, keygrip); + r->next = para; + para = r; + } + else if (curve) + { + r = xmalloc_clear (sizeof *r + strlen (curve)); + r->key = for_subkey? pSUBKEYCURVE : pKEYCURVE; + strcpy (r->u.value, curve); + r->next = para; + para = r; + } + else + { + r = xmalloc_clear (sizeof *r + 20); + r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH; + sprintf (r->u.value, "%u", nbits); + r->next = para; + para = r; + } + + return para; +} + + +/* + * Unattended generation of a standard key. + */ +void +quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr, + const char *usagestr, const char *expirestr) +{ + gpg_error_t err; + struct para_data_s *para = NULL; + struct para_data_s *r; + struct output_control_s outctrl; + int use_tty; + + memset (&outctrl, 0, sizeof outctrl); + + use_tty = (!opt.batch && !opt.answer_yes + && !*algostr && !*usagestr && !*expirestr + && !cpr_enabled () + && gnupg_isatty (fileno (stdin)) + && gnupg_isatty (fileno (stdout)) + && gnupg_isatty (fileno (stderr))); + + r = xmalloc_clear (sizeof *r + strlen (uid)); + r->key = pUSERID; + strcpy (r->u.value, uid); + r->next = para; + para = r; + + uid = trim_spaces (r->u.value); + if (!*uid || (!opt.allow_freeform_uid && !is_valid_user_id (uid))) + { + log_error (_("Key generation failed: %s\n"), + gpg_strerror (GPG_ERR_INV_USER_ID)); + goto leave; + } + + /* If gpg is directly used on the console ask whether a key with the + given user id shall really be created. */ + if (use_tty) + { + tty_printf (_("About to create a key for:\n \"%s\"\n\n"), uid); + if (!cpr_get_answer_is_yes_def ("quick_keygen.okay", + _("Continue? (Y/n) "), 1)) + goto leave; + } + + /* Check whether such a user ID already exists. */ + { + KEYDB_HANDLE kdbhd; + KEYDB_SEARCH_DESC desc; + + memset (&desc, 0, sizeof desc); + desc.mode = KEYDB_SEARCH_MODE_EXACT; + desc.u.name = uid; + + kdbhd = keydb_new (); + if (!kdbhd) + goto leave; + + err = keydb_search (kdbhd, &desc, 1, NULL); + keydb_release (kdbhd); + if (gpg_err_code (err) != GPG_ERR_NOT_FOUND) + { + log_info (_("A key for \"%s\" already exists\n"), uid); + if (opt.answer_yes) + ; + else if (!use_tty + || !cpr_get_answer_is_yes_def ("quick_keygen.force", + _("Create anyway? (y/N) "), 0)) + { + write_status_error ("genkey", gpg_error (304)); + log_inc_errorcount (); /* we used log_info */ + goto leave; + } + log_info (_("creating anyway\n")); + } + } + + if (!*expirestr || strcmp (expirestr, "-") == 0) + expirestr = default_expiration_interval; + + if ((!*algostr || !ascii_strcasecmp (algostr, "default") + || !ascii_strcasecmp (algostr, "future-default") + || !ascii_strcasecmp (algostr, "futuredefault") + || !ascii_strcasecmp (algostr, "card")) + && (!*usagestr || !ascii_strcasecmp (usagestr, "default") + || !strcmp (usagestr, "-"))) + { + /* Use default key parameters. */ + int algo, subalgo; + unsigned int size, subsize; + unsigned int keyuse, subkeyuse; + const char *curve, *subcurve; + char *keygrip, *subkeygrip; + + err = parse_key_parameter_string (ctrl, algostr, -1, 0, + &algo, &size, &keyuse, &curve, + &keygrip, + &subalgo, &subsize, &subkeyuse, + &subcurve, &subkeygrip); + if (err) + { + log_error (_("Key generation failed: %s\n"), gpg_strerror (err)); + goto leave; + } + + para = quickgen_set_para (para, 0, algo, size, curve, keyuse, + keygrip); + if (subalgo) + para = quickgen_set_para (para, 1, + subalgo, subsize, subcurve, subkeyuse, + subkeygrip); + if (*expirestr) + { + u32 expire; + + expire = parse_expire_string (expirestr); + if (expire == (u32)-1 ) + { + err = gpg_error (GPG_ERR_INV_VALUE); + log_error (_("Key generation failed: %s\n"), gpg_strerror (err)); + goto leave; + } + r = xmalloc_clear (sizeof *r + 20); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + } + + xfree (keygrip); + xfree (subkeygrip); + } + else + { + /* Extended unattended mode. Creates only the primary key. */ + int algo; + unsigned int use; + u32 expire; + unsigned int nbits; + const char *curve; + char *keygrip; + + err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr, + &algo, &use, &expire, &nbits, &curve, + &keygrip); + if (err) + { + log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); + goto leave; + } + + para = quickgen_set_para (para, 0, algo, nbits, curve, use, + keygrip); + r = xmalloc_clear (sizeof *r + 20); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + + xfree (keygrip); + } + + /* If the pinentry loopback mode is not and we have a static + passphrase (i.e. set with --passphrase{,-fd,-file} while in batch + mode), we use that passphrase for the new key. */ + if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + { + const char *s = get_static_passphrase (); + + r = xmalloc_clear (sizeof *r + strlen (s)); + r->key = pPASSPHRASE; + strcpy (r->u.value, s); + r->next = para; + para = r; + } + + proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0); + + leave: + release_parameter_list (para); +} + + +/* + * Generate a keypair (fname is only used in batch mode) If + * CARD_SERIALNO is not NULL the function will create the keys on an + * OpenPGP Card. If CARD_BACKUP_KEY has been set and CARD_SERIALNO is + * NOT NULL, the encryption key for the card is generated on the host, + * imported to the card and a backup file created by gpg-agent. If + * FULL is not set only the basic prompts are used (except for batch + * mode). + */ +void +generate_keypair (ctrl_t ctrl, int full, const char *fname, + const char *card_serialno, int card_backup_key) +{ + gpg_error_t err; + unsigned int nbits; + char *uid = NULL; + int algo; + unsigned int use; + int both = 0; + u32 expire; + struct para_data_s *para = NULL; + struct para_data_s *r; + struct output_control_s outctrl; + +#ifndef ENABLE_CARD_SUPPORT + (void)card_backup_key; +#endif + + memset( &outctrl, 0, sizeof( outctrl ) ); + + if (opt.batch && card_serialno) + { + /* We don't yet support unattended key generation with a card + * serial number. */ + log_error (_("can't do this in batch mode\n")); + print_further_info ("key generation with card serial number"); + return; + } + + if (opt.batch) + { + read_parameter_file (ctrl, fname); + return; + } + + if (card_serialno) + { +#ifdef ENABLE_CARD_SUPPORT + struct agent_card_info_s info; + + memset (&info, 0, sizeof (info)); + err = agent_scd_getattr ("KEY-ATTR", &info); + if (err) + { + log_error (_("error getting current key info: %s\n"), + gpg_strerror (err)); + return; + } + + r = xcalloc (1, sizeof *r + strlen (card_serialno) ); + r->key = pSERIALNO; + strcpy( r->u.value, card_serialno); + r->next = para; + para = r; + + r = xcalloc (1, sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", info.key_attr[0].algo ); + r->next = para; + para = r; + r = xcalloc (1, sizeof *r + 20 ); + r->key = pKEYUSAGE; + strcpy (r->u.value, "sign"); + r->next = para; + para = r; + + r = xcalloc (1, sizeof *r + 20 ); + r->key = pSUBKEYTYPE; + sprintf( r->u.value, "%d", info.key_attr[1].algo ); + r->next = para; + para = r; + r = xcalloc (1, sizeof *r + 20 ); + r->key = pSUBKEYUSAGE; + strcpy (r->u.value, "encrypt"); + r->next = para; + para = r; + if (info.key_attr[1].algo == PUBKEY_ALGO_RSA) + { + r = xcalloc (1, sizeof *r + 20 ); + r->key = pSUBKEYLENGTH; + sprintf( r->u.value, "%u", info.key_attr[1].nbits); + r->next = para; + para = r; + } + else if (info.key_attr[1].algo == PUBKEY_ALGO_ECDSA + || info.key_attr[1].algo == PUBKEY_ALGO_EDDSA + || info.key_attr[1].algo == PUBKEY_ALGO_ECDH) + { + r = xcalloc (1, sizeof *r + strlen (info.key_attr[1].curve)); + r->key = pSUBKEYCURVE; + strcpy (r->u.value, info.key_attr[1].curve); + r->next = para; + para = r; + } + + r = xcalloc (1, sizeof *r + 20 ); + r->key = pAUTHKEYTYPE; + sprintf( r->u.value, "%d", info.key_attr[2].algo ); + r->next = para; + para = r; + + if (card_backup_key) + { + r = xcalloc (1, sizeof *r + 1); + r->key = pCARDBACKUPKEY; + strcpy (r->u.value, "1"); + r->next = para; + para = r; + } +#endif /*ENABLE_CARD_SUPPORT*/ + } + else if (full) /* Full featured key generation. */ + { + int subkey_algo; + char *key_from_hexgrip = NULL; + + algo = ask_algo (ctrl, 0, &subkey_algo, &use, &key_from_hexgrip); + if (key_from_hexgrip) + { + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", algo); + r->next = para; + para = r; + + if (use) + { + r = xmalloc_clear( sizeof *r + 25 ); + r->key = pKEYUSAGE; + sprintf( r->u.value, "%s%s%s", + (use & PUBKEY_USAGE_SIG)? "sign ":"", + (use & PUBKEY_USAGE_ENC)? "encrypt ":"", + (use & PUBKEY_USAGE_AUTH)? "auth":"" ); + r->next = para; + para = r; + } + + r = xmalloc_clear( sizeof *r + 40 ); + r->key = pKEYGRIP; + strcpy (r->u.value, key_from_hexgrip); + r->next = para; + para = r; + + xfree (key_from_hexgrip); + } + else + { + const char *curve = NULL; + + if (subkey_algo) + { + /* Create primary and subkey at once. */ + both = 1; + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + { + curve = ask_curve (&algo, &subkey_algo, NULL); + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", algo); + r->next = para; + para = r; + nbits = 0; + r = xmalloc_clear (sizeof *r + strlen (curve)); + r->key = pKEYCURVE; + strcpy (r->u.value, curve); + r->next = para; + para = r; + } + else + { + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", algo); + r->next = para; + para = r; + nbits = ask_keysize (algo, 0); + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYLENGTH; + sprintf( r->u.value, "%u", nbits); + r->next = para; + para = r; + } + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYUSAGE; + strcpy( r->u.value, "sign" ); + r->next = para; + para = r; + + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYTYPE; + sprintf( r->u.value, "%d", subkey_algo); + r->next = para; + para = r; + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pSUBKEYUSAGE; + strcpy( r->u.value, "encrypt" ); + r->next = para; + para = r; + + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + { + if (algo == PUBKEY_ALGO_EDDSA + && subkey_algo == PUBKEY_ALGO_ECDH) + { + /* Need to switch to a different curve for the + encryption key. */ + curve = "Curve25519"; + } + r = xmalloc_clear (sizeof *r + strlen (curve)); + r->key = pSUBKEYCURVE; + strcpy (r->u.value, curve); + r->next = para; + para = r; + } + } + else /* Create only a single key. */ + { + /* For ECC we need to ask for the curve before storing the + algo because ask_curve may change the algo. */ + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + { + curve = ask_curve (&algo, NULL, NULL); + r = xmalloc_clear (sizeof *r + strlen (curve)); + r->key = pKEYCURVE; + strcpy (r->u.value, curve); + r->next = para; + para = r; + } + + r = xmalloc_clear( sizeof *r + 20 ); + r->key = pKEYTYPE; + sprintf( r->u.value, "%d", algo ); + r->next = para; + para = r; + + if (use) + { + r = xmalloc_clear( sizeof *r + 25 ); + r->key = pKEYUSAGE; + sprintf( r->u.value, "%s%s%s", + (use & PUBKEY_USAGE_SIG)? "sign ":"", + (use & PUBKEY_USAGE_ENC)? "encrypt ":"", + (use & PUBKEY_USAGE_AUTH)? "auth":"" ); + r->next = para; + para = r; + } + nbits = 0; + } + + if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + { + /* The curve has already been set. */ + } + else + { + nbits = ask_keysize (both? subkey_algo : algo, nbits); + r = xmalloc_clear( sizeof *r + 20 ); + r->key = both? pSUBKEYLENGTH : pKEYLENGTH; + sprintf( r->u.value, "%u", nbits); + r->next = para; + para = r; + } + } + } + else /* Default key generation. */ + { + int subalgo; + unsigned int size, subsize; + unsigned int keyuse, subkeyuse; + const char *curve, *subcurve; + char *keygrip, *subkeygrip; + + tty_printf ( _("Note: Use \"%s %s\"" + " for a full featured key generation dialog.\n"), +#if USE_GPG2_HACK + GPG_NAME "2" +#else + GPG_NAME +#endif + , "--full-generate-key" ); + + err = parse_key_parameter_string (ctrl, NULL, -1, 0, + &algo, &size, &keyuse, &curve, + &keygrip, + &subalgo, &subsize, + &subkeyuse, &subcurve, + &subkeygrip); + if (err) + { + log_error (_("Key generation failed: %s\n"), gpg_strerror (err)); + return; + } + para = quickgen_set_para (para, 0, + algo, size, curve, keyuse, + keygrip); + if (subalgo) + para = quickgen_set_para (para, 1, + subalgo, subsize, subcurve, subkeyuse, + subkeygrip); + + xfree (keygrip); + xfree (subkeygrip); + } + + + expire = full? ask_expire_interval (0, NULL) + : parse_expire_string (default_expiration_interval); + r = xcalloc (1, sizeof *r + 20); + r->key = pKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + r = xcalloc (1, sizeof *r + 20); + r->key = pSUBKEYEXPIRE; + r->u.expire = expire; + r->next = para; + para = r; + + uid = ask_user_id (0, full, NULL); + if (!uid) + { + log_error(_("Key generation canceled.\n")); + release_parameter_list( para ); + return; + } + r = xcalloc (1, sizeof *r + strlen (uid)); + r->key = pUSERID; + strcpy (r->u.value, uid); + r->next = para; + para = r; + + proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno); + release_parameter_list (para); +} + + +/* Create and delete a dummy packet to start off a list of kbnodes. */ +static void +start_tree(KBNODE *tree) +{ + PACKET *pkt; + + pkt=xmalloc_clear(sizeof(*pkt)); + pkt->pkttype=PKT_NONE; + *tree=new_kbnode(pkt); + delete_kbnode(*tree); +} + + +/* Write the *protected* secret key to the file. */ +static gpg_error_t +card_write_key_to_backup_file (PKT_public_key *sk, const char *backup_dir) +{ + gpg_error_t err = 0; + int rc; + char keyid_buffer[2 * 8 + 1]; + char name_buffer[50]; + char *fname; + IOBUF fp; + mode_t oldmask; + PACKET *pkt = NULL; + + format_keyid (pk_keyid (sk), KF_LONG, keyid_buffer, sizeof (keyid_buffer)); + snprintf (name_buffer, sizeof name_buffer, "sk_%s.gpg", keyid_buffer); + + fname = make_filename (backup_dir, name_buffer, NULL); + /* Note that the umask call is not anymore needed because + iobuf_create now takes care of it. However, it does not harm + and thus we keep it. */ + oldmask = umask (077); + if (is_secured_filename (fname)) + { + fp = NULL; + gpg_err_set_errno (EPERM); + } + else + fp = iobuf_create (fname, 1); + umask (oldmask); + if (!fp) + { + err = gpg_error_from_syserror (); + log_error (_("can't create backup file '%s': %s\n"), fname, strerror (errno) ); + goto leave; + } + + pkt = xcalloc (1, sizeof *pkt); + pkt->pkttype = PKT_SECRET_KEY; + pkt->pkt.secret_key = sk; + + rc = build_packet (fp, pkt); + if (rc) + { + log_error ("build packet failed: %s\n", gpg_strerror (rc)); + iobuf_cancel (fp); + } + else + { + char *fprbuf; + + iobuf_close (fp); + iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname); + log_info (_("Note: backup of card key saved to '%s'\n"), fname); + + fprbuf = hexfingerprint (sk, NULL, 0); + if (!fprbuf) + { + err = gpg_error_from_syserror (); + goto leave; + } + write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED, fprbuf, + fname, strlen (fname), 0); + xfree (fprbuf); + } + + leave: + xfree (pkt); + xfree (fname); + return err; +} + + +/* Store key to card and make a backup file in OpenPGP format. */ +static gpg_error_t +card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk, + const char *backup_dir) +{ + PKT_public_key *sk; + gnupg_isotime_t timestamp; + gpg_error_t err; + char *hexgrip; + int rc; + struct agent_card_info_s info; + gcry_cipher_hd_t cipherhd = NULL; + char *cache_nonce = NULL; + void *kek = NULL; + size_t keklen; + + sk = copy_public_key (NULL, sub_psk); + if (!sk) + return gpg_error_from_syserror (); + + epoch2isotime (timestamp, (time_t)sk->timestamp); + err = hexkeygrip_from_pk (sk, &hexgrip); + if (err) + return err; + + memset(&info, 0, sizeof (info)); + rc = agent_scd_getattr ("SERIALNO", &info); + if (rc) + return (gpg_error_t)rc; + + rc = agent_keytocard (hexgrip, 2, 1, info.serialno, timestamp); + xfree (info.serialno); + if (rc) + { + err = (gpg_error_t)rc; + goto leave; + } + + err = agent_keywrap_key (ctrl, 1, &kek, &keklen); + if (err) + { + log_error ("error getting the KEK: %s\n", gpg_strerror (err)); + goto leave; + } + + err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128, + GCRY_CIPHER_MODE_AESWRAP, 0); + if (!err) + err = gcry_cipher_setkey (cipherhd, kek, keklen); + if (err) + { + log_error ("error setting up an encryption context: %s\n", + gpg_strerror (err)); + goto leave; + } + + err = receive_seckey_from_agent (ctrl, cipherhd, 0, + &cache_nonce, hexgrip, sk); + if (err) + { + log_error ("error getting secret key from agent: %s\n", + gpg_strerror (err)); + goto leave; + } + + err = card_write_key_to_backup_file (sk, backup_dir); + if (err) + log_error ("writing card key to backup file: %s\n", gpg_strerror (err)); + else + /* Remove secret key data in agent side. */ + agent_scd_learn (NULL, 1); + + leave: + xfree (cache_nonce); + gcry_cipher_close (cipherhd); + xfree (kek); + xfree (hexgrip); + free_public_key (sk); + return err; +} + + +static void +do_generate_keypair (ctrl_t ctrl, struct para_data_s *para, + struct output_control_s *outctrl, int card) +{ + gpg_error_t err; + KBNODE pub_root = NULL; + const char *s; + PKT_public_key *pri_psk = NULL; + PKT_public_key *sub_psk = NULL; + struct revocation_key *revkey; + int did_sub = 0; + u32 timestamp; + char *cache_nonce = NULL; + int algo; + u32 expire; + const char *key_from_hexgrip = NULL; + + if (outctrl->dryrun) + { + log_info("dry-run mode - key generation skipped\n"); + return; + } + + if ( outctrl->use_files ) + { + if ( outctrl->pub.newfname ) + { + iobuf_close(outctrl->pub.stream); + outctrl->pub.stream = NULL; + if (outctrl->pub.fname) + iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, + 0, (char*)outctrl->pub.fname); + xfree( outctrl->pub.fname ); + outctrl->pub.fname = outctrl->pub.newfname; + outctrl->pub.newfname = NULL; + + if (is_secured_filename (outctrl->pub.fname) ) + { + outctrl->pub.stream = NULL; + gpg_err_set_errno (EPERM); + } + else + outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0); + if (!outctrl->pub.stream) + { + log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname, + strerror(errno) ); + return; + } + if (opt.armor) + { + outctrl->pub.afx->what = 1; + push_armor_filter (outctrl->pub.afx, outctrl->pub.stream); + } + } + log_assert( outctrl->pub.stream ); + if (opt.verbose) + log_info (_("writing public key to '%s'\n"), outctrl->pub.fname ); + } + + + /* We create the packets as a tree of kbnodes. Because the + structure we create is known in advance we simply generate a + linked list. The first packet is a dummy packet which we flag as + deleted. The very first packet must always be a KEY packet. */ + + start_tree (&pub_root); + + timestamp = get_parameter_u32 (para, pKEYCREATIONDATE); + if (!timestamp) + timestamp = make_timestamp (); + + /* Note that, depending on the backend (i.e. the used scdaemon + version), the card key generation may update TIMESTAMP for each + key. Thus we need to pass TIMESTAMP to all signing function to + make sure that the binding signature is done using the timestamp + of the corresponding (sub)key and not that of the primary key. + An alternative implementation could tell the signing function the + node of the subkey but that is more work than just to pass the + current timestamp. */ + + algo = get_parameter_algo (ctrl, para, pKEYTYPE, NULL ); + expire = get_parameter_u32( para, pKEYEXPIRE ); + key_from_hexgrip = get_parameter_value (para, pKEYGRIP); + if (key_from_hexgrip) + err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, + pub_root, timestamp, expire, 0); + else if (!card) + err = do_create (algo, + get_parameter_uint( para, pKEYLENGTH ), + get_parameter_value (para, pKEYCURVE), + pub_root, + timestamp, + expire, 0, + outctrl->keygen_flags, + get_parameter_passphrase (para), + &cache_nonce, NULL); + else + err = gen_card_key (1, algo, + 1, pub_root, ×tamp, + expire); + + /* Get the pointer to the generated public key packet. */ + if (!err) + { + pri_psk = pub_root->next->pkt->pkt.public_key; + log_assert (pri_psk); + + /* Make sure a few fields are correctly set up before going + further. */ + pri_psk->flags.primary = 1; + keyid_from_pk (pri_psk, NULL); + /* We don't use pk_keyid to get keyid, because it also asserts + that main_keyid is set! */ + keyid_copy (pri_psk->main_keyid, pri_psk->keyid); + } + + if (!err && (revkey = get_parameter_revkey (para, pREVOKER))) + err = write_direct_sig (ctrl, pub_root, pri_psk, + revkey, timestamp, cache_nonce); + + if (!err && (s = get_parameter_value (para, pUSERID))) + { + err = write_uid (pub_root, s ); + if (!err) + err = write_selfsigs (ctrl, pub_root, pri_psk, + get_parameter_uint (para, pKEYUSAGE), timestamp, + cache_nonce); + } + + /* Write the auth key to the card before the encryption key. This + is a partial workaround for a PGP bug (as of this writing, all + versions including 8.1), that causes it to try and encrypt to + the most recent subkey regardless of whether that subkey is + actually an encryption type. In this case, the auth key is an + RSA key so it succeeds. */ + + if (!err && card && get_parameter (para, pAUTHKEYTYPE)) + { + err = gen_card_key (3, get_parameter_algo (ctrl, para, + pAUTHKEYTYPE, NULL ), + 0, pub_root, ×tamp, expire); + if (!err) + err = write_keybinding (ctrl, pub_root, pri_psk, NULL, + PUBKEY_USAGE_AUTH, timestamp, cache_nonce); + } + + if (!err && get_parameter (para, pSUBKEYTYPE)) + { + int subkey_algo = get_parameter_algo (ctrl, para, pSUBKEYTYPE, NULL); + + s = NULL; + key_from_hexgrip = get_parameter_value (para, pSUBKEYGRIP); + if (key_from_hexgrip) + err = do_create_from_keygrip (ctrl, subkey_algo, key_from_hexgrip, + pub_root, timestamp, + get_parameter_u32 (para, pSUBKEYEXPIRE), + 1); + else if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY))) + { + err = do_create (subkey_algo, + get_parameter_uint (para, pSUBKEYLENGTH), + get_parameter_value (para, pSUBKEYCURVE), + pub_root, + timestamp, + get_parameter_u32 (para, pSUBKEYEXPIRE), 1, + s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags, + get_parameter_passphrase (para), + &cache_nonce, NULL); + /* Get the pointer to the generated public subkey packet. */ + if (!err) + { + kbnode_t node; + + for (node = pub_root; node; node = node->next) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + sub_psk = node->pkt->pkt.public_key; + log_assert (sub_psk); + + if (s) + err = card_store_key_with_backup (ctrl, + sub_psk, gnupg_homedir ()); + } + } + else + { + err = gen_card_key (2, subkey_algo, 0, pub_root, ×tamp, expire); + } + + if (!err) + err = write_keybinding (ctrl, pub_root, pri_psk, sub_psk, + get_parameter_uint (para, pSUBKEYUSAGE), + timestamp, cache_nonce); + did_sub = 1; + } + + if (!err && outctrl->use_files) /* Direct write to specified files. */ + { + err = write_keyblock (outctrl->pub.stream, pub_root); + if (err) + log_error ("can't write public key: %s\n", gpg_strerror (err)); + } + else if (!err) /* Write to the standard keyrings. */ + { + KEYDB_HANDLE pub_hd; + + pub_hd = keydb_new (); + if (!pub_hd) + err = gpg_error_from_syserror (); + else + { + err = keydb_locate_writable (pub_hd); + if (err) + log_error (_("no writable public keyring found: %s\n"), + gpg_strerror (err)); + } + + if (!err && opt.verbose) + { + log_info (_("writing public key to '%s'\n"), + keydb_get_resource_name (pub_hd)); + } + + if (!err) + { + err = keydb_insert_keyblock (pub_hd, pub_root); + if (err) + log_error (_("error writing public keyring '%s': %s\n"), + keydb_get_resource_name (pub_hd), gpg_strerror (err)); + } + + keydb_release (pub_hd); + + if (!err) + { + int no_enc_rsa; + PKT_public_key *pk; + + no_enc_rsa = ((get_parameter_algo (ctrl, para, pKEYTYPE, NULL) + == PUBKEY_ALGO_RSA) + && get_parameter_uint (para, pKEYUSAGE) + && !((get_parameter_uint (para, pKEYUSAGE) + & PUBKEY_USAGE_ENC)) ); + + pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key; + + update_ownertrust (ctrl, pk, + ((get_ownertrust (ctrl, pk) & ~TRUST_MASK) + | TRUST_ULTIMATE )); + + gen_standard_revoke (ctrl, pk, cache_nonce); + + /* Get rid of the first empty packet. */ + commit_kbnode (&pub_root); + + if (!opt.batch) + { + tty_printf (_("public and secret key created and signed.\n") ); + tty_printf ("\n"); + merge_keys_and_selfsig (ctrl, pub_root); + + list_keyblock_direct (ctrl, pub_root, 0, 1, + opt.fingerprint || opt.with_fingerprint, + 1); + } + + + if (!opt.batch + && (get_parameter_algo (ctrl, para, + pKEYTYPE, NULL) == PUBKEY_ALGO_DSA + || no_enc_rsa ) + && !get_parameter (para, pSUBKEYTYPE) ) + { + tty_printf(_("Note that this key cannot be used for " + "encryption. You may want to use\n" + "the command \"--edit-key\" to generate a " + "subkey for this purpose.\n") ); + } + } + } + + if (err) + { + if (opt.batch) + log_error ("key generation failed: %s\n", gpg_strerror (err) ); + else + tty_printf (_("Key generation failed: %s\n"), gpg_strerror (err) ); + write_status_error (card? "card_key_generate":"key_generate", err); + print_status_key_not_created ( get_parameter_value (para, pHANDLE) ); + } + else + { + PKT_public_key *pk = find_kbnode (pub_root, + PKT_PUBLIC_KEY)->pkt->pkt.public_key; + print_status_key_created (did_sub? 'B':'P', pk, + get_parameter_value (para, pHANDLE)); + } + + release_kbnode (pub_root); + xfree (cache_nonce); +} + + +static gpg_error_t +parse_algo_usage_expire (ctrl_t ctrl, int for_subkey, + const char *algostr, const char *usagestr, + const char *expirestr, + int *r_algo, unsigned int *r_usage, u32 *r_expire, + unsigned int *r_nbits, const char **r_curve, + char **r_keygrip) +{ + gpg_error_t err; + int algo; + unsigned int use, nbits; + u32 expire; + int wantuse; + const char *curve = NULL; + + *r_curve = NULL; + if (r_keygrip) + *r_keygrip = NULL; + + nbits = 0; + + /* Parse the algo string. */ + if (algostr && *algostr == '&' && strlen (algostr) == 41) + { + /* Take algo from existing key. */ + algo = check_keygrip (ctrl, algostr+1); + /* FIXME: We need the curve name as well. */ + return gpg_error (GPG_ERR_NOT_IMPLEMENTED); + } + + err = parse_key_parameter_string (ctrl, algostr, for_subkey? 1 : 0, + usagestr? parse_usagestr (usagestr):0, + &algo, &nbits, &use, &curve, + r_keygrip, + NULL, NULL, NULL, NULL, NULL); + if (err) + { + if (r_keygrip) + { + xfree (*r_keygrip); + *r_keygrip = NULL; + } + return err; + } + + /* Parse the usage string. */ + if (!usagestr || !*usagestr + || !ascii_strcasecmp (usagestr, "default") || !strcmp (usagestr, "-")) + ; /* Keep usage from parse_key_parameter_string. */ + else if ((wantuse = parse_usagestr (usagestr)) != -1) + use = wantuse; + else + { + if (r_keygrip) + { + xfree (*r_keygrip); + *r_keygrip = NULL; + } + return gpg_error (GPG_ERR_INV_VALUE); + } + + /* Make sure a primary key has the CERT usage. */ + if (!for_subkey) + use |= PUBKEY_USAGE_CERT; + + /* Check that usage is possible. NB: We have the same check in + * parse_key_parameter_string but need it here again in case the + * separate usage value has been given. */ + if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT)) + && !pubkey_get_nsig (algo)) + || ((use & PUBKEY_USAGE_ENC) + && !pubkey_get_nenc (algo)) + || (for_subkey && (use & PUBKEY_USAGE_CERT))) + { + if (r_keygrip) + { + xfree (*r_keygrip); + *r_keygrip = NULL; + } + return gpg_error (GPG_ERR_WRONG_KEY_USAGE); + } + + /* Parse the expire string. */ + expire = parse_expire_string (expirestr); + if (expire == (u32)-1 ) + { + if (r_keygrip) + { + xfree (*r_keygrip); + *r_keygrip = NULL; + } + return gpg_error (GPG_ERR_INV_VALUE); + } + + if (curve) + *r_curve = curve; + *r_algo = algo; + *r_usage = use; + *r_expire = expire; + *r_nbits = nbits; + return 0; +} + + +/* Add a new subkey to an existing key. Returns 0 if a new key has + been generated and put into the keyblocks. If any of ALGOSTR, + USAGESTR, or EXPIRESTR is NULL interactive mode is used. */ +gpg_error_t +generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr, + const char *usagestr, const char *expirestr) +{ + gpg_error_t err = 0; + int interactive; + kbnode_t node; + PKT_public_key *pri_psk = NULL; + PKT_public_key *sub_psk = NULL; + int algo; + unsigned int use; + u32 expire; + unsigned int nbits = 0; + const char *curve = NULL; + u32 cur_time; + char *key_from_hexgrip = NULL; + char *hexgrip = NULL; + char *serialno = NULL; + char *cache_nonce = NULL; + char *passwd_nonce = NULL; + + interactive = (!algostr || !usagestr || !expirestr); + + /* Break out the primary key. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; primary key missing in keyblock!\n"); + err = gpg_error (GPG_ERR_BUG); + goto leave; + } + pri_psk = node->pkt->pkt.public_key; + + cur_time = make_timestamp (); + + if (pri_psk->timestamp > cur_time) + { + ulong d = pri_psk->timestamp - cur_time; + log_info ( d==1 ? _("key has been created %lu second " + "in future (time warp or clock problem)\n") + : _("key has been created %lu seconds " + "in future (time warp or clock problem)\n"), d ); + if (!opt.ignore_time_conflict) + { + err = gpg_error (GPG_ERR_TIME_CONFLICT); + goto leave; + } + } + + if (pri_psk->version < 4) + { + log_info (_("Note: creating subkeys for v3 keys " + "is not OpenPGP compliant\n")); + err = gpg_error (GPG_ERR_CONFLICT); + goto leave; + } + + err = hexkeygrip_from_pk (pri_psk, &hexgrip); + if (err) + goto leave; + if (agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + { + if (interactive) + tty_printf (_("Secret parts of primary key are not available.\n")); + else + log_info ( _("Secret parts of primary key are not available.\n")); + err = gpg_error (GPG_ERR_NO_SECKEY); + goto leave; + } + if (serialno) + { + if (interactive) + tty_printf (_("Secret parts of primary key are stored on-card.\n")); + else + log_info ( _("Secret parts of primary key are stored on-card.\n")); + } + + if (interactive) + { + algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip); + log_assert (algo); + + if (key_from_hexgrip) + nbits = 0; + else if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH) + curve = ask_curve (&algo, NULL, NULL); + else + nbits = ask_keysize (algo, 0); + + expire = ask_expire_interval (0, NULL); + if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", + _("Really create? (y/N) "))) + { + err = gpg_error (GPG_ERR_CANCELED); + goto leave; + } + } + else /* Unattended mode. */ + { + err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr, + &algo, &use, &expire, &nbits, &curve, + &key_from_hexgrip); + if (err) + goto leave; + } + + /* Verify the passphrase now so that we get a cache item for the + * primary key passphrase. The agent also returns a passphrase + * nonce, which we can use to set the passphrase for the subkey to + * that of the primary key. */ + { + char *desc = gpg_format_keydesc (ctrl, pri_psk, FORMAT_KEYDESC_NORMAL, 1); + err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/, + &cache_nonce, &passwd_nonce); + xfree (desc); + if (gpg_err_code (err) == GPG_ERR_NOT_IMPLEMENTED + && gpg_err_source (err) == GPG_ERR_SOURCE_GPGAGENT) + err = 0; /* Very likely that the key is on a card. */ + if (err) + goto leave; + } + + /* Start creation. */ + if (key_from_hexgrip) + { + err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip, + keyblock, cur_time, expire, 1); + } + else + { + const char *passwd; + + /* If the pinentry loopback mode is not and we have a static + passphrase (i.e. set with --passphrase{,-fd,-file} while in batch + mode), we use that passphrase for the new subkey. */ + if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK + && have_static_passphrase ()) + passwd = get_static_passphrase (); + else + passwd = NULL; + + err = do_create (algo, nbits, curve, + keyblock, cur_time, expire, 1, 0, + passwd, &cache_nonce, &passwd_nonce); + } + if (err) + goto leave; + + /* Get the pointer to the generated public subkey packet. */ + for (node = keyblock; node; node = node->next) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + sub_psk = node->pkt->pkt.public_key; + + /* Write the binding signature. */ + err = write_keybinding (ctrl, keyblock, pri_psk, sub_psk, use, cur_time, + cache_nonce); + if (err) + goto leave; + + print_status_key_created ('S', sub_psk, NULL); + + + leave: + xfree (key_from_hexgrip); + xfree (hexgrip); + xfree (serialno); + xfree (cache_nonce); + xfree (passwd_nonce); + if (err) + log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); + return err; +} + + +#ifdef ENABLE_CARD_SUPPORT +/* Generate a subkey on a card. */ +gpg_error_t +generate_card_subkeypair (ctrl_t ctrl, kbnode_t pub_keyblock, + int keyno, const char *serialno) +{ + gpg_error_t err = 0; + kbnode_t node; + PKT_public_key *pri_pk = NULL; + unsigned int use; + u32 expire; + u32 cur_time; + struct para_data_s *para = NULL; + PKT_public_key *sub_pk = NULL; + int algo; + struct agent_card_info_s info; + + log_assert (keyno >= 1 && keyno <= 3); + + memset (&info, 0, sizeof (info)); + err = agent_scd_getattr ("KEY-ATTR", &info); + if (err) + { + log_error (_("error getting current key info: %s\n"), gpg_strerror (err)); + return err; + } + algo = info.key_attr[keyno-1].algo; + + para = xtrycalloc (1, sizeof *para + strlen (serialno) ); + if (!para) + { + err = gpg_error_from_syserror (); + goto leave; + } + para->key = pSERIALNO; + strcpy (para->u.value, serialno); + + /* Break out the primary secret key */ + node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; public key lost!\n"); + err = gpg_error (GPG_ERR_INTERNAL); + goto leave; + } + pri_pk = node->pkt->pkt.public_key; + + cur_time = make_timestamp(); + if (pri_pk->timestamp > cur_time) + { + ulong d = pri_pk->timestamp - cur_time; + log_info (d==1 ? _("key has been created %lu second " + "in future (time warp or clock problem)\n") + : _("key has been created %lu seconds " + "in future (time warp or clock problem)\n"), d ); + if (!opt.ignore_time_conflict) + { + err = gpg_error (GPG_ERR_TIME_CONFLICT); + goto leave; + } + } + + if (pri_pk->version < 4) + { + log_info (_("Note: creating subkeys for v3 keys " + "is not OpenPGP compliant\n")); + err = gpg_error (GPG_ERR_NOT_SUPPORTED); + goto leave; + } + + expire = ask_expire_interval (0, NULL); + if (keyno == 1) + use = PUBKEY_USAGE_SIG; + else if (keyno == 2) + use = PUBKEY_USAGE_ENC; + else + use = PUBKEY_USAGE_AUTH; + if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay", + _("Really create? (y/N) "))) + { + err = gpg_error (GPG_ERR_CANCELED); + goto leave; + } + + /* Note, that depending on the backend, the card key generation may + update CUR_TIME. */ + err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire); + /* Get the pointer to the generated public subkey packet. */ + if (!err) + { + for (node = pub_keyblock; node; node = node->next) + if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + sub_pk = node->pkt->pkt.public_key; + log_assert (sub_pk); + err = write_keybinding (ctrl, pub_keyblock, pri_pk, sub_pk, + use, cur_time, NULL); + } + + leave: + if (err) + log_error (_("Key generation failed: %s\n"), gpg_strerror (err) ); + else + print_status_key_created ('S', sub_pk, NULL); + release_parameter_list (para); + return err; +} +#endif /* !ENABLE_CARD_SUPPORT */ + +/* + * Write a keyblock to an output stream + */ +static int +write_keyblock( IOBUF out, KBNODE node ) +{ + for( ; node ; node = node->next ) + { + if(!is_deleted_kbnode(node)) + { + int rc = build_packet( out, node->pkt ); + if( rc ) + { + log_error("build_packet(%d) failed: %s\n", + node->pkt->pkttype, gpg_strerror (rc) ); + return rc; + } + } + } + + return 0; +} + + +/* Note that timestamp is an in/out arg. */ +static gpg_error_t +gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root, + u32 *timestamp, u32 expireval) +{ +#ifdef ENABLE_CARD_SUPPORT + gpg_error_t err; + PACKET *pkt; + PKT_public_key *pk; + char keyid[10]; + unsigned char *public; + gcry_sexp_t s_key; + + snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno); + + pk = xtrycalloc (1, sizeof *pk ); + if (!pk) + return gpg_error_from_syserror (); + pkt = xtrycalloc (1, sizeof *pkt); + if (!pkt) + { + xfree (pk); + return gpg_error_from_syserror (); + } + + /* Note: SCD knows the serialnumber, thus there is no point in passing it. */ + err = agent_scd_genkey (keyno, 1, timestamp); + /* The code below is not used because we force creation of + * the a card key (3rd arg). + * if (gpg_err_code (rc) == GPG_ERR_EEXIST) + * { + * tty_printf ("\n"); + * log_error ("WARNING: key does already exists!\n"); + * tty_printf ("\n"); + * if ( cpr_get_answer_is_yes( "keygen.card.replace_key", + * _("Replace existing key? "))) + * rc = agent_scd_genkey (keyno, 1, timestamp); + * } + */ + if (err) + { + log_error ("key generation failed: %s\n", gpg_strerror (err)); + xfree (pkt); + xfree (pk); + return err; + } + + /* Send the READKEY command so that the agent creates a shadow key for + card key. We need to do that now so that we are able to create + the self-signatures. */ + err = agent_readkey (NULL, 1, keyid, &public); + if (err) + return err; + err = gcry_sexp_sscan (&s_key, NULL, public, + gcry_sexp_canon_len (public, 0, NULL, NULL)); + xfree (public); + if (err) + return err; + + if (algo == PUBKEY_ALGO_RSA) + err = key_from_sexp (pk->pkey, s_key, "public-key", "ne"); + else if (algo == PUBKEY_ALGO_ECDSA + || algo == PUBKEY_ALGO_EDDSA + || algo == PUBKEY_ALGO_ECDH ) + err = ecckey_from_sexp (pk->pkey, s_key, algo); + else + err = gpg_error (GPG_ERR_PUBKEY_ALGO); + gcry_sexp_release (s_key); + + if (err) + { + log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) ); + free_public_key (pk); + return err; + } + + pk->timestamp = *timestamp; + pk->version = 4; + if (expireval) + pk->expiredate = pk->timestamp + expireval; + pk->pubkey_algo = algo; + + pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; + pkt->pkt.public_key = pk; + add_kbnode (pub_root, new_kbnode (pkt)); + + return 0; +#else + (void)keyno; + (void)is_primary; + (void)pub_root; + (void)timestamp; + (void)expireval; + return gpg_error (GPG_ERR_NOT_SUPPORTED); +#endif /*!ENABLE_CARD_SUPPORT*/ +} |