LCOV - code coverage report
Current view: top level - g10 - keygen.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 708 2400 29.5 %
Date: 2016-11-29 15:00:56 Functions: 44 73 60.3 %

          Line data    Source code
       1             : /* keygen.c - Generate a key pair
       2             :  * Copyright (C) 1998-2007, 2009-2011  Free Software Foundation, Inc.
       3             :  * Copyright (C) 2014, 2015, 2016  Werner Koch
       4             :  *
       5             :  * This file is part of GnuPG.
       6             :  *
       7             :  * GnuPG is free software; you can redistribute it and/or modify
       8             :  * it under the terms of the GNU General Public License as published by
       9             :  * the Free Software Foundation; either version 3 of the License, or
      10             :  * (at your option) any later version.
      11             :  *
      12             :  * GnuPG is distributed in the hope that it will be useful,
      13             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      14             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      15             :  * GNU General Public License for more details.
      16             :  *
      17             :  * You should have received a copy of the GNU General Public License
      18             :  * along with this program; if not, see <https://www.gnu.org/licenses/>.
      19             :  */
      20             : 
      21             : #include <config.h>
      22             : #include <stdio.h>
      23             : #include <stdlib.h>
      24             : #include <string.h>
      25             : #include <ctype.h>
      26             : #include <errno.h>
      27             : #include <sys/types.h>
      28             : #include <sys/stat.h>
      29             : #include <unistd.h>
      30             : 
      31             : #include "gpg.h"
      32             : #include "util.h"
      33             : #include "main.h"
      34             : #include "packet.h"
      35             : #include "ttyio.h"
      36             : #include "options.h"
      37             : #include "keydb.h"
      38             : #include "trustdb.h"
      39             : #include "status.h"
      40             : #include "i18n.h"
      41             : #include "keyserver-internal.h"
      42             : #include "call-agent.h"
      43             : #include "pkglue.h"
      44             : #include "../common/shareddefs.h"
      45             : #include "host2net.h"
      46             : #include "mbox-util.h"
      47             : 
      48             : 
      49             : /* The default algorithms.  If you change them remember to change them
      50             :    also in gpg.c:gpgconf_list.  You should also check that the value
      51             :    is inside the bounds enforced by ask_keysize and gen_xxx.  */
      52             : #define DEFAULT_STD_ALGO       PUBKEY_ALGO_RSA
      53             : #define DEFAULT_STD_KEYSIZE    2048
      54             : #define DEFAULT_STD_KEYUSE     (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
      55             : #define DEFAULT_STD_CURVE      NULL
      56             : #define DEFAULT_STD_SUBALGO    PUBKEY_ALGO_RSA
      57             : #define DEFAULT_STD_SUBKEYSIZE 2048
      58             : #define DEFAULT_STD_SUBKEYUSE  PUBKEY_USAGE_ENC
      59             : #define DEFAULT_STD_SUBCURVE   NULL
      60             : 
      61             : #define FUTURE_STD_ALGO        PUBKEY_ALGO_EDDSA
      62             : #define FUTURE_STD_KEYSIZE     0
      63             : #define FUTURE_STD_KEYUSE      (PUBKEY_USAGE_CERT|PUBKEY_USAGE_SIG)
      64             : #define FUTURE_STD_CURVE       "Ed25519"
      65             : #define FUTURE_STD_SUBALGO     PUBKEY_ALGO_ECDH
      66             : #define FUTURE_STD_SUBKEYSIZE  0
      67             : #define FUTURE_STD_SUBKEYUSE   PUBKEY_USAGE_ENC
      68             : #define FUTURE_STD_SUBCURVE    "Curve25519"
      69             : 
      70             : /* Flag bits used during key generation.  */
      71             : #define KEYGEN_FLAG_NO_PROTECTION 1
      72             : #define KEYGEN_FLAG_TRANSIENT_KEY 2
      73             : 
      74             : /* Maximum number of supported algorithm preferences.  */
      75             : #define MAX_PREFS 30
      76             : 
      77             : enum para_name {
      78             :   pKEYTYPE,
      79             :   pKEYLENGTH,
      80             :   pKEYCURVE,
      81             :   pKEYUSAGE,
      82             :   pSUBKEYTYPE,
      83             :   pSUBKEYLENGTH,
      84             :   pSUBKEYCURVE,
      85             :   pSUBKEYUSAGE,
      86             :   pAUTHKEYTYPE,
      87             :   pNAMEREAL,
      88             :   pNAMEEMAIL,
      89             :   pNAMECOMMENT,
      90             :   pPREFERENCES,
      91             :   pREVOKER,
      92             :   pUSERID,
      93             :   pCREATIONDATE,
      94             :   pKEYCREATIONDATE, /* Same in seconds since epoch.  */
      95             :   pEXPIREDATE,
      96             :   pKEYEXPIRE, /* in n seconds */
      97             :   pSUBKEYEXPIRE, /* in n seconds */
      98             :   pPASSPHRASE,
      99             :   pSERIALNO,
     100             :   pCARDBACKUPKEY,
     101             :   pHANDLE,
     102             :   pKEYSERVER
     103             : };
     104             : 
     105             : struct para_data_s {
     106             :     struct para_data_s *next;
     107             :     int lnr;
     108             :     enum para_name key;
     109             :     union {
     110             :         u32 expire;
     111             :         u32 creation;
     112             :         unsigned int usage;
     113             :         struct revocation_key revkey;
     114             :         char value[1];
     115             :     } u;
     116             : };
     117             : 
     118             : struct output_control_s
     119             : {
     120             :   int lnr;
     121             :   int dryrun;
     122             :   unsigned int keygen_flags;
     123             :   int use_files;
     124             :   struct {
     125             :     char  *fname;
     126             :     char  *newfname;
     127             :     IOBUF stream;
     128             :     armor_filter_context_t *afx;
     129             :   } pub;
     130             : };
     131             : 
     132             : 
     133             : struct opaque_data_usage_and_pk {
     134             :     unsigned int usage;
     135             :     PKT_public_key *pk;
     136             : };
     137             : 
     138             : 
     139             : static int prefs_initialized = 0;
     140             : static byte sym_prefs[MAX_PREFS];
     141             : static int nsym_prefs;
     142             : static byte hash_prefs[MAX_PREFS];
     143             : static int nhash_prefs;
     144             : static byte zip_prefs[MAX_PREFS];
     145             : static int nzip_prefs;
     146             : static int mdc_available,ks_modify;
     147             : 
     148             : static gpg_error_t parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
     149             :                                      const char *algostr, const char *usagestr,
     150             :                                      const char *expirestr,
     151             :                                      int *r_algo, unsigned int *r_usage,
     152             :                                      u32 *r_expire,
     153             :                                      unsigned int *r_nbits, char **r_curve);
     154             : static void do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
     155             :                                  struct output_control_s *outctrl, int card );
     156             : static int write_keyblock (iobuf_t out, kbnode_t node);
     157             : static gpg_error_t gen_card_key (int keyno, int algo, int is_primary,
     158             :                                  kbnode_t pub_root, u32 *timestamp,
     159             :                                  u32 expireval);
     160             : 
     161             : 
     162             : static void
     163           3 : print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
     164             : {
     165             :   byte array[MAX_FINGERPRINT_LEN], *s;
     166             :   char *buf, *p;
     167             :   size_t i, n;
     168             : 
     169           3 :   if (!handle)
     170           3 :     handle = "";
     171             : 
     172           3 :   buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1);
     173             : 
     174           3 :   p = buf;
     175           3 :   if (letter || pk)
     176             :     {
     177           3 :       *p++ = letter;
     178           3 :       if (pk)
     179             :         {
     180           3 :           *p++ = ' ';
     181           3 :           fingerprint_from_pk (pk, array, &n);
     182           3 :           s = array;
     183             :           /* Fixme: Use bin2hex */
     184          63 :           for (i=0; i < n ; i++, s++, p += 2)
     185          60 :             snprintf (p, 3, "%02X", *s);
     186             :         }
     187             :     }
     188           3 :   if (*handle)
     189             :     {
     190           0 :       *p++ = ' ';
     191           0 :       for (i=0; handle[i] && i < 100; i++)
     192           0 :         *p++ = isspace ((unsigned int)handle[i])? '_':handle[i];
     193             :     }
     194           3 :   *p = 0;
     195           3 :   write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED,
     196             :                      buf);
     197           3 :   xfree (buf);
     198           3 : }
     199             : 
     200             : static void
     201           0 : print_status_key_not_created (const char *handle)
     202             : {
     203           0 :   print_status_key_created (0, NULL, handle);
     204           0 : }
     205             : 
     206             : 
     207             : 
     208             : static void
     209           3 : write_uid( KBNODE root, const char *s )
     210             : {
     211           3 :     PACKET *pkt = xmalloc_clear(sizeof *pkt );
     212           3 :     size_t n = strlen(s);
     213             : 
     214           3 :     pkt->pkttype = PKT_USER_ID;
     215           3 :     pkt->pkt.user_id = xmalloc_clear (sizeof *pkt->pkt.user_id + n);
     216           3 :     pkt->pkt.user_id->len = n;
     217           3 :     pkt->pkt.user_id->ref = 1;
     218           3 :     strcpy(pkt->pkt.user_id->name, s);
     219           3 :     add_kbnode( root, new_kbnode( pkt ) );
     220           3 : }
     221             : 
     222             : static void
     223           6 : do_add_key_flags (PKT_signature *sig, unsigned int use)
     224             : {
     225             :     byte buf[1];
     226             : 
     227           6 :     buf[0] = 0;
     228             : 
     229             :     /* The spec says that all primary keys MUST be able to certify. */
     230           6 :     if(sig->sig_class!=0x18)
     231           4 :       buf[0] |= 0x01;
     232             : 
     233           6 :     if (use & PUBKEY_USAGE_SIG)
     234           4 :       buf[0] |= 0x02;
     235           6 :     if (use & PUBKEY_USAGE_ENC)
     236           3 :         buf[0] |= 0x04 | 0x08;
     237           6 :     if (use & PUBKEY_USAGE_AUTH)
     238           1 :         buf[0] |= 0x20;
     239             : 
     240           6 :     build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
     241           6 : }
     242             : 
     243             : 
     244             : int
     245           6 : keygen_add_key_expire (PKT_signature *sig, void *opaque)
     246             : {
     247           6 :   PKT_public_key *pk = opaque;
     248             :   byte buf[8];
     249             :   u32  u;
     250             : 
     251           6 :   if (pk->expiredate)
     252             :     {
     253           3 :       if (pk->expiredate > pk->timestamp)
     254           3 :         u = pk->expiredate - pk->timestamp;
     255             :       else
     256           0 :         u = 1;
     257             : 
     258           3 :       buf[0] = (u >> 24) & 0xff;
     259           3 :       buf[1] = (u >> 16) & 0xff;
     260           3 :       buf[2] = (u >>  8) & 0xff;
     261           3 :       buf[3] = u & 0xff;
     262           3 :       build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
     263             :     }
     264             :   else
     265             :     {
     266             :       /* Make sure we don't leave a key expiration subpacket lying
     267             :          around */
     268           3 :       delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
     269             :     }
     270             : 
     271           6 :   return 0;
     272             : }
     273             : 
     274             : 
     275             : /* Add the key usage (i.e. key flags) in SIG from the public keys
     276             :  * pubkey_usage field.  OPAQUE has the public key.  */
     277             : int
     278           0 : keygen_add_key_flags (PKT_signature *sig, void *opaque)
     279             : {
     280           0 :   PKT_public_key *pk = opaque;
     281             : 
     282           0 :   do_add_key_flags (sig, pk->pubkey_usage);
     283           0 :   return 0;
     284             : }
     285             : 
     286             : 
     287             : static int
     288           2 : keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
     289             : {
     290           2 :   struct opaque_data_usage_and_pk *oduap = opaque;
     291             : 
     292           2 :   do_add_key_flags (sig, oduap->usage);
     293           2 :   return keygen_add_key_expire (sig, oduap->pk);
     294             : }
     295             : 
     296             : 
     297             : static int
     298          48 : set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
     299             : {
     300             :     int i;
     301             : 
     302         124 :     for (i=0; i < *nbuf; i++ )
     303          76 :       if (buf[i] == val)
     304             :         {
     305           0 :           log_info (_("preference '%s' duplicated\n"), item);
     306           0 :           return -1;
     307             :         }
     308             : 
     309          48 :     if (*nbuf >= MAX_PREFS)
     310             :       {
     311           0 :         if(type==1)
     312           0 :           log_info(_("too many cipher preferences\n"));
     313           0 :         else if(type==2)
     314           0 :           log_info(_("too many digest preferences\n"));
     315           0 :         else if(type==3)
     316           0 :           log_info(_("too many compression preferences\n"));
     317             :         else
     318           0 :           BUG();
     319             : 
     320           0 :         return -1;
     321             :       }
     322             : 
     323          48 :     buf[(*nbuf)++] = val;
     324          48 :     return 0;
     325             : }
     326             : 
     327             : /*
     328             :  * Parse the supplied string and use it to set the standard
     329             :  * preferences.  The string may be in a form like the one printed by
     330             :  * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual
     331             :  * cipher/hash/compress names.  Use NULL to set the default
     332             :  * preferences.  Returns: 0 = okay
     333             :  */
     334             : int
     335           4 : keygen_set_std_prefs (const char *string,int personal)
     336             : {
     337             :     byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
     338           4 :     int nsym=0, nhash=0, nzip=0, val, rc=0;
     339           4 :     int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
     340             :     char dummy_string[20*4+1]; /* Enough for 20 items. */
     341             : 
     342           4 :     if (!string || !ascii_strcasecmp (string, "default"))
     343             :       {
     344           8 :         if (opt.def_preference_list)
     345           0 :           string=opt.def_preference_list;
     346             :         else
     347             :           {
     348           4 :             int any_compress = 0;
     349           4 :             dummy_string[0]='\0';
     350             : 
     351             :             /* The rationale why we use the order AES256,192,128 is
     352             :                for compatibility reasons with PGP.  If gpg would
     353             :                define AES128 first, we would get the somewhat
     354             :                confusing situation:
     355             : 
     356             :                  gpg -r pgpkey -r gpgkey  ---gives--> AES256
     357             :                  gpg -r gpgkey -r pgpkey  ---gives--> AES
     358             : 
     359             :                Note that by using --personal-cipher-preferences it is
     360             :                possible to prefer AES128.
     361             :             */
     362             : 
     363             :             /* Make sure we do not add more than 15 items here, as we
     364             :                could overflow the size of dummy_string.  We currently
     365             :                have at most 12. */
     366           4 :             if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
     367           4 :               strcat(dummy_string,"S9 ");
     368           4 :             if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
     369           4 :               strcat(dummy_string,"S8 ");
     370           4 :             if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
     371           4 :               strcat(dummy_string,"S7 ");
     372           4 :             strcat(dummy_string,"S2 "); /* 3DES */
     373             : 
     374             :             /* The default hash algo order is:
     375             :                  SHA-256, SHA-384, SHA-512, SHA-224, SHA-1.
     376             :              */
     377           4 :             if (!openpgp_md_test_algo (DIGEST_ALGO_SHA256))
     378           4 :               strcat (dummy_string, "H8 ");
     379             : 
     380           4 :             if (!openpgp_md_test_algo (DIGEST_ALGO_SHA384))
     381           4 :               strcat (dummy_string, "H9 ");
     382             : 
     383           4 :             if (!openpgp_md_test_algo (DIGEST_ALGO_SHA512))
     384           4 :               strcat (dummy_string, "H10 ");
     385             : 
     386           4 :             if (!openpgp_md_test_algo (DIGEST_ALGO_SHA224))
     387           4 :               strcat (dummy_string, "H11 ");
     388             : 
     389           4 :             strcat (dummy_string, "H2 "); /* SHA-1 */
     390             : 
     391           4 :             if(!check_compress_algo(COMPRESS_ALGO_ZLIB))
     392             :               {
     393           4 :                 strcat(dummy_string,"Z2 ");
     394           4 :                 any_compress = 1;
     395             :               }
     396             : 
     397           4 :             if(!check_compress_algo(COMPRESS_ALGO_BZIP2))
     398             :               {
     399           4 :                 strcat(dummy_string,"Z3 ");
     400           4 :                 any_compress = 1;
     401             :               }
     402             : 
     403           4 :             if(!check_compress_algo(COMPRESS_ALGO_ZIP))
     404             :               {
     405           4 :                 strcat(dummy_string,"Z1 ");
     406           4 :                 any_compress = 1;
     407             :               }
     408             : 
     409             :             /* In case we have no compress algo at all, declare that
     410             :                we prefer no compresssion.  */
     411           4 :             if (!any_compress)
     412           0 :               strcat(dummy_string,"Z0 ");
     413             : 
     414             :             /* Remove the trailing space.  */
     415           4 :             if (*dummy_string && dummy_string[strlen (dummy_string)-1] == ' ')
     416           4 :               dummy_string[strlen (dummy_string)-1] = 0;
     417             : 
     418           4 :             string=dummy_string;
     419             :           }
     420             :       }
     421           0 :     else if (!ascii_strcasecmp (string, "none"))
     422           0 :         string = "";
     423             : 
     424           4 :     if(strlen(string))
     425             :       {
     426             :         char *dup, *tok, *prefstring;
     427             : 
     428           4 :         dup = prefstring = xstrdup (string); /* need a writable string! */
     429             : 
     430          56 :         while((tok=strsep(&prefstring," ,")))
     431             :           {
     432          48 :             if((val=string_to_cipher_algo (tok)))
     433             :               {
     434          16 :                 if(set_one_pref(val,1,tok,sym,&nsym))
     435           0 :                   rc=-1;
     436             :               }
     437          32 :             else if((val=string_to_digest_algo (tok)))
     438             :               {
     439          20 :                 if(set_one_pref(val,2,tok,hash,&nhash))
     440           0 :                   rc=-1;
     441             :               }
     442          12 :             else if((val=string_to_compress_algo(tok))>-1)
     443             :               {
     444          12 :                 if(set_one_pref(val,3,tok,zip,&nzip))
     445           0 :                   rc=-1;
     446             :               }
     447           0 :             else if (ascii_strcasecmp(tok,"mdc")==0)
     448           0 :               mdc=1;
     449           0 :             else if (ascii_strcasecmp(tok,"no-mdc")==0)
     450           0 :               mdc=0;
     451           0 :             else if (ascii_strcasecmp(tok,"ks-modify")==0)
     452           0 :               modify=1;
     453           0 :             else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
     454           0 :               modify=0;
     455             :             else
     456             :               {
     457           0 :                 log_info (_("invalid item '%s' in preference string\n"),tok);
     458           0 :                 rc=-1;
     459             :               }
     460             :           }
     461             : 
     462           4 :         xfree (dup);
     463             :       }
     464             : 
     465           4 :     if(!rc)
     466             :       {
     467           4 :         if(personal)
     468             :           {
     469           0 :             if(personal==PREFTYPE_SYM)
     470             :               {
     471           0 :                 xfree(opt.personal_cipher_prefs);
     472             : 
     473           0 :                 if(nsym==0)
     474           0 :                   opt.personal_cipher_prefs=NULL;
     475             :                 else
     476             :                   {
     477             :                     int i;
     478             : 
     479           0 :                     opt.personal_cipher_prefs=
     480           0 :                       xmalloc(sizeof(prefitem_t *)*(nsym+1));
     481             : 
     482           0 :                     for (i=0; i<nsym; i++)
     483             :                       {
     484           0 :                         opt.personal_cipher_prefs[i].type = PREFTYPE_SYM;
     485           0 :                         opt.personal_cipher_prefs[i].value = sym[i];
     486             :                       }
     487             : 
     488           0 :                     opt.personal_cipher_prefs[i].type = PREFTYPE_NONE;
     489           0 :                     opt.personal_cipher_prefs[i].value = 0;
     490             :                   }
     491             :               }
     492           0 :             else if(personal==PREFTYPE_HASH)
     493             :               {
     494           0 :                 xfree(opt.personal_digest_prefs);
     495             : 
     496           0 :                 if(nhash==0)
     497           0 :                   opt.personal_digest_prefs=NULL;
     498             :                 else
     499             :                   {
     500             :                     int i;
     501             : 
     502           0 :                     opt.personal_digest_prefs=
     503           0 :                       xmalloc(sizeof(prefitem_t *)*(nhash+1));
     504             : 
     505           0 :                     for (i=0; i<nhash; i++)
     506             :                       {
     507           0 :                         opt.personal_digest_prefs[i].type = PREFTYPE_HASH;
     508           0 :                         opt.personal_digest_prefs[i].value = hash[i];
     509             :                       }
     510             : 
     511           0 :                     opt.personal_digest_prefs[i].type = PREFTYPE_NONE;
     512           0 :                     opt.personal_digest_prefs[i].value = 0;
     513             :                   }
     514             :               }
     515           0 :             else if(personal==PREFTYPE_ZIP)
     516             :               {
     517           0 :                 xfree(opt.personal_compress_prefs);
     518             : 
     519           0 :                 if(nzip==0)
     520           0 :                   opt.personal_compress_prefs=NULL;
     521             :                 else
     522             :                   {
     523             :                     int i;
     524             : 
     525           0 :                     opt.personal_compress_prefs=
     526           0 :                       xmalloc(sizeof(prefitem_t *)*(nzip+1));
     527             : 
     528           0 :                     for (i=0; i<nzip; i++)
     529             :                       {
     530           0 :                         opt.personal_compress_prefs[i].type = PREFTYPE_ZIP;
     531           0 :                         opt.personal_compress_prefs[i].value = zip[i];
     532             :                       }
     533             : 
     534           0 :                     opt.personal_compress_prefs[i].type = PREFTYPE_NONE;
     535           0 :                     opt.personal_compress_prefs[i].value = 0;
     536             :                   }
     537             :               }
     538             :           }
     539             :         else
     540             :           {
     541           4 :             memcpy (sym_prefs,  sym,  (nsym_prefs=nsym));
     542           4 :             memcpy (hash_prefs, hash, (nhash_prefs=nhash));
     543           4 :             memcpy (zip_prefs,  zip,  (nzip_prefs=nzip));
     544           4 :             mdc_available = mdc;
     545           4 :             ks_modify = modify;
     546           4 :             prefs_initialized = 1;
     547             :           }
     548             :       }
     549             : 
     550           4 :     return rc;
     551             : }
     552             : 
     553             : /* Return a fake user ID containing the preferences.  Caller must
     554             :    free. */
     555             : PKT_user_id *
     556           0 : keygen_get_std_prefs(void)
     557             : {
     558           0 :   int i,j=0;
     559           0 :   PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
     560             : 
     561           0 :   if(!prefs_initialized)
     562           0 :     keygen_set_std_prefs(NULL,0);
     563             : 
     564           0 :   uid->ref=1;
     565             : 
     566           0 :   uid->prefs=xmalloc((sizeof(prefitem_t *)*
     567             :                       (nsym_prefs+nhash_prefs+nzip_prefs+1)));
     568             : 
     569           0 :   for(i=0;i<nsym_prefs;i++,j++)
     570             :     {
     571           0 :       uid->prefs[j].type=PREFTYPE_SYM;
     572           0 :       uid->prefs[j].value=sym_prefs[i];
     573             :     }
     574             : 
     575           0 :   for(i=0;i<nhash_prefs;i++,j++)
     576             :     {
     577           0 :       uid->prefs[j].type=PREFTYPE_HASH;
     578           0 :       uid->prefs[j].value=hash_prefs[i];
     579             :     }
     580             : 
     581           0 :   for(i=0;i<nzip_prefs;i++,j++)
     582             :     {
     583           0 :       uid->prefs[j].type=PREFTYPE_ZIP;
     584           0 :       uid->prefs[j].value=zip_prefs[i];
     585             :     }
     586             : 
     587           0 :   uid->prefs[j].type=PREFTYPE_NONE;
     588           0 :   uid->prefs[j].value=0;
     589             : 
     590           0 :   uid->flags.mdc=mdc_available;
     591           0 :   uid->flags.ks_modify=ks_modify;
     592             : 
     593           0 :   return uid;
     594             : }
     595             : 
     596             : static void
     597           4 : add_feature_mdc (PKT_signature *sig,int enabled)
     598             : {
     599             :     const byte *s;
     600             :     size_t n;
     601             :     int i;
     602             :     char *buf;
     603             : 
     604           4 :     s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
     605             :     /* Already set or cleared */
     606           4 :     if (s && n &&
     607           0 :         ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
     608           4 :       return;
     609             : 
     610           4 :     if (!s || !n) { /* create a new one */
     611           4 :         n = 1;
     612           4 :         buf = xmalloc_clear (n);
     613             :     }
     614             :     else {
     615           0 :         buf = xmalloc (n);
     616           0 :         memcpy (buf, s, n);
     617             :     }
     618             : 
     619           4 :     if(enabled)
     620           4 :       buf[0] |= 0x01; /* MDC feature */
     621             :     else
     622           0 :       buf[0] &= ~0x01;
     623             : 
     624             :     /* Are there any bits set? */
     625           4 :     for(i=0;i<n;i++)
     626           4 :       if(buf[i]!=0)
     627           4 :         break;
     628             : 
     629           4 :     if(i==n)
     630           0 :       delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
     631             :     else
     632           4 :       build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
     633             : 
     634           4 :     xfree (buf);
     635             : }
     636             : 
     637             : static void
     638           4 : add_keyserver_modify (PKT_signature *sig,int enabled)
     639             : {
     640             :   const byte *s;
     641             :   size_t n;
     642             :   int i;
     643             :   char *buf;
     644             : 
     645             :   /* The keyserver modify flag is a negative flag (i.e. no-modify) */
     646           4 :   enabled=!enabled;
     647             : 
     648           4 :   s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
     649             :   /* Already set or cleared */
     650           4 :   if (s && n &&
     651           0 :       ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
     652           4 :     return;
     653             : 
     654           4 :   if (!s || !n) { /* create a new one */
     655           4 :     n = 1;
     656           4 :     buf = xmalloc_clear (n);
     657             :   }
     658             :   else {
     659           0 :     buf = xmalloc (n);
     660           0 :     memcpy (buf, s, n);
     661             :   }
     662             : 
     663           4 :   if(enabled)
     664           4 :     buf[0] |= 0x80; /* no-modify flag */
     665             :   else
     666           0 :     buf[0] &= ~0x80;
     667             : 
     668             :   /* Are there any bits set? */
     669           4 :   for(i=0;i<n;i++)
     670           4 :     if(buf[i]!=0)
     671           4 :       break;
     672             : 
     673           4 :   if(i==n)
     674           0 :     delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
     675             :   else
     676           4 :     build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
     677             : 
     678           4 :   xfree (buf);
     679             : }
     680             : 
     681             : 
     682             : int
     683           4 : keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
     684             : {
     685             :   (void)opaque;
     686             : 
     687           4 :   if (!prefs_initialized)
     688           1 :     keygen_set_std_prefs (NULL, 0);
     689             : 
     690           4 :   if (nsym_prefs)
     691           4 :     build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
     692             :   else
     693             :     {
     694           0 :       delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
     695           0 :       delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
     696             :     }
     697             : 
     698           4 :   if (nhash_prefs)
     699           4 :     build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
     700             :   else
     701             :     {
     702           0 :       delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
     703           0 :       delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
     704             :     }
     705             : 
     706           4 :   if (nzip_prefs)
     707           4 :     build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
     708             :   else
     709             :     {
     710           0 :       delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
     711           0 :       delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
     712             :     }
     713             : 
     714             :   /* Make sure that the MDC feature flag is set if needed.  */
     715           4 :   add_feature_mdc (sig,mdc_available);
     716           4 :   add_keyserver_modify (sig,ks_modify);
     717           4 :   keygen_add_keyserver_url(sig,NULL);
     718             : 
     719           4 :   return 0;
     720             : }
     721             : 
     722             : 
     723             : /****************
     724             :  * Add preference to the self signature packet.
     725             :  * This is only called for packets with version > 3.
     726             :  */
     727             : int
     728           4 : keygen_add_std_prefs (PKT_signature *sig, void *opaque)
     729             : {
     730           4 :   PKT_public_key *pk = opaque;
     731             : 
     732           4 :   do_add_key_flags (sig, pk->pubkey_usage);
     733           4 :   keygen_add_key_expire (sig, opaque );
     734           4 :   keygen_upd_std_prefs (sig, opaque);
     735           4 :   keygen_add_keyserver_url (sig,NULL);
     736             : 
     737           4 :   return 0;
     738             : }
     739             : 
     740             : int
     741           8 : keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
     742             : {
     743           8 :   const char *url=opaque;
     744             : 
     745           8 :   if(!url)
     746           8 :     url=opt.def_keyserver_url;
     747             : 
     748           8 :   if(url)
     749           0 :     build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
     750             :   else
     751           8 :     delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS);
     752             : 
     753           8 :   return 0;
     754             : }
     755             : 
     756             : int
     757           0 : keygen_add_notations(PKT_signature *sig,void *opaque)
     758             : {
     759             :   struct notation *notation;
     760             : 
     761             :   /* We always start clean */
     762           0 :   delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
     763           0 :   delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION);
     764           0 :   sig->flags.notation=0;
     765             : 
     766           0 :   for(notation=opaque;notation;notation=notation->next)
     767           0 :     if(!notation->flags.ignore)
     768             :       {
     769             :         unsigned char *buf;
     770             :         unsigned int n1,n2;
     771             : 
     772           0 :         n1=strlen(notation->name);
     773           0 :         if(notation->altvalue)
     774           0 :           n2=strlen(notation->altvalue);
     775           0 :         else if(notation->bdat)
     776           0 :           n2=notation->blen;
     777             :         else
     778           0 :           n2=strlen(notation->value);
     779             : 
     780           0 :         buf = xmalloc( 8 + n1 + n2 );
     781             : 
     782             :         /* human readable or not */
     783           0 :         buf[0] = notation->bdat?0:0x80;
     784           0 :         buf[1] = buf[2] = buf[3] = 0;
     785           0 :         buf[4] = n1 >> 8;
     786           0 :         buf[5] = n1;
     787           0 :         buf[6] = n2 >> 8;
     788           0 :         buf[7] = n2;
     789           0 :         memcpy(buf+8, notation->name, n1 );
     790           0 :         if(notation->altvalue)
     791           0 :           memcpy(buf+8+n1, notation->altvalue, n2 );
     792           0 :         else if(notation->bdat)
     793           0 :           memcpy(buf+8+n1, notation->bdat, n2 );
     794             :         else
     795           0 :           memcpy(buf+8+n1, notation->value, n2 );
     796           0 :         build_sig_subpkt( sig, SIGSUBPKT_NOTATION |
     797           0 :                           (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0),
     798           0 :                           buf, 8+n1+n2 );
     799           0 :         xfree(buf);
     800             :       }
     801             : 
     802           0 :   return 0;
     803             : }
     804             : 
     805             : int
     806           0 : keygen_add_revkey (PKT_signature *sig, void *opaque)
     807             : {
     808           0 :   struct revocation_key *revkey = opaque;
     809             :   byte buf[2+MAX_FINGERPRINT_LEN];
     810             : 
     811           0 :   buf[0] = revkey->class;
     812           0 :   buf[1] = revkey->algid;
     813           0 :   memcpy (&buf[2], revkey->fpr, MAX_FINGERPRINT_LEN);
     814             : 
     815           0 :   build_sig_subpkt (sig, SIGSUBPKT_REV_KEY, buf, 2+MAX_FINGERPRINT_LEN);
     816             : 
     817             :   /* All sigs with revocation keys set are nonrevocable.  */
     818           0 :   sig->flags.revocable = 0;
     819           0 :   buf[0] = 0;
     820           0 :   build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, buf, 1);
     821             : 
     822           0 :   parse_revkeys (sig);
     823             : 
     824           0 :   return 0;
     825             : }
     826             : 
     827             : 
     828             : 
     829             : /* Create a back-signature.  If TIMESTAMP is not NULL, use it for the
     830             :    signature creation time.  */
     831             : gpg_error_t
     832           0 : make_backsig (PKT_signature *sig, PKT_public_key *pk,
     833             :               PKT_public_key *sub_pk, PKT_public_key *sub_psk,
     834             :               u32 timestamp, const char *cache_nonce)
     835             : {
     836             :   gpg_error_t err;
     837             :   PKT_signature *backsig;
     838             : 
     839           0 :   cache_public_key (sub_pk);
     840             : 
     841           0 :   err = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_psk, 0x19,
     842             :                             0, timestamp, 0, NULL, NULL, cache_nonce);
     843           0 :   if (err)
     844           0 :     log_error ("make_keysig_packet failed for backsig: %s\n",
     845             :                gpg_strerror (err));
     846             :   else
     847             :     {
     848             :       /* Get it into a binary packed form. */
     849           0 :       IOBUF backsig_out = iobuf_temp();
     850             :       PACKET backsig_pkt;
     851             : 
     852           0 :       init_packet (&backsig_pkt);
     853           0 :       backsig_pkt.pkttype = PKT_SIGNATURE;
     854           0 :       backsig_pkt.pkt.signature = backsig;
     855           0 :       err = build_packet (backsig_out, &backsig_pkt);
     856           0 :       free_packet (&backsig_pkt);
     857           0 :       if (err)
     858           0 :         log_error ("build_packet failed for backsig: %s\n", gpg_strerror (err));
     859             :       else
     860             :         {
     861           0 :           size_t pktlen = 0;
     862           0 :           byte *buf = iobuf_get_temp_buffer (backsig_out);
     863             : 
     864             :           /* Remove the packet header. */
     865           0 :           if(buf[0]&0x40)
     866             :             {
     867           0 :               if (buf[1] < 192)
     868             :                 {
     869           0 :                   pktlen = buf[1];
     870           0 :                   buf += 2;
     871             :                 }
     872           0 :               else if(buf[1] < 224)
     873             :                 {
     874           0 :                   pktlen = (buf[1]-192)*256;
     875           0 :                   pktlen += buf[2]+192;
     876           0 :                   buf += 3;
     877             :                 }
     878           0 :               else if (buf[1] == 255)
     879             :                 {
     880           0 :                   pktlen = buf32_to_size_t (buf+2);
     881           0 :                   buf += 6;
     882             :                 }
     883             :               else
     884           0 :                 BUG ();
     885             :             }
     886             :           else
     887             :             {
     888           0 :               int mark = 1;
     889             : 
     890           0 :               switch (buf[0]&3)
     891             :                 {
     892             :                 case 3:
     893           0 :                   BUG ();
     894             :                   break;
     895             : 
     896             :                 case 2:
     897           0 :                   pktlen  = (size_t)buf[mark++] << 24;
     898           0 :                   pktlen |= buf[mark++] << 16;
     899             : 
     900             :                 case 1:
     901           0 :                   pktlen |= buf[mark++] << 8;
     902             : 
     903             :                 case 0:
     904           0 :                   pktlen |= buf[mark++];
     905             :                 }
     906             : 
     907           0 :               buf += mark;
     908             :             }
     909             : 
     910             :           /* Now make the binary blob into a subpacket.  */
     911           0 :           build_sig_subpkt (sig, SIGSUBPKT_SIGNATURE, buf, pktlen);
     912             : 
     913           0 :           iobuf_close (backsig_out);
     914             :         }
     915             :     }
     916             : 
     917           0 :   return err;
     918             : }
     919             : 
     920             : 
     921             : /* Write a direct key signature to the first key in ROOT using the key
     922             :    PSK.  REVKEY is describes the direct key signature and TIMESTAMP is
     923             :    the timestamp to set on the signature.  */
     924             : static gpg_error_t
     925           0 : write_direct_sig (KBNODE root, PKT_public_key *psk,
     926             :                   struct revocation_key *revkey, u32 timestamp,
     927             :                   const char *cache_nonce)
     928             : {
     929             :   gpg_error_t err;
     930             :   PACKET *pkt;
     931             :   PKT_signature *sig;
     932             :   KBNODE node;
     933             :   PKT_public_key *pk;
     934             : 
     935           0 :   if (opt.verbose)
     936           0 :     log_info (_("writing direct signature\n"));
     937             : 
     938             :   /* Get the pk packet from the pub_tree. */
     939           0 :   node = find_kbnode (root, PKT_PUBLIC_KEY);
     940           0 :   if (!node)
     941           0 :     BUG ();
     942           0 :   pk = node->pkt->pkt.public_key;
     943             : 
     944             :   /* We have to cache the key, so that the verification of the
     945             :      signature creation is able to retrieve the public key.  */
     946           0 :   cache_public_key (pk);
     947             : 
     948             :   /* Make the signature.  */
     949           0 :   err = make_keysig_packet (&sig, pk, NULL,NULL, psk, 0x1F,
     950             :                             0, timestamp, 0,
     951             :                             keygen_add_revkey, revkey, cache_nonce);
     952           0 :   if (err)
     953             :     {
     954           0 :       log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err) );
     955           0 :       return err;
     956             :     }
     957             : 
     958           0 :   pkt = xmalloc_clear (sizeof *pkt);
     959           0 :   pkt->pkttype = PKT_SIGNATURE;
     960           0 :   pkt->pkt.signature = sig;
     961           0 :   add_kbnode (root, new_kbnode (pkt));
     962           0 :   return err;
     963             : }
     964             : 
     965             : 
     966             : 
     967             : /* Write a self-signature to the first user id in ROOT using the key
     968             :    PSK.  USE and TIMESTAMP give the extra data we need for the
     969             :    signature.  */
     970             : static gpg_error_t
     971           3 : write_selfsigs (KBNODE root, PKT_public_key *psk,
     972             :                 unsigned int use, u32 timestamp, const char *cache_nonce)
     973             : {
     974             :   gpg_error_t err;
     975             :   PACKET *pkt;
     976             :   PKT_signature *sig;
     977             :   PKT_user_id *uid;
     978             :   KBNODE node;
     979             :   PKT_public_key *pk;
     980             : 
     981           3 :   if (opt.verbose)
     982           0 :     log_info (_("writing self signature\n"));
     983             : 
     984             :   /* Get the uid packet from the list. */
     985           3 :   node = find_kbnode (root, PKT_USER_ID);
     986           3 :   if (!node)
     987           0 :     BUG(); /* No user id packet in tree.  */
     988           3 :   uid = node->pkt->pkt.user_id;
     989             : 
     990             :   /* Get the pk packet from the pub_tree. */
     991           3 :   node = find_kbnode (root, PKT_PUBLIC_KEY);
     992           3 :   if (!node)
     993           0 :     BUG();
     994           3 :   pk = node->pkt->pkt.public_key;
     995             : 
     996             :   /* The usage has not yet been set - do it now. */
     997           3 :   pk->pubkey_usage = use;
     998             : 
     999             :   /* We have to cache the key, so that the verification of the
    1000             :      signature creation is able to retrieve the public key.  */
    1001           3 :   cache_public_key (pk);
    1002             : 
    1003             :   /* Make the signature.  */
    1004           3 :   err = make_keysig_packet (&sig, pk, uid, NULL, psk, 0x13,
    1005             :                             0, timestamp, 0,
    1006             :                             keygen_add_std_prefs, pk, cache_nonce);
    1007           3 :   if (err)
    1008             :     {
    1009           0 :       log_error ("make_keysig_packet failed: %s\n", gpg_strerror (err));
    1010           0 :       return err;
    1011             :     }
    1012             : 
    1013           3 :   pkt = xmalloc_clear (sizeof *pkt);
    1014           3 :   pkt->pkttype = PKT_SIGNATURE;
    1015           3 :   pkt->pkt.signature = sig;
    1016           3 :   add_kbnode (root, new_kbnode (pkt));
    1017             : 
    1018           3 :   return err;
    1019             : }
    1020             : 
    1021             : 
    1022             : /* Write the key binding signature.  If TIMESTAMP is not NULL use the
    1023             :    signature creation time.  PRI_PSK is the key use for signing.
    1024             :    SUB_PSK is a key used to create a back-signature; that one is only
    1025             :    used if USE has the PUBKEY_USAGE_SIG capability.  */
    1026             : static int
    1027           2 : write_keybinding (KBNODE root, PKT_public_key *pri_psk, PKT_public_key *sub_psk,
    1028             :                   unsigned int use, u32 timestamp, const char *cache_nonce)
    1029             : {
    1030             :   gpg_error_t err;
    1031             :   PACKET *pkt;
    1032             :   PKT_signature *sig;
    1033             :   KBNODE node;
    1034             :   PKT_public_key *pri_pk, *sub_pk;
    1035             :   struct opaque_data_usage_and_pk oduap;
    1036             : 
    1037           2 :   if (opt.verbose)
    1038           0 :     log_info(_("writing key binding signature\n"));
    1039             : 
    1040             :   /* Get the primary pk packet from the tree.  */
    1041           2 :   node = find_kbnode (root, PKT_PUBLIC_KEY);
    1042           2 :   if (!node)
    1043           0 :     BUG();
    1044           2 :   pri_pk = node->pkt->pkt.public_key;
    1045             : 
    1046             :   /* We have to cache the key, so that the verification of the
    1047             :    * signature creation is able to retrieve the public key.  */
    1048           2 :   cache_public_key (pri_pk);
    1049             : 
    1050             :   /* Find the last subkey. */
    1051           2 :   sub_pk = NULL;
    1052          12 :   for (node = root; node; node = node->next )
    1053             :     {
    1054          10 :       if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    1055           2 :         sub_pk = node->pkt->pkt.public_key;
    1056             :     }
    1057           2 :   if (!sub_pk)
    1058           0 :     BUG();
    1059             : 
    1060             :   /* Make the signature.  */
    1061           2 :   oduap.usage = use;
    1062           2 :   oduap.pk = sub_pk;
    1063           2 :   err = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_psk, 0x18,
    1064             :                             0, timestamp, 0,
    1065             :                             keygen_add_key_flags_and_expire, &oduap,
    1066             :                             cache_nonce);
    1067           2 :   if (err)
    1068             :     {
    1069           0 :       log_error ("make_keysig_packeto failed: %s\n", gpg_strerror (err));
    1070           0 :       return err;
    1071             :     }
    1072             : 
    1073             :   /* Make a backsig.  */
    1074           2 :   if (use & PUBKEY_USAGE_SIG)
    1075             :     {
    1076           0 :       err = make_backsig (sig, pri_pk, sub_pk, sub_psk, timestamp, cache_nonce);
    1077           0 :       if (err)
    1078           0 :         return err;
    1079             :     }
    1080             : 
    1081           2 :   pkt = xmalloc_clear ( sizeof *pkt );
    1082           2 :   pkt->pkttype = PKT_SIGNATURE;
    1083           2 :   pkt->pkt.signature = sig;
    1084           2 :   add_kbnode (root, new_kbnode (pkt) );
    1085           2 :   return err;
    1086             : }
    1087             : 
    1088             : 
    1089             : static gpg_error_t
    1090           0 : ecckey_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp, int algo)
    1091             : {
    1092             :   gpg_error_t err;
    1093             :   gcry_sexp_t list, l2;
    1094             :   char *curve;
    1095             :   int i;
    1096             :   const char *oidstr;
    1097             :   unsigned int nbits;
    1098             : 
    1099           0 :   array[0] = NULL;
    1100           0 :   array[1] = NULL;
    1101           0 :   array[2] = NULL;
    1102             : 
    1103           0 :   list = gcry_sexp_find_token (sexp, "public-key", 0);
    1104           0 :   if (!list)
    1105           0 :     return gpg_error (GPG_ERR_INV_OBJ);
    1106           0 :   l2 = gcry_sexp_cadr (list);
    1107           0 :   gcry_sexp_release (list);
    1108           0 :   list = l2;
    1109           0 :   if (!list)
    1110           0 :     return gpg_error (GPG_ERR_NO_OBJ);
    1111             : 
    1112           0 :   l2 = gcry_sexp_find_token (list, "curve", 0);
    1113           0 :   if (!l2)
    1114             :     {
    1115           0 :       err = gpg_error (GPG_ERR_NO_OBJ);
    1116           0 :       goto leave;
    1117             :     }
    1118           0 :   curve = gcry_sexp_nth_string (l2, 1);
    1119           0 :   if (!curve)
    1120             :     {
    1121           0 :       err = gpg_error (GPG_ERR_NO_OBJ);
    1122           0 :       goto leave;
    1123             :     }
    1124           0 :   gcry_sexp_release (l2);
    1125           0 :   oidstr = openpgp_curve_to_oid (curve, &nbits);
    1126           0 :   if (!oidstr)
    1127             :     {
    1128             :       /* That can't happen because we used one of the curves
    1129             :          gpg_curve_to_oid knows about.  */
    1130           0 :       err = gpg_error (GPG_ERR_INV_OBJ);
    1131           0 :       goto leave;
    1132             :     }
    1133           0 :   err = openpgp_oid_from_str (oidstr, &array[0]);
    1134           0 :   if (err)
    1135           0 :     goto leave;
    1136             : 
    1137           0 :   l2 = gcry_sexp_find_token (list, "q", 0);
    1138           0 :   if (!l2)
    1139             :     {
    1140           0 :       err = gpg_error (GPG_ERR_NO_OBJ);
    1141           0 :       goto leave;
    1142             :     }
    1143           0 :   array[1] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
    1144           0 :   gcry_sexp_release (l2);
    1145           0 :   if (!array[1])
    1146             :     {
    1147           0 :       err = gpg_error (GPG_ERR_INV_OBJ);
    1148           0 :       goto leave;
    1149             :     }
    1150           0 :   gcry_sexp_release (list);
    1151             : 
    1152           0 :   if (algo == PUBKEY_ALGO_ECDH)
    1153             :     {
    1154           0 :       array[2] = pk_ecdh_default_params (nbits);
    1155           0 :       if (!array[2])
    1156             :         {
    1157           0 :           err = gpg_error_from_syserror ();
    1158           0 :           goto leave;
    1159             :         }
    1160             :     }
    1161             : 
    1162             :  leave:
    1163           0 :   if (err)
    1164             :     {
    1165           0 :       for (i=0; i < 3; i++)
    1166             :         {
    1167           0 :           gcry_mpi_release (array[i]);
    1168           0 :           array[i] = NULL;
    1169             :         }
    1170             :     }
    1171           0 :   return err;
    1172             : }
    1173             : 
    1174             : 
    1175             : /* Extract key parameters from SEXP and store them in ARRAY.  ELEMS is
    1176             :    a string where each character denotes a parameter name.  TOPNAME is
    1177             :    the name of the top element above the elements.  */
    1178             : static int
    1179           5 : key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
    1180             :                const char *topname, const char *elems)
    1181             : {
    1182             :   gcry_sexp_t list, l2;
    1183             :   const char *s;
    1184             :   int i, idx;
    1185           5 :   int rc = 0;
    1186             : 
    1187           5 :   list = gcry_sexp_find_token (sexp, topname, 0);
    1188           5 :   if (!list)
    1189           0 :     return gpg_error (GPG_ERR_INV_OBJ);
    1190           5 :   l2 = gcry_sexp_cadr (list);
    1191           5 :   gcry_sexp_release (list);
    1192           5 :   list = l2;
    1193           5 :   if (!list)
    1194           0 :     return gpg_error (GPG_ERR_NO_OBJ);
    1195             : 
    1196          18 :   for (idx=0,s=elems; *s; s++, idx++)
    1197             :     {
    1198          13 :       l2 = gcry_sexp_find_token (list, s, 1);
    1199          13 :       if (!l2)
    1200             :         {
    1201           0 :           rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */
    1202           0 :           goto leave;
    1203             :         }
    1204          13 :       array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
    1205          13 :       gcry_sexp_release (l2);
    1206          13 :       if (!array[idx])
    1207             :         {
    1208           0 :           rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
    1209           0 :           goto leave;
    1210             :         }
    1211             :     }
    1212           5 :   gcry_sexp_release (list);
    1213             : 
    1214             :  leave:
    1215           5 :   if (rc)
    1216             :     {
    1217           0 :       for (i=0; i<idx; i++)
    1218             :         {
    1219           0 :           gcry_mpi_release (array[i]);
    1220           0 :           array[i] = NULL;
    1221             :         }
    1222           0 :       gcry_sexp_release (list);
    1223             :     }
    1224           5 :   return rc;
    1225             : }
    1226             : 
    1227             : 
    1228             : /* Create a keyblock using the given KEYGRIP.  ALGO is the OpenPGP
    1229             :    algorithm of that keygrip.  */
    1230             : static int
    1231           0 : do_create_from_keygrip (ctrl_t ctrl, int algo, const char *hexkeygrip,
    1232             :                         kbnode_t pub_root, u32 timestamp, u32 expireval,
    1233             :                         int is_subkey)
    1234             : {
    1235             :   int err;
    1236             :   PACKET *pkt;
    1237             :   PKT_public_key *pk;
    1238             :   gcry_sexp_t s_key;
    1239             :   const char *algoelem;
    1240             : 
    1241           0 :   if (hexkeygrip[0] == '&')
    1242           0 :     hexkeygrip++;
    1243             : 
    1244           0 :   switch (algo)
    1245             :     {
    1246           0 :     case PUBKEY_ALGO_RSA:       algoelem = "ne"; break;
    1247           0 :     case PUBKEY_ALGO_DSA:       algoelem = "pqgy"; break;
    1248           0 :     case PUBKEY_ALGO_ELGAMAL_E: algoelem = "pgy"; break;
    1249             :     case PUBKEY_ALGO_ECDH:
    1250           0 :     case PUBKEY_ALGO_ECDSA:     algoelem = ""; break;
    1251           0 :     case PUBKEY_ALGO_EDDSA:     algoelem = ""; break;
    1252           0 :     default: return gpg_error (GPG_ERR_INTERNAL);
    1253             :     }
    1254             : 
    1255             : 
    1256             :   /* Ask the agent for the public key matching HEXKEYGRIP.  */
    1257             :   {
    1258             :     unsigned char *public;
    1259             : 
    1260           0 :     err = agent_readkey (ctrl, 0, hexkeygrip, &public);
    1261           0 :     if (err)
    1262           0 :       return err;
    1263           0 :     err = gcry_sexp_sscan (&s_key, NULL,
    1264             :                            public, gcry_sexp_canon_len (public, 0, NULL, NULL));
    1265           0 :     xfree (public);
    1266           0 :     if (err)
    1267           0 :       return err;
    1268             :   }
    1269             : 
    1270             :   /* Build a public key packet.  */
    1271           0 :   pk = xtrycalloc (1, sizeof *pk);
    1272           0 :   if (!pk)
    1273             :     {
    1274           0 :       err = gpg_error_from_syserror ();
    1275           0 :       gcry_sexp_release (s_key);
    1276           0 :       return err;
    1277             :     }
    1278             : 
    1279           0 :   pk->timestamp = timestamp;
    1280           0 :   pk->version = 4;
    1281           0 :   if (expireval)
    1282           0 :     pk->expiredate = pk->timestamp + expireval;
    1283           0 :   pk->pubkey_algo = algo;
    1284             : 
    1285           0 :   if (algo == PUBKEY_ALGO_ECDSA
    1286           0 :       || algo == PUBKEY_ALGO_EDDSA
    1287           0 :       || algo == PUBKEY_ALGO_ECDH )
    1288           0 :     err = ecckey_from_sexp (pk->pkey, s_key, algo);
    1289             :   else
    1290           0 :     err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
    1291           0 :   if (err)
    1292             :     {
    1293           0 :       log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
    1294           0 :       gcry_sexp_release (s_key);
    1295           0 :       free_public_key (pk);
    1296           0 :       return err;
    1297             :     }
    1298           0 :   gcry_sexp_release (s_key);
    1299             : 
    1300           0 :   pkt = xtrycalloc (1, sizeof *pkt);
    1301           0 :   if (!pkt)
    1302             :     {
    1303           0 :       err = gpg_error_from_syserror ();
    1304           0 :       free_public_key (pk);
    1305           0 :       return err;
    1306             :     }
    1307             : 
    1308           0 :   pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
    1309           0 :   pkt->pkt.public_key = pk;
    1310           0 :   add_kbnode (pub_root, new_kbnode (pkt));
    1311             : 
    1312           0 :   return 0;
    1313             : }
    1314             : 
    1315             : 
    1316             : /* Common code for the key generation function gen_xxx.  */
    1317             : static int
    1318           5 : common_gen (const char *keyparms, int algo, const char *algoelem,
    1319             :             kbnode_t pub_root, u32 timestamp, u32 expireval, int is_subkey,
    1320             :             int keygen_flags, const char *passphrase,
    1321             :             char **cache_nonce_addr, char **passwd_nonce_addr)
    1322             : {
    1323             :   int err;
    1324             :   PACKET *pkt;
    1325             :   PKT_public_key *pk;
    1326             :   gcry_sexp_t s_key;
    1327             : 
    1328           5 :   err = agent_genkey (NULL, cache_nonce_addr, passwd_nonce_addr, keyparms,
    1329           5 :                       !!(keygen_flags & KEYGEN_FLAG_NO_PROTECTION),
    1330             :                       passphrase,
    1331             :                       &s_key);
    1332           5 :   if (err)
    1333             :     {
    1334           0 :       log_error ("agent_genkey failed: %s\n", gpg_strerror (err) );
    1335           0 :       return err;
    1336             :     }
    1337             : 
    1338           5 :   pk = xtrycalloc (1, sizeof *pk);
    1339           5 :   if (!pk)
    1340             :     {
    1341           0 :       err = gpg_error_from_syserror ();
    1342           0 :       gcry_sexp_release (s_key);
    1343           0 :       return err;
    1344             :     }
    1345             : 
    1346           5 :   pk->timestamp = timestamp;
    1347           5 :   pk->version = 4;
    1348           5 :   if (expireval)
    1349           3 :     pk->expiredate = pk->timestamp + expireval;
    1350           5 :   pk->pubkey_algo = algo;
    1351             : 
    1352           5 :   if (algo == PUBKEY_ALGO_ECDSA
    1353           5 :       || algo == PUBKEY_ALGO_EDDSA
    1354           5 :       || algo == PUBKEY_ALGO_ECDH )
    1355           0 :     err = ecckey_from_sexp (pk->pkey, s_key, algo);
    1356             :   else
    1357           5 :     err = key_from_sexp (pk->pkey, s_key, "public-key", algoelem);
    1358           5 :   if (err)
    1359             :     {
    1360           0 :       log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
    1361           0 :       gcry_sexp_release (s_key);
    1362           0 :       free_public_key (pk);
    1363           0 :       return err;
    1364             :     }
    1365           5 :   gcry_sexp_release (s_key);
    1366             : 
    1367           5 :   pkt = xtrycalloc (1, sizeof *pkt);
    1368           5 :   if (!pkt)
    1369             :     {
    1370           0 :       err = gpg_error_from_syserror ();
    1371           0 :       free_public_key (pk);
    1372           0 :       return err;
    1373             :     }
    1374             : 
    1375           5 :   pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
    1376           5 :   pkt->pkt.public_key = pk;
    1377           5 :   add_kbnode (pub_root, new_kbnode (pkt));
    1378             : 
    1379           5 :   return 0;
    1380             : }
    1381             : 
    1382             : 
    1383             : /*
    1384             :  * Generate an Elgamal key.
    1385             :  */
    1386             : static int
    1387           1 : gen_elg (int algo, unsigned int nbits, KBNODE pub_root,
    1388             :          u32 timestamp, u32 expireval, int is_subkey,
    1389             :          int keygen_flags, const char *passphrase,
    1390             :          char **cache_nonce_addr, char **passwd_nonce_addr)
    1391             : {
    1392             :   int err;
    1393             :   char *keyparms;
    1394             :   char nbitsstr[35];
    1395             : 
    1396           1 :   log_assert (is_ELGAMAL (algo));
    1397             : 
    1398           1 :   if (nbits < 1024)
    1399             :     {
    1400           0 :       nbits = 2048;
    1401           0 :       log_info (_("keysize invalid; using %u bits\n"), nbits );
    1402             :     }
    1403           1 :   else if (nbits > 4096)
    1404             :     {
    1405           0 :       nbits = 4096;
    1406           0 :       log_info (_("keysize invalid; using %u bits\n"), nbits );
    1407             :     }
    1408             : 
    1409           1 :   if ((nbits % 32))
    1410             :     {
    1411           0 :       nbits = ((nbits + 31) / 32) * 32;
    1412           0 :       log_info (_("keysize rounded up to %u bits\n"), nbits );
    1413             :     }
    1414             : 
    1415             :   /* Note that we use transient-key only if no-protection has also
    1416             :      been enabled.  */
    1417           1 :   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
    1418           2 :   keyparms = xtryasprintf ("(genkey(%s(nbits %zu:%s)%s))",
    1419             :                            algo == GCRY_PK_ELG_E ? "openpgp-elg" :
    1420           0 :                            algo == GCRY_PK_ELG   ? "elg" : "x-oops" ,
    1421             :                            strlen (nbitsstr), nbitsstr,
    1422           1 :                            ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1423           1 :                             && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1424             :                            "(transient-key)" : "" );
    1425           1 :   if (!keyparms)
    1426           0 :     err = gpg_error_from_syserror ();
    1427             :   else
    1428             :     {
    1429           1 :       err = common_gen (keyparms, algo, "pgy",
    1430             :                         pub_root, timestamp, expireval, is_subkey,
    1431             :                         keygen_flags, passphrase,
    1432             :                         cache_nonce_addr, passwd_nonce_addr);
    1433           1 :       xfree (keyparms);
    1434             :     }
    1435             : 
    1436           1 :   return err;
    1437             : }
    1438             : 
    1439             : 
    1440             : /*
    1441             :  * Generate an DSA key
    1442             :  */
    1443             : static gpg_error_t
    1444           1 : gen_dsa (unsigned int nbits, KBNODE pub_root,
    1445             :          u32 timestamp, u32 expireval, int is_subkey,
    1446             :          int keygen_flags, const char *passphrase,
    1447             :          char **cache_nonce_addr, char **passwd_nonce_addr)
    1448             : {
    1449             :   int err;
    1450             :   unsigned int qbits;
    1451             :   char *keyparms;
    1452             :   char nbitsstr[35];
    1453             :   char qbitsstr[35];
    1454             : 
    1455           1 :   if (nbits < 768)
    1456             :     {
    1457           0 :       nbits = 2048;
    1458           0 :       log_info(_("keysize invalid; using %u bits\n"), nbits );
    1459             :     }
    1460           1 :   else if ( nbits > 3072 )
    1461             :     {
    1462           0 :       nbits = 3072;
    1463           0 :       log_info(_("keysize invalid; using %u bits\n"), nbits );
    1464             :     }
    1465             : 
    1466           1 :   if( (nbits % 64) )
    1467             :     {
    1468           0 :       nbits = ((nbits + 63) / 64) * 64;
    1469           0 :       log_info(_("keysize rounded up to %u bits\n"), nbits );
    1470             :     }
    1471             : 
    1472             :   /* To comply with FIPS rules we round up to the next value unless in
    1473             :      expert mode.  */
    1474           1 :   if (!opt.expert && nbits > 1024 && (nbits % 1024))
    1475             :     {
    1476           0 :       nbits = ((nbits + 1023) / 1024) * 1024;
    1477           0 :       log_info(_("keysize rounded up to %u bits\n"), nbits );
    1478             :     }
    1479             : 
    1480             :   /*
    1481             :     Figure out a q size based on the key size.  FIPS 180-3 says:
    1482             : 
    1483             :     L = 1024, N = 160
    1484             :     L = 2048, N = 224
    1485             :     L = 2048, N = 256
    1486             :     L = 3072, N = 256
    1487             : 
    1488             :     2048/256 is an odd pair since there is also a 2048/224 and
    1489             :     3072/256.  Matching sizes is not a very exact science.
    1490             : 
    1491             :     We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
    1492             :     but less than 2048, and 160 for 1024 (DSA1).
    1493             :   */
    1494             : 
    1495           1 :   if (nbits > 2047)
    1496           0 :     qbits = 256;
    1497           1 :   else if ( nbits > 1024)
    1498           0 :     qbits = 224;
    1499             :   else
    1500           1 :     qbits = 160;
    1501             : 
    1502           1 :   if (qbits != 160 )
    1503           0 :     log_info (_("WARNING: some OpenPGP programs can't"
    1504             :                 " handle a DSA key with this digest size\n"));
    1505             : 
    1506           1 :   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
    1507           1 :   snprintf (qbitsstr, sizeof qbitsstr, "%u", qbits);
    1508           2 :   keyparms = xtryasprintf ("(genkey(dsa(nbits %zu:%s)(qbits %zu:%s)%s))",
    1509             :                            strlen (nbitsstr), nbitsstr,
    1510             :                            strlen (qbitsstr), qbitsstr,
    1511           1 :                            ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1512           1 :                             && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1513             :                            "(transient-key)" : "" );
    1514           1 :   if (!keyparms)
    1515           0 :     err = gpg_error_from_syserror ();
    1516             :   else
    1517             :     {
    1518           1 :       err = common_gen (keyparms, PUBKEY_ALGO_DSA, "pqgy",
    1519             :                         pub_root, timestamp, expireval, is_subkey,
    1520             :                         keygen_flags, passphrase,
    1521             :                         cache_nonce_addr, passwd_nonce_addr);
    1522           1 :       xfree (keyparms);
    1523             :     }
    1524             : 
    1525           1 :   return err;
    1526             : }
    1527             : 
    1528             : 
    1529             : 
    1530             : /*
    1531             :  * Generate an ECC key
    1532             :  */
    1533             : static gpg_error_t
    1534           0 : gen_ecc (int algo, const char *curve, kbnode_t pub_root,
    1535             :          u32 timestamp, u32 expireval, int is_subkey,
    1536             :          int keygen_flags, const char *passphrase,
    1537             :          char **cache_nonce_addr, char **passwd_nonce_addr)
    1538             : {
    1539             :   gpg_error_t err;
    1540             :   char *keyparms;
    1541             : 
    1542           0 :   log_assert (algo == PUBKEY_ALGO_ECDSA
    1543             :               || algo == PUBKEY_ALGO_EDDSA
    1544             :               || algo == PUBKEY_ALGO_ECDH);
    1545             : 
    1546           0 :   if (!curve || !*curve)
    1547           0 :     return gpg_error (GPG_ERR_UNKNOWN_CURVE);
    1548             : 
    1549             :   /* Note that we use the "comp" flag with EdDSA to request the use of
    1550             :      a 0x40 compression prefix octet.  */
    1551           0 :   if (algo == PUBKEY_ALGO_EDDSA)
    1552           0 :     keyparms = xtryasprintf
    1553             :       ("(genkey(ecc(curve %zu:%s)(flags eddsa comp%s)))",
    1554             :        strlen (curve), curve,
    1555           0 :        (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1556           0 :          && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1557             :         " transient-key" : ""));
    1558           0 :   else if (algo == PUBKEY_ALGO_ECDH && !strcmp (curve, "Curve25519"))
    1559           0 :     keyparms = xtryasprintf
    1560             :       ("(genkey(ecc(curve %zu:%s)(flags djb-tweak comp%s)))",
    1561             :        strlen (curve), curve,
    1562           0 :        (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1563           0 :          && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1564             :         " transient-key" : ""));
    1565             :   else
    1566           0 :     keyparms = xtryasprintf
    1567             :       ("(genkey(ecc(curve %zu:%s)(flags nocomp%s)))",
    1568             :        strlen (curve), curve,
    1569           0 :        (((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1570           0 :          && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1571             :         " transient-key" : ""));
    1572             : 
    1573           0 :   if (!keyparms)
    1574           0 :     err = gpg_error_from_syserror ();
    1575             :   else
    1576             :     {
    1577           0 :       err = common_gen (keyparms, algo, "",
    1578             :                         pub_root, timestamp, expireval, is_subkey,
    1579             :                         keygen_flags, passphrase,
    1580             :                         cache_nonce_addr, passwd_nonce_addr);
    1581           0 :       xfree (keyparms);
    1582             :     }
    1583             : 
    1584           0 :   return err;
    1585             : }
    1586             : 
    1587             : 
    1588             : /*
    1589             :  * Generate an RSA key.
    1590             :  */
    1591             : static int
    1592           3 : gen_rsa (int algo, unsigned int nbits, KBNODE pub_root,
    1593             :          u32 timestamp, u32 expireval, int is_subkey,
    1594             :          int keygen_flags, const char *passphrase,
    1595             :          char **cache_nonce_addr, char **passwd_nonce_addr)
    1596             : {
    1597             :   int err;
    1598             :   char *keyparms;
    1599             :   char nbitsstr[35];
    1600           3 :   const unsigned maxsize = (opt.flags.large_rsa ? 8192 : 4096);
    1601             : 
    1602           3 :   log_assert (is_RSA(algo));
    1603             : 
    1604           3 :   if (!nbits)
    1605           0 :     nbits = DEFAULT_STD_KEYSIZE;
    1606             : 
    1607           3 :   if (nbits < 1024)
    1608             :     {
    1609           0 :       nbits = 2048;
    1610           0 :       log_info (_("keysize invalid; using %u bits\n"), nbits );
    1611             :     }
    1612           3 :   else if (nbits > maxsize)
    1613             :     {
    1614           0 :       nbits = maxsize;
    1615           0 :       log_info (_("keysize invalid; using %u bits\n"), nbits );
    1616             :     }
    1617             : 
    1618           3 :   if ((nbits % 32))
    1619             :     {
    1620           0 :       nbits = ((nbits + 31) / 32) * 32;
    1621           0 :       log_info (_("keysize rounded up to %u bits\n"), nbits );
    1622             :     }
    1623             : 
    1624           3 :   snprintf (nbitsstr, sizeof nbitsstr, "%u", nbits);
    1625           4 :   keyparms = xtryasprintf ("(genkey(rsa(nbits %zu:%s)%s))",
    1626             :                            strlen (nbitsstr), nbitsstr,
    1627           3 :                            ((keygen_flags & KEYGEN_FLAG_TRANSIENT_KEY)
    1628           1 :                             && (keygen_flags & KEYGEN_FLAG_NO_PROTECTION))?
    1629             :                            "(transient-key)" : "" );
    1630           3 :   if (!keyparms)
    1631           0 :     err = gpg_error_from_syserror ();
    1632             :   else
    1633             :     {
    1634           3 :       err = common_gen (keyparms, algo, "ne",
    1635             :                         pub_root, timestamp, expireval, is_subkey,
    1636             :                         keygen_flags, passphrase,
    1637             :                         cache_nonce_addr, passwd_nonce_addr);
    1638           3 :       xfree (keyparms);
    1639             :     }
    1640             : 
    1641           3 :   return err;
    1642             : }
    1643             : 
    1644             : 
    1645             : /****************
    1646             :  * check valid days:
    1647             :  * return 0 on error or the multiplier
    1648             :  */
    1649             : static int
    1650         133 : check_valid_days( const char *s )
    1651             : {
    1652         133 :     if( !digitp(s) )
    1653           0 :         return 0;
    1654         133 :     for( s++; *s; s++)
    1655           0 :         if( !digitp(s) )
    1656             :             break;
    1657         133 :     if( !*s )
    1658         133 :         return 1;
    1659           0 :     if( s[1] )
    1660           0 :         return 0; /* e.g. "2323wc" */
    1661           0 :     if( *s == 'd' || *s == 'D' )
    1662           0 :         return 1;
    1663           0 :     if( *s == 'w' || *s == 'W' )
    1664           0 :         return 7;
    1665           0 :     if( *s == 'm' || *s == 'M' )
    1666           0 :         return 30;
    1667           0 :     if( *s == 'y' || *s == 'Y' )
    1668           0 :         return 365;
    1669           0 :     return 0;
    1670             : }
    1671             : 
    1672             : 
    1673             : static void
    1674           0 : print_key_flags(int flags)
    1675             : {
    1676           0 :   if(flags&PUBKEY_USAGE_SIG)
    1677           0 :     tty_printf("%s ",_("Sign"));
    1678             : 
    1679           0 :   if(flags&PUBKEY_USAGE_CERT)
    1680           0 :     tty_printf("%s ",_("Certify"));
    1681             : 
    1682           0 :   if(flags&PUBKEY_USAGE_ENC)
    1683           0 :     tty_printf("%s ",_("Encrypt"));
    1684             : 
    1685           0 :   if(flags&PUBKEY_USAGE_AUTH)
    1686           0 :     tty_printf("%s ",_("Authenticate"));
    1687           0 : }
    1688             : 
    1689             : 
    1690             : /* Ask for the key flags and return them.  CURRENT gives the current
    1691             :  * usage which should normally be given as 0. */
    1692             : unsigned int
    1693           0 : ask_key_flags (int algo, int subkey, unsigned int current)
    1694             : {
    1695             :   /* TRANSLATORS: Please use only plain ASCII characters for the
    1696             :      translation.  If this is not possible use single digits.  The
    1697             :      string needs to 8 bytes long. Here is a description of the
    1698             :      functions:
    1699             : 
    1700             :        s = Toggle signing capability
    1701             :        e = Toggle encryption capability
    1702             :        a = Toggle authentication capability
    1703             :        q = Finish
    1704             :   */
    1705           0 :   const char *togglers = _("SsEeAaQq");
    1706           0 :   char *answer = NULL;
    1707             :   const char *s;
    1708           0 :   unsigned int possible = openpgp_pk_algo_usage(algo);
    1709             : 
    1710           0 :   if ( strlen(togglers) != 8 )
    1711             :     {
    1712           0 :       tty_printf ("NOTE: Bad translation at %s:%d. "
    1713             :                   "Please report.\n", __FILE__, __LINE__);
    1714           0 :       togglers = "11223300";
    1715             :     }
    1716             : 
    1717             :   /* Only primary keys may certify. */
    1718           0 :   if(subkey)
    1719           0 :     possible&=~PUBKEY_USAGE_CERT;
    1720             : 
    1721             :   /* Preload the current set with the possible set, minus
    1722             :      authentication if CURRENT has been given as 0.  If CURRENT has
    1723             :      been has non-zero we mask with all possible usages. */
    1724           0 :   if (current)
    1725           0 :     current &= possible;
    1726             :   else
    1727           0 :     current = (possible&~PUBKEY_USAGE_AUTH);
    1728             : 
    1729             :   for(;;)
    1730             :     {
    1731           0 :       tty_printf("\n");
    1732           0 :       tty_printf(_("Possible actions for a %s key: "),
    1733             :                  (algo == PUBKEY_ALGO_ECDSA
    1734           0 :                   || algo == PUBKEY_ALGO_EDDSA)
    1735           0 :                  ? "ECDSA/EdDSA" : openpgp_pk_algo_name (algo));
    1736           0 :       print_key_flags(possible);
    1737           0 :       tty_printf("\n");
    1738           0 :       tty_printf(_("Current allowed actions: "));
    1739           0 :       print_key_flags(current);
    1740           0 :       tty_printf("\n\n");
    1741             : 
    1742           0 :       if(possible&PUBKEY_USAGE_SIG)
    1743           0 :         tty_printf(_("   (%c) Toggle the sign capability\n"),
    1744           0 :                    togglers[0]);
    1745           0 :       if(possible&PUBKEY_USAGE_ENC)
    1746           0 :         tty_printf(_("   (%c) Toggle the encrypt capability\n"),
    1747           0 :                    togglers[2]);
    1748           0 :       if(possible&PUBKEY_USAGE_AUTH)
    1749           0 :         tty_printf(_("   (%c) Toggle the authenticate capability\n"),
    1750           0 :                    togglers[4]);
    1751             : 
    1752           0 :       tty_printf(_("   (%c) Finished\n"),togglers[6]);
    1753           0 :       tty_printf("\n");
    1754             : 
    1755           0 :       xfree(answer);
    1756           0 :       answer = cpr_get("keygen.flags",_("Your selection? "));
    1757           0 :       cpr_kill_prompt();
    1758             : 
    1759           0 :       if (*answer == '=')
    1760             :         {
    1761             :           /* Hack to allow direct entry of the capabilities.  */
    1762           0 :           current = 0;
    1763           0 :           for (s=answer+1; *s; s++)
    1764             :             {
    1765           0 :               if ((*s == 's' || *s == 'S') && (possible&PUBKEY_USAGE_SIG))
    1766           0 :                 current |= PUBKEY_USAGE_SIG;
    1767           0 :               else if ((*s == 'e' || *s == 'E') && (possible&PUBKEY_USAGE_ENC))
    1768           0 :                 current |= PUBKEY_USAGE_ENC;
    1769           0 :               else if ((*s == 'a' || *s == 'A') && (possible&PUBKEY_USAGE_AUTH))
    1770           0 :                 current |= PUBKEY_USAGE_AUTH;
    1771           0 :               else if (!subkey && *s == 'c')
    1772             :                 {
    1773             :                   /* Accept 'c' for the primary key because USAGE_CERT
    1774             :                      will will be set anyway.  This is for folks who
    1775             :                      want to experiment with a cert-only primary key.  */
    1776           0 :                   current |= PUBKEY_USAGE_CERT;
    1777             :                 }
    1778             :             }
    1779           0 :           break;
    1780             :         }
    1781           0 :       else if (strlen(answer)>1)
    1782           0 :         tty_printf(_("Invalid selection.\n"));
    1783           0 :       else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
    1784             :         break;
    1785           0 :       else if((*answer==togglers[0] || *answer==togglers[1])
    1786           0 :               && possible&PUBKEY_USAGE_SIG)
    1787             :         {
    1788           0 :           if(current&PUBKEY_USAGE_SIG)
    1789           0 :             current&=~PUBKEY_USAGE_SIG;
    1790             :           else
    1791           0 :             current|=PUBKEY_USAGE_SIG;
    1792             :         }
    1793           0 :       else if((*answer==togglers[2] || *answer==togglers[3])
    1794           0 :               && possible&PUBKEY_USAGE_ENC)
    1795             :         {
    1796           0 :           if(current&PUBKEY_USAGE_ENC)
    1797           0 :             current&=~PUBKEY_USAGE_ENC;
    1798             :           else
    1799           0 :             current|=PUBKEY_USAGE_ENC;
    1800             :         }
    1801           0 :       else if((*answer==togglers[4] || *answer==togglers[5])
    1802           0 :               && possible&PUBKEY_USAGE_AUTH)
    1803             :         {
    1804           0 :           if(current&PUBKEY_USAGE_AUTH)
    1805           0 :             current&=~PUBKEY_USAGE_AUTH;
    1806             :           else
    1807           0 :             current|=PUBKEY_USAGE_AUTH;
    1808             :         }
    1809             :       else
    1810           0 :         tty_printf(_("Invalid selection.\n"));
    1811           0 :     }
    1812             : 
    1813           0 :   xfree(answer);
    1814             : 
    1815           0 :   return current;
    1816             : }
    1817             : 
    1818             : 
    1819             : /* Check whether we have a key for the key with HEXGRIP.  Returns 0 if
    1820             :    there is no such key or the OpenPGP algo number for the key.  */
    1821             : static int
    1822           0 : check_keygrip (ctrl_t ctrl, const char *hexgrip)
    1823             : {
    1824             :   gpg_error_t err;
    1825             :   unsigned char *public;
    1826             :   size_t publiclen;
    1827             :   const char *algostr;
    1828             : 
    1829           0 :   if (hexgrip[0] == '&')
    1830           0 :     hexgrip++;
    1831             : 
    1832           0 :   err = agent_readkey (ctrl, 0, hexgrip, &public);
    1833           0 :   if (err)
    1834           0 :     return 0;
    1835           0 :   publiclen = gcry_sexp_canon_len (public, 0, NULL, NULL);
    1836             : 
    1837           0 :   get_pk_algo_from_canon_sexp (public, publiclen, &algostr);
    1838           0 :   xfree (public);
    1839             : 
    1840             :   /* FIXME: Mapping of ECC algorithms is probably not correct. */
    1841           0 :   if (!algostr)
    1842           0 :     return 0;
    1843           0 :   else if (!strcmp (algostr, "rsa"))
    1844           0 :     return PUBKEY_ALGO_RSA;
    1845           0 :   else if (!strcmp (algostr, "dsa"))
    1846           0 :     return PUBKEY_ALGO_DSA;
    1847           0 :   else if (!strcmp (algostr, "elg"))
    1848           0 :     return PUBKEY_ALGO_ELGAMAL_E;
    1849           0 :   else if (!strcmp (algostr, "ecc"))
    1850           0 :     return PUBKEY_ALGO_ECDH;
    1851           0 :   else if (!strcmp (algostr, "ecdsa"))
    1852           0 :     return PUBKEY_ALGO_ECDSA;
    1853           0 :   else if (!strcmp (algostr, "eddsa"))
    1854           0 :     return PUBKEY_ALGO_EDDSA;
    1855             :   else
    1856           0 :     return 0;
    1857             : }
    1858             : 
    1859             : 
    1860             : 
    1861             : /* Ask for an algorithm.  The function returns the algorithm id to
    1862             :  * create. If ADDMODE is false the function won't show an option to
    1863             :  * create the primary and subkey combined and won't set R_USAGE
    1864             :  * either.  If a combined algorithm has been selected, the subkey
    1865             :  * algorithm is stored at R_SUBKEY_ALGO.  If R_KEYGRIP is given, the
    1866             :  * user has the choice to enter the keygrip of an existing key.  That
    1867             :  * keygrip is then stored at this address.  The caller needs to free
    1868             :  * it. */
    1869             : static int
    1870           0 : ask_algo (ctrl_t ctrl, int addmode, int *r_subkey_algo, unsigned int *r_usage,
    1871             :           char **r_keygrip)
    1872             : {
    1873           0 :   char *keygrip = NULL;
    1874           0 :   char *answer = NULL;
    1875             :   int algo;
    1876             :   int dummy_algo;
    1877             : 
    1878           0 :   if (!r_subkey_algo)
    1879           0 :     r_subkey_algo = &dummy_algo;
    1880             : 
    1881           0 :   tty_printf (_("Please select what kind of key you want:\n"));
    1882             : 
    1883             : #if GPG_USE_RSA
    1884           0 :   if (!addmode)
    1885           0 :     tty_printf (_("   (%d) RSA and RSA (default)\n"), 1 );
    1886             : #endif
    1887             : 
    1888           0 :   if (!addmode && opt.compliance != CO_DE_VS)
    1889           0 :     tty_printf (_("   (%d) DSA and Elgamal\n"), 2 );
    1890             : 
    1891           0 :   if (opt.compliance != CO_DE_VS)
    1892           0 :     tty_printf (_("   (%d) DSA (sign only)\n"), 3 );
    1893             : #if GPG_USE_RSA
    1894           0 :   tty_printf (_("   (%d) RSA (sign only)\n"), 4 );
    1895             : #endif
    1896             : 
    1897           0 :   if (addmode)
    1898             :     {
    1899           0 :       if (opt.compliance != CO_DE_VS)
    1900           0 :         tty_printf (_("   (%d) Elgamal (encrypt only)\n"), 5 );
    1901             : #if GPG_USE_RSA
    1902           0 :       tty_printf (_("   (%d) RSA (encrypt only)\n"), 6 );
    1903             : #endif
    1904             :     }
    1905           0 :   if (opt.expert)
    1906             :     {
    1907           0 :       if (opt.compliance != CO_DE_VS)
    1908           0 :         tty_printf (_("   (%d) DSA (set your own capabilities)\n"), 7 );
    1909             : #if GPG_USE_RSA
    1910           0 :       tty_printf (_("   (%d) RSA (set your own capabilities)\n"), 8 );
    1911             : #endif
    1912             :     }
    1913             : 
    1914             : #if GPG_USE_ECDSA || GPG_USE_ECDH || GPG_USE_EDDSA
    1915           0 :   if (opt.expert && !addmode)
    1916           0 :     tty_printf (_("   (%d) ECC and ECC\n"), 9 );
    1917           0 :   if (opt.expert)
    1918           0 :     tty_printf (_("  (%d) ECC (sign only)\n"), 10 );
    1919           0 :   if (opt.expert)
    1920           0 :     tty_printf (_("  (%d) ECC (set your own capabilities)\n"), 11 );
    1921           0 :   if (opt.expert && addmode)
    1922           0 :     tty_printf (_("  (%d) ECC (encrypt only)\n"), 12 );
    1923             : #endif
    1924             : 
    1925           0 :   if (opt.expert && r_keygrip)
    1926           0 :     tty_printf (_("  (%d) Existing key\n"), 13 );
    1927             : 
    1928             :   for (;;)
    1929             :     {
    1930           0 :       *r_usage = 0;
    1931           0 :       *r_subkey_algo = 0;
    1932           0 :       xfree (answer);
    1933           0 :       answer = cpr_get ("keygen.algo", _("Your selection? "));
    1934           0 :       cpr_kill_prompt ();
    1935           0 :       algo = *answer? atoi (answer) : 1;
    1936             : 
    1937           0 :       if (opt.compliance == CO_DE_VS
    1938           0 :           && (algo == 2 || algo == 3 || algo == 5 || algo == 7))
    1939             :         {
    1940           0 :           tty_printf (_("Invalid selection.\n"));
    1941             :         }
    1942           0 :       else if ((algo == 1 || !strcmp (answer, "rsa+rsa")) && !addmode)
    1943             :         {
    1944           0 :           algo = PUBKEY_ALGO_RSA;
    1945           0 :           *r_subkey_algo = PUBKEY_ALGO_RSA;
    1946           0 :           break;
    1947             :         }
    1948           0 :       else if ((algo == 2 || !strcmp (answer, "dsa+elg")) && !addmode)
    1949             :         {
    1950           0 :           algo = PUBKEY_ALGO_DSA;
    1951           0 :           *r_subkey_algo = PUBKEY_ALGO_ELGAMAL_E;
    1952           0 :           break;
    1953             :         }
    1954           0 :       else if (algo == 3 || !strcmp (answer, "dsa"))
    1955             :         {
    1956           0 :           algo = PUBKEY_ALGO_DSA;
    1957           0 :           *r_usage = PUBKEY_USAGE_SIG;
    1958           0 :           break;
    1959             :         }
    1960           0 :       else if (algo == 4 || !strcmp (answer, "rsa/s"))
    1961             :         {
    1962           0 :           algo = PUBKEY_ALGO_RSA;
    1963           0 :           *r_usage = PUBKEY_USAGE_SIG;
    1964           0 :           break;
    1965             :         }
    1966           0 :       else if ((algo == 5 || !strcmp (answer, "elg")) && addmode)
    1967             :         {
    1968           0 :           algo = PUBKEY_ALGO_ELGAMAL_E;
    1969           0 :           *r_usage = PUBKEY_USAGE_ENC;
    1970           0 :           break;
    1971             :         }
    1972           0 :       else if ((algo == 6 || !strcmp (answer, "rsa/e")) && addmode)
    1973             :         {
    1974           0 :           algo = PUBKEY_ALGO_RSA;
    1975           0 :           *r_usage = PUBKEY_USAGE_ENC;
    1976           0 :           break;
    1977             :         }
    1978           0 :       else if ((algo == 7 || !strcmp (answer, "dsa/*")) && opt.expert)
    1979             :         {
    1980           0 :           algo = PUBKEY_ALGO_DSA;
    1981           0 :           *r_usage = ask_key_flags (algo, addmode, 0);
    1982           0 :           break;
    1983             :         }
    1984           0 :       else if ((algo == 8 || !strcmp (answer, "rsa/*")) && opt.expert)
    1985             :         {
    1986           0 :           algo = PUBKEY_ALGO_RSA;
    1987           0 :           *r_usage = ask_key_flags (algo, addmode, 0);
    1988           0 :           break;
    1989             :         }
    1990           0 :       else if ((algo == 9 || !strcmp (answer, "ecc+ecc"))
    1991           0 :                && opt.expert && !addmode)
    1992             :         {
    1993           0 :           algo = PUBKEY_ALGO_ECDSA;
    1994           0 :           *r_subkey_algo = PUBKEY_ALGO_ECDH;
    1995           0 :           break;
    1996             :         }
    1997           0 :       else if ((algo == 10 || !strcmp (answer, "ecc/s")) && opt.expert)
    1998             :         {
    1999           0 :           algo = PUBKEY_ALGO_ECDSA;
    2000           0 :           *r_usage = PUBKEY_USAGE_SIG;
    2001           0 :           break;
    2002             :         }
    2003           0 :       else if ((algo == 11 || !strcmp (answer, "ecc/*")) && opt.expert)
    2004             :         {
    2005           0 :           algo = PUBKEY_ALGO_ECDSA;
    2006           0 :           *r_usage = ask_key_flags (algo, addmode, 0);
    2007           0 :           break;
    2008             :         }
    2009           0 :       else if ((algo == 12 || !strcmp (answer, "ecc/e"))
    2010           0 :                && opt.expert && addmode)
    2011             :         {
    2012           0 :           algo = PUBKEY_ALGO_ECDH;
    2013           0 :           *r_usage = PUBKEY_USAGE_ENC;
    2014           0 :           break;
    2015             :         }
    2016           0 :       else if ((algo == 13 || !strcmp (answer, "keygrip"))
    2017           0 :                && opt.expert && r_keygrip)
    2018             :         {
    2019             :           for (;;)
    2020             :             {
    2021           0 :               xfree (answer);
    2022           0 :               answer = tty_get (_("Enter the keygrip: "));
    2023           0 :               tty_kill_prompt ();
    2024           0 :               trim_spaces (answer);
    2025           0 :               if (!*answer)
    2026             :                 {
    2027           0 :                   xfree (answer);
    2028           0 :                   answer = NULL;
    2029           0 :                   continue;
    2030             :                 }
    2031             : 
    2032           0 :               if (strlen (answer) != 40 &&
    2033           0 :                        !(answer[0] == '&' && strlen (answer+1) == 40))
    2034           0 :                 tty_printf
    2035           0 :                   (_("Not a valid keygrip (expecting 40 hex digits)\n"));
    2036           0 :               else if (!(algo = check_keygrip (ctrl, answer)) )
    2037           0 :                 tty_printf (_("No key with this keygrip\n"));
    2038             :               else
    2039           0 :                 break; /* Okay.  */
    2040           0 :             }
    2041           0 :           xfree (keygrip);
    2042           0 :           keygrip = answer;
    2043           0 :           answer = NULL;
    2044           0 :           *r_usage = ask_key_flags (algo, addmode, 0);
    2045           0 :           break;
    2046             :         }
    2047             :       else
    2048           0 :         tty_printf (_("Invalid selection.\n"));
    2049             : 
    2050           0 :     }
    2051             : 
    2052           0 :   xfree(answer);
    2053           0 :   if (r_keygrip)
    2054           0 :     *r_keygrip = keygrip;
    2055           0 :   return algo;
    2056             : }
    2057             : 
    2058             : 
    2059             : static void
    2060           0 : get_keysize_range (int algo,
    2061             :                    unsigned int *min, unsigned int *def, unsigned int *max)
    2062             : {
    2063           0 :   *min = opt.compliance == CO_DE_VS ? 2048: 1024;
    2064           0 :   *def = DEFAULT_STD_KEYSIZE;
    2065           0 :   *max = 4096;
    2066             : 
    2067             :   /* Deviations from the standard values.  */
    2068           0 :   switch(algo)
    2069             :     {
    2070             :     case PUBKEY_ALGO_DSA:
    2071           0 :       *min = opt.expert? 768 : 1024;
    2072           0 :       *def=2048;
    2073           0 :       *max=3072;
    2074           0 :       break;
    2075             : 
    2076             :     case PUBKEY_ALGO_ECDSA:
    2077             :     case PUBKEY_ALGO_ECDH:
    2078           0 :       *min=256;
    2079           0 :       *def=256;
    2080           0 :       *max=521;
    2081           0 :       break;
    2082             : 
    2083             :     case PUBKEY_ALGO_EDDSA:
    2084           0 :       *min=255;
    2085           0 :       *def=255;
    2086           0 :       *max=441;
    2087           0 :       break;
    2088             :     }
    2089           0 : }
    2090             : 
    2091             : 
    2092             : /* Return a fixed up keysize depending on ALGO.  */
    2093             : static unsigned int
    2094           0 : fixup_keysize (unsigned int nbits, int algo, int silent)
    2095             : {
    2096           0 :   if (algo == PUBKEY_ALGO_DSA && (nbits % 64))
    2097             :     {
    2098           0 :       nbits = ((nbits + 63) / 64) * 64;
    2099           0 :       if (!silent)
    2100           0 :         tty_printf (_("rounded up to %u bits\n"), nbits);
    2101             :     }
    2102           0 :   else if (algo == PUBKEY_ALGO_EDDSA)
    2103             :     {
    2104           0 :       if (nbits != 255 && nbits != 441)
    2105             :         {
    2106           0 :           if (nbits < 256)
    2107           0 :             nbits = 255;
    2108             :           else
    2109           0 :             nbits = 441;
    2110           0 :           if (!silent)
    2111           0 :             tty_printf (_("rounded to %u bits\n"), nbits);
    2112             :         }
    2113             :     }
    2114           0 :   else if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
    2115             :     {
    2116           0 :       if (nbits != 256 && nbits != 384 && nbits != 521)
    2117             :         {
    2118           0 :           if (nbits < 256)
    2119           0 :             nbits = 256;
    2120           0 :           else if (nbits < 384)
    2121           0 :             nbits = 384;
    2122             :           else
    2123           0 :             nbits = 521;
    2124           0 :           if (!silent)
    2125           0 :             tty_printf (_("rounded to %u bits\n"), nbits);
    2126             :         }
    2127             :     }
    2128           0 :   else if ((nbits % 32))
    2129             :     {
    2130           0 :       nbits = ((nbits + 31) / 32) * 32;
    2131           0 :       if (!silent)
    2132           0 :         tty_printf (_("rounded up to %u bits\n"), nbits );
    2133             :     }
    2134             : 
    2135           0 :   return nbits;
    2136             : }
    2137             : 
    2138             : 
    2139             : /* Ask for the key size.  ALGO is the algorithm.  If PRIMARY_KEYSIZE
    2140             :    is not 0, the function asks for the size of the encryption
    2141             :    subkey. */
    2142             : static unsigned
    2143           0 : ask_keysize (int algo, unsigned int primary_keysize)
    2144             : {
    2145             :   unsigned int nbits;
    2146             :   unsigned int min, def, max;
    2147           0 :   int for_subkey = !!primary_keysize;
    2148           0 :   int autocomp = 0;
    2149             : 
    2150           0 :   get_keysize_range (algo, &min, &def, &max);
    2151             : 
    2152           0 :   if (primary_keysize && !opt.expert)
    2153             :     {
    2154             :       /* Deduce the subkey size from the primary key size.  */
    2155           0 :       if (algo == PUBKEY_ALGO_DSA && primary_keysize > 3072)
    2156           0 :         nbits = 3072; /* For performance reasons we don't support more
    2157             :                          than 3072 bit DSA.  However we won't see this
    2158             :                          case anyway because DSA can't be used as an
    2159             :                          encryption subkey ;-). */
    2160             :       else
    2161           0 :         nbits = primary_keysize;
    2162           0 :       autocomp = 1;
    2163           0 :       goto leave;
    2164             :     }
    2165             : 
    2166           0 :   tty_printf(_("%s keys may be between %u and %u bits long.\n"),
    2167             :              openpgp_pk_algo_name (algo), min, max);
    2168             : 
    2169             :   for (;;)
    2170             :     {
    2171             :       char *prompt, *answer;
    2172             : 
    2173           0 :       if (for_subkey)
    2174           0 :         prompt = xasprintf (_("What keysize do you want "
    2175             :                               "for the subkey? (%u) "), def);
    2176             :       else
    2177           0 :         prompt = xasprintf (_("What keysize do you want? (%u) "), def);
    2178           0 :       answer = cpr_get ("keygen.size", prompt);
    2179           0 :       cpr_kill_prompt ();
    2180           0 :       nbits = *answer? atoi (answer): def;
    2181           0 :       xfree(prompt);
    2182           0 :       xfree(answer);
    2183             : 
    2184           0 :       if(nbits<min || nbits>max)
    2185           0 :         tty_printf(_("%s keysizes must be in the range %u-%u\n"),
    2186             :                    openpgp_pk_algo_name (algo), min, max);
    2187             :       else
    2188             :         break;
    2189           0 :     }
    2190             : 
    2191           0 :   tty_printf (_("Requested keysize is %u bits\n"), nbits);
    2192             : 
    2193             :  leave:
    2194           0 :   nbits = fixup_keysize (nbits, algo, autocomp);
    2195           0 :   return nbits;
    2196             : }
    2197             : 
    2198             : 
    2199             : /* Ask for the curve.  ALGO is the selected algorithm which this
    2200             :    function may adjust.  Returns a malloced string with the name of
    2201             :    the curve.  BOTH tells that gpg creates a primary and subkey. */
    2202             : static char *
    2203           0 : ask_curve (int *algo, int *subkey_algo)
    2204             : {
    2205             :   /* NB: We always use a complete algo list so that we have stable
    2206             :      numbers in the menu regardless on how Gpg was configured.  */
    2207             :   struct {
    2208             :     const char *name;
    2209             :     const char* eddsa_curve; /* Corresponding EdDSA curve.  */
    2210             :     const char *pretty_name;
    2211             :     unsigned int supported : 1;   /* Supported by gpg.     */
    2212             :     unsigned int de_vs : 1;       /* Allowed in CO_DE_VS.  */
    2213             :     unsigned int expert_only : 1; /* Only with --expert    */
    2214             :     unsigned int available : 1;   /* Available in Libycrypt (runtime checked) */
    2215           0 :   } curves[] = {
    2216             : #if GPG_USE_ECDSA || GPG_USE_ECDH
    2217             : # define MY_USE_ECDSADH 1
    2218             : #else
    2219             : # define MY_USE_ECDSADH 0
    2220             : #endif
    2221             :     { "Curve25519",      "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 },
    2222             :     { "Curve448",        "Ed448",   "Curve 448",   0/*reserved*/  , 0, 1, 0 },
    2223             :     { "NIST P-256",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
    2224             :     { "NIST P-384",      NULL, NULL,               MY_USE_ECDSADH,  0, 0, 0 },
    2225             :     { "NIST P-521",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
    2226             :     { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 1, 0 },
    2227             :     { "brainpoolP384r1", NULL, "Brainpool P-384",  MY_USE_ECDSADH,  1, 1, 0 },
    2228             :     { "brainpoolP512r1", NULL, "Brainpool P-512",  MY_USE_ECDSADH,  1, 1, 0 },
    2229             :     { "secp256k1",       NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
    2230             :   };
    2231             : #undef MY_USE_ECDSADH
    2232             :   int idx;
    2233             :   char *answer;
    2234           0 :   char *result = NULL;
    2235             :   gcry_sexp_t keyparms;
    2236             : 
    2237           0 :   tty_printf (_("Please select which elliptic curve you want:\n"));
    2238             : 
    2239           0 :   keyparms = NULL;
    2240           0 :   for (idx=0; idx < DIM(curves); idx++)
    2241             :     {
    2242             :       int rc;
    2243             : 
    2244           0 :       curves[idx].available = 0;
    2245           0 :       if (!curves[idx].supported)
    2246           0 :         continue;
    2247             : 
    2248           0 :       if (opt.compliance==CO_DE_VS)
    2249             :         {
    2250           0 :           if (!curves[idx].de_vs)
    2251           0 :             continue; /* Not allowed.  */
    2252             :         }
    2253           0 :       else if (!opt.expert && curves[idx].expert_only)
    2254           0 :         continue;
    2255             : 
    2256             :       /* We need to switch from the ECDH name of the curve to the
    2257             :          EDDSA name of the curve if we want a signing key.  */
    2258           0 :       gcry_sexp_release (keyparms);
    2259           0 :       rc = gcry_sexp_build (&keyparms, NULL,
    2260             :                             "(public-key(ecc(curve %s)))",
    2261           0 :                             curves[idx].eddsa_curve? curves[idx].eddsa_curve
    2262             :                             /**/                   : curves[idx].name);
    2263           0 :       if (rc)
    2264           0 :         continue;
    2265           0 :       if (!gcry_pk_get_curve (keyparms, 0, NULL))
    2266           0 :         continue;
    2267           0 :       if (subkey_algo && curves[idx].eddsa_curve)
    2268             :         {
    2269             :           /* Both Curve 25519 (or 448) keys are to be created.  Check that
    2270             :              Libgcrypt also supports the real Curve25519 (or 448).  */
    2271           0 :           gcry_sexp_release (keyparms);
    2272           0 :           rc = gcry_sexp_build (&keyparms, NULL,
    2273             :                                 "(public-key(ecc(curve %s)))",
    2274             :                                  curves[idx].name);
    2275           0 :           if (rc)
    2276           0 :             continue;
    2277           0 :           if (!gcry_pk_get_curve (keyparms, 0, NULL))
    2278           0 :             continue;
    2279             :         }
    2280             : 
    2281           0 :       curves[idx].available = 1;
    2282           0 :       tty_printf ("   (%d) %s\n", idx + 1,
    2283           0 :                   curves[idx].pretty_name?
    2284             :                   curves[idx].pretty_name:curves[idx].name);
    2285             :     }
    2286           0 :   gcry_sexp_release (keyparms);
    2287             : 
    2288             : 
    2289             :   for (;;)
    2290             :     {
    2291           0 :       answer = cpr_get ("keygen.curve", _("Your selection? "));
    2292           0 :       cpr_kill_prompt ();
    2293           0 :       idx = *answer? atoi (answer) : 1;
    2294           0 :       if (*answer && !idx)
    2295             :         {
    2296             :           /* See whether the user entered the name of the curve.  */
    2297           0 :           for (idx=0; idx < DIM(curves); idx++)
    2298             :             {
    2299           0 :               if (!opt.expert && curves[idx].expert_only)
    2300           0 :                 continue;
    2301           0 :               if (!stricmp (curves[idx].name, answer)
    2302           0 :                   || (curves[idx].pretty_name
    2303           0 :                       && !stricmp (curves[idx].pretty_name, answer)))
    2304             :                 break;
    2305             :             }
    2306           0 :           if (idx == DIM(curves))
    2307           0 :             idx = -1;
    2308             :         }
    2309             :       else
    2310           0 :         idx--;
    2311           0 :       xfree(answer);
    2312           0 :       answer = NULL;
    2313           0 :       if (idx < 0 || idx >= DIM (curves) || !curves[idx].available)
    2314           0 :         tty_printf (_("Invalid selection.\n"));
    2315             :       else
    2316             :         {
    2317             :           /* If the user selected a signing algorithm and Curve25519
    2318             :              we need to set the algo to EdDSA and update the curve name. */
    2319           0 :           if ((*algo == PUBKEY_ALGO_ECDSA || *algo == PUBKEY_ALGO_EDDSA)
    2320           0 :               && curves[idx].eddsa_curve)
    2321             :             {
    2322           0 :               if (subkey_algo && *subkey_algo == PUBKEY_ALGO_ECDSA)
    2323           0 :                 *subkey_algo = PUBKEY_ALGO_EDDSA;
    2324           0 :               *algo = PUBKEY_ALGO_EDDSA;
    2325           0 :               result = xstrdup (curves[idx].eddsa_curve);
    2326             :             }
    2327             :           else
    2328           0 :             result = xstrdup (curves[idx].name);
    2329           0 :           break;
    2330             :         }
    2331           0 :     }
    2332             : 
    2333           0 :   if (!result)
    2334           0 :     result = xstrdup (curves[0].name);
    2335             : 
    2336           0 :   return result;
    2337             : }
    2338             : 
    2339             : 
    2340             : /****************
    2341             :  * Parse an expire string and return its value in seconds.
    2342             :  * Returns (u32)-1 on error.
    2343             :  * This isn't perfect since scan_isodatestr returns unix time, and
    2344             :  * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset.
    2345             :  * Because of this, we only permit setting expirations up to 2106, but
    2346             :  * OpenPGP could theoretically allow up to 2242.  I think we'll all
    2347             :  * just cope for the next few years until we get a 64-bit time_t or
    2348             :  * similar.
    2349             :  */
    2350             : u32
    2351         133 : parse_expire_string( const char *string )
    2352             : {
    2353             :   int mult;
    2354             :   u32 seconds;
    2355         133 :   u32 abs_date = 0;
    2356         133 :   u32 curtime = make_timestamp ();
    2357             :   time_t tt;
    2358             : 
    2359         133 :   if (!string || !*string || !strcmp (string, "none")
    2360         133 :       || !strcmp (string, "never") || !strcmp (string, "-"))
    2361           0 :     seconds = 0;
    2362         133 :   else if (!strncmp (string, "seconds=", 8))
    2363           0 :     seconds = atoi (string+8);
    2364         133 :   else if ((abs_date = scan_isodatestr(string))
    2365           0 :            && (abs_date+86400/2) > curtime)
    2366           0 :     seconds = (abs_date+86400/2) - curtime;
    2367         133 :   else if ((tt = isotime2epoch (string)) != (time_t)(-1))
    2368           0 :     seconds = (u32)tt - curtime;
    2369         133 :   else if ((mult = check_valid_days (string)))
    2370         133 :     seconds = atoi (string) * 86400L * mult;
    2371             :   else
    2372           0 :     seconds = (u32)(-1);
    2373             : 
    2374         133 :   return seconds;
    2375             : }
    2376             : 
    2377             : /* Parse a Creation-Date string which is either "1986-04-26" or
    2378             :    "19860426T042640".  Returns 0 on error. */
    2379             : static u32
    2380           0 : parse_creation_string (const char *string)
    2381             : {
    2382             :   u32 seconds;
    2383             : 
    2384           0 :   if (!*string)
    2385           0 :     seconds = 0;
    2386           0 :   else if ( !strncmp (string, "seconds=", 8) )
    2387           0 :     seconds = atoi (string+8);
    2388           0 :   else if ( !(seconds = scan_isodatestr (string)))
    2389             :     {
    2390           0 :       time_t tmp = isotime2epoch (string);
    2391           0 :       seconds = (tmp == (time_t)(-1))? 0 : tmp;
    2392             :     }
    2393           0 :   return seconds;
    2394             : }
    2395             : 
    2396             : 
    2397             : /* object == 0 for a key, and 1 for a sig */
    2398             : u32
    2399           0 : ask_expire_interval(int object,const char *def_expire)
    2400             : {
    2401             :     u32 interval;
    2402             :     char *answer;
    2403             : 
    2404           0 :     switch(object)
    2405             :       {
    2406             :       case 0:
    2407           0 :         if(def_expire)
    2408           0 :           BUG();
    2409           0 :         tty_printf(_("Please specify how long the key should be valid.\n"
    2410             :                      "         0 = key does not expire\n"
    2411             :                      "      <n>  = key expires in n days\n"
    2412             :                      "      <n>w = key expires in n weeks\n"
    2413             :                      "      <n>m = key expires in n months\n"
    2414             :                      "      <n>y = key expires in n years\n"));
    2415           0 :         break;
    2416             : 
    2417             :       case 1:
    2418           0 :         if(!def_expire)
    2419           0 :           BUG();
    2420           0 :         tty_printf(_("Please specify how long the signature should be valid.\n"
    2421             :                      "         0 = signature does not expire\n"
    2422             :                      "      <n>  = signature expires in n days\n"
    2423             :                      "      <n>w = signature expires in n weeks\n"
    2424             :                      "      <n>m = signature expires in n months\n"
    2425             :                      "      <n>y = signature expires in n years\n"));
    2426           0 :         break;
    2427             : 
    2428             :       default:
    2429           0 :         BUG();
    2430             :       }
    2431             : 
    2432             :     /* Note: The elgamal subkey for DSA has no expiration date because
    2433             :      * it must be signed with the DSA key and this one has the expiration
    2434             :      * date */
    2435             : 
    2436           0 :     answer = NULL;
    2437             :     for(;;)
    2438             :       {
    2439             :         u32 curtime;
    2440             : 
    2441           0 :         xfree(answer);
    2442           0 :         if(object==0)
    2443           0 :           answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
    2444             :         else
    2445             :           {
    2446             :             char *prompt;
    2447             : 
    2448           0 :             prompt = xasprintf (_("Signature is valid for? (%s) "), def_expire);
    2449           0 :             answer = cpr_get("siggen.valid",prompt);
    2450           0 :             xfree(prompt);
    2451             : 
    2452           0 :             if(*answer=='\0')
    2453           0 :               answer=xstrdup(def_expire);
    2454             :           }
    2455           0 :         cpr_kill_prompt();
    2456           0 :         trim_spaces(answer);
    2457           0 :         curtime = make_timestamp ();
    2458           0 :         interval = parse_expire_string( answer );
    2459           0 :         if( interval == (u32)-1 )
    2460             :           {
    2461           0 :             tty_printf(_("invalid value\n"));
    2462           0 :             continue;
    2463             :           }
    2464             : 
    2465           0 :         if( !interval )
    2466             :           {
    2467           0 :             tty_printf((object==0)
    2468             :                        ? _("Key does not expire at all\n")
    2469             :                        : _("Signature does not expire at all\n"));
    2470             :           }
    2471             :         else
    2472             :           {
    2473           0 :             tty_printf(object==0
    2474             :                        ? _("Key expires at %s\n")
    2475             :                        : _("Signature expires at %s\n"),
    2476             :                        asctimestamp((ulong)(curtime + interval) ) );
    2477             : #if SIZEOF_TIME_T <= 4 && !defined (HAVE_UNSIGNED_TIME_T)
    2478             :             if ( (time_t)((ulong)(curtime+interval)) < 0 )
    2479             :               tty_printf (_("Your system can't display dates beyond 2038.\n"
    2480             :                             "However, it will be correctly handled up to"
    2481             :                             " 2106.\n"));
    2482             :             else
    2483             : #endif /*SIZEOF_TIME_T*/
    2484           0 :               if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
    2485             :                 {
    2486           0 :                   tty_printf (_("invalid value\n"));
    2487           0 :                   continue;
    2488             :                 }
    2489             :           }
    2490             : 
    2491           0 :         if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
    2492           0 :                                                    _("Is this correct? (y/N) ")) )
    2493             :           break;
    2494           0 :       }
    2495             : 
    2496           0 :     xfree(answer);
    2497           0 :     return interval;
    2498             : }
    2499             : 
    2500             : u32
    2501           0 : ask_expiredate()
    2502             : {
    2503           0 :     u32 x = ask_expire_interval(0,NULL);
    2504           0 :     return x? make_timestamp() + x : 0;
    2505             : }
    2506             : 
    2507             : 
    2508             : 
    2509             : static PKT_user_id *
    2510           2 : uid_from_string (const char *string)
    2511             : {
    2512             :   size_t n;
    2513             :   PKT_user_id *uid;
    2514             : 
    2515           2 :   n = strlen (string);
    2516           2 :   uid = xmalloc_clear (sizeof *uid + n);
    2517           2 :   uid->len = n;
    2518           2 :   strcpy (uid->name, string);
    2519           2 :   uid->ref = 1;
    2520           2 :   return uid;
    2521             : }
    2522             : 
    2523             : 
    2524             : /* Return true if the user id UID already exists in the keyblock.  */
    2525             : static int
    2526           1 : uid_already_in_keyblock (kbnode_t keyblock, const char *uid)
    2527             : {
    2528           1 :   PKT_user_id *uidpkt = uid_from_string (uid);
    2529             :   kbnode_t node;
    2530           1 :   int result = 0;
    2531             : 
    2532           6 :   for (node=keyblock; node && !result; node=node->next)
    2533           5 :     if (!is_deleted_kbnode (node)
    2534           5 :         && node->pkt->pkttype == PKT_USER_ID
    2535           1 :         && !cmp_user_ids (uidpkt, node->pkt->pkt.user_id))
    2536           0 :       result = 1;
    2537           1 :   free_user_id (uidpkt);
    2538           1 :   return result;
    2539             : }
    2540             : 
    2541             : 
    2542             : /* Ask for a user ID.  With a MODE of 1 an extra help prompt is
    2543             :    printed for use during a new key creation.  If KEYBLOCK is not NULL
    2544             :    the function prevents the creation of an already existing user
    2545             :    ID.  IF FULL is not set some prompts are not shown.  */
    2546             : static char *
    2547           0 : ask_user_id (int mode, int full, KBNODE keyblock)
    2548             : {
    2549             :     char *answer;
    2550             :     char *aname, *acomment, *amail, *uid;
    2551             : 
    2552           0 :     if ( !mode )
    2553             :       {
    2554             :         /* TRANSLATORS: This is the new string telling the user what
    2555             :            gpg is now going to do (i.e. ask for the parts of the user
    2556             :            ID).  Note that if you do not translate this string, a
    2557             :            different string will be used, which might still have
    2558             :            a correct translation.  */
    2559           0 :         const char *s1 =
    2560             :           N_("\n"
    2561             :              "GnuPG needs to construct a user ID to identify your key.\n"
    2562             :              "\n");
    2563           0 :         const char *s2 = _(s1);
    2564             : 
    2565           0 :         if (!strcmp (s1, s2))
    2566             :           {
    2567             :             /* There is no translation for the string thus we to use
    2568             :                the old info text.  gettext has no way to tell whether
    2569             :                a translation is actually available, thus we need to
    2570             :                to compare again. */
    2571             :             /* TRANSLATORS: This string is in general not anymore used
    2572             :                but you should keep your existing translation.  In case
    2573             :                the new string is not translated this old string will
    2574             :                be used. */
    2575           0 :             const char *s3 = N_("\n"
    2576             : "You need a user ID to identify your key; "
    2577             :                                         "the software constructs the user ID\n"
    2578             : "from the Real Name, Comment and Email Address in this form:\n"
    2579             : "    \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n");
    2580           0 :             const char *s4 = _(s3);
    2581           0 :             if (strcmp (s3, s4))
    2582           0 :               s2 = s3; /* A translation exists - use it. */
    2583             :           }
    2584           0 :         tty_printf ("%s", s2) ;
    2585             :       }
    2586           0 :     uid = aname = acomment = amail = NULL;
    2587             :     for(;;) {
    2588             :         char *p;
    2589           0 :         int fail=0;
    2590             : 
    2591           0 :         if( !aname ) {
    2592             :             for(;;) {
    2593           0 :                 xfree(aname);
    2594           0 :                 aname = cpr_get("keygen.name",_("Real name: "));
    2595           0 :                 trim_spaces(aname);
    2596           0 :                 cpr_kill_prompt();
    2597             : 
    2598           0 :                 if( opt.allow_freeform_uid )
    2599           0 :                     break;
    2600             : 
    2601           0 :                 if( strpbrk( aname, "<>" ) )
    2602             :                   {
    2603           0 :                     tty_printf(_("Invalid character in name\n"));
    2604           0 :                     tty_printf(_("The characters '%s' and '%s' may not "
    2605             :                                  "appear in name\n"), "<", ">");
    2606             :                   }
    2607           0 :                 else if( digitp(aname) )
    2608           0 :                     tty_printf(_("Name may not start with a digit\n"));
    2609           0 :                 else if (*aname && strlen (aname) < 5)
    2610             :                   {
    2611           0 :                     tty_printf(_("Name must be at least 5 characters long\n"));
    2612             :                     /* However, we allow an empty name.  */
    2613             :                   }
    2614             :                 else
    2615             :                     break;
    2616           0 :             }
    2617             :         }
    2618           0 :         if( !amail ) {
    2619             :             for(;;) {
    2620           0 :                 xfree(amail);
    2621           0 :                 amail = cpr_get("keygen.email",_("Email address: "));
    2622           0 :                 trim_spaces(amail);
    2623           0 :                 cpr_kill_prompt();
    2624           0 :                 if( !*amail || opt.allow_freeform_uid )
    2625             :                     break;   /* no email address is okay */
    2626           0 :                 else if ( !is_valid_mailbox (amail) )
    2627           0 :                     tty_printf(_("Not a valid email address\n"));
    2628             :                 else
    2629           0 :                     break;
    2630           0 :             }
    2631             :         }
    2632           0 :         if (!acomment) {
    2633           0 :           if (full) {
    2634             :             for(;;) {
    2635           0 :                 xfree(acomment);
    2636           0 :                 acomment = cpr_get("keygen.comment",_("Comment: "));
    2637           0 :                 trim_spaces(acomment);
    2638           0 :                 cpr_kill_prompt();
    2639           0 :                 if( !*acomment )
    2640           0 :                     break;   /* no comment is okay */
    2641           0 :                 else if( strpbrk( acomment, "()" ) )
    2642           0 :                     tty_printf(_("Invalid character in comment\n"));
    2643             :                 else
    2644           0 :                     break;
    2645           0 :             }
    2646             :           }
    2647             :           else {
    2648           0 :             xfree (acomment);
    2649           0 :             acomment = xstrdup ("");
    2650             :           }
    2651             :         }
    2652             : 
    2653             : 
    2654           0 :         xfree(uid);
    2655           0 :         uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
    2656           0 :         if (!*aname && *amail && !*acomment && !random_is_faked ())
    2657             :           { /* Empty name and comment but with mail address.  Use
    2658             :                simplified form with only the non-angle-bracketed mail
    2659             :                address.  */
    2660           0 :             p = stpcpy (p, amail);
    2661             :           }
    2662             :         else
    2663             :           {
    2664           0 :             p = stpcpy (p, aname );
    2665           0 :             if (*acomment)
    2666           0 :               p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
    2667           0 :             if (*amail)
    2668           0 :               p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
    2669             :           }
    2670             : 
    2671             :         /* Append a warning if the RNG is switched into fake mode.  */
    2672           0 :         if ( random_is_faked ()  )
    2673           0 :           strcpy(p, " (insecure!)" );
    2674             : 
    2675             :         /* print a note in case that UTF8 mapping has to be done */
    2676           0 :         for(p=uid; *p; p++ ) {
    2677           0 :             if( *p & 0x80 ) {
    2678           0 :                 tty_printf(_("You are using the '%s' character set.\n"),
    2679             :                            get_native_charset() );
    2680           0 :                 break;
    2681             :             }
    2682             :         }
    2683             : 
    2684           0 :         tty_printf(_("You selected this USER-ID:\n    \"%s\"\n\n"), uid);
    2685             : 
    2686           0 :         if( !*amail && !opt.allow_freeform_uid
    2687           0 :             && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
    2688           0 :             fail = 1;
    2689           0 :             tty_printf(_("Please don't put the email address "
    2690             :                          "into the real name or the comment\n") );
    2691             :         }
    2692             : 
    2693           0 :         if (!fail && keyblock)
    2694             :           {
    2695           0 :             if (uid_already_in_keyblock (keyblock, uid))
    2696             :               {
    2697           0 :                 tty_printf (_("Such a user ID already exists on this key!\n"));
    2698           0 :                 fail = 1;
    2699             :               }
    2700             :           }
    2701             : 
    2702             :         for(;;) {
    2703             :             /* TRANSLATORS: These are the allowed answers in
    2704             :                lower and uppercase.  Below you will find the matching
    2705             :                string which should be translated accordingly and the
    2706             :                letter changed to match the one in the answer string.
    2707             : 
    2708             :                  n = Change name
    2709             :                  c = Change comment
    2710             :                  e = Change email
    2711             :                  o = Okay (ready, continue)
    2712             :                  q = Quit
    2713             :              */
    2714           0 :             const char *ansstr = _("NnCcEeOoQq");
    2715             : 
    2716           0 :             if( strlen(ansstr) != 10 )
    2717           0 :                 BUG();
    2718           0 :             if( cpr_enabled() ) {
    2719           0 :                 answer = xstrdup (ansstr + (fail?8:6));
    2720           0 :                 answer[1] = 0;
    2721             :             }
    2722           0 :             else if (full) {
    2723           0 :                 answer = cpr_get("keygen.userid.cmd", fail?
    2724             :                   _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
    2725             :                   _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
    2726           0 :                 cpr_kill_prompt();
    2727             :             }
    2728             :             else {
    2729           0 :                 answer = cpr_get("keygen.userid.cmd", fail?
    2730             :                   _("Change (N)ame, (E)mail, or (Q)uit? ") :
    2731             :                   _("Change (N)ame, (E)mail, or (O)kay/(Q)uit? "));
    2732           0 :                 cpr_kill_prompt();
    2733             :             }
    2734           0 :             if( strlen(answer) > 1 )
    2735             :                 ;
    2736           0 :             else if( *answer == ansstr[0] || *answer == ansstr[1] ) {
    2737           0 :                 xfree(aname); aname = NULL;
    2738           0 :                 break;
    2739             :             }
    2740           0 :             else if( *answer == ansstr[2] || *answer == ansstr[3] ) {
    2741           0 :                 xfree(acomment); acomment = NULL;
    2742           0 :                 break;
    2743             :             }
    2744           0 :             else if( *answer == ansstr[4] || *answer == ansstr[5] ) {
    2745           0 :                 xfree(amail); amail = NULL;
    2746           0 :                 break;
    2747             :             }
    2748           0 :             else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
    2749           0 :                 if( fail ) {
    2750           0 :                     tty_printf(_("Please correct the error first\n"));
    2751             :                 }
    2752             :                 else {
    2753           0 :                     xfree(aname); aname = NULL;
    2754           0 :                     xfree(acomment); acomment = NULL;
    2755           0 :                     xfree(amail); amail = NULL;
    2756           0 :                     break;
    2757             :                 }
    2758             :             }
    2759           0 :             else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
    2760           0 :                 xfree(aname); aname = NULL;
    2761           0 :                 xfree(acomment); acomment = NULL;
    2762           0 :                 xfree(amail); amail = NULL;
    2763           0 :                 xfree(uid); uid = NULL;
    2764           0 :                 break;
    2765             :             }
    2766           0 :             xfree(answer);
    2767           0 :         }
    2768           0 :         xfree(answer);
    2769           0 :         if (!amail && !acomment)
    2770           0 :             break;
    2771           0 :         xfree(uid); uid = NULL;
    2772           0 :     }
    2773           0 :     if( uid ) {
    2774           0 :         char *p = native_to_utf8( uid );
    2775           0 :         xfree( uid );
    2776           0 :         uid = p;
    2777             :     }
    2778           0 :     return uid;
    2779             : }
    2780             : 
    2781             : 
    2782             : /* Basic key generation.  Here we divert to the actual generation
    2783             :    routines based on the requested algorithm.  */
    2784             : static int
    2785           5 : do_create (int algo, unsigned int nbits, const char *curve, KBNODE pub_root,
    2786             :            u32 timestamp, u32 expiredate, int is_subkey,
    2787             :            int keygen_flags, const char *passphrase,
    2788             :            char **cache_nonce_addr, char **passwd_nonce_addr)
    2789             : {
    2790             :   gpg_error_t err;
    2791             : 
    2792             :   /* Fixme: The entropy collecting message should be moved to a
    2793             :      libgcrypt progress handler.  */
    2794           5 :   if (!opt.batch)
    2795           0 :     tty_printf (_(
    2796             : "We need to generate a lot of random bytes. It is a good idea to perform\n"
    2797             : "some other action (type on the keyboard, move the mouse, utilize the\n"
    2798             : "disks) during the prime generation; this gives the random number\n"
    2799             : "generator a better chance to gain enough entropy.\n") );
    2800             : 
    2801           5 :   if (algo == PUBKEY_ALGO_ELGAMAL_E)
    2802           1 :     err = gen_elg (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
    2803             :                    keygen_flags, passphrase,
    2804             :                    cache_nonce_addr, passwd_nonce_addr);
    2805           4 :   else if (algo == PUBKEY_ALGO_DSA)
    2806           1 :     err = gen_dsa (nbits, pub_root, timestamp, expiredate, is_subkey,
    2807             :                    keygen_flags, passphrase,
    2808             :                    cache_nonce_addr, passwd_nonce_addr);
    2809           3 :   else if (algo == PUBKEY_ALGO_ECDSA
    2810           3 :            || algo == PUBKEY_ALGO_EDDSA
    2811           3 :            || algo == PUBKEY_ALGO_ECDH)
    2812           0 :     err = gen_ecc (algo, curve, pub_root, timestamp, expiredate, is_subkey,
    2813             :                    keygen_flags, passphrase,
    2814             :                    cache_nonce_addr, passwd_nonce_addr);
    2815           3 :   else if (algo == PUBKEY_ALGO_RSA)
    2816           3 :     err = gen_rsa (algo, nbits, pub_root, timestamp, expiredate, is_subkey,
    2817             :                    keygen_flags, passphrase,
    2818             :                    cache_nonce_addr, passwd_nonce_addr);
    2819             :   else
    2820           0 :     BUG();
    2821             : 
    2822           5 :   return err;
    2823             : }
    2824             : 
    2825             : 
    2826             : /* Generate a new user id packet or return NULL if canceled.  If
    2827             :    KEYBLOCK is not NULL the function prevents the creation of an
    2828             :    already existing user ID.  If UIDSTR is not NULL the user is not
    2829             :    asked but UIDSTR is used to create the user id packet; if the user
    2830             :    id already exists NULL is returned.  UIDSTR is expected to be utf-8
    2831             :    encoded and should have already been checked for a valid length
    2832             :    etc.  */
    2833             : PKT_user_id *
    2834           1 : generate_user_id (KBNODE keyblock, const char *uidstr)
    2835             : {
    2836             :   PKT_user_id *uid;
    2837             :   char *p;
    2838             : 
    2839           1 :   if (uidstr)
    2840             :     {
    2841           1 :       if (uid_already_in_keyblock (keyblock, uidstr))
    2842           0 :         return NULL;  /* Already exists.  */
    2843           1 :       uid = uid_from_string (uidstr);
    2844             :     }
    2845             :   else
    2846             :     {
    2847           0 :       p = ask_user_id (1, 1, keyblock);
    2848           0 :       if (!p)
    2849           0 :         return NULL;  /* Canceled. */
    2850           0 :       uid = uid_from_string (p);
    2851           0 :       xfree (p);
    2852             :     }
    2853           1 :   return uid;
    2854             : }
    2855             : 
    2856             : 
    2857             : /* Append R to the linked list PARA.  */
    2858             : static void
    2859           6 : append_to_parameter (struct para_data_s *para, struct para_data_s *r)
    2860             : {
    2861           6 :   log_assert (para);
    2862          59 :   while (para->next)
    2863          47 :     para = para->next;
    2864           6 :   para->next = r;
    2865           6 : }
    2866             : 
    2867             : /* Release the parameter list R.  */
    2868             : static void
    2869           5 : release_parameter_list (struct para_data_s *r)
    2870             : {
    2871             :   struct para_data_s *r2;
    2872             : 
    2873          33 :   for (; r ; r = r2)
    2874             :     {
    2875          28 :       r2 = r->next;
    2876          28 :       if (r->key == pPASSPHRASE && *r->u.value)
    2877           0 :         wipememory (r->u.value, strlen (r->u.value));
    2878          28 :       xfree (r);
    2879             :     }
    2880           5 : }
    2881             : 
    2882             : static struct para_data_s *
    2883          95 : get_parameter( struct para_data_s *para, enum para_name key )
    2884             : {
    2885             :     struct para_data_s *r;
    2886             : 
    2887          95 :     for( r = para; r && r->key != key; r = r->next )
    2888             :         ;
    2889          95 :     return r;
    2890             : }
    2891             : 
    2892             : static const char *
    2893          26 : get_parameter_value( struct para_data_s *para, enum para_name key )
    2894             : {
    2895          26 :     struct para_data_s *r = get_parameter( para, key );
    2896          26 :     return (r && *r->u.value)? r->u.value : NULL;
    2897             : }
    2898             : 
    2899             : 
    2900             : /* This is similar to get_parameter_value but also returns the empty
    2901             :    string.  This is required so that quick_generate_keypair can use an
    2902             :    empty Passphrase to specify no-protection.  */
    2903             : static const char *
    2904           5 : get_parameter_passphrase (struct para_data_s *para)
    2905             : {
    2906           5 :   struct para_data_s *r = get_parameter (para, pPASSPHRASE);
    2907           5 :   return r ? r->u.value : NULL;
    2908             : }
    2909             : 
    2910             : 
    2911             : static int
    2912          13 : get_parameter_algo( struct para_data_s *para, enum para_name key,
    2913             :                     int *r_default)
    2914             : {
    2915             :   int i;
    2916          13 :   struct para_data_s *r = get_parameter( para, key );
    2917             : 
    2918          13 :   if (r_default)
    2919           5 :     *r_default = 0;
    2920             : 
    2921          13 :   if (!r)
    2922           0 :     return -1;
    2923             : 
    2924             :   /* Note that we need to handle the ECC algorithms specified as
    2925             :      strings directly because Libgcrypt folds them all to ECC.  */
    2926          13 :   if (!ascii_strcasecmp (r->u.value, "default"))
    2927             :     {
    2928             :       /* Note: If you change this default algo, remember to change it
    2929             :          also in gpg.c:gpgconf_list.  */
    2930           0 :       i = DEFAULT_STD_ALGO;
    2931           0 :       if (r_default)
    2932           0 :         *r_default = 1;
    2933             :     }
    2934          13 :   else if (digitp (r->u.value))
    2935           5 :     i = atoi( r->u.value );
    2936           8 :   else if (!strcmp (r->u.value, "ELG-E")
    2937           8 :            || !strcmp (r->u.value, "ELG"))
    2938           2 :     i = PUBKEY_ALGO_ELGAMAL_E;
    2939           6 :   else if (!ascii_strcasecmp (r->u.value, "EdDSA"))
    2940           0 :     i = PUBKEY_ALGO_EDDSA;
    2941           6 :   else if (!ascii_strcasecmp (r->u.value, "ECDSA"))
    2942           0 :     i = PUBKEY_ALGO_ECDSA;
    2943           6 :   else if (!ascii_strcasecmp (r->u.value, "ECDH"))
    2944           0 :     i = PUBKEY_ALGO_ECDH;
    2945             :   else
    2946           6 :     i = map_pk_gcry_to_openpgp (gcry_pk_map_name (r->u.value));
    2947             : 
    2948          13 :   if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
    2949           0 :     i = 0; /* we don't want to allow generation of these algorithms */
    2950          13 :   return i;
    2951             : }
    2952             : 
    2953             : 
    2954             : /* Parse a usage string.  The usage keywords "auth", "sign", "encr"
    2955             :  * may be elimited by space, tab, or comma.  On error -1 is returned
    2956             :  * instead of the usage flags/  */
    2957             : static int
    2958           3 : parse_usagestr (const char *usagestr)
    2959             : {
    2960             :   gpg_error_t err;
    2961           3 :   char **tokens = NULL;
    2962             :   const char *s;
    2963             :   int i;
    2964           3 :   unsigned int use = 0;
    2965             : 
    2966           3 :   tokens = strtokenize (usagestr, " \t,");
    2967           3 :   if (!tokens)
    2968             :     {
    2969           0 :       err = gpg_error_from_syserror ();
    2970           0 :       log_error ("strtokenize failed: %s\n", gpg_strerror (err));
    2971           0 :       return -1;
    2972             :     }
    2973             : 
    2974           7 :   for (i=0; (s = tokens[i]); i++)
    2975             :     {
    2976           4 :       if (!*s)
    2977             :         ;
    2978           4 :       else if (!ascii_strcasecmp (s, "sign"))
    2979           2 :         use |= PUBKEY_USAGE_SIG;
    2980           2 :       else if (!ascii_strcasecmp (s, "encrypt")
    2981           1 :                 || !ascii_strcasecmp (s, "encr"))
    2982           2 :         use |= PUBKEY_USAGE_ENC;
    2983           0 :       else if (!ascii_strcasecmp (s, "auth"))
    2984           0 :         use |= PUBKEY_USAGE_AUTH;
    2985           0 :       else if (!ascii_strcasecmp (s, "cert"))
    2986           0 :         use |= PUBKEY_USAGE_CERT;
    2987             :       else
    2988             :         {
    2989           0 :           xfree (tokens);
    2990           0 :           return -1; /* error */
    2991             :         }
    2992             :     }
    2993             : 
    2994           3 :   xfree (tokens);
    2995           3 :   return use;
    2996             : }
    2997             : 
    2998             : 
    2999             : /*
    3000             :  * Parse the usage parameter and set the keyflags.  Returns -1 on
    3001             :  * error, 0 for no usage given or 1 for usage available.
    3002             :  */
    3003             : static int
    3004           5 : parse_parameter_usage (const char *fname,
    3005             :                        struct para_data_s *para, enum para_name key)
    3006             : {
    3007           5 :   struct para_data_s *r = get_parameter( para, key );
    3008             :   int i;
    3009             : 
    3010           5 :   if (!r)
    3011           2 :     return 0; /* none (this is an optional parameter)*/
    3012             : 
    3013           3 :   i = parse_usagestr (r->u.value);
    3014           3 :   if (i == -1)
    3015             :     {
    3016           0 :       log_error ("%s:%d: invalid usage list\n", fname, r->lnr );
    3017           0 :       return -1; /* error */
    3018             :     }
    3019             : 
    3020           3 :   r->u.usage = i;
    3021           3 :   return 1;
    3022             : }
    3023             : 
    3024             : 
    3025             : static int
    3026           3 : parse_revocation_key (const char *fname,
    3027             :                       struct para_data_s *para, enum para_name key)
    3028             : {
    3029           3 :   struct para_data_s *r = get_parameter( para, key );
    3030             :   struct revocation_key revkey;
    3031             :   char *pn;
    3032             :   int i;
    3033             : 
    3034           3 :   if( !r )
    3035           3 :     return 0; /* none (this is an optional parameter) */
    3036             : 
    3037           0 :   pn = r->u.value;
    3038             : 
    3039           0 :   revkey.class=0x80;
    3040           0 :   revkey.algid=atoi(pn);
    3041           0 :   if(!revkey.algid)
    3042           0 :     goto fail;
    3043             : 
    3044             :   /* Skip to the fpr */
    3045           0 :   while(*pn && *pn!=':')
    3046           0 :     pn++;
    3047             : 
    3048           0 :   if(*pn!=':')
    3049           0 :     goto fail;
    3050             : 
    3051           0 :   pn++;
    3052             : 
    3053           0 :   for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
    3054             :     {
    3055           0 :       int c=hextobyte(pn);
    3056           0 :       if(c==-1)
    3057           0 :         goto fail;
    3058             : 
    3059           0 :       revkey.fpr[i]=c;
    3060             :     }
    3061             : 
    3062             :   /* skip to the tag */
    3063           0 :   while(*pn && *pn!='s' && *pn!='S')
    3064           0 :     pn++;
    3065             : 
    3066           0 :   if(ascii_strcasecmp(pn,"sensitive")==0)
    3067           0 :     revkey.class|=0x40;
    3068             : 
    3069           0 :   memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key));
    3070             : 
    3071           0 :   return 0;
    3072             : 
    3073             :   fail:
    3074           0 :   log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
    3075           0 :   return -1; /* error */
    3076             : }
    3077             : 
    3078             : 
    3079             : static u32
    3080          22 : get_parameter_u32( struct para_data_s *para, enum para_name key )
    3081             : {
    3082          22 :   struct para_data_s *r = get_parameter( para, key );
    3083             : 
    3084          22 :   if( !r )
    3085           5 :     return 0;
    3086          17 :   if( r->key == pKEYCREATIONDATE )
    3087           0 :     return r->u.creation;
    3088          17 :   if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
    3089           3 :     return r->u.expire;
    3090          14 :   if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
    3091           9 :     return r->u.usage;
    3092             : 
    3093           5 :   return (unsigned int)strtoul( r->u.value, NULL, 10 );
    3094             : }
    3095             : 
    3096             : static unsigned int
    3097          14 : get_parameter_uint( struct para_data_s *para, enum para_name key )
    3098             : {
    3099          14 :     return get_parameter_u32( para, key );
    3100             : }
    3101             : 
    3102             : static struct revocation_key *
    3103           3 : get_parameter_revkey( struct para_data_s *para, enum para_name key )
    3104             : {
    3105           3 :     struct para_data_s *r = get_parameter( para, key );
    3106           3 :     return r? &r->u.revkey : NULL;
    3107             : }
    3108             : 
    3109             : static int
    3110           3 : proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
    3111             :                      struct output_control_s *outctrl, int card )
    3112             : {
    3113             :   struct para_data_s *r;
    3114             :   const char *s1, *s2, *s3;
    3115             :   size_t n;
    3116             :   char *p;
    3117           3 :   int is_default = 0;
    3118           3 :   int have_user_id = 0;
    3119             :   int err, algo;
    3120             : 
    3121             :   /* Check that we have all required parameters. */
    3122           3 :   r = get_parameter( para, pKEYTYPE );
    3123           3 :   if(r)
    3124             :     {
    3125           3 :       algo = get_parameter_algo (para, pKEYTYPE, &is_default);
    3126           3 :       if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
    3127             :         {
    3128           0 :           log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
    3129           0 :           return -1;
    3130             :         }
    3131             :     }
    3132             :   else
    3133             :     {
    3134           0 :       log_error ("%s: no Key-Type specified\n",fname);
    3135           0 :       return -1;
    3136             :     }
    3137             : 
    3138           3 :   err = parse_parameter_usage (fname, para, pKEYUSAGE);
    3139           3 :   if (!err)
    3140             :     {
    3141             :       /* Default to algo capabilities if key-usage is not provided and
    3142             :          no default algorithm has been requested.  */
    3143           1 :       r = xmalloc_clear(sizeof(*r));
    3144           1 :       r->key = pKEYUSAGE;
    3145           2 :       r->u.usage = (is_default
    3146           1 :                     ? (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG)
    3147           1 :                     : openpgp_pk_algo_usage(algo));
    3148           1 :       append_to_parameter (para, r);
    3149             :     }
    3150           2 :   else if (err == -1)
    3151           0 :     return -1;
    3152             :   else
    3153             :     {
    3154           2 :       r = get_parameter (para, pKEYUSAGE);
    3155           2 :       if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
    3156             :         {
    3157           0 :           log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
    3158             :                      fname, r->lnr, algo);
    3159           0 :           return -1;
    3160             :         }
    3161             :     }
    3162             : 
    3163           3 :   is_default = 0;
    3164           3 :   r = get_parameter( para, pSUBKEYTYPE );
    3165           3 :   if(r)
    3166             :     {
    3167           2 :       algo = get_parameter_algo (para, pSUBKEYTYPE, &is_default);
    3168           2 :       if (openpgp_pk_test_algo (algo))
    3169             :         {
    3170           0 :           log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
    3171           0 :           return -1;
    3172             :         }
    3173             : 
    3174           2 :       err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
    3175           2 :       if (!err)
    3176             :         {
    3177             :           /* Default to algo capabilities if subkey-usage is not
    3178             :              provided */
    3179           1 :           r = xmalloc_clear (sizeof(*r));
    3180           1 :           r->key = pSUBKEYUSAGE;
    3181           2 :           r->u.usage = (is_default
    3182           1 :                         ? PUBKEY_USAGE_ENC
    3183           1 :                         : openpgp_pk_algo_usage (algo));
    3184           1 :           append_to_parameter (para, r);
    3185             :         }
    3186           1 :       else if (err == -1)
    3187           0 :         return -1;
    3188             :       else
    3189             :         {
    3190           1 :           r = get_parameter (para, pSUBKEYUSAGE);
    3191           1 :           if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
    3192             :             {
    3193           0 :               log_error ("%s:%d: specified Subkey-Usage not allowed"
    3194             :                          " for algo %d\n", fname, r->lnr, algo);
    3195           0 :               return -1;
    3196             :             }
    3197             :         }
    3198             :     }
    3199             : 
    3200             : 
    3201           3 :   if( get_parameter_value( para, pUSERID ) )
    3202           1 :     have_user_id=1;
    3203             :   else
    3204             :     {
    3205             :       /* create the formatted user ID */
    3206           2 :       s1 = get_parameter_value( para, pNAMEREAL );
    3207           2 :       s2 = get_parameter_value( para, pNAMECOMMENT );
    3208           2 :       s3 = get_parameter_value( para, pNAMEEMAIL );
    3209           2 :       if( s1 || s2 || s3 )
    3210             :         {
    3211           2 :           n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
    3212           2 :           r = xmalloc_clear( sizeof *r + n + 20 );
    3213           2 :           r->key = pUSERID;
    3214           2 :           p = r->u.value;
    3215           2 :           if( s1 )
    3216           2 :             p = stpcpy(p, s1 );
    3217           2 :           if( s2 )
    3218           2 :             p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
    3219           2 :           if( s3 )
    3220           2 :             p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
    3221           2 :           append_to_parameter (para, r);
    3222           2 :           have_user_id=1;
    3223             :         }
    3224             :     }
    3225             : 
    3226           3 :   if(!have_user_id)
    3227             :     {
    3228           0 :       log_error("%s: no User-ID specified\n",fname);
    3229           0 :       return -1;
    3230             :     }
    3231             : 
    3232             :   /* Set preferences, if any. */
    3233           3 :   keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
    3234             : 
    3235             :   /* Set keyserver, if any. */
    3236           3 :   s1=get_parameter_value( para, pKEYSERVER );
    3237           3 :   if(s1)
    3238             :     {
    3239             :       struct keyserver_spec *spec;
    3240             : 
    3241           0 :       spec = parse_keyserver_uri (s1, 1);
    3242           0 :       if(spec)
    3243             :         {
    3244           0 :           free_keyserver_spec(spec);
    3245           0 :           opt.def_keyserver_url=s1;
    3246             :         }
    3247             :       else
    3248             :         {
    3249           0 :           r = get_parameter (para, pKEYSERVER);
    3250           0 :           log_error("%s:%d: invalid keyserver url\n", fname, r->lnr );
    3251           0 :           return -1;
    3252             :         }
    3253             :     }
    3254             : 
    3255             :   /* Set revoker, if any. */
    3256           3 :   if (parse_revocation_key (fname, para, pREVOKER))
    3257           0 :     return -1;
    3258             : 
    3259             : 
    3260             :   /* Make KEYCREATIONDATE from Creation-Date.  */
    3261           3 :   r = get_parameter (para, pCREATIONDATE);
    3262           3 :   if (r && *r->u.value)
    3263             :     {
    3264             :       u32 seconds;
    3265             : 
    3266           0 :       seconds = parse_creation_string (r->u.value);
    3267           0 :       if (!seconds)
    3268             :         {
    3269           0 :           log_error ("%s:%d: invalid creation date\n", fname, r->lnr );
    3270           0 :           return -1;
    3271             :         }
    3272           0 :       r->u.creation = seconds;
    3273           0 :       r->key = pKEYCREATIONDATE;  /* Change that entry. */
    3274             :     }
    3275             : 
    3276             :   /* Make KEYEXPIRE from Expire-Date.  */
    3277           3 :   r = get_parameter( para, pEXPIREDATE );
    3278           3 :   if( r && *r->u.value )
    3279             :     {
    3280             :       u32 seconds;
    3281             : 
    3282           2 :       seconds = parse_expire_string( r->u.value );
    3283           2 :       if( seconds == (u32)-1 )
    3284             :         {
    3285           0 :           log_error("%s:%d: invalid expire date\n", fname, r->lnr );
    3286           0 :           return -1;
    3287             :         }
    3288           2 :       r->u.expire = seconds;
    3289           2 :       r->key = pKEYEXPIRE;  /* change hat entry */
    3290             :       /* also set it for the subkey */
    3291           2 :       r = xmalloc_clear( sizeof *r + 20 );
    3292           2 :       r->key = pSUBKEYEXPIRE;
    3293           2 :       r->u.expire = seconds;
    3294           2 :       append_to_parameter (para, r);
    3295             :     }
    3296             : 
    3297           3 :   do_generate_keypair (ctrl, para, outctrl, card );
    3298           3 :   return 0;
    3299             : }
    3300             : 
    3301             : 
    3302             : /****************
    3303             :  * Kludge to allow non interactive key generation controlled
    3304             :  * by a parameter file.
    3305             :  * Note, that string parameters are expected to be in UTF-8
    3306             :  */
    3307             : static void
    3308           2 : read_parameter_file (ctrl_t ctrl, const char *fname )
    3309             : {
    3310             :     static struct { const char *name;
    3311             :                     enum para_name key;
    3312             :     } keywords[] = {
    3313             :         { "Key-Type",       pKEYTYPE},
    3314             :         { "Key-Length",     pKEYLENGTH },
    3315             :         { "Key-Curve",      pKEYCURVE },
    3316             :         { "Key-Usage",      pKEYUSAGE },
    3317             :         { "Subkey-Type",    pSUBKEYTYPE },
    3318             :         { "Subkey-Length",  pSUBKEYLENGTH },
    3319             :         { "Subkey-Curve",   pSUBKEYCURVE },
    3320             :         { "Subkey-Usage",   pSUBKEYUSAGE },
    3321             :         { "Name-Real",      pNAMEREAL },
    3322             :         { "Name-Email",     pNAMEEMAIL },
    3323             :         { "Name-Comment",   pNAMECOMMENT },
    3324             :         { "Expire-Date",    pEXPIREDATE },
    3325             :         { "Creation-Date",  pCREATIONDATE },
    3326             :         { "Passphrase",     pPASSPHRASE },
    3327             :         { "Preferences",    pPREFERENCES },
    3328             :         { "Revoker",        pREVOKER },
    3329             :         { "Handle",         pHANDLE },
    3330             :         { "Keyserver",      pKEYSERVER },
    3331             :         { NULL, 0 }
    3332             :     };
    3333             :     IOBUF fp;
    3334             :     byte *line;
    3335             :     unsigned int maxlen, nline;
    3336             :     char *p;
    3337             :     int lnr;
    3338           2 :     const char *err = NULL;
    3339             :     struct para_data_s *para, *r;
    3340             :     int i;
    3341             :     struct output_control_s outctrl;
    3342             : 
    3343           2 :     memset( &outctrl, 0, sizeof( outctrl ) );
    3344           2 :     outctrl.pub.afx = new_armor_context ();
    3345             : 
    3346           2 :     if( !fname || !*fname)
    3347           2 :       fname = "-";
    3348             : 
    3349           2 :     fp = iobuf_open (fname);
    3350           2 :     if (fp && is_secured_file (iobuf_get_fd (fp)))
    3351             :       {
    3352           0 :         iobuf_close (fp);
    3353           0 :         fp = NULL;
    3354           0 :         gpg_err_set_errno (EPERM);
    3355             :       }
    3356           2 :     if (!fp) {
    3357           0 :       log_error (_("can't open '%s': %s\n"), fname, strerror(errno) );
    3358           2 :       return;
    3359             :     }
    3360           2 :     iobuf_ioctl (fp, IOBUF_IOCTL_NO_CACHE, 1, NULL);
    3361             : 
    3362           2 :     lnr = 0;
    3363           2 :     err = NULL;
    3364           2 :     para = NULL;
    3365           2 :     maxlen = 1024;
    3366           2 :     line = NULL;
    3367          25 :     while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) {
    3368             :         char *keyword, *value;
    3369             : 
    3370          21 :         lnr++;
    3371          21 :         if( !maxlen ) {
    3372           0 :             err = "line too long";
    3373           0 :             break;
    3374             :         }
    3375          21 :         for( p = line; isspace(*(byte*)p); p++ )
    3376             :             ;
    3377          21 :         if( !*p || *p == '#' )
    3378           0 :             continue;
    3379          21 :         keyword = p;
    3380          21 :         if( *keyword == '%' ) {
    3381           6 :             for( ; !isspace(*(byte*)p); p++ )
    3382             :                 ;
    3383           6 :             if( *p )
    3384           6 :                 *p++ = 0;
    3385           6 :             for( ; isspace(*(byte*)p); p++ )
    3386             :                 ;
    3387           6 :             value = p;
    3388           6 :             trim_trailing_ws( value, strlen(value) );
    3389           6 :             if( !ascii_strcasecmp( keyword, "%echo" ) )
    3390           0 :                 log_info("%s\n", value );
    3391           6 :             else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
    3392           0 :                 outctrl.dryrun = 1;
    3393           6 :             else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
    3394             :               ; /* Dummy for backward compatibility. */
    3395           6 :             else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
    3396             :               ; /* Dummy for backward compatibility. */
    3397           6 :             else if( !ascii_strcasecmp( keyword, "%no-protection" ) )
    3398           2 :                 outctrl.keygen_flags |= KEYGEN_FLAG_NO_PROTECTION;
    3399           4 :             else if( !ascii_strcasecmp( keyword, "%transient-key" ) )
    3400           2 :                 outctrl.keygen_flags |= KEYGEN_FLAG_TRANSIENT_KEY;
    3401           2 :             else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
    3402           2 :                 outctrl.lnr = lnr;
    3403           2 :                 if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
    3404           0 :                   print_status_key_not_created
    3405             :                     (get_parameter_value (para, pHANDLE));
    3406           2 :                 release_parameter_list( para );
    3407           2 :                 para = NULL;
    3408             :             }
    3409           0 :             else if( !ascii_strcasecmp( keyword, "%pubring" ) ) {
    3410           0 :                 if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) )
    3411             :                     ; /* still the same file - ignore it */
    3412             :                 else {
    3413           0 :                     xfree( outctrl.pub.newfname );
    3414           0 :                     outctrl.pub.newfname = xstrdup( value );
    3415           0 :                     outctrl.use_files = 1;
    3416             :                 }
    3417             :             }
    3418           0 :             else if( !ascii_strcasecmp( keyword, "%secring" ) ) {
    3419             :               /* Ignore this command.  */
    3420             :             }
    3421             :             else
    3422           0 :                 log_info("skipping control '%s' (%s)\n", keyword, value );
    3423             : 
    3424             : 
    3425           6 :             continue;
    3426             :         }
    3427             : 
    3428             : 
    3429          15 :         if( !(p = strchr( p, ':' )) || p == keyword ) {
    3430           0 :             err = "missing colon";
    3431           0 :             break;
    3432             :         }
    3433          15 :         if( *p )
    3434          15 :             *p++ = 0;
    3435          15 :         for( ; isspace(*(byte*)p); p++ )
    3436             :             ;
    3437          15 :         if( !*p ) {
    3438           0 :             err = "missing argument";
    3439           0 :             break;
    3440             :         }
    3441          15 :         value = p;
    3442          15 :         trim_trailing_ws( value, strlen(value) );
    3443             : 
    3444         105 :         for(i=0; keywords[i].name; i++ ) {
    3445         105 :             if( !ascii_strcasecmp( keywords[i].name, keyword ) )
    3446          15 :                 break;
    3447             :         }
    3448          15 :         if( !keywords[i].name ) {
    3449           0 :             err = "unknown keyword";
    3450           0 :             break;
    3451             :         }
    3452          15 :         if( keywords[i].key != pKEYTYPE && !para ) {
    3453           0 :             err = "parameter block does not start with \"Key-Type\"";
    3454           0 :             break;
    3455             :         }
    3456             : 
    3457          15 :         if( keywords[i].key == pKEYTYPE && para ) {
    3458           0 :             outctrl.lnr = lnr;
    3459           0 :             if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
    3460           0 :               print_status_key_not_created
    3461             :                 (get_parameter_value (para, pHANDLE));
    3462           0 :             release_parameter_list( para );
    3463           0 :             para = NULL;
    3464             :         }
    3465             :         else {
    3466          64 :             for( r = para; r; r = r->next ) {
    3467          49 :                 if( r->key == keywords[i].key )
    3468           0 :                     break;
    3469             :             }
    3470          15 :             if( r ) {
    3471           0 :                 err = "duplicate keyword";
    3472           0 :                 break;
    3473             :             }
    3474             :         }
    3475          15 :         r = xmalloc_clear( sizeof *r + strlen( value ) );
    3476          15 :         r->lnr = lnr;
    3477          15 :         r->key = keywords[i].key;
    3478          15 :         strcpy( r->u.value, value );
    3479          15 :         r->next = para;
    3480          15 :         para = r;
    3481             :     }
    3482           2 :     if( err )
    3483           0 :         log_error("%s:%d: %s\n", fname, lnr, err );
    3484           2 :     else if( iobuf_error (fp) ) {
    3485           0 :         log_error("%s:%d: read error\n", fname, lnr);
    3486             :     }
    3487           2 :     else if( para ) {
    3488           0 :         outctrl.lnr = lnr;
    3489           0 :         if (proc_parameter_file (ctrl, para, fname, &outctrl, 0 ))
    3490           0 :           print_status_key_not_created (get_parameter_value (para, pHANDLE));
    3491             :     }
    3492             : 
    3493           2 :     if( outctrl.use_files ) { /* close open streams */
    3494           0 :         iobuf_close( outctrl.pub.stream );
    3495             : 
    3496             :         /* Must invalidate that ugly cache to actually close it.  */
    3497           0 :         if (outctrl.pub.fname)
    3498           0 :           iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
    3499           0 :                        0, (char*)outctrl.pub.fname);
    3500             : 
    3501           0 :         xfree( outctrl.pub.fname );
    3502           0 :         xfree( outctrl.pub.newfname );
    3503             :     }
    3504             : 
    3505           2 :     xfree (line);
    3506           2 :     release_parameter_list( para );
    3507           2 :     iobuf_close (fp);
    3508           2 :     release_armor_context (outctrl.pub.afx);
    3509             : }
    3510             : 
    3511             : 
    3512             : /* Helper for quick_generate_keypair.  */
    3513             : static struct para_data_s *
    3514           2 : quickgen_set_para (struct para_data_s *para, int for_subkey,
    3515             :                    int algo, int nbits, const char *curve, unsigned int use)
    3516             : {
    3517             :   struct para_data_s *r;
    3518             : 
    3519           2 :   r = xmalloc_clear (sizeof *r + 30);
    3520           2 :   r->key = for_subkey? pSUBKEYUSAGE :  pKEYUSAGE;
    3521           2 :   if (use)
    3522           0 :     snprintf (r->u.value, 30, "%s%s%s%s",
    3523           0 :               (use & PUBKEY_USAGE_ENC)?  "encr " : "",
    3524           0 :               (use & PUBKEY_USAGE_SIG)?  "sign " : "",
    3525           0 :               (use & PUBKEY_USAGE_AUTH)? "auth " : "",
    3526           0 :               (use & PUBKEY_USAGE_CERT)? "cert " : "");
    3527             :   else
    3528           2 :     strcpy (r->u.value, for_subkey ? "encr" : "sign");
    3529           2 :   r->next = para;
    3530           2 :   para = r;
    3531           2 :   r = xmalloc_clear (sizeof *r + 20);
    3532           2 :   r->key = for_subkey? pSUBKEYTYPE : pKEYTYPE;
    3533           2 :   snprintf (r->u.value, 20, "%d", algo);
    3534           2 :   r->next = para;
    3535           2 :   para = r;
    3536             : 
    3537           2 :   if (curve)
    3538             :     {
    3539           0 :       r = xmalloc_clear (sizeof *r + strlen (curve));
    3540           0 :       r->key = for_subkey? pSUBKEYCURVE : pKEYCURVE;
    3541           0 :       strcpy (r->u.value, curve);
    3542           0 :       r->next = para;
    3543           0 :       para = r;
    3544             :     }
    3545             :   else
    3546             :     {
    3547           2 :       r = xmalloc_clear (sizeof *r + 20);
    3548           2 :       r->key = for_subkey? pSUBKEYLENGTH : pKEYLENGTH;
    3549           2 :       sprintf (r->u.value, "%u", nbits);
    3550           2 :       r->next = para;
    3551           2 :       para = r;
    3552             :     }
    3553             : 
    3554           2 :   return para;
    3555             : }
    3556             : 
    3557             : 
    3558             : /*
    3559             :  * Unattended generation of a standard key.
    3560             :  */
    3561             : void
    3562           1 : quick_generate_keypair (ctrl_t ctrl, const char *uid, const char *algostr,
    3563             :                         const char *usagestr, const char *expirestr)
    3564             : {
    3565             :   gpg_error_t err;
    3566           1 :   struct para_data_s *para = NULL;
    3567             :   struct para_data_s *r;
    3568             :   struct output_control_s outctrl;
    3569             :   int use_tty;
    3570             : 
    3571           1 :   memset (&outctrl, 0, sizeof outctrl);
    3572             : 
    3573           2 :   use_tty = (!opt.batch && !opt.answer_yes
    3574           0 :              && !*algostr && !*usagestr && !*expirestr
    3575           0 :              && !cpr_enabled ()
    3576           0 :              && gnupg_isatty (fileno (stdin))
    3577           0 :              && gnupg_isatty (fileno (stdout))
    3578           1 :              && gnupg_isatty (fileno (stderr)));
    3579             : 
    3580           1 :   r = xmalloc_clear (sizeof *r + strlen (uid));
    3581           1 :   r->key = pUSERID;
    3582           1 :   strcpy (r->u.value, uid);
    3583           1 :   r->next = para;
    3584           1 :   para = r;
    3585             : 
    3586           1 :   uid = trim_spaces (r->u.value);
    3587           1 :   if (!*uid || (!opt.allow_freeform_uid && !is_valid_user_id (uid)))
    3588             :     {
    3589           0 :       log_error (_("Key generation failed: %s\n"),
    3590             :                  gpg_strerror (GPG_ERR_INV_USER_ID));
    3591           0 :       goto leave;
    3592             :     }
    3593             : 
    3594             :   /* If gpg is directly used on the console ask whether a key with the
    3595             :      given user id shall really be created.  */
    3596           1 :   if (use_tty)
    3597             :     {
    3598           0 :       tty_printf (_("About to create a key for:\n    \"%s\"\n\n"), uid);
    3599           0 :       if (!cpr_get_answer_is_yes_def ("quick_keygen.okay",
    3600           0 :                                       _("Continue? (Y/n) "), 1))
    3601           0 :         goto leave;
    3602             :     }
    3603             : 
    3604             :   /* Check whether such a user ID already exists.  */
    3605             :   {
    3606             :     KEYDB_HANDLE kdbhd;
    3607             :     KEYDB_SEARCH_DESC desc;
    3608             : 
    3609           1 :     memset (&desc, 0, sizeof desc);
    3610           1 :     desc.mode = KEYDB_SEARCH_MODE_EXACT;
    3611           1 :     desc.u.name = uid;
    3612             : 
    3613           1 :     kdbhd = keydb_new ();
    3614           1 :     if (!kdbhd)
    3615           0 :       goto leave;
    3616             : 
    3617           1 :     err = keydb_search (kdbhd, &desc, 1, NULL);
    3618           1 :     keydb_release (kdbhd);
    3619           1 :     if (gpg_err_code (err) != GPG_ERR_NOT_FOUND)
    3620             :       {
    3621           0 :         log_info (_("A key for \"%s\" already exists\n"), uid);
    3622           0 :         if (opt.answer_yes)
    3623             :           ;
    3624           0 :         else if (!use_tty
    3625           0 :                  || !cpr_get_answer_is_yes_def ("quick_keygen.force",
    3626           0 :                                                 _("Create anyway? (y/N) "), 0))
    3627             :           {
    3628           0 :             write_status_error ("genkey", gpg_error (304));
    3629           0 :             log_inc_errorcount ();  /* we used log_info */
    3630           0 :             goto leave;
    3631             :           }
    3632           0 :         log_info (_("creating anyway\n"));
    3633             :       }
    3634             :   }
    3635             : 
    3636             : 
    3637           1 :   if ((!*algostr || !strcmp (algostr, "default")
    3638           0 :        || !strcmp (algostr, "future-default"))
    3639           1 :       && (!*usagestr || !strcmp (usagestr, "default")
    3640           0 :           || !strcmp (usagestr, "-")))
    3641             :     {
    3642           1 :       if (!strcmp (algostr, "future-default"))
    3643             :         {
    3644           0 :           para = quickgen_set_para (para, 0,
    3645             :                                     FUTURE_STD_ALGO, FUTURE_STD_KEYSIZE,
    3646             :                                     FUTURE_STD_CURVE, 0);
    3647           0 :           para = quickgen_set_para (para, 1,
    3648             :                                     FUTURE_STD_SUBALGO,  FUTURE_STD_SUBKEYSIZE,
    3649             :                                     FUTURE_STD_SUBCURVE, 0);
    3650             :         }
    3651             :       else
    3652             :         {
    3653           1 :           para = quickgen_set_para (para, 0,
    3654             :                                     DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
    3655             :                                     DEFAULT_STD_CURVE, 0);
    3656           1 :           para = quickgen_set_para (para, 1,
    3657             :                                     DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
    3658             :                                     DEFAULT_STD_SUBCURVE, 0);
    3659             :         }
    3660             : 
    3661           2 :       if (*expirestr)
    3662             :         {
    3663             :           u32 expire;
    3664             : 
    3665           0 :           expire = parse_expire_string (expirestr);
    3666           0 :           if (expire == (u32)-1 )
    3667             :             {
    3668           0 :               err = gpg_error (GPG_ERR_INV_VALUE);
    3669           0 :               log_error (_("Key generation failed: %s\n"), gpg_strerror (err));
    3670           0 :               goto leave;
    3671             :             }
    3672           0 :           r = xmalloc_clear (sizeof *r + 20);
    3673           0 :           r->key = pKEYEXPIRE;
    3674           0 :           r->u.expire = expire;
    3675           0 :           r->next = para;
    3676           0 :           para = r;
    3677             :         }
    3678             :     }
    3679             :   else
    3680             :     {
    3681             :       /* Extended unattended mode.  Creates only the primary key. */
    3682             :       int algo;
    3683             :       unsigned int use;
    3684             :       u32 expire;
    3685             :       unsigned int nbits;
    3686             :       char *curve;
    3687             : 
    3688           0 :       err = parse_algo_usage_expire (ctrl, 0, algostr, usagestr, expirestr,
    3689             :                                      &algo, &use, &expire, &nbits, &curve);
    3690           0 :       if (err)
    3691             :         {
    3692           0 :           log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
    3693           0 :           goto leave;
    3694             :         }
    3695             : 
    3696           0 :       para = quickgen_set_para (para, 0, algo, nbits, curve, use);
    3697           0 :       r = xmalloc_clear (sizeof *r + 20);
    3698           0 :       r->key = pKEYEXPIRE;
    3699           0 :       r->u.expire = expire;
    3700           0 :       r->next = para;
    3701           0 :       para = r;
    3702             :     }
    3703             : 
    3704             :   /* If the pinentry loopback mode is not and we have a static
    3705             :      passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
    3706             :      mode), we use that passphrase for the new key.  */
    3707           1 :   if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
    3708           1 :       && have_static_passphrase ())
    3709             :     {
    3710           0 :       const char *s = get_static_passphrase ();
    3711             : 
    3712           0 :       r = xmalloc_clear (sizeof *r + strlen (s));
    3713           0 :       r->key = pPASSPHRASE;
    3714           0 :       strcpy (r->u.value, s);
    3715           0 :       r->next = para;
    3716           0 :       para = r;
    3717             :     }
    3718             : 
    3719           1 :   proc_parameter_file (ctrl, para, "[internal]", &outctrl, 0);
    3720             : 
    3721             :  leave:
    3722           1 :   release_parameter_list (para);
    3723           1 : }
    3724             : 
    3725             : 
    3726             : /*
    3727             :  * Generate a keypair (fname is only used in batch mode) If
    3728             :  * CARD_SERIALNO is not NULL the function will create the keys on an
    3729             :  * OpenPGP Card.  If CARD_BACKUP_KEY has been set and CARD_SERIALNO is
    3730             :  * NOT NULL, the encryption key for the card is generated on the host,
    3731             :  * imported to the card and a backup file created by gpg-agent.  If
    3732             :  * FULL is not set only the basic prompts are used (except for batch
    3733             :  * mode).
    3734             :  */
    3735             : void
    3736           2 : generate_keypair (ctrl_t ctrl, int full, const char *fname,
    3737             :                   const char *card_serialno, int card_backup_key)
    3738             : {
    3739             :   unsigned int nbits;
    3740           2 :   char *uid = NULL;
    3741             :   int algo;
    3742             :   unsigned int use;
    3743           2 :   int both = 0;
    3744             :   u32 expire;
    3745           2 :   struct para_data_s *para = NULL;
    3746             :   struct para_data_s *r;
    3747             :   struct output_control_s outctrl;
    3748             : 
    3749             : #ifndef ENABLE_CARD_SUPPORT
    3750             :   (void)card_backup_key;
    3751             : #endif
    3752             : 
    3753           2 :   memset( &outctrl, 0, sizeof( outctrl ) );
    3754             : 
    3755           2 :   if (opt.batch && card_serialno)
    3756             :     {
    3757             :       /* We don't yet support unattended key generation. */
    3758           0 :       log_error (_("can't do this in batch mode\n"));
    3759           0 :       return;
    3760             :     }
    3761             : 
    3762           2 :   if (opt.batch)
    3763             :     {
    3764           2 :       read_parameter_file (ctrl, fname);
    3765           2 :       return;
    3766             :     }
    3767             : 
    3768           0 :   if (card_serialno)
    3769             :     {
    3770             : #ifdef ENABLE_CARD_SUPPORT
    3771             :       gpg_error_t err;
    3772             :       struct agent_card_info_s info;
    3773             : 
    3774           0 :       memset (&info, 0, sizeof (info));
    3775           0 :       err = agent_scd_getattr ("KEY-ATTR", &info);
    3776           0 :       if (err)
    3777             :         {
    3778           0 :           log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
    3779           0 :           return;
    3780             :         }
    3781             : 
    3782           0 :       r = xcalloc (1, sizeof *r + strlen (card_serialno) );
    3783           0 :       r->key = pSERIALNO;
    3784           0 :       strcpy( r->u.value, card_serialno);
    3785           0 :       r->next = para;
    3786           0 :       para = r;
    3787             : 
    3788           0 :       r = xcalloc (1, sizeof *r + 20 );
    3789           0 :       r->key = pKEYTYPE;
    3790           0 :       sprintf( r->u.value, "%d", info.key_attr[0].algo );
    3791           0 :       r->next = para;
    3792           0 :       para = r;
    3793           0 :       r = xcalloc (1, sizeof *r + 20 );
    3794           0 :       r->key = pKEYUSAGE;
    3795           0 :       strcpy (r->u.value, "sign");
    3796           0 :       r->next = para;
    3797           0 :       para = r;
    3798             : 
    3799           0 :       r = xcalloc (1, sizeof *r + 20 );
    3800           0 :       r->key = pSUBKEYTYPE;
    3801           0 :       sprintf( r->u.value, "%d", info.key_attr[1].algo );
    3802           0 :       r->next = para;
    3803           0 :       para = r;
    3804           0 :       r = xcalloc (1, sizeof *r + 20 );
    3805           0 :       r->key = pSUBKEYUSAGE;
    3806           0 :       strcpy (r->u.value, "encrypt");
    3807           0 :       r->next = para;
    3808           0 :       para = r;
    3809           0 :       if (info.key_attr[1].algo == PUBKEY_ALGO_RSA)
    3810             :         {
    3811           0 :           r = xcalloc (1, sizeof *r + 20 );
    3812           0 :           r->key = pSUBKEYLENGTH;
    3813           0 :           sprintf( r->u.value, "%u", info.key_attr[1].nbits);
    3814           0 :           r->next = para;
    3815           0 :           para = r;
    3816             :         }
    3817           0 :       else if (info.key_attr[1].algo == PUBKEY_ALGO_ECDSA
    3818           0 :                || info.key_attr[1].algo == PUBKEY_ALGO_EDDSA
    3819           0 :                || info.key_attr[1].algo == PUBKEY_ALGO_ECDH)
    3820             :         {
    3821           0 :           r = xcalloc (1, sizeof *r + strlen (info.key_attr[1].curve));
    3822           0 :           r->key = pSUBKEYCURVE;
    3823           0 :           strcpy (r->u.value, info.key_attr[1].curve);
    3824           0 :           r->next = para;
    3825           0 :           para = r;
    3826             :         }
    3827             : 
    3828           0 :       r = xcalloc (1, sizeof *r + 20 );
    3829           0 :       r->key = pAUTHKEYTYPE;
    3830           0 :       sprintf( r->u.value, "%d", info.key_attr[2].algo );
    3831           0 :       r->next = para;
    3832           0 :       para = r;
    3833             : 
    3834           0 :       if (card_backup_key)
    3835             :         {
    3836           0 :           r = xcalloc (1, sizeof *r + 1);
    3837           0 :           r->key = pCARDBACKUPKEY;
    3838           0 :           strcpy (r->u.value, "1");
    3839           0 :           r->next = para;
    3840           0 :           para = r;
    3841             :         }
    3842             : #endif /*ENABLE_CARD_SUPPORT*/
    3843             :     }
    3844           0 :   else if (full)  /* Full featured key generation.  */
    3845             :     {
    3846             :       int subkey_algo;
    3847           0 :       char *curve = NULL;
    3848             : 
    3849             :       /* Fixme: To support creating a primary key by keygrip we better
    3850             :          also define the keyword for the parameter file.  Note that
    3851             :          the subkey case will never be asserted if a keygrip has been
    3852             :          given.  */
    3853           0 :       algo = ask_algo (ctrl, 0, &subkey_algo, &use, NULL);
    3854           0 :       if (subkey_algo)
    3855             :         {
    3856             :           /* Create primary and subkey at once.  */
    3857           0 :           both = 1;
    3858           0 :           if (algo == PUBKEY_ALGO_ECDSA
    3859           0 :               || algo == PUBKEY_ALGO_EDDSA
    3860           0 :               || algo == PUBKEY_ALGO_ECDH)
    3861             :             {
    3862           0 :               curve = ask_curve (&algo, &subkey_algo);
    3863           0 :               r = xmalloc_clear( sizeof *r + 20 );
    3864           0 :               r->key = pKEYTYPE;
    3865           0 :               sprintf( r->u.value, "%d", algo);
    3866           0 :               r->next = para;
    3867           0 :               para = r;
    3868           0 :               nbits = 0;
    3869           0 :               r = xmalloc_clear (sizeof *r + strlen (curve));
    3870           0 :               r->key = pKEYCURVE;
    3871           0 :               strcpy (r->u.value, curve);
    3872           0 :               r->next = para;
    3873           0 :               para = r;
    3874             :             }
    3875             :           else
    3876             :             {
    3877           0 :               r = xmalloc_clear( sizeof *r + 20 );
    3878           0 :               r->key = pKEYTYPE;
    3879           0 :               sprintf( r->u.value, "%d", algo);
    3880           0 :               r->next = para;
    3881           0 :               para = r;
    3882           0 :               nbits = ask_keysize (algo, 0);
    3883           0 :               r = xmalloc_clear( sizeof *r + 20 );
    3884           0 :               r->key = pKEYLENGTH;
    3885           0 :               sprintf( r->u.value, "%u", nbits);
    3886           0 :               r->next = para;
    3887           0 :               para = r;
    3888             :             }
    3889           0 :           r = xmalloc_clear( sizeof *r + 20 );
    3890           0 :           r->key = pKEYUSAGE;
    3891           0 :           strcpy( r->u.value, "sign" );
    3892           0 :           r->next = para;
    3893           0 :           para = r;
    3894             : 
    3895           0 :           r = xmalloc_clear( sizeof *r + 20 );
    3896           0 :           r->key = pSUBKEYTYPE;
    3897           0 :           sprintf( r->u.value, "%d", subkey_algo);
    3898           0 :           r->next = para;
    3899           0 :           para = r;
    3900           0 :           r = xmalloc_clear( sizeof *r + 20 );
    3901           0 :           r->key = pSUBKEYUSAGE;
    3902           0 :           strcpy( r->u.value, "encrypt" );
    3903           0 :           r->next = para;
    3904           0 :           para = r;
    3905             : 
    3906           0 :           if (algo == PUBKEY_ALGO_ECDSA
    3907           0 :               || algo == PUBKEY_ALGO_EDDSA
    3908           0 :               || algo == PUBKEY_ALGO_ECDH)
    3909             :             {
    3910           0 :               if (algo == PUBKEY_ALGO_EDDSA
    3911           0 :                   && subkey_algo == PUBKEY_ALGO_ECDH)
    3912             :                 {
    3913             :                   /* Need to switch to a different curve for the
    3914             :                      encryption key.  */
    3915           0 :                   xfree (curve);
    3916           0 :                   curve = xstrdup ("Curve25519");
    3917             :                 }
    3918           0 :               r = xmalloc_clear (sizeof *r + strlen (curve));
    3919           0 :               r->key = pSUBKEYCURVE;
    3920           0 :               strcpy (r->u.value, curve);
    3921           0 :               r->next = para;
    3922           0 :               para = r;
    3923             :             }
    3924             :         }
    3925             :       else /* Create only a single key.  */
    3926             :         {
    3927             :           /* For ECC we need to ask for the curve before storing the
    3928             :              algo because ask_curve may change the algo.  */
    3929           0 :           if (algo == PUBKEY_ALGO_ECDSA
    3930           0 :               || algo == PUBKEY_ALGO_EDDSA
    3931           0 :               || algo == PUBKEY_ALGO_ECDH)
    3932             :             {
    3933           0 :               curve = ask_curve (&algo, NULL);
    3934           0 :               r = xmalloc_clear (sizeof *r + strlen (curve));
    3935           0 :               r->key = pKEYCURVE;
    3936           0 :               strcpy (r->u.value, curve);
    3937           0 :               r->next = para;
    3938           0 :               para = r;
    3939             :             }
    3940             : 
    3941           0 :           r = xmalloc_clear( sizeof *r + 20 );
    3942           0 :           r->key = pKEYTYPE;
    3943           0 :           sprintf( r->u.value, "%d", algo );
    3944           0 :           r->next = para;
    3945           0 :           para = r;
    3946             : 
    3947           0 :           if (use)
    3948             :             {
    3949           0 :               r = xmalloc_clear( sizeof *r + 25 );
    3950           0 :               r->key = pKEYUSAGE;
    3951           0 :               sprintf( r->u.value, "%s%s%s",
    3952           0 :                        (use & PUBKEY_USAGE_SIG)? "sign ":"",
    3953           0 :                        (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
    3954           0 :                        (use & PUBKEY_USAGE_AUTH)? "auth":"" );
    3955           0 :               r->next = para;
    3956           0 :               para = r;
    3957             :             }
    3958           0 :           nbits = 0;
    3959             :         }
    3960             : 
    3961           0 :       if (algo == PUBKEY_ALGO_ECDSA
    3962           0 :           || algo == PUBKEY_ALGO_EDDSA
    3963           0 :           || algo == PUBKEY_ALGO_ECDH)
    3964             :         {
    3965             :           /* The curve has already been set.  */
    3966             :         }
    3967             :       else
    3968             :         {
    3969           0 :           nbits = ask_keysize (both? subkey_algo : algo, nbits);
    3970           0 :           r = xmalloc_clear( sizeof *r + 20 );
    3971           0 :           r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
    3972           0 :           sprintf( r->u.value, "%u", nbits);
    3973           0 :           r->next = para;
    3974           0 :           para = r;
    3975             :         }
    3976             : 
    3977           0 :       xfree (curve);
    3978             :     }
    3979             :   else /* Default key generation.  */
    3980             :     {
    3981           0 :       tty_printf ( _("Note: Use \"%s %s\""
    3982             :                      " for a full featured key generation dialog.\n"),
    3983             : #if USE_GPG2_HACK
    3984             :                    GPG_NAME "2"
    3985             : #else
    3986             :                    GPG_NAME
    3987             : #endif
    3988             :                    , "--full-gen-key" );
    3989           0 :       para = quickgen_set_para (para, 0,
    3990             :                                 DEFAULT_STD_ALGO, DEFAULT_STD_KEYSIZE,
    3991             :                                 DEFAULT_STD_CURVE, 0);
    3992           0 :       para = quickgen_set_para (para, 1,
    3993             :                                 DEFAULT_STD_SUBALGO, DEFAULT_STD_SUBKEYSIZE,
    3994             :                                 DEFAULT_STD_SUBCURVE, 0);
    3995             :     }
    3996             : 
    3997             : 
    3998           0 :   expire = full? ask_expire_interval (0, NULL) : 0;
    3999           0 :   r = xcalloc (1, sizeof *r + 20);
    4000           0 :   r->key = pKEYEXPIRE;
    4001           0 :   r->u.expire = expire;
    4002           0 :   r->next = para;
    4003           0 :   para = r;
    4004           0 :   r = xcalloc (1, sizeof *r + 20);
    4005           0 :   r->key = pSUBKEYEXPIRE;
    4006           0 :   r->u.expire = expire;
    4007           0 :   r->next = para;
    4008           0 :   para = r;
    4009             : 
    4010           0 :   uid = ask_user_id (0, full, NULL);
    4011           0 :   if (!uid)
    4012             :     {
    4013           0 :       log_error(_("Key generation canceled.\n"));
    4014           0 :       release_parameter_list( para );
    4015           0 :       return;
    4016             :     }
    4017           0 :   r = xcalloc (1, sizeof *r + strlen (uid));
    4018           0 :   r->key = pUSERID;
    4019           0 :   strcpy (r->u.value, uid);
    4020           0 :   r->next = para;
    4021           0 :   para = r;
    4022             : 
    4023           0 :   proc_parameter_file (ctrl, para, "[internal]", &outctrl, !!card_serialno);
    4024           0 :   release_parameter_list (para);
    4025             : }
    4026             : 
    4027             : 
    4028             : /* Create and delete a dummy packet to start off a list of kbnodes. */
    4029             : static void
    4030           3 : start_tree(KBNODE *tree)
    4031             : {
    4032             :   PACKET *pkt;
    4033             : 
    4034           3 :   pkt=xmalloc_clear(sizeof(*pkt));
    4035           3 :   pkt->pkttype=PKT_NONE;
    4036           3 :   *tree=new_kbnode(pkt);
    4037           3 :   delete_kbnode(*tree);
    4038           3 : }
    4039             : 
    4040             : 
    4041             : /* Write the *protected* secret key to the file.  */
    4042             : static gpg_error_t
    4043           0 : card_write_key_to_backup_file (PKT_public_key *sk, const char *backup_dir)
    4044             : {
    4045           0 :   gpg_error_t err = 0;
    4046             :   int rc;
    4047             :   char keyid_buffer[2 * 8 + 1];
    4048             :   char name_buffer[50];
    4049             :   char *fname;
    4050             :   IOBUF fp;
    4051             :   mode_t oldmask;
    4052           0 :   PACKET *pkt = NULL;
    4053             : 
    4054           0 :   format_keyid (pk_keyid (sk), KF_LONG, keyid_buffer, sizeof (keyid_buffer));
    4055           0 :   snprintf (name_buffer, sizeof name_buffer, "sk_%s.gpg", keyid_buffer);
    4056             : 
    4057           0 :   fname = make_filename (backup_dir, name_buffer, NULL);
    4058             :   /* Note that the umask call is not anymore needed because
    4059             :      iobuf_create now takes care of it.  However, it does not harm
    4060             :      and thus we keep it.  */
    4061           0 :   oldmask = umask (077);
    4062           0 :   if (is_secured_filename (fname))
    4063             :     {
    4064           0 :       fp = NULL;
    4065           0 :       gpg_err_set_errno (EPERM);
    4066             :     }
    4067             :   else
    4068           0 :     fp = iobuf_create (fname, 1);
    4069           0 :   umask (oldmask);
    4070           0 :   if (!fp)
    4071             :     {
    4072           0 :       err = gpg_error_from_syserror ();
    4073           0 :       log_error (_("can't create backup file '%s': %s\n"), fname, strerror (errno) );
    4074           0 :       goto leave;
    4075             :     }
    4076             : 
    4077           0 :   pkt = xcalloc (1, sizeof *pkt);
    4078           0 :   pkt->pkttype = PKT_SECRET_KEY;
    4079           0 :   pkt->pkt.secret_key = sk;
    4080             : 
    4081           0 :   rc = build_packet (fp, pkt);
    4082           0 :   if (rc)
    4083             :     {
    4084           0 :       log_error ("build packet failed: %s\n", gpg_strerror (rc));
    4085           0 :       iobuf_cancel (fp);
    4086             :     }
    4087             :   else
    4088             :     {
    4089             :       char *fprbuf;
    4090             : 
    4091           0 :       iobuf_close (fp);
    4092           0 :       iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
    4093           0 :       log_info (_("Note: backup of card key saved to '%s'\n"), fname);
    4094             : 
    4095           0 :       fprbuf = hexfingerprint (sk, NULL, 0);
    4096           0 :       write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED, fprbuf,
    4097             :                                     fname, strlen (fname), 0);
    4098           0 :       xfree (fprbuf);
    4099             :     }
    4100             : 
    4101             :  leave:
    4102           0 :   xfree (pkt);
    4103           0 :   xfree (fname);
    4104           0 :   return err;
    4105             : }
    4106             : 
    4107             : 
    4108             : /* Store key to card and make a backup file in OpenPGP format.  */
    4109             : static gpg_error_t
    4110           0 : card_store_key_with_backup (ctrl_t ctrl, PKT_public_key *sub_psk,
    4111             :                             const char *backup_dir)
    4112             : {
    4113             :   PKT_public_key *sk;
    4114             :   gnupg_isotime_t timestamp;
    4115             :   gpg_error_t err;
    4116             :   char *hexgrip;
    4117             :   int rc;
    4118             :   struct agent_card_info_s info;
    4119           0 :   gcry_cipher_hd_t cipherhd = NULL;
    4120           0 :   char *cache_nonce = NULL;
    4121           0 :   void *kek = NULL;
    4122             :   size_t keklen;
    4123             : 
    4124           0 :   sk = copy_public_key (NULL, sub_psk);
    4125           0 :   if (!sk)
    4126           0 :     return gpg_error_from_syserror ();
    4127             : 
    4128           0 :   epoch2isotime (timestamp, (time_t)sk->timestamp);
    4129           0 :   err = hexkeygrip_from_pk (sk, &hexgrip);
    4130           0 :   if (err)
    4131           0 :     return err;
    4132             : 
    4133           0 :   memset(&info, 0, sizeof (info));
    4134           0 :   rc = agent_scd_getattr ("SERIALNO", &info);
    4135           0 :   if (rc)
    4136           0 :     return (gpg_error_t)rc;
    4137             : 
    4138           0 :   rc = agent_keytocard (hexgrip, 2, 1, info.serialno, timestamp);
    4139           0 :   xfree (info.serialno);
    4140           0 :   if (rc)
    4141             :     {
    4142           0 :       err = (gpg_error_t)rc;
    4143           0 :       goto leave;
    4144             :     }
    4145             : 
    4146           0 :   err = agent_keywrap_key (ctrl, 1, &kek, &keklen);
    4147           0 :   if (err)
    4148             :     {
    4149           0 :       log_error ("error getting the KEK: %s\n", gpg_strerror (err));
    4150           0 :       goto leave;
    4151             :     }
    4152             : 
    4153           0 :   err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
    4154             :                           GCRY_CIPHER_MODE_AESWRAP, 0);
    4155           0 :   if (!err)
    4156           0 :     err = gcry_cipher_setkey (cipherhd, kek, keklen);
    4157           0 :   if (err)
    4158             :     {
    4159           0 :       log_error ("error setting up an encryption context: %s\n",
    4160             :                  gpg_strerror (err));
    4161           0 :       goto leave;
    4162             :     }
    4163             : 
    4164           0 :   err = receive_seckey_from_agent (ctrl, cipherhd, 0,
    4165             :                                    &cache_nonce, hexgrip, sk);
    4166           0 :   if (err)
    4167             :     {
    4168           0 :       log_error ("error getting secret key from agent: %s\n",
    4169             :                  gpg_strerror (err));
    4170           0 :       goto leave;
    4171             :     }
    4172             : 
    4173           0 :   err = card_write_key_to_backup_file (sk, backup_dir);
    4174           0 :   if (err)
    4175           0 :     log_error ("writing card key to backup file: %s\n", gpg_strerror (err));
    4176             :   else
    4177             :     /* Remove secret key data in agent side.  */
    4178           0 :     agent_scd_learn (NULL, 1);
    4179             : 
    4180             :  leave:
    4181           0 :   xfree (cache_nonce);
    4182           0 :   gcry_cipher_close (cipherhd);
    4183           0 :   xfree (kek);
    4184           0 :   xfree (hexgrip);
    4185           0 :   free_public_key (sk);
    4186           0 :   return err;
    4187             : }
    4188             : 
    4189             : 
    4190             : static void
    4191           3 : do_generate_keypair (ctrl_t ctrl, struct para_data_s *para,
    4192             :                      struct output_control_s *outctrl, int card)
    4193             : {
    4194             :   gpg_error_t err;
    4195           3 :   KBNODE pub_root = NULL;
    4196             :   const char *s;
    4197           3 :   PKT_public_key *pri_psk = NULL;
    4198           3 :   PKT_public_key *sub_psk = NULL;
    4199             :   struct revocation_key *revkey;
    4200           3 :   int did_sub = 0;
    4201             :   u32 timestamp;
    4202           3 :   char *cache_nonce = NULL;
    4203             : 
    4204           3 :   if (outctrl->dryrun)
    4205             :     {
    4206           0 :       log_info("dry-run mode - key generation skipped\n");
    4207           0 :       return;
    4208             :     }
    4209             : 
    4210           3 :   if ( outctrl->use_files )
    4211             :     {
    4212           0 :       if ( outctrl->pub.newfname )
    4213             :         {
    4214           0 :           iobuf_close(outctrl->pub.stream);
    4215           0 :           outctrl->pub.stream = NULL;
    4216           0 :           if (outctrl->pub.fname)
    4217           0 :             iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE,
    4218           0 :                          0, (char*)outctrl->pub.fname);
    4219           0 :           xfree( outctrl->pub.fname );
    4220           0 :           outctrl->pub.fname =  outctrl->pub.newfname;
    4221           0 :           outctrl->pub.newfname = NULL;
    4222             : 
    4223           0 :           if (is_secured_filename (outctrl->pub.fname) )
    4224             :             {
    4225           0 :               outctrl->pub.stream = NULL;
    4226           0 :               gpg_err_set_errno (EPERM);
    4227             :             }
    4228             :           else
    4229           0 :             outctrl->pub.stream = iobuf_create (outctrl->pub.fname, 0);
    4230           0 :           if (!outctrl->pub.stream)
    4231             :             {
    4232           0 :               log_error(_("can't create '%s': %s\n"), outctrl->pub.newfname,
    4233           0 :                         strerror(errno) );
    4234           0 :               return;
    4235             :             }
    4236           0 :           if (opt.armor)
    4237             :             {
    4238           0 :               outctrl->pub.afx->what = 1;
    4239           0 :               push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
    4240             :             }
    4241             :         }
    4242           0 :       log_assert( outctrl->pub.stream );
    4243           0 :       if (opt.verbose)
    4244           0 :         log_info (_("writing public key to '%s'\n"), outctrl->pub.fname );
    4245             :     }
    4246             : 
    4247             : 
    4248             :   /* We create the packets as a tree of kbnodes.  Because the
    4249             :      structure we create is known in advance we simply generate a
    4250             :      linked list.  The first packet is a dummy packet which we flag as
    4251             :      deleted.  The very first packet must always be a KEY packet.  */
    4252             : 
    4253           3 :   start_tree (&pub_root);
    4254             : 
    4255           3 :   timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
    4256           3 :   if (!timestamp)
    4257           3 :     timestamp = make_timestamp ();
    4258             : 
    4259             :   /* Note that, depending on the backend (i.e. the used scdaemon
    4260             :      version), the card key generation may update TIMESTAMP for each
    4261             :      key.  Thus we need to pass TIMESTAMP to all signing function to
    4262             :      make sure that the binding signature is done using the timestamp
    4263             :      of the corresponding (sub)key and not that of the primary key.
    4264             :      An alternative implementation could tell the signing function the
    4265             :      node of the subkey but that is more work than just to pass the
    4266             :      current timestamp.  */
    4267             : 
    4268           3 :   if (!card)
    4269           6 :     err = do_create (get_parameter_algo( para, pKEYTYPE, NULL ),
    4270             :                      get_parameter_uint( para, pKEYLENGTH ),
    4271             :                      get_parameter_value (para, pKEYCURVE),
    4272             :                      pub_root,
    4273             :                      timestamp,
    4274             :                      get_parameter_u32( para, pKEYEXPIRE ), 0,
    4275           3 :                      outctrl->keygen_flags,
    4276             :                      get_parameter_passphrase (para),
    4277             :                      &cache_nonce, NULL);
    4278             :   else
    4279           0 :     err = gen_card_key (1, get_parameter_algo( para, pKEYTYPE, NULL ),
    4280             :                         1, pub_root, &timestamp,
    4281             :                         get_parameter_u32 (para, pKEYEXPIRE));
    4282             : 
    4283             :   /* Get the pointer to the generated public key packet.  */
    4284           3 :   if (!err)
    4285             :     {
    4286           3 :       pri_psk = pub_root->next->pkt->pkt.public_key;
    4287           3 :       log_assert (pri_psk);
    4288             : 
    4289             :       /* Make sure a few fields are correctly set up before going
    4290             :          further.  */
    4291           3 :       pri_psk->flags.primary = 1;
    4292           3 :       keyid_from_pk (pri_psk, NULL);
    4293             :       /* We don't use pk_keyid to get keyid, because it also asserts
    4294             :          that main_keyid is set!  */
    4295           3 :       keyid_copy (pri_psk->main_keyid, pri_psk->keyid);
    4296             :     }
    4297             : 
    4298           3 :   if (!err && (revkey = get_parameter_revkey (para, pREVOKER)))
    4299           0 :     err = write_direct_sig (pub_root, pri_psk, revkey, timestamp, cache_nonce);
    4300             : 
    4301           3 :   if (!err && (s = get_parameter_value (para, pUSERID)))
    4302             :     {
    4303           3 :       write_uid (pub_root, s );
    4304           3 :       err = write_selfsigs (pub_root, pri_psk,
    4305             :                             get_parameter_uint (para, pKEYUSAGE), timestamp,
    4306             :                             cache_nonce);
    4307             :     }
    4308             : 
    4309             :   /* Write the auth key to the card before the encryption key.  This
    4310             :      is a partial workaround for a PGP bug (as of this writing, all
    4311             :      versions including 8.1), that causes it to try and encrypt to
    4312             :      the most recent subkey regardless of whether that subkey is
    4313             :      actually an encryption type.  In this case, the auth key is an
    4314             :      RSA key so it succeeds. */
    4315             : 
    4316           3 :   if (!err && card && get_parameter (para, pAUTHKEYTYPE))
    4317             :     {
    4318           0 :       err = gen_card_key (3, get_parameter_algo( para, pAUTHKEYTYPE, NULL ),
    4319             :                           0, pub_root, &timestamp,
    4320             :                           get_parameter_u32 (para, pKEYEXPIRE));
    4321           0 :       if (!err)
    4322           0 :         err = write_keybinding (pub_root, pri_psk, NULL,
    4323             :                                 PUBKEY_USAGE_AUTH, timestamp, cache_nonce);
    4324             :     }
    4325             : 
    4326           3 :   if (!err && get_parameter (para, pSUBKEYTYPE))
    4327             :     {
    4328           2 :       sub_psk = NULL;
    4329           2 :       s = NULL;
    4330           2 :       if (!card || (s = get_parameter_value (para, pCARDBACKUPKEY)))
    4331             :         {
    4332           4 :           err = do_create (get_parameter_algo (para, pSUBKEYTYPE, NULL),
    4333             :                            get_parameter_uint (para, pSUBKEYLENGTH),
    4334             :                            get_parameter_value (para, pSUBKEYCURVE),
    4335             :                            pub_root,
    4336             :                            timestamp,
    4337             :                            get_parameter_u32 (para, pSUBKEYEXPIRE), 1,
    4338           2 :                            s ? KEYGEN_FLAG_NO_PROTECTION : outctrl->keygen_flags,
    4339             :                            get_parameter_passphrase (para),
    4340             :                            &cache_nonce, NULL);
    4341             :           /* Get the pointer to the generated public subkey packet.  */
    4342           4 :           if (!err)
    4343             :             {
    4344             :               kbnode_t node;
    4345             : 
    4346          12 :               for (node = pub_root; node; node = node->next)
    4347          10 :                 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    4348           2 :                   sub_psk = node->pkt->pkt.public_key;
    4349           2 :               log_assert (sub_psk);
    4350             : 
    4351           2 :               if (s)
    4352           0 :                 err = card_store_key_with_backup (ctrl,
    4353             :                                                   sub_psk, gnupg_homedir ());
    4354             :             }
    4355             :         }
    4356             :       else
    4357             :         {
    4358           0 :           err = gen_card_key (2, get_parameter_algo (para, pSUBKEYTYPE, NULL),
    4359             :                               0, pub_root, &timestamp,
    4360             :                               get_parameter_u32 (para, pKEYEXPIRE));
    4361             :         }
    4362             : 
    4363           2 :       if (!err)
    4364           2 :         err = write_keybinding (pub_root, pri_psk, sub_psk,
    4365             :                                 get_parameter_uint (para, pSUBKEYUSAGE),
    4366             :                                 timestamp, cache_nonce);
    4367           2 :       did_sub = 1;
    4368             :     }
    4369             : 
    4370           3 :   if (!err && outctrl->use_files)  /* Direct write to specified files.  */
    4371             :     {
    4372           0 :       err = write_keyblock (outctrl->pub.stream, pub_root);
    4373           0 :       if (err)
    4374           0 :         log_error ("can't write public key: %s\n", gpg_strerror (err));
    4375             :     }
    4376           3 :   else if (!err) /* Write to the standard keyrings.  */
    4377             :     {
    4378             :       KEYDB_HANDLE pub_hd;
    4379             : 
    4380           3 :       pub_hd = keydb_new ();
    4381           3 :       if (!pub_hd)
    4382           0 :         err = gpg_error_from_syserror ();
    4383             :       else
    4384             :         {
    4385           3 :           err = keydb_locate_writable (pub_hd);
    4386           3 :           if (err)
    4387           0 :             log_error (_("no writable public keyring found: %s\n"),
    4388             :                        gpg_strerror (err));
    4389             :         }
    4390             : 
    4391           3 :       if (!err && opt.verbose)
    4392             :         {
    4393           0 :           log_info (_("writing public key to '%s'\n"),
    4394             :                     keydb_get_resource_name (pub_hd));
    4395             :         }
    4396             : 
    4397           3 :       if (!err)
    4398             :         {
    4399           3 :           err = keydb_insert_keyblock (pub_hd, pub_root);
    4400           3 :           if (err)
    4401           0 :             log_error (_("error writing public keyring '%s': %s\n"),
    4402             :                        keydb_get_resource_name (pub_hd), gpg_strerror (err));
    4403             :         }
    4404             : 
    4405           3 :       keydb_release (pub_hd);
    4406             : 
    4407           3 :       if (!err)
    4408             :         {
    4409             :           int no_enc_rsa;
    4410             :           PKT_public_key *pk;
    4411             : 
    4412           6 :           no_enc_rsa = ((get_parameter_algo (para, pKEYTYPE, NULL)
    4413             :                          == PUBKEY_ALGO_RSA)
    4414           2 :                         && get_parameter_uint (para, pKEYUSAGE)
    4415           7 :                         && !((get_parameter_uint (para, pKEYUSAGE)
    4416           2 :                               & PUBKEY_USAGE_ENC)) );
    4417             : 
    4418           3 :           pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
    4419             : 
    4420           3 :           keyid_from_pk (pk, pk->main_keyid);
    4421           3 :           register_trusted_keyid (pk->main_keyid);
    4422             : 
    4423           3 :           update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
    4424             :                                   | TRUST_ULTIMATE ));
    4425             : 
    4426           3 :           gen_standard_revoke (pk, cache_nonce);
    4427             : 
    4428             :           /* Get rid of the first empty packet.  */
    4429           3 :           commit_kbnode (&pub_root);
    4430             : 
    4431           3 :           if (!opt.batch)
    4432             :             {
    4433           0 :               tty_printf (_("public and secret key created and signed.\n") );
    4434           0 :               tty_printf ("\n");
    4435           0 :               merge_keys_and_selfsig (pub_root);
    4436           0 :               list_keyblock_direct (ctrl, pub_root, 0, 1, 1, 1);
    4437             :             }
    4438             : 
    4439             : 
    4440           3 :           if (!opt.batch
    4441           0 :               && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
    4442           0 :                   || no_enc_rsa )
    4443           0 :               && !get_parameter (para, pSUBKEYTYPE) )
    4444             :             {
    4445           0 :               tty_printf(_("Note that this key cannot be used for "
    4446             :                            "encryption.  You may want to use\n"
    4447             :                            "the command \"--edit-key\" to generate a "
    4448             :                            "subkey for this purpose.\n") );
    4449             :             }
    4450             :         }
    4451             :     }
    4452             : 
    4453           3 :   if (err)
    4454             :     {
    4455           0 :       if (opt.batch)
    4456           0 :         log_error ("key generation failed: %s\n", gpg_strerror (err) );
    4457             :       else
    4458           0 :         tty_printf (_("Key generation failed: %s\n"), gpg_strerror (err) );
    4459           0 :       write_status_error (card? "card_key_generate":"key_generate", err);
    4460           0 :       print_status_key_not_created ( get_parameter_value (para, pHANDLE) );
    4461             :     }
    4462             :   else
    4463             :     {
    4464           6 :       PKT_public_key *pk = find_kbnode (pub_root,
    4465           3 :                                         PKT_PUBLIC_KEY)->pkt->pkt.public_key;
    4466           3 :       print_status_key_created (did_sub? 'B':'P', pk,
    4467             :                                 get_parameter_value (para, pHANDLE));
    4468             :     }
    4469             : 
    4470           3 :   release_kbnode (pub_root);
    4471           3 :   xfree (cache_nonce);
    4472             : }
    4473             : 
    4474             : 
    4475             : static gpg_error_t
    4476           0 : parse_algo_usage_expire (ctrl_t ctrl, int for_subkey,
    4477             :                          const char *algostr, const char *usagestr,
    4478             :                          const char *expirestr,
    4479             :                          int *r_algo, unsigned int *r_usage, u32 *r_expire,
    4480             :                          unsigned int *r_nbits, char **r_curve)
    4481             : {
    4482             :   int algo;
    4483             :   unsigned int use, nbits;
    4484             :   u32 expire;
    4485             :   int wantuse;
    4486             :   unsigned int min, def, max;
    4487           0 :   const char *curve = NULL;
    4488           0 :   int eccalgo = 0;
    4489             : 
    4490           0 :   *r_curve = NULL;
    4491             : 
    4492           0 :   nbits = 0;
    4493             :   /* Parse the algo string.  */
    4494           0 :   if (!algostr || !*algostr
    4495           0 :       || !strcmp (algostr, "default") || !strcmp (algostr, "-"))
    4496             :     {
    4497           0 :       algo  = for_subkey? DEFAULT_STD_SUBALGO    : DEFAULT_STD_ALGO;
    4498           0 :       use   = for_subkey? DEFAULT_STD_SUBKEYUSE  : DEFAULT_STD_KEYUSE;
    4499           0 :       nbits = for_subkey? DEFAULT_STD_SUBKEYSIZE : DEFAULT_STD_KEYSIZE;
    4500           0 :       curve = for_subkey? DEFAULT_STD_SUBCURVE   : DEFAULT_STD_CURVE;
    4501             :     }
    4502           0 :   else if (!strcmp (algostr, "future-default"))
    4503             :     {
    4504           0 :       algo  = for_subkey? FUTURE_STD_SUBALGO    : FUTURE_STD_ALGO;
    4505           0 :       use   = for_subkey? FUTURE_STD_SUBKEYUSE  : FUTURE_STD_KEYUSE;
    4506           0 :       nbits = for_subkey? FUTURE_STD_SUBKEYSIZE : FUTURE_STD_KEYSIZE;
    4507           0 :       curve = for_subkey? FUTURE_STD_SUBCURVE   : FUTURE_STD_CURVE;
    4508             :     }
    4509           0 :   else if (*algostr == '&' && strlen (algostr) == 41)
    4510             :     {
    4511             :       /* Take algo from existing key.  */
    4512           0 :       algo = check_keygrip (ctrl, algostr+1);
    4513             :       /* FIXME: We need the curve name as well.  */
    4514           0 :       return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
    4515             :     }
    4516           0 :   else if (!strncmp (algostr, "rsa", 3))
    4517             :     {
    4518           0 :       algo = PUBKEY_ALGO_RSA;
    4519           0 :       use = for_subkey? DEFAULT_STD_SUBKEYUSE : DEFAULT_STD_KEYUSE;
    4520           0 :       if (algostr[3])
    4521           0 :         nbits = atoi (algostr + 3);
    4522             :     }
    4523           0 :   else if (!strncmp (algostr, "elg", 3))
    4524             :     {
    4525           0 :       algo = PUBKEY_ALGO_ELGAMAL_E;
    4526           0 :       use = PUBKEY_USAGE_ENC;
    4527           0 :       if (algostr[3])
    4528           0 :         nbits = atoi (algostr + 3);
    4529             :     }
    4530           0 :   else if (!strncmp (algostr, "dsa", 3))
    4531             :     {
    4532           0 :       algo = PUBKEY_ALGO_DSA;
    4533           0 :       use = PUBKEY_USAGE_SIG;
    4534           0 :       if (algostr[3])
    4535           0 :         nbits = atoi (algostr + 3);
    4536             :     }
    4537           0 :   else if ((curve = openpgp_is_curve_supported (algostr, &algo)))
    4538             :     {
    4539           0 :       if (!algo)
    4540             :         {
    4541           0 :           algo = PUBKEY_ALGO_ECDH; /* Default ECC algorithm.  */
    4542           0 :           eccalgo = 1;  /* Remember - we may need to fix it up.  */
    4543             :         }
    4544             : 
    4545           0 :       if (algo == PUBKEY_ALGO_ECDSA || algo == PUBKEY_ALGO_EDDSA)
    4546           0 :         use = PUBKEY_USAGE_SIG;
    4547             :       else
    4548           0 :         use = PUBKEY_USAGE_ENC;
    4549             :     }
    4550             :   else
    4551           0 :     return gpg_error (GPG_ERR_UNKNOWN_CURVE);
    4552             : 
    4553             :   /* Parse the usage string.  */
    4554           0 :   if (!usagestr || !*usagestr
    4555           0 :       || !strcmp (usagestr, "default") || !strcmp (usagestr, "-"))
    4556             :     ; /* Keep default usage */
    4557           0 :   else if ((wantuse = parse_usagestr (usagestr)) != -1)
    4558             :     {
    4559           0 :       use = wantuse;
    4560           0 :       if (eccalgo && !(use & PUBKEY_USAGE_ENC))
    4561           0 :         algo = PUBKEY_ALGO_ECDSA; /* Switch from ECDH to ECDSA.  */
    4562             :     }
    4563             :   else
    4564           0 :     return gpg_error (GPG_ERR_INV_VALUE);
    4565             : 
    4566             :   /* Make sure a primary key has the CERT usage.  */
    4567           0 :   if (!for_subkey)
    4568           0 :     use |= PUBKEY_USAGE_CERT;
    4569             : 
    4570             :   /* Check that usage is possible.  */
    4571           0 :   if (/**/((use & (PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH|PUBKEY_USAGE_CERT))
    4572           0 :            && !pubkey_get_nsig (algo))
    4573           0 :        || ((use & PUBKEY_USAGE_ENC)
    4574           0 :            && !pubkey_get_nenc (algo))
    4575           0 :        || (for_subkey && (use & PUBKEY_USAGE_CERT)))
    4576           0 :     return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
    4577             : 
    4578             :   /* Parse the expire string.  */
    4579           0 :   expire = parse_expire_string (expirestr);
    4580           0 :   if (expire == (u32)-1 )
    4581           0 :     return gpg_error (GPG_ERR_INV_VALUE);
    4582             : 
    4583             :   /* Make sure the keysize is in the allowed range.  */
    4584           0 :   get_keysize_range (algo, &min, &def, &max);
    4585           0 :   if (!nbits)
    4586           0 :     nbits = def;
    4587           0 :   else if (nbits < min)
    4588           0 :     nbits = min;
    4589           0 :   else if (nbits > max)
    4590           0 :     nbits = max;
    4591             : 
    4592           0 :   nbits = fixup_keysize (nbits, algo, 1);
    4593             : 
    4594           0 :   if (curve)
    4595             :     {
    4596           0 :       *r_curve = xtrystrdup (curve);
    4597           0 :       if (!*r_curve)
    4598           0 :         return gpg_error_from_syserror ();
    4599             :     }
    4600           0 :   *r_algo = algo;
    4601           0 :   *r_usage = use;
    4602           0 :   *r_expire = expire;
    4603           0 :   *r_nbits = nbits;
    4604           0 :   return 0;
    4605             : }
    4606             : 
    4607             : 
    4608             : /* Add a new subkey to an existing key.  Returns 0 if a new key has
    4609             :    been generated and put into the keyblocks.  If any of ALGOSTR,
    4610             :    USAGESTR, or EXPIRESTR is NULL interactive mode is used. */
    4611             : gpg_error_t
    4612           0 : generate_subkeypair (ctrl_t ctrl, kbnode_t keyblock, const char *algostr,
    4613             :                      const char *usagestr, const char *expirestr)
    4614             : {
    4615           0 :   gpg_error_t err = 0;
    4616             :   int interactive;
    4617             :   kbnode_t node;
    4618           0 :   PKT_public_key *pri_psk = NULL;
    4619           0 :   PKT_public_key *sub_psk = NULL;
    4620             :   int algo;
    4621             :   unsigned int use;
    4622             :   u32 expire;
    4623           0 :   unsigned int nbits = 0;
    4624           0 :   char *curve = NULL;
    4625             :   u32 cur_time;
    4626           0 :   char *key_from_hexgrip = NULL;
    4627           0 :   char *hexgrip = NULL;
    4628           0 :   char *serialno = NULL;
    4629           0 :   char *cache_nonce = NULL;
    4630           0 :   char *passwd_nonce = NULL;
    4631             : 
    4632           0 :   interactive = (!algostr || !usagestr || !expirestr);
    4633             : 
    4634             :   /* Break out the primary key.  */
    4635           0 :   node = find_kbnode (keyblock, PKT_PUBLIC_KEY);
    4636           0 :   if (!node)
    4637             :     {
    4638           0 :       log_error ("Oops; primary key missing in keyblock!\n");
    4639           0 :       err = gpg_error (GPG_ERR_BUG);
    4640           0 :       goto leave;
    4641             :     }
    4642           0 :   pri_psk = node->pkt->pkt.public_key;
    4643             : 
    4644           0 :   cur_time = make_timestamp ();
    4645             : 
    4646           0 :   if (pri_psk->timestamp > cur_time)
    4647             :     {
    4648           0 :       ulong d = pri_psk->timestamp - cur_time;
    4649           0 :       log_info ( d==1 ? _("key has been created %lu second "
    4650             :                           "in future (time warp or clock problem)\n")
    4651             :                  : _("key has been created %lu seconds "
    4652             :                      "in future (time warp or clock problem)\n"), d );
    4653           0 :       if (!opt.ignore_time_conflict)
    4654             :         {
    4655           0 :           err = gpg_error (GPG_ERR_TIME_CONFLICT);
    4656           0 :           goto leave;
    4657             :         }
    4658             :     }
    4659             : 
    4660           0 :   if (pri_psk->version < 4)
    4661             :     {
    4662           0 :       log_info (_("Note: creating subkeys for v3 keys "
    4663             :                   "is not OpenPGP compliant\n"));
    4664           0 :       err = gpg_error (GPG_ERR_CONFLICT);
    4665           0 :       goto leave;
    4666             :     }
    4667             : 
    4668           0 :   err = hexkeygrip_from_pk (pri_psk, &hexgrip);
    4669           0 :   if (err)
    4670           0 :     goto leave;
    4671           0 :   if (agent_get_keyinfo (NULL, hexgrip, &serialno, NULL))
    4672             :     {
    4673           0 :       if (interactive)
    4674           0 :         tty_printf (_("Secret parts of primary key are not available.\n"));
    4675             :       else
    4676           0 :         log_info (  _("Secret parts of primary key are not available.\n"));
    4677           0 :       err = gpg_error (GPG_ERR_NO_SECKEY);
    4678           0 :       goto leave;
    4679             :     }
    4680           0 :   if (serialno)
    4681             :     {
    4682           0 :       if (interactive)
    4683           0 :         tty_printf (_("Secret parts of primary key are stored on-card.\n"));
    4684             :       else
    4685           0 :         log_info (  _("Secret parts of primary key are stored on-card.\n"));
    4686             :     }
    4687             : 
    4688           0 :   if (interactive)
    4689             :     {
    4690           0 :       algo = ask_algo (ctrl, 1, NULL, &use, &key_from_hexgrip);
    4691           0 :       log_assert (algo);
    4692             : 
    4693           0 :       if (key_from_hexgrip)
    4694           0 :         nbits = 0;
    4695           0 :       else if (algo == PUBKEY_ALGO_ECDSA
    4696           0 :                || algo == PUBKEY_ALGO_EDDSA
    4697           0 :                || algo == PUBKEY_ALGO_ECDH)
    4698           0 :         curve = ask_curve (&algo, NULL);
    4699             :       else
    4700           0 :         nbits = ask_keysize (algo, 0);
    4701             : 
    4702           0 :       expire = ask_expire_interval (0, NULL);
    4703           0 :       if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
    4704           0 :                                                    _("Really create? (y/N) ")))
    4705             :         {
    4706           0 :           err = gpg_error (GPG_ERR_CANCELED);
    4707           0 :           goto leave;
    4708             :         }
    4709             :     }
    4710             :   else /* Unattended mode.  */
    4711             :     {
    4712           0 :       err = parse_algo_usage_expire (ctrl, 1, algostr, usagestr, expirestr,
    4713             :                                      &algo, &use, &expire, &nbits, &curve);
    4714           0 :       if (err)
    4715           0 :         goto leave;
    4716             :     }
    4717             : 
    4718             :   /* Verify the passphrase now so that we get a cache item for the
    4719             :    * primary key passphrase.  The agent also returns a passphrase
    4720             :    * nonce, which we can use to set the passphrase for the subkey to
    4721             :    * that of the primary key.  */
    4722             :   {
    4723           0 :     char *desc = gpg_format_keydesc (pri_psk, FORMAT_KEYDESC_NORMAL, 1);
    4724           0 :     err = agent_passwd (ctrl, hexgrip, desc, 1 /*=verify*/,
    4725             :                         &cache_nonce, &passwd_nonce);
    4726           0 :     xfree (desc);
    4727             :   }
    4728             : 
    4729             :   /* Start creation.  */
    4730           0 :   if (key_from_hexgrip)
    4731             :     {
    4732           0 :       err = do_create_from_keygrip (ctrl, algo, key_from_hexgrip,
    4733             :                                     keyblock, cur_time, expire, 1);
    4734             :     }
    4735             :   else
    4736             :     {
    4737             :       const char *passwd;
    4738             : 
    4739             :       /* If the pinentry loopback mode is not and we have a static
    4740             :          passphrase (i.e. set with --passphrase{,-fd,-file} while in batch
    4741             :          mode), we use that passphrase for the new subkey.  */
    4742           0 :       if (opt.pinentry_mode != PINENTRY_MODE_LOOPBACK
    4743           0 :           && have_static_passphrase ())
    4744           0 :         passwd = get_static_passphrase ();
    4745             :       else
    4746           0 :         passwd = NULL;
    4747             : 
    4748           0 :       err = do_create (algo, nbits, curve,
    4749             :                        keyblock, cur_time, expire, 1, 0,
    4750             :                        passwd, &cache_nonce, &passwd_nonce);
    4751             :     }
    4752           0 :   if (err)
    4753           0 :     goto leave;
    4754             : 
    4755             :   /* Get the pointer to the generated public subkey packet.  */
    4756           0 :   for (node = keyblock; node; node = node->next)
    4757           0 :     if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    4758           0 :       sub_psk = node->pkt->pkt.public_key;
    4759             : 
    4760             :   /* Write the binding signature.  */
    4761           0 :   err = write_keybinding (keyblock, pri_psk, sub_psk, use, cur_time,
    4762             :                           cache_nonce);
    4763           0 :   if (err)
    4764           0 :     goto leave;
    4765             : 
    4766           0 :   print_status_key_created ('S', sub_psk, NULL);
    4767             : 
    4768             : 
    4769             :  leave:
    4770           0 :   xfree (key_from_hexgrip);
    4771           0 :   xfree (curve);
    4772           0 :   xfree (hexgrip);
    4773           0 :   xfree (serialno);
    4774           0 :   xfree (cache_nonce);
    4775           0 :   xfree (passwd_nonce);
    4776           0 :   if (err)
    4777           0 :     log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
    4778           0 :   return err;
    4779             : }
    4780             : 
    4781             : 
    4782             : #ifdef ENABLE_CARD_SUPPORT
    4783             : /* Generate a subkey on a card. */
    4784             : gpg_error_t
    4785           0 : generate_card_subkeypair (kbnode_t pub_keyblock,
    4786             :                           int keyno, const char *serialno)
    4787             : {
    4788           0 :   gpg_error_t err = 0;
    4789             :   kbnode_t node;
    4790           0 :   PKT_public_key *pri_pk = NULL;
    4791             :   unsigned int use;
    4792             :   u32 expire;
    4793             :   u32 cur_time;
    4794           0 :   struct para_data_s *para = NULL;
    4795           0 :   PKT_public_key *sub_pk = NULL;
    4796             :   int algo;
    4797             :   struct agent_card_info_s info;
    4798             : 
    4799           0 :   log_assert (keyno >= 1 && keyno <= 3);
    4800             : 
    4801           0 :   memset (&info, 0, sizeof (info));
    4802           0 :   err = agent_scd_getattr ("KEY-ATTR", &info);
    4803           0 :   if (err)
    4804             :     {
    4805           0 :       log_error (_("error getting current key info: %s\n"), gpg_strerror (err));
    4806           0 :       return err;
    4807             :     }
    4808           0 :   algo = info.key_attr[keyno-1].algo;
    4809             : 
    4810           0 :   para = xtrycalloc (1, sizeof *para + strlen (serialno) );
    4811           0 :   if (!para)
    4812             :     {
    4813           0 :       err = gpg_error_from_syserror ();
    4814           0 :       goto leave;
    4815             :     }
    4816           0 :   para->key = pSERIALNO;
    4817           0 :   strcpy (para->u.value, serialno);
    4818             : 
    4819             :   /* Break out the primary secret key */
    4820           0 :   node = find_kbnode (pub_keyblock, PKT_PUBLIC_KEY);
    4821           0 :   if (!node)
    4822             :     {
    4823           0 :       log_error ("Oops; publkic key lost!\n");
    4824           0 :       err = gpg_error (GPG_ERR_INTERNAL);
    4825           0 :       goto leave;
    4826             :     }
    4827           0 :   pri_pk = node->pkt->pkt.public_key;
    4828             : 
    4829           0 :   cur_time = make_timestamp();
    4830           0 :   if (pri_pk->timestamp > cur_time)
    4831             :     {
    4832           0 :       ulong d = pri_pk->timestamp - cur_time;
    4833           0 :       log_info (d==1 ? _("key has been created %lu second "
    4834             :                          "in future (time warp or clock problem)\n")
    4835             :                      : _("key has been created %lu seconds "
    4836             :                          "in future (time warp or clock problem)\n"), d );
    4837           0 :         if (!opt.ignore_time_conflict)
    4838             :           {
    4839           0 :             err = gpg_error (GPG_ERR_TIME_CONFLICT);
    4840           0 :             goto leave;
    4841             :           }
    4842             :     }
    4843             : 
    4844           0 :   if (pri_pk->version < 4)
    4845             :     {
    4846           0 :       log_info (_("Note: creating subkeys for v3 keys "
    4847             :                   "is not OpenPGP compliant\n"));
    4848           0 :       err = gpg_error (GPG_ERR_NOT_SUPPORTED);
    4849           0 :       goto leave;
    4850             :     }
    4851             : 
    4852           0 :   expire = ask_expire_interval (0, NULL);
    4853           0 :   if (keyno == 1)
    4854           0 :     use = PUBKEY_USAGE_SIG;
    4855           0 :   else if (keyno == 2)
    4856           0 :     use = PUBKEY_USAGE_ENC;
    4857             :   else
    4858           0 :     use = PUBKEY_USAGE_AUTH;
    4859           0 :   if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay",
    4860           0 :                                                _("Really create? (y/N) ")))
    4861             :     {
    4862           0 :       err = gpg_error (GPG_ERR_CANCELED);
    4863           0 :       goto leave;
    4864             :     }
    4865             : 
    4866             :   /* Note, that depending on the backend, the card key generation may
    4867             :      update CUR_TIME.  */
    4868           0 :   err = gen_card_key (keyno, algo, 0, pub_keyblock, &cur_time, expire);
    4869             :   /* Get the pointer to the generated public subkey packet.  */
    4870           0 :   if (!err)
    4871             :     {
    4872           0 :       for (node = pub_keyblock; node; node = node->next)
    4873           0 :         if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
    4874           0 :           sub_pk = node->pkt->pkt.public_key;
    4875           0 :       log_assert (sub_pk);
    4876           0 :       err = write_keybinding (pub_keyblock, pri_pk, sub_pk,
    4877             :                               use, cur_time, NULL);
    4878             :     }
    4879             : 
    4880             :  leave:
    4881           0 :   if (err)
    4882           0 :     log_error (_("Key generation failed: %s\n"), gpg_strerror (err) );
    4883             :   else
    4884           0 :     print_status_key_created ('S', sub_pk, NULL);
    4885           0 :   release_parameter_list (para);
    4886           0 :   return err;
    4887             : }
    4888             : #endif /* !ENABLE_CARD_SUPPORT */
    4889             : 
    4890             : /*
    4891             :  * Write a keyblock to an output stream
    4892             :  */
    4893             : static int
    4894           0 : write_keyblock( IOBUF out, KBNODE node )
    4895             : {
    4896           0 :   for( ; node ; node = node->next )
    4897             :     {
    4898           0 :       if(!is_deleted_kbnode(node))
    4899             :         {
    4900           0 :           int rc = build_packet( out, node->pkt );
    4901           0 :           if( rc )
    4902             :             {
    4903           0 :               log_error("build_packet(%d) failed: %s\n",
    4904           0 :                         node->pkt->pkttype, gpg_strerror (rc) );
    4905           0 :               return rc;
    4906             :             }
    4907             :         }
    4908             :     }
    4909             : 
    4910           0 :   return 0;
    4911             : }
    4912             : 
    4913             : 
    4914             : /* Note that timestamp is an in/out arg. */
    4915             : static gpg_error_t
    4916           0 : gen_card_key (int keyno, int algo, int is_primary, kbnode_t pub_root,
    4917             :               u32 *timestamp, u32 expireval)
    4918             : {
    4919             : #ifdef ENABLE_CARD_SUPPORT
    4920             :   gpg_error_t err;
    4921             :   PACKET *pkt;
    4922             :   PKT_public_key *pk;
    4923             :   char keyid[10];
    4924             :   unsigned char *public;
    4925             :   gcry_sexp_t s_key;
    4926             : 
    4927           0 :   snprintf (keyid, DIM(keyid), "OPENPGP.%d", keyno);
    4928             : 
    4929           0 :   pk = xtrycalloc (1, sizeof *pk );
    4930           0 :   if (!pk)
    4931           0 :     return gpg_error_from_syserror ();
    4932           0 :   pkt = xtrycalloc (1, sizeof *pkt);
    4933           0 :   if (!pkt)
    4934             :     {
    4935           0 :       xfree (pk);
    4936           0 :       return gpg_error_from_syserror ();
    4937             :     }
    4938             : 
    4939             :   /* Note: SCD knows the serialnumber, thus there is no point in passing it.  */
    4940           0 :   err = agent_scd_genkey (keyno, 1, timestamp);
    4941             :   /*  The code below is not used because we force creation of
    4942             :    *  the a card key (3rd arg).
    4943             :    * if (gpg_err_code (rc) == GPG_ERR_EEXIST)
    4944             :    *   {
    4945             :    *     tty_printf ("\n");
    4946             :    *     log_error ("WARNING: key does already exists!\n");
    4947             :    *     tty_printf ("\n");
    4948             :    *     if ( cpr_get_answer_is_yes( "keygen.card.replace_key",
    4949             :    *                                 _("Replace existing key? ")))
    4950             :    *       rc = agent_scd_genkey (keyno, 1, timestamp);
    4951             :    *   }
    4952             :   */
    4953           0 :   if (err)
    4954             :     {
    4955           0 :       log_error ("key generation failed: %s\n", gpg_strerror (err));
    4956           0 :       xfree (pkt);
    4957           0 :       xfree (pk);
    4958           0 :       return err;
    4959             :     }
    4960             : 
    4961             :   /* Send the READKEY command so that the agent creates a shadow key for
    4962             :      card key.  We need to do that now so that we are able to create
    4963             :      the self-signatures. */
    4964           0 :   err = agent_readkey (NULL, 1, keyid, &public);
    4965           0 :   if (err)
    4966           0 :     return err;
    4967           0 :   err = gcry_sexp_sscan (&s_key, NULL, public,
    4968             :                          gcry_sexp_canon_len (public, 0, NULL, NULL));
    4969           0 :   xfree (public);
    4970           0 :   if (err)
    4971           0 :     return err;
    4972             : 
    4973           0 :   if (algo == PUBKEY_ALGO_RSA)
    4974           0 :     err = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
    4975           0 :   else if (algo == PUBKEY_ALGO_ECDSA
    4976           0 :            || algo == PUBKEY_ALGO_EDDSA
    4977           0 :            || algo == PUBKEY_ALGO_ECDH )
    4978           0 :     err = ecckey_from_sexp (pk->pkey, s_key, algo);
    4979             :   else
    4980           0 :     err = gpg_error (GPG_ERR_PUBKEY_ALGO);
    4981           0 :   gcry_sexp_release (s_key);
    4982             : 
    4983           0 :   if (err)
    4984             :     {
    4985           0 :       log_error ("key_from_sexp failed: %s\n", gpg_strerror (err) );
    4986           0 :       free_public_key (pk);
    4987           0 :       return err;
    4988             :     }
    4989             : 
    4990           0 :   pk->timestamp = *timestamp;
    4991           0 :   pk->version = 4;
    4992           0 :   if (expireval)
    4993           0 :     pk->expiredate = pk->timestamp + expireval;
    4994           0 :   pk->pubkey_algo = algo;
    4995             : 
    4996           0 :   pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
    4997           0 :   pkt->pkt.public_key = pk;
    4998           0 :   add_kbnode (pub_root, new_kbnode (pkt));
    4999             : 
    5000           0 :   return 0;
    5001             : #else
    5002             :   (void)keyno;
    5003             :   (void)is_primary;
    5004             :   (void)pub_root;
    5005             :   (void)timestamp;
    5006             :   (void)expireval;
    5007             :   return gpg_error (GPG_ERR_NOT_SUPPORTED);
    5008             : #endif /*!ENABLE_CARD_SUPPORT*/
    5009             : }

Generated by: LCOV version 1.11