search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixed some card related problems.
[gnupg.git] / g10 / keygen.c
blobd60578640e0750e088adcb9b260abcc54dbc65c1
1 /* keygen.c - generate a key pair
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <ctype.h>
26 #include <errno.h>
27 #include <assert.h>
28 #include <sys/types.h>
29 #include <sys/stat.h>
30 #include <unistd.h>
31
32 #include "gpg.h"
33 #include "util.h"
34 #include "main.h"
35 #include "packet.h"
36 #include "cipher.h"
37 #include "ttyio.h"
38 #include "options.h"
39 #include "keydb.h"
40 #include "trustdb.h"
41 #include "status.h"
42 #include "i18n.h"
43 #include "keyserver-internal.h"
44 #include "call-agent.h"
45
46
47 #define MAX_PREFS 30
48
49 enum para_name {
50 pKEYTYPE,
51 pKEYLENGTH,
52 pKEYUSAGE,
53 pSUBKEYTYPE,
54 pSUBKEYLENGTH,
55 pSUBKEYUSAGE,
56 pAUTHKEYTYPE,
57 pNAMEREAL,
58 pNAMEEMAIL,
59 pNAMECOMMENT,
60 pPREFERENCES,
61 pREVOKER,
62 pUSERID,
63 pCREATIONDATE,
64 pKEYCREATIONDATE, /* Same in seconds since epoch. */
65 pEXPIREDATE,
66 pKEYEXPIRE, /* in n seconds */
67 pSUBKEYEXPIRE, /* in n seconds */
68 pPASSPHRASE,
69 pPASSPHRASE_DEK,
70 pPASSPHRASE_S2K,
71 pSERIALNO,
72 pBACKUPENCDIR,
73 pHANDLE,
74 pKEYSERVER
75 };
76
77 struct para_data_s {
78 struct para_data_s *next;
79 int lnr;
80 enum para_name key;
81 union {
82 DEK *dek;
83 STRING2KEY *s2k;
84 u32 expire;
85 u32 creation;
86 unsigned int usage;
87 struct revocation_key revkey;
88 char value[1];
89 } u;
90 };
91
92 struct output_control_s {
93 int lnr;
94 int dryrun;
95 int ask_passphrase;
96 int use_files;
97 struct {
98 char *fname;
99 char *newfname;
100 IOBUF stream;
101 armor_filter_context_t *afx;
102 } pub;
103 struct {
104 char *fname;
105 char *newfname;
106 IOBUF stream;
107 armor_filter_context_t *afx;
108 } sec;
109 };
110
111
112 struct opaque_data_usage_and_pk {
113 unsigned int usage;
114 PKT_public_key *pk;
115 };
116
117
118 static int prefs_initialized = 0;
119 static byte sym_prefs[MAX_PREFS];
120 static int nsym_prefs;
121 static byte hash_prefs[MAX_PREFS];
122 static int nhash_prefs;
123 static byte zip_prefs[MAX_PREFS];
124 static int nzip_prefs;
125 static int mdc_available,ks_modify;
126
127 static void do_generate_keypair( struct para_data_s *para,
128 struct output_control_s *outctrl, int card );
129 static int write_keyblock( IOBUF out, KBNODE node );
130 static int gen_card_key (int algo, int keyno, int is_primary,
131 KBNODE pub_root, KBNODE sec_root,
132 PKT_secret_key **ret_sk,
133 u32 *timestamp,
134 u32 expireval, struct para_data_s *para);
135 static int gen_card_key_with_backup (int algo, int keyno, int is_primary,
136 KBNODE pub_root, KBNODE sec_root,
137 u32 timestamp,
138 u32 expireval, struct para_data_s *para,
139 const char *backup_dir);
140
141
142 static void
143 print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
144 {
145 byte array[MAX_FINGERPRINT_LEN], *s;
146 char *buf, *p;
147 size_t i, n;
148
149 if (!handle)
150 handle = "";
151
152 buf = xmalloc (MAX_FINGERPRINT_LEN*2+31 + strlen (handle) + 1);
153
154 p = buf;
155 if (letter || pk)
156 {
157 *p++ = letter;
158 *p++ = ' ';
159 fingerprint_from_pk (pk, array, &n);
160 s = array;
161 for (i=0; i < n ; i++, s++, p += 2)
162 sprintf (p, "%02X", *s);
163 }
164 if (*handle)
165 {
166 *p++ = ' ';
167 for (i=0; handle[i] && i < 100; i++)
168 *p++ = isspace ((unsigned int)handle[i])? '_':handle[i];
169 }
170 *p = 0;
171 write_status_text ((letter || pk)?STATUS_KEY_CREATED:STATUS_KEY_NOT_CREATED,
172 buf);
173 xfree (buf);
174 }
175
176 static void
177 print_status_key_not_created (const char *handle)
178 {
179 print_status_key_created (0, NULL, handle);
180 }
181
182
183
184 static void
185 write_uid( KBNODE root, const char *s )
186 {
187 PACKET *pkt = xmalloc_clear(sizeof *pkt );
188 size_t n = strlen(s);
189
190 pkt->pkttype = PKT_USER_ID;
191 pkt->pkt.user_id = xmalloc_clear( sizeof *pkt->pkt.user_id + n - 1 );
192 pkt->pkt.user_id->len = n;
193 pkt->pkt.user_id->ref = 1;
194 strcpy(pkt->pkt.user_id->name, s);
195 add_kbnode( root, new_kbnode( pkt ) );
196 }
197
198 static void
199 do_add_key_flags (PKT_signature *sig, unsigned int use)
200 {
201 byte buf[1];
202
203 buf[0] = 0;
204
205 /* The spec says that all primary keys MUST be able to certify. */
206 if(sig->sig_class!=0x18)
207 buf[0] |= 0x01;
208
209 if (use & PUBKEY_USAGE_SIG)
210 buf[0] |= 0x02;
211 if (use & PUBKEY_USAGE_ENC)
212 buf[0] |= 0x04 | 0x08;
213 if (use & PUBKEY_USAGE_AUTH)
214 buf[0] |= 0x20;
215
216 if (!buf[0])
217 return;
218
219 build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
220 }
221
222
223 int
224 keygen_add_key_expire( PKT_signature *sig, void *opaque )
225 {
226 PKT_public_key *pk = opaque;
227 byte buf[8];
228 u32 u;
229
230 if( pk->expiredate ) {
231 if(pk->expiredate > pk->timestamp)
232 u= pk->expiredate - pk->timestamp;
233 else
234 u= 1;
235
236 buf[0] = (u >> 24) & 0xff;
237 buf[1] = (u >> 16) & 0xff;
238 buf[2] = (u >> 8) & 0xff;
239 buf[3] = u & 0xff;
240 build_sig_subpkt( sig, SIGSUBPKT_KEY_EXPIRE, buf, 4 );
241 }
242 else
243 {
244 /* Make sure we don't leave a key expiration subpacket lying
245 around */
246 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE);
247 }
248
249 return 0;
250 }
251
252 static int
253 keygen_add_key_flags_and_expire (PKT_signature *sig, void *opaque)
254 {
255 struct opaque_data_usage_and_pk *oduap = opaque;
256
257 do_add_key_flags (sig, oduap->usage);
258 return keygen_add_key_expire (sig, oduap->pk);
259 }
260
261 static int
262 set_one_pref (int val, int type, const char *item, byte *buf, int *nbuf)
263 {
264 int i;
265
266 for (i=0; i < *nbuf; i++ )
267 if (buf[i] == val)
268 {
269 log_info (_("preference `%s' duplicated\n"), item);
270 return -1;
271 }
272
273 if (*nbuf >= MAX_PREFS)
274 {
275 if(type==1)
276 log_info(_("too many cipher preferences\n"));
277 else if(type==2)
278 log_info(_("too many digest preferences\n"));
279 else if(type==3)
280 log_info(_("too many compression preferences\n"));
281 else
282 BUG();
283
284 return -1;
285 }
286
287 buf[(*nbuf)++] = val;
288 return 0;
289 }
290
291 /*
292 * Parse the supplied string and use it to set the standard
293 * preferences. The string may be in a form like the one printed by
294 * "pref" (something like: "S10 S3 H3 H2 Z2 Z1") or the actual
295 * cipher/hash/compress names. Use NULL to set the default
296 * preferences. Returns: 0 = okay
297 */
298 int
299 keygen_set_std_prefs (const char *string,int personal)
300 {
301 byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
302 int nsym=0, nhash=0, nzip=0, val, rc=0;
303 int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
304 char dummy_string[45+1]; /* Enough for 15 items. */
305
306 if (!string || !ascii_strcasecmp (string, "default"))
307 {
308 if (opt.def_preference_list)
309 string=opt.def_preference_list;
310 else
311 {
312 dummy_string[0]='\0';
313
314 /* The rationale why we use the order AES256,192,128 is
315 for compatibility reasons with PGP. If gpg would
316 define AES128 first, we would get the somewhat
317 confusing situation:
318
319 gpg -r pgpkey -r gpgkey ---gives--> AES256
320 gpg -r gpgkey -r pgpkey ---gives--> AES
321
322 Note that by using --personal-cipher-preferences it is
323 possible to prefer AES128.
324 */
325
326 /* Make sure we do not add more than 15 items here, as we
327 could overflow the size of dummy_string. We currently
328 have at most 12. */
329 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES256) )
330 strcat(dummy_string,"S9 ");
331 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES192) )
332 strcat(dummy_string,"S8 ");
333 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_AES) )
334 strcat(dummy_string,"S7 ");
335 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_CAST5) )
336 strcat(dummy_string,"S3 ");
337 strcat(dummy_string,"S2 "); /* 3DES */
338 /* If we have it, IDEA goes *after* 3DES so it won't be
339 used unless we're encrypting along with a V3 key.
340 Ideally, we would only put the S1 preference in if the
341 key was RSA and <=2048 bits, as that is what won't
342 break PGP2, but that is difficult with the current
343 code, and not really worth checking as a non-RSA <=2048
344 bit key wouldn't be usable by PGP2 anyway. -dms */
345 if ( !openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
346 strcat(dummy_string,"S1 ");
347
348 /* SHA-1 */
349 strcat(dummy_string,"H2 ");
350
351 if (!openpgp_md_test_algo(DIGEST_ALGO_SHA256))
352 strcat(dummy_string,"H8 ");
353
354 /* RIPEMD160 */
355 if (!openpgp_md_test_algo(DIGEST_ALGO_RMD160))
356 strcat(dummy_string,"H3 ");
357
358 /* ZLIB */
359 strcat(dummy_string,"Z2 ");
360
361 if(!check_compress_algo(COMPRESS_ALGO_BZIP2))
362 strcat(dummy_string,"Z3 ");
363
364 /* ZIP */
365 strcat(dummy_string,"Z1");
366
367 string=dummy_string;
368 }
369 }
370 else if (!ascii_strcasecmp (string, "none"))
371 string = "";
372
373 if(strlen(string))
374 {
375 char *tok,*prefstring;
376
377 prefstring=xstrdup(string); /* need a writable string! */
378
379 while((tok=strsep(&prefstring," ,")))
380 {
381 if((val=string_to_cipher_algo (tok)))
382 {
383 if(set_one_pref(val,1,tok,sym,&nsym))
384 rc=-1;
385 }
386 else if((val=string_to_digest_algo (tok)))
387 {
388 if(set_one_pref(val,2,tok,hash,&nhash))
389 rc=-1;
390 }
391 else if((val=string_to_compress_algo(tok))>-1)
392 {
393 if(set_one_pref(val,3,tok,zip,&nzip))
394 rc=-1;
395 }
396 else if (ascii_strcasecmp(tok,"mdc")==0)
397 mdc=1;
398 else if (ascii_strcasecmp(tok,"no-mdc")==0)
399 mdc=0;
400 else if (ascii_strcasecmp(tok,"ks-modify")==0)
401 modify=1;
402 else if (ascii_strcasecmp(tok,"no-ks-modify")==0)
403 modify=0;
404 else
405 {
406 log_info (_("invalid item `%s' in preference string\n"),tok);
407
408 /* Complain if IDEA is not available. */
409 if(ascii_strcasecmp(tok,"s1")==0
410 || ascii_strcasecmp(tok,"idea")==0)
411 idea_cipher_warn(1);
412
413 rc=-1;
414 }
415 }
416
417 xfree(prefstring);
418 }
419
420 if(!rc)
421 {
422 if(personal)
423 {
424 if(personal==PREFTYPE_SYM)
425 {
426 xfree(opt.personal_cipher_prefs);
427
428 if(nsym==0)
429 opt.personal_cipher_prefs=NULL;
430 else
431 {
432 int i;
433
434 opt.personal_cipher_prefs=
435 xmalloc(sizeof(prefitem_t *)*(nsym+1));
436
437 for (i=0; i<nsym; i++)
438 {
439 opt.personal_cipher_prefs[i].type = PREFTYPE_SYM;
440 opt.personal_cipher_prefs[i].value = sym[i];
441 }
442
443 opt.personal_cipher_prefs[i].type = PREFTYPE_NONE;
444 opt.personal_cipher_prefs[i].value = 0;
445 }
446 }
447 else if(personal==PREFTYPE_HASH)
448 {
449 xfree(opt.personal_digest_prefs);
450
451 if(nhash==0)
452 opt.personal_digest_prefs=NULL;
453 else
454 {
455 int i;
456
457 opt.personal_digest_prefs=
458 xmalloc(sizeof(prefitem_t *)*(nhash+1));
459
460 for (i=0; i<nhash; i++)
461 {
462 opt.personal_digest_prefs[i].type = PREFTYPE_HASH;
463 opt.personal_digest_prefs[i].value = hash[i];
464 }
465
466 opt.personal_digest_prefs[i].type = PREFTYPE_NONE;
467 opt.personal_digest_prefs[i].value = 0;
468 }
469 }
470 else if(personal==PREFTYPE_ZIP)
471 {
472 xfree(opt.personal_compress_prefs);
473
474 if(nzip==0)
475 opt.personal_compress_prefs=NULL;
476 else
477 {
478 int i;
479
480 opt.personal_compress_prefs=
481 xmalloc(sizeof(prefitem_t *)*(nzip+1));
482
483 for (i=0; i<nzip; i++)
484 {
485 opt.personal_compress_prefs[i].type = PREFTYPE_ZIP;
486 opt.personal_compress_prefs[i].value = zip[i];
487 }
488
489 opt.personal_compress_prefs[i].type = PREFTYPE_NONE;
490 opt.personal_compress_prefs[i].value = 0;
491 }
492 }
493 }
494 else
495 {
496 memcpy (sym_prefs, sym, (nsym_prefs=nsym));
497 memcpy (hash_prefs, hash, (nhash_prefs=nhash));
498 memcpy (zip_prefs, zip, (nzip_prefs=nzip));
499 mdc_available = mdc;
500 ks_modify = modify;
501 prefs_initialized = 1;
502 }
503 }
504
505 return rc;
506 }
507
508 /* Return a fake user ID containing the preferences. Caller must
509 free. */
510 PKT_user_id *keygen_get_std_prefs(void)
511 {
512 int i,j=0;
513 PKT_user_id *uid=xmalloc_clear(sizeof(PKT_user_id));
514
515 if(!prefs_initialized)
516 keygen_set_std_prefs(NULL,0);
517
518 uid->ref=1;
519
520 uid->prefs=xmalloc((sizeof(prefitem_t *)*
521 (nsym_prefs+nhash_prefs+nzip_prefs+1)));
522
523 for(i=0;i<nsym_prefs;i++,j++)
524 {
525 uid->prefs[j].type=PREFTYPE_SYM;
526 uid->prefs[j].value=sym_prefs[i];
527 }
528
529 for(i=0;i<nhash_prefs;i++,j++)
530 {
531 uid->prefs[j].type=PREFTYPE_HASH;
532 uid->prefs[j].value=hash_prefs[i];
533 }
534
535 for(i=0;i<nzip_prefs;i++,j++)
536 {
537 uid->prefs[j].type=PREFTYPE_ZIP;
538 uid->prefs[j].value=zip_prefs[i];
539 }
540
541 uid->prefs[j].type=PREFTYPE_NONE;
542 uid->prefs[j].value=0;
543
544 uid->flags.mdc=mdc_available;
545 uid->flags.ks_modify=ks_modify;
546
547 return uid;
548 }
549
550 static void
551 add_feature_mdc (PKT_signature *sig,int enabled)
552 {
553 const byte *s;
554 size_t n;
555 int i;
556 char *buf;
557
558 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n );
559 /* Already set or cleared */
560 if (s && n &&
561 ((enabled && (s[0] & 0x01)) || (!enabled && !(s[0] & 0x01))))
562 return;
563
564 if (!s || !n) { /* create a new one */
565 n = 1;
566 buf = xmalloc_clear (n);
567 }
568 else {
569 buf = xmalloc (n);
570 memcpy (buf, s, n);
571 }
572
573 if(enabled)
574 buf[0] |= 0x01; /* MDC feature */
575 else
576 buf[0] &= ~0x01;
577
578 /* Are there any bits set? */
579 for(i=0;i<n;i++)
580 if(buf[i]!=0)
581 break;
582
583 if(i==n)
584 delete_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES);
585 else
586 build_sig_subpkt (sig, SIGSUBPKT_FEATURES, buf, n);
587
588 xfree (buf);
589 }
590
591 static void
592 add_keyserver_modify (PKT_signature *sig,int enabled)
593 {
594 const byte *s;
595 size_t n;
596 int i;
597 char *buf;
598
599 /* The keyserver modify flag is a negative flag (i.e. no-modify) */
600 enabled=!enabled;
601
602 s = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n );
603 /* Already set or cleared */
604 if (s && n &&
605 ((enabled && (s[0] & 0x80)) || (!enabled && !(s[0] & 0x80))))
606 return;
607
608 if (!s || !n) { /* create a new one */
609 n = 1;
610 buf = xmalloc_clear (n);
611 }
612 else {
613 buf = xmalloc (n);
614 memcpy (buf, s, n);
615 }
616
617 if(enabled)
618 buf[0] |= 0x80; /* no-modify flag */
619 else
620 buf[0] &= ~0x80;
621
622 /* Are there any bits set? */
623 for(i=0;i<n;i++)
624 if(buf[i]!=0)
625 break;
626
627 if(i==n)
628 delete_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS);
629 else
630 build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS, buf, n);
631
632 xfree (buf);
633 }
634
635
636 int
637 keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
638 {
639 (void)opaque;
640
641 if (!prefs_initialized)
642 keygen_set_std_prefs (NULL, 0);
643
644 if (nsym_prefs)
645 build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
646 else
647 {
648 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
649 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
650 }
651
652 if (nhash_prefs)
653 build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
654 else
655 {
656 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH);
657 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_HASH);
658 }
659
660 if (nzip_prefs)
661 build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR, zip_prefs, nzip_prefs);
662 else
663 {
664 delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
665 delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
666 }
667
668 /* Make sure that the MDC feature flag is set if needed. */
669 add_feature_mdc (sig,mdc_available);
670 add_keyserver_modify (sig,ks_modify);
671 keygen_add_keyserver_url(sig,NULL);
672
673 return 0;
674 }
675
676
677 /****************
678 * Add preference to the self signature packet.
679 * This is only called for packets with version > 3.
680
681 */
682 int
683 keygen_add_std_prefs( PKT_signature *sig, void *opaque )
684 {
685 PKT_public_key *pk = opaque;
686
687 do_add_key_flags (sig, pk->pubkey_usage);
688 keygen_add_key_expire( sig, opaque );
689 keygen_upd_std_prefs (sig, opaque);
690 keygen_add_keyserver_url(sig,NULL);
691
692 return 0;
693 }
694
695 int
696 keygen_add_keyserver_url(PKT_signature *sig, void *opaque)
697 {
698 const char *url=opaque;
699
700 if(!url)
701 url=opt.def_keyserver_url;
702
703 if(url)
704 build_sig_subpkt(sig,SIGSUBPKT_PREF_KS,url,strlen(url));
705 else
706 delete_sig_subpkt (sig->hashed,SIGSUBPKT_PREF_KS);
707
708 return 0;
709 }
710
711 int
712 keygen_add_notations(PKT_signature *sig,void *opaque)
713 {
714 struct notation *notation;
715
716 /* We always start clean */
717 delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
718 delete_sig_subpkt(sig->unhashed,SIGSUBPKT_NOTATION);
719 sig->flags.notation=0;
720
721 for(notation=opaque;notation;notation=notation->next)
722 if(!notation->flags.ignore)
723 {
724 unsigned char *buf;
725 unsigned int n1,n2;
726
727 n1=strlen(notation->name);
728 if(notation->altvalue)
729 n2=strlen(notation->altvalue);
730 else if(notation->bdat)
731 n2=notation->blen;
732 else
733 n2=strlen(notation->value);
734
735 buf = xmalloc( 8 + n1 + n2 );
736
737 /* human readable or not */
738 buf[0] = notation->bdat?0:0x80;
739 buf[1] = buf[2] = buf[3] = 0;
740 buf[4] = n1 >> 8;
741 buf[5] = n1;
742 buf[6] = n2 >> 8;
743 buf[7] = n2;
744 memcpy(buf+8, notation->name, n1 );
745 if(notation->altvalue)
746 memcpy(buf+8+n1, notation->altvalue, n2 );
747 else if(notation->bdat)
748 memcpy(buf+8+n1, notation->bdat, n2 );
749 else
750 memcpy(buf+8+n1, notation->value, n2 );
751 build_sig_subpkt( sig, SIGSUBPKT_NOTATION |
752 (notation->flags.critical?SIGSUBPKT_FLAG_CRITICAL:0),
753 buf, 8+n1+n2 );
754 xfree(buf);
755 }
756
757 return 0;
758 }
759
760 int
761 keygen_add_revkey(PKT_signature *sig, void *opaque)
762 {
763 struct revocation_key *revkey=opaque;
764 byte buf[2+MAX_FINGERPRINT_LEN];
765
766 buf[0]=revkey->class;
767 buf[1]=revkey->algid;
768 memcpy(&buf[2],revkey->fpr,MAX_FINGERPRINT_LEN);
769
770 build_sig_subpkt(sig,SIGSUBPKT_REV_KEY,buf,2+MAX_FINGERPRINT_LEN);
771
772 /* All sigs with revocation keys set are nonrevocable */
773 sig->flags.revocable=0;
774 buf[0] = 0;
775 build_sig_subpkt( sig, SIGSUBPKT_REVOCABLE, buf, 1 );
776
777 parse_revkeys(sig);
778
779 return 0;
780 }
781
782
783
784 /* Create a back-signature. If TIMESTAMP is not NULL, use it for the
785 signature creation time. */
786 int
787 make_backsig (PKT_signature *sig,PKT_public_key *pk,
788 PKT_public_key *sub_pk,PKT_secret_key *sub_sk,
789 u32 timestamp)
790 {
791 PKT_signature *backsig;
792 int rc;
793
794 cache_public_key(sub_pk);
795
796 rc = make_keysig_packet (&backsig, pk, NULL, sub_pk, sub_sk, 0x19,
797 0, 0, timestamp, 0, NULL, NULL);
798 if(rc)
799 log_error("make_keysig_packet failed for backsig: %s\n",g10_errstr(rc));
800 else
801 {
802 /* Get it into a binary packed form. */
803 IOBUF backsig_out=iobuf_temp();
804 PACKET backsig_pkt;
805
806 init_packet(&backsig_pkt);
807 backsig_pkt.pkttype=PKT_SIGNATURE;
808 backsig_pkt.pkt.signature=backsig;
809 rc=build_packet(backsig_out,&backsig_pkt);
810 free_packet(&backsig_pkt);
811 if(rc)
812 log_error("build_packet failed for backsig: %s\n",g10_errstr(rc));
813 else
814 {
815 size_t pktlen=0;
816 byte *buf=iobuf_get_temp_buffer(backsig_out);
817
818 /* Remove the packet header */
819 if(buf[0]&0x40)
820 {
821 if(buf[1]<192)
822 {
823 pktlen=buf[1];
824 buf+=2;
825 }
826 else if(buf[1]<224)
827 {
828 pktlen=(buf[1]-192)*256;
829 pktlen+=buf[2]+192;
830 buf+=3;
831 }
832 else if(buf[1]==255)
833 {
834 pktlen =buf[2] << 24;
835 pktlen|=buf[3] << 16;
836 pktlen|=buf[4] << 8;
837 pktlen|=buf[5];
838 buf+=6;
839 }
840 else
841 BUG();
842 }
843 else
844 {
845 int mark=1;
846
847 switch(buf[0]&3)
848 {
849 case 3:
850 BUG();
851 break;
852
853 case 2:
854 pktlen =buf[mark++] << 24;
855 pktlen|=buf[mark++] << 16;
856
857 case 1:
858 pktlen|=buf[mark++] << 8;
859
860 case 0:
861 pktlen|=buf[mark++];
862 }
863
864 buf+=mark;
865 }
866
867 /* Now make the binary blob into a subpacket. */
868 build_sig_subpkt(sig,SIGSUBPKT_SIGNATURE,buf,pktlen);
869
870 iobuf_close(backsig_out);
871 }
872 }
873
874 return rc;
875 }
876
877
878 static int
879 write_direct_sig (KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
880 struct revocation_key *revkey, u32 timestamp)
881 {
882 PACKET *pkt;
883 PKT_signature *sig;
884 int rc=0;
885 KBNODE node;
886 PKT_public_key *pk;
887
888 if( opt.verbose )
889 log_info(_("writing direct signature\n"));
890
891 /* Get the pk packet from the pub_tree. */
892 node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
893 if( !node )
894 BUG();
895 pk = node->pkt->pkt.public_key;
896
897 /* We have to cache the key, so that the verification of the
898 signature creation is able to retrieve the public key. */
899 cache_public_key (pk);
900
901 /* Make the signature. */
902 rc = make_keysig_packet (&sig,pk,NULL,NULL,sk,0x1F,
903 0, 0, timestamp, 0,
904 keygen_add_revkey, revkey);
905 if( rc )
906 {
907 log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
908 return rc;
909 }
910
911 pkt = xmalloc_clear( sizeof *pkt );
912 pkt->pkttype = PKT_SIGNATURE;
913 pkt->pkt.signature = sig;
914 add_kbnode( root, new_kbnode( pkt ) );
915 return rc;
916 }
917
918
919 static int
920 write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
921 unsigned int use, u32 timestamp )
922 {
923 PACKET *pkt;
924 PKT_signature *sig;
925 PKT_user_id *uid;
926 int rc=0;
927 KBNODE node;
928 PKT_public_key *pk;
929
930 if( opt.verbose )
931 log_info(_("writing self signature\n"));
932
933 /* Get the uid packet from the list. */
934 node = find_kbnode( pub_root, PKT_USER_ID );
935 if( !node )
936 BUG(); /* No user id packet in tree. */
937 uid = node->pkt->pkt.user_id;
938
939 /* Get the pk packet from the pub_tree. */
940 node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
941 if( !node )
942 BUG();
943 pk = node->pkt->pkt.public_key;
944 pk->pubkey_usage = use;
945
946 /* We have to cache the key, so that the verification of the
947 signature creation is able to retrieve the public key. */
948 cache_public_key (pk);
949
950 /* Make the signature. */
951 rc = make_keysig_packet (&sig, pk, uid, NULL, sk, 0x13,
952 0, 0, timestamp, 0,
953 keygen_add_std_prefs, pk);
954 if( rc )
955 {
956 log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
957 return rc;
958 }
959
960 pkt = xmalloc_clear( sizeof *pkt );
961 pkt->pkttype = PKT_SIGNATURE;
962 pkt->pkt.signature = sig;
963 add_kbnode( sec_root, new_kbnode( pkt ) );
964
965 pkt = xmalloc_clear( sizeof *pkt );
966 pkt->pkttype = PKT_SIGNATURE;
967 pkt->pkt.signature = copy_signature(NULL,sig);
968 add_kbnode( pub_root, new_kbnode( pkt ) );
969 return rc;
970 }
971
972
973 /* Write the key binding signature. If TIMESTAMP is not NULL use the
974 signature creation times. */
975 static int
976 write_keybinding (KBNODE root, KBNODE pub_root,
977 PKT_secret_key *pri_sk, PKT_secret_key *sub_sk,
978 unsigned int use, u32 timestamp)
979 {
980 PACKET *pkt;
981 PKT_signature *sig;
982 int rc=0;
983 KBNODE node;
984 PKT_public_key *pri_pk, *sub_pk;
985 struct opaque_data_usage_and_pk oduap;
986
987 if ( opt.verbose )
988 log_info(_("writing key binding signature\n"));
989
990 /* Get the pk packet from the pub_tree. */
991 node = find_kbnode ( pub_root, PKT_PUBLIC_KEY );
992 if ( !node )
993 BUG();
994 pri_pk = node->pkt->pkt.public_key;
995
996 /* We have to cache the key, so that the verification of the
997 * signature creation is able to retrieve the public key. */
998 cache_public_key (pri_pk);
999
1000 /* Find the last subkey. */
1001 sub_pk = NULL;
1002 for (node=pub_root; node; node = node->next )
1003 {
1004 if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
1005 sub_pk = node->pkt->pkt.public_key;
1006 }
1007 if (!sub_pk)
1008 BUG();
1009
1010 /* Make the signature. */
1011 oduap.usage = use;
1012 oduap.pk = sub_pk;
1013 rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18,
1014 0, 0, timestamp, 0,
1015 keygen_add_key_flags_and_expire, &oduap );
1016 if (rc)
1017 {
1018 log_error ("make_keysig_packet failed: %s\n", g10_errstr(rc) );
1019 return rc;
1020 }
1021
1022 /* Make a backsig. */
1023 if (use&PUBKEY_USAGE_SIG)
1024 {
1025 rc = make_backsig (sig, pri_pk, sub_pk, sub_sk, timestamp);
1026 if (rc)
1027 return rc;
1028 }
1029
1030 pkt = xmalloc_clear ( sizeof *pkt );
1031 pkt->pkttype = PKT_SIGNATURE;
1032 pkt->pkt.signature = sig;
1033 add_kbnode (root, new_kbnode (pkt) );
1034 return rc;
1035 }
1036
1037
1038
1039 static int
1040 key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
1041 const char *topname, const char *elems)
1042 {
1043 gcry_sexp_t list, l2;
1044 const char *s;
1045 int i, idx;
1046 int rc = 0;
1047
1048 list = gcry_sexp_find_token (sexp, topname, 0);
1049 if (!list)
1050 return gpg_error (GPG_ERR_INV_OBJ);
1051 l2 = gcry_sexp_cadr (list);
1052 gcry_sexp_release (list);
1053 list = l2;
1054 if (!list)
1055 return gpg_error (GPG_ERR_NO_OBJ);
1056
1057 for (idx=0,s=elems; *s; s++, idx++)
1058 {
1059 l2 = gcry_sexp_find_token (list, s, 1);
1060 if (!l2)
1061 {
1062 rc = gpg_error (GPG_ERR_NO_OBJ); /* required parameter not found */
1063 goto leave;
1064 }
1065 array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1066 gcry_sexp_release (l2);
1067 if (!array[idx])
1068 {
1069 rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
1070 goto leave;
1071 }
1072 }
1073 gcry_sexp_release (list);
1074
1075 leave:
1076 if (rc)
1077 {
1078 for (i=0; i<idx; i++)
1079 {
1080 xfree (array[i]);
1081 array[i] = NULL;
1082 }
1083 gcry_sexp_release (list);
1084 }
1085 return rc;
1086 }
1087
1088
1089 static int
1090 genhelp_protect (DEK *dek, STRING2KEY *s2k, PKT_secret_key *sk)
1091 {
1092 int rc = 0;
1093
1094 if (dek)
1095 {
1096 sk->protect.algo = dek->algo;
1097 sk->protect.s2k = *s2k;
1098 rc = protect_secret_key (sk, dek);
1099 if (rc)
1100 log_error ("protect_secret_key failed: %s\n", gpg_strerror (rc) );
1101 }
1102
1103 return rc;
1104 }
1105
1106 static void
1107 genhelp_factors (gcry_sexp_t misc_key_info, KBNODE sec_root)
1108 {
1109 (void)misc_key_info;
1110 (void)sec_root;
1111 #if 0 /* Not used anymore */
1112 size_t n;
1113 char *buf;
1114
1115 if (misc_key_info)
1116 {
1117 /* DSA: don't know whether it makes sense to have the factors, so for now
1118 we store them in the secret keyring (but they are not secret)
1119 p = 2 * q * f1 * f2 * ... * fn
1120 We store only f1 to f_n-1; fn can be calculated because p and q
1121 are known. */
1122 n = gcry_sexp_sprint (misc_key_info, 0, NULL, 0);
1123 buf = xmalloc (n+4);
1124 strcpy (buf, "#::");
1125 n = gcry_sexp_sprint (misc_key_info, 0, buf+3, n);
1126 if (n)
1127 {
1128 n += 3;
1129 add_kbnode (sec_root, make_comment_node_from_buffer (buf, n));
1130 }
1131 xfree (buf);
1132 gcry_sexp_release (misc_key_info);
1133 }
1134 #endif
1135 }
1136
1137
1138 /* Generate an Elgamal encryption key pair. TIMESTAMP is the creatuion
1139 time to be put into the key structure. */
1140 static int
1141 gen_elg (int algo, unsigned int nbits,
1142 KBNODE pub_root, KBNODE sec_root, DEK *dek,
1143 STRING2KEY *s2k, PKT_secret_key **ret_sk,
1144 u32 timestamp, u32 expireval, int is_subkey)
1145 {
1146 int rc;
1147 PACKET *pkt;
1148 PKT_secret_key *sk;
1149 PKT_public_key *pk;
1150 gcry_sexp_t s_parms, s_key;
1151 gcry_sexp_t misc_key_info;
1152
1153 assert( is_ELGAMAL(algo) );
1154
1155 if (nbits < 512)
1156 {
1157 nbits = 1024;
1158 log_info (_("keysize invalid; using %u bits\n"), nbits );
1159 }
1160
1161 if ((nbits % 32))
1162 {
1163 nbits = ((nbits + 31) / 32) * 32;
1164 log_info (_("keysize rounded up to %u bits\n"), nbits );
1165 }
1166
1167
1168 rc = gcry_sexp_build ( &s_parms, NULL,
1169 "(genkey(%s(nbits %d)))",
1170 algo == GCRY_PK_ELG_E ? "openpgp-elg" :
1171 algo == GCRY_PK_ELG ? "elg" : "x-oops" ,
1172 (int)nbits);
1173 if (rc)
1174 log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
1175
1176 rc = gcry_pk_genkey (&s_key, s_parms);
1177 gcry_sexp_release (s_parms);
1178 if (rc)
1179 {
1180 log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
1181 return rc;
1182 }
1183
1184 sk = xmalloc_clear( sizeof *sk );
1185 pk = xmalloc_clear( sizeof *pk );
1186 sk->timestamp = pk->timestamp = timestamp;
1187 sk->version = pk->version = 4;
1188 if (expireval)
1189 {
1190 sk->expiredate = pk->expiredate = sk->timestamp + expireval;
1191 }
1192 sk->pubkey_algo = pk->pubkey_algo = algo;
1193
1194 rc = key_from_sexp (pk->pkey, s_key, "public-key", "pgy");
1195 if (rc)
1196 {
1197 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
1198 gcry_sexp_release (s_key);
1199 free_secret_key (sk);
1200 free_public_key (pk);
1201 return rc;
1202 }
1203 rc = key_from_sexp (sk->skey, s_key, "private-key", "pgyx");
1204 if (rc)
1205 {
1206 log_error("key_from_sexp failed: %s\n", gpg_strerror (rc) );
1207 gcry_sexp_release (s_key);
1208 free_secret_key (sk);
1209 free_public_key (pk);
1210 return rc;
1211 }
1212 misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
1213 gcry_sexp_release (s_key);
1214
1215 sk->is_protected = 0;
1216 sk->protect.algo = 0;
1217
1218 sk->csum = checksum_mpi (sk->skey[3]);
1219 if (ret_sk) /* Return an unprotected version of the sk. */
1220 *ret_sk = copy_secret_key ( NULL, sk );
1221
1222 rc = genhelp_protect (dek, s2k, sk);
1223 if (rc)
1224 {
1225 free_public_key (pk);
1226 free_secret_key (sk);
1227 gcry_sexp_release (misc_key_info);
1228 return rc;
1229 }
1230
1231 pkt = xmalloc_clear (sizeof *pkt);
1232 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1233 pkt->pkt.public_key = pk;
1234 add_kbnode (pub_root, new_kbnode( pkt ));
1235
1236 /* Don't know whether it makes sense to have access to the factors,
1237 so for now we store them in the secret keyring (but they are not
1238 secret). */
1239 pkt = xmalloc_clear (sizeof *pkt);
1240 pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
1241 pkt->pkt.secret_key = sk;
1242 add_kbnode (sec_root, new_kbnode( pkt ));
1243
1244 genhelp_factors (misc_key_info, sec_root);
1245
1246 return 0;
1247 }
1248
1249
1250 /****************
1251 * Generate a DSA key
1252 */
1253 static int
1254 gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
1255 STRING2KEY *s2k, PKT_secret_key **ret_sk,
1256 u32 timestamp, u32 expireval, int is_subkey)
1257 {
1258 int rc;
1259 PACKET *pkt;
1260 PKT_secret_key *sk;
1261 PKT_public_key *pk;
1262 gcry_sexp_t s_parms, s_key;
1263 gcry_sexp_t misc_key_info;
1264 unsigned int qbits;
1265
1266 if ( nbits < 512 || (!opt.flags.dsa2 && nbits > 1024))
1267 {
1268 nbits = 1024;
1269 log_info(_("keysize invalid; using %u bits\n"), nbits );
1270 }
1271 else if ( nbits > 3072 )
1272 {
1273 nbits = 3072;
1274 log_info(_("keysize invalid; using %u bits\n"), nbits );
1275 }
1276
1277 if( (nbits % 64) )
1278 {
1279 nbits = ((nbits + 63) / 64) * 64;
1280 log_info(_("keysize rounded up to %u bits\n"), nbits );
1281 }
1282
1283 /*
1284 Figure out a q size based on the key size. FIPS 180-3 says:
1285
1286 L = 1024, N = 160
1287 L = 2048, N = 224
1288 L = 2048, N = 256
1289 L = 3072, N = 256
1290
1291 2048/256 is an odd pair since there is also a 2048/224 and
1292 3072/256. Matching sizes is not a very exact science.
1293
1294 We'll do 256 qbits for nbits over 2048, 224 for nbits over 1024
1295 but less than 2048, and 160 for 1024 (DSA1).
1296 */
1297
1298 if (nbits > 2048)
1299 qbits = 256;
1300 else if ( nbits > 1024)
1301 qbits = 224;
1302 else
1303 qbits = 160;
1304
1305 if (qbits != 160 )
1306 log_info (_("WARNING: some OpenPGP programs can't"
1307 " handle a DSA key with this digest size\n"));
1308
1309 rc = gcry_sexp_build (&s_parms, NULL,
1310 "(genkey(dsa(nbits %d)(qbits %d)))",
1311 (int)nbits, (int)qbits);
1312 if (rc)
1313 log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
1314
1315 rc = gcry_pk_genkey (&s_key, s_parms);
1316 gcry_sexp_release (s_parms);
1317 if (rc)
1318 {
1319 log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
1320 return rc;
1321 }
1322
1323 sk = xmalloc_clear( sizeof *sk );
1324 pk = xmalloc_clear( sizeof *pk );
1325 sk->timestamp = pk->timestamp = timestamp;
1326 sk->version = pk->version = 4;
1327 if (expireval)
1328 sk->expiredate = pk->expiredate = sk->timestamp + expireval;
1329 sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
1330
1331 rc = key_from_sexp (pk->pkey, s_key, "public-key", "pqgy");
1332 if (rc)
1333 {
1334 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
1335 gcry_sexp_release (s_key);
1336 free_public_key(pk);
1337 free_secret_key(sk);
1338 return rc;
1339 }
1340 rc = key_from_sexp (sk->skey, s_key, "private-key", "pqgyx");
1341 if (rc)
1342 {
1343 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
1344 gcry_sexp_release (s_key);
1345 free_public_key(pk);
1346 free_secret_key(sk);
1347 return rc;
1348 }
1349 misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
1350 gcry_sexp_release (s_key);
1351
1352 sk->is_protected = 0;
1353 sk->protect.algo = 0;
1354
1355 sk->csum = checksum_mpi ( sk->skey[4] );
1356 if( ret_sk ) /* return an unprotected version of the sk */
1357 *ret_sk = copy_secret_key( NULL, sk );
1358
1359 rc = genhelp_protect (dek, s2k, sk);
1360 if (rc)
1361 {
1362 free_public_key (pk);
1363 free_secret_key (sk);
1364 gcry_sexp_release (misc_key_info);
1365 return rc;
1366 }
1367
1368 pkt = xmalloc_clear(sizeof *pkt);
1369 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1370 pkt->pkt.public_key = pk;
1371 add_kbnode(pub_root, new_kbnode( pkt ));
1372
1373 /* Don't know whether it makes sense to have the factors, so for now
1374 * we store them in the secret keyring (but they are not secret)
1375 * p = 2 * q * f1 * f2 * ... * fn
1376 * We store only f1 to f_n-1; fn can be calculated because p and q
1377 * are known.
1378 */
1379 pkt = xmalloc_clear(sizeof *pkt);
1380 pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
1381 pkt->pkt.secret_key = sk;
1382 add_kbnode(sec_root, new_kbnode( pkt ));
1383
1384 genhelp_factors (misc_key_info, sec_root);
1385
1386 return 0;
1387 }
1388
1389
1390 /*
1391 * Generate an RSA key.
1392 */
1393 static int
1394 gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
1395 STRING2KEY *s2k, PKT_secret_key **ret_sk,
1396 u32 timestamp, u32 expireval, int is_subkey)
1397 {
1398 int rc;
1399 PACKET *pkt;
1400 PKT_secret_key *sk;
1401 PKT_public_key *pk;
1402 gcry_sexp_t s_parms, s_key;
1403
1404 assert (is_RSA(algo));
1405
1406 if (nbits < 1024)
1407 {
1408 nbits = 1024;
1409 log_info (_("keysize invalid; using %u bits\n"), nbits );
1410 }
1411
1412 if ((nbits % 32))
1413 {
1414 nbits = ((nbits + 31) / 32) * 32;
1415 log_info (_("keysize rounded up to %u bits\n"), nbits );
1416 }
1417
1418 rc = gcry_sexp_build (&s_parms, NULL,
1419 "(genkey(rsa(nbits %d)))",
1420 (int)nbits);
1421 if (rc)
1422 log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
1423
1424 rc = gcry_pk_genkey (&s_key, s_parms);
1425 gcry_sexp_release (s_parms);
1426 if (rc)
1427 {
1428 log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
1429 return rc;
1430 }
1431
1432 sk = xmalloc_clear( sizeof *sk );
1433 pk = xmalloc_clear( sizeof *pk );
1434 sk->timestamp = pk->timestamp = timestamp;
1435 sk->version = pk->version = 4;
1436 if (expireval)
1437 {
1438 sk->expiredate = pk->expiredate = sk->timestamp + expireval;
1439 }
1440 sk->pubkey_algo = pk->pubkey_algo = algo;
1441
1442 rc = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
1443 if (rc)
1444 {
1445 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
1446 gcry_sexp_release (s_key);
1447 free_public_key(pk);
1448 free_secret_key(sk);
1449 return rc;
1450 }
1451 rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
1452 if (rc)
1453 {
1454 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
1455 gcry_sexp_release (s_key);
1456 free_public_key(pk);
1457 free_secret_key(sk);
1458 return rc;
1459 }
1460 gcry_sexp_release (s_key);
1461
1462 sk->is_protected = 0;
1463 sk->protect.algo = 0;
1464
1465 sk->csum = checksum_mpi (sk->skey[2] );
1466 sk->csum += checksum_mpi (sk->skey[3] );
1467 sk->csum += checksum_mpi (sk->skey[4] );
1468 sk->csum += checksum_mpi (sk->skey[5] );
1469 if( ret_sk ) /* return an unprotected version of the sk */
1470 *ret_sk = copy_secret_key( NULL, sk );
1471
1472 rc = genhelp_protect (dek, s2k, sk);
1473 if (rc)
1474 {
1475 free_public_key (pk);
1476 free_secret_key (sk);
1477 return rc;
1478 }
1479
1480 pkt = xmalloc_clear(sizeof *pkt);
1481 pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
1482 pkt->pkt.public_key = pk;
1483 add_kbnode(pub_root, new_kbnode( pkt ));
1484
1485 pkt = xmalloc_clear(sizeof *pkt);
1486 pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
1487 pkt->pkt.secret_key = sk;
1488 add_kbnode(sec_root, new_kbnode( pkt ));
1489
1490 return 0;
1491 }
1492
1493
1494 /****************
1495 * check valid days:
1496 * return 0 on error or the multiplier
1497 */
1498 static int
1499 check_valid_days( const char *s )
1500 {
1501 if( !digitp(s) )
1502 return 0;
1503 for( s++; *s; s++)
1504 if( !digitp(s) )
1505 break;
1506 if( !*s )
1507 return 1;
1508 if( s[1] )
1509 return 0; /* e.g. "2323wc" */
1510 if( *s == 'd' || *s == 'D' )
1511 return 1;
1512 if( *s == 'w' || *s == 'W' )
1513 return 7;
1514 if( *s == 'm' || *s == 'M' )
1515 return 30;
1516 if( *s == 'y' || *s == 'Y' )
1517 return 365;
1518 return 0;
1519 }
1520
1521
1522 static void
1523 print_key_flags(int flags)
1524 {
1525 if(flags&PUBKEY_USAGE_SIG)
1526 tty_printf("%s ",_("Sign"));
1527
1528 if(flags&PUBKEY_USAGE_CERT)
1529 tty_printf("%s ",_("Certify"));
1530
1531 if(flags&PUBKEY_USAGE_ENC)
1532 tty_printf("%s ",_("Encrypt"));
1533
1534 if(flags&PUBKEY_USAGE_AUTH)
1535 tty_printf("%s ",_("Authenticate"));
1536 }
1537
1538
1539 /* Returns the key flags */
1540 static unsigned int
1541 ask_key_flags(int algo,int subkey)
1542 {
1543 /* TRANSLATORS: Please use only plain ASCII characters for the
1544 translation. If this is not possible use single digits. The
1545 string needs to 8 bytes long. Here is a description of the
1546 functions:
1547
1548 s = Toggle signing capability
1549 e = Toggle encryption capability
1550 a = Toggle authentication capability
1551 q = Finish
1552 */
1553 const char *togglers=_("SsEeAaQq");
1554 char *answer=NULL;
1555 unsigned int current=0;
1556 unsigned int possible=openpgp_pk_algo_usage(algo);
1557
1558 if ( strlen(togglers) != 7 )
1559 {
1560 tty_printf ("NOTE: Bad translation at %s:%d. "
1561 "Please report.\n", __FILE__, __LINE__);
1562 togglers = "11223300";
1563 }
1564
1565 /* Only primary keys may certify. */
1566 if(subkey)
1567 possible&=~PUBKEY_USAGE_CERT;
1568
1569 /* Preload the current set with the possible set, minus
1570 authentication, since nobody really uses auth yet. */
1571 current=possible&~PUBKEY_USAGE_AUTH;
1572
1573 for(;;)
1574 {
1575 tty_printf("\n");
1576 tty_printf(_("Possible actions for a %s key: "),
1577 gcry_pk_algo_name (algo));
1578 print_key_flags(possible);
1579 tty_printf("\n");
1580 tty_printf(_("Current allowed actions: "));
1581 print_key_flags(current);
1582 tty_printf("\n\n");
1583
1584 if(possible&PUBKEY_USAGE_SIG)
1585 tty_printf(_(" (%c) Toggle the sign capability\n"),
1586 togglers[0]);
1587 if(possible&PUBKEY_USAGE_ENC)
1588 tty_printf(_(" (%c) Toggle the encrypt capability\n"),
1589 togglers[2]);
1590 if(possible&PUBKEY_USAGE_AUTH)
1591 tty_printf(_(" (%c) Toggle the authenticate capability\n"),
1592 togglers[4]);
1593
1594 tty_printf(_(" (%c) Finished\n"),togglers[6]);
1595 tty_printf("\n");
1596
1597 xfree(answer);
1598 answer = cpr_get("keygen.flags",_("Your selection? "));
1599 cpr_kill_prompt();
1600
1601 if(strlen(answer)>1)
1602 tty_printf(_("Invalid selection.\n"));
1603 else if(*answer=='\0' || *answer==togglers[6] || *answer==togglers[7])
1604 break;
1605 else if((*answer==togglers[0] || *answer==togglers[1])
1606 && possible&PUBKEY_USAGE_SIG)
1607 {
1608 if(current&PUBKEY_USAGE_SIG)
1609 current&=~PUBKEY_USAGE_SIG;
1610 else
1611 current|=PUBKEY_USAGE_SIG;
1612 }
1613 else if((*answer==togglers[2] || *answer==togglers[3])
1614 && possible&PUBKEY_USAGE_ENC)
1615 {
1616 if(current&PUBKEY_USAGE_ENC)
1617 current&=~PUBKEY_USAGE_ENC;
1618 else
1619 current|=PUBKEY_USAGE_ENC;
1620 }
1621 else if((*answer==togglers[4] || *answer==togglers[5])
1622 && possible&PUBKEY_USAGE_AUTH)
1623 {
1624 if(current&PUBKEY_USAGE_AUTH)
1625 current&=~PUBKEY_USAGE_AUTH;
1626 else
1627 current|=PUBKEY_USAGE_AUTH;
1628 }
1629 else
1630 tty_printf(_("Invalid selection.\n"));
1631 }
1632
1633 xfree(answer);
1634
1635 return current;
1636 }
1637
1638
1639 /****************
1640 * Returns: 0 to create both a DSA and a Elgamal key.
1641 * and only if key flags are to be written the desired usage.
1642 */
1643 static int
1644 ask_algo (int addmode, unsigned int *r_usage)
1645 {
1646 char *answer;
1647 int algo;
1648
1649 *r_usage = 0;
1650 tty_printf(_("Please select what kind of key you want:\n"));
1651 if( !addmode )
1652 tty_printf(_(" (%d) DSA and Elgamal (default)\n"), 1 );
1653 tty_printf( _(" (%d) DSA (sign only)\n"), 2 );
1654 if (opt.expert)
1655 tty_printf( _(" (%d) DSA (set your own capabilities)\n"), 3 );
1656 if( addmode )
1657 tty_printf(_(" (%d) Elgamal (encrypt only)\n"), 4 );
1658 tty_printf( _(" (%d) RSA (sign only)\n"), 5 );
1659 if (addmode)
1660 tty_printf(_(" (%d) RSA (encrypt only)\n"), 6 );
1661 if (opt.expert)
1662 tty_printf( _(" (%d) RSA (set your own capabilities)\n"), 7 );
1663
1664 for(;;) {
1665 answer = cpr_get("keygen.algo",_("Your selection? "));
1666 cpr_kill_prompt();
1667 algo = *answer? atoi(answer): 1;
1668 xfree(answer);
1669 if( algo == 1 && !addmode ) {
1670 algo = 0; /* create both keys */
1671 break;
1672 }
1673 else if( algo == 7 && opt.expert ) {
1674 algo = PUBKEY_ALGO_RSA;
1675 *r_usage=ask_key_flags(algo,addmode);
1676 break;
1677 }
1678 else if( algo == 6 && addmode ) {
1679 algo = PUBKEY_ALGO_RSA;
1680 *r_usage = PUBKEY_USAGE_ENC;
1681 break;
1682 }
1683 else if( algo == 5 ) {
1684 algo = PUBKEY_ALGO_RSA;
1685 *r_usage = PUBKEY_USAGE_SIG;
1686 break;
1687 }
1688 else if( algo == 4 && addmode ) {
1689 algo = PUBKEY_ALGO_ELGAMAL_E;
1690 *r_usage = PUBKEY_USAGE_ENC;
1691 break;
1692 }
1693 else if( algo == 3 && opt.expert ) {
1694 algo = PUBKEY_ALGO_DSA;
1695 *r_usage=ask_key_flags(algo,addmode);
1696 break;
1697 }
1698 else if( algo == 2 ) {
1699 algo = PUBKEY_ALGO_DSA;
1700 *r_usage = PUBKEY_USAGE_SIG;
1701 break;
1702 }
1703 else
1704 tty_printf(_("Invalid selection.\n"));
1705 }
1706
1707 return algo;
1708 }
1709
1710
1711 static unsigned
1712 ask_keysize( int algo )
1713 {
1714 unsigned int nbits, min, def=2048, max=4096;
1715
1716 if(opt.expert)
1717 min=512;
1718 else
1719 min=1024;
1720
1721 switch(algo)
1722 {
1723 case PUBKEY_ALGO_DSA:
1724 if(opt.flags.dsa2)
1725 {
1726 def=1024;
1727 max=3072;
1728 }
1729 else
1730 {
1731 tty_printf(_("DSA keypair will have %u bits.\n"),1024);
1732 return 1024;
1733 }
1734 break;
1735
1736 case PUBKEY_ALGO_RSA:
1737 min=1024;
1738 break;
1739 }
1740
1741 tty_printf(_("%s keys may be between %u and %u bits long.\n"),
1742 gcry_pk_algo_name (algo), min, max);
1743
1744 for(;;)
1745 {
1746 char *prompt,*answer;
1747
1748 #define PROMPTSTRING _("What keysize do you want? (%u) ")
1749
1750 prompt=xmalloc(strlen(PROMPTSTRING)+20);
1751 sprintf(prompt,PROMPTSTRING,def);
1752
1753 #undef PROMPTSTRING
1754
1755 answer = cpr_get("keygen.size",prompt);
1756 cpr_kill_prompt();
1757 nbits = *answer? atoi(answer): def;
1758 xfree(prompt);
1759 xfree(answer);
1760
1761 if(nbits<min || nbits>max)
1762 tty_printf(_("%s keysizes must be in the range %u-%u\n"),
1763 gcry_pk_algo_name (algo), min, max);
1764 else
1765 break;
1766 }
1767
1768 tty_printf(_("Requested keysize is %u bits\n"), nbits );
1769
1770 if( algo == PUBKEY_ALGO_DSA && (nbits % 64) )
1771 {
1772 nbits = ((nbits + 63) / 64) * 64;
1773 tty_printf(_("rounded up to %u bits\n"), nbits );
1774 }
1775 else if( (nbits % 32) )
1776 {
1777 nbits = ((nbits + 31) / 32) * 32;
1778 tty_printf(_("rounded up to %u bits\n"), nbits );
1779 }
1780
1781 return nbits;
1782 }
1783
1784
1785 /****************
1786 * Parse an expire string and return its value in seconds.
1787 * Returns (u32)-1 on error.
1788 * This isn't perfect since scan_isodatestr returns unix time, and
1789 * OpenPGP actually allows a 32-bit time *plus* a 32-bit offset.
1790 * Because of this, we only permit setting expirations up to 2106, but
1791 * OpenPGP could theoretically allow up to 2242. I think we'll all
1792 * just cope for the next few years until we get a 64-bit time_t or
1793 * similar.
1794 */
1795 u32
1796 parse_expire_string( const char *string )
1797 {
1798 int mult;
1799 u32 seconds;
1800 u32 abs_date = 0;
1801 u32 curtime = make_timestamp ();
1802
1803 if (!*string)
1804 seconds = 0;
1805 else if (!strncmp (string, "seconds=", 8))
1806 seconds = atoi (string+8);
1807 else if ((abs_date = scan_isodatestr(string)) && abs_date > curtime)
1808 seconds = abs_date - curtime;
1809 else if ((mult = check_valid_days (string)))
1810 seconds = atoi (string) * 86400L * mult;
1811 else
1812 seconds = (u32)(-1);
1813
1814 return seconds;
1815 }
1816
1817 /* Parsean Creation-Date string which is either "1986-04-26" or
1818 "19860426T042640". Returns 0 on error. */
1819 static u32
1820 parse_creation_string (const char *string)
1821 {
1822 u32 seconds;
1823
1824 if (!*string)
1825 seconds = 0;
1826 else if ( !strncmp (string, "seconds=", 8) )
1827 seconds = atoi (string+8);
1828 else if ( !(seconds = scan_isodatestr (string)))
1829 {
1830 time_t tmp = isotime2epoch (string);
1831 seconds = (tmp == (time_t)(-1))? 0 : tmp;
1832 }
1833 return seconds;
1834 }
1835
1836
1837 /* object == 0 for a key, and 1 for a sig */
1838 u32
1839 ask_expire_interval(int object,const char *def_expire)
1840 {
1841 u32 interval;
1842 char *answer;
1843
1844 switch(object)
1845 {
1846 case 0:
1847 if(def_expire)
1848 BUG();
1849 tty_printf(_("Please specify how long the key should be valid.\n"
1850 " 0 = key does not expire\n"
1851 " <n> = key expires in n days\n"
1852 " <n>w = key expires in n weeks\n"
1853 " <n>m = key expires in n months\n"
1854 " <n>y = key expires in n years\n"));
1855 break;
1856
1857 case 1:
1858 if(!def_expire)
1859 BUG();
1860 tty_printf(_("Please specify how long the signature should be valid.\n"
1861 " 0 = signature does not expire\n"
1862 " <n> = signature expires in n days\n"
1863 " <n>w = signature expires in n weeks\n"
1864 " <n>m = signature expires in n months\n"
1865 " <n>y = signature expires in n years\n"));
1866 break;
1867
1868 default:
1869 BUG();
1870 }
1871
1872 /* Note: The elgamal subkey for DSA has no expiration date because
1873 * it must be signed with the DSA key and this one has the expiration
1874 * date */
1875
1876 answer = NULL;
1877 for(;;)
1878 {
1879 u32 curtime=make_timestamp();
1880
1881 xfree(answer);
1882 if(object==0)
1883 answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
1884 else
1885 {
1886 char *prompt;
1887
1888 #define PROMPTSTRING _("Signature is valid for? (%s) ")
1889 /* This will actually end up larger than necessary because
1890 of the 2 bytes for '%s' */
1891 prompt=xmalloc(strlen(PROMPTSTRING)+strlen(def_expire)+1);
1892 sprintf(prompt,PROMPTSTRING,def_expire);
1893 #undef PROMPTSTRING
1894
1895 answer = cpr_get("siggen.valid",prompt);
1896 xfree(prompt);
1897
1898 if(*answer=='\0')
1899 answer=xstrdup(def_expire);
1900 }
1901 cpr_kill_prompt();
1902 trim_spaces(answer);
1903 interval = parse_expire_string( answer );
1904 if( interval == (u32)-1 )
1905 {
1906 tty_printf(_("invalid value\n"));
1907 continue;
1908 }
1909
1910 if( !interval )
1911 {
1912 tty_printf((object==0)
1913 ? _("Key does not expire at all\n")
1914 : _("Signature does not expire at all\n"));
1915 }
1916 else
1917 {
1918 tty_printf(object==0
1919 ? _("Key expires at %s\n")
1920 : _("Signature expires at %s\n"),
1921 asctimestamp((ulong)(curtime + interval) ) );
1922 #if SIZEOF_TIME_T <= 4
1923 if ( (time_t)((ulong)(curtime+interval)) < 0 )
1924 tty_printf (_("Your system can't display dates beyond 2038.\n"
1925 "However, it will be correctly handled up to"
1926 " 2106.\n"));
1927 else
1928 #endif /*SIZEOF_TIME_T*/
1929 if ( (time_t)((unsigned long)(curtime+interval)) < curtime )
1930 {
1931 tty_printf (_("invalid value\n"));
1932 continue;
1933 }
1934 }
1935
1936 if( cpr_enabled() || cpr_get_answer_is_yes("keygen.valid.okay",
1937 _("Is this correct? (y/N) ")) )
1938 break;
1939 }
1940
1941 xfree(answer);
1942 return interval;
1943 }
1944
1945 u32
1946 ask_expiredate()
1947 {
1948 u32 x = ask_expire_interval(0,NULL);
1949 return x? make_timestamp() + x : 0;
1950 }
1951
1952
1953 static char *
1954 ask_user_id( int mode )
1955 {
1956 char *answer;
1957 char *aname, *acomment, *amail, *uid;
1958
1959 if ( !mode )
1960 {
1961 const char *s1 =
1962 N_("\n"
1963 "GnuPG needs to construct a user ID to identify your key.\n"
1964 "\n");
1965 const char *s2 = _(s1);
1966
1967 if (!strcmp (s1, s2))
1968 {
1969 /* There is no translation for the string thus we to use
1970 the old info text. gettext has no way to tell whether
1971 a translation is actually available, thus we need to
1972 to compare again. */
1973 const char *s3 = N_("\n"
1974 "You need a user ID to identify your key; "
1975 "the software constructs the user ID\n"
1976 "from the Real Name, Comment and Email Address in this form:\n"
1977 " \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n\n");
1978 const char *s4 = _(s3);
1979 if (strcmp (s3, s4))
1980 s2 = s3; /* A translation exists - use it. */
1981 }
1982 tty_printf ("%s", s2) ;
1983 }
1984 uid = aname = acomment = amail = NULL;
1985 for(;;) {
1986 char *p;
1987 int fail=0;
1988
1989 if( !aname ) {
1990 for(;;) {
1991 xfree(aname);
1992 aname = cpr_get("keygen.name",_("Real name: "));
1993 trim_spaces(aname);
1994 cpr_kill_prompt();
1995
1996 if( opt.allow_freeform_uid )
1997 break;
1998
1999 if( strpbrk( aname, "<>" ) )
2000 tty_printf(_("Invalid character in name\n"));
2001 else if( digitp(aname) )
2002 tty_printf(_("Name may not start with a digit\n"));
2003 else if( strlen(aname) < 5 )
2004 tty_printf(_("Name must be at least 5 characters long\n"));
2005 else
2006 break;
2007 }
2008 }
2009 if( !amail ) {
2010 for(;;) {
2011 xfree(amail);
2012 amail = cpr_get("keygen.email",_("Email address: "));
2013 trim_spaces(amail);
2014 cpr_kill_prompt();
2015 if( !*amail || opt.allow_freeform_uid )
2016 break; /* no email address is okay */
2017 else if ( !is_valid_mailbox (amail) )
2018 tty_printf(_("Not a valid email address\n"));
2019 else
2020 break;
2021 }
2022 }
2023 if( !acomment ) {
2024 for(;;) {
2025 xfree(acomment);
2026 acomment = cpr_get("keygen.comment",_("Comment: "));
2027 trim_spaces(acomment);
2028 cpr_kill_prompt();
2029 if( !*acomment )
2030 break; /* no comment is okay */
2031 else if( strpbrk( acomment, "()" ) )
2032 tty_printf(_("Invalid character in comment\n"));
2033 else
2034 break;
2035 }
2036 }
2037
2038
2039 xfree(uid);
2040 uid = p = xmalloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
2041 p = stpcpy(p, aname );
2042 if( *acomment )
2043 p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
2044 if( *amail )
2045 p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
2046
2047 /* Append a warning if the RNG is switched into fake mode. */
2048 if ( random_is_faked () )
2049 strcpy(p, " (insecure!)" );
2050
2051 /* print a note in case that UTF8 mapping has to be done */
2052 for(p=uid; *p; p++ ) {
2053 if( *p & 0x80 ) {
2054 tty_printf(_("You are using the `%s' character set.\n"),
2055 get_native_charset() );
2056 break;
2057 }
2058 }
2059
2060 tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
2061 /* fixme: add a warning if this user-id already exists */
2062 if( !*amail && !opt.allow_freeform_uid
2063 && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
2064 fail = 1;
2065 tty_printf(_("Please don't put the email address "
2066 "into the real name or the comment\n") );
2067 }
2068
2069 for(;;) {
2070 /* TRANSLATORS: These are the allowed answers in
2071 lower and uppercase. Below you will find the matching
2072 string which should be translated accordingly and the
2073 letter changed to match the one in the answer string.
2074
2075 n = Change name
2076 c = Change comment
2077 e = Change email
2078 o = Okay (ready, continue)
2079 q = Quit
2080 */
2081 const char *ansstr = _("NnCcEeOoQq");
2082
2083 if( strlen(ansstr) != 10 )
2084 BUG();
2085 if( cpr_enabled() ) {
2086 answer = xstrdup(ansstr+6);
2087 answer[1] = 0;
2088 }
2089 else {
2090 answer = cpr_get("keygen.userid.cmd", fail?
2091 _("Change (N)ame, (C)omment, (E)mail or (Q)uit? ") :
2092 _("Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "));
2093 cpr_kill_prompt();
2094 }
2095 if( strlen(answer) > 1 )
2096 ;
2097 else if( *answer == ansstr[0] || *answer == ansstr[1] ) {
2098 xfree(aname); aname = NULL;
2099 break;
2100 }
2101 else if( *answer == ansstr[2] || *answer == ansstr[3] ) {
2102 xfree(acomment); acomment = NULL;
2103 break;
2104 }
2105 else if( *answer == ansstr[4] || *answer == ansstr[5] ) {
2106 xfree(amail); amail = NULL;
2107 break;
2108 }
2109 else if( *answer == ansstr[6] || *answer == ansstr[7] ) {
2110 if( fail ) {
2111 tty_printf(_("Please correct the error first\n"));
2112 }
2113 else {
2114 xfree(aname); aname = NULL;
2115 xfree(acomment); acomment = NULL;
2116 xfree(amail); amail = NULL;
2117 break;
2118 }
2119 }
2120 else if( *answer == ansstr[8] || *answer == ansstr[9] ) {
2121 xfree(aname); aname = NULL;
2122 xfree(acomment); acomment = NULL;
2123 xfree(amail); amail = NULL;
2124 xfree(uid); uid = NULL;
2125 break;
2126 }
2127 xfree(answer);
2128 }
2129 xfree(answer);
2130 if( !amail && !acomment && !amail )
2131 break;
2132 xfree(uid); uid = NULL;
2133 }
2134 if( uid ) {
2135 char *p = native_to_utf8( uid );
2136 xfree( uid );
2137 uid = p;
2138 }
2139 return uid;
2140 }
2141
2142
2143 static DEK *
2144 do_ask_passphrase ( STRING2KEY **ret_s2k, int *r_canceled )
2145 {
2146 DEK *dek = NULL;
2147 STRING2KEY *s2k;
2148 const char *errtext = NULL;
2149
2150 tty_printf(_("You need a Passphrase to protect your secret key.\n\n") );
2151
2152 s2k = xmalloc_secure( sizeof *s2k );
2153 for(;;) {
2154 s2k->mode = opt.s2k_mode;
2155 s2k->hash_algo = S2K_DIGEST_ALGO;
2156 dek = passphrase_to_dek( NULL, 0, opt.s2k_cipher_algo, s2k,2,
2157 errtext, r_canceled);
2158 if (!dek && *r_canceled) {
2159 xfree(dek); dek = NULL;
2160 xfree(s2k); s2k = NULL;
2161 break;
2162 }
2163 else if( !dek ) {
2164 errtext = N_("passphrase not correctly repeated; try again");
2165 tty_printf(_("%s.\n"), _(errtext));
2166 }
2167 else if( !dek->keylen ) {
2168 xfree(dek); dek = NULL;
2169 xfree(s2k); s2k = NULL;
2170 tty_printf(_(
2171 "You don't want a passphrase - this is probably a *bad* idea!\n"
2172 "I will do it anyway. You can change your passphrase at any time,\n"
2173 "using this program with the option \"--edit-key\".\n\n"));
2174 break;
2175 }
2176 else
2177 break; /* okay */
2178 }
2179 *ret_s2k = s2k;
2180 return dek;
2181 }
2182
2183
2184 /* Basic key generation. Here we divert to the actual generation
2185 routines based on the requested algorithm. */
2186 static int
2187 do_create (int algo, unsigned int nbits, KBNODE pub_root, KBNODE sec_root,
2188 DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk,
2189 u32 timestamp, u32 expiredate, int is_subkey )
2190 {
2191 int rc=0;
2192
2193 if( !opt.batch )
2194 tty_printf(_(
2195 "We need to generate a lot of random bytes. It is a good idea to perform\n"
2196 "some other action (type on the keyboard, move the mouse, utilize the\n"
2197 "disks) during the prime generation; this gives the random number\n"
2198 "generator a better chance to gain enough entropy.\n") );
2199
2200 if( algo == PUBKEY_ALGO_ELGAMAL_E )
2201 rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, sk,
2202 timestamp, expiredate, is_subkey);
2203 else if( algo == PUBKEY_ALGO_DSA )
2204 rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk,
2205 timestamp, expiredate, is_subkey);
2206 else if( algo == PUBKEY_ALGO_RSA )
2207 rc = gen_rsa(algo, nbits, pub_root, sec_root, dek, s2k, sk,
2208 timestamp, expiredate, is_subkey);
2209 else
2210 BUG();
2211
2212 return rc;
2213 }
2214
2215
2216 /****************
2217 * Generate a new user id packet, or return NULL if canceled
2218 */
2219 PKT_user_id *
2220 generate_user_id()
2221 {
2222 PKT_user_id *uid;
2223 char *p;
2224 size_t n;
2225
2226 p = ask_user_id( 1 );
2227 if( !p )
2228 return NULL;
2229 n = strlen(p);
2230 uid = xmalloc_clear( sizeof *uid + n );
2231 uid->len = n;
2232 strcpy(uid->name, p);
2233 uid->ref = 1;
2234 return uid;
2235 }
2236
2237
2238 static void
2239 release_parameter_list( struct para_data_s *r )
2240 {
2241 struct para_data_s *r2;
2242
2243 for( ; r ; r = r2 ) {
2244 r2 = r->next;
2245 if( r->key == pPASSPHRASE_DEK )
2246 xfree( r->u.dek );
2247 else if( r->key == pPASSPHRASE_S2K )
2248 xfree( r->u.s2k );
2249
2250 xfree(r);
2251 }
2252 }
2253
2254 static struct para_data_s *
2255 get_parameter( struct para_data_s *para, enum para_name key )
2256 {
2257 struct para_data_s *r;
2258
2259 for( r = para; r && r->key != key; r = r->next )
2260 ;
2261 return r;
2262 }
2263
2264 static const char *
2265 get_parameter_value( struct para_data_s *para, enum para_name key )
2266 {
2267 struct para_data_s *r = get_parameter( para, key );
2268 return (r && *r->u.value)? r->u.value : NULL;
2269 }
2270
2271 static int
2272 get_parameter_algo( struct para_data_s *para, enum para_name key )
2273 {
2274 int i;
2275 struct para_data_s *r = get_parameter( para, key );
2276 if( !r )
2277 return -1;
2278 if( digitp( r->u.value ) )
2279 i = atoi( r->u.value );
2280 else if ( !strcmp ( r->u.value, "ELG-E")
2281 || !strcmp ( r->u.value, "ELG") )
2282 i = GCRY_PK_ELG_E;
2283 else
2284 i = gcry_pk_map_name (r->u.value);
2285 if (i == PUBKEY_ALGO_RSA_E || i == PUBKEY_ALGO_RSA_S)
2286 i = 0; /* we don't want to allow generation of these algorithms */
2287 return i;
2288 }
2289
2290 /*
2291 * Parse the usage parameter and set the keyflags. Returns -1 on
2292 * error, 0 for no usage given or 1 for usage available.
2293 */
2294 static int
2295 parse_parameter_usage (const char *fname,
2296 struct para_data_s *para, enum para_name key)
2297 {
2298 struct para_data_s *r = get_parameter( para, key );
2299 char *p, *pn;
2300 unsigned int use;
2301
2302 if( !r )
2303 return 0; /* none (this is an optional parameter)*/
2304
2305 use = 0;
2306 pn = r->u.value;
2307 while ( (p = strsep (&pn, " \t,")) ) {
2308 if ( !*p)
2309 ;
2310 else if ( !ascii_strcasecmp (p, "sign") )
2311 use |= PUBKEY_USAGE_SIG;
2312 else if ( !ascii_strcasecmp (p, "encrypt") )
2313 use |= PUBKEY_USAGE_ENC;
2314 else if ( !ascii_strcasecmp (p, "auth") )
2315 use |= PUBKEY_USAGE_AUTH;
2316 else {
2317 log_error("%s:%d: invalid usage list\n", fname, r->lnr );
2318 return -1; /* error */
2319 }
2320 }
2321 r->u.usage = use;
2322 return 1;
2323 }
2324
2325 static int
2326 parse_revocation_key (const char *fname,
2327 struct para_data_s *para, enum para_name key)
2328 {
2329 struct para_data_s *r = get_parameter( para, key );
2330 struct revocation_key revkey;
2331 char *pn;
2332 int i;
2333
2334 if( !r )
2335 return 0; /* none (this is an optional parameter) */
2336
2337 pn = r->u.value;
2338
2339 revkey.class=0x80;
2340 revkey.algid=atoi(pn);
2341 if(!revkey.algid)
2342 goto fail;
2343
2344 /* Skip to the fpr */
2345 while(*pn && *pn!=':')
2346 pn++;
2347
2348 if(*pn!=':')
2349 goto fail;
2350
2351 pn++;
2352
2353 for(i=0;i<MAX_FINGERPRINT_LEN && *pn;i++,pn+=2)
2354 {
2355 int c=hextobyte(pn);
2356 if(c==-1)
2357 goto fail;
2358
2359 revkey.fpr[i]=c;
2360 }
2361
2362 /* skip to the tag */
2363 while(*pn && *pn!='s' && *pn!='S')
2364 pn++;
2365
2366 if(ascii_strcasecmp(pn,"sensitive")==0)
2367 revkey.class|=0x40;
2368
2369 memcpy(&r->u.revkey,&revkey,sizeof(struct revocation_key));
2370
2371 return 0;
2372
2373 fail:
2374 log_error("%s:%d: invalid revocation key\n", fname, r->lnr );
2375 return -1; /* error */
2376 }
2377
2378
2379 static u32
2380 get_parameter_u32( struct para_data_s *para, enum para_name key )
2381 {
2382 struct para_data_s *r = get_parameter( para, key );
2383
2384 if( !r )
2385 return 0;
2386 if( r->key == pKEYCREATIONDATE )
2387 return r->u.creation;
2388 if( r->key == pKEYEXPIRE || r->key == pSUBKEYEXPIRE )
2389 return r->u.expire;
2390 if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
2391 return r->u.usage;
2392
2393 return (unsigned int)strtoul( r->u.value, NULL, 10 );
2394 }
2395
2396 static unsigned int
2397 get_parameter_uint( struct para_data_s *para, enum para_name key )
2398 {
2399 return get_parameter_u32( para, key );
2400 }
2401
2402 static DEK *
2403 get_parameter_dek( struct para_data_s *para, enum para_name key )
2404 {
2405 struct para_data_s *r = get_parameter( para, key );
2406 return r? r->u.dek : NULL;
2407 }
2408
2409 static STRING2KEY *
2410 get_parameter_s2k( struct para_data_s *para, enum para_name key )
2411 {
2412 struct para_data_s *r = get_parameter( para, key );
2413 return r? r->u.s2k : NULL;
2414 }
2415
2416 static struct revocation_key *
2417 get_parameter_revkey( struct para_data_s *para, enum para_name key )
2418 {
2419 struct para_data_s *r = get_parameter( para, key );
2420 return r? &r->u.revkey : NULL;
2421 }
2422
2423 static int
2424 proc_parameter_file( struct para_data_s *para, const char *fname,
2425 struct output_control_s *outctrl, int card )
2426 {
2427 struct para_data_s *r;
2428 const char *s1, *s2, *s3;
2429 size_t n;
2430 char *p;
2431 int have_user_id=0,err,algo;
2432
2433 /* Check that we have all required parameters. */
2434 r = get_parameter( para, pKEYTYPE );
2435 if(r)
2436 {
2437 algo=get_parameter_algo(para,pKEYTYPE);
2438 if (openpgp_pk_test_algo2 (algo, PUBKEY_USAGE_SIG))
2439 {
2440 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
2441 return -1;
2442 }
2443 }
2444 else
2445 {
2446 log_error ("%s: no Key-Type specified\n",fname);
2447 return -1;
2448 }
2449
2450 err = parse_parameter_usage (fname, para, pKEYUSAGE);
2451 if (!err)
2452 {
2453 /* Default to algo capabilities if key-usage is not provided */
2454 r = xmalloc_clear(sizeof(*r));
2455 r->key = pKEYUSAGE;
2456 r->u.usage = openpgp_pk_algo_usage(algo);
2457 r->next = para;
2458 para = r;
2459 }
2460 else if (err == -1)
2461 return -1;
2462 else
2463 {
2464 r = get_parameter (para, pKEYUSAGE);
2465 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
2466 {
2467 log_error ("%s:%d: specified Key-Usage not allowed for algo %d\n",
2468 fname, r->lnr, algo);
2469 return -1;
2470 }
2471 }
2472
2473 r = get_parameter( para, pSUBKEYTYPE );
2474 if(r)
2475 {
2476 algo = get_parameter_algo (para, pSUBKEYTYPE);
2477 if (openpgp_pk_test_algo (algo))
2478 {
2479 log_error ("%s:%d: invalid algorithm\n", fname, r->lnr );
2480 return -1;
2481 }
2482
2483 err = parse_parameter_usage (fname, para, pSUBKEYUSAGE);
2484 if (!err)
2485 {
2486 /* Default to algo capabilities if subkey-usage is not
2487 provided */
2488 r = xmalloc_clear (sizeof(*r));
2489 r->key = pSUBKEYUSAGE;
2490 r->u.usage = openpgp_pk_algo_usage (algo);
2491 r->next = para;
2492 para = r;
2493 }
2494 else if (err == -1)
2495 return -1;
2496 else
2497 {
2498 r = get_parameter (para, pSUBKEYUSAGE);
2499 if (r && (r->u.usage & ~openpgp_pk_algo_usage (algo)))
2500 {
2501 log_error ("%s:%d: specified Subkey-Usage not allowed"
2502 " for algo %d\n", fname, r->lnr, algo);
2503 return -1;
2504 }
2505 }
2506 }
2507
2508
2509 if( get_parameter_value( para, pUSERID ) )
2510 have_user_id=1;
2511 else
2512 {
2513 /* create the formatted user ID */
2514 s1 = get_parameter_value( para, pNAMEREAL );
2515 s2 = get_parameter_value( para, pNAMECOMMENT );
2516 s3 = get_parameter_value( para, pNAMEEMAIL );
2517 if( s1 || s2 || s3 )
2518 {
2519 n = (s1?strlen(s1):0) + (s2?strlen(s2):0) + (s3?strlen(s3):0);
2520 r = xmalloc_clear( sizeof *r + n + 20 );
2521 r->key = pUSERID;
2522 p = r->u.value;
2523 if( s1 )
2524 p = stpcpy(p, s1 );
2525 if( s2 )
2526 p = stpcpy(stpcpy(stpcpy(p," ("), s2 ),")");
2527 if( s3 )
2528 p = stpcpy(stpcpy(stpcpy(p," <"), s3 ),">");
2529 r->next = para;
2530 para = r;
2531 have_user_id=1;
2532 }
2533 }
2534
2535 if(!have_user_id)
2536 {
2537 log_error("%s: no User-ID specified\n",fname);
2538 return -1;
2539 }
2540
2541 /* Set preferences, if any. */
2542 keygen_set_std_prefs(get_parameter_value( para, pPREFERENCES ), 0);
2543
2544 /* Set keyserver, if any. */
2545 s1=get_parameter_value( para, pKEYSERVER );
2546 if(s1)
2547 {
2548 struct keyserver_spec *spec;
2549
2550 spec=parse_keyserver_uri(s1,1,NULL,0);
2551 if(spec)
2552 {
2553 free_keyserver_spec(spec);
2554 opt.def_keyserver_url=s1;
2555 }
2556 else
2557 {
2558 log_error("%s:%d: invalid keyserver url\n", fname, r->lnr );
2559 return -1;
2560 }
2561 }
2562
2563 /* Set revoker, if any. */
2564 if (parse_revocation_key (fname, para, pREVOKER))
2565 return -1;
2566
2567 /* Make DEK and S2K from the Passphrase. */
2568 if (outctrl->ask_passphrase)
2569 {
2570 /* %ask-passphrase is active - ignore pPASSPRASE and ask. This
2571 feature is required so that GUIs are able to do a key
2572 creation but have gpg-agent ask for the passphrase. */
2573 int canceled = 0;
2574 STRING2KEY *s2k;
2575 DEK *dek;
2576
2577 dek = do_ask_passphrase ( &s2k, &canceled );
2578 if (dek)
2579 {
2580 r = xmalloc_clear( sizeof *r );
2581 r->key = pPASSPHRASE_DEK;
2582 r->u.dek = dek;
2583 r->next = para;
2584 para = r;
2585 r = xmalloc_clear( sizeof *r );
2586 r->key = pPASSPHRASE_S2K;
2587 r->u.s2k = s2k;
2588 r->next = para;
2589 para = r;
2590 }
2591
2592 if (canceled)
2593 {
2594 log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
2595 return -1;
2596 }
2597 }
2598 else
2599 {
2600 r = get_parameter( para, pPASSPHRASE );
2601 if ( r && *r->u.value )
2602 {
2603 /* We have a plain text passphrase - create a DEK from it.
2604 * It is a little bit ridiculous to keep it in secure memory
2605 * but because we do this always, why not here. */
2606 STRING2KEY *s2k;
2607 DEK *dek;
2608
2609 s2k = xmalloc_secure ( sizeof *s2k );
2610 s2k->mode = opt.s2k_mode;
2611 s2k->hash_algo = S2K_DIGEST_ALGO;
2612 set_next_passphrase ( r->u.value );
2613 dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
2614 NULL, NULL);
2615 set_next_passphrase (NULL );
2616 assert (dek);
2617 memset (r->u.value, 0, strlen(r->u.value));
2618
2619 r = xmalloc_clear (sizeof *r);
2620 r->key = pPASSPHRASE_S2K;
2621 r->u.s2k = s2k;
2622 r->next = para;
2623 para = r;
2624 r = xmalloc_clear (sizeof *r);
2625 r->key = pPASSPHRASE_DEK;
2626 r->u.dek = dek;
2627 r->next = para;
2628 para = r;
2629 }
2630 }
2631
2632 /* Make KEYCREATIONDATE from Creation-Date. */
2633 r = get_parameter (para, pCREATIONDATE);
2634 if (r && *r->u.value)
2635 {
2636 u32 seconds;
2637
2638 seconds = parse_creation_string (r->u.value);
2639 if (!seconds)
2640 {
2641 log_error ("%s:%d: invalid creation date\n", fname, r->lnr );
2642 return -1;
2643 }
2644 r->u.creation = seconds;
2645 r->key = pKEYCREATIONDATE; /* Change that entry. */
2646 }
2647
2648 /* Make KEYEXPIRE from Expire-Date. */
2649 r = get_parameter( para, pEXPIREDATE );
2650 if( r && *r->u.value )
2651 {
2652 u32 seconds;
2653
2654 seconds = parse_expire_string( r->u.value );
2655 if( seconds == (u32)-1 )
2656 {
2657 log_error("%s:%d: invalid expire date\n", fname, r->lnr );
2658 return -1;
2659 }
2660 r->u.expire = seconds;
2661 r->key = pKEYEXPIRE; /* change hat entry */
2662 /* also set it for the subkey */
2663 r = xmalloc_clear( sizeof *r + 20 );
2664 r->key = pSUBKEYEXPIRE;
2665 r->u.expire = seconds;
2666 r->next = para;
2667 para = r;
2668 }
2669
2670 if( !!outctrl->pub.newfname ^ !!outctrl->sec.newfname ) {
2671 log_error("%s:%d: only one ring name is set\n", fname, outctrl->lnr );
2672 return -1;
2673 }
2674
2675 do_generate_keypair( para, outctrl, card );
2676 return 0;
2677 }
2678
2679
2680 /****************
2681 * Kludge to allow non interactive key generation controlled
2682 * by a parameter file.
2683 * Note, that string parameters are expected to be in UTF-8
2684 */
2685 static void
2686 read_parameter_file( const char *fname )
2687 {
2688 static struct { const char *name;
2689 enum para_name key;
2690 } keywords[] = {
2691 { "Key-Type", pKEYTYPE},
2692 { "Key-Length", pKEYLENGTH },
2693 { "Key-Usage", pKEYUSAGE },
2694 { "Subkey-Type", pSUBKEYTYPE },
2695 { "Subkey-Length", pSUBKEYLENGTH },
2696 { "Subkey-Usage", pSUBKEYUSAGE },
2697 { "Name-Real", pNAMEREAL },
2698 { "Name-Email", pNAMEEMAIL },
2699 { "Name-Comment", pNAMECOMMENT },
2700 { "Expire-Date", pEXPIREDATE },
2701 { "Creation-Date", pCREATIONDATE },
2702 { "Passphrase", pPASSPHRASE },
2703 { "Preferences", pPREFERENCES },
2704 { "Revoker", pREVOKER },
2705 { "Handle", pHANDLE },
2706 { "Keyserver", pKEYSERVER },
2707 { NULL, 0 }
2708 };
2709 IOBUF fp;
2710 byte *line;
2711 unsigned int maxlen, nline;
2712 char *p;
2713 int lnr;
2714 const char *err = NULL;
2715 struct para_data_s *para, *r;
2716 int i;
2717 struct output_control_s outctrl;
2718
2719 memset( &outctrl, 0, sizeof( outctrl ) );
2720 outctrl.pub.afx = new_armor_context ();
2721 outctrl.sec.afx = new_armor_context ();
2722
2723 if( !fname || !*fname)
2724 fname = "-";
2725
2726 fp = iobuf_open (fname);
2727 if (fp && is_secured_file (iobuf_get_fd (fp)))
2728 {
2729 iobuf_close (fp);
2730 fp = NULL;
2731 errno = EPERM;
2732 }
2733 if (!fp) {
2734 log_error (_("can't open `%s': %s\n"), fname, strerror(errno) );
2735 return;
2736 }
2737 iobuf_ioctl (fp, 3, 1, NULL); /* No file caching. */
2738
2739 lnr = 0;
2740 err = NULL;
2741 para = NULL;
2742 maxlen = 1024;
2743 line = NULL;
2744 while ( iobuf_read_line (fp, &line, &nline, &maxlen) ) {
2745 char *keyword, *value;
2746
2747 lnr++;
2748 if( !maxlen ) {
2749 err = "line too long";
2750 break;
2751 }
2752 for( p = line; isspace(*(byte*)p); p++ )
2753 ;
2754 if( !*p || *p == '#' )
2755 continue;
2756 keyword = p;
2757 if( *keyword == '%' ) {
2758 for( ; !isspace(*(byte*)p); p++ )
2759 ;
2760 if( *p )
2761 *p++ = 0;
2762 for( ; isspace(*(byte*)p); p++ )
2763 ;
2764 value = p;
2765 trim_trailing_ws( value, strlen(value) );
2766 if( !ascii_strcasecmp( keyword, "%echo" ) )
2767 log_info("%s\n", value );
2768 else if( !ascii_strcasecmp( keyword, "%dry-run" ) )
2769 outctrl.dryrun = 1;
2770 else if( !ascii_strcasecmp( keyword, "%ask-passphrase" ) )
2771 outctrl.ask_passphrase = 1;
2772 else if( !ascii_strcasecmp( keyword, "%no-ask-passphrase" ) )
2773 outctrl.ask_passphrase = 0;
2774 else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
2775 outctrl.lnr = lnr;
2776 if (proc_parameter_file( para, fname, &outctrl, 0 ))
2777 print_status_key_not_created
2778 (get_parameter_value (para, pHANDLE));
2779 release_parameter_list( para );
2780 para = NULL;
2781 }
2782 else if( !ascii_strcasecmp( keyword, "%pubring" ) ) {
2783 if( outctrl.pub.fname && !strcmp( outctrl.pub.fname, value ) )
2784 ; /* still the same file - ignore it */
2785 else {
2786 xfree( outctrl.pub.newfname );
2787 outctrl.pub.newfname = xstrdup( value );
2788 outctrl.use_files = 1;
2789 }
2790 }
2791 else if( !ascii_strcasecmp( keyword, "%secring" ) ) {
2792 if( outctrl.sec.fname && !strcmp( outctrl.sec.fname, value ) )
2793 ; /* still the same file - ignore it */
2794 else {
2795 xfree( outctrl.sec.newfname );
2796 outctrl.sec.newfname = xstrdup( value );
2797 outctrl.use_files = 1;
2798 }
2799 }
2800 else
2801 log_info("skipping control `%s' (%s)\n", keyword, value );
2802
2803
2804 continue;
2805 }
2806
2807
2808 if( !(p = strchr( p, ':' )) || p == keyword ) {
2809 err = "missing colon";
2810 break;
2811 }
2812 if( *p )
2813 *p++ = 0;
2814 for( ; isspace(*(byte*)p); p++ )
2815 ;
2816 if( !*p ) {
2817 err = "missing argument";
2818 break;
2819 }
2820 value = p;
2821 trim_trailing_ws( value, strlen(value) );
2822
2823 for(i=0; keywords[i].name; i++ ) {
2824 if( !ascii_strcasecmp( keywords[i].name, keyword ) )
2825 break;
2826 }
2827 if( !keywords[i].name ) {
2828 err = "unknown keyword";
2829 break;
2830 }
2831 if( keywords[i].key != pKEYTYPE && !para ) {
2832 err = "parameter block does not start with \"Key-Type\"";
2833 break;
2834 }
2835
2836 if( keywords[i].key == pKEYTYPE && para ) {
2837 outctrl.lnr = lnr;
2838 if (proc_parameter_file( para, fname, &outctrl, 0 ))
2839 print_status_key_not_created
2840 (get_parameter_value (para, pHANDLE));
2841 release_parameter_list( para );
2842 para = NULL;
2843 }
2844 else {
2845 for( r = para; r; r = r->next ) {
2846 if( r->key == keywords[i].key )
2847 break;
2848 }
2849 if( r ) {
2850 err = "duplicate keyword";
2851 break;
2852 }
2853 }
2854 r = xmalloc_clear( sizeof *r + strlen( value ) );
2855 r->lnr = lnr;
2856 r->key = keywords[i].key;
2857 strcpy( r->u.value, value );
2858 r->next = para;
2859 para = r;
2860 }
2861 if( err )
2862 log_error("%s:%d: %s\n", fname, lnr, err );
2863 else if( iobuf_error (fp) ) {
2864 log_error("%s:%d: read error\n", fname, lnr);
2865 }
2866 else if( para ) {
2867 outctrl.lnr = lnr;
2868 if (proc_parameter_file( para, fname, &outctrl, 0 ))
2869 print_status_key_not_created (get_parameter_value (para, pHANDLE));
2870 }
2871
2872 if( outctrl.use_files ) { /* close open streams */
2873 iobuf_close( outctrl.pub.stream );
2874 iobuf_close( outctrl.sec.stream );
2875
2876 /* Must invalidate that ugly cache to actually close it. */
2877 if (outctrl.pub.fname)
2878 iobuf_ioctl (NULL, 2, 0, (char*)outctrl.pub.fname);
2879 if (outctrl.sec.fname)
2880 iobuf_ioctl (NULL, 2, 0, (char*)outctrl.sec.fname);
2881
2882 xfree( outctrl.pub.fname );
2883 xfree( outctrl.pub.newfname );
2884 xfree( outctrl.sec.fname );
2885 xfree( outctrl.sec.newfname );
2886 }
2887
2888 release_parameter_list( para );
2889 iobuf_close (fp);
2890 release_armor_context (outctrl.pub.afx);
2891 release_armor_context (outctrl.sec.afx);
2892 }
2893
2894
2895 /*
2896 * Generate a keypair (fname is only used in batch mode) If
2897 * CARD_SERIALNO is not NULL the function will create the keys on an
2898 * OpenPGP Card. If BACKUP_ENCRYPTION_DIR has been set and
2899 * CARD_SERIALNO is NOT NULL, the encryption key for the card gets
2900 * generate in software, imported to the card and a backup file
2901 * written to directory given by this argument .
2902 */
2903 void
2904 generate_keypair (const char *fname, const char *card_serialno,
2905 const char *backup_encryption_dir)
2906 {
2907 unsigned int nbits;
2908 char *uid = NULL;
2909 DEK *dek;
2910 STRING2KEY *s2k;
2911 int algo;
2912 unsigned int use;
2913 int both = 0;
2914 u32 expire;
2915 struct para_data_s *para = NULL;
2916 struct para_data_s *r;
2917 struct output_control_s outctrl;
2918 int canceled;
2919
2920 memset( &outctrl, 0, sizeof( outctrl ) );
2921
2922 if (opt.batch && card_serialno)
2923 {
2924 /* We don't yet support unattended key generation. */
2925 log_error (_("can't do this in batch mode\n"));
2926 return;
2927 }
2928
2929 if (opt.batch)
2930 {
2931 read_parameter_file( fname );
2932 return;
2933 }
2934
2935 if (card_serialno)
2936 {
2937 #ifdef ENABLE_CARD_SUPPORT
2938 r = xcalloc (1, sizeof *r + strlen (card_serialno) );
2939 r->key = pSERIALNO;
2940 strcpy( r->u.value, card_serialno);
2941 r->next = para;
2942 para = r;
2943
2944 algo = PUBKEY_ALGO_RSA;
2945
2946 r = xcalloc (1, sizeof *r + 20 );
2947 r->key = pKEYTYPE;
2948 sprintf( r->u.value, "%d", algo );
2949 r->next = para;
2950 para = r;
2951 r = xcalloc (1, sizeof *r + 20 );
2952 r->key = pKEYUSAGE;
2953 strcpy (r->u.value, "sign");
2954 r->next = para;
2955 para = r;
2956
2957 r = xcalloc (1, sizeof *r + 20 );
2958 r->key = pSUBKEYTYPE;
2959 sprintf( r->u.value, "%d", algo );
2960 r->next = para;
2961 para = r;
2962 r = xcalloc (1, sizeof *r + 20 );
2963 r->key = pSUBKEYUSAGE;
2964 strcpy (r->u.value, "encrypt");
2965 r->next = para;
2966 para = r;
2967
2968 r = xcalloc (1, sizeof *r + 20 );
2969 r->key = pAUTHKEYTYPE;
2970 sprintf( r->u.value, "%d", algo );
2971 r->next = para;
2972 para = r;
2973
2974 if (backup_encryption_dir)
2975 {
2976 r = xcalloc (1, sizeof *r + strlen (backup_encryption_dir) );
2977 r->key = pBACKUPENCDIR;
2978 strcpy (r->u.value, backup_encryption_dir);
2979 r->next = para;
2980 para = r;
2981 }
2982 #endif /*ENABLE_CARD_SUPPORT*/
2983 }
2984 else
2985 {
2986 algo = ask_algo( 0, &use );
2987 if( !algo )
2988 { /* default: DSA with ElG subkey of the specified size */
2989 both = 1;
2990 r = xmalloc_clear( sizeof *r + 20 );
2991 r->key = pKEYTYPE;
2992 sprintf( r->u.value, "%d", PUBKEY_ALGO_DSA );
2993 r->next = para;
2994 para = r;
2995 nbits = ask_keysize( PUBKEY_ALGO_DSA );
2996 r = xmalloc_clear( sizeof *r + 20 );
2997 r->key = pKEYLENGTH;
2998 sprintf( r->u.value, "%u", nbits);
2999 r->next = para;
3000 para = r;
3001 r = xmalloc_clear( sizeof *r + 20 );
3002 r->key = pKEYUSAGE;
3003 strcpy( r->u.value, "sign" );
3004 r->next = para;
3005 para = r;
3006
3007 algo = PUBKEY_ALGO_ELGAMAL_E;
3008 r = xmalloc_clear( sizeof *r + 20 );
3009 r->key = pSUBKEYTYPE;
3010 sprintf( r->u.value, "%d", algo );
3011 r->next = para;
3012 para = r;
3013 r = xmalloc_clear( sizeof *r + 20 );
3014 r->key = pSUBKEYUSAGE;
3015 strcpy( r->u.value, "encrypt" );
3016 r->next = para;
3017 para = r;
3018 }
3019 else
3020 {
3021 r = xmalloc_clear( sizeof *r + 20 );
3022 r->key = pKEYTYPE;
3023 sprintf( r->u.value, "%d", algo );
3024 r->next = para;
3025 para = r;
3026
3027 if (use)
3028 {
3029 r = xmalloc_clear( sizeof *r + 25 );
3030 r->key = pKEYUSAGE;
3031 sprintf( r->u.value, "%s%s%s",
3032 (use & PUBKEY_USAGE_SIG)? "sign ":"",
3033 (use & PUBKEY_USAGE_ENC)? "encrypt ":"",
3034 (use & PUBKEY_USAGE_AUTH)? "auth":"" );
3035 r->next = para;
3036 para = r;
3037 }
3038
3039 }
3040
3041 nbits = ask_keysize( algo );
3042 r = xmalloc_clear( sizeof *r + 20 );
3043 r->key = both? pSUBKEYLENGTH : pKEYLENGTH;
3044 sprintf( r->u.value, "%u", nbits);
3045 r->next = para;
3046 para = r;
3047 }
3048
3049 expire = ask_expire_interval(0,NULL);
3050 r = xmalloc_clear( sizeof *r + 20 );
3051 r->key = pKEYEXPIRE;
3052 r->u.expire = expire;
3053 r->next = para;
3054 para = r;
3055 r = xmalloc_clear( sizeof *r + 20 );
3056 r->key = pSUBKEYEXPIRE;
3057 r->u.expire = expire;
3058 r->next = para;
3059 para = r;
3060
3061 uid = ask_user_id(0);
3062 if( !uid )
3063 {
3064 log_error(_("Key generation canceled.\n"));
3065 release_parameter_list( para );
3066 return;
3067 }
3068 r = xmalloc_clear( sizeof *r + strlen(uid) );
3069 r->key = pUSERID;
3070 strcpy( r->u.value, uid );
3071 r->next = para;
3072 para = r;
3073
3074 canceled = 0;
3075 dek = card_serialno? NULL : do_ask_passphrase ( &s2k, &canceled );
3076 if( dek )
3077 {
3078 r = xmalloc_clear( sizeof *r );
3079 r->key = pPASSPHRASE_DEK;
3080 r->u.dek = dek;
3081 r->next = para;
3082 para = r;
3083 r = xmalloc_clear( sizeof *r );
3084 r->key = pPASSPHRASE_S2K;
3085 r->u.s2k = s2k;
3086 r->next = para;
3087 para = r;
3088 }
3089
3090 if (canceled)
3091 log_error (_("Key generation canceled.\n"));
3092 else
3093 proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);
3094 release_parameter_list( para );
3095 }
3096
3097
3098 #ifdef ENABLE_CARD_SUPPORT
3099 /* Generate a raw key and return it as a secret key packet. The
3100 function will ask for the passphrase and return a protected as well
3101 as an unprotected copy of a new secret key packet. 0 is returned
3102 on success and the caller must then free the returned values. */
3103 static int
3104 generate_raw_key (int algo, unsigned int nbits, u32 created_at,
3105 PKT_secret_key **r_sk_unprotected,
3106 PKT_secret_key **r_sk_protected)
3107 {
3108 int rc;
3109 DEK *dek = NULL;
3110 STRING2KEY *s2k = NULL;
3111 PKT_secret_key *sk = NULL;
3112 int i;
3113 size_t nskey, npkey;
3114 gcry_sexp_t s_parms, s_key;
3115 int canceled;
3116
3117 npkey = pubkey_get_npkey (algo);
3118 nskey = pubkey_get_nskey (algo);
3119 assert (nskey <= PUBKEY_MAX_NSKEY && npkey < nskey);
3120
3121 if (nbits < 512)
3122 {
3123 nbits = 512;
3124 log_info (_("keysize invalid; using %u bits\n"), nbits );
3125 }
3126
3127 if ((nbits % 32))
3128 {
3129 nbits = ((nbits + 31) / 32) * 32;
3130 log_info(_("keysize rounded up to %u bits\n"), nbits );
3131 }
3132
3133 dek = do_ask_passphrase (&s2k, &canceled);
3134 if (canceled)
3135 {
3136 rc = gpg_error (GPG_ERR_CANCELED);
3137 goto leave;
3138 }
3139
3140 sk = xmalloc_clear (sizeof *sk);
3141 sk->timestamp = created_at;
3142 sk->version = 4;
3143 sk->pubkey_algo = algo;
3144
3145 if ( !is_RSA (algo) )
3146 {
3147 log_error ("only RSA is supported for offline generated keys\n");
3148 rc = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
3149 goto leave;
3150 }
3151 rc = gcry_sexp_build (&s_parms, NULL,
3152 "(genkey(rsa(nbits %d)))",
3153 (int)nbits);
3154 if (rc)
3155 log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
3156 rc = gcry_pk_genkey (&s_key, s_parms);
3157 gcry_sexp_release (s_parms);
3158 if (rc)
3159 {
3160 log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
3161 goto leave;
3162 }
3163 rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
3164 gcry_sexp_release (s_key);
3165 if (rc)
3166 {
3167 log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
3168 goto leave;
3169 }
3170
3171 for (i=npkey; i < nskey; i++)
3172 sk->csum += checksum_mpi (sk->skey[i]);
3173
3174 if (r_sk_unprotected)
3175 *r_sk_unprotected = copy_secret_key (NULL, sk);
3176
3177 rc = genhelp_protect (dek, s2k, sk);
3178 if (rc)
3179 goto leave;
3180
3181 if (r_sk_protected)
3182 {
3183 *r_sk_protected = sk;
3184 sk = NULL;
3185 }
3186
3187 leave:
3188 if (sk)
3189 free_secret_key (sk);
3190 xfree (dek);
3191 xfree (s2k);
3192 return rc;
3193 }
3194 #endif /* ENABLE_CARD_SUPPORT */
3195
3196 /* Create and delete a dummy packet to start off a list of kbnodes. */
3197 static void
3198 start_tree(KBNODE *tree)
3199 {
3200 PACKET *pkt;
3201
3202 pkt=xmalloc_clear(sizeof(*pkt));
3203 pkt->pkttype=PKT_NONE;
3204 *tree=new_kbnode(pkt);
3205 delete_kbnode(*tree);
3206 }
3207
3208
3209 static void
3210 do_generate_keypair (struct para_data_s *para,
3211 struct output_control_s *outctrl, int card)
3212 {
3213 KBNODE pub_root = NULL;
3214 KBNODE sec_root = NULL;
3215 PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
3216 const char *s;
3217 struct revocation_key *revkey;
3218 int rc;
3219 int did_sub = 0;
3220 u32 timestamp;
3221
3222 if( outctrl->dryrun )
3223 {
3224 log_info("dry-run mode - key generation skipped\n");
3225 return;
3226 }
3227
3228 if ( outctrl->use_files )
3229 {
3230 if ( outctrl->pub.newfname )
3231 {
3232 iobuf_close(outctrl->pub.stream);
3233 outctrl->pub.stream = NULL;
3234 if (outctrl->pub.fname)
3235 iobuf_ioctl (NULL, 2, 0, (char*)outctrl->pub.fname);
3236 xfree( outctrl->pub.fname );
3237 outctrl->pub.fname = outctrl->pub.newfname;
3238 outctrl->pub.newfname = NULL;
3239
3240 if (is_secured_filename (outctrl->pub.fname) )
3241 {
3242 outctrl->pub.stream = NULL;
3243 errno = EPERM;
3244 }
3245 else
3246 outctrl->pub.stream = iobuf_create( outctrl->pub.fname );
3247 if (!outctrl->pub.stream)
3248 {
3249 log_error(_("can't create `%s': %s\n"), outctrl->pub.newfname,
3250 strerror(errno) );
3251 return;
3252 }
3253 if (opt.armor)
3254 {
3255 outctrl->pub.afx->what = 1;
3256 push_armor_filter (outctrl->pub.afx, outctrl->pub.stream);
3257 }
3258 }
3259 if (outctrl->sec.newfname)
3260 {
3261 mode_t oldmask;
3262
3263 iobuf_close(outctrl->sec.stream);
3264 outctrl->sec.stream = NULL;
3265 if (outctrl->sec.fname)
3266 iobuf_ioctl (NULL, 2, 0, (char*)outctrl->sec.fname);
3267 xfree( outctrl->sec.fname );
3268 outctrl->sec.fname = outctrl->sec.newfname;
3269 outctrl->sec.newfname = NULL;
3270
3271 oldmask = umask (077);
3272 if (is_secured_filename (outctrl->sec.fname) )
3273 {
3274 outctrl->sec.stream = NULL;
3275 errno = EPERM;
3276 }
3277 else
3278 outctrl->sec.stream = iobuf_create( outctrl->sec.fname );
3279 umask (oldmask);
3280 if (!outctrl->sec.stream)
3281 {
3282 log_error(_("can't create `%s': %s\n"), outctrl->sec.newfname,
3283 strerror(errno) );
3284 return;
3285 }
3286 if (opt.armor)
3287 {
3288 outctrl->sec.afx->what = 5;
3289 push_armor_filter (outctrl->sec.afx, outctrl->sec.stream);
3290 }
3291 }
3292 assert( outctrl->pub.stream );
3293 assert( outctrl->sec.stream );
3294 if (opt.verbose)
3295 {
3296 log_info (_("writing public key to `%s'\n"), outctrl->pub.fname );
3297 if (card)
3298 log_info (_("writing secret key stub to `%s'\n"),
3299 outctrl->sec.fname);
3300 else
3301 log_info(_("writing secret key to `%s'\n"), outctrl->sec.fname );
3302 }
3303 }
3304
3305
3306 /* We create the packets as a tree of kbnodes. Because the
3307 structure we create is known in advance we simply generate a
3308 linked list. The first packet is a dummy packet which we flag as
3309 deleted. The very first packet must always be a KEY packet. */
3310
3311 start_tree (&pub_root);
3312 start_tree (&sec_root);
3313
3314 timestamp = get_parameter_u32 (para, pKEYCREATIONDATE);
3315 if (!timestamp)
3316 timestamp = make_timestamp ();
3317
3318 if (!card)
3319 {
3320 rc = do_create (get_parameter_algo( para, pKEYTYPE ),
3321 get_parameter_uint( para, pKEYLENGTH ),
3322 pub_root, sec_root,
3323 get_parameter_dek( para, pPASSPHRASE_DEK ),
3324 get_parameter_s2k( para, pPASSPHRASE_S2K ),
3325 &pri_sk,
3326 timestamp,
3327 get_parameter_u32( para, pKEYEXPIRE ), 0 );
3328 }
3329 else
3330 {
3331 /* Note, that depending on the backend, the card key generation
3332 may update TIMESTAMP. */
3333 rc = gen_card_key (PUBKEY_ALGO_RSA, 1, 1, pub_root, sec_root, NULL,
3334 &timestamp,
3335 get_parameter_u32 (para, pKEYEXPIRE), para);
3336 if (!rc)
3337 {
3338 pri_sk = sec_root->next->pkt->pkt.secret_key;
3339 assert (pri_sk);
3340 }
3341 }
3342
3343 if(!rc && (revkey=get_parameter_revkey(para,pREVOKER)))
3344 {
3345 rc = write_direct_sig (pub_root, pub_root, pri_sk, revkey, timestamp);
3346 if (!rc)
3347 rc = write_direct_sig (sec_root, pub_root, pri_sk, revkey, timestamp);
3348 }
3349
3350 if( !rc && (s=get_parameter_value(para, pUSERID)) )
3351 {
3352 write_uid (pub_root, s );
3353 write_uid (sec_root, s );
3354
3355 rc = write_selfsigs (sec_root, pub_root, pri_sk,
3356 get_parameter_uint (para, pKEYUSAGE), timestamp);
3357 }
3358
3359 /* Write the auth key to the card before the encryption key. This
3360 is a partial workaround for a PGP bug (as of this writing, all
3361 versions including 8.1), that causes it to try and encrypt to
3362 the most recent subkey regardless of whether that subkey is
3363 actually an encryption type. In this case, the auth key is an
3364 RSA key so it succeeds. */
3365
3366 if (!rc && card && get_parameter (para, pAUTHKEYTYPE))
3367 {
3368 /* Note, that depending on the backend, the card key generation
3369 may update TIMESTAMP. */
3370 rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
3371 &timestamp,
3372 get_parameter_u32 (para, pKEYEXPIRE), para);
3373
3374 if (!rc)
3375 rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk,
3376 PUBKEY_USAGE_AUTH, timestamp);
3377 if (!rc)
3378 rc = write_keybinding (sec_root, pub_root, pri_sk, sub_sk,
3379 PUBKEY_USAGE_AUTH, timestamp);
3380 }
3381
3382 if( !rc && get_parameter( para, pSUBKEYTYPE ) )
3383 {
3384 if (!card)
3385 {
3386 rc = do_create( get_parameter_algo( para, pSUBKEYTYPE ),
3387 get_parameter_uint( para, pSUBKEYLENGTH ),
3388 pub_root, sec_root,
3389 get_parameter_dek( para, pPASSPHRASE_DEK ),
3390 get_parameter_s2k( para, pPASSPHRASE_S2K ),
3391 &sub_sk,
3392 timestamp,
3393 get_parameter_u32( para, pSUBKEYEXPIRE ), 1 );
3394 }
3395 else
3396 {
3397 if ((s = get_parameter_value (para, pBACKUPENCDIR)))
3398 {
3399 /* A backup of the encryption key has been requested.
3400 Generate the key in software and import it then to
3401 the card. Write a backup file. */
3402 rc = gen_card_key_with_backup (PUBKEY_ALGO_RSA, 2, 0,
3403 pub_root, sec_root,
3404 timestamp,
3405 get_parameter_u32 (para,
3406 pKEYEXPIRE),
3407 para, s);
3408 }
3409 else
3410 {
3411 /* Note, that depending on the backend, the card key
3412 generation may update TIMESTAMP. */
3413 rc = gen_card_key (PUBKEY_ALGO_RSA, 2, 0, pub_root, sec_root,
3414 NULL,
3415 &timestamp,
3416 get_parameter_u32 (para, pKEYEXPIRE), para);
3417 }
3418 }
3419
3420 if( !rc )
3421 rc = write_keybinding(pub_root, pub_root, pri_sk, sub_sk,
3422 get_parameter_uint (para, pSUBKEYUSAGE),
3423 timestamp);
3424 if( !rc )
3425 rc = write_keybinding(sec_root, pub_root, pri_sk, sub_sk,
3426 get_parameter_uint (para, pSUBKEYUSAGE),
3427 timestamp);
3428 did_sub = 1;
3429 }
3430
3431 if (!rc && outctrl->use_files) /* Direct write to specified files. */
3432 {
3433 rc = write_keyblock( outctrl->pub.stream, pub_root );
3434 if (rc)
3435 log_error ("can't write public key: %s\n", g10_errstr(rc) );
3436 if (!rc)
3437 {
3438 rc = write_keyblock( outctrl->sec.stream, sec_root );
3439 if(rc)
3440 log_error ("can't write secret key: %s\n", g10_errstr(rc) );
3441 }
3442 }
3443 else if (!rc) /* Write to the standard keyrings. */
3444 {
3445 KEYDB_HANDLE pub_hd = keydb_new (0);
3446 KEYDB_HANDLE sec_hd = keydb_new (1);
3447
3448 rc = keydb_locate_writable (pub_hd, NULL);
3449 if (rc)
3450 log_error (_("no writable public keyring found: %s\n"),
3451 g10_errstr (rc));
3452
3453 if (!rc)
3454 {
3455 rc = keydb_locate_writable (sec_hd, NULL);
3456 if (rc)
3457 log_error (_("no writable secret keyring found: %s\n"),
3458 g10_errstr (rc));
3459 }
3460
3461 if (!rc && opt.verbose)
3462 {
3463 log_info (_("writing public key to `%s'\n"),
3464 keydb_get_resource_name (pub_hd));
3465 if (card)
3466 log_info (_("writing secret key stub to `%s'\n"),
3467 keydb_get_resource_name (sec_hd));
3468 else
3469 log_info (_("writing secret key to `%s'\n"),
3470 keydb_get_resource_name (sec_hd));
3471 }
3472
3473 if (!rc)
3474 {
3475 rc = keydb_insert_keyblock (pub_hd, pub_root);
3476 if (rc)
3477 log_error (_("error writing public keyring `%s': %s\n"),
3478 keydb_get_resource_name (pub_hd), g10_errstr(rc));
3479 }
3480
3481 if (!rc)
3482 {
3483 rc = keydb_insert_keyblock (sec_hd, sec_root);
3484 if (rc)
3485 log_error (_("error writing secret keyring `%s': %s\n"),
3486 keydb_get_resource_name (pub_hd), g10_errstr(rc));
3487 }
3488
3489 keydb_release (pub_hd);
3490 keydb_release (sec_hd);
3491
3492 if (!rc)
3493 {
3494 int no_enc_rsa;
3495 PKT_public_key *pk;
3496
3497 no_enc_rsa = (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_RSA
3498 && get_parameter_uint (para, pKEYUSAGE)
3499 && !((get_parameter_uint (para, pKEYUSAGE)
3500 & PUBKEY_USAGE_ENC)) );
3501
3502 pk = find_kbnode (pub_root, PKT_PUBLIC_KEY)->pkt->pkt.public_key;
3503
3504 keyid_from_pk(pk,pk->main_keyid);
3505 register_trusted_keyid(pk->main_keyid);
3506
3507 update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
3508 | TRUST_ULTIMATE ));
3509
3510 if (!opt.batch)
3511 {
3512 tty_printf (_("public and secret key created and signed.\n") );
3513 tty_printf ("\n");
3514 list_keyblock(pub_root,0,1,NULL);
3515 }
3516
3517
3518 if (!opt.batch
3519 && (get_parameter_algo (para, pKEYTYPE) == PUBKEY_ALGO_DSA
3520 || no_enc_rsa )
3521 && !get_parameter (para, pSUBKEYTYPE) )
3522 {
3523 tty_printf(_("Note that this key cannot be used for "
3524 "encryption. You may want to use\n"
3525 "the command \"--edit-key\" to generate a "
3526 "subkey for this purpose.\n") );
3527 }
3528 }
3529 }
3530
3531 if (rc)
3532 {
3533 if (opt.batch)
3534 log_error ("key generation failed: %s\n", g10_errstr(rc) );
3535 else
3536 tty_printf (_("Key generation failed: %s\n"), g10_errstr(rc) );
3537 print_status_key_not_created ( get_parameter_value (para, pHANDLE) );
3538 }
3539 else
3540 {
3541 PKT_public_key *pk = find_kbnode (pub_root,
3542 PKT_PUBLIC_KEY)->pkt->pkt.public_key;
3543 print_status_key_created (did_sub? 'B':'P', pk,
3544 get_parameter_value (para, pHANDLE));
3545 }
3546 release_kbnode( pub_root );
3547 release_kbnode( sec_root );
3548
3549 if (pri_sk && !card) /* The unprotected secret key unless we */
3550 free_secret_key (pri_sk); /* have a shallow copy in card mode. */
3551 if (sub_sk)
3552 free_secret_key(sub_sk);
3553 }
3554
3555
3556 /* Add a new subkey to an existing key. Returns true if a new key has
3557 been generated and put into the keyblocks. */
3558 int
3559 generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
3560 {
3561 int okay=0, rc=0;
3562 KBNODE node;
3563 PKT_secret_key *pri_sk = NULL, *sub_sk = NULL;
3564 int algo;
3565 unsigned int use;
3566 u32 expire;
3567 unsigned nbits;
3568 char *passphrase = NULL;
3569 DEK *dek = NULL;
3570 STRING2KEY *s2k = NULL;
3571 u32 cur_time;
3572 int ask_pass = 0;
3573 int canceled;
3574
3575 /* Break out the primary secret key. */
3576 node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
3577 if( !node )
3578 {
3579 log_error ("Oops; secret key not found anymore!\n");
3580 goto leave;
3581 }
3582
3583 /* Make a copy of the sk to keep the protected one in the keyblock. */
3584 pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);
3585
3586 cur_time = make_timestamp();
3587
3588 if (pri_sk->timestamp > cur_time)
3589 {
3590 ulong d = pri_sk->timestamp - cur_time;
3591 log_info ( d==1 ? _("key has been created %lu second "
3592 "in future (time warp or clock problem)\n")
3593 : _("key has been created %lu seconds "
3594 "in future (time warp or clock problem)\n"), d );
3595 if (!opt.ignore_time_conflict)
3596 {
3597 rc = G10ERR_TIME_CONFLICT;
3598 goto leave;
3599 }
3600 }
3601
3602 if (pri_sk->version < 4)
3603 {
3604 log_info (_("NOTE: creating subkeys for v3 keys "
3605 "is not OpenPGP compliant\n"));
3606 goto leave;
3607 }
3608
3609 if (pri_sk->is_protected && pri_sk->protect.s2k.mode == 1001)
3610 {
3611 tty_printf (_("Secret parts of primary key are not available.\n"));
3612 rc = G10ERR_NO_SECKEY;
3613 goto leave;
3614 }
3615
3616
3617 /* Unprotect to get the passphrase. */
3618 switch (is_secret_key_protected (pri_sk) )
3619 {
3620 case -1:
3621 rc = G10ERR_PUBKEY_ALGO;
3622 break;
3623 case 0:
3624 tty_printf (_("This key is not protected.\n"));
3625 break;
3626 case -2:
3627 tty_printf (_("Secret parts of primary key are stored on-card.\n"));
3628 ask_pass = 1;
3629 break;
3630 default:
3631 tty_printf (_("Key is protected.\n"));
3632 rc = check_secret_key ( pri_sk, 0 );
3633 if (!rc)
3634 passphrase = get_last_passphrase();
3635 break;
3636 }
3637 if (rc)
3638 goto leave;
3639
3640 algo = ask_algo (1, &use);
3641 assert (algo);
3642 nbits = ask_keysize (algo);
3643 expire = ask_expire_interval (0, NULL);
3644 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
3645 _("Really create? (y/N) ")))
3646 goto leave;
3647
3648 canceled = 0;
3649 if (ask_pass)
3650 dek = do_ask_passphrase (&s2k, &canceled);
3651 else if (passphrase)
3652 {
3653 s2k = xmalloc_secure ( sizeof *s2k );
3654 s2k->mode = opt.s2k_mode;
3655 s2k->hash_algo = S2K_DIGEST_ALGO;
3656 set_next_passphrase ( passphrase );
3657 dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
3658 NULL, NULL );
3659 }
3660
3661 if (canceled)
3662 rc = GPG_ERR_CANCELED;
3663
3664 if (!rc)
3665 rc = do_create (algo, nbits, pub_keyblock, sec_keyblock,
3666 dek, s2k, &sub_sk, cur_time, expire, 1 );
3667 if (!rc)
3668 rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
3669 use, cur_time);
3670 if (!rc)
3671 rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
3672 use, cur_time);
3673 if (!rc)
3674 {
3675 okay = 1;
3676 write_status_text (STATUS_KEY_CREATED, "S");
3677 }
3678
3679 leave:
3680 if (rc)
3681 log_error (_("Key generation failed: %s\n"), g10_errstr(rc) );
3682 xfree (passphrase);
3683 xfree (dek);
3684 xfree (s2k);
3685 /* Release the copy of the (now unprotected) secret keys. */
3686 if (pri_sk)
3687 free_secret_key (pri_sk);
3688 if (sub_sk)
3689 free_secret_key (sub_sk);
3690 set_next_passphrase (NULL);
3691 return okay;
3692 }
3693
3694
3695 #ifdef ENABLE_CARD_SUPPORT
3696 /* Generate a subkey on a card. */
3697 int
3698 generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
3699 int keyno, const char *serialno)
3700 {
3701 int okay=0, rc=0;
3702 KBNODE node;
3703 PKT_secret_key *pri_sk = NULL, *sub_sk;
3704 int algo;
3705 unsigned int use;
3706 u32 expire;
3707 char *passphrase = NULL;
3708 u32 cur_time;
3709 struct para_data_s *para = NULL;
3710
3711 assert (keyno >= 1 && keyno <= 3);
3712
3713 para = xcalloc (1, sizeof *para + strlen (serialno) );
3714 para->key = pSERIALNO;
3715 strcpy (para->u.value, serialno);
3716
3717 /* Break out the primary secret key */
3718 node = find_kbnode (sec_keyblock, PKT_SECRET_KEY);
3719 if (!node)
3720 {
3721 log_error("Oops; secret key not found anymore!\n");
3722 goto leave;
3723 }
3724
3725 /* Make a copy of the sk to keep the protected one in the keyblock */
3726 pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);
3727
3728 cur_time = make_timestamp();
3729 if (pri_sk->timestamp > cur_time)
3730 {
3731 ulong d = pri_sk->timestamp - cur_time;
3732 log_info (d==1 ? _("key has been created %lu second "
3733 "in future (time warp or clock problem)\n")
3734 : _("key has been created %lu seconds "
3735 "in future (time warp or clock problem)\n"), d );
3736 if (!opt.ignore_time_conflict)
3737 {
3738 rc = G10ERR_TIME_CONFLICT;
3739 goto leave;
3740 }
3741 }
3742
3743 if (pri_sk->version < 4)
3744 {
3745 log_info (_("NOTE: creating subkeys for v3 keys "
3746 "is not OpenPGP compliant\n"));
3747 goto leave;
3748 }
3749
3750 /* Unprotect to get the passphrase. */
3751 switch( is_secret_key_protected (pri_sk) )
3752 {
3753 case -1:
3754 rc = G10ERR_PUBKEY_ALGO;
3755 break;
3756 case 0:
3757 tty_printf("This key is not protected.\n");
3758 break;
3759 default:
3760 tty_printf("Key is protected.\n");
3761 rc = check_secret_key( pri_sk, 0 );
3762 if (!rc)
3763 passphrase = get_last_passphrase();
3764 break;
3765 }
3766 if (rc)
3767 goto leave;
3768
3769 algo = PUBKEY_ALGO_RSA;
3770 expire = ask_expire_interval (0,NULL);
3771 if (keyno == 1)
3772 use = PUBKEY_USAGE_SIG;
3773 else if (keyno == 2)
3774 use = PUBKEY_USAGE_ENC;
3775 else
3776 use = PUBKEY_USAGE_AUTH;
3777 if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.cardsub.okay",
3778 _("Really create? (y/N) ")))
3779 goto leave;
3780
3781 if (passphrase)
3782 set_next_passphrase (passphrase);
3783
3784 /* Note, that depending on the backend, the card key generation may
3785 update CUR_TIME. */
3786 rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,
3787 &sub_sk, &cur_time, expire, para);
3788 if (!rc)
3789 rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
3790 use, cur_time);
3791 if (!rc)
3792 rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
3793 use, cur_time);
3794 if (!rc)
3795 {
3796 okay = 1;
3797 write_status_text (STATUS_KEY_CREATED, "S");
3798 }
3799
3800 leave:
3801 if (rc)
3802 log_error (_("Key generation failed: %s\n"), g10_errstr(rc) );
3803 xfree (passphrase);
3804 /* Release the copy of the (now unprotected) secret keys. */
3805 if (pri_sk)
3806 free_secret_key (pri_sk);
3807 set_next_passphrase( NULL );
3808 release_parameter_list (para);
3809 return okay;
3810 }
3811 #endif /* !ENABLE_CARD_SUPPORT */
3812
3813
3814 /*
3815 * Write a keyblock to an output stream
3816 */
3817 static int
3818 write_keyblock( IOBUF out, KBNODE node )
3819 {
3820 for( ; node ; node = node->next )
3821 {
3822 if(!is_deleted_kbnode(node))
3823 {
3824 int rc = build_packet( out, node->pkt );
3825 if( rc )
3826 {
3827 log_error("build_packet(%d) failed: %s\n",
3828 node->pkt->pkttype, g10_errstr(rc) );
3829 return rc;
3830 }
3831 }
3832 }
3833
3834 return 0;
3835 }
3836
3837
3838 /* Note that timestamp is an in/out arg. */
3839 static int
3840 gen_card_key (int algo, int keyno, int is_primary,
3841 KBNODE pub_root, KBNODE sec_root, PKT_secret_key **ret_sk,
3842 u32 *timestamp, u32 expireval, struct para_data_s *para)
3843 {
3844 #ifdef ENABLE_CARD_SUPPORT
3845 int rc;
3846 const char *s;
3847 struct agent_card_genkey_s info;
3848 PACKET *pkt;
3849 PKT_secret_key *sk;
3850 PKT_public_key *pk;
3851
3852 assert (algo == PUBKEY_ALGO_RSA);
3853
3854 /* Fixme: We don't have the serialnumber available, thus passing NULL. */
3855 rc = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp);
3856 /* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */
3857 /* { */
3858 /* tty_printf ("\n"); */
3859 /* log_error ("WARNING: key does already exists!\n"); */
3860 /* tty_printf ("\n"); */
3861 /* if ( cpr_get_answer_is_yes( "keygen.card.replace_key", */
3862 /* _("Replace existing key? "))) */
3863 /* rc = agent_scd_genkey (&info, keyno, 1); */
3864 /* } */
3865
3866 if (rc)
3867 {
3868 log_error ("key generation failed: %s\n", gpg_strerror (rc));
3869 return rc;
3870 }
3871 if ( !info.n || !info.e )
3872 {
3873 log_error ("communication error with SCD\n");
3874 gcry_mpi_release (info.n);
3875 gcry_mpi_release (info.e);
3876 return gpg_error (GPG_ERR_GENERAL);
3877 }
3878
3879 if (*timestamp != info.created_at)
3880 log_info ("Note that the key does not use the suggested creation date\n");
3881 *timestamp = info.created_at;
3882
3883 pk = xcalloc (1, sizeof *pk );
3884 sk = xcalloc (1, sizeof *sk );
3885 sk->timestamp = pk->timestamp = info.created_at;
3886 sk->version = pk->version = 4;
3887 if (expireval)
3888 sk->expiredate = pk->expiredate = pk->timestamp + expireval;
3889 sk->pubkey_algo = pk->pubkey_algo = algo;
3890 pk->pkey[0] = info.n;
3891 pk->pkey[1] = info.e;
3892 sk->skey[0] = gcry_mpi_copy (pk->pkey[0]);
3893 sk->skey[1] = gcry_mpi_copy (pk->pkey[1]);
3894 sk->skey[2] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
3895 sk->is_protected = 1;
3896 sk->protect.s2k.mode = 1002;
3897 s = get_parameter_value (para, pSERIALNO);
3898 if (s)
3899 {
3900 for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
3901 sk->protect.ivlen++, s += 2)
3902 sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
3903 }
3904
3905 if( ret_sk )
3906 *ret_sk = sk;
3907
3908 pkt = xcalloc (1,sizeof *pkt);
3909 pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
3910 pkt->pkt.public_key = pk;
3911 add_kbnode(pub_root, new_kbnode( pkt ));
3912
3913 pkt = xcalloc (1,sizeof *pkt);
3914 pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
3915 pkt->pkt.secret_key = sk;
3916 add_kbnode(sec_root, new_kbnode( pkt ));
3917
3918 return 0;
3919 #else
3920 return -1;
3921 #endif /*!ENABLE_CARD_SUPPORT*/
3922 }
3923
3924
3925
3926 static int
3927 gen_card_key_with_backup (int algo, int keyno, int is_primary,
3928 KBNODE pub_root, KBNODE sec_root,
3929 u32 timestamp,
3930 u32 expireval, struct para_data_s *para,
3931 const char *backup_dir)
3932 {
3933 #ifdef ENABLE_CARD_SUPPORT
3934 int rc;
3935 const char *s;
3936 PACKET *pkt;
3937 PKT_secret_key *sk, *sk_unprotected = NULL, *sk_protected = NULL;
3938 PKT_public_key *pk;
3939 size_t n;
3940 int i;
3941
3942 rc = generate_raw_key (algo, 1024, timestamp,
3943 &sk_unprotected, &sk_protected);
3944 if (rc)
3945 return rc;
3946
3947 /* First, store the key to the card. */
3948 rc = save_unprotected_key_to_card (sk_unprotected, keyno);
3949 if (rc)
3950 {
3951 log_error (_("storing key onto card failed: %s\n"), g10_errstr (rc));
3952 free_secret_key (sk_unprotected);
3953 free_secret_key (sk_protected);
3954 return rc;
3955 }
3956
3957 /* Get rid of the secret key parameters and store the serial numer. */
3958 sk = sk_unprotected;
3959 n = pubkey_get_nskey (sk->pubkey_algo);
3960 for (i=pubkey_get_npkey (sk->pubkey_algo); i < n; i++)
3961 {
3962 gcry_mpi_release (sk->skey[i]);
3963 sk->skey[i] = NULL;
3964 }
3965 i = pubkey_get_npkey (sk->pubkey_algo);
3966 sk->skey[i] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
3967 sk->is_protected = 1;
3968 sk->protect.s2k.mode = 1002;
3969 s = get_parameter_value (para, pSERIALNO);
3970 assert (s);
3971 for (sk->protect.ivlen=0; sk->protect.ivlen < 16 && *s && s[1];
3972 sk->protect.ivlen++, s += 2)
3973 sk->protect.iv[sk->protect.ivlen] = xtoi_2 (s);
3974
3975 /* Now write the *protected* secret key to the file. */
3976 {
3977 char name_buffer[50];
3978 char *fname;
3979 IOBUF fp;
3980 mode_t oldmask;
3981
3982 keyid_from_sk (sk, NULL);
3983 sprintf (name_buffer,"sk_%08lX%08lX.gpg",
3984 (ulong)sk->keyid[0], (ulong)sk->keyid[1]);
3985
3986 fname = make_filename (backup_dir, name_buffer, NULL);
3987 oldmask = umask (077);
3988 if (is_secured_filename (fname))
3989 {
3990 fp = NULL;
3991 errno = EPERM;
3992 }
3993 else
3994 fp = iobuf_create (fname);
3995 umask (oldmask);
3996 if (!fp)
3997 {
3998 rc = gpg_error_from_syserror ();
3999 log_error (_("can't create backup file `%s': %s\n"),
4000 fname, strerror(errno) );
4001 xfree (fname);
4002 free_secret_key (sk_unprotected);
4003 free_secret_key (sk_protected);
4004 return rc;
4005 }
4006
4007 pkt = xcalloc (1, sizeof *pkt);
4008 pkt->pkttype = PKT_SECRET_KEY;
4009 pkt->pkt.secret_key = sk_protected;
4010 sk_protected = NULL;
4011
4012 rc = build_packet (fp, pkt);
4013 if (rc)
4014 {
4015 log_error("build packet failed: %s\n", g10_errstr(rc) );
4016 iobuf_cancel (fp);
4017 }
4018 else
4019 {
4020 unsigned char array[MAX_FINGERPRINT_LEN];
4021 char *fprbuf, *p;
4022
4023 iobuf_close (fp);
4024 iobuf_ioctl (NULL, 2, 0, (char*)fname);
4025 log_info (_("NOTE: backup of card key saved to `%s'\n"), fname);
4026
4027 fingerprint_from_sk (sk, array, &n);
4028 p = fprbuf = xmalloc (MAX_FINGERPRINT_LEN*2 + 1 + 1);
4029 for (i=0; i < n ; i++, p += 2)
4030 sprintf (p, "%02X", array[i]);
4031 *p++ = ' ';
4032 *p = 0;
4033
4034 write_status_text_and_buffer (STATUS_BACKUP_KEY_CREATED,
4035 fprbuf,
4036 fname, strlen (fname),
4037 0);
4038 xfree (fprbuf);
4039 }
4040 free_packet (pkt);
4041 xfree (pkt);
4042 xfree (fname);
4043 if (rc)
4044 {
4045 free_secret_key (sk_unprotected);
4046 return rc;
4047 }
4048 }
4049
4050 /* Create the public key from the secret key. */
4051 pk = xcalloc (1, sizeof *pk );
4052 pk->timestamp = sk->timestamp;
4053 pk->version = sk->version;
4054 if (expireval)
4055 pk->expiredate = sk->expiredate = sk->timestamp + expireval;
4056 pk->pubkey_algo = sk->pubkey_algo;
4057 n = pubkey_get_npkey (sk->pubkey_algo);
4058 for (i=0; i < n; i++)
4059 pk->pkey[i] = mpi_copy (sk->skey[i]);
4060
4061 /* Build packets and add them to the node lists. */
4062 pkt = xcalloc (1,sizeof *pkt);
4063 pkt->pkttype = is_primary ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
4064 pkt->pkt.public_key = pk;
4065 add_kbnode(pub_root, new_kbnode( pkt ));
4066
4067 pkt = xcalloc (1,sizeof *pkt);
4068 pkt->pkttype = is_primary ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
4069 pkt->pkt.secret_key = sk;
4070 add_kbnode(sec_root, new_kbnode( pkt ));
4071
4072 return 0;
4073 #else
4074 return -1;
4075 #endif /*!ENABLE_CARD_SUPPORT*/
4076 }
4077
4078
4079 #ifdef ENABLE_CARD_SUPPORT
4080 int
4081 save_unprotected_key_to_card (PKT_secret_key *sk, int keyno)
4082 {
4083 int rc;
4084 unsigned char *rsa_n = NULL;
4085 unsigned char *rsa_e = NULL;
4086 unsigned char *rsa_p = NULL;
4087 unsigned char *rsa_q = NULL;
4088 size_t rsa_n_len, rsa_e_len, rsa_p_len, rsa_q_len;
4089 unsigned char *sexp = NULL;
4090 unsigned char *p;
4091 char numbuf[55], numbuf2[50];
4092
4093 assert (is_RSA (sk->pubkey_algo));
4094 assert (!sk->is_protected);
4095
4096 /* Copy the parameters into straight buffers. */
4097 gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_n, &rsa_n_len, sk->skey[0]);
4098 gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_e, &rsa_e_len, sk->skey[1]);
4099 gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_p, &rsa_p_len, sk->skey[3]);
4100 gcry_mpi_aprint (GCRYMPI_FMT_USG, &rsa_q, &rsa_q_len, sk->skey[4]);
4101 if (!rsa_n || !rsa_e || !rsa_p || !rsa_q)
4102 {
4103 rc = G10ERR_INV_ARG;
4104 goto leave;
4105 }
4106
4107 /* Put the key into an S-expression. */
4108 sexp = p = xmalloc_secure (30
4109 + rsa_n_len + rsa_e_len + rsa_p_len + rsa_q_len
4110 + 4*sizeof (numbuf) + 25 + sizeof(numbuf) + 20);
4111
4112 p = stpcpy (p,"(11:private-key(3:rsa(1:n");
4113 sprintf (numbuf, "%u:", (unsigned int)rsa_n_len);
4114 p = stpcpy (p, numbuf);
4115 memcpy (p, rsa_n, rsa_n_len);
4116 p += rsa_n_len;
4117
4118 sprintf (numbuf, ")(1:e%u:", (unsigned int)rsa_e_len);
4119 p = stpcpy (p, numbuf);
4120 memcpy (p, rsa_e, rsa_e_len);
4121 p += rsa_e_len;
4122
4123 sprintf (numbuf, ")(1:p%u:", (unsigned int)rsa_p_len);
4124 p = stpcpy (p, numbuf);
4125 memcpy (p, rsa_p, rsa_p_len);
4126 p += rsa_p_len;
4127
4128 sprintf (numbuf, ")(1:q%u:", (unsigned int)rsa_q_len);
4129 p = stpcpy (p, numbuf);
4130 memcpy (p, rsa_q, rsa_q_len);
4131 p += rsa_q_len;
4132
4133 p = stpcpy (p,"))(10:created-at");
4134 sprintf (numbuf2, "%lu", (unsigned long)sk->timestamp);
4135 sprintf (numbuf, "%lu:", (unsigned long)strlen (numbuf2));
4136 p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");
4137
4138 /* Fixme: Unfortunately we don't have the serialnumber available -
4139 thus we can't pass it down to the agent. */
4140 rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);
4141
4142 leave:
4143 xfree (sexp);
4144 xfree (rsa_n);
4145 xfree (rsa_e);
4146 xfree (rsa_p);
4147 xfree (rsa_q);
4148 return rc;
4149 }
4150 #endif /*ENABLE_CARD_SUPPORT*/
gnupg svn clone