security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-22 14:57:02 +01:00
Code Activity

Remove trailing white space from some files.

Browse Source 
--
This commit is contained in:
Daniel Kahn Gillmor 2013-03-19 11:25:25 -04:00 committed by Werner Koch
parent e957b9b3f4
commit 89f6706ada
2 changed files with 216 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

166
g10/getkey.c
View File

@ -197,7 +197,7 @@ get_primary_uid ( KBNODE keyblock, size_t *uidlen )
*uidlen = k->pkt->pkt.user_id->len; *uidlen = k->pkt->pkt.user_id->len;
return k->pkt->pkt.user_id->name; return k->pkt->pkt.user_id->name;
} }
} }
s = user_id_not_found_utf8 (); s = user_id_not_found_utf8 ();
*uidlen = strlen (s); *uidlen = strlen (s);
return s; return s;
@ -305,7 +305,7 @@ pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock )
assert ( a->pkt->pkttype == PKT_PUBLIC_KEY assert ( a->pkt->pkttype == PKT_PUBLIC_KEY
|| a->pkt->pkttype == PKT_PUBLIC_SUBKEY ); || a->pkt->pkttype == PKT_PUBLIC_SUBKEY );
copy_public_key ( pk, a->pkt->pkt.public_key ); copy_public_key ( pk, a->pkt->pkt.public_key );
} }
@ -317,7 +317,7 @@ sk_from_block ( GETKEY_CTX ctx,
assert ( a->pkt->pkttype == PKT_SECRET_KEY assert ( a->pkt->pkttype == PKT_SECRET_KEY
|| a->pkt->pkttype == PKT_SECRET_SUBKEY ); || a->pkt->pkttype == PKT_SECRET_SUBKEY );
copy_secret_key( sk, a->pkt->pkt.secret_key); copy_secret_key( sk, a->pkt->pkt.secret_key);
} }
@ -402,7 +402,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
KEYDB_HANDLE hd; KEYDB_HANDLE hd;
KBNODE keyblock; KBNODE keyblock;
u32 pkid[2]; u32 pkid[2];
assert (pk); assert (pk);
#if MAX_PK_CACHE_ENTRIES #if MAX_PK_CACHE_ENTRIES
{ /* Try to get it from the cache */ { /* Try to get it from the cache */
@ -429,7 +429,7 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
} }
rc = keydb_get_keyblock (hd, &keyblock); rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd); keydb_release (hd);
if (rc) if (rc)
{ {
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY; return G10ERR_NO_PUBKEY;
@ -563,8 +563,8 @@ seckey_available( u32 *keyid )
* must be in the range 0..9), this is considered a fingerprint. * must be in the range 0..9), this is considered a fingerprint.
* - If the username starts with a left angle, we assume it is a complete * - If the username starts with a left angle, we assume it is a complete
* email address and look only at this part. * email address and look only at this part.
* - If the username starts with a colon we assume it is a unified * - If the username starts with a colon we assume it is a unified
* key specfification. * key specfification.
* - If the username starts with a '.', we assume it is the ending * - If the username starts with a '.', we assume it is the ending
* part of an email address * part of an email address
* - If the username starts with an '@', we assume it is a part of an * - If the username starts with an '@', we assume it is a part of an
@ -586,7 +586,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
const char *s; const char *s;
int hexprefix = 0; int hexprefix = 0;
int hexlength; int hexlength;
int mode = 0; int mode = 0;
KEYDB_SEARCH_DESC dummy_desc; KEYDB_SEARCH_DESC dummy_desc;
if (!desc) if (!desc)
@ -645,12 +645,12 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
case '#': /* local user id */ case '#': /* local user id */
return 0; /* This is now obsolete and can't not be used anymore*/ return 0; /* This is now obsolete and can't not be used anymore*/
case ':': /*Unified fingerprint */ case ':': /*Unified fingerprint */
{ {
const char *se, *si; const char *se, *si;
int i; int i;
se = strchr( ++s,':'); se = strchr( ++s,':');
if ( !se ) if ( !se )
return 0; return 0;
@ -660,15 +660,15 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
} }
if (i != 32 && i != 40) if (i != 32 && i != 40)
return 0; /* invalid length of fpr*/ return 0; /* invalid length of fpr*/
for (i=0,si=s; si < se; i++, si +=2) for (i=0,si=s; si < se; i++, si +=2)
desc->u.fpr[i] = hextobyte(si); desc->u.fpr[i] = hextobyte(si);
for ( ; i < 20; i++) for ( ; i < 20; i++)
desc->u.fpr[i]= 0; desc->u.fpr[i]= 0;
s = se + 1; s = se + 1;
mode = KEYDB_SEARCH_MODE_FPR; mode = KEYDB_SEARCH_MODE_FPR;
} }
break; break;
case '&': /* keygrip */ case '&': /* keygrip */
return 0; /* Not yet implememted. */ return 0; /* Not yet implememted. */
@ -721,7 +721,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
int i; int i;
if (hexlength == 33) if (hexlength == 33)
s++; s++;
memset(desc->u.fpr+16, 0, 4); memset(desc->u.fpr+16, 0, 4);
for (i=0; i < 16; i++, s+=2) { for (i=0; i < 16; i++, s+=2) {
int c = hextobyte(s); int c = hextobyte(s);
if (c == -1) if (c == -1)
@ -764,7 +764,7 @@ skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid)
{ {
int unusable=0; int unusable=0;
KBNODE keyblock; KBNODE keyblock;
(void)dummy; (void)dummy;
keyblock=get_pubkeyblock(keyid); keyblock=get_pubkeyblock(keyid);
@ -823,7 +823,7 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
strlist_t r; strlist_t r;
GETKEY_CTX ctx; GETKEY_CTX ctx;
KBNODE help_kb = NULL; KBNODE help_kb = NULL;
if( retctx ) {/* reset the returned context in case of error */ if( retctx ) {/* reset the returned context in case of error */
assert (!ret_kdbhd); /* not allowed because the handle is assert (!ret_kdbhd); /* not allowed because the handle is
stored in the context */ stored in the context */
@ -852,7 +852,7 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
for(n=0, r=namelist; r; r = r->next, n++ ) for(n=0, r=namelist; r; r = r->next, n++ )
{ {
classify_user_id (r->d, &ctx->items[n]); classify_user_id (r->d, &ctx->items[n]);
if (ctx->items[n].exact) if (ctx->items[n].exact)
ctx->exact = 1; ctx->exact = 1;
if (!ctx->items[n].mode) if (!ctx->items[n].mode)
@ -871,7 +871,7 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
} }
ctx->kr_handle = keydb_new (secmode); ctx->kr_handle = keydb_new (secmode);
if ( !ret_kb ) if ( !ret_kb )
ret_kb = &help_kb; ret_kb = &help_kb;
if( secmode ) { if( secmode ) {
@ -922,7 +922,7 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
int int
get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk, get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name, KBNODE *ret_keyblock, const char *name, KBNODE *ret_keyblock,
KEYDB_HANDLE *ret_kdbhd, int include_unusable, KEYDB_HANDLE *ret_kdbhd, int include_unusable,
int no_akl) int no_akl)
{ {
int rc; int rc;
@ -939,7 +939,7 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
/* Check whether we the default local search has been disabled. /* Check whether we the default local search has been disabled.
This is the case if either the "nodefault" or the "local" keyword This is the case if either the "nodefault" or the "local" keyword
are in the list of auto key locate mechanisms. are in the list of auto key locate mechanisms.
ANYLOCALFIRST is set if the search order has the local method ANYLOCALFIRST is set if the search order has the local method
before any other or if "local" is used first by default. This before any other or if "local" is used first by default. This
@ -989,7 +989,7 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
int did_key_byname = 0; int did_key_byname = 0;
int no_fingerprint = 0; int no_fingerprint = 0;
const char *mechanism = "?"; const char *mechanism = "?";
switch(akl->type) switch(akl->type)
{ {
case AKL_NODEFAULT: case AKL_NODEFAULT:
@ -1064,7 +1064,7 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
} }
break; break;
} }
/* Use the fingerprint of the key that we actually fetched. /* Use the fingerprint of the key that we actually fetched.
This helps prevent problems where the key that we fetched This helps prevent problems where the key that we fetched
doesn't have the same name that we used to fetch it. In doesn't have the same name that we used to fetch it. In
@ -1082,7 +1082,7 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
namelist=NULL; namelist=NULL;
bin2hex (fpr, fpr_len, fpr_string); bin2hex (fpr, fpr_len, fpr_string);
if(opt.verbose) if(opt.verbose)
log_info("auto-key-locate found fingerprint %s\n",fpr_string); log_info("auto-key-locate found fingerprint %s\n",fpr_string);
@ -1112,16 +1112,16 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
/* Key found. */ /* Key found. */
log_info (_("automatically retrieved `%s' via %s\n"), log_info (_("automatically retrieved `%s' via %s\n"),
name, mechanism); name, mechanism);
break; break;
} }
if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint) if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
log_info (_("error retrieving `%s' via %s: %s\n"), log_info (_("error retrieving `%s' via %s: %s\n"),
name, mechanism, name, mechanism,
no_fingerprint? _("No fingerprint"):g10_errstr(rc)); no_fingerprint? _("No fingerprint"):g10_errstr(rc));
} }
} }
if (rc && retctx) if (rc && retctx)
{ {
get_pubkey_end (*retctx); get_pubkey_end (*retctx);
@ -1154,7 +1154,7 @@ get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
rc = lookup( ctx, ret_keyblock, 0 ); rc = lookup( ctx, ret_keyblock, 0 );
if ( !rc && pk && ret_keyblock ) if ( !rc && pk && ret_keyblock )
pk_from_block ( ctx, pk, *ret_keyblock ); pk_from_block ( ctx, pk, *ret_keyblock );
return rc; return rc;
} }
@ -1175,7 +1175,7 @@ get_pubkey_end( GETKEY_CTX ctx )
* Search for a key with the given fingerprint. * Search for a key with the given fingerprint.
* FIXME: * FIXME:
* We should replace this with the _byname function. Thiscsan be done * We should replace this with the _byname function. Thiscsan be done
* by creating a userID conforming to the unified fingerprint style. * by creating a userID conforming to the unified fingerprint style.
*/ */
int int
get_pubkey_byfprint( PKT_public_key *pk, get_pubkey_byfprint( PKT_public_key *pk,
@ -1221,10 +1221,10 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
KBNODE keyblock; KBNODE keyblock;
byte fprbuf[MAX_FINGERPRINT_LEN]; byte fprbuf[MAX_FINGERPRINT_LEN];
int i; int i;
for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++) for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
fprbuf[i] = fprint[i]; fprbuf[i] = fprint[i];
while (i < MAX_FINGERPRINT_LEN) while (i < MAX_FINGERPRINT_LEN)
fprbuf[i++] = 0; fprbuf[i++] = 0;
hd = keydb_new (0); hd = keydb_new (0);
@ -1236,12 +1236,12 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
} }
rc = keydb_get_keyblock (hd, &keyblock); rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd); keydb_release (hd);
if (rc) if (rc)
{ {
log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc)); log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
return G10ERR_NO_PUBKEY; return G10ERR_NO_PUBKEY;
} }
assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
|| keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY ); || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
if (pk) if (pk)
@ -1317,7 +1317,7 @@ get_seckey_byname2( GETKEY_CTX *retctx,
return rc; return rc;
} }
int int
get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock ) get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock )
{ {
return get_seckey_byname2 ( NULL, sk, name, unlock, NULL ); return get_seckey_byname2 ( NULL, sk, name, unlock, NULL );
@ -1356,7 +1356,7 @@ get_seckey_end( GETKEY_CTX ctx )
* Search for a key with the given fingerprint. * Search for a key with the given fingerprint.
* FIXME: * FIXME:
* We should replace this with the _byname function. Thiscsan be done * We should replace this with the _byname function. Thiscsan be done
* by creating a userID conforming to the unified fingerprint style. * by creating a userID conforming to the unified fingerprint style.
*/ */
int int
get_seckey_byfprint( PKT_secret_key *sk, get_seckey_byfprint( PKT_secret_key *sk,
@ -1396,10 +1396,10 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
{ {
int rc; int rc;
struct getkey_ctx_s ctx; struct getkey_ctx_s ctx;
if (fprint_len != 20 && fprint_len == 16) if (fprint_len != 20 && fprint_len == 16)
return G10ERR_GENERAL; /* Oops */ return G10ERR_GENERAL; /* Oops */
memset (&ctx, 0, sizeof ctx); memset (&ctx, 0, sizeof ctx);
ctx.not_allocated = 1; ctx.not_allocated = 1;
ctx.kr_handle = keydb_new (1); ctx.kr_handle = keydb_new (1);
@ -1410,7 +1410,7 @@ get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
memcpy (ctx.items[0].u.fpr, fprint, fprint_len); memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
rc = lookup (&ctx, ret_keyblock, 1); rc = lookup (&ctx, ret_keyblock, 1);
get_seckey_end (&ctx); get_seckey_end (&ctx);
return rc; return rc;
} }
@ -1584,7 +1584,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
sig->flags.chosen_selfsig = 1; /* we chose this one */ sig->flags.chosen_selfsig = 1; /* we chose this one */
uid->created = 0; /* not created == invalid */ uid->created = 0; /* not created == invalid */
if ( IS_UID_REV ( sig ) ) if ( IS_UID_REV ( sig ) )
{ {
uid->is_revoked = 1; uid->is_revoked = 1;
return; /* has been revoked */ return; /* has been revoked */
@ -1626,7 +1626,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
/* We could also query this from the unhashed area if it is not in /* We could also query this from the unhashed area if it is not in
* the hased area and then later try to decide which is the better * the hased area and then later try to decide which is the better
* there should be no security problem with this. * there should be no security problem with this.
* For now we only look at the hashed one. * For now we only look at the hashed one.
*/ */
/* Now build the preferences list. These must come from the /* Now build the preferences list. These must come from the
@ -1638,7 +1638,7 @@ fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
hash = p; nhash = p?n:0; hash = p; nhash = p?n:0;
p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n ); p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
zip = p; nzip = p?n:0; zip = p; nzip = p?n:0;
if (uid->prefs) if (uid->prefs)
xfree (uid->prefs); xfree (uid->prefs);
n = nsym + nhash + nzip; n = nsym + nhash + nzip;
if (!n) if (!n)
@ -1733,7 +1733,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) { for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) {
if ( k->pkt->pkttype == PKT_SIGNATURE ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( IS_KEY_REV (sig) ){ else if ( IS_KEY_REV (sig) ){
@ -1743,9 +1743,9 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
* here because we have to assume that an attacker can * here because we have to assume that an attacker can
* generate all kinds of signatures. However due to the * generate all kinds of signatures. However due to the
* fact that the key has been revoked it does not harm * fact that the key has been revoked it does not harm
* either and by continuing we gather some more info on * either and by continuing we gather some more info on
* that key. * that key.
*/ */
*r_revoked = 1; *r_revoked = 1;
sig_to_revoke_info(sig,rinfo); sig_to_revoke_info(sig,rinfo);
} }
@ -1833,7 +1833,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
key_expire_seen = 1; key_expire_seen = 1;
} }
/* mark that key as valid: one direct key signature should /* mark that key as valid: one direct key signature should
* render a key as valid */ * render a key as valid */
pk->is_valid = 1; pk->is_valid = 1;
} }
@ -1852,7 +1852,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
if(IS_KEY_REV(sig) && if(IS_KEY_REV(sig) &&
(sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1])) (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
{ {
int rc=check_revocation_keys(pk,sig); int rc=check_revocation_keys(pk,sig);
if(rc==0) if(rc==0)
{ {
@ -1882,7 +1882,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
sigdate = 0; /* helper to find the latest signature in one user ID */ sigdate = 0; /* helper to find the latest signature in one user ID */
for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) { for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
if ( k->pkt->pkttype == PKT_USER_ID ) { if ( k->pkt->pkttype == PKT_USER_ID ) {
if ( uidnode && signode ) if ( uidnode && signode )
{ {
fixup_uidnode ( uidnode, signode, keytimestamp ); fixup_uidnode ( uidnode, signode, keytimestamp );
pk->is_valid=1; pk->is_valid=1;
@ -1893,7 +1893,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
} }
else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) { else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) {
PKT_signature *sig = k->pkt->pkt.signature; PKT_signature *sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) { if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig)) else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
@ -1988,7 +1988,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
/* Now that we had a look at all user IDs we can now get some information /* Now that we had a look at all user IDs we can now get some information
* from those user IDs. * from those user IDs.
*/ */
if ( !key_usage ) { if ( !key_usage ) {
/* find the latest user ID with key flags set */ /* find the latest user ID with key flags set */
uiddate = 0; /* helper to find the latest user ID */ uiddate = 0; /* helper to find the latest user ID */
@ -2009,17 +2009,17 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
else { /* check that the usage matches the usage as given by the algo */ else { /* check that the usage matches the usage as given by the algo */
int x = openpgp_pk_algo_usage ( pk->pubkey_algo ); int x = openpgp_pk_algo_usage ( pk->pubkey_algo );
if ( x ) /* mask it down to the actual allowed usage */ if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x; key_usage &= x;
} }
/* Whatever happens, it's a primary key, so it can certify. */ /* Whatever happens, it's a primary key, so it can certify. */
pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT; pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT;
if ( !key_expire_seen ) { if ( !key_expire_seen ) {
/* find the latest valid user ID with a key expiration set /* find the latest valid user ID with a key expiration set
* Note, that this may be a different one from the above because * Note, that this may be a different one from the above because
* some user IDs may have no expiration date set */ * some user IDs may have no expiration date set */
uiddate = 0; uiddate = 0;
for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
k = k->next ) { k = k->next ) {
if ( k->pkt->pkttype == PKT_USER_ID ) { if ( k->pkt->pkttype == PKT_USER_ID ) {
@ -2090,7 +2090,7 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
if ( k->pkt->pkttype == PKT_USER_ID && if ( k->pkt->pkttype == PKT_USER_ID &&
!k->pkt->pkt.user_id->attrib_data) { !k->pkt->pkt.user_id->attrib_data) {
PKT_user_id *uid = k->pkt->pkt.user_id; PKT_user_id *uid = k->pkt->pkt.user_id;
if ( k != uidnode ) if ( k != uidnode )
uid->is_primary = 0; uid->is_primary = 0;
} }
} }
@ -2194,7 +2194,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
k = k->next ) { k = k->next ) {
if ( k->pkt->pkttype == PKT_SIGNATURE ) { if ( k->pkt->pkttype == PKT_SIGNATURE ) {
sig = k->pkt->pkt.signature; sig = k->pkt->pkt.signature;
if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) { if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) {
if ( check_key_signature( keyblock, k, NULL ) ) if ( check_key_signature( keyblock, k, NULL ) )
; /* signature did not verify */ ; /* signature did not verify */
else if ( IS_SUBKEY_REV (sig) ) { else if ( IS_SUBKEY_REV (sig) ) {
@ -2208,7 +2208,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
does this the same way. */ does this the same way. */
subpk->is_revoked = 1; subpk->is_revoked = 1;
sig_to_revoke_info(sig,&subpk->revoked); sig_to_revoke_info(sig,&subpk->revoked);
/* although we could stop now, we continue to /* although we could stop now, we continue to
* figure out other information like the old expiration * figure out other information like the old expiration
* time */ * time */
} }
@ -2245,11 +2245,11 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
/* check that the usage matches the usage as given by the algo */ /* check that the usage matches the usage as given by the algo */
int x = openpgp_pk_algo_usage ( subpk->pubkey_algo ); int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
if ( x ) /* mask it down to the actual allowed usage */ if ( x ) /* mask it down to the actual allowed usage */
key_usage &= x; key_usage &= x;
} }
subpk->pubkey_usage = key_usage; subpk->pubkey_usage = key_usage;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL); p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
if ( p && buffer_to_u32(p) ) if ( p && buffer_to_u32(p) )
key_expire = keytimestamp + buffer_to_u32(p); key_expire = keytimestamp + buffer_to_u32(p);
@ -2338,7 +2338,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
} }
/* /*
* Merge information from the self-signatures with the key, so that * Merge information from the self-signatures with the key, so that
* we can later use them more easy. * we can later use them more easy.
* The function works by first applying the self signatures to the * The function works by first applying the self signatures to the
@ -2348,7 +2348,7 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
* We check all self signatures or validity and ignore all invalid signatures. * We check all self signatures or validity and ignore all invalid signatures.
* All signatures are then ordered by their creation date .... * All signatures are then ordered by their creation date ....
* For the primary key: * For the primary key:
* FIXME the docs * FIXME the docs
*/ */
static void static void
merge_selfsigs( KBNODE keyblock ) merge_selfsigs( KBNODE keyblock )
@ -2409,7 +2409,7 @@ merge_selfsigs( KBNODE keyblock )
* which user ID the key has been selected. * which user ID the key has been selected.
* fixme: we should keep atoms of commonly used preferences or * fixme: we should keep atoms of commonly used preferences or
* use reference counting to optimize the preference lists storage. * use reference counting to optimize the preference lists storage.
* FIXME: it might be better to use the intersection of * FIXME: it might be better to use the intersection of
* all preferences. * all preferences.
* Do a similar thing for the MDC feature flag. * Do a similar thing for the MDC feature flag.
*/ */
@ -2423,7 +2423,7 @@ merge_selfsigs( KBNODE keyblock )
mdc_feature = k->pkt->pkt.user_id->flags.mdc; mdc_feature = k->pkt->pkt.user_id->flags.mdc;
break; break;
} }
} }
for(k=keyblock; k; k = k->next ) { for(k=keyblock; k; k = k->next ) {
if ( k->pkt->pkttype == PKT_PUBLIC_KEY if ( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
@ -2451,7 +2451,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
for (pub=pubblock; pub; pub = pub->next ) { for (pub=pubblock; pub; pub = pub->next ) {
if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) { if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) {
PKT_public_key *pk = pub->pkt->pkt.public_key; PKT_public_key *pk = pub->pkt->pkt.public_key;
@ -2483,7 +2483,7 @@ merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
} }
} }
} }
if ( !sec ) if ( !sec )
BUG(); /* already checked in premerge */ BUG(); /* already checked in premerge */
} }
} }
@ -2502,7 +2502,7 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
assert ( secblock->pkt->pkttype == PKT_SECRET_KEY ); assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) { for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
pub->flag &= ~3; /* reset bits 0 and 1 */ pub->flag &= ~3; /* reset bits 0 and 1 */
if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
@ -2531,14 +2531,14 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
if (opt.verbose) if (opt.verbose)
log_info (_("no secret subkey" log_info (_("no secret subkey"
" for public subkey %s - ignoring\n"), " for public subkey %s - ignoring\n"),
keystr_from_pk (pk)); keystr_from_pk (pk));
/* we have to remove the subkey in this case */ /* we have to remove the subkey in this case */
assert ( last ); assert ( last );
/* find the next subkey */ /* find the next subkey */
for (next=pub->next,ll=pub; for (next=pub->next,ll=pub;
next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY; next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
ll = next, next = next->next ) ll = next, next = next->next )
; ;
/* make new link */ /* make new link */
last->next = next; last->next = next;
@ -2608,7 +2608,7 @@ finish_lookup (GETKEY_CTX ctx)
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();
assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ); assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
ctx->found_key = NULL; ctx->found_key = NULL;
if (ctx->exact) { if (ctx->exact) {
@ -2639,7 +2639,7 @@ finish_lookup (GETKEY_CTX ctx)
latest_key = foundk? foundk:keyblock; latest_key = foundk? foundk:keyblock;
goto found; goto found;
} }
latest_date = 0; latest_date = 0;
latest_key = NULL; latest_key = NULL;
/* do not look at subkeys if a certification key is requested */ /* do not look at subkeys if a certification key is requested */
@ -2677,7 +2677,7 @@ finish_lookup (GETKEY_CTX ctx)
log_debug( "\tsubkey not yet valid\n"); log_debug( "\tsubkey not yet valid\n");
continue; continue;
} }
if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) { if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
if (DBG_CACHE) if (DBG_CACHE)
log_debug( "\tusage does not match: want=%x have=%x\n", log_debug( "\tusage does not match: want=%x have=%x\n",
@ -2699,7 +2699,7 @@ finish_lookup (GETKEY_CTX ctx)
} }
} }
/* Okay now try the primary key unless we want an exact /* Okay now try the primary key unless we want an exact
* key ID match on a subkey */ * key ID match on a subkey */
if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) { if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
PKT_public_key *pk; PKT_public_key *pk;
@ -2731,7 +2731,7 @@ finish_lookup (GETKEY_CTX ctx)
latest_date = pk->timestamp; latest_date = pk->timestamp;
} }
} }
if ( !latest_key ) { if ( !latest_key ) {
if (DBG_CACHE) if (DBG_CACHE)
log_debug("\tno suitable key found - giving up\n"); log_debug("\tno suitable key found - giving up\n");
@ -2748,8 +2748,8 @@ finish_lookup (GETKEY_CTX ctx)
if (pk->user_id) if (pk->user_id)
free_user_id (pk->user_id); free_user_id (pk->user_id);
pk->user_id = scopy_user_id (foundu); pk->user_id = scopy_user_id (foundu);
} }
ctx->found_key = latest_key; ctx->found_key = latest_key;
if (latest_key != keyblock && opt.verbose) if (latest_key != keyblock && opt.verbose)
@ -2762,7 +2762,7 @@ finish_lookup (GETKEY_CTX ctx)
} }
cache_user_id( keyblock ); cache_user_id( keyblock );
return 1; /* found */ return 1; /* found */
} }
@ -2773,7 +2773,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
int rc; int rc;
KBNODE secblock = NULL; /* helper */ KBNODE secblock = NULL; /* helper */
int no_suitable_key = 0; int no_suitable_key = 0;
rc = 0; rc = 0;
while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) { while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
/* If we are searching for the first key we have to make sure /* If we are searching for the first key we have to make sure
@ -2788,13 +2788,13 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
rc = 0; rc = 0;
goto skip; goto skip;
} }
if ( secmode ) { if ( secmode ) {
/* find the correspondig public key and use this /* find the correspondig public key and use this
* this one for the selection process */ * this one for the selection process */
u32 aki[2]; u32 aki[2];
KBNODE k = ctx->keyblock; KBNODE k = ctx->keyblock;
if (k->pkt->pkttype != PKT_SECRET_KEY) if (k->pkt->pkttype != PKT_SECRET_KEY)
BUG(); BUG();
@ -2829,7 +2829,7 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
} }
else else
no_suitable_key = 1; no_suitable_key = 1;
skip: skip:
/* release resources and continue search */ /* release resources and continue search */
if ( secmode ) { if ( secmode ) {
@ -2868,8 +2868,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
/**************** /****************
* FIXME: Replace by the generic function * FIXME: Replace by the generic function
* It does not work as it is right now - it is used at * It does not work as it is right now - it is used at
* 2 places: a) to get the key for an anonyous recipient * 2 places: a) to get the key for an anonyous recipient
* b) to get the ultimately trusted keys. * b) to get the ultimately trusted keys.
* The a) usage might have some problems. * The a) usage might have some problems.
@ -2935,7 +2935,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk,
} }
release_kbnode (c->keyblock); release_kbnode (c->keyblock);
c->keyblock = c->node = NULL; c->keyblock = c->node = NULL;
rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd); rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd);
c->first = 0; c->first = 0;
if (rc) { if (rc) {
@ -2943,7 +2943,7 @@ enum_secret_keys( void **context, PKT_secret_key *sk,
c->eof = 1; c->eof = 1;
return -1; /* eof */ return -1; /* eof */
} }
rc = keydb_get_keyblock (c->hd, &c->keyblock); rc = keydb_get_keyblock (c->hd, &c->keyblock);
c->node = c->keyblock; c->node = c->keyblock;
} while (!rc); } while (!rc);

266
g10/keygen.c
View File

@ -50,7 +50,7 @@
#define DEFAULT_STD_KEYSIZE 2048 #define DEFAULT_STD_KEYSIZE 2048
#define MAX_PREFS 30 #define MAX_PREFS 30
enum para_name { enum para_name {
pKEYTYPE, pKEYTYPE,
@ -151,7 +151,7 @@ print_status_key_created (int letter, PKT_public_key *pk, const char *handle)
byte array[MAX_FINGERPRINT_LEN], *s; byte array[MAX_FINGERPRINT_LEN], *s;
char *buf, *p; char *buf, *p;
size_t i, n; size_t i, n;
if (!handle) if (!handle)
handle = ""; handle = "";
@ -219,7 +219,7 @@ do_add_key_flags (PKT_signature *sig, unsigned int use)
if (use & PUBKEY_USAGE_AUTH) if (use & PUBKEY_USAGE_AUTH)
buf[0] |= 0x20; buf[0] |= 0x20;
if (!buf[0]) if (!buf[0])
return; return;
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1); build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS, buf, 1);
@ -324,7 +324,7 @@ keygen_set_std_prefs (const char *string,int personal)
gpg -r pgpkey -r gpgkey ---gives--> AES256 gpg -r pgpkey -r gpgkey ---gives--> AES256
gpg -r gpgkey -r pgpkey ---gives--> AES gpg -r gpgkey -r pgpkey ---gives--> AES
Note that by using --personal-cipher-preferences it is Note that by using --personal-cipher-preferences it is
possible to prefer AES128. possible to prefer AES128.
*/ */
@ -658,18 +658,18 @@ int
keygen_upd_std_prefs (PKT_signature *sig, void *opaque) keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
{ {
(void)opaque; (void)opaque;
if (!prefs_initialized) if (!prefs_initialized)
keygen_set_std_prefs (NULL, 0); keygen_set_std_prefs (NULL, 0);
if (nsym_prefs) if (nsym_prefs)
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs); build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM, sym_prefs, nsym_prefs);
else else
{ {
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM); delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM);
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM); delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_SYM);
} }
if (nhash_prefs) if (nhash_prefs)
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs); build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH, hash_prefs, nhash_prefs);
else else
@ -685,7 +685,7 @@ keygen_upd_std_prefs (PKT_signature *sig, void *opaque)
delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR); delete_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR);
delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR); delete_sig_subpkt (sig->unhashed, SIGSUBPKT_PREF_COMPR);
} }
/* Make sure that the MDC feature flag is set if needed. */ /* Make sure that the MDC feature flag is set if needed. */
add_feature_mdc (sig,mdc_available); add_feature_mdc (sig,mdc_available);
add_keyserver_modify (sig,ks_modify); add_keyserver_modify (sig,ks_modify);
@ -823,7 +823,7 @@ make_backsig (PKT_signature *sig,PKT_public_key *pk,
/* Get it into a binary packed form. */ /* Get it into a binary packed form. */
IOBUF backsig_out=iobuf_temp(); IOBUF backsig_out=iobuf_temp();
PACKET backsig_pkt; PACKET backsig_pkt;
init_packet(&backsig_pkt); init_packet(&backsig_pkt);
backsig_pkt.pkttype=PKT_SIGNATURE; backsig_pkt.pkttype=PKT_SIGNATURE;
backsig_pkt.pkt.signature=backsig; backsig_pkt.pkt.signature=backsig;
@ -835,7 +835,7 @@ make_backsig (PKT_signature *sig,PKT_public_key *pk,
{ {
size_t pktlen=0; size_t pktlen=0;
byte *buf=iobuf_get_temp_buffer(backsig_out); byte *buf=iobuf_get_temp_buffer(backsig_out);
/* Remove the packet header */ /* Remove the packet header */
if(buf[0]&0x40) if(buf[0]&0x40)
{ {
@ -864,34 +864,34 @@ make_backsig (PKT_signature *sig,PKT_public_key *pk,
else else
{ {
int mark=1; int mark=1;
switch(buf[0]&3) switch(buf[0]&3)
{ {
case 3: case 3:
BUG(); BUG();
break; break;
case 2: case 2:
pktlen =buf[mark++] << 24; pktlen =buf[mark++] << 24;
pktlen|=buf[mark++] << 16; pktlen|=buf[mark++] << 16;
case 1: case 1:
pktlen|=buf[mark++] << 8; pktlen|=buf[mark++] << 8;
case 0: case 0:
pktlen|=buf[mark++]; pktlen|=buf[mark++];
} }
buf+=mark; buf+=mark;
} }
/* Now make the binary blob into a subpacket. */ /* Now make the binary blob into a subpacket. */
build_sig_subpkt(sig,SIGSUBPKT_SIGNATURE,buf,pktlen); build_sig_subpkt(sig,SIGSUBPKT_SIGNATURE,buf,pktlen);
iobuf_close(backsig_out); iobuf_close(backsig_out);
} }
} }
return rc; return rc;
} }
@ -928,7 +928,7 @@ write_direct_sig (KBNODE root, KBNODE pub_root, PKT_secret_key *sk,
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc; return rc;
} }
pkt = xmalloc_clear( sizeof *pkt ); pkt = xmalloc_clear( sizeof *pkt );
pkt->pkttype = PKT_SIGNATURE; pkt->pkttype = PKT_SIGNATURE;
pkt->pkt.signature = sig; pkt->pkt.signature = sig;
@ -963,7 +963,7 @@ write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
BUG(); BUG();
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
pk->pubkey_usage = use; pk->pubkey_usage = use;
/* We have to cache the key, so that the verification of the /* We have to cache the key, so that the verification of the
signature creation is able to retrieve the public key. */ signature creation is able to retrieve the public key. */
cache_public_key (pk); cache_public_key (pk);
@ -972,7 +972,7 @@ write_selfsigs( KBNODE sec_root, KBNODE pub_root, PKT_secret_key *sk,
rc = make_keysig_packet (&sig, pk, uid, NULL, sk, 0x13, rc = make_keysig_packet (&sig, pk, uid, NULL, sk, 0x13,
0, 0, timestamp, 0, 0, 0, timestamp, 0,
keygen_add_std_prefs, pk); keygen_add_std_prefs, pk);
if( rc ) if( rc )
{ {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc; return rc;
@ -1017,10 +1017,10 @@ write_keybinding (KBNODE root, KBNODE pub_root,
/* We have to cache the key, so that the verification of the /* We have to cache the key, so that the verification of the
* signature creation is able to retrieve the public key. */ * signature creation is able to retrieve the public key. */
cache_public_key (pri_pk); cache_public_key (pri_pk);
/* Find the last subkey. */ /* Find the last subkey. */
sub_pk = NULL; sub_pk = NULL;
for (node=pub_root; node; node = node->next ) for (node=pub_root; node; node = node->next )
{ {
if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
sub_pk = node->pkt->pkt.public_key; sub_pk = node->pkt->pkt.public_key;
@ -1031,10 +1031,10 @@ write_keybinding (KBNODE root, KBNODE pub_root,
/* Make the signature. */ /* Make the signature. */
oduap.usage = use; oduap.usage = use;
oduap.pk = sub_pk; oduap.pk = sub_pk;
rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18, rc = make_keysig_packet (&sig, pri_pk, NULL, sub_pk, pri_sk, 0x18,
0, 0, timestamp, 0, 0, 0, timestamp, 0,
keygen_add_key_flags_and_expire, &oduap ); keygen_add_key_flags_and_expire, &oduap );
if (rc) if (rc)
{ {
log_error ("make_keysig_packet failed: %s\n", g10_errstr(rc) ); log_error ("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc; return rc;
@ -1047,7 +1047,7 @@ write_keybinding (KBNODE root, KBNODE pub_root,
if (rc) if (rc)
return rc; return rc;
} }
pkt = xmalloc_clear ( sizeof *pkt ); pkt = xmalloc_clear ( sizeof *pkt );
pkt->pkttype = PKT_SIGNATURE; pkt->pkttype = PKT_SIGNATURE;
pkt->pkt.signature = sig; pkt->pkt.signature = sig;
@ -1085,7 +1085,7 @@ key_from_sexp (gcry_mpi_t *array, gcry_sexp_t sexp,
} }
array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG); array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (l2); gcry_sexp_release (l2);
if (!array[idx]) if (!array[idx])
{ {
rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */ rc = gpg_error (GPG_ERR_INV_OBJ); /* required parameter invalid */
goto leave; goto leave;
@ -1132,7 +1132,7 @@ genhelp_factors (gcry_sexp_t misc_key_info, KBNODE sec_root)
#if 0 /* Not used anymore */ #if 0 /* Not used anymore */
size_t n; size_t n;
char *buf; char *buf;
if (misc_key_info) if (misc_key_info)
{ {
/* DSA: don't know whether it makes sense to have the factors, so for now /* DSA: don't know whether it makes sense to have the factors, so for now
@ -1161,7 +1161,7 @@ genhelp_factors (gcry_sexp_t misc_key_info, KBNODE sec_root)
static int static int
gen_elg (int algo, unsigned int nbits, gen_elg (int algo, unsigned int nbits,
KBNODE pub_root, KBNODE sec_root, DEK *dek, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_key **ret_sk, STRING2KEY *s2k, PKT_secret_key **ret_sk,
u32 timestamp, u32 expireval, int is_subkey) u32 timestamp, u32 expireval, int is_subkey)
{ {
int rc; int rc;
@ -1193,7 +1193,7 @@ gen_elg (int algo, unsigned int nbits,
(int)nbits); (int)nbits);
if (rc) if (rc)
log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc)); log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&s_key, s_parms); rc = gcry_pk_genkey (&s_key, s_parms);
gcry_sexp_release (s_parms); gcry_sexp_release (s_parms);
if (rc) if (rc)
@ -1201,19 +1201,19 @@ gen_elg (int algo, unsigned int nbits,
log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) ); log_error ("gcry_pk_genkey failed: %s\n", gpg_strerror (rc) );
return rc; return rc;
} }
sk = xmalloc_clear( sizeof *sk ); sk = xmalloc_clear( sizeof *sk );
pk = xmalloc_clear( sizeof *pk ); pk = xmalloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = timestamp; sk->timestamp = pk->timestamp = timestamp;
sk->version = pk->version = 4; sk->version = pk->version = 4;
if (expireval) if (expireval)
{ {
sk->expiredate = pk->expiredate = sk->timestamp + expireval; sk->expiredate = pk->expiredate = sk->timestamp + expireval;
} }
sk->pubkey_algo = pk->pubkey_algo = algo; sk->pubkey_algo = pk->pubkey_algo = algo;
rc = key_from_sexp (pk->pkey, s_key, "public-key", "pgy"); rc = key_from_sexp (pk->pkey, s_key, "public-key", "pgy");
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) ); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
@ -1232,7 +1232,7 @@ gen_elg (int algo, unsigned int nbits,
} }
misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0); misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
sk->is_protected = 0; sk->is_protected = 0;
sk->protect.algo = 0; sk->protect.algo = 0;
@ -1248,7 +1248,7 @@ gen_elg (int algo, unsigned int nbits,
gcry_sexp_release (misc_key_info); gcry_sexp_release (misc_key_info);
return rc; return rc;
} }
pkt = xmalloc_clear (sizeof *pkt); pkt = xmalloc_clear (sizeof *pkt);
pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY; pkt->pkttype = is_subkey ? PKT_PUBLIC_SUBKEY : PKT_PUBLIC_KEY;
pkt->pkt.public_key = pk; pkt->pkt.public_key = pk;
@ -1261,9 +1261,9 @@ gen_elg (int algo, unsigned int nbits,
pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY; pkt->pkttype = is_subkey ? PKT_SECRET_SUBKEY : PKT_SECRET_KEY;
pkt->pkt.secret_key = sk; pkt->pkt.secret_key = sk;
add_kbnode (sec_root, new_kbnode( pkt )); add_kbnode (sec_root, new_kbnode( pkt ));
genhelp_factors (misc_key_info, sec_root); genhelp_factors (misc_key_info, sec_root);
return 0; return 0;
} }
@ -1273,7 +1273,7 @@ gen_elg (int algo, unsigned int nbits,
*/ */
static int static int
gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_key **ret_sk, STRING2KEY *s2k, PKT_secret_key **ret_sk,
u32 timestamp, u32 expireval, int is_subkey) u32 timestamp, u32 expireval, int is_subkey)
{ {
int rc; int rc;
@ -1311,26 +1311,26 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
/* /*
Figure out a q size based on the key size. FIPS 180-3 says: Figure out a q size based on the key size. FIPS 180-3 says:
L = 1024, N = 160 L = 1024, N = 160
L = 2048, N = 224 L = 2048, N = 224
L = 2048, N = 256 L = 2048, N = 256
L = 3072, N = 256 L = 3072, N = 256
2048/256 is an odd pair since there is also a 2048/224 and 2048/256 is an odd pair since there is also a 2048/224 and
3072/256. Matching sizes is not a very exact science. 3072/256. Matching sizes is not a very exact science.
We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024 We'll do 256 qbits for nbits over 2047, 224 for nbits over 1024
but less than 2048, and 160 for 1024 (DSA1). but less than 2048, and 160 for 1024 (DSA1).
*/ */
if (nbits > 2047) if (nbits > 2047)
qbits = 256; qbits = 256;
else if ( nbits > 1024) else if ( nbits > 1024)
qbits = 224; qbits = 224;
else else
qbits = 160; qbits = 160;
if (qbits != 160 ) if (qbits != 160 )
log_info (_("WARNING: some OpenPGP programs can't" log_info (_("WARNING: some OpenPGP programs can't"
" handle a DSA key with this digest size\n")); " handle a DSA key with this digest size\n"));
@ -1340,7 +1340,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
(int)nbits, (int)qbits); (int)nbits, (int)qbits);
if (rc) if (rc)
log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc)); log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&s_key, s_parms); rc = gcry_pk_genkey (&s_key, s_parms);
gcry_sexp_release (s_parms); gcry_sexp_release (s_parms);
if (rc) if (rc)
@ -1353,12 +1353,12 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
pk = xmalloc_clear( sizeof *pk ); pk = xmalloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = timestamp; sk->timestamp = pk->timestamp = timestamp;
sk->version = pk->version = 4; sk->version = pk->version = 4;
if (expireval) if (expireval)
sk->expiredate = pk->expiredate = sk->timestamp + expireval; sk->expiredate = pk->expiredate = sk->timestamp + expireval;
sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA; sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
rc = key_from_sexp (pk->pkey, s_key, "public-key", "pqgy"); rc = key_from_sexp (pk->pkey, s_key, "public-key", "pqgy");
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc)); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
@ -1367,7 +1367,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc; return rc;
} }
rc = key_from_sexp (sk->skey, s_key, "private-key", "pqgyx"); rc = key_from_sexp (sk->skey, s_key, "private-key", "pqgyx");
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) ); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
@ -1377,7 +1377,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
} }
misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0); misc_key_info = gcry_sexp_find_token (s_key, "misc-key-info", 0);
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
sk->is_protected = 0; sk->is_protected = 0;
sk->protect.algo = 0; sk->protect.algo = 0;
@ -1416,7 +1416,7 @@ gen_dsa (unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
} }
/* /*
* Generate an RSA key. * Generate an RSA key.
*/ */
static int static int
@ -1452,7 +1452,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
(int)nbits); (int)nbits);
if (rc) if (rc)
log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc)); log_bug ("gcry_sexp_build failed: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&s_key, s_parms); rc = gcry_pk_genkey (&s_key, s_parms);
gcry_sexp_release (s_parms); gcry_sexp_release (s_parms);
if (rc) if (rc)
@ -1472,7 +1472,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
sk->pubkey_algo = pk->pubkey_algo = algo; sk->pubkey_algo = pk->pubkey_algo = algo;
rc = key_from_sexp (pk->pkey, s_key, "public-key", "ne"); rc = key_from_sexp (pk->pkey, s_key, "public-key", "ne");
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc)); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc));
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
@ -1481,7 +1481,7 @@ gen_rsa (int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc; return rc;
} }
rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu"); rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) ); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
@ -1682,7 +1682,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
if (!r_subkey_algo) if (!r_subkey_algo)
r_subkey_algo = &dummy_algo; r_subkey_algo = &dummy_algo;
tty_printf (_("Please select what kind of key you want:\n")); tty_printf (_("Please select what kind of key you want:\n"));
if (!addmode) if (!addmode)
@ -1703,7 +1703,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 ); tty_printf (_(" (%d) DSA (set your own capabilities)\n"), 7 );
tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 ); tty_printf (_(" (%d) RSA (set your own capabilities)\n"), 8 );
} }
for(;;) for(;;)
{ {
*r_usage = 0; *r_usage = 0;
@ -1763,7 +1763,7 @@ ask_algo (int addmode, int *r_subkey_algo, unsigned int *r_usage)
else else
tty_printf (_("Invalid selection.\n")); tty_printf (_("Invalid selection.\n"));
} }
return algo; return algo;
} }
@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
nbits = *answer? atoi (answer): def; nbits = *answer? atoi (answer): def;
xfree(prompt); xfree(prompt);
xfree(answer); xfree(answer);
if(nbits<min || nbits>max) if(nbits<min || nbits>max)
tty_printf(_("%s keysizes must be in the range %u-%u\n"), tty_printf(_("%s keysizes must be in the range %u-%u\n"),
gcry_pk_algo_name (algo), min, max); gcry_pk_algo_name (algo), min, max);
@ -1872,7 +1872,7 @@ parse_expire_string( const char *string )
u32 abs_date = 0; u32 abs_date = 0;
u32 curtime = make_timestamp (); u32 curtime = make_timestamp ();
time_t tt; time_t tt;
if (!*string) if (!*string)
seconds = 0; seconds = 0;
else if (!strncmp (string, "seconds=", 8)) else if (!strncmp (string, "seconds=", 8))
@ -1886,7 +1886,7 @@ parse_expire_string( const char *string )
seconds = atoi (string) * 86400L * mult; seconds = atoi (string) * 86400L * mult;
else else
seconds = (u32)(-1); seconds = (u32)(-1);
return seconds; return seconds;
} }
@ -1896,7 +1896,7 @@ static u32
parse_creation_string (const char *string) parse_creation_string (const char *string)
{ {
u32 seconds; u32 seconds;
if (!*string) if (!*string)
seconds = 0; seconds = 0;
else if ( !strncmp (string, "seconds=", 8) ) else if ( !strncmp (string, "seconds=", 8) )
@ -2191,7 +2191,7 @@ ask_user_id (int mode, KBNODE keyblock)
lower and uppercase. Below you will find the matching lower and uppercase. Below you will find the matching
string which should be translated accordingly and the string which should be translated accordingly and the
letter changed to match the one in the answer string. letter changed to match the one in the answer string.
n = Change name n = Change name
c = Change comment c = Change comment
e = Change email e = Change email
@ -2312,7 +2312,7 @@ do_ask_passphrase (STRING2KEY **ret_s2k, int mode, int *r_canceled)
routines based on the requested algorithm. */ routines based on the requested algorithm. */
static int static int
do_create (int algo, unsigned int nbits, KBNODE pub_root, KBNODE sec_root, do_create (int algo, unsigned int nbits, KBNODE pub_root, KBNODE sec_root,
DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk,
u32 timestamp, u32 expiredate, int is_subkey ) u32 timestamp, u32 expiredate, int is_subkey )
{ {
int rc=0; int rc=0;
@ -2347,7 +2347,7 @@ PKT_user_id *
generate_user_id (KBNODE keyblock) generate_user_id (KBNODE keyblock)
{ {
char *p; char *p;
p = ask_user_id (1, keyblock); p = ask_user_id (1, keyblock);
if (!p) if (!p)
return NULL; /* Canceled. */ return NULL; /* Canceled. */
@ -2389,7 +2389,7 @@ get_parameter_value( struct para_data_s *para, enum para_name key )
} }
static int static int
get_parameter_algo( struct para_data_s *para, enum para_name key, get_parameter_algo( struct para_data_s *para, enum para_name key,
int *r_default) int *r_default)
{ {
int i; int i;
@ -2422,7 +2422,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key,
return i; return i;
} }
/* /*
* Parse the usage parameter and set the keyflags. Returns -1 on * Parse the usage parameter and set the keyflags. Returns -1 on
* error, 0 for no usage given or 1 for usage available. * error, 0 for no usage given or 1 for usage available.
*/ */
@ -2436,7 +2436,7 @@ parse_parameter_usage (const char *fname,
if( !r ) if( !r )
return 0; /* none (this is an optional parameter)*/ return 0; /* none (this is an optional parameter)*/
use = 0; use = 0;
pn = r->u.value; pn = r->u.value;
while ( (p = strsep (&pn, " \t,")) ) { while ( (p = strsep (&pn, " \t,")) ) {
@ -2524,7 +2524,7 @@ get_parameter_u32( struct para_data_s *para, enum para_name key )
return r->u.expire; return r->u.expire;
if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE ) if( r->key == pKEYUSAGE || r->key == pSUBKEYUSAGE )
return r->u.usage; return r->u.usage;
return (unsigned int)strtoul( r->u.value, NULL, 10 ); return (unsigned int)strtoul( r->u.value, NULL, 10 );
} }
@ -2732,7 +2732,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
para = r; para = r;
} }
if (canceled) if (canceled)
{ {
log_error ("%s:%d: key generation canceled\n", fname, r->lnr ); log_error ("%s:%d: key generation canceled\n", fname, r->lnr );
return -1; return -1;
@ -2748,7 +2748,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
* but because we do this always, why not here. */ * but because we do this always, why not here. */
STRING2KEY *s2k; STRING2KEY *s2k;
DEK *dek; DEK *dek;
s2k = xmalloc_secure ( sizeof *s2k ); s2k = xmalloc_secure ( sizeof *s2k );
s2k->mode = opt.s2k_mode; s2k->mode = opt.s2k_mode;
s2k->hash_algo = S2K_DIGEST_ALGO; s2k->hash_algo = S2K_DIGEST_ALGO;
@ -2758,7 +2758,7 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
set_next_passphrase (NULL ); set_next_passphrase (NULL );
assert (dek); assert (dek);
memset (r->u.value, 0, strlen(r->u.value)); memset (r->u.value, 0, strlen(r->u.value));
r = xmalloc_clear (sizeof *r); r = xmalloc_clear (sizeof *r);
r->key = pPASSPHRASE_S2K; r->key = pPASSPHRASE_S2K;
r->u.s2k = s2k; r->u.s2k = s2k;
@ -2917,7 +2917,7 @@ read_parameter_file( const char *fname )
else if( !ascii_strcasecmp( keyword, "%commit" ) ) { else if( !ascii_strcasecmp( keyword, "%commit" ) ) {
outctrl.lnr = lnr; outctrl.lnr = lnr;
if (proc_parameter_file( para, fname, &outctrl, 0 )) if (proc_parameter_file( para, fname, &outctrl, 0 ))
print_status_key_not_created print_status_key_not_created
(get_parameter_value (para, pHANDLE)); (get_parameter_value (para, pHANDLE));
release_parameter_list( para ); release_parameter_list( para );
para = NULL; para = NULL;
@ -3044,7 +3044,7 @@ read_parameter_file( const char *fname )
* written to directory given by this argument . * written to directory given by this argument .
*/ */
void void
generate_keypair (const char *fname, const char *card_serialno, generate_keypair (const char *fname, const char *card_serialno,
const char *backup_encryption_dir) const char *backup_encryption_dir)
{ {
unsigned int nbits; unsigned int nbits;
@ -3059,16 +3059,16 @@ generate_keypair (const char *fname, const char *card_serialno,
struct para_data_s *r; struct para_data_s *r;
struct output_control_s outctrl; struct output_control_s outctrl;
int canceled; int canceled;
memset( &outctrl, 0, sizeof( outctrl ) ); memset( &outctrl, 0, sizeof( outctrl ) );
if (opt.batch && card_serialno) if (opt.batch && card_serialno)
{ {
/* We don't yet support unattended key generation. */ /* We don't yet support unattended key generation. */
log_error (_("can't do this in batch mode\n")); log_error (_("can't do this in batch mode\n"));
return; return;
} }
if (opt.batch) if (opt.batch)
{ {
read_parameter_file( fname ); read_parameter_file( fname );
@ -3083,9 +3083,9 @@ generate_keypair (const char *fname, const char *card_serialno,
strcpy( r->u.value, card_serialno); strcpy( r->u.value, card_serialno);
r->next = para; r->next = para;
para = r; para = r;
algo = PUBKEY_ALGO_RSA; algo = PUBKEY_ALGO_RSA;
r = xcalloc (1, sizeof *r + 20 ); r = xcalloc (1, sizeof *r + 20 );
r->key = pKEYTYPE; r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", algo );
@ -3096,7 +3096,7 @@ generate_keypair (const char *fname, const char *card_serialno,
strcpy (r->u.value, "sign"); strcpy (r->u.value, "sign");
r->next = para; r->next = para;
para = r; para = r;
r = xcalloc (1, sizeof *r + 20 ); r = xcalloc (1, sizeof *r + 20 );
r->key = pSUBKEYTYPE; r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", algo );
@ -3107,7 +3107,7 @@ generate_keypair (const char *fname, const char *card_serialno,
strcpy (r->u.value, "encrypt"); strcpy (r->u.value, "encrypt");
r->next = para; r->next = para;
para = r; para = r;
r = xcalloc (1, sizeof *r + 20 ); r = xcalloc (1, sizeof *r + 20 );
r->key = pAUTHKEYTYPE; r->key = pAUTHKEYTYPE;
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", algo );
@ -3126,11 +3126,11 @@ generate_keypair (const char *fname, const char *card_serialno,
} }
else else
{ {
int subkey_algo; int subkey_algo;
algo = ask_algo (0, &subkey_algo, &use); algo = ask_algo (0, &subkey_algo, &use);
if (subkey_algo) if (subkey_algo)
{ {
/* Create primary and subkey at once. */ /* Create primary and subkey at once. */
both = 1; both = 1;
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
@ -3149,7 +3149,7 @@ generate_keypair (const char *fname, const char *card_serialno,
strcpy( r->u.value, "sign" ); strcpy( r->u.value, "sign" );
r->next = para; r->next = para;
para = r; para = r;
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pSUBKEYTYPE; r->key = pSUBKEYTYPE;
sprintf( r->u.value, "%d", subkey_algo); sprintf( r->u.value, "%d", subkey_algo);
@ -3161,14 +3161,14 @@ generate_keypair (const char *fname, const char *card_serialno,
r->next = para; r->next = para;
para = r; para = r;
} }
else else
{ {
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYTYPE; r->key = pKEYTYPE;
sprintf( r->u.value, "%d", algo ); sprintf( r->u.value, "%d", algo );
r->next = para; r->next = para;
para = r; para = r;
if (use) if (use)
{ {
r = xmalloc_clear( sizeof *r + 25 ); r = xmalloc_clear( sizeof *r + 25 );
@ -3190,7 +3190,7 @@ generate_keypair (const char *fname, const char *card_serialno,
r->next = para; r->next = para;
para = r; para = r;
} }
expire = ask_expire_interval(0,NULL); expire = ask_expire_interval(0,NULL);
r = xmalloc_clear( sizeof *r + 20 ); r = xmalloc_clear( sizeof *r + 20 );
r->key = pKEYEXPIRE; r->key = pKEYEXPIRE;
@ -3204,7 +3204,7 @@ generate_keypair (const char *fname, const char *card_serialno,
para = r; para = r;
uid = ask_user_id (0, NULL); uid = ask_user_id (0, NULL);
if( !uid ) if( !uid )
{ {
log_error(_("Key generation canceled.\n")); log_error(_("Key generation canceled.\n"));
release_parameter_list( para ); release_parameter_list( para );
@ -3215,7 +3215,7 @@ generate_keypair (const char *fname, const char *card_serialno,
strcpy( r->u.value, uid ); strcpy( r->u.value, uid );
r->next = para; r->next = para;
para = r; para = r;
canceled = 0; canceled = 0;
dek = card_serialno? NULL : do_ask_passphrase (&s2k, 0, &canceled); dek = card_serialno? NULL : do_ask_passphrase (&s2k, 0, &canceled);
if( dek ) if( dek )
@ -3232,7 +3232,7 @@ generate_keypair (const char *fname, const char *card_serialno,
para = r; para = r;
} }
if (canceled) if (canceled)
log_error (_("Key generation canceled.\n")); log_error (_("Key generation canceled.\n"));
else else
proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno); proc_parameter_file( para, "[internal]", &outctrl, !!card_serialno);
@ -3269,7 +3269,7 @@ generate_raw_key (int algo, unsigned int nbits, u32 created_at,
log_info (_("keysize invalid; using %u bits\n"), nbits ); log_info (_("keysize invalid; using %u bits\n"), nbits );
} }
if ((nbits % 32)) if ((nbits % 32))
{ {
nbits = ((nbits + 31) / 32) * 32; nbits = ((nbits + 31) / 32) * 32;
log_info(_("keysize rounded up to %u bits\n"), nbits ); log_info(_("keysize rounded up to %u bits\n"), nbits );
@ -3307,16 +3307,16 @@ generate_raw_key (int algo, unsigned int nbits, u32 created_at,
} }
rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu"); rc = key_from_sexp (sk->skey, s_key, "private-key", "nedpqu");
gcry_sexp_release (s_key); gcry_sexp_release (s_key);
if (rc) if (rc)
{ {
log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) ); log_error ("key_from_sexp failed: %s\n", gpg_strerror (rc) );
goto leave; goto leave;
} }
for (i=npkey; i < nskey; i++) for (i=npkey; i < nskey; i++)
sk->csum += checksum_mpi (sk->skey[i]); sk->csum += checksum_mpi (sk->skey[i]);
if (r_sk_unprotected) if (r_sk_unprotected)
*r_sk_unprotected = copy_secret_key (NULL, sk); *r_sk_unprotected = copy_secret_key (NULL, sk);
rc = genhelp_protect (dek, s2k, sk); rc = genhelp_protect (dek, s2k, sk);
@ -3369,10 +3369,10 @@ do_generate_keypair (struct para_data_s *para,
log_info("dry-run mode - key generation skipped\n"); log_info("dry-run mode - key generation skipped\n");
return; return;
} }
if ( outctrl->use_files ) if ( outctrl->use_files )
{ {
if ( outctrl->pub.newfname ) if ( outctrl->pub.newfname )
{ {
iobuf_close(outctrl->pub.stream); iobuf_close(outctrl->pub.stream);
outctrl->pub.stream = NULL; outctrl->pub.stream = NULL;
@ -3381,8 +3381,8 @@ do_generate_keypair (struct para_data_s *para,
xfree( outctrl->pub.fname ); xfree( outctrl->pub.fname );
outctrl->pub.fname = outctrl->pub.newfname; outctrl->pub.fname = outctrl->pub.newfname;
outctrl->pub.newfname = NULL; outctrl->pub.newfname = NULL;
if (is_secured_filename (outctrl->pub.fname) ) if (is_secured_filename (outctrl->pub.fname) )
{ {
outctrl->pub.stream = NULL; outctrl->pub.stream = NULL;
errno = EPERM; errno = EPERM;
@ -3404,7 +3404,7 @@ do_generate_keypair (struct para_data_s *para,
if (outctrl->sec.newfname) if (outctrl->sec.newfname)
{ {
mode_t oldmask; mode_t oldmask;
iobuf_close(outctrl->sec.stream); iobuf_close(outctrl->sec.stream);
outctrl->sec.stream = NULL; outctrl->sec.stream = NULL;
if (outctrl->sec.fname) if (outctrl->sec.fname)
@ -3452,7 +3452,7 @@ do_generate_keypair (struct para_data_s *para,
structure we create is known in advance we simply generate a structure we create is known in advance we simply generate a
linked list. The first packet is a dummy packet which we flag as linked list. The first packet is a dummy packet which we flag as
deleted. The very first packet must always be a KEY packet. */ deleted. The very first packet must always be a KEY packet. */
start_tree (&pub_root); start_tree (&pub_root);
start_tree (&sec_root); start_tree (&sec_root);
@ -3520,7 +3520,7 @@ do_generate_keypair (struct para_data_s *para,
rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL, rc = gen_card_key (PUBKEY_ALGO_RSA, 3, 0, pub_root, sec_root, NULL,
&timestamp, &timestamp,
get_parameter_u32 (para, pKEYEXPIRE), para); get_parameter_u32 (para, pKEYEXPIRE), para);
if (!rc) if (!rc)
rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk, rc = write_keybinding (pub_root, pub_root, pri_sk, sub_sk,
PUBKEY_USAGE_AUTH, timestamp); PUBKEY_USAGE_AUTH, timestamp);
@ -3581,7 +3581,7 @@ do_generate_keypair (struct para_data_s *para,
rc = write_keyblock( outctrl->pub.stream, pub_root ); rc = write_keyblock( outctrl->pub.stream, pub_root );
if (rc) if (rc)
log_error ("can't write public key: %s\n", g10_errstr(rc) ); log_error ("can't write public key: %s\n", g10_errstr(rc) );
if (!rc) if (!rc)
{ {
rc = write_keyblock( outctrl->sec.stream, sec_root ); rc = write_keyblock( outctrl->sec.stream, sec_root );
if(rc) if(rc)
@ -3594,18 +3594,18 @@ do_generate_keypair (struct para_data_s *para,
KEYDB_HANDLE sec_hd = keydb_new (1); KEYDB_HANDLE sec_hd = keydb_new (1);
rc = keydb_locate_writable (pub_hd, NULL); rc = keydb_locate_writable (pub_hd, NULL);
if (rc) if (rc)
log_error (_("no writable public keyring found: %s\n"), log_error (_("no writable public keyring found: %s\n"),
g10_errstr (rc)); g10_errstr (rc));
if (!rc) if (!rc)
{ {
rc = keydb_locate_writable (sec_hd, NULL); rc = keydb_locate_writable (sec_hd, NULL);
if (rc) if (rc)
log_error (_("no writable secret keyring found: %s\n"), log_error (_("no writable secret keyring found: %s\n"),
g10_errstr (rc)); g10_errstr (rc));
} }
if (!rc && opt.verbose) if (!rc && opt.verbose)
{ {
log_info (_("writing public key to `%s'\n"), log_info (_("writing public key to `%s'\n"),
@ -3617,15 +3617,15 @@ do_generate_keypair (struct para_data_s *para,
log_info (_("writing secret key to `%s'\n"), log_info (_("writing secret key to `%s'\n"),
keydb_get_resource_name (sec_hd)); keydb_get_resource_name (sec_hd));
} }
if (!rc) if (!rc)
{ {
rc = keydb_insert_keyblock (pub_hd, pub_root); rc = keydb_insert_keyblock (pub_hd, pub_root);
if (rc) if (rc)
log_error (_("error writing public keyring `%s': %s\n"), log_error (_("error writing public keyring `%s': %s\n"),
keydb_get_resource_name (pub_hd), g10_errstr(rc)); keydb_get_resource_name (pub_hd), g10_errstr(rc));
} }
if (!rc) if (!rc)
{ {
rc = keydb_insert_keyblock (sec_hd, sec_root); rc = keydb_insert_keyblock (sec_hd, sec_root);
@ -3636,7 +3636,7 @@ do_generate_keypair (struct para_data_s *para,
keydb_release (pub_hd); keydb_release (pub_hd);
keydb_release (sec_hd); keydb_release (sec_hd);
if (!rc) if (!rc)
{ {
int no_enc_rsa; int no_enc_rsa;
@ -3656,14 +3656,14 @@ do_generate_keypair (struct para_data_s *para,
update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK) update_ownertrust (pk, ((get_ownertrust (pk) & ~TRUST_MASK)
| TRUST_ULTIMATE )); | TRUST_ULTIMATE ));
if (!opt.batch) if (!opt.batch)
{ {
tty_printf (_("public and secret key created and signed.\n") ); tty_printf (_("public and secret key created and signed.\n") );
tty_printf ("\n"); tty_printf ("\n");
list_keyblock(pub_root,0,1,NULL); list_keyblock(pub_root,0,1,NULL);
} }
if (!opt.batch if (!opt.batch
&& (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA && (get_parameter_algo (para, pKEYTYPE, NULL) == PUBKEY_ALGO_DSA
|| no_enc_rsa ) || no_enc_rsa )
@ -3688,14 +3688,14 @@ do_generate_keypair (struct para_data_s *para,
} }
else else
{ {
PKT_public_key *pk = find_kbnode (pub_root, PKT_public_key *pk = find_kbnode (pub_root,
PKT_PUBLIC_KEY)->pkt->pkt.public_key; PKT_PUBLIC_KEY)->pkt->pkt.public_key;
print_status_key_created (did_sub? 'B':'P', pk, print_status_key_created (did_sub? 'B':'P', pk,
get_parameter_value (para, pHANDLE)); get_parameter_value (para, pHANDLE));
} }
release_kbnode( pub_root ); release_kbnode( pub_root );
release_kbnode( sec_root ); release_kbnode( sec_root );
if (pri_sk && !card) /* The unprotected secret key unless we */ if (pri_sk && !card) /* The unprotected secret key unless we */
free_secret_key (pri_sk); /* have a shallow copy in card mode. */ free_secret_key (pri_sk); /* have a shallow copy in card mode. */
if (sub_sk) if (sub_sk)
@ -3724,12 +3724,12 @@ generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
/* Break out the primary secret key. */ /* Break out the primary secret key. */
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
if( !node ) if( !node )
{ {
log_error ("Oops; secret key not found anymore!\n"); log_error ("Oops; secret key not found anymore!\n");
goto leave; goto leave;
} }
/* Make a copy of the sk to keep the protected one in the keyblock. */ /* Make a copy of the sk to keep the protected one in the keyblock. */
pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key); pri_sk = copy_secret_key (NULL, node->pkt->pkt.secret_key);
@ -3749,7 +3749,7 @@ generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
} }
} }
if (pri_sk->version < 4) if (pri_sk->version < 4)
{ {
log_info (_("NOTE: creating subkeys for v3 keys " log_info (_("NOTE: creating subkeys for v3 keys "
"is not OpenPGP compliant\n")); "is not OpenPGP compliant\n"));
@ -3794,7 +3794,7 @@ generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay", if (!cpr_enabled() && !cpr_get_answer_is_yes("keygen.sub.okay",
_("Really create? (y/N) "))) _("Really create? (y/N) ")))
goto leave; goto leave;
canceled = 0; canceled = 0;
if (ask_pass) if (ask_pass)
dek = do_ask_passphrase (&s2k, 0, &canceled); dek = do_ask_passphrase (&s2k, 0, &canceled);
@ -3807,20 +3807,20 @@ generate_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock)
dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2, dek = passphrase_to_dek (NULL, 0, opt.s2k_cipher_algo, s2k, 2,
NULL, NULL ); NULL, NULL );
} }
if (canceled) if (canceled)
rc = GPG_ERR_CANCELED; rc = GPG_ERR_CANCELED;
if (!rc) if (!rc)
rc = do_create (algo, nbits, pub_keyblock, sec_keyblock, rc = do_create (algo, nbits, pub_keyblock, sec_keyblock,
dek, s2k, &sub_sk, cur_time, expire, 1 ); dek, s2k, &sub_sk, cur_time, expire, 1 );
if (!rc) if (!rc)
rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk, rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
use, cur_time); use, cur_time);
if (!rc) if (!rc)
rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk, rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
use, cur_time); use, cur_time);
if (!rc) if (!rc)
{ {
okay = 1; okay = 1;
write_status_text (STATUS_KEY_CREATED, "S"); write_status_text (STATUS_KEY_CREATED, "S");
@ -3936,10 +3936,10 @@ generate_card_subkeypair (KBNODE pub_keyblock, KBNODE sec_keyblock,
rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock, rc = gen_card_key (algo, keyno, 0, pub_keyblock, sec_keyblock,
&sub_sk, &cur_time, expire, para); &sub_sk, &cur_time, expire, para);
if (!rc) if (!rc)
rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk, rc = write_keybinding (pub_keyblock, pub_keyblock, pri_sk, sub_sk,
use, cur_time); use, cur_time);
if (!rc) if (!rc)
rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk, rc = write_keybinding (sec_keyblock, pub_keyblock, pri_sk, sub_sk,
use, cur_time); use, cur_time);
if (!rc) if (!rc)
{ {
@ -4000,7 +4000,7 @@ gen_card_key (int algo, int keyno, int is_primary,
PKT_public_key *pk; PKT_public_key *pk;
assert (algo == PUBKEY_ALGO_RSA); assert (algo == PUBKEY_ALGO_RSA);
/* Fixme: We don't have the serialnumber available, thus passing NULL. */ /* Fixme: We don't have the serialnumber available, thus passing NULL. */
rc = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp); rc = agent_scd_genkey (&info, keyno, 1, NULL, *timestamp);
/* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */ /* if (gpg_err_code (rc) == GPG_ERR_EEXIST) */
@ -4025,7 +4025,7 @@ gen_card_key (int algo, int keyno, int is_primary,
gcry_mpi_release (info.e); gcry_mpi_release (info.e);
return gpg_error (GPG_ERR_GENERAL); return gpg_error (GPG_ERR_GENERAL);
} }
if (*timestamp != info.created_at) if (*timestamp != info.created_at)
log_info ("Note that the key does not use the suggested creation date\n"); log_info ("Note that the key does not use the suggested creation date\n");
*timestamp = info.created_at; *timestamp = info.created_at;
@ -4038,7 +4038,7 @@ gen_card_key (int algo, int keyno, int is_primary,
sk->expiredate = pk->expiredate = pk->timestamp + expireval; sk->expiredate = pk->expiredate = pk->timestamp + expireval;
sk->pubkey_algo = pk->pubkey_algo = algo; sk->pubkey_algo = pk->pubkey_algo = algo;
pk->pkey[0] = info.n; pk->pkey[0] = info.n;
pk->pkey[1] = info.e; pk->pkey[1] = info.e;
sk->skey[0] = gcry_mpi_copy (pk->pkey[0]); sk->skey[0] = gcry_mpi_copy (pk->pkey[0]);
sk->skey[1] = gcry_mpi_copy (pk->pkey[1]); sk->skey[1] = gcry_mpi_copy (pk->pkey[1]);
sk->skey[2] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8); sk->skey[2] = gcry_mpi_set_opaque (NULL, xstrdup ("dummydata"), 10*8);
@ -4089,11 +4089,11 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
size_t n; size_t n;
int i; int i;
unsigned int nbits; unsigned int nbits;
/* Get the size of the key directly from the card. */ /* Get the size of the key directly from the card. */
{ {
struct agent_card_info_s info; struct agent_card_info_s info;
memset (&info, 0, sizeof info); memset (&info, 0, sizeof info);
if (!agent_scd_getattr ("KEY-ATTR", &info) if (!agent_scd_getattr ("KEY-ATTR", &info)
&& info.key_attr[1].algo) && info.key_attr[1].algo)
@ -4159,7 +4159,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
else else
fp = iobuf_create (fname); fp = iobuf_create (fname);
umask (oldmask); umask (oldmask);
if (!fp) if (!fp)
{ {
rc = gpg_error_from_syserror (); rc = gpg_error_from_syserror ();
log_error (_("can't create backup file `%s': %s\n"), log_error (_("can't create backup file `%s': %s\n"),
@ -4185,7 +4185,7 @@ gen_card_key_with_backup (int algo, int keyno, int is_primary,
{ {
unsigned char array[MAX_FINGERPRINT_LEN]; unsigned char array[MAX_FINGERPRINT_LEN];
char *fprbuf, *p; char *fprbuf, *p;
iobuf_close (fp); iobuf_close (fp);
iobuf_ioctl (NULL, 2, 0, (char*)fname); iobuf_ioctl (NULL, 2, 0, (char*)fname);
log_info (_("NOTE: backup of card key saved to `%s'\n"), fname); log_info (_("NOTE: backup of card key saved to `%s'\n"), fname);
@ -4302,7 +4302,7 @@ save_unprotected_key_to_card (PKT_secret_key *sk, int keyno)
p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))"); p = stpcpy (stpcpy (stpcpy (p, numbuf), numbuf2), "))");
/* Fixme: Unfortunately we don't have the serialnumber available - /* Fixme: Unfortunately we don't have the serialnumber available -
thus we can't pass it down to the agent. */ thus we can't pass it down to the agent. */
rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp); rc = agent_scd_writekey (keyno, NULL, sexp, p - sexp);
leave: leave: