mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
d07666412d
* g10/sign.c (make_keysig_packet): Remove obsolete arg diegst_algo which was always passed as 0. Change all callers. * g10/gpgcompose.c (signature): Warn when trying to set a digest algo. -- Signed-off-by: Werner Koch <wk@gnupg.org>
3111 lines
82 KiB
C
3111 lines
82 KiB
C
/* gpgcompose.c - Maintainer tool to create OpenPGP messages by hand.
|
||
* Copyright (C) 2016 g10 Code GmbH
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 3 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||
*/
|
||
|
||
#include <config.h>
|
||
#include <errno.h>
|
||
|
||
#include "gpg.h"
|
||
#include "packet.h"
|
||
#include "keydb.h"
|
||
#include "main.h"
|
||
#include "options.h"
|
||
#include "call-agent.h"
|
||
|
||
static int do_debug;
|
||
#define debug(fmt, ...) \
|
||
do { if (do_debug) log_debug (fmt, ##__VA_ARGS__); } while (0)
|
||
|
||
/* --encryption, for instance, adds a filter in front of out. There
|
||
is an operator (--encryption-pop) to end this. We use the
|
||
following infrastructure to make it easy to pop the state. */
|
||
struct filter
|
||
{
|
||
void *func;
|
||
void *context;
|
||
int pkttype;
|
||
int partial_block_mode;
|
||
struct filter *next;
|
||
};
|
||
|
||
|
||
/* Hack to ass CTRL to some functions. */
|
||
static ctrl_t global_ctrl;
|
||
|
||
|
||
static struct filter *filters;
|
||
|
||
static void
|
||
filter_push (iobuf_t out, void *func, void *context,
|
||
int type, int partial_block_mode)
|
||
{
|
||
gpg_error_t err;
|
||
struct filter *f = xmalloc_clear (sizeof (*f));
|
||
f->next = filters;
|
||
f->func = func;
|
||
f->context = context;
|
||
f->pkttype = type;
|
||
f->partial_block_mode = partial_block_mode;
|
||
|
||
filters = f;
|
||
|
||
err = iobuf_push_filter (out, func, context);
|
||
if (err)
|
||
log_fatal ("Adding filter: %s\n", gpg_strerror (err));
|
||
}
|
||
|
||
static void
|
||
filter_pop (iobuf_t out, int expected_type)
|
||
{
|
||
gpg_error_t err;
|
||
struct filter *f = filters;
|
||
|
||
log_assert (f);
|
||
|
||
if (f->pkttype != expected_type)
|
||
log_fatal ("Attempted to pop a %s container, "
|
||
"but current container is a %s container.\n",
|
||
pkttype_str (f->pkttype), pkttype_str (expected_type));
|
||
|
||
if (f->pkttype == PKT_ENCRYPTED)
|
||
{
|
||
err = iobuf_pop_filter (out, f->func, f->context);
|
||
if (err)
|
||
log_fatal ("Popping encryption filter: %s\n", gpg_strerror (err));
|
||
}
|
||
else
|
||
log_fatal ("FILTERS appears to be corrupted.\n");
|
||
|
||
if (f->partial_block_mode)
|
||
iobuf_set_partial_body_length_mode (out, 0);
|
||
|
||
filters = f->next;
|
||
xfree (f);
|
||
}
|
||
|
||
/* Return if CIPHER_ID is a valid cipher. */
|
||
static int
|
||
valid_cipher (int cipher_id)
|
||
{
|
||
return (cipher_id == CIPHER_ALGO_IDEA
|
||
|| cipher_id == CIPHER_ALGO_3DES
|
||
|| cipher_id == CIPHER_ALGO_CAST5
|
||
|| cipher_id == CIPHER_ALGO_BLOWFISH
|
||
|| cipher_id == CIPHER_ALGO_AES
|
||
|| cipher_id == CIPHER_ALGO_AES192
|
||
|| cipher_id == CIPHER_ALGO_AES256
|
||
|| cipher_id == CIPHER_ALGO_TWOFISH
|
||
|| cipher_id == CIPHER_ALGO_CAMELLIA128
|
||
|| cipher_id == CIPHER_ALGO_CAMELLIA192
|
||
|| cipher_id == CIPHER_ALGO_CAMELLIA256);
|
||
}
|
||
|
||
/* Parse a session key encoded as a string of the form x:HEXDIGITS
|
||
where x is the algorithm id. (This is the format emitted by gpg
|
||
--show-session-key.) */
|
||
struct session_key
|
||
{
|
||
int algo;
|
||
int keylen;
|
||
char *key;
|
||
};
|
||
|
||
static struct session_key
|
||
parse_session_key (const char *option, char *p, int require_algo)
|
||
{
|
||
char *tail;
|
||
struct session_key sk;
|
||
|
||
memset (&sk, 0, sizeof (sk));
|
||
|
||
/* Check for the optional "cipher-id:" at the start of the
|
||
string. */
|
||
errno = 0;
|
||
sk.algo = strtol (p, &tail, 10);
|
||
if (! errno && tail && *tail == ':')
|
||
{
|
||
if (! valid_cipher (sk.algo))
|
||
log_info ("%s: %d is not a known cipher (but using anyways)\n",
|
||
option, sk.algo);
|
||
p = tail + 1;
|
||
}
|
||
else if (require_algo)
|
||
log_fatal ("%s: Session key must have the form algo:HEXCHARACTERS.\n",
|
||
option);
|
||
else
|
||
sk.algo = 0;
|
||
|
||
/* Ignore a leading 0x. */
|
||
if (p[0] == '0' && p[1] == 'x')
|
||
p += 2;
|
||
|
||
if (strlen (p) % 2 != 0)
|
||
log_fatal ("%s: session key must consist of an even number of hexadecimal characters.\n",
|
||
option);
|
||
|
||
sk.keylen = strlen (p) / 2;
|
||
sk.key = xmalloc (sk.keylen);
|
||
|
||
if (hex2bin (p, sk.key, sk.keylen) == -1)
|
||
log_fatal ("%s: Session key must only contain hexadecimal characters\n",
|
||
option);
|
||
|
||
return sk;
|
||
}
|
||
|
||
/* A callback.
|
||
|
||
OPTION_STR is the option that was matched. ARGC is the number of
|
||
arguments following the option and ARGV are those arguments.
|
||
(Thus, argv[0] is the first string following the option and
|
||
argv[-1] is the option.)
|
||
|
||
COOKIE is the opaque value passed to process_options. */
|
||
typedef int (*option_prcessor_t) (const char *option_str,
|
||
int argc, char *argv[],
|
||
void *cookie);
|
||
|
||
struct option
|
||
{
|
||
/* The option that this matches. This must start with "--" or be
|
||
the empty string. The empty string matches bare arguments. */
|
||
const char *option;
|
||
/* The function to call to process this option. */
|
||
option_prcessor_t func;
|
||
/* Documentation. */
|
||
const char *help;
|
||
};
|
||
|
||
/* Merge two lists of options. Note: this makes a shallow copy! The
|
||
caller must xfree() the result. */
|
||
static struct option *
|
||
merge_options (struct option a[], struct option b[])
|
||
{
|
||
int i, j;
|
||
struct option *c;
|
||
|
||
for (i = 0; a[i].option; i ++)
|
||
;
|
||
for (j = 0; b[j].option; j ++)
|
||
;
|
||
|
||
c = xmalloc ((i + j + 1) * sizeof (struct option));
|
||
memcpy (c, a, i * sizeof (struct option));
|
||
memcpy (&c[i], b, j * sizeof (struct option));
|
||
c[i + j].option = NULL;
|
||
|
||
if (a[i].help && b[j].help)
|
||
c[i + j].help = xasprintf ("%s\n\n%s", a[i].help, b[j].help);
|
||
else if (a[i].help)
|
||
c[i + j].help = a[i].help;
|
||
else if (b[j].help)
|
||
c[i + j].help = b[j].help;
|
||
|
||
return c;
|
||
}
|
||
|
||
/* Returns whether ARG is an option. All options start with --. */
|
||
static int
|
||
is_option (const char *arg)
|
||
{
|
||
return arg[0] == '-' && arg[1] == '-';
|
||
}
|
||
|
||
/* OPTIONS is a NULL terminated array of struct option:s. Finds the
|
||
entry that is the same as ARG. Returns -1 if no entry is found.
|
||
The empty string option matches bare arguments. */
|
||
static int
|
||
match_option (const struct option options[], const char *arg)
|
||
{
|
||
int i;
|
||
int bare_arg = ! is_option (arg);
|
||
|
||
for (i = 0; options[i].option; i ++)
|
||
if ((! bare_arg && strcmp (options[i].option, arg) == 0)
|
||
/* Non-options match the empty string. */
|
||
|| (bare_arg && options[i].option[0] == '\0'))
|
||
return i;
|
||
|
||
return -1;
|
||
}
|
||
|
||
static void
|
||
show_help (struct option options[])
|
||
{
|
||
int i;
|
||
int max_length = 0;
|
||
int space;
|
||
|
||
for (i = 0; options[i].option; i ++)
|
||
{
|
||
const char *option = options[i].option[0] ? options[i].option : "ARG";
|
||
int l = strlen (option);
|
||
if (l > max_length)
|
||
max_length = l;
|
||
}
|
||
|
||
space = 72 - (max_length + 2);
|
||
if (space < 40)
|
||
space = 40;
|
||
|
||
for (i = 0; ; i ++)
|
||
{
|
||
const char *option = options[i].option;
|
||
const char *help = options[i].help;
|
||
|
||
int l;
|
||
int j;
|
||
char *tmp;
|
||
char *formatted;
|
||
char *p;
|
||
char *newline;
|
||
|
||
if (! option && ! help)
|
||
break;
|
||
|
||
if (option)
|
||
{
|
||
const char *o = option[0] ? option : "ARG";
|
||
l = strlen (o);
|
||
fprintf (stdout, "%s", o);
|
||
}
|
||
|
||
if (! help)
|
||
{
|
||
fputc ('\n', stdout);
|
||
continue;
|
||
}
|
||
|
||
if (option)
|
||
for (j = l; j < max_length + 2; j ++)
|
||
fputc (' ', stdout);
|
||
|
||
#define BOLD_START "\033[1m"
|
||
#define NORMAL_RESTORE "\033[0m"
|
||
#define BOLD(x) BOLD_START x NORMAL_RESTORE
|
||
|
||
if (! option || options[i].func)
|
||
tmp = (char *) help;
|
||
else
|
||
tmp = xasprintf ("%s " BOLD("(Unimplemented.)"), help);
|
||
|
||
if (! option)
|
||
space = 72;
|
||
formatted = format_text (tmp, space, space + 4);
|
||
if (!formatted)
|
||
abort ();
|
||
|
||
if (tmp != help)
|
||
xfree (tmp);
|
||
|
||
if (! option)
|
||
{
|
||
printf ("\n%s\n", formatted);
|
||
break;
|
||
}
|
||
|
||
for (p = formatted;
|
||
p && *p;
|
||
p = (*newline == '\0') ? newline : newline + 1)
|
||
{
|
||
newline = strchr (p, '\n');
|
||
if (! newline)
|
||
newline = &p[strlen (p)];
|
||
|
||
l = (size_t) newline - (size_t) p;
|
||
|
||
if (p != formatted)
|
||
for (j = 0; j < max_length + 2; j ++)
|
||
fputc (' ', stdout);
|
||
|
||
fwrite (p, l, 1, stdout);
|
||
fputc ('\n', stdout);
|
||
}
|
||
|
||
xfree (formatted);
|
||
}
|
||
}
|
||
|
||
/* Return value is number of consumed argv elements. */
|
||
static int
|
||
process_options (const char *parent_option,
|
||
struct option break_options[],
|
||
struct option local_options[], void *lcookie,
|
||
struct option global_options[], void *gcookie,
|
||
int argc, char *argv[])
|
||
{
|
||
int i;
|
||
for (i = 0; i < argc; i ++)
|
||
{
|
||
int j;
|
||
struct option *option;
|
||
void *cookie;
|
||
int bare_arg;
|
||
option_prcessor_t func;
|
||
int consumed;
|
||
|
||
if (break_options)
|
||
{
|
||
j = match_option (break_options, argv[i]);
|
||
if (j != -1)
|
||
/* Match. Break out. */
|
||
return i;
|
||
}
|
||
|
||
j = match_option (local_options, argv[i]);
|
||
if (j == -1)
|
||
{
|
||
if (global_options)
|
||
j = match_option (global_options, argv[i]);
|
||
if (j == -1)
|
||
{
|
||
if (strcmp (argv[i], "--help") == 0)
|
||
{
|
||
if (! global_options)
|
||
show_help (local_options);
|
||
else
|
||
{
|
||
struct option *combined
|
||
= merge_options (local_options, global_options);
|
||
show_help (combined);
|
||
xfree (combined);
|
||
}
|
||
g10_exit (0);
|
||
}
|
||
|
||
if (parent_option)
|
||
log_fatal ("%s: Unknown option: %s\n", parent_option, argv[i]);
|
||
else
|
||
log_fatal ("Unknown option: %s\n", argv[i]);
|
||
}
|
||
|
||
option = &global_options[j];
|
||
cookie = gcookie;
|
||
}
|
||
else
|
||
{
|
||
option = &local_options[j];
|
||
cookie = lcookie;
|
||
}
|
||
|
||
bare_arg = strcmp (option->option, "") == 0;
|
||
|
||
func = option->func;
|
||
if (! func)
|
||
{
|
||
if (bare_arg)
|
||
log_fatal ("Bare arguments unimplemented.\n");
|
||
else
|
||
log_fatal ("Unimplemented option: %s\n",
|
||
option->option);
|
||
}
|
||
|
||
consumed = func (bare_arg ? parent_option : argv[i],
|
||
argc - i - !bare_arg, &argv[i + !bare_arg],
|
||
cookie);
|
||
i += consumed;
|
||
if (bare_arg)
|
||
i --;
|
||
}
|
||
|
||
return i;
|
||
}
|
||
|
||
/* The keys, subkeys, user ids and user attributes in the order that
|
||
they were added. */
|
||
PACKET components[20];
|
||
/* The number of components. */
|
||
int ncomponents;
|
||
|
||
static int
|
||
add_component (int pkttype, void *component)
|
||
{
|
||
int i = ncomponents ++;
|
||
|
||
log_assert (i < sizeof (components) / sizeof (components[0]));
|
||
log_assert (pkttype == PKT_PUBLIC_KEY
|
||
|| pkttype == PKT_PUBLIC_SUBKEY
|
||
|| pkttype == PKT_SECRET_KEY
|
||
|| pkttype == PKT_SECRET_SUBKEY
|
||
|| pkttype == PKT_USER_ID
|
||
|| pkttype == PKT_ATTRIBUTE);
|
||
|
||
components[i].pkttype = pkttype;
|
||
components[i].pkt.generic = component;
|
||
|
||
return i;
|
||
}
|
||
|
||
static void
|
||
dump_component (PACKET *pkt)
|
||
{
|
||
struct kbnode_struct kbnode;
|
||
|
||
if (! do_debug)
|
||
return;
|
||
|
||
memset (&kbnode, 0, sizeof (kbnode));
|
||
kbnode.pkt = pkt;
|
||
dump_kbnode (&kbnode);
|
||
}
|
||
|
||
/* Returns the first primary key in COMPONENTS or NULL if there is
|
||
none. */
|
||
static PKT_public_key *
|
||
primary_key (void)
|
||
{
|
||
int i;
|
||
for (i = 0; i < ncomponents; i ++)
|
||
if (components[i].pkttype == PKT_PUBLIC_KEY)
|
||
return components[i].pkt.public_key;
|
||
return NULL;
|
||
}
|
||
|
||
/* The last session key (updated when adding a SK-ESK, PK-ESK or SED
|
||
packet. */
|
||
static DEK session_key;
|
||
|
||
static int user_id (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int public_key (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int sk_esk (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int pk_esk (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int encrypted (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int encrypted_pop (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int literal (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int signature (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
static int copy (const char *option, int argc, char *argv[],
|
||
void *cookie);
|
||
|
||
static struct option major_options[] = {
|
||
{ "--user-id", user_id, "Create a user id packet." },
|
||
{ "--public-key", public_key, "Create a public key packet." },
|
||
{ "--private-key", NULL, "Create a private key packet." },
|
||
{ "--public-subkey", public_key, "Create a subkey packet." },
|
||
{ "--private-subkey", NULL, "Create a private subkey packet." },
|
||
{ "--sk-esk", sk_esk,
|
||
"Create a symmetric-key encrypted session key packet." },
|
||
{ "--pk-esk", pk_esk,
|
||
"Create a public-key encrypted session key packet." },
|
||
{ "--encrypted", encrypted, "Create a symmetrically encrypted data packet." },
|
||
{ "--encrypted-mdc", encrypted,
|
||
"Create a symmetrically encrypted and integrity protected data packet." },
|
||
{ "--encrypted-pop", encrypted_pop,
|
||
"Pop the most recent encryption container started by either"
|
||
" --encrypted or --encrypted-mdc." },
|
||
{ "--compressed", NULL, "Create a compressed data packet." },
|
||
{ "--literal", literal, "Create a literal (plaintext) data packet." },
|
||
{ "--signature", signature, "Create a signature packet." },
|
||
{ "--onepass-sig", NULL, "Create a one-pass signature packet." },
|
||
{ "--copy", copy, "Copy the specified file." },
|
||
{ NULL, NULL,
|
||
"To get more information about a given command, use:\n\n"
|
||
" $ gpgcompose --command --help to list a command's options."},
|
||
};
|
||
|
||
static struct option global_options[] = {
|
||
{ NULL, NULL, NULL },
|
||
};
|
||
|
||
/* Make our lives easier and use a static limit for the user name.
|
||
10k is way more than enough anyways... */
|
||
const int user_id_max_len = 10 * 1024;
|
||
|
||
static int
|
||
user_id_name (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
PKT_user_id *uid = cookie;
|
||
int l;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s USER_ID\n", option);
|
||
|
||
if (uid->len)
|
||
log_fatal ("Attempt to set user id multiple times.\n");
|
||
|
||
l = strlen (argv[0]);
|
||
if (l > user_id_max_len)
|
||
log_fatal ("user id too long (max: %d)\n", user_id_max_len);
|
||
|
||
memcpy (uid->name, argv[0], l);
|
||
uid->name[l] = 0;
|
||
uid->len = l;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option user_id_options[] = {
|
||
{ "", user_id_name,
|
||
"Set the user id. This is usually in the format "
|
||
"\"Name (comment) <email@example.org>\"" },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --user-id \"USERID\" | " GPG_NAME " --list-packets" }
|
||
};
|
||
|
||
static int
|
||
user_id (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
gpg_error_t err;
|
||
PKT_user_id *uid = xmalloc_clear (sizeof (*uid) + user_id_max_len);
|
||
int c = add_component (PKT_USER_ID, uid);
|
||
int processed;
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
user_id_options, uid,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! uid->len)
|
||
log_fatal ("%s: user id not given", option);
|
||
|
||
err = build_packet (out, &components[c]);
|
||
if (err)
|
||
log_fatal ("Serializing user id packet: %s\n", gpg_strerror (err));
|
||
|
||
debug ("Wrote user id packet:\n");
|
||
dump_component (&components[c]);
|
||
|
||
return processed;
|
||
}
|
||
|
||
static int
|
||
pk_search_terms (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
KEYDB_HANDLE hd;
|
||
KEYDB_SEARCH_DESC desc;
|
||
kbnode_t kb;
|
||
PKT_public_key *pk = cookie;
|
||
PKT_public_key *pk_ref;
|
||
int i;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s KEYID\n", option);
|
||
|
||
if (pk->pubkey_algo)
|
||
log_fatal ("%s: multiple keys provided\n", option);
|
||
|
||
err = classify_user_id (argv[0], &desc, 0);
|
||
if (err)
|
||
log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
|
||
|
||
hd = keydb_new ();
|
||
|
||
err = keydb_search (hd, &desc, 1, NULL);
|
||
if (err)
|
||
log_fatal ("looking up '%s': %s\n", argv[0], gpg_strerror (err));
|
||
|
||
err = keydb_get_keyblock (hd, &kb);
|
||
if (err)
|
||
log_fatal ("retrieving keyblock for '%s': %s\n",
|
||
argv[0], gpg_strerror (err));
|
||
|
||
keydb_release (hd);
|
||
|
||
pk_ref = kb->pkt->pkt.public_key;
|
||
|
||
/* Copy the timestamp (if not already set), algo and public key
|
||
parameters. */
|
||
if (! pk->timestamp)
|
||
pk->timestamp = pk_ref->timestamp;
|
||
pk->pubkey_algo = pk_ref->pubkey_algo;
|
||
for (i = 0; i < pubkey_get_npkey (pk->pubkey_algo); i ++)
|
||
pk->pkey[i] = gcry_mpi_copy (pk_ref->pkey[i]);
|
||
|
||
release_kbnode (kb);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
pk_timestamp (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
PKT_public_key *pk = cookie;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s TIMESTAMP\n", option);
|
||
|
||
errno = 0;
|
||
pk->timestamp = parse_timestamp (argv[0], &tail);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
return 1;
|
||
}
|
||
|
||
#define TIMESTAMP_HELP \
|
||
"Either as seconds since the epoch or as an ISO 8601 formatted " \
|
||
"string (yyyymmddThhmmss, where the T is a literal)."
|
||
|
||
static struct option pk_options[] = {
|
||
{ "--timestamp", pk_timestamp,
|
||
"The creation time. " TIMESTAMP_HELP },
|
||
{ "", pk_search_terms,
|
||
"The key to copy the creation time and public key parameters from." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --public-key $KEYID --user-id \"USERID\" \\\n"
|
||
" | " GPG_NAME " --list-packets" }
|
||
};
|
||
|
||
static int
|
||
public_key (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
iobuf_t out = cookie;
|
||
PKT_public_key *pk;
|
||
int c;
|
||
int processed;
|
||
int t = (strcmp (option, "--public-key") == 0
|
||
? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY);
|
||
|
||
(void) option;
|
||
|
||
pk = xmalloc_clear (sizeof (*pk));
|
||
pk->version = 4;
|
||
|
||
c = add_component (t, pk);
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
pk_options, pk,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! pk->pubkey_algo)
|
||
log_fatal ("%s: key to extract public key parameters from not given",
|
||
option);
|
||
|
||
/* Clear the keyid in case we updated one of the relevant fields
|
||
after accessing it. */
|
||
pk->keyid[0] = pk->keyid[1] = 0;
|
||
|
||
err = build_packet (out, &components[c]);
|
||
if (err)
|
||
log_fatal ("serializing %s packet: %s\n",
|
||
t == PKT_PUBLIC_KEY ? "public key" : "subkey",
|
||
gpg_strerror (err));
|
||
|
||
debug ("Wrote %s packet:\n",
|
||
t == PKT_PUBLIC_KEY ? "public key" : "subkey");
|
||
dump_component (&components[c]);
|
||
|
||
return processed;
|
||
}
|
||
|
||
struct signinfo
|
||
{
|
||
/* Key with which to sign. */
|
||
kbnode_t issuer_kb;
|
||
PKT_public_key *issuer_pk;
|
||
|
||
/* Overrides the issuer's key id. */
|
||
u32 issuer_keyid[2];
|
||
/* Sets the issuer's keyid to the primary key's key id. */
|
||
int issuer_keyid_self;
|
||
|
||
/* Key to sign. */
|
||
PKT_public_key *pk;
|
||
/* Subkey to sign. */
|
||
PKT_public_key *sk;
|
||
/* User id to sign. */
|
||
PKT_user_id *uid;
|
||
|
||
int class;
|
||
int digest_algo;
|
||
u32 timestamp;
|
||
u32 key_expiration;
|
||
|
||
byte *cipher_algorithms;
|
||
int cipher_algorithms_len;
|
||
byte *digest_algorithms;
|
||
int digest_algorithms_len;
|
||
byte *compress_algorithms;
|
||
int compress_algorithms_len;
|
||
|
||
u32 expiration;
|
||
|
||
int exportable_set;
|
||
int exportable;
|
||
|
||
int revocable_set;
|
||
int revocable;
|
||
|
||
int trust_level_set;
|
||
byte trust_args[2];
|
||
|
||
char *trust_scope;
|
||
|
||
struct revocation_key *revocation_key;
|
||
int nrevocation_keys;
|
||
|
||
struct notation *notations;
|
||
|
||
byte *key_server_preferences;
|
||
int key_server_preferences_len;
|
||
|
||
char *key_server;
|
||
|
||
int primary_user_id_set;
|
||
int primary_user_id;
|
||
|
||
char *policy_uri;
|
||
|
||
byte *key_flags;
|
||
int key_flags_len;
|
||
|
||
char *signers_user_id;
|
||
|
||
byte reason_for_revocation_code;
|
||
char *reason_for_revocation;
|
||
|
||
byte *features;
|
||
int features_len;
|
||
|
||
/* Whether to corrupt the signature. */
|
||
int corrupt;
|
||
};
|
||
|
||
static int
|
||
sig_issuer (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
KEYDB_HANDLE hd;
|
||
KEYDB_SEARCH_DESC desc;
|
||
struct signinfo *si = cookie;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s KEYID\n", option);
|
||
|
||
if (si->issuer_pk)
|
||
log_fatal ("%s: multiple keys provided\n", option);
|
||
|
||
err = classify_user_id (argv[0], &desc, 0);
|
||
if (err)
|
||
log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
|
||
|
||
hd = keydb_new ();
|
||
|
||
err = keydb_search (hd, &desc, 1, NULL);
|
||
if (err)
|
||
log_fatal ("looking up '%s': %s\n", argv[0], gpg_strerror (err));
|
||
|
||
err = keydb_get_keyblock (hd, &si->issuer_kb);
|
||
if (err)
|
||
log_fatal ("retrieving keyblock for '%s': %s\n",
|
||
argv[0], gpg_strerror (err));
|
||
|
||
keydb_release (hd);
|
||
|
||
si->issuer_pk = si->issuer_kb->pkt->pkt.public_key;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_issuer_keyid (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
KEYDB_SEARCH_DESC desc;
|
||
struct signinfo *si = cookie;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s KEYID|self\n", option);
|
||
|
||
if (si->issuer_keyid[0] || si->issuer_keyid[1] || si->issuer_keyid_self)
|
||
log_fatal ("%s given multiple times.\n", option);
|
||
|
||
if (strcasecmp (argv[0], "self") == 0)
|
||
{
|
||
si->issuer_keyid_self = 1;
|
||
return 1;
|
||
}
|
||
|
||
err = classify_user_id (argv[0], &desc, 0);
|
||
if (err)
|
||
log_fatal ("search terms '%s': %s\n", argv[0], gpg_strerror (err));
|
||
|
||
if (desc.mode != KEYDB_SEARCH_MODE_LONG_KID)
|
||
log_fatal ("%s is not a valid long key id.\n", argv[0]);
|
||
|
||
keyid_copy (si->issuer_keyid, desc.u.kid);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_pk (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s COMPONENT_INDEX\n", option);
|
||
|
||
errno = 0;
|
||
i = strtoul (argv[0], &tail, 10);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
if (i >= ncomponents)
|
||
log_fatal ("%d: No such component (have %d components so far)\n",
|
||
i, ncomponents);
|
||
if (! (components[i].pkttype == PKT_PUBLIC_KEY
|
||
|| components[i].pkttype == PKT_PUBLIC_SUBKEY))
|
||
log_fatal ("Component %d is not a public key or a subkey.", i);
|
||
|
||
if (strcmp (option, "--pk") == 0)
|
||
{
|
||
if (si->pk)
|
||
log_fatal ("%s already given.\n", option);
|
||
si->pk = components[i].pkt.public_key;
|
||
}
|
||
else if (strcmp (option, "--sk") == 0)
|
||
{
|
||
if (si->sk)
|
||
log_fatal ("%s already given.\n", option);
|
||
si->sk = components[i].pkt.public_key;
|
||
}
|
||
else
|
||
log_fatal ("Cannot handle %s\n", option);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_user_id (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s COMPONENT_INDEX\n", option);
|
||
if (si->uid)
|
||
log_fatal ("%s already given.\n", option);
|
||
|
||
errno = 0;
|
||
i = strtoul (argv[0], &tail, 10);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
if (i >= ncomponents)
|
||
log_fatal ("%d: No such component (have %d components so far)\n",
|
||
i, ncomponents);
|
||
if (! (components[i].pkttype != PKT_USER_ID
|
||
|| components[i].pkttype == PKT_ATTRIBUTE))
|
||
log_fatal ("Component %d is not a public key or a subkey.", i);
|
||
|
||
si->uid = components[i].pkt.user_id;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_class (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s CLASS\n", option);
|
||
|
||
errno = 0;
|
||
i = strtoul (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
si->class = i;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_digest (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s DIGEST_ALGO\n", option);
|
||
|
||
errno = 0;
|
||
i = strtoul (argv[0], &tail, 10);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
si->digest_algo = i;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_timestamp (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s TIMESTAMP\n", option);
|
||
|
||
errno = 0;
|
||
si->timestamp = parse_timestamp (argv[0], &tail);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_expiration (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int is_expiration = strcmp (option, "--expiration") == 0;
|
||
u32 *i = is_expiration ? &si->expiration : &si->key_expiration;
|
||
|
||
if (! is_expiration)
|
||
log_assert (strcmp (option, "--key-expiration") == 0);
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s DURATION\n", option);
|
||
|
||
*i = parse_expire_string (argv[0]);
|
||
if (*i == (u32)-1)
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_int_list (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int nvalues = 1;
|
||
char *values = xmalloc (nvalues * sizeof (values[0]));
|
||
char *tail = argv[0];
|
||
int i;
|
||
byte **a;
|
||
int *n;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s VALUE[,VALUE...]\n", option);
|
||
|
||
for (i = 0; tail && *tail; i ++)
|
||
{
|
||
int v;
|
||
char *old_tail = tail;
|
||
|
||
errno = 0;
|
||
v = strtol (tail, &tail, 0);
|
||
if (errno || old_tail == tail || (tail && !(*tail == ',' || *tail == 0)))
|
||
log_fatal ("Invalid value passed to %s (%s). "
|
||
"Expected a list of comma separated numbers\n",
|
||
option, argv[0]);
|
||
|
||
if (! (0 <= v && v <= 255))
|
||
log_fatal ("%s: %d is out of range (Expected: 0-255)\n", option, v);
|
||
|
||
if (i == nvalues)
|
||
{
|
||
nvalues *= 2;
|
||
values = xrealloc (values, nvalues * sizeof (values[0]));
|
||
}
|
||
|
||
values[i] = v;
|
||
|
||
if (*tail == ',')
|
||
tail ++;
|
||
else
|
||
log_assert (*tail == 0);
|
||
}
|
||
|
||
if (strcmp ("--cipher-algos", option) == 0)
|
||
{
|
||
a = &si->cipher_algorithms;
|
||
n = &si->cipher_algorithms_len;
|
||
}
|
||
else if (strcmp ("--digest-algos", option) == 0)
|
||
{
|
||
a = &si->digest_algorithms;
|
||
n = &si->digest_algorithms_len;
|
||
}
|
||
else if (strcmp ("--compress-algos", option) == 0)
|
||
{
|
||
a = &si->compress_algorithms;
|
||
n = &si->compress_algorithms_len;
|
||
}
|
||
else
|
||
log_fatal ("Cannot handle %s\n", option);
|
||
|
||
if (*a)
|
||
log_fatal ("Option %s given multiple times.\n", option);
|
||
|
||
*a = values;
|
||
*n = i;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_flag (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int range[2] = {0, 255};
|
||
char *tail;
|
||
int v;
|
||
|
||
if (strcmp (option, "--primary-user-id") == 0)
|
||
range[1] = 1;
|
||
|
||
if (argc <= 1)
|
||
{
|
||
if (range[0] == 0 && range[1] == 1)
|
||
log_fatal ("Usage: %s 0|1\n", option);
|
||
else
|
||
log_fatal ("Usage: %s %d-%d\n", option, range[0], range[1]);
|
||
}
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail) || !(range[0] <= v && v <= range[1]))
|
||
log_fatal ("Invalid value passed to %s (%s). Expected %d-%d\n",
|
||
option, argv[0], range[0], range[1]);
|
||
|
||
if (strcmp (option, "--exportable") == 0)
|
||
{
|
||
si->exportable_set = 1;
|
||
si->exportable = v;
|
||
}
|
||
else if (strcmp (option, "--revocable") == 0)
|
||
{
|
||
si->revocable_set = 1;
|
||
si->revocable = v;
|
||
}
|
||
else if (strcmp (option, "--primary-user-id") == 0)
|
||
{
|
||
si->primary_user_id_set = 1;
|
||
si->primary_user_id = v;
|
||
}
|
||
else
|
||
log_fatal ("Cannot handle %s\n", option);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_trust_level (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
char *tail;
|
||
|
||
if (argc <= 1)
|
||
log_fatal ("Usage: %s DEPTH TRUST_AMOUNT\n", option);
|
||
|
||
for (i = 0; i < sizeof (si->trust_args) / sizeof (si->trust_args[0]); i ++)
|
||
{
|
||
int v;
|
||
|
||
errno = 0;
|
||
v = strtol (argv[i], &tail, 0);
|
||
if (errno || (tail && *tail) || !(0 <= v && v <= 255))
|
||
log_fatal ("Invalid value passed to %s (%s). Expected 0-255\n",
|
||
option, argv[i]);
|
||
|
||
si->trust_args[i] = v;
|
||
}
|
||
|
||
si->trust_level_set = 1;
|
||
|
||
return 2;
|
||
}
|
||
|
||
static int
|
||
sig_string_arg (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
char *p = argv[0];
|
||
char **s;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s STRING\n", option);
|
||
|
||
if (strcmp (option, "--trust-scope") == 0)
|
||
s = &si->trust_scope;
|
||
else if (strcmp (option, "--key-server") == 0)
|
||
s = &si->key_server;
|
||
else if (strcmp (option, "--signers-user-id") == 0)
|
||
s = &si->signers_user_id;
|
||
else if (strcmp (option, "--policy-uri") == 0)
|
||
s = &si->policy_uri;
|
||
else
|
||
log_fatal ("Cannot handle %s\n", option);
|
||
|
||
if (*s)
|
||
log_fatal ("%s already given.\n", option);
|
||
|
||
*s = xstrdup (p);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_revocation_key (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
struct signinfo *si = cookie;
|
||
int v;
|
||
char *tail;
|
||
PKT_public_key pk;
|
||
struct revocation_key *revkey;
|
||
|
||
if (argc < 2)
|
||
log_fatal ("Usage: %s CLASS KEYID\n", option);
|
||
|
||
memset (&pk, 0, sizeof (pk));
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 16);
|
||
if (errno || (tail && *tail) || !(0 <= v && v <= 255))
|
||
log_fatal ("%s: Invalid class value (%s). Expected 0-255\n",
|
||
option, argv[0]);
|
||
|
||
pk.req_usage = PUBKEY_USAGE_SIG;
|
||
err = get_pubkey_byname (NULL, NULL, &pk, argv[1], NULL, NULL, 1, 1);
|
||
if (err)
|
||
log_fatal ("looking up key %s: %s\n", argv[1], gpg_strerror (err));
|
||
|
||
si->nrevocation_keys ++;
|
||
si->revocation_key = xrealloc (si->revocation_key,
|
||
si->nrevocation_keys
|
||
* sizeof (*si->revocation_key));
|
||
revkey = &si->revocation_key[si->nrevocation_keys - 1];
|
||
|
||
revkey->class = v;
|
||
revkey->algid = pk.pubkey_algo;
|
||
fingerprint_from_pk (&pk, revkey->fpr, NULL);
|
||
|
||
release_public_key_parts (&pk);
|
||
|
||
return 2;
|
||
}
|
||
|
||
static int
|
||
sig_notation (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int is_blob = strcmp (option, "--notation") != 0;
|
||
struct notation *notation;
|
||
char *p = argv[0];
|
||
int p_free = 0;
|
||
char *data;
|
||
int data_size;
|
||
int data_len;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s [!<]name=value\n", option);
|
||
|
||
if ((p[0] == '!' && p[1] == '<') || p[0] == '<')
|
||
/* Read from a file. */
|
||
{
|
||
char *filename = NULL;
|
||
iobuf_t in;
|
||
int prefix;
|
||
|
||
if (p[0] == '<')
|
||
p ++;
|
||
else
|
||
{
|
||
/* Remove the '<', which string_to_notation does not
|
||
understand, and preserve the '!'. */
|
||
p = xstrdup (&p[1]);
|
||
p_free = 1;
|
||
p[0] = '!';
|
||
}
|
||
|
||
filename = strchr (p, '=');
|
||
if (! filename)
|
||
log_fatal ("No value specified. Usage: %s [!<]name=value\n",
|
||
option);
|
||
filename ++;
|
||
|
||
prefix = (size_t) filename - (size_t) p;
|
||
|
||
errno = 0;
|
||
in = iobuf_open (filename);
|
||
if (! in)
|
||
log_fatal ("Opening '%s': %s\n",
|
||
filename, errno ? strerror (errno): "unknown error");
|
||
|
||
/* A notation can be at most about a few dozen bytes short of
|
||
64k. Since this is relatively small, we just allocate that
|
||
much instead of trying to dynamically size a buffer. */
|
||
data_size = 64 * 1024;
|
||
data = xmalloc (data_size);
|
||
log_assert (prefix <= data_size);
|
||
memcpy (data, p, prefix);
|
||
|
||
data_len = iobuf_read (in, &data[prefix], data_size - prefix - 1);
|
||
if (data_len == -1)
|
||
/* EOF => 0 bytes read. */
|
||
data_len = 0;
|
||
|
||
if (data_len == data_size - prefix - 1)
|
||
/* Technically, we should do another read and check for EOF,
|
||
but what's one byte more or less? */
|
||
log_fatal ("Notation data doesn't fit in the packet.\n");
|
||
|
||
iobuf_close (in);
|
||
|
||
/* NUL terminate it. */
|
||
data[prefix + data_len] = 0;
|
||
|
||
if (p_free)
|
||
xfree (p);
|
||
p = data;
|
||
p_free = 1;
|
||
data = &p[prefix];
|
||
|
||
if (is_blob)
|
||
p[prefix - 1] = 0;
|
||
}
|
||
else if (is_blob)
|
||
{
|
||
data = strchr (p, '=');
|
||
if (! data)
|
||
{
|
||
data = p;
|
||
data_len = 0;
|
||
}
|
||
else
|
||
{
|
||
p = xstrdup (p);
|
||
p_free = 1;
|
||
|
||
data = strchr (p, '=');
|
||
log_assert (data);
|
||
|
||
/* NUL terminate the name. */
|
||
*data = 0;
|
||
data ++;
|
||
data_len = strlen (data);
|
||
}
|
||
}
|
||
|
||
if (is_blob)
|
||
notation = blob_to_notation (p, data, data_len);
|
||
else
|
||
notation = string_to_notation (p, 1);
|
||
if (! notation)
|
||
log_fatal ("creating notation: an unknown error occurred.\n");
|
||
notation->next = si->notations;
|
||
si->notations = notation;
|
||
|
||
if (p_free)
|
||
xfree (p);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_big_endian_arg (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
char *p = argv[0];
|
||
int i;
|
||
int l;
|
||
char *bytes;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s HEXDIGITS\n", option);
|
||
|
||
/* Skip a leading "0x". */
|
||
if (p[0] == '0' && p[1] == 'x')
|
||
p += 2;
|
||
|
||
for (i = 0; i < strlen (p); i ++)
|
||
if (!hexdigitp (&p[i]))
|
||
log_fatal ("%s: argument ('%s') must consist of hex digits.\n",
|
||
option, p);
|
||
if (strlen (p) % 2 != 0)
|
||
log_fatal ("%s: argument ('%s') must contain an even number of hex digits.\n",
|
||
option, p);
|
||
|
||
l = strlen (p) / 2;
|
||
bytes = xmalloc (l);
|
||
hex2bin (p, bytes, l);
|
||
|
||
if (strcmp (option, "--key-server-preferences") == 0)
|
||
{
|
||
if (si->key_server_preferences)
|
||
log_fatal ("%s given multiple times.\n", option);
|
||
si->key_server_preferences = bytes;
|
||
si->key_server_preferences_len = l;
|
||
}
|
||
else if (strcmp (option, "--key-flags") == 0)
|
||
{
|
||
if (si->key_flags)
|
||
log_fatal ("%s given multiple times.\n", option);
|
||
si->key_flags = bytes;
|
||
si->key_flags_len = l;
|
||
}
|
||
else if (strcmp (option, "--features") == 0)
|
||
{
|
||
if (si->features)
|
||
log_fatal ("%s given multiple times.\n", option);
|
||
si->features = bytes;
|
||
si->features_len = l;
|
||
}
|
||
else
|
||
log_fatal ("Cannot handle %s\n", option);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sig_reason_for_revocation (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int v;
|
||
char *tail;
|
||
|
||
if (argc < 2)
|
||
log_fatal ("Usage: %s REASON_CODE REASON_STRING\n", option);
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 16);
|
||
if (errno || (tail && *tail) || !(0 <= v && v <= 255))
|
||
log_fatal ("%s: Invalid reason code (%s). Expected 0-255\n",
|
||
option, argv[0]);
|
||
|
||
if (si->reason_for_revocation)
|
||
log_fatal ("%s given multiple times.\n", option);
|
||
|
||
si->reason_for_revocation_code = v;
|
||
si->reason_for_revocation = xstrdup (argv[1]);
|
||
|
||
return 2;
|
||
}
|
||
|
||
static int
|
||
sig_corrupt (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
|
||
(void) option;
|
||
(void) argc;
|
||
(void) argv;
|
||
(void) cookie;
|
||
|
||
si->corrupt = 1;
|
||
|
||
return 0;
|
||
}
|
||
|
||
static struct option sig_options[] = {
|
||
{ "--issuer", sig_issuer,
|
||
"The key to use to generate the signature."},
|
||
{ "--issuer-keyid", sig_issuer_keyid,
|
||
"Set the issuer's key id. This is useful for creating a "
|
||
"self-signature. As a special case, the value \"self\" refers "
|
||
"to the primary key's key id. "
|
||
"(RFC 4880, Section 5.2.3.5)" },
|
||
{ "--pk", sig_pk,
|
||
"The primary keyas an index into the components (keys and uids) "
|
||
"created so far where the first component has the index 0." },
|
||
{ "--sk", sig_pk,
|
||
"The subkey as an index into the components (keys and uids) created "
|
||
"so far where the first component has the index 0. Only needed for "
|
||
"0x18, 0x19, and 0x28 signatures." },
|
||
{ "--user-id", sig_user_id,
|
||
"The user id as an index into the components (keys and uids) created "
|
||
"so far where the first component has the index 0. Only needed for "
|
||
"0x10-0x13 and 0x30 signatures." },
|
||
{ "--class", sig_class,
|
||
"The signature's class. Valid values are "
|
||
"0x10-0x13 (user id and primary-key certification), "
|
||
"0x18 (subkey binding), "
|
||
"0x19 (primary key binding), "
|
||
"0x1f (direct primary key signature), "
|
||
"0x20 (key revocation), "
|
||
"0x28 (subkey revocation), and "
|
||
"0x30 (certification revocation)."
|
||
},
|
||
{ "--digest", sig_digest, "The digest algorithm" },
|
||
{ "--timestamp", sig_timestamp,
|
||
"The signature's creation time. " TIMESTAMP_HELP " 0 means now. "
|
||
"(RFC 4880, Section 5.2.3.4)" },
|
||
{ "--key-expiration", sig_expiration,
|
||
"The number of days until the associated key expires. To specify "
|
||
"seconds, prefix the value with \"seconds=\". It is also possible "
|
||
"to use 'y', 'm' and 'w' as simple multipliers. For instance, 2y "
|
||
"means 2 years, etc. "
|
||
"(RFC 4880, Section 5.2.3.6)" },
|
||
{ "--cipher-algos", sig_int_list,
|
||
"A comma separated list of the preferred cipher algorithms (identified by "
|
||
"their number, see RFC 4880, Section 9). "
|
||
"(RFC 4880, Section 5.2.3.7)" },
|
||
{ "--digest-algos", sig_int_list,
|
||
"A comma separated list of the preferred algorithms (identified by "
|
||
"their number, see RFC 4880, Section 9). "
|
||
"(RFC 4880, Section 5.2.3.8)" },
|
||
{ "--compress-algos", sig_int_list,
|
||
"A comma separated list of the preferred algorithms (identified by "
|
||
"their number, see RFC 4880, Section 9)."
|
||
"(RFC 4880, Section 5.2.3.9)" },
|
||
{ "--expiration", sig_expiration,
|
||
"The number of days until the signature expires. To specify seconds, "
|
||
"prefix the value with \"seconds=\". It is also possible to use 'y', "
|
||
"'m' and 'w' as simple multipliers. For instance, 2y means 2 years, "
|
||
"etc. "
|
||
"(RFC 4880, Section 5.2.3.10)" },
|
||
{ "--exportable", sig_flag,
|
||
"Mark this signature as exportable (1) or local (0). "
|
||
"(RFC 4880, Section 5.2.3.11)" },
|
||
{ "--revocable", sig_flag,
|
||
"Mark this signature as revocable (1, revocations are ignored) "
|
||
"or non-revocable (0). "
|
||
"(RFC 4880, Section 5.2.3.12)" },
|
||
{ "--trust-level", sig_trust_level,
|
||
"Set the trust level. This takes two integer arguments (0-255): "
|
||
"the trusted-introducer level and the degree of trust. "
|
||
"(RFC 4880, Section 5.2.3.13.)" },
|
||
{ "--trust-scope", sig_string_arg,
|
||
"A regular expression that limits the scope of --trust-level. "
|
||
"(RFC 4880, Section 5.2.3.14.)" },
|
||
{ "--revocation-key", sig_revocation_key,
|
||
"Specify a designated revoker. Takes two arguments: the class "
|
||
"(normally 0x80 or 0xC0 (sensitive)) and the key id of the "
|
||
"designatured revoker. May be given multiple times. "
|
||
"(RFC 4880, Section 5.2.3.15)" },
|
||
{ "--notation", sig_notation,
|
||
"Add a human-readable notation of the form \"[!<]name=value\" where "
|
||
"\"!\" means that the critical flag should be set and \"<\" means "
|
||
"that VALUE is a file to read the data from. "
|
||
"(RFC 4880, Section 5.2.3.16)" },
|
||
{ "--notation-binary", sig_notation,
|
||
"Add a binary notation of the form \"[!<]name=value\" where "
|
||
"\"!\" means that the critical flag should be set and \"<\" means "
|
||
"that VALUE is a file to read the data from. "
|
||
"(RFC 4880, Section 5.2.3.16)" },
|
||
{ "--key-server-preferences", sig_big_endian_arg,
|
||
"Big-endian number encoding the keyserver preferences. "
|
||
"(RFC 4880, Section 5.2.3.17)" },
|
||
{ "--key-server", sig_string_arg,
|
||
"The preferred keyserver. (RFC 4880, Section 5.2.3.18)" },
|
||
{ "--primary-user-id", sig_flag,
|
||
"Sets the primary user id flag. (RFC 4880, Section 5.2.3.19)" },
|
||
{ "--policy-uri", sig_string_arg,
|
||
"URI of a document that describes the issuer's signing policy. "
|
||
"(RFC 4880, Section 5.2.3.20)" },
|
||
{ "--key-flags", sig_big_endian_arg,
|
||
"Big-endian number encoding the key flags. "
|
||
"(RFC 4880, Section 5.2.3.21)" },
|
||
{ "--signers-user-id", sig_string_arg,
|
||
"The user id (as a string) responsible for the signing. "
|
||
"(RFC 4880, Section 5.2.3.22)" },
|
||
{ "--reason-for-revocation", sig_reason_for_revocation,
|
||
"Takes two arguments: a reason for revocation code and a "
|
||
"user-provided string. "
|
||
"(RFC 4880, Section 5.2.3.23)" },
|
||
{ "--features", sig_big_endian_arg,
|
||
"Big-endian number encoding the feature flags. "
|
||
"(RFC 4880, Section 5.2.3.24)" },
|
||
{ "--signature-target", NULL,
|
||
"Takes three arguments: the target signature's public key algorithm "
|
||
" (as an integer), the hash algorithm (as an integer) and the hash "
|
||
" (as a hexadecimal string). "
|
||
"(RFC 4880, Section 5.2.3.25)" },
|
||
{ "--embedded-signature", NULL,
|
||
"An embedded signature. This must be immediately followed by a "
|
||
"signature packet (created using --signature ...) or a filename "
|
||
"containing the packet."
|
||
"(RFC 4880, Section 5.2.3.26)" },
|
||
{ "--hashed", NULL,
|
||
"The following attributes will be placed in the hashed area of "
|
||
"the signature. (This is the default and it reset at the end of"
|
||
"each signature.)" },
|
||
{ "--unhashed", NULL,
|
||
"The following attributes will be placed in the unhashed area of "
|
||
"the signature (and thus not integrity protected)." },
|
||
{ "--corrupt", sig_corrupt,
|
||
"Corrupt the signature." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --public-key $KEYID --user-id USERID \\\n"
|
||
" --signature --class 0x10 --issuer $KEYID --issuer-keyid self \\\n"
|
||
" | " GPG_NAME " --list-packets"}
|
||
};
|
||
|
||
static int
|
||
mksubpkt_callback (PKT_signature *sig, void *cookie)
|
||
{
|
||
struct signinfo *si = cookie;
|
||
int i;
|
||
|
||
if (si->key_expiration)
|
||
{
|
||
char buf[4];
|
||
buf[0] = (si->key_expiration >> 24) & 0xff;
|
||
buf[1] = (si->key_expiration >> 16) & 0xff;
|
||
buf[2] = (si->key_expiration >> 8) & 0xff;
|
||
buf[3] = si->key_expiration & 0xff;
|
||
build_sig_subpkt (sig, SIGSUBPKT_KEY_EXPIRE, buf, 4);
|
||
}
|
||
|
||
if (si->cipher_algorithms)
|
||
build_sig_subpkt (sig, SIGSUBPKT_PREF_SYM,
|
||
si->cipher_algorithms,
|
||
si->cipher_algorithms_len);
|
||
|
||
if (si->digest_algorithms)
|
||
build_sig_subpkt (sig, SIGSUBPKT_PREF_HASH,
|
||
si->digest_algorithms,
|
||
si->digest_algorithms_len);
|
||
|
||
if (si->compress_algorithms)
|
||
build_sig_subpkt (sig, SIGSUBPKT_PREF_COMPR,
|
||
si->compress_algorithms,
|
||
si->compress_algorithms_len);
|
||
|
||
if (si->exportable_set)
|
||
{
|
||
char buf = si->exportable;
|
||
build_sig_subpkt (sig, SIGSUBPKT_EXPORTABLE, &buf, 1);
|
||
}
|
||
|
||
if (si->trust_level_set)
|
||
build_sig_subpkt (sig, SIGSUBPKT_TRUST,
|
||
si->trust_args, sizeof (si->trust_args));
|
||
|
||
if (si->trust_scope)
|
||
build_sig_subpkt (sig, SIGSUBPKT_REGEXP,
|
||
si->trust_scope, strlen (si->trust_scope));
|
||
|
||
for (i = 0; i < si->nrevocation_keys; i ++)
|
||
{
|
||
struct revocation_key *revkey = &si->revocation_key[i];
|
||
gpg_error_t err = keygen_add_revkey (sig, revkey);
|
||
if (err)
|
||
{
|
||
u32 keyid[2];
|
||
keyid_from_fingerprint (global_ctrl, revkey->fpr, 20, keyid);
|
||
log_fatal ("adding revocation key %s: %s\n",
|
||
keystr (keyid), gpg_strerror (err));
|
||
}
|
||
}
|
||
|
||
/* keygen_add_revkey sets revocable=0 so be sure to do this after
|
||
adding the rev keys. */
|
||
if (si->revocable_set)
|
||
{
|
||
char buf = si->revocable;
|
||
build_sig_subpkt (sig, SIGSUBPKT_REVOCABLE, &buf, 1);
|
||
}
|
||
|
||
keygen_add_notations (sig, si->notations);
|
||
|
||
if (si->key_server_preferences)
|
||
build_sig_subpkt (sig, SIGSUBPKT_KS_FLAGS,
|
||
si->key_server_preferences,
|
||
si->key_server_preferences_len);
|
||
|
||
if (si->key_server)
|
||
build_sig_subpkt (sig, SIGSUBPKT_PREF_KS,
|
||
si->key_server, strlen (si->key_server));
|
||
|
||
if (si->primary_user_id_set)
|
||
{
|
||
char buf = si->primary_user_id;
|
||
build_sig_subpkt (sig, SIGSUBPKT_PRIMARY_UID, &buf, 1);
|
||
}
|
||
|
||
if (si->policy_uri)
|
||
build_sig_subpkt (sig, SIGSUBPKT_POLICY,
|
||
si->policy_uri, strlen (si->policy_uri));
|
||
|
||
if (si->key_flags)
|
||
build_sig_subpkt (sig, SIGSUBPKT_KEY_FLAGS,
|
||
si->key_flags, si->key_flags_len);
|
||
|
||
if (si->signers_user_id)
|
||
build_sig_subpkt (sig, SIGSUBPKT_SIGNERS_UID,
|
||
si->signers_user_id, strlen (si->signers_user_id));
|
||
|
||
if (si->reason_for_revocation)
|
||
{
|
||
int len = 1 + strlen (si->reason_for_revocation);
|
||
char *buf;
|
||
|
||
buf = xmalloc (len);
|
||
|
||
buf[0] = si->reason_for_revocation_code;
|
||
memcpy (&buf[1], si->reason_for_revocation, len - 1);
|
||
|
||
build_sig_subpkt (sig, SIGSUBPKT_REVOC_REASON, buf, len);
|
||
|
||
xfree (buf);
|
||
}
|
||
|
||
if (si->features)
|
||
build_sig_subpkt (sig, SIGSUBPKT_FEATURES,
|
||
si->features, si->features_len);
|
||
|
||
return 0;
|
||
}
|
||
|
||
static int
|
||
signature (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
gpg_error_t err;
|
||
iobuf_t out = cookie;
|
||
struct signinfo si;
|
||
int processed;
|
||
PKT_public_key *pk;
|
||
PKT_signature *sig;
|
||
PACKET pkt;
|
||
u32 keyid_orig[2], keyid[2];
|
||
|
||
(void) option;
|
||
|
||
memset (&si, 0, sizeof (si));
|
||
memset (&pkt, 0, sizeof (pkt));
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
sig_options, &si,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (ncomponents)
|
||
{
|
||
int pkttype = components[ncomponents - 1].pkttype;
|
||
|
||
if (pkttype == PKT_PUBLIC_KEY)
|
||
{
|
||
if (! si.class)
|
||
/* Direct key sig. */
|
||
si.class = 0x1F;
|
||
}
|
||
else if (pkttype == PKT_PUBLIC_SUBKEY)
|
||
{
|
||
if (! si.sk)
|
||
si.sk = components[ncomponents - 1].pkt.public_key;
|
||
if (! si.class)
|
||
/* Subkey binding sig. */
|
||
si.class = 0x18;
|
||
}
|
||
else if (pkttype == PKT_USER_ID)
|
||
{
|
||
if (! si.uid)
|
||
si.uid = components[ncomponents - 1].pkt.user_id;
|
||
if (! si.class)
|
||
/* Certification of a user id and public key packet. */
|
||
si.class = 0x10;
|
||
}
|
||
}
|
||
|
||
pk = NULL;
|
||
if (! si.pk || ! si.issuer_pk)
|
||
/* No primary key specified. Default to the first one that we
|
||
find. */
|
||
{
|
||
int i;
|
||
for (i = 0; i < ncomponents; i ++)
|
||
if (components[i].pkttype == PKT_PUBLIC_KEY)
|
||
{
|
||
pk = components[i].pkt.public_key;
|
||
break;
|
||
}
|
||
}
|
||
|
||
if (! si.pk)
|
||
{
|
||
if (! pk)
|
||
log_fatal ("%s: no primary key given and no primary key available",
|
||
"--pk");
|
||
si.pk = pk;
|
||
}
|
||
if (! si.issuer_pk)
|
||
{
|
||
if (! pk)
|
||
log_fatal ("%s: no issuer key given and no primary key available",
|
||
"--issuer");
|
||
si.issuer_pk = pk;
|
||
}
|
||
|
||
if (si.class == 0x18 || si.class == 0x19 || si.class == 0x28)
|
||
/* Requires the primary key and a subkey. */
|
||
{
|
||
if (! si.sk)
|
||
log_fatal ("sig class 0x%x requires a subkey (--sk)\n", si.class);
|
||
}
|
||
else if (si.class == 0x10
|
||
|| si.class == 0x11
|
||
|| si.class == 0x12
|
||
|| si.class == 0x13
|
||
|| si.class == 0x30)
|
||
/* Requires the primary key and a user id. */
|
||
{
|
||
if (! si.uid)
|
||
log_fatal ("sig class 0x%x requires a uid (--uid)\n", si.class);
|
||
}
|
||
else if (si.class == 0x1F || si.class == 0x20)
|
||
/* Just requires the primary key. */
|
||
;
|
||
else
|
||
log_fatal ("Unsupported signature class: 0x%x\n", si.class);
|
||
|
||
sig = xmalloc_clear (sizeof (*sig));
|
||
|
||
/* Save SI.ISSUER_PK->KEYID. */
|
||
keyid_copy (keyid_orig, pk_keyid (si.issuer_pk));
|
||
if (si.issuer_keyid[0] || si.issuer_keyid[1])
|
||
keyid_copy (si.issuer_pk->keyid, si.issuer_keyid);
|
||
else if (si.issuer_keyid_self)
|
||
{
|
||
PKT_public_key *pripk = primary_key();
|
||
if (! pripk)
|
||
log_fatal ("--issuer-keyid self given, but no primary key available.\n");
|
||
keyid_copy (si.issuer_pk->keyid, pk_keyid (pripk));
|
||
}
|
||
|
||
/* The reuse of core gpg stuff by this tool is questionable when it
|
||
* requires adding extra code to the actual gpg code. It does not
|
||
* make sense to pass an extra parameter and in particular not given
|
||
* that gpg already has opt.cert_digest_algo to override it. */
|
||
if (si.digest_algo)
|
||
log_info ("note: digest algo can't be passed to make_keysig_packet\n");
|
||
|
||
/* Changing the issuer's key id is fragile. Check to make sure
|
||
make_keysig_packet didn't recompute the keyid. */
|
||
keyid_copy (keyid, si.issuer_pk->keyid);
|
||
err = make_keysig_packet (global_ctrl,
|
||
&sig, si.pk, si.uid, si.sk, si.issuer_pk,
|
||
si.class,
|
||
si.timestamp, si.expiration,
|
||
mksubpkt_callback, &si, NULL);
|
||
log_assert (keyid_cmp (keyid, si.issuer_pk->keyid) == 0);
|
||
if (err)
|
||
log_fatal ("Generating signature: %s\n", gpg_strerror (err));
|
||
|
||
/* Restore SI.PK->KEYID. */
|
||
keyid_copy (si.issuer_pk->keyid, keyid_orig);
|
||
|
||
if (si.corrupt)
|
||
{
|
||
/* Set the top 32-bits to 0xBAD0DEAD. */
|
||
int bits = gcry_mpi_get_nbits (sig->data[0]);
|
||
gcry_mpi_t x = gcry_mpi_new (0);
|
||
gcry_mpi_add_ui (x, x, 0xBAD0DEAD);
|
||
gcry_mpi_lshift (x, x, bits > 32 ? bits - 32 : bits);
|
||
gcry_mpi_clear_highbit (sig->data[0], bits > 32 ? bits - 32 : 0);
|
||
gcry_mpi_add (sig->data[0], sig->data[0], x);
|
||
gcry_mpi_release (x);
|
||
}
|
||
|
||
pkt.pkttype = PKT_SIGNATURE;
|
||
pkt.pkt.signature = sig;
|
||
|
||
err = build_packet (out, &pkt);
|
||
if (err)
|
||
log_fatal ("serializing public key packet: %s\n", gpg_strerror (err));
|
||
|
||
debug ("Wrote signature packet:\n");
|
||
dump_component (&pkt);
|
||
|
||
free_seckey_enc (sig);
|
||
release_kbnode (si.issuer_kb);
|
||
xfree (si.revocation_key);
|
||
|
||
return processed;
|
||
}
|
||
|
||
struct sk_esk_info
|
||
{
|
||
/* The cipher used for encrypting the session key (when a session
|
||
key is used). */
|
||
int cipher;
|
||
/* The cipher used for encryping the SED packet. */
|
||
int sed_cipher;
|
||
|
||
/* S2K related data. */
|
||
int hash;
|
||
int mode;
|
||
int mode_set;
|
||
byte salt[8];
|
||
int salt_set;
|
||
int iterations;
|
||
|
||
/* If applying the S2K function to the passphrase is the session key
|
||
or if it is the decryption key for the session key. */
|
||
int s2k_is_session_key;
|
||
/* Generate a new, random session key. */
|
||
int new_session_key;
|
||
|
||
/* The unencrypted session key. */
|
||
int session_key_len;
|
||
char *session_key;
|
||
|
||
char *password;
|
||
};
|
||
|
||
static int
|
||
sk_esk_cipher (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "integer|IDEA|3DES|CAST5|BLOWFISH|AES|AES192|AES256|CAMELLIA128|CAMELLIA192|CAMELLIA256";
|
||
int cipher;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (strcasecmp (argv[0], "IDEA") == 0)
|
||
cipher = CIPHER_ALGO_IDEA;
|
||
else if (strcasecmp (argv[0], "3DES") == 0)
|
||
cipher = CIPHER_ALGO_3DES;
|
||
else if (strcasecmp (argv[0], "CAST5") == 0)
|
||
cipher = CIPHER_ALGO_CAST5;
|
||
else if (strcasecmp (argv[0], "BLOWFISH") == 0)
|
||
cipher = CIPHER_ALGO_BLOWFISH;
|
||
else if (strcasecmp (argv[0], "AES") == 0)
|
||
cipher = CIPHER_ALGO_AES;
|
||
else if (strcasecmp (argv[0], "AES192") == 0)
|
||
cipher = CIPHER_ALGO_AES192;
|
||
else if (strcasecmp (argv[0], "TWOFISH") == 0)
|
||
cipher = CIPHER_ALGO_TWOFISH;
|
||
else if (strcasecmp (argv[0], "CAMELLIA128") == 0)
|
||
cipher = CIPHER_ALGO_CAMELLIA128;
|
||
else if (strcasecmp (argv[0], "CAMELLIA192") == 0)
|
||
cipher = CIPHER_ALGO_CAMELLIA192;
|
||
else if (strcasecmp (argv[0], "CAMELLIA256") == 0)
|
||
cipher = CIPHER_ALGO_CAMELLIA256;
|
||
else
|
||
{
|
||
char *tail;
|
||
int v;
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail) || ! valid_cipher (v))
|
||
log_fatal ("Invalid or unsupported value. Usage: %s %s\n",
|
||
option, usage);
|
||
|
||
cipher = v;
|
||
}
|
||
|
||
if (strcmp (option, "--cipher") == 0)
|
||
{
|
||
if (si->cipher)
|
||
log_fatal ("%s given multiple times.", option);
|
||
si->cipher = cipher;
|
||
}
|
||
else if (strcmp (option, "--sed-cipher") == 0)
|
||
{
|
||
if (si->sed_cipher)
|
||
log_fatal ("%s given multiple times.", option);
|
||
si->sed_cipher = cipher;
|
||
}
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_mode (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "integer|simple|salted|iterated";
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (si->mode)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (strcasecmp (argv[0], "simple") == 0)
|
||
si->mode = 0;
|
||
else if (strcasecmp (argv[0], "salted") == 0)
|
||
si->mode = 1;
|
||
else if (strcasecmp (argv[0], "iterated") == 0)
|
||
si->mode = 3;
|
||
else
|
||
{
|
||
char *tail;
|
||
int v;
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail) || ! (v == 0 || v == 1 || v == 3))
|
||
log_fatal ("Invalid or unsupported value. Usage: %s %s\n",
|
||
option, usage);
|
||
|
||
si->mode = v;
|
||
}
|
||
|
||
si->mode_set = 1;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_hash_algorithm (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "integer|MD5|SHA1|RMD160|SHA256|SHA384|SHA512|SHA224";
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (si->hash)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (strcasecmp (argv[0], "MD5") == 0)
|
||
si->hash = DIGEST_ALGO_MD5;
|
||
else if (strcasecmp (argv[0], "SHA1") == 0)
|
||
si->hash = DIGEST_ALGO_SHA1;
|
||
else if (strcasecmp (argv[0], "RMD160") == 0)
|
||
si->hash = DIGEST_ALGO_RMD160;
|
||
else if (strcasecmp (argv[0], "SHA256") == 0)
|
||
si->hash = DIGEST_ALGO_SHA256;
|
||
else if (strcasecmp (argv[0], "SHA384") == 0)
|
||
si->hash = DIGEST_ALGO_SHA384;
|
||
else if (strcasecmp (argv[0], "SHA512") == 0)
|
||
si->hash = DIGEST_ALGO_SHA512;
|
||
else if (strcasecmp (argv[0], "SHA224") == 0)
|
||
si->hash = DIGEST_ALGO_SHA224;
|
||
else
|
||
{
|
||
char *tail;
|
||
int v;
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail)
|
||
|| ! (v == DIGEST_ALGO_MD5
|
||
|| v == DIGEST_ALGO_SHA1
|
||
|| v == DIGEST_ALGO_RMD160
|
||
|| v == DIGEST_ALGO_SHA256
|
||
|| v == DIGEST_ALGO_SHA384
|
||
|| v == DIGEST_ALGO_SHA512
|
||
|| v == DIGEST_ALGO_SHA224))
|
||
log_fatal ("Invalid or unsupported value. Usage: %s %s\n",
|
||
option, usage);
|
||
|
||
si->hash = v;
|
||
}
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_salt (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "16-HEX-CHARACTERS";
|
||
char *p = argv[0];
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (si->salt_set)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (p[0] == '0' && p[1] == 'x')
|
||
p += 2;
|
||
|
||
if (strlen (p) != 16)
|
||
log_fatal ("%s: Salt must be exactly 16 hexadecimal characters (have: %zd)\n",
|
||
option, strlen (p));
|
||
|
||
if (hex2bin (p, si->salt, sizeof (si->salt)) == -1)
|
||
log_fatal ("%s: Salt must only contain hexadecimal characters\n",
|
||
option);
|
||
|
||
si->salt_set = 1;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_iterations (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "ITERATION-COUNT";
|
||
char *tail;
|
||
int v;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail) || v < 0)
|
||
log_fatal ("%s: Non-negative integer expected.\n", option);
|
||
|
||
si->iterations = v;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_session_key (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "HEX-CHARACTERS|auto|none";
|
||
char *p = argv[0];
|
||
struct session_key sk;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (si->session_key || si->s2k_is_session_key
|
||
|| si->new_session_key)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (strcasecmp (p, "none") == 0)
|
||
{
|
||
si->s2k_is_session_key = 1;
|
||
return 1;
|
||
}
|
||
if (strcasecmp (p, "new") == 0)
|
||
{
|
||
si->new_session_key = 1;
|
||
return 1;
|
||
}
|
||
if (strcasecmp (p, "auto") == 0)
|
||
return 1;
|
||
|
||
sk = parse_session_key (option, p, 0);
|
||
|
||
if (si->session_key)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (sk.algo)
|
||
si->sed_cipher = sk.algo;
|
||
|
||
si->session_key_len = sk.keylen;
|
||
si->session_key = sk.key;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
sk_esk_password (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct sk_esk_info *si = cookie;
|
||
char *usage = "PASSWORD";
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: --sk-esk %s\n", usage);
|
||
|
||
if (si->password)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
si->password = xstrdup (argv[0]);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option sk_esk_options[] = {
|
||
{ "--cipher", sk_esk_cipher,
|
||
"The encryption algorithm for encrypting the session key. "
|
||
"One of IDEA, 3DES, CAST5, BLOWFISH, AES (default), AES192, "
|
||
"AES256, TWOFISH, CAMELLIA128, CAMELLIA192, or CAMELLIA256." },
|
||
{ "--sed-cipher", sk_esk_cipher,
|
||
"The encryption algorithm for encrypting the SED packet. "
|
||
"One of IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, "
|
||
"AES256 (default), TWOFISH, CAMELLIA128, CAMELLIA192, or CAMELLIA256." },
|
||
{ "--mode", sk_esk_mode,
|
||
"The S2K mode. Either one of the strings \"simple\", \"salted\" "
|
||
"or \"iterated\" or an integer." },
|
||
{ "--hash", sk_esk_hash_algorithm,
|
||
"The hash algorithm to used to derive the key. One of "
|
||
"MD5, SHA1 (default), RMD160, SHA256, SHA384, SHA512, or SHA224." },
|
||
{ "--salt", sk_esk_salt,
|
||
"The S2K salt encoded as 16 hexadecimal characters. One needed "
|
||
"if the S2K function is in salted or iterated mode." },
|
||
{ "--iterations", sk_esk_iterations,
|
||
"The iteration count. If not provided, a reasonable value is chosen. "
|
||
"Note: due to the encoding scheme, not every value is valid. For "
|
||
"convenience, the provided value will be rounded appropriately. "
|
||
"Only needed if the S2K function is in iterated mode." },
|
||
{ "--session-key", sk_esk_session_key,
|
||
"The session key to be encrypted by the S2K function as a hexadecimal "
|
||
"string. If this is \"new\", then a new session key is generated."
|
||
"If this is \"auto\", then either the last session key is "
|
||
"used, if the was none, one is generated. If this is \"none\", then "
|
||
"the session key is the result of applying the S2K algorithms to the "
|
||
"password. The session key may be prefaced with an integer and a colon "
|
||
"to indicate the cipher to use for the SED packet (making --sed-cipher "
|
||
"unnecessary and allowing the direct use of the result of "
|
||
"\"" GPG_NAME " --show-session-key\")." },
|
||
{ "", sk_esk_password, "The password." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --sk-esk foobar --encrypted \\\n"
|
||
" --literal --value foo | " GPG_NAME " --list-packets" }
|
||
};
|
||
|
||
static int
|
||
sk_esk (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
gpg_error_t err;
|
||
int processed;
|
||
struct sk_esk_info si;
|
||
DEK sesdek;
|
||
DEK s2kdek;
|
||
PKT_symkey_enc *ske;
|
||
PACKET pkt;
|
||
|
||
memset (&si, 0, sizeof (si));
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
sk_esk_options, &si,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! si.password)
|
||
log_fatal ("%s: missing password. Usage: %s PASSWORD", option, option);
|
||
|
||
/* Fill in defaults, if appropriate. */
|
||
if (! si.cipher)
|
||
si.cipher = CIPHER_ALGO_AES;
|
||
|
||
if (! si.sed_cipher)
|
||
si.sed_cipher = CIPHER_ALGO_AES256;
|
||
|
||
if (! si.hash)
|
||
si.hash = DIGEST_ALGO_SHA1;
|
||
|
||
if (! si.mode_set)
|
||
/* Salted and iterated. */
|
||
si.mode = 3;
|
||
|
||
if (si.mode != 0 && ! si.salt_set)
|
||
/* Generate a salt. */
|
||
gcry_randomize (si.salt, 8, GCRY_STRONG_RANDOM);
|
||
|
||
if (si.mode == 0)
|
||
{
|
||
if (si.iterations)
|
||
log_info ("%s: --iterations provided, but not used for mode=0\n",
|
||
option);
|
||
si.iterations = 0;
|
||
}
|
||
else if (! si.iterations)
|
||
si.iterations = 10000;
|
||
|
||
memset (&sesdek, 0, sizeof (sesdek));
|
||
/* The session key is used to encrypt the SED packet. */
|
||
sesdek.algo = si.sed_cipher;
|
||
if (si.session_key)
|
||
/* Copy the unencrypted session key into SESDEK. */
|
||
{
|
||
sesdek.keylen = openpgp_cipher_get_algo_keylen (sesdek.algo);
|
||
if (sesdek.keylen != si.session_key_len)
|
||
log_fatal ("%s: Cipher algorithm requires a %d byte session key, but provided session key is %d bytes.",
|
||
option, sesdek.keylen, si.session_key_len);
|
||
|
||
log_assert (sesdek.keylen <= sizeof (sesdek.key));
|
||
memcpy (sesdek.key, si.session_key, sesdek.keylen);
|
||
}
|
||
else if (! si.s2k_is_session_key || si.new_session_key)
|
||
/* We need a session key, but one wasn't provided. Generate it. */
|
||
make_session_key (&sesdek);
|
||
|
||
/* The encrypted session key needs 1 + SESDEK.KEYLEN bytes of
|
||
space. */
|
||
ske = xmalloc_clear (sizeof (*ske) + sesdek.keylen);
|
||
|
||
ske->version = 4;
|
||
ske->cipher_algo = si.cipher;
|
||
|
||
ske->s2k.mode = si.mode;
|
||
ske->s2k.hash_algo = si.hash;
|
||
log_assert (sizeof (si.salt) == sizeof (ske->s2k.salt));
|
||
memcpy (ske->s2k.salt, si.salt, sizeof (ske->s2k.salt));
|
||
if (! si.s2k_is_session_key)
|
||
{
|
||
if (!si.iterations)
|
||
ske->s2k.count = encode_s2k_iterations (agent_get_s2k_count ());
|
||
else
|
||
ske->s2k.count = encode_s2k_iterations (si.iterations);
|
||
}
|
||
|
||
/* Derive the symmetric key that is either the session key or the
|
||
key used to encrypt the session key. */
|
||
memset (&s2kdek, 0, sizeof (s2kdek));
|
||
|
||
s2kdek.algo = si.cipher;
|
||
s2kdek.keylen = openpgp_cipher_get_algo_keylen (s2kdek.algo);
|
||
|
||
err = gcry_kdf_derive (si.password, strlen (si.password),
|
||
ske->s2k.mode == 3 ? GCRY_KDF_ITERSALTED_S2K
|
||
: ske->s2k.mode == 1 ? GCRY_KDF_SALTED_S2K
|
||
: GCRY_KDF_SIMPLE_S2K,
|
||
ske->s2k.hash_algo, ske->s2k.salt, 8,
|
||
S2K_DECODE_COUNT (ske->s2k.count),
|
||
/* The size of the desired key and its
|
||
buffer. */
|
||
s2kdek.keylen, s2kdek.key);
|
||
if (err)
|
||
log_fatal ("gcry_kdf_derive failed: %s", gpg_strerror (err));
|
||
|
||
|
||
if (si.s2k_is_session_key)
|
||
{
|
||
ske->seskeylen = 0;
|
||
session_key = s2kdek;
|
||
}
|
||
else
|
||
/* Encrypt the session key using the s2k specifier. */
|
||
{
|
||
DEK *sesdekp = &sesdek;
|
||
void *enckey;
|
||
size_t enckeylen;
|
||
|
||
/* Now encrypt the session key (or rather, the algorithm used to
|
||
encrypt the SKESK plus the session key) using S2KDEK. */
|
||
err = encrypt_seskey (&s2kdek, 0, &sesdekp, &enckey, &enckeylen);
|
||
|
||
if (err)
|
||
log_fatal ("encrypt_seskey failed: %s\n", gpg_strerror (err));
|
||
|
||
if (enckeylen - 1 > sesdek.keylen)
|
||
log_fatal ("key size is too big: %zu\n", enckeylen);
|
||
else
|
||
{
|
||
ske->seskeylen = (byte)enckeylen;
|
||
memcpy (ske->seskey, enckey, enckeylen);
|
||
}
|
||
|
||
/* Save the session key for later. */
|
||
session_key = sesdek;
|
||
xfree (enckey);
|
||
}
|
||
|
||
pkt.pkttype = PKT_SYMKEY_ENC;
|
||
pkt.pkt.symkey_enc = ske;
|
||
|
||
err = build_packet (out, &pkt);
|
||
if (err)
|
||
log_fatal ("Serializing sym-key encrypted packet: %s\n",
|
||
gpg_strerror (err));
|
||
|
||
debug ("Wrote sym-key encrypted packet:\n");
|
||
dump_component (&pkt);
|
||
|
||
xfree (si.session_key);
|
||
xfree (si.password);
|
||
xfree (ske);
|
||
|
||
return processed;
|
||
}
|
||
|
||
struct pk_esk_info
|
||
{
|
||
int session_key_set;
|
||
|
||
int new_session_key;
|
||
|
||
int sed_cipher;
|
||
int session_key_len;
|
||
char *session_key;
|
||
|
||
int throw_keyid;
|
||
|
||
char *keyid;
|
||
};
|
||
|
||
static int
|
||
pk_esk_session_key (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct pk_esk_info *pi = cookie;
|
||
char *usage = "HEX-CHARACTERS|auto|none";
|
||
char *p = argv[0];
|
||
struct session_key sk;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (pi->session_key_set)
|
||
log_fatal ("%s given multiple times.", option);
|
||
pi->session_key_set = 1;
|
||
|
||
if (strcasecmp (p, "new") == 0)
|
||
{
|
||
pi->new_session_key = 1;
|
||
return 1;
|
||
}
|
||
|
||
if (strcasecmp (p, "auto") == 0)
|
||
return 1;
|
||
|
||
sk = parse_session_key (option, p, 0);
|
||
|
||
if (pi->session_key)
|
||
log_fatal ("%s given multiple times.", option);
|
||
|
||
if (sk.algo)
|
||
pi->sed_cipher = sk.algo;
|
||
|
||
pi->session_key_len = sk.keylen;
|
||
pi->session_key = sk.key;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
pk_esk_throw_keyid (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct pk_esk_info *pi = cookie;
|
||
|
||
(void) option;
|
||
(void) argc;
|
||
(void) argv;
|
||
|
||
pi->throw_keyid = 1;
|
||
|
||
return 0;
|
||
}
|
||
|
||
static int
|
||
pk_esk_keyid (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct pk_esk_info *pi = cookie;
|
||
char *usage = "KEYID";
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (pi->keyid)
|
||
log_fatal ("Multiple key ids given, but only one is allowed.");
|
||
|
||
pi->keyid = xstrdup (argv[0]);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option pk_esk_options[] = {
|
||
{ "--session-key", pk_esk_session_key,
|
||
"The session key to be encrypted by the S2K function as a hexadecimal "
|
||
"string. If this is not given or is \"auto\", then the current "
|
||
"session key is used. If there is no session key or this is \"new\", "
|
||
"then a new session key is generated. The session key may be "
|
||
"prefaced with an integer and a colon to indicate the cipher to use "
|
||
"for the SED packet (making --sed-cipher unnecessary and allowing the "
|
||
"direct use of the result of \"" GPG_NAME " --show-session-key\")." },
|
||
{ "--throw-keyid", pk_esk_throw_keyid,
|
||
"Throw the keyid." },
|
||
{ "", pk_esk_keyid, "The key id." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --pk-esk $KEYID --encrypted --literal --value foo \\\n"
|
||
" | " GPG_NAME " --list-packets"}
|
||
};
|
||
|
||
static int
|
||
pk_esk (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
gpg_error_t err;
|
||
int processed;
|
||
struct pk_esk_info pi;
|
||
PKT_public_key pk;
|
||
|
||
memset (&pi, 0, sizeof (pi));
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
pk_esk_options, &pi,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! pi.keyid)
|
||
log_fatal ("%s: missing keyid. Usage: %s KEYID", option, option);
|
||
|
||
memset (&pk, 0, sizeof (pk));
|
||
pk.req_usage = PUBKEY_USAGE_ENC;
|
||
err = get_pubkey_byname (NULL, NULL, &pk, pi.keyid, NULL, NULL, 1, 1);
|
||
if (err)
|
||
log_fatal ("%s: looking up key %s: %s\n",
|
||
option, pi.keyid, gpg_strerror (err));
|
||
|
||
if (pi.sed_cipher)
|
||
/* Have a session key. */
|
||
{
|
||
session_key.algo = pi.sed_cipher;
|
||
session_key.keylen = pi.session_key_len;
|
||
log_assert (session_key.keylen <= sizeof (session_key.key));
|
||
memcpy (session_key.key, pi.session_key, session_key.keylen);
|
||
}
|
||
|
||
if (pi.new_session_key || ! session_key.algo)
|
||
{
|
||
if (! pi.new_session_key)
|
||
/* Default to AES256. */
|
||
session_key.algo = CIPHER_ALGO_AES256;
|
||
make_session_key (&session_key);
|
||
}
|
||
|
||
err = write_pubkey_enc (global_ctrl, &pk, pi.throw_keyid, &session_key, out);
|
||
if (err)
|
||
log_fatal ("%s: writing pk_esk packet for %s: %s\n",
|
||
option, pi.keyid, gpg_strerror (err));
|
||
|
||
debug ("Wrote pk_esk packet for %s\n", pi.keyid);
|
||
|
||
xfree (pi.keyid);
|
||
xfree (pi.session_key);
|
||
|
||
return processed;
|
||
}
|
||
|
||
struct encinfo
|
||
{
|
||
int saw_session_key;
|
||
};
|
||
|
||
static int
|
||
encrypted_session_key (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct encinfo *ei = cookie;
|
||
char *usage = "HEX-CHARACTERS|auto";
|
||
char *p = argv[0];
|
||
struct session_key sk;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s %s\n", option, usage);
|
||
|
||
if (ei->saw_session_key)
|
||
log_fatal ("%s given multiple times.", option);
|
||
ei->saw_session_key = 1;
|
||
|
||
if (strcasecmp (p, "auto") == 0)
|
||
return 1;
|
||
|
||
sk = parse_session_key (option, p, 1);
|
||
|
||
session_key.algo = sk.algo;
|
||
log_assert (sk.keylen <= sizeof (session_key.key));
|
||
memcpy (session_key.key, sk.key, sk.keylen);
|
||
xfree (sk.key);
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option encrypted_options[] = {
|
||
{ "--session-key", encrypted_session_key,
|
||
"The session key to be encrypted by the S2K function as a hexadecimal "
|
||
"string. If this is not given or is \"auto\", then the last session key "
|
||
"is used. If there was none, then an error is raised. The session key "
|
||
"must be prefaced with an integer and a colon to indicate the cipher "
|
||
"to use (this is format used by \"" GPG_NAME " --show-session-key\")." },
|
||
{ NULL, NULL,
|
||
"After creating the packet, this command clears the current "
|
||
"session key.\n\n"
|
||
"Example: nested encryption packets:\n\n"
|
||
" $ gpgcompose --sk-esk foo --encrypted-mdc \\\n"
|
||
" --sk-esk bar --encrypted-mdc \\\n"
|
||
" --literal --value 123 --encrypted-pop --encrypted-pop | " GPG_NAME" -d" }
|
||
};
|
||
|
||
static int
|
||
encrypted (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
int processed;
|
||
struct encinfo ei;
|
||
PKT_encrypted e;
|
||
cipher_filter_context_t *cfx;
|
||
|
||
memset (&ei, 0, sizeof (ei));
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
encrypted_options, &ei,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! session_key.algo)
|
||
log_fatal ("%s: no session key configured\n"
|
||
" (use e.g. --sk-esk PASSWORD or --pk-esk KEYID).\n",
|
||
option);
|
||
|
||
memset (&e, 0, sizeof (e));
|
||
/* We only need to set E->LEN, E->EXTRALEN (if E->LEN is not
|
||
0), and E->NEW_CTB. */
|
||
e.len = 0;
|
||
e.new_ctb = 1;
|
||
|
||
/* Register the cipher filter. */
|
||
|
||
cfx = xmalloc_clear (sizeof (*cfx));
|
||
|
||
/* Copy the session key. */
|
||
cfx->dek = xmalloc (sizeof (*cfx->dek));
|
||
*cfx->dek = session_key;
|
||
|
||
if (do_debug)
|
||
{
|
||
char *buf;
|
||
|
||
buf = xmalloc (2 * session_key.keylen + 1);
|
||
debug ("session key: algo: %d; keylen: %d; key: %s\n",
|
||
session_key.algo, session_key.keylen,
|
||
bin2hex (session_key.key, session_key.keylen, buf));
|
||
xfree (buf);
|
||
}
|
||
|
||
if (strcmp (option, "--encrypted-mdc") == 0)
|
||
cfx->dek->use_mdc = 1;
|
||
else if (strcmp (option, "--encrypted") == 0)
|
||
cfx->dek->use_mdc = 0;
|
||
else
|
||
log_fatal ("%s: option not handled by this function!\n", option);
|
||
|
||
cfx->datalen = 0;
|
||
|
||
filter_push (out, cipher_filter_cfb, cfx, PKT_ENCRYPTED, cfx->datalen == 0);
|
||
|
||
debug ("Wrote encrypted packet:\n");
|
||
|
||
/* Clear the current session key. */
|
||
memset (&session_key, 0, sizeof (session_key));
|
||
|
||
return processed;
|
||
}
|
||
|
||
static struct option encrypted_pop_options[] = {
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --sk-esk PASSWORD \\\n"
|
||
" --encrypted-mdc \\\n"
|
||
" --literal --value foo \\\n"
|
||
" --encrypted-pop | " GPG_NAME " --list-packets" }
|
||
};
|
||
|
||
static int
|
||
encrypted_pop (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
int processed;
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
encrypted_pop_options,
|
||
NULL,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
/* We only support a single option, --help, which causes the program
|
||
* to exit. */
|
||
log_assert (processed == 0);
|
||
|
||
filter_pop (out, PKT_ENCRYPTED);
|
||
|
||
debug ("Popped encryption container.\n");
|
||
|
||
return processed;
|
||
}
|
||
|
||
struct data
|
||
{
|
||
int file;
|
||
union
|
||
{
|
||
char *data;
|
||
char *filename;
|
||
};
|
||
struct data *next;
|
||
};
|
||
|
||
/* This must be the first member of the struct to be able to use
|
||
add_value! */
|
||
struct datahead
|
||
{
|
||
struct data *head;
|
||
struct data **last_next;
|
||
};
|
||
|
||
static int
|
||
add_value (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct datahead *dh = cookie;
|
||
struct data *d = xmalloc_clear (sizeof (struct data));
|
||
|
||
d->file = strcmp ("--file", option) == 0;
|
||
if (! d->file)
|
||
log_assert (strcmp ("--value", option) == 0);
|
||
|
||
if (argc == 0)
|
||
{
|
||
if (d->file)
|
||
log_fatal ("Usage: %s FILENAME\n", option);
|
||
else
|
||
log_fatal ("Usage: %s STRING\n", option);
|
||
}
|
||
|
||
if (! dh->last_next)
|
||
/* First time through. Initialize DH->LAST_NEXT. */
|
||
{
|
||
log_assert (! dh->head);
|
||
dh->last_next = &dh->head;
|
||
}
|
||
|
||
if (d->file)
|
||
d->filename = argv[0];
|
||
else
|
||
d->data = argv[0];
|
||
|
||
/* Append it. */
|
||
*dh->last_next = d;
|
||
dh->last_next = &d->next;
|
||
|
||
return 1;
|
||
}
|
||
|
||
struct litinfo
|
||
{
|
||
/* This must be the first element for add_value to work! */
|
||
struct datahead data;
|
||
|
||
int timestamp_set;
|
||
u32 timestamp;
|
||
char mode;
|
||
int partial_body_length_encoding;
|
||
char *name;
|
||
};
|
||
|
||
static int
|
||
literal_timestamp (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct litinfo *li = cookie;
|
||
|
||
char *tail = NULL;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s TIMESTAMP\n", option);
|
||
|
||
errno = 0;
|
||
li->timestamp = parse_timestamp (argv[0], &tail);
|
||
if (errno || (tail && *tail))
|
||
log_fatal ("Invalid value passed to %s (%s)\n", option, argv[0]);
|
||
li->timestamp_set = 1;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
literal_mode (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct litinfo *li = cookie;
|
||
|
||
if (argc == 0
|
||
|| ! (strcmp (argv[0], "b") == 0
|
||
|| strcmp (argv[0], "t") == 0
|
||
|| strcmp (argv[0], "u") == 0))
|
||
log_fatal ("Usage: %s [btu]\n", option);
|
||
|
||
li->mode = argv[0][0];
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
literal_partial_body_length (const char *option, int argc, char *argv[],
|
||
void *cookie)
|
||
{
|
||
struct litinfo *li = cookie;
|
||
char *tail;
|
||
int v;
|
||
int range[2] = {0, 1};
|
||
|
||
if (argc <= 1)
|
||
log_fatal ("Usage: %s [0|1]\n", option);
|
||
|
||
errno = 0;
|
||
v = strtol (argv[0], &tail, 0);
|
||
if (errno || (tail && *tail) || !(range[0] <= v && v <= range[1]))
|
||
log_fatal ("Invalid value passed to %s (%s). Expected %d-%d\n",
|
||
option, argv[0], range[0], range[1]);
|
||
|
||
li->partial_body_length_encoding = v;
|
||
|
||
return 1;
|
||
}
|
||
|
||
static int
|
||
literal_name (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
struct litinfo *li = cookie;
|
||
|
||
if (argc <= 0)
|
||
log_fatal ("Usage: %s NAME\n", option);
|
||
|
||
if (strlen (argv[0]) > 255)
|
||
log_fatal ("%s: name is too long (%zd > 255 characters).\n",
|
||
option, strlen (argv[0]));
|
||
|
||
li->name = argv[0];
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option literal_options[] = {
|
||
{ "--value", add_value,
|
||
"A string to store in the literal packet." },
|
||
{ "--file", add_value,
|
||
"A file to copy into the literal packet." },
|
||
{ "--timestamp", literal_timestamp,
|
||
"The literal packet's time stamp. This defaults to the current time." },
|
||
{ "--mode", literal_mode,
|
||
"The content's mode (normally 'b' (default), 't' or 'u')." },
|
||
{ "--partial-body-length", literal_partial_body_length,
|
||
"Force partial body length encoding." },
|
||
{ "--name", literal_name,
|
||
"The literal's name." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --literal --value foobar | " GPG_NAME " -d"}
|
||
};
|
||
|
||
static int
|
||
literal (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
gpg_error_t err;
|
||
int processed;
|
||
struct litinfo li;
|
||
PKT_plaintext *pt;
|
||
PACKET pkt;
|
||
struct data *data;
|
||
|
||
memset (&li, 0, sizeof (li));
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
literal_options, &li,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
|
||
if (! li.data.head)
|
||
log_fatal ("%s: no data provided (use --value or --file)", option);
|
||
|
||
pt = xmalloc_clear (sizeof (*pt) + (li.name ? strlen (li.name) : 0));
|
||
pt->new_ctb = 1;
|
||
|
||
if (li.timestamp_set)
|
||
pt->timestamp = li.timestamp;
|
||
else
|
||
/* Default to the current time. */
|
||
pt->timestamp = make_timestamp ();
|
||
|
||
pt->mode = li.mode;
|
||
if (! pt->mode)
|
||
/* Default to binary. */
|
||
pt->mode = 'b';
|
||
|
||
if (li.name)
|
||
{
|
||
strcpy (pt->name, li.name);
|
||
pt->namelen = strlen (pt->name);
|
||
}
|
||
|
||
pkt.pkttype = PKT_PLAINTEXT;
|
||
pkt.pkt.plaintext = pt;
|
||
|
||
if (! li.partial_body_length_encoding)
|
||
/* Compute the amount of data. */
|
||
{
|
||
pt->len = 0;
|
||
for (data = li.data.head; data; data = data->next)
|
||
{
|
||
if (data->file)
|
||
{
|
||
iobuf_t in;
|
||
int overflow;
|
||
off_t off;
|
||
|
||
in = iobuf_open (data->filename);
|
||
if (! in)
|
||
/* An error opening the file. We do error handling
|
||
below so just break here. */
|
||
{
|
||
pt->len = 0;
|
||
break;
|
||
}
|
||
|
||
off = iobuf_get_filelength (in, &overflow);
|
||
iobuf_close (in);
|
||
|
||
if (overflow || off == 0)
|
||
/* Length is unknown or there was an error
|
||
(unfortunately, iobuf_get_filelength doesn't
|
||
distinguish between 0 length files and an error!).
|
||
Fall back to partial body mode. */
|
||
{
|
||
pt->len = 0;
|
||
break;
|
||
}
|
||
|
||
pt->len += off;
|
||
}
|
||
else
|
||
pt->len += strlen (data->data);
|
||
}
|
||
}
|
||
|
||
err = build_packet (out, &pkt);
|
||
if (err)
|
||
log_fatal ("Serializing literal packet: %s\n", gpg_strerror (err));
|
||
|
||
/* Write out the data. */
|
||
for (data = li.data.head; data; data = data->next)
|
||
{
|
||
if (data->file)
|
||
{
|
||
iobuf_t in;
|
||
errno = 0;
|
||
in = iobuf_open (data->filename);
|
||
if (! in)
|
||
log_fatal ("Opening '%s': %s\n",
|
||
data->filename,
|
||
errno ? strerror (errno): "unknown error");
|
||
|
||
iobuf_copy (out, in);
|
||
if (iobuf_error (in))
|
||
log_fatal ("Reading from %s: %s\n",
|
||
data->filename,
|
||
gpg_strerror (iobuf_error (in)));
|
||
if (iobuf_error (out))
|
||
log_fatal ("Writing literal data from %s: %s\n",
|
||
data->filename,
|
||
gpg_strerror (iobuf_error (out)));
|
||
|
||
iobuf_close (in);
|
||
}
|
||
else
|
||
{
|
||
err = iobuf_write (out, data->data, strlen (data->data));
|
||
if (err)
|
||
log_fatal ("Writing literal data: %s\n", gpg_strerror (err));
|
||
}
|
||
}
|
||
|
||
if (! pt->len)
|
||
{
|
||
/* Disable partial body length mode. */
|
||
log_assert (pt->new_ctb == 1);
|
||
iobuf_set_partial_body_length_mode (out, 0);
|
||
}
|
||
|
||
debug ("Wrote literal packet:\n");
|
||
dump_component (&pkt);
|
||
|
||
while (li.data.head)
|
||
{
|
||
data = li.data.head->next;
|
||
xfree (li.data.head);
|
||
li.data.head = data;
|
||
}
|
||
xfree (pt);
|
||
|
||
return processed;
|
||
}
|
||
|
||
static int
|
||
copy_file (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
char **filep = cookie;
|
||
|
||
if (argc == 0)
|
||
log_fatal ("Usage: %s FILENAME\n", option);
|
||
|
||
*filep = argv[0];
|
||
|
||
return 1;
|
||
}
|
||
|
||
static struct option copy_options[] = {
|
||
{ "", copy_file, "Copy the specified file to stdout." },
|
||
{ NULL, NULL,
|
||
"Example:\n\n"
|
||
" $ gpgcompose --copy /etc/hostname\n\n"
|
||
"This is particularly useful when combined with gpgsplit." }
|
||
};
|
||
|
||
static int
|
||
copy (const char *option, int argc, char *argv[], void *cookie)
|
||
{
|
||
iobuf_t out = cookie;
|
||
char *file = NULL;
|
||
iobuf_t in;
|
||
|
||
int processed;
|
||
|
||
processed = process_options (option,
|
||
major_options,
|
||
copy_options, &file,
|
||
global_options, NULL,
|
||
argc, argv);
|
||
if (! file)
|
||
log_fatal ("Usage: %s FILE\n", option);
|
||
|
||
errno = 0;
|
||
in = iobuf_open (file);
|
||
if (! in)
|
||
log_fatal ("Error opening %s: %s.\n",
|
||
file, errno ? strerror (errno): "unknown error");
|
||
|
||
iobuf_copy (out, in);
|
||
if (iobuf_error (out))
|
||
log_fatal ("Copying data to destination: %s\n",
|
||
gpg_strerror (iobuf_error (out)));
|
||
if (iobuf_error (in))
|
||
log_fatal ("Reading data from %s: %s\n",
|
||
argv[0], gpg_strerror (iobuf_error (in)));
|
||
|
||
iobuf_close (in);
|
||
|
||
return processed;
|
||
}
|
||
|
||
int
|
||
main (int argc, char *argv[])
|
||
{
|
||
const char *filename = "-";
|
||
iobuf_t out;
|
||
int preprocessed = 1;
|
||
int processed;
|
||
ctrl_t ctrl;
|
||
|
||
opt.ignore_time_conflict = 1;
|
||
/* Allow notations in the IETF space, for instance. */
|
||
opt.expert = 1;
|
||
|
||
global_ctrl = ctrl = xcalloc (1, sizeof *ctrl);
|
||
|
||
keydb_add_resource ("pubring" EXTSEP_S GPGEXT_GPG,
|
||
KEYDB_RESOURCE_FLAG_DEFAULT);
|
||
|
||
if (argc == 1)
|
||
/* Nothing to do. */
|
||
return 0;
|
||
|
||
if (strcmp (argv[1], "--output") == 0
|
||
|| strcmp (argv[1], "-o") == 0)
|
||
{
|
||
filename = argv[2];
|
||
log_info ("Writing to %s\n", filename);
|
||
preprocessed += 2;
|
||
}
|
||
|
||
out = iobuf_create (filename, 0);
|
||
if (! out)
|
||
log_fatal ("Failed to open stdout for writing\n");
|
||
|
||
processed = process_options (NULL, NULL,
|
||
major_options, out,
|
||
global_options, NULL,
|
||
argc - preprocessed, &argv[preprocessed]);
|
||
if (processed != argc - preprocessed)
|
||
log_fatal ("Didn't process %d options.\n", argc - preprocessed - processed);
|
||
|
||
iobuf_close (out);
|
||
|
||
return 0;
|
||
}
|
||
|
||
/* Stubs duplicated from gpg.c. */
|
||
|
||
int g10_errors_seen = 0;
|
||
|
||
/* Note: This function is used by signal handlers!. */
|
||
static void
|
||
emergency_cleanup (void)
|
||
{
|
||
gcry_control (GCRYCTL_TERM_SECMEM );
|
||
}
|
||
|
||
void
|
||
g10_exit( int rc )
|
||
{
|
||
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
|
||
|
||
emergency_cleanup ();
|
||
|
||
rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0;
|
||
exit (rc);
|
||
}
|
||
|
||
void
|
||
keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
|
||
strlist_t commands, int quiet, int seckey_check)
|
||
{
|
||
(void) ctrl;
|
||
(void) username;
|
||
(void) locusr;
|
||
(void) commands;
|
||
(void) quiet;
|
||
(void) seckey_check;
|
||
}
|
||
|
||
void
|
||
show_basic_key_info (ctrl_t ctrl, KBNODE keyblock, int made_from_sec)
|
||
{
|
||
(void)ctrl;
|
||
(void)keyblock;
|
||
(void)made_from_sec;
|
||
}
|
||
|
||
int
|
||
keyedit_print_one_sig (ctrl_t ctrl, estream_t fp,
|
||
int rc, kbnode_t keyblock, kbnode_t node,
|
||
int *inv_sigs, int *no_key, int *oth_err,
|
||
int is_selfsig, int print_without_key, int extended)
|
||
{
|
||
(void) ctrl;
|
||
(void) fp;
|
||
(void) rc;
|
||
(void) keyblock;
|
||
(void) node;
|
||
(void) inv_sigs;
|
||
(void) no_key;
|
||
(void) oth_err;
|
||
(void) is_selfsig;
|
||
(void) print_without_key;
|
||
(void) extended;
|
||
return 0;
|
||
}
|