1 /* options.h 2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 3 * 2007, 2010, 2011 Free Software Foundation, Inc. 4 * Copyright (C) 2015 g10 Code GmbH 5 * 6 * This file is part of GnuPG. 7 * 8 * GnuPG is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 3 of the License, or 11 * (at your option) any later version. 12 * 13 * GnuPG is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, see <https://www.gnu.org/licenses/>. 20 */ 21 #ifndef G10_OPTIONS_H 22 #define G10_OPTIONS_H 23 24 #include <sys/types.h> 25 #include "../common/types.h" 26 #include <stdint.h> 27 #include "main.h" 28 #include "packet.h" 29 #include "tofu.h" 30 #include "../common/session-env.h" 31 #include "../common/compliance.h" 32 33 34 /* Object to hold information pertaining to a keyserver; it also 35 allows building a list of keyservers. For historic reasons this is 36 not a strlist_t. */ 37 struct keyserver_spec 38 { 39 struct keyserver_spec *next; 40 char *uri; 41 }; 42 typedef struct keyserver_spec *keyserver_spec_t; 43 44 45 /* Global options for GPG. */ 46 EXTERN_UNLESS_MAIN_MODULE 47 struct 48 { 49 int verbose; 50 int quiet; 51 unsigned debug; 52 int armor; 53 char *outfile; 54 estream_t outfp; /* Hack, sometimes used in place of outfile. */ 55 off_t max_output; 56 57 /* If > 0 a hint with the expected number of input data bytes. This 58 * is not necessary an exact number but intended to be used for 59 * progress info and to decide on how to allocate buffers. */ 60 uint64_t input_size_hint; 61 62 /* The AEAD chunk size expressed as a power of 2. */ 63 int chunk_size; 64 65 int dry_run; 66 int autostart; 67 int list_only; 68 int mimemode; 69 int textmode; 70 int expert; 71 const char *def_sig_expire; 72 int ask_sig_expire; 73 const char *def_cert_expire; 74 int ask_cert_expire; 75 int batch; /* run in batch mode */ 76 int answer_yes; /* answer yes on most questions */ 77 int answer_no; /* answer no on most questions */ 78 int check_sigs; /* check key signatures */ 79 int with_colons; 80 int with_key_data; 81 int with_icao_spelling; /* Print ICAO spelling with fingerprints. */ 82 int with_fingerprint; /* Option --with-fingerprint active. */ 83 int with_subkey_fingerprint; /* Option --with-subkey-fingerprint active. */ 84 int with_keygrip; /* Option --with-keygrip active. */ 85 int with_key_screening;/* Option --with-key-screening active. */ 86 int with_tofu_info; /* Option --with-tofu_info active. */ 87 int with_secret; /* Option --with-secret active. */ 88 int with_wkd_hash; /* Option --with-wkd-hash. */ 89 int with_key_origin; /* Option --with-key-origin. */ 90 int fingerprint; /* list fingerprints */ 91 int list_sigs; /* list signatures */ 92 int no_armor; 93 int list_packets; /* Option --list-packets active. */ 94 int def_cipher_algo; 95 int def_aead_algo; 96 int force_mdc; 97 int disable_mdc; 98 int force_aead; 99 int def_digest_algo; 100 int cert_digest_algo; 101 int compress_algo; 102 int compress_level; 103 int bz2_compress_level; 104 int bz2_decompress_lowmem; 105 strlist_t def_secret_key; 106 char *def_recipient; 107 int def_recipient_self; 108 strlist_t secret_keys_to_try; 109 110 /* A list of mail addresses (addr-spec) provided by the user with 111 * the option --sender. */ 112 strlist_t sender_list; 113 114 int def_cert_level; 115 int min_cert_level; 116 int ask_cert_level; 117 int emit_version; /* 0 = none, 118 1 = major only, 119 2 = major and minor, 120 3 = full version, 121 4 = full version plus OS string. */ 122 int marginals_needed; 123 int completes_needed; 124 int max_cert_depth; 125 const char *agent_program; 126 const char *keyboxd_program; 127 const char *dirmngr_program; 128 int disable_dirmngr; 129 130 const char *def_new_key_algo; 131 132 /* Options to be passed to the gpg-agent */ 133 session_env_t session_env; 134 char *lc_ctype; 135 char *lc_messages; 136 137 int skip_verify; 138 int skip_hidden_recipients; 139 140 /* TM_CLASSIC must be zero to accommodate trustdbsg generated before 141 we started storing the trust model inside the trustdb. */ 142 enum 143 { 144 TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, 145 TM_ALWAYS, TM_DIRECT, TM_AUTO, TM_TOFU, TM_TOFU_PGP 146 } trust_model; 147 enum tofu_policy tofu_default_policy; 148 int force_ownertrust; 149 enum gnupg_compliance_mode compliance; 150 enum 151 { 152 KF_DEFAULT, KF_NONE, KF_SHORT, KF_LONG, KF_0xSHORT, KF_0xLONG 153 } keyid_format; 154 const char *set_filename; 155 strlist_t comments; 156 int throw_keyids; 157 const char *photo_viewer; 158 int s2k_mode; 159 int s2k_digest_algo; 160 int s2k_cipher_algo; 161 unsigned char s2k_count; /* This is the encoded form, not the raw 162 count */ 163 int not_dash_escaped; 164 int escape_from; 165 int lock_once; 166 keyserver_spec_t keyserver; /* The list of configured keyservers. */ 167 struct 168 { 169 unsigned int options; 170 unsigned int import_options; 171 unsigned int export_options; 172 char *http_proxy; 173 } keyserver_options; 174 int exec_disable; 175 int exec_path_set; 176 unsigned int import_options; 177 unsigned int export_options; 178 unsigned int list_options; 179 unsigned int verify_options; 180 const char *def_preference_list; 181 const char *def_keyserver_url; 182 prefitem_t *personal_cipher_prefs; 183 prefitem_t *personal_aead_prefs; 184 prefitem_t *personal_digest_prefs; 185 prefitem_t *personal_compress_prefs; 186 struct weakhash *weak_digests; 187 int no_perm_warn; 188 char *temp_dir; 189 int no_encrypt_to; 190 int encrypt_to_default_key; 191 int interactive; 192 struct notation *sig_notations; 193 struct notation *cert_notations; 194 strlist_t sig_policy_url; 195 strlist_t cert_policy_url; 196 strlist_t sig_keyserver_url; 197 strlist_t cert_subpackets; 198 strlist_t sig_subpackets; 199 int allow_non_selfsigned_uid; 200 int allow_freeform_uid; 201 int no_literal; 202 ulong set_filesize; 203 int fast_list_mode; 204 int legacy_list_mode; 205 int ignore_time_conflict; 206 int ignore_valid_from; 207 int ignore_crc_error; 208 int ignore_mdc_error; 209 int command_fd; 210 const char *override_session_key; 211 int show_session_key; 212 213 const char *gpg_agent_info; 214 int try_all_secrets; 215 int no_expensive_trust_checks; 216 int no_sig_cache; 217 int no_auto_check_trustdb; 218 int preserve_permissions; 219 int no_homedir_creation; 220 struct groupitem *grouplist; 221 int mangle_dos_filenames; 222 int enable_progress_filter; 223 unsigned int screen_columns; 224 unsigned int screen_lines; 225 byte *show_subpackets; 226 int rfc2440_text; 227 228 /* If true, let write failures on the status-fd exit the process. */ 229 int exit_on_status_write_error; 230 231 /* If > 0, limit the number of card insertion prompts to this 232 value. */ 233 int limit_card_insert_tries; 234 235 struct 236 { 237 /* If set, require an 0x19 backsig to be present on signatures 238 made by signing subkeys. If not set, a missing backsig is not 239 an error (but an invalid backsig still is). */ 240 unsigned int require_cross_cert:1; 241 242 unsigned int use_embedded_filename:1; 243 unsigned int utf8_filename:1; 244 unsigned int dsa2:1; 245 unsigned int allow_old_cipher_algos:1; 246 unsigned int allow_weak_digest_algos:1; 247 unsigned int allow_weak_key_signatures:1; 248 unsigned int large_rsa:1; 249 unsigned int disable_signer_uid:1; 250 unsigned int include_key_block:1; 251 unsigned int auto_key_import:1; 252 /* Flag to enable experimental features from RFC4880bis. */ 253 unsigned int rfc4880bis:1; 254 /* Hack: --output is not given but OUTFILE was temporary set to "-". */ 255 unsigned int dummy_outfile:1; 256 /* Force the use of the OpenPGP card and do not allow the use of 257 * another card. */ 258 unsigned int use_only_openpgp_card:1; 259 unsigned int full_timestrings:1; 260 /* Force signing keys even if a key signature already exists. */ 261 unsigned int force_sign_key:1; 262 /* On key generation do not set the ownertrust. */ 263 unsigned int no_auto_trust_new_key:1; 264 /* The next flag is set internally iff IMPORT_SELF_SIGS_ONLY has 265 * been set by the user and is not the default value. */ 266 unsigned int expl_import_self_sigs_only:1; 267 /* The next flag is set internally iff IMPORT_CLEAN has 268 * been set by the user and is not the default value. */ 269 unsigned int expl_import_clean:1; 270 } flags; 271 272 /* Linked list of ways to find a key if the key isn't on the local 273 keyring. */ 274 struct akl 275 { 276 enum { 277 AKL_NODEFAULT, 278 AKL_LOCAL, 279 AKL_CERT, 280 AKL_PKA, 281 AKL_DANE, 282 AKL_WKD, 283 AKL_LDAP, 284 AKL_NTDS, 285 AKL_KEYSERVER, 286 AKL_SPEC 287 } type; 288 keyserver_spec_t spec; 289 struct akl *next; 290 } *auto_key_locate; 291 292 /* The value of --key-origin. See parse_key_origin(). */ 293 int key_origin; 294 char *key_origin_url; 295 296 int passphrase_repeat; 297 int pinentry_mode; 298 int request_origin; 299 300 int unwrap_encryption; 301 int only_sign_text_ids; 302 303 int no_symkey_cache; /* Disable the cache used for --symmetric. */ 304 305 int use_keyboxd; /* Use the external keyboxd as storage backend. */ 306 } opt; 307 308 /* CTRL is used to keep some global variables we currently can't 309 avoid. Future concurrent versions of gpg will put it into a per 310 request structure CTRL. */ 311 EXTERN_UNLESS_MAIN_MODULE 312 struct { 313 int in_auto_key_retrieve; /* True if we are doing an 314 auto_key_retrieve. */ 315 /* Hack to store the last error. We currently need it because the 316 proc_packet machinery is not able to reliabale return error 317 codes. Thus for the --server purposes we store some of the error 318 codes here. FIXME! */ 319 gpg_error_t lasterr; 320 321 /* Kludge to silence some warnings using --secret-key-list. */ 322 int silence_parse_warnings; 323 } glo_ctrl; 324 325 #define DBG_PACKET_VALUE 1 /* debug packet reading/writing */ 326 #define DBG_MPI_VALUE 2 /* debug mpi details */ 327 #define DBG_CRYPTO_VALUE 4 /* debug crypto handling */ 328 /* (may reveal sensitive data) */ 329 #define DBG_FILTER_VALUE 8 /* debug internal filter handling */ 330 #define DBG_IOBUF_VALUE 16 /* debug iobuf stuff */ 331 #define DBG_MEMORY_VALUE 32 /* debug memory allocation stuff */ 332 #define DBG_CACHE_VALUE 64 /* debug the caching */ 333 #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ 334 #define DBG_TRUST_VALUE 256 /* debug the trustdb */ 335 #define DBG_HASHING_VALUE 512 /* debug hashing operations */ 336 #define DBG_IPC_VALUE 1024 /* debug assuan communication */ 337 #define DBG_CLOCK_VALUE 4096 338 #define DBG_LOOKUP_VALUE 8192 /* debug the key lookup */ 339 #define DBG_EXTPROG_VALUE 16384 /* debug external program calls */ 340 341 /* Tests for the debugging flags. */ 342 #define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) 343 #define DBG_MPI (opt.debug & DBG_MPI_VALUE) 344 #define DBG_CRYPTO (opt.debug & DBG_CRYPTO_VALUE) 345 #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) 346 #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) 347 #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) 348 #define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) 349 #define DBG_IPC (opt.debug & DBG_IPC_VALUE) 350 #define DBG_CLOCK (opt.debug & DBG_CLOCK_VALUE) 351 #define DBG_LOOKUP (opt.debug & DBG_LOOKUP_VALUE) 352 #define DBG_EXTPROG (opt.debug & DBG_EXTPROG_VALUE) 353 354 /* FIXME: We need to check why we did not put this into opt. */ 355 #define DBG_MEMORY memory_debug_mode 356 #define DBG_MEMSTAT memory_stat_debug_mode 357 358 EXTERN_UNLESS_MAIN_MODULE int memory_debug_mode; 359 EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode; 360 361 362 /* Compatibility flags. */ 363 #define GNUPG (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS) 364 #define RFC2440 (opt.compliance==CO_RFC2440) 365 #define RFC4880 (opt.compliance==CO_RFC4880) 366 #define PGP7 (opt.compliance==CO_PGP7) 367 #define PGP8 (opt.compliance==CO_PGP8) 368 #define PGPX (PGP7 || PGP8) 369 370 /* Various option flags. Note that there should be no common string 371 names between the IMPORT_ and EXPORT_ flags as they can be mixed in 372 the keyserver-options option. */ 373 374 #define IMPORT_LOCAL_SIGS (1<<0) 375 #define IMPORT_REPAIR_PKS_SUBKEY_BUG (1<<1) 376 #define IMPORT_FAST (1<<2) 377 #define IMPORT_SHOW (1<<3) 378 #define IMPORT_MERGE_ONLY (1<<4) 379 #define IMPORT_MINIMAL (1<<5) 380 #define IMPORT_CLEAN (1<<6) 381 #define IMPORT_NO_SECKEY (1<<7) 382 #define IMPORT_KEEP_OWNERTTRUST (1<<8) 383 #define IMPORT_EXPORT (1<<9) 384 #define IMPORT_RESTORE (1<<10) 385 #define IMPORT_REPAIR_KEYS (1<<11) 386 #define IMPORT_DRY_RUN (1<<12) 387 #define IMPORT_SELF_SIGS_ONLY (1<<14) 388 #define IMPORT_COLLAPSE_UIDS (1<<15) 389 #define IMPORT_COLLAPSE_SUBKEYS (1<<16) 390 #define IMPORT_BULK (1<<17) 391 392 #define EXPORT_LOCAL_SIGS (1<<0) 393 #define EXPORT_ATTRIBUTES (1<<1) 394 #define EXPORT_SENSITIVE_REVKEYS (1<<2) 395 #define EXPORT_RESET_SUBKEY_PASSWD (1<<3) 396 #define EXPORT_MINIMAL (1<<4) 397 #define EXPORT_CLEAN (1<<5) 398 #define EXPORT_DANE_FORMAT (1<<7) 399 #define EXPORT_BACKUP (1<<10) 400 401 #define LIST_SHOW_PHOTOS (1<<0) 402 #define LIST_SHOW_POLICY_URLS (1<<1) 403 #define LIST_SHOW_STD_NOTATIONS (1<<2) 404 #define LIST_SHOW_USER_NOTATIONS (1<<3) 405 #define LIST_SHOW_NOTATIONS (LIST_SHOW_STD_NOTATIONS|LIST_SHOW_USER_NOTATIONS) 406 #define LIST_SHOW_KEYSERVER_URLS (1<<4) 407 #define LIST_SHOW_UID_VALIDITY (1<<5) 408 #define LIST_SHOW_UNUSABLE_UIDS (1<<6) 409 #define LIST_SHOW_UNUSABLE_SUBKEYS (1<<7) 410 #define LIST_SHOW_KEYRING (1<<8) 411 #define LIST_SHOW_SIG_EXPIRE (1<<9) 412 #define LIST_SHOW_SIG_SUBPACKETS (1<<10) 413 #define LIST_SHOW_USAGE (1<<11) 414 #define LIST_SHOW_ONLY_FPR_MBOX (1<<12) 415 #define LIST_SORT_SIGS (1<<13) 416 417 #define VERIFY_SHOW_PHOTOS (1<<0) 418 #define VERIFY_SHOW_POLICY_URLS (1<<1) 419 #define VERIFY_SHOW_STD_NOTATIONS (1<<2) 420 #define VERIFY_SHOW_USER_NOTATIONS (1<<3) 421 #define VERIFY_SHOW_NOTATIONS (VERIFY_SHOW_STD_NOTATIONS|VERIFY_SHOW_USER_NOTATIONS) 422 #define VERIFY_SHOW_KEYSERVER_URLS (1<<4) 423 #define VERIFY_SHOW_UID_VALIDITY (1<<5) 424 #define VERIFY_SHOW_UNUSABLE_UIDS (1<<6) 425 #define VERIFY_SHOW_PRIMARY_UID_ONLY (1<<9) 426 427 #define KEYSERVER_HTTP_PROXY (1<<0) 428 #define KEYSERVER_TIMEOUT (1<<1) 429 #define KEYSERVER_ADD_FAKE_V3 (1<<2) 430 #define KEYSERVER_AUTO_KEY_RETRIEVE (1<<3) 431 #define KEYSERVER_HONOR_KEYSERVER_URL (1<<4) 432 433 434 #endif /*G10_OPTIONS_H*/ 435