summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2010-01-09 20:00:46 +0100
committerWerner Koch <wk@gnupg.org>2010-01-09 20:00:46 +0100
commitff147275c36805e00ceb97d7468d5035e164b5e6 (patch)
tree429003a01247239143538e118a891f9b249faaa7
parentAdd dummu option --passwd for gpg. (diff)
downloadgnupg2-ff147275c36805e00ceb97d7468d5035e164b5e6.tar.xz
gnupg2-ff147275c36805e00ceb97d7468d5035e164b5e6.zip
Re-indent
Diffstat
-rw-r--r--g10/ChangeLog6
-rw-r--r--g10/getkey.c4271
-rw-r--r--g10/keydb.c2
-rw-r--r--g10/keylist.c2400
4 files changed, 3459 insertions, 3220 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index de29a8ebb..986b02dbe 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,7 @@
+2010-01-09 Werner Koch <wk@g10code.com>
+
+ * getkey.c, keylist.c: Re-indent.
+
2010-01-08 Werner Koch <wk@g10code.com>
* cpr.c (write_status_error): Rename to write_status_errcode.
@@ -11003,7 +11007,7 @@ Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo)
Copyright 1998,1999,2000,2001,2002,2003,2004,2005,
- 2006,2007,2008,2009 Free Software Foundation, Inc.
+ 2006,2007,2008,2009,2010 Free Software Foundation, Inc.
This file is free software; as a special exception the author gives
unlimited permission to copy and/or distribute it, with or without
diff --git a/g10/getkey.c b/g10/getkey.c
index c636d6b0e..96537b7d3 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1,6 +1,6 @@
/* getkey.c - Get a key from the database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- * 2007, 2008 Free Software Foundation, Inc.
+ * 2007, 2008, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -43,129 +43,136 @@
#error We need the cache for key creation
#endif
-struct getkey_ctx_s {
- int exact;
- KBNODE keyblock;
- KBPOS kbpos;
- KBNODE found_key; /* Pointer into some keyblock. */
- strlist_t extra_list; /* Will be freed when releasing the context. */
- int last_rc;
- int req_usage;
- int req_algo;
- KEYDB_HANDLE kr_handle;
- int not_allocated;
- int nitems;
- KEYDB_SEARCH_DESC items[1];
+struct getkey_ctx_s
+{
+ int exact;
+ KBNODE keyblock;
+ KBPOS kbpos;
+ KBNODE found_key; /* Pointer into some keyblock. */
+ strlist_t extra_list; /* Will be freed when releasing the context. */
+ int last_rc;
+ int req_usage;
+ int req_algo;
+ KEYDB_HANDLE kr_handle;
+ int not_allocated;
+ int nitems;
+ KEYDB_SEARCH_DESC items[1];
};
#if 0
-static struct {
- int any;
- int okay_count;
- int nokey_count;
- int error_count;
+static struct
+{
+ int any;
+ int okay_count;
+ int nokey_count;
+ int error_count;
} lkup_stats[21];
#endif
-typedef struct keyid_list {
- struct keyid_list *next;
- u32 keyid[2];
+typedef struct keyid_list
+{
+ struct keyid_list *next;
+ u32 keyid[2];
} *keyid_list_t;
#if MAX_PK_CACHE_ENTRIES
- typedef struct pk_cache_entry {
- struct pk_cache_entry *next;
- u32 keyid[2];
- PKT_public_key *pk;
- } *pk_cache_entry_t;
- static pk_cache_entry_t pk_cache;
- static int pk_cache_entries; /* number of entries in pk cache */
- static int pk_cache_disabled;
+typedef struct pk_cache_entry
+{
+ struct pk_cache_entry *next;
+ u32 keyid[2];
+ PKT_public_key *pk;
+} *pk_cache_entry_t;
+static pk_cache_entry_t pk_cache;
+static int pk_cache_entries; /* Number of entries in pk cache. */
+static int pk_cache_disabled;
#endif
#if MAX_UID_CACHE_ENTRIES < 5
#error we really need the userid cache
#endif
-typedef struct user_id_db {
- struct user_id_db *next;
- keyid_list_t keyids;
- int len;
- char name[1];
+typedef struct user_id_db
+{
+ struct user_id_db *next;
+ keyid_list_t keyids;
+ int len;
+ char name[1];
} *user_id_db_t;
static user_id_db_t user_id_db;
-static int uid_cache_entries; /* number of entries in uid cache */
+static int uid_cache_entries; /* Number of entries in uid cache. */
-static void merge_selfsigs( KBNODE keyblock );
-static int lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode );
+static void merge_selfsigs (KBNODE keyblock);
+static int lookup (GETKEY_CTX ctx, KBNODE * ret_keyblock, int secmode);
#if 0
static void
-print_stats()
+print_stats ()
{
- int i;
- for(i=0; i < DIM(lkup_stats); i++ ) {
- if( lkup_stats[i].any )
- fprintf(stderr,
- "lookup stats: mode=%-2d ok=%-6d nokey=%-6d err=%-6d\n",
- i,
- lkup_stats[i].okay_count,
- lkup_stats[i].nokey_count,
- lkup_stats[i].error_count );
+ int i;
+ for (i = 0; i < DIM (lkup_stats); i++)
+ {
+ if (lkup_stats[i].any)
+ fprintf (stderr,
+ "lookup stats: mode=%-2d ok=%-6d nokey=%-6d err=%-6d\n",
+ i,
+ lkup_stats[i].okay_count,
+ lkup_stats[i].nokey_count, lkup_stats[i].error_count);
}
}
#endif
void
-cache_public_key( PKT_public_key *pk )
+cache_public_key (PKT_public_key * pk)
{
#if MAX_PK_CACHE_ENTRIES
- pk_cache_entry_t ce;
- u32 keyid[2];
+ pk_cache_entry_t ce;
+ u32 keyid[2];
- if( pk_cache_disabled )
- return;
+ if (pk_cache_disabled)
+ return;
- if( pk->dont_cache )
- return;
+ if (pk->dont_cache)
+ return;
- if( is_ELGAMAL(pk->pubkey_algo)
- || pk->pubkey_algo == PUBKEY_ALGO_DSA
- || is_RSA(pk->pubkey_algo) ) {
- keyid_from_pk( pk, keyid );
+ if (is_ELGAMAL (pk->pubkey_algo)
+ || pk->pubkey_algo == PUBKEY_ALGO_DSA || is_RSA (pk->pubkey_algo))
+ {
+ keyid_from_pk (pk, keyid);
}
- else
- return; /* don't know how to get the keyid */
-
- for( ce = pk_cache; ce; ce = ce->next )
- if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
- if( DBG_CACHE )
- log_debug("cache_public_key: already in cache\n");
- return;
- }
+ else
+ return; /* Don't know how to get the keyid. */
- if( pk_cache_entries >= MAX_PK_CACHE_ENTRIES ) {
- /* fixme: use another algorithm to free some cache slots */
- pk_cache_disabled=1;
- if( opt.verbose > 1 )
- log_info(_("too many entries in pk cache - disabled\n"));
+ for (ce = pk_cache; ce; ce = ce->next)
+ if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ {
+ if (DBG_CACHE)
+ log_debug ("cache_public_key: already in cache\n");
return;
+ }
+
+ if (pk_cache_entries >= MAX_PK_CACHE_ENTRIES)
+ {
+ /* fixme: Use another algorithm to free some cache slots. */
+ pk_cache_disabled = 1;
+ if (opt.verbose > 1)
+ log_info (_("too many entries in pk cache - disabled\n"));
+ return;
}
- pk_cache_entries++;
- ce = xmalloc( sizeof *ce );
- ce->next = pk_cache;
- pk_cache = ce;
- ce->pk = copy_public_key( NULL, pk );
- ce->keyid[0] = keyid[0];
- ce->keyid[1] = keyid[1];
+ pk_cache_entries++;
+ ce = xmalloc (sizeof *ce);
+ ce->next = pk_cache;
+ pk_cache = ce;
+ ce->pk = copy_public_key (NULL, pk);
+ ce->keyid[0] = keyid[0];
+ ce->keyid[1] = keyid[1];
#endif
}
/* Return a const utf-8 string with the text "[User ID not found]".
- This fucntion is required so that we don't need to switch gettext's
- encoding temporary. */
+ This function is required so that we don't need to switch gettext's
+ encoding temporary. */
static const char *
user_id_not_found_utf8 (void)
{
@@ -178,39 +185,40 @@ user_id_not_found_utf8 (void)
-/*
- * Return the user ID from the given keyblock.
+/* Return the user ID from the given keyblock.
* We use the primary uid flag which has been set by the merge_selfsigs
* function. The returned value is only valid as long as then given
- * keyblock is not changed
- */
+ * keyblock is not changed. */
static const char *
-get_primary_uid ( KBNODE keyblock, size_t *uidlen )
+get_primary_uid (KBNODE keyblock, size_t * uidlen)
{
- KBNODE k;
- const char *s;
-
- for (k=keyblock; k; k=k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID
- && !k->pkt->pkt.user_id->attrib_data
- && k->pkt->pkt.user_id->is_primary ) {
- *uidlen = k->pkt->pkt.user_id->len;
- return k->pkt->pkt.user_id->name;
- }
- }
- s = user_id_not_found_utf8 ();
- *uidlen = strlen (s);
- return s;
+ KBNODE k;
+ const char *s;
+
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data
+ && k->pkt->pkt.user_id->is_primary)
+ {
+ *uidlen = k->pkt->pkt.user_id->len;
+ return k->pkt->pkt.user_id->name;
+ }
+ }
+ s = user_id_not_found_utf8 ();
+ *uidlen = strlen (s);
+ return s;
}
static void
-release_keyid_list ( keyid_list_t k )
+release_keyid_list (keyid_list_t k)
{
- while ( k ) {
- keyid_list_t k2 = k->next;
- xfree (k);
- k = k2;
+ while (k)
+ {
+ keyid_list_t k2 = k->next;
+ xfree (k);
+ k = k2;
}
}
@@ -219,203 +227,211 @@ release_keyid_list ( keyid_list_t k )
* Feed only public keys to this function.
*/
static void
-cache_user_id( KBNODE keyblock )
+cache_user_id (KBNODE keyblock)
{
- user_id_db_t r;
- const char *uid;
- size_t uidlen;
- keyid_list_t keyids = NULL;
- KBNODE k;
-
- for (k=keyblock; k; k = k->next ) {
- if ( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- keyid_list_t a = xmalloc_clear ( sizeof *a );
- /* Hmmm: For a long list of keyids it might be an advantage
- * to append the keys */
- keyid_from_pk( k->pkt->pkt.public_key, a->keyid );
- /* first check for duplicates */
- for(r=user_id_db; r; r = r->next ) {
- keyid_list_t b = r->keyids;
- for ( b = r->keyids; b; b = b->next ) {
- if( b->keyid[0] == a->keyid[0]
- && b->keyid[1] == a->keyid[1] ) {
- if( DBG_CACHE )
- log_debug("cache_user_id: already in cache\n");
- release_keyid_list ( keyids );
- xfree ( a );
- return;
- }
- }
- }
- /* now put it into the cache */
- a->next = keyids;
- keyids = a;
- }
- }
- if ( !keyids )
- BUG (); /* No key no fun */
-
-
- uid = get_primary_uid ( keyblock, &uidlen );
-
- if( uid_cache_entries >= MAX_UID_CACHE_ENTRIES ) {
- /* fixme: use another algorithm to free some cache slots */
- r = user_id_db;
- user_id_db = r->next;
- release_keyid_list ( r->keyids );
- xfree(r);
- uid_cache_entries--;
- }
- r = xmalloc( sizeof *r + uidlen-1 );
- r->keyids = keyids;
- r->len = uidlen;
- memcpy(r->name, uid, r->len);
- r->next = user_id_db;
- user_id_db = r;
- uid_cache_entries++;
+ user_id_db_t r;
+ const char *uid;
+ size_t uidlen;
+ keyid_list_t keyids = NULL;
+ KBNODE k;
+
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ keyid_list_t a = xmalloc_clear (sizeof *a);
+ /* Hmmm: For a long list of keyids it might be an advantage
+ * to append the keys. */
+ keyid_from_pk (k->pkt->pkt.public_key, a->keyid);
+ /* First check for duplicates. */
+ for (r = user_id_db; r; r = r->next)
+ {
+ keyid_list_t b = r->keyids;
+ for (b = r->keyids; b; b = b->next)
+ {
+ if (b->keyid[0] == a->keyid[0]
+ && b->keyid[1] == a->keyid[1])
+ {
+ if (DBG_CACHE)
+ log_debug ("cache_user_id: already in cache\n");
+ release_keyid_list (keyids);
+ xfree (a);
+ return;
+ }
+ }
+ }
+ /* Now put it into the cache. */
+ a->next = keyids;
+ keyids = a;
+ }
+ }
+ if (!keyids)
+ BUG (); /* No key no fun. */
+
+
+ uid = get_primary_uid (keyblock, &uidlen);
+
+ if (uid_cache_entries >= MAX_UID_CACHE_ENTRIES)
+ {
+ /* fixme: use another algorithm to free some cache slots */
+ r = user_id_db;
+ user_id_db = r->next;
+ release_keyid_list (r->keyids);
+ xfree (r);
+ uid_cache_entries--;
+ }
+ r = xmalloc (sizeof *r + uidlen - 1);
+ r->keyids = keyids;
+ r->len = uidlen;
+ memcpy (r->name, uid, r->len);
+ r->next = user_id_db;
+ user_id_db = r;
+ uid_cache_entries++;
}
void
-getkey_disable_caches()
+getkey_disable_caches ()
{
#if MAX_PK_CACHE_ENTRIES
- {
- pk_cache_entry_t ce, ce2;
+ {
+ pk_cache_entry_t ce, ce2;
- for( ce = pk_cache; ce; ce = ce2 ) {
- ce2 = ce->next;
- free_public_key( ce->pk );
- xfree( ce );
- }
- pk_cache_disabled=1;
- pk_cache_entries = 0;
- pk_cache = NULL;
- }
+ for (ce = pk_cache; ce; ce = ce2)
+ {
+ ce2 = ce->next;
+ free_public_key (ce->pk);
+ xfree (ce);
+ }
+ pk_cache_disabled = 1;
+ pk_cache_entries = 0;
+ pk_cache = NULL;
+ }
#endif
- /* fixme: disable user id cache ? */
+ /* fixme: disable user id cache ? */
}
static void
-pk_from_block ( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE keyblock )
+pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock)
{
- KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+ KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+
+ assert (a->pkt->pkttype == PKT_PUBLIC_KEY
+ || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
- assert ( a->pkt->pkttype == PKT_PUBLIC_KEY
- || a->pkt->pkttype == PKT_PUBLIC_SUBKEY );
-
- copy_public_key ( pk, a->pkt->pkt.public_key );
+ copy_public_key (pk, a->pkt->pkt.public_key);
}
static void
-sk_from_block ( GETKEY_CTX ctx,
- PKT_secret_key *sk, KBNODE keyblock )
+sk_from_block (GETKEY_CTX ctx, PKT_secret_key * sk, KBNODE keyblock)
{
- KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+ KBNODE a = ctx->found_key ? ctx->found_key : keyblock;
+
+ assert (a->pkt->pkttype == PKT_SECRET_KEY
+ || a->pkt->pkttype == PKT_SECRET_SUBKEY);
- assert ( a->pkt->pkttype == PKT_SECRET_KEY
- || a->pkt->pkttype == PKT_SECRET_SUBKEY );
-
- copy_secret_key( sk, a->pkt->pkt.secret_key);
+ copy_secret_key (sk, a->pkt->pkt.secret_key);
}
-/****************
- * Get a public key and store it into the allocated pk
- * can be called with PK set to NULL to just read it into some
- * internal structures.
- */
+/* Get a public key and store it into the allocated pk can be called
+ * with PK set to NULL to just read it into some internal
+ * structures. */
int
-get_pubkey( PKT_public_key *pk, u32 *keyid )
+get_pubkey (PKT_public_key * pk, u32 * keyid)
{
- int internal = 0;
- int rc = 0;
+ int internal = 0;
+ int rc = 0;
#if MAX_PK_CACHE_ENTRIES
- if(pk)
+ if (pk)
+ {
+ /* Try to get it from the cache. We don't do this when pk is
+ NULL as it does not guarantee that the user IDs are
+ cached. */
+ pk_cache_entry_t ce;
+ for (ce = pk_cache; ce; ce = ce->next)
+ {
+ if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ {
+ copy_public_key (pk, ce->pk);
+ return 0;
+ }
+ }
+ }
+#endif
+ /* More init stuff. */
+ if (!pk)
+ {
+ pk = xmalloc_clear (sizeof *pk);
+ internal++;
+ }
+
+
+ /* Do a lookup. */
+ {
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+ memset (&ctx, 0, sizeof ctx);
+ ctx.exact = 1; /* Use the key ID exactly as given. */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ ctx.req_algo = pk->req_algo;
+ ctx.req_usage = pk->req_usage;
+ rc = lookup (&ctx, &kb, 0);
+ if (!rc)
{
- /* Try to get it from the cache. We don't do this when pk is
- NULL as it does not guarantee that the user IDs are
- cached. */
- pk_cache_entry_t ce;
- for( ce = pk_cache; ce; ce = ce->next )
- {
- if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] )
- {
- copy_public_key( pk, ce->pk );
- return 0;
- }
- }
+ pk_from_block (&ctx, pk, kb);
}
-#endif
- /* more init stuff */
- if( !pk ) {
- pk = xmalloc_clear( sizeof *pk );
- internal++;
- }
-
-
- /* do a lookup */
- { struct getkey_ctx_s ctx;
- KBNODE kb = NULL;
- memset( &ctx, 0, sizeof ctx );
- ctx.exact = 1; /* use the key ID exactly as given */
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (0);
- ctx.nitems = 1;
- ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
- ctx.items[0].u.kid[0] = keyid[0];
- ctx.items[0].u.kid[1] = keyid[1];
- ctx.req_algo = pk->req_algo;
- ctx.req_usage = pk->req_usage;
- rc = lookup( &ctx, &kb, 0 );
- if ( !rc ) {
- pk_from_block ( &ctx, pk, kb );
- }
- get_pubkey_end( &ctx );
- release_kbnode ( kb );
- }
- if( !rc )
- goto leave;
+ get_pubkey_end (&ctx);
+ release_kbnode (kb);
+ }
+ if (!rc)
+ goto leave;
- rc = G10ERR_NO_PUBKEY;
+ rc = G10ERR_NO_PUBKEY;
- leave:
- if( !rc )
- cache_public_key( pk );
- if( internal )
- free_public_key(pk);
- return rc;
+leave:
+ if (!rc)
+ cache_public_key (pk);
+ if (internal)
+ free_public_key (pk);
+ return rc;
}
/* Get a public key and store it into the allocated pk. This function
differs from get_pubkey() in that it does not do a check of the key
to avoid recursion. It should be used only in very certain cases.
- It will only retrieve primary keys. */
+ It will only retrieve primary keys. */
int
-get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
+get_pubkey_fast (PKT_public_key * pk, u32 * keyid)
{
int rc = 0;
KEYDB_HANDLE hd;
KBNODE keyblock;
u32 pkid[2];
-
+
assert (pk);
#if MAX_PK_CACHE_ENTRIES
- { /* Try to get it from the cache */
+ {
+ /* Try to get it from the cache */
pk_cache_entry_t ce;
for (ce = pk_cache; ce; ce = ce->next)
{
- if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
- {
- if (pk)
- copy_public_key (pk, ce->pk);
- return 0;
- }
+ if (ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1])
+ {
+ if (pk)
+ copy_public_key (pk, ce->pk);
+ return 0;
+ }
}
}
#endif
@@ -429,20 +445,20 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
}
rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd);
- if (rc)
+ if (rc)
{
- log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
return G10ERR_NO_PUBKEY;
}
- assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
- || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+ assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+ || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
- keyid_from_pk(keyblock->pkt->pkt.public_key,pkid);
- if(keyid[0]==pkid[0] && keyid[1]==pkid[1])
- copy_public_key (pk, keyblock->pkt->pkt.public_key );
+ keyid_from_pk (keyblock->pkt->pkt.public_key, pkid);
+ if (keyid[0] == pkid[0] && keyid[1] == pkid[1])
+ copy_public_key (pk, keyblock->pkt->pkt.public_key);
else
- rc=G10ERR_NO_PUBKEY;
+ rc = G10ERR_NO_PUBKEY;
release_kbnode (keyblock);
@@ -454,24 +470,24 @@ get_pubkey_fast (PKT_public_key *pk, u32 *keyid)
KBNODE
-get_pubkeyblock( u32 *keyid )
+get_pubkeyblock (u32 * keyid)
{
- struct getkey_ctx_s ctx;
- int rc = 0;
- KBNODE keyblock = NULL;
+ struct getkey_ctx_s ctx;
+ int rc = 0;
+ KBNODE keyblock = NULL;
- memset( &ctx, 0, sizeof ctx );
- /* no need to set exact here because we want the entire block */
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (0);
- ctx.nitems = 1;
- ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
- ctx.items[0].u.kid[0] = keyid[0];
- ctx.items[0].u.kid[1] = keyid[1];
- rc = lookup( &ctx, &keyblock, 0 );
- get_pubkey_end( &ctx );
+ memset (&ctx, 0, sizeof ctx);
+ /* No need to set exact here because we want the entire block. */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ rc = lookup (&ctx, &keyblock, 0);
+ get_pubkey_end (&ctx);
- return rc ? NULL : keyblock;
+ return rc ? NULL : keyblock;
}
@@ -481,213 +497,222 @@ get_pubkeyblock( u32 *keyid )
* Get a secret key and store it into sk
*/
int
-get_seckey( PKT_secret_key *sk, u32 *keyid )
+get_seckey (PKT_secret_key * sk, u32 * keyid)
{
- int rc;
- struct getkey_ctx_s ctx;
- KBNODE kb = NULL;
+ int rc;
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
- memset( &ctx, 0, sizeof ctx );
- ctx.exact = 1; /* use the key ID exactly as given */
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (1);
- ctx.nitems = 1;
- ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
- ctx.items[0].u.kid[0] = keyid[0];
- ctx.items[0].u.kid[1] = keyid[1];
- ctx.req_algo = sk->req_algo;
- ctx.req_usage = sk->req_usage;
- rc = lookup( &ctx, &kb, 1 );
- if ( !rc ) {
- sk_from_block ( &ctx, sk, kb );
+ memset (&ctx, 0, sizeof ctx);
+ ctx.exact = 1; /* Use the key ID exactly as given. */
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (1);
+ ctx.nitems = 1;
+ ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx.items[0].u.kid[0] = keyid[0];
+ ctx.items[0].u.kid[1] = keyid[1];
+ ctx.req_algo = sk->req_algo;
+ ctx.req_usage = sk->req_usage;
+ rc = lookup (&ctx, &kb, 1);
+ if (!rc)
+ {
+ sk_from_block (&ctx, sk, kb);
}
- get_seckey_end( &ctx );
- release_kbnode ( kb );
+ get_seckey_end (&ctx);
+ release_kbnode (kb);
- if( !rc ) {
- /* check the secret key (this may prompt for a passprase to
- * unlock the secret key
- */
- rc = check_secret_key( sk, 0 );
+ if (!rc)
+ {
+ /* Check the secret key (this may prompt for a passprase to
+ * unlock the secret key. */
+ rc = check_secret_key (sk, 0);
}
- return rc;
+ return rc;
}
-/****************
- * Check whether the secret key is available. This is just a fast
+/* Check whether the secret key is available. This is just a fast
* check and does not tell us whether the secret key is valid. It
* merely tells other whether there is some secret key.
- * Returns: 0 := key is available
- * G10ERR_NO_SECKEY := not availabe
+ * Returns:
+ * 0 := key is available
+ * G10ERR_NO_SECKEY := key not availabe
*/
int
-seckey_available( u32 *keyid )
+seckey_available (u32 * keyid)
{
- int rc;
- KEYDB_HANDLE hd = keydb_new (1);
-
- rc = keydb_search_kid (hd, keyid);
- if ( rc == -1 )
- rc = G10ERR_NO_SECKEY;
- keydb_release (hd);
- return rc;
+ int rc;
+ KEYDB_HANDLE hd = keydb_new (1);
+
+ rc = keydb_search_kid (hd, keyid);
+ if (rc == -1)
+ rc = G10ERR_NO_SECKEY;
+ keydb_release (hd);
+ return rc;
}
static int
-skip_unusable (void *dummy, u32 *keyid, PKT_user_id *uid)
+skip_unusable (void *dummy, u32 * keyid, PKT_user_id * uid)
{
- int unusable=0;
+ int unusable = 0;
KBNODE keyblock;
-
- (void)dummy;
- keyblock=get_pubkeyblock(keyid);
- if(!keyblock)
+ (void) dummy;
+
+ keyblock = get_pubkeyblock (keyid);
+ if (!keyblock)
{
- log_error("error checking usability status of %s\n",keystr(keyid));
+ log_error ("error checking usability status of %s\n", keystr (keyid));
goto leave;
}
/* Is the user ID in question revoked/expired? */
- if(uid)
+ if (uid)
{
KBNODE node;
- for(node=keyblock;node;node=node->next)
+ for (node = keyblock; node; node = node->next)
{
- if(node->pkt->pkttype==PKT_USER_ID)
+ if (node->pkt->pkttype == PKT_USER_ID)
{
- if(cmp_user_ids(uid,node->pkt->pkt.user_id)==0
- && (node->pkt->pkt.user_id->is_revoked
- || node->pkt->pkt.user_id->is_expired))
+ if (cmp_user_ids (uid, node->pkt->pkt.user_id) == 0
+ && (node->pkt->pkt.user_id->is_revoked
+ || node->pkt->pkt.user_id->is_expired))
{
- unusable=1;
+ unusable = 1;
break;
}
}
}
}
- if(!unusable)
- unusable=pk_is_disabled(keyblock->pkt->pkt.public_key);
+ if (!unusable)
+ unusable = pk_is_disabled (keyblock->pkt->pkt.public_key);
- leave:
- release_kbnode(keyblock);
+leave:
+ release_kbnode (keyblock);
return unusable;
}
-/****************
- * Try to get the pubkey by the userid. This function looks for the
+
+/* Try to get the pubkey by the userid. This function looks for the
* first pubkey certificate which has the given name in a user_id. if
* pk/sk has the pubkey algo set, the function will only return a
* pubkey with that algo. If namelist is NULL, the first key is
* returned. The caller should provide storage for either the pk or
* the sk. If ret_kb is not NULL the function will return the
- * keyblock there.
- */
-
+ * keyblock there. */
static int
-key_byname( GETKEY_CTX *retctx, strlist_t namelist,
- PKT_public_key *pk, PKT_secret_key *sk,
+key_byname (GETKEY_CTX * retctx, strlist_t namelist,
+ PKT_public_key * pk, PKT_secret_key * sk,
int secmode, int include_unusable,
- KBNODE *ret_kb, KEYDB_HANDLE *ret_kdbhd )
+ KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
{
- int rc = 0;
- int n;
- strlist_t r;
- GETKEY_CTX ctx;
- KBNODE help_kb = NULL;
-
- if( retctx ) {/* reset the returned context in case of error */
- assert (!ret_kdbhd); /* not allowed because the handle is
- stored in the context */
- *retctx = NULL;
- }
- if (ret_kdbhd)
- *ret_kdbhd = NULL;
-
- if(!namelist)
- {
- ctx = xmalloc_clear (sizeof *ctx);
- ctx->nitems = 1;
- ctx->items[0].mode=KEYDB_SEARCH_MODE_FIRST;
- if(!include_unusable)
- ctx->items[0].skipfnc=skip_unusable;
- }
- else
- {
- /* build the search context */
- for(n=0, r=namelist; r; r = r->next )
- n++;
+ int rc = 0;
+ int n;
+ strlist_t r;
+ GETKEY_CTX ctx;
+ KBNODE help_kb = NULL;
- ctx = xmalloc_clear (sizeof *ctx + (n-1)*sizeof ctx->items );
- ctx->nitems = n;
+ if (retctx)
+ {
+ /* Reset the returned context in case of error. */
+ assert (!ret_kdbhd); /* Not allowed because the handle is stored
+ in the context. */
+ *retctx = NULL;
+ }
+ if (ret_kdbhd)
+ *ret_kdbhd = NULL;
- for(n=0, r=namelist; r; r = r->next, n++ )
- {
- gpg_error_t err;
+ if (!namelist)
+ {
+ ctx = xmalloc_clear (sizeof *ctx);
+ ctx->nitems = 1;
+ ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST;
+ if (!include_unusable)
+ ctx->items[0].skipfnc = skip_unusable;
+ }
+ else
+ {
+ /* Build the search context. */
+ for (n = 0, r = namelist; r; r = r->next)
+ n++;
- err = classify_user_id (r->d, &ctx->items[n]);
-
- if (ctx->items[n].exact)
- ctx->exact = 1;
- if (err)
- {
- xfree (ctx);
- return gpg_err_code (err); /* FIXME: remove gpg_err_code. */
- }
- if(!include_unusable
- && ctx->items[n].mode!=KEYDB_SEARCH_MODE_SHORT_KID
- && ctx->items[n].mode!=KEYDB_SEARCH_MODE_LONG_KID
- && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR16
- && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR20
- && ctx->items[n].mode!=KEYDB_SEARCH_MODE_FPR)
- ctx->items[n].skipfnc=skip_unusable;
- }
- }
+ ctx = xmalloc_clear (sizeof *ctx + (n - 1) * sizeof ctx->items);
+ ctx->nitems = n;
+
+ for (n = 0, r = namelist; r; r = r->next, n++)
+ {
+ gpg_error_t err;
+
+ err = classify_user_id (r->d, &ctx->items[n]);
+
+ if (ctx->items[n].exact)
+ ctx->exact = 1;
+ if (err)
+ {
+ xfree (ctx);
+ return gpg_err_code (err); /* FIXME: remove gpg_err_code. */
+ }
+ if (!include_unusable
+ && ctx->items[n].mode != KEYDB_SEARCH_MODE_SHORT_KID
+ && ctx->items[n].mode != KEYDB_SEARCH_MODE_LONG_KID
+ && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
+ && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
+ && ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
+ ctx->items[n].skipfnc = skip_unusable;
+ }
+ }
+
+ ctx->kr_handle = keydb_new (secmode);
+ if (!ret_kb)
+ ret_kb = &help_kb;
+
+ if (secmode)
+ {
+ if (sk)
+ {
+ ctx->req_algo = sk->req_algo;
+ ctx->req_usage = sk->req_usage;
+ }
+ rc = lookup (ctx, ret_kb, 1);
+ if (!rc && sk)
+ {
+ sk_from_block (ctx, sk, *ret_kb);
+ }
+ }
+ else
+ {
+ if (pk)
+ {
+ ctx->req_algo = pk->req_algo;
+ ctx->req_usage = pk->req_usage;
+ }
+ rc = lookup (ctx, ret_kb, 0);
+ if (!rc && pk)
+ {
+ pk_from_block (ctx, pk, *ret_kb);
+ }
+ }
- ctx->kr_handle = keydb_new (secmode);
- if ( !ret_kb )
- ret_kb = &help_kb;
-
- if( secmode ) {
- if (sk) {
- ctx->req_algo = sk->req_algo;
- ctx->req_usage = sk->req_usage;
- }
- rc = lookup( ctx, ret_kb, 1 );
- if ( !rc && sk ) {
- sk_from_block ( ctx, sk, *ret_kb );
- }
- }
- else {
- if (pk) {
- ctx->req_algo = pk->req_algo;
- ctx->req_usage = pk->req_usage;
- }
- rc = lookup( ctx, ret_kb, 0 );
- if ( !rc && pk ) {
- pk_from_block ( ctx, pk, *ret_kb );
- }
- }
-
- release_kbnode ( help_kb );
-
- if (retctx) /* caller wants the context */
- *retctx = ctx;
- else {
- if (ret_kdbhd) {
- *ret_kdbhd = ctx->kr_handle;
- ctx->kr_handle = NULL;
- }
- get_pubkey_end (ctx);
- }
-
- return rc;
+ release_kbnode (help_kb);
+
+ if (retctx) /* Caller wants the context. */
+ *retctx = ctx;
+ else
+ {
+ if (ret_kdbhd)
+ {
+ *ret_kdbhd = ctx->kr_handle;
+ ctx->kr_handle = NULL;
+ }
+ get_pubkey_end (ctx);
+ }
+
+ return rc;
}
@@ -700,10 +725,9 @@ key_byname( GETKEY_CTX *retctx, strlist_t namelist,
to import the key via the online mechanisms defined by
--auto-key-locate. */
int
-get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
- const char *name, KBNODE *ret_keyblock,
- KEYDB_HANDLE *ret_kdbhd, int include_unusable,
- int no_akl)
+get_pubkey_byname (GETKEY_CTX * retctx, PKT_public_key * pk,
+ const char *name, KBNODE * ret_keyblock,
+ KEYDB_HANDLE * ret_kdbhd, int include_unusable, int no_akl)
{
int rc;
strlist_t namelist = NULL;
@@ -719,7 +743,7 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
/* Check whether we the default local search has been disabled.
This is the case if either the "nodefault" or the "local" keyword
- are in the list of auto key locate mechanisms.
+ are in the list of auto key locate mechanisms.
ANYLOCALFIRST is set if the search order has the local method
before any other or if "local" is used first by default. This
@@ -728,19 +752,19 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
a followup call to get_pubkey_next shall succeed. */
if (!no_akl)
{
- for (akl=opt.auto_key_locate; akl; akl=akl->next)
- if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
- {
- nodefault = 1;
- break;
- }
- for (akl=opt.auto_key_locate; akl; akl=akl->next)
- if (akl->type != AKL_NODEFAULT)
- {
- if (akl->type == AKL_LOCAL)
- anylocalfirst = 1;
- break;
- }
+ for (akl = opt.auto_key_locate; akl; akl = akl->next)
+ if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
+ {
+ nodefault = 1;
+ break;
+ }
+ for (akl = opt.auto_key_locate; akl; akl = akl->next)
+ if (akl->type != AKL_NODEFAULT)
+ {
+ if (akl->type == AKL_LOCAL)
+ anylocalfirst = 1;
+ break;
+ }
}
if (!nodefault)
@@ -755,96 +779,98 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
{
add_to_strlist (&namelist, name);
rc = key_byname (retctx, namelist, pk, NULL, 0,
- include_unusable, ret_keyblock, ret_kdbhd);
+ include_unusable, ret_keyblock, ret_kdbhd);
}
/* If the requested name resembles a valid mailbox and automatic
retrieval has been enabled, we try to import the key. */
if (gpg_err_code (rc) == G10ERR_NO_PUBKEY && !no_akl && is_mbox)
{
- for (akl=opt.auto_key_locate; akl; akl=akl->next)
+ for (akl = opt.auto_key_locate; akl; akl = akl->next)
{
unsigned char *fpr = NULL;
size_t fpr_len;
- int did_key_byname = 0;
- int no_fingerprint = 0;
- const char *mechanism = "?";
-
- switch(akl->type)
+ int did_key_byname = 0;
+ int no_fingerprint = 0;
+ const char *mechanism = "?";
+
+ switch (akl->type)
{
- case AKL_NODEFAULT:
- /* This is a dummy mechanism. */
- mechanism = "None";
- rc = G10ERR_NO_PUBKEY;
- break;
-
- case AKL_LOCAL:
- mechanism = "Local";
- did_key_byname = 1;
- if (retctx)
- {
- get_pubkey_end (*retctx);
- *retctx = NULL;
- }
- add_to_strlist (&namelist, name);
- rc = key_byname (anylocalfirst? retctx:NULL,
- namelist, pk, NULL, 0,
- include_unusable, ret_keyblock, ret_kdbhd);
- break;
+ case AKL_NODEFAULT:
+ /* This is a dummy mechanism. */
+ mechanism = "None";
+ rc = G10ERR_NO_PUBKEY;
+ break;
+
+ case AKL_LOCAL:
+ mechanism = "Local";
+ did_key_byname = 1;
+ if (retctx)
+ {
+ get_pubkey_end (*retctx);
+ *retctx = NULL;
+ }
+ add_to_strlist (&namelist, name);
+ rc = key_byname (anylocalfirst ? retctx : NULL,
+ namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
+ break;
case AKL_CERT:
- mechanism = "DNS CERT";
+ mechanism = "DNS CERT";
glo_ctrl.in_auto_key_retrieve++;
- rc=keyserver_import_cert(name,&fpr,&fpr_len);
+ rc = keyserver_import_cert (name, &fpr, &fpr_len);
glo_ctrl.in_auto_key_retrieve--;
break;
case AKL_PKA:
- mechanism = "PKA";
+ mechanism = "PKA";
glo_ctrl.in_auto_key_retrieve++;
- rc=keyserver_import_pka(name,&fpr,&fpr_len);
+ rc = keyserver_import_pka (name, &fpr, &fpr_len);
glo_ctrl.in_auto_key_retrieve--;
break;
case AKL_LDAP:
- mechanism = "LDAP";
+ mechanism = "LDAP";
glo_ctrl.in_auto_key_retrieve++;
- rc=keyserver_import_ldap(name,&fpr,&fpr_len);
+ rc = keyserver_import_ldap (name, &fpr, &fpr_len);
glo_ctrl.in_auto_key_retrieve--;
break;
case AKL_KEYSERVER:
/* Strictly speaking, we don't need to only use a valid
- mailbox for the getname search, but it helps cut down
- on the problem of searching for something like "john"
- and getting a whole lot of keys back. */
- if(opt.keyserver)
+ mailbox for the getname search, but it helps cut down
+ on the problem of searching for something like "john"
+ and getting a whole lot of keys back. */
+ if (opt.keyserver)
{
- mechanism = opt.keyserver->uri;
+ mechanism = opt.keyserver->uri;
glo_ctrl.in_auto_key_retrieve++;
- rc=keyserver_import_name(name,&fpr,&fpr_len,opt.keyserver);
+ rc =
+ keyserver_import_name (name, &fpr, &fpr_len,
+ opt.keyserver);
glo_ctrl.in_auto_key_retrieve--;
}
- else
- {
- mechanism = "Unconfigured keyserver";
- rc = G10ERR_NO_PUBKEY;
- }
+ else
+ {
+ mechanism = "Unconfigured keyserver";
+ rc = G10ERR_NO_PUBKEY;
+ }
break;
case AKL_SPEC:
{
struct keyserver_spec *keyserver;
- mechanism = akl->spec->uri;
- keyserver=keyserver_match(akl->spec);
+ mechanism = akl->spec->uri;
+ keyserver = keyserver_match (akl->spec);
glo_ctrl.in_auto_key_retrieve++;
- rc=keyserver_import_name(name,&fpr,&fpr_len,keyserver);
+ rc = keyserver_import_name (name, &fpr, &fpr_len, keyserver);
glo_ctrl.in_auto_key_retrieve--;
}
break;
}
-
+
/* Use the fingerprint of the key that we actually fetched.
This helps prevent problems where the key that we fetched
doesn't have the same name that we used to fetch it. In
@@ -854,54 +880,55 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
won't use the attacker's key here. */
if (!rc && fpr)
{
- char fpr_string[MAX_FINGERPRINT_LEN*2+1];
+ char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
+
+ assert (fpr_len <= MAX_FINGERPRINT_LEN);
+
+ free_strlist (namelist);
+ namelist = NULL;
- assert(fpr_len<=MAX_FINGERPRINT_LEN);
+ bin2hex (fpr, fpr_len, fpr_string);
- free_strlist(namelist);
- namelist=NULL;
+ if (opt.verbose)
+ log_info ("auto-key-locate found fingerprint %s\n",
+ fpr_string);
- bin2hex (fpr, fpr_len, fpr_string);
-
- if(opt.verbose)
- log_info("auto-key-locate found fingerprint %s\n",fpr_string);
+ add_to_strlist (&namelist, fpr_string);
+ }
+ else if (!rc && !fpr && !did_key_byname)
+ {
+ no_fingerprint = 1;
+ rc = G10ERR_NO_PUBKEY;
+ }
+ xfree (fpr);
+ fpr = NULL;
- add_to_strlist( &namelist, fpr_string );
+ if (!rc && !did_key_byname)
+ {
+ if (retctx)
+ {
+ get_pubkey_end (*retctx);
+ *retctx = NULL;
+ }
+ rc = key_byname (anylocalfirst ? retctx : NULL,
+ namelist, pk, NULL, 0,
+ include_unusable, ret_keyblock, ret_kdbhd);
}
- else if (!rc && !fpr && !did_key_byname)
- {
- no_fingerprint = 1;
- rc = G10ERR_NO_PUBKEY;
- }
- xfree (fpr);
- fpr = NULL;
-
- if (!rc && !did_key_byname)
- {
- if (retctx)
- {
- get_pubkey_end (*retctx);
- *retctx = NULL;
- }
- rc = key_byname (anylocalfirst?retctx:NULL,
- namelist, pk, NULL, 0,
- include_unusable, ret_keyblock, ret_kdbhd);
- }
if (!rc)
- {
- /* Key found. */
- log_info (_("automatically retrieved `%s' via %s\n"),
- name, mechanism);
- break;
- }
- if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
- log_info (_("error retrieving `%s' via %s: %s\n"),
- name, mechanism,
- no_fingerprint? _("No fingerprint"):g10_errstr(rc));
+ {
+ /* Key found. */
+ log_info (_("automatically retrieved `%s' via %s\n"),
+ name, mechanism);
+ break;
+ }
+ if (rc != G10ERR_NO_PUBKEY || opt.verbose || no_fingerprint)
+ log_info (_("error retrieving `%s' via %s: %s\n"),
+ name, mechanism,
+ no_fingerprint ? _("No fingerprint") : g10_errstr (rc));
}
}
-
+
if (rc && retctx)
{
get_pubkey_end (*retctx);
@@ -920,70 +947,71 @@ get_pubkey_byname (GETKEY_CTX *retctx, PKT_public_key *pk,
int
-get_pubkey_bynames( GETKEY_CTX *retctx, PKT_public_key *pk,
- strlist_t names, KBNODE *ret_keyblock )
+get_pubkey_bynames (GETKEY_CTX * retctx, PKT_public_key * pk,
+ strlist_t names, KBNODE * ret_keyblock)
{
- return key_byname( retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
+ return key_byname (retctx, names, pk, NULL, 0, 1, ret_keyblock, NULL);
}
int
-get_pubkey_next( GETKEY_CTX ctx, PKT_public_key *pk, KBNODE *ret_keyblock )
+get_pubkey_next (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE * ret_keyblock)
{
- int rc;
+ int rc;
+
+ rc = lookup (ctx, ret_keyblock, 0);
+ if (!rc && pk && ret_keyblock)
+ pk_from_block (ctx, pk, *ret_keyblock);
- rc = lookup( ctx, ret_keyblock, 0 );
- if ( !rc && pk && ret_keyblock )
- pk_from_block ( ctx, pk, *ret_keyblock );
-
- return rc;
+ return rc;
}
void
-get_pubkey_end( GETKEY_CTX ctx )
+get_pubkey_end (GETKEY_CTX ctx)
{
- if( ctx ) {
- memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
- keydb_release (ctx->kr_handle);
- free_strlist (ctx->extra_list);
- if( !ctx->not_allocated )
- xfree( ctx );
+ if (ctx)
+ {
+ memset (&ctx->kbpos, 0, sizeof ctx->kbpos);
+ keydb_release (ctx->kr_handle);
+ free_strlist (ctx->extra_list);
+ if (!ctx->not_allocated)
+ xfree (ctx);
}
}
-/****************
- * Search for a key with the given fingerprint.
+/* Search for a key with the given fingerprint.
* FIXME:
- * We should replace this with the _byname function. Thiscsan be done
- * by creating a userID conforming to the unified fingerprint style.
+ * We should replace this with the _byname function. This can be done
+ * by creating a userID conforming to the unified fingerprint style.
*/
int
-get_pubkey_byfprint( PKT_public_key *pk,
- const byte *fprint, size_t fprint_len)
+get_pubkey_byfprint (PKT_public_key * pk,
+ const byte * fprint, size_t fprint_len)
{
- int rc;
-
- if( fprint_len == 20 || fprint_len == 16 ) {
- struct getkey_ctx_s ctx;
- KBNODE kb = NULL;
-
- memset( &ctx, 0, sizeof ctx );
- ctx.exact = 1 ;
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (0);
- ctx.nitems = 1;
- ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20;
- memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
- rc = lookup( &ctx, &kb, 0 );
- if (!rc && pk )
- pk_from_block ( &ctx, pk, kb );
- release_kbnode ( kb );
- get_pubkey_end( &ctx );
- }
- else
- rc = G10ERR_GENERAL; /* Oops */
- return rc;
+ int rc;
+
+ if (fprint_len == 20 || fprint_len == 16)
+ {
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+
+ memset (&ctx, 0, sizeof ctx);
+ ctx.exact = 1;
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20;
+ memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ rc = lookup (&ctx, &kb, 0);
+ if (!rc && pk)
+ pk_from_block (&ctx, pk, kb);
+ release_kbnode (kb);
+ get_pubkey_end (&ctx);
+ }
+ else
+ rc = G10ERR_GENERAL; /* Oops */
+ return rc;
}
@@ -991,20 +1019,20 @@ get_pubkey_byfprint( PKT_public_key *pk,
differs from get_pubkey_byfprint() in that it does not do a check
of the key to avoid recursion. It should be used only in very
certain cases. PK may be NULL to check just for the existance of
- the key. */
+ the key. */
int
-get_pubkey_byfprint_fast (PKT_public_key *pk,
- const byte *fprint, size_t fprint_len)
+get_pubkey_byfprint_fast (PKT_public_key * pk,
+ const byte * fprint, size_t fprint_len)
{
int rc = 0;
KEYDB_HANDLE hd;
KBNODE keyblock;
byte fprbuf[MAX_FINGERPRINT_LEN];
int i;
-
- for (i=0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
+
+ for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
fprbuf[i] = fprint[i];
- while (i < MAX_FINGERPRINT_LEN)
+ while (i < MAX_FINGERPRINT_LEN)
fprbuf[i++] = 0;
hd = keydb_new (0);
@@ -1016,16 +1044,16 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
}
rc = keydb_get_keyblock (hd, &keyblock);
keydb_release (hd);
- if (rc)
+ if (rc)
{
- log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
return G10ERR_NO_PUBKEY;
}
-
- assert ( keyblock->pkt->pkttype == PKT_PUBLIC_KEY
- || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+
+ assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+ || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
if (pk)
- copy_public_key (pk, keyblock->pkt->pkt.public_key );
+ copy_public_key (pk, keyblock->pkt->pkt.public_key);
release_kbnode (keyblock);
/* Not caching key here since it won't have all of the fields
@@ -1034,304 +1062,313 @@ get_pubkey_byfprint_fast (PKT_public_key *pk,
return 0;
}
-/****************
- * Search for a key with the given fingerprint and return the
- * complete keyblock which may have more than only this key.
- */
+
+/* Search for a key with the given fingerprint and return the
+ * complete keyblock which may have more than only this key. */
int
-get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
- size_t fprint_len )
+get_keyblock_byfprint (KBNODE * ret_keyblock, const byte * fprint,
+ size_t fprint_len)
{
- int rc;
-
- if( fprint_len == 20 || fprint_len == 16 ) {
- struct getkey_ctx_s ctx;
+ int rc;
- memset( &ctx, 0, sizeof ctx );
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (0);
- ctx.nitems = 1;
- ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20;
- memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
- rc = lookup( &ctx, ret_keyblock, 0 );
- get_pubkey_end( &ctx );
+ if (fprint_len == 20 || fprint_len == 16)
+ {
+ struct getkey_ctx_s ctx;
+
+ memset (&ctx, 0, sizeof ctx);
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (0);
+ ctx.nitems = 1;
+ ctx.items[0].mode = (fprint_len == 16
+ ? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20);
+ memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ rc = lookup (&ctx, ret_keyblock, 0);
+ get_pubkey_end (&ctx);
}
- else
- rc = G10ERR_GENERAL; /* Oops */
+ else
+ rc = G10ERR_GENERAL; /* Oops */
- return rc;
+ return rc;
}
-/****************
- * Get a secret key by name and store it into sk
- * If NAME is NULL use the default key
- */
+/* Get a secret key by name and store it into sk.
+ * If NAME is NULL use the default key. */
static int
-get_seckey_byname2( GETKEY_CTX *retctx,
- PKT_secret_key *sk, const char *name, int unprotect,
- KBNODE *retblock )
+get_seckey_byname2 (GETKEY_CTX * retctx,
+ PKT_secret_key * sk, const char *name, int unprotect,
+ KBNODE * retblock)
{
strlist_t namelist = NULL;
- int rc,include_unusable=1;
+ int rc, include_unusable = 1;
/* If we have no name, try to use the default secret key. If we
have no default, we'll use the first usable one. */
- if( !name && opt.def_secret_key && *opt.def_secret_key )
- add_to_strlist( &namelist, opt.def_secret_key );
- else if(name)
- add_to_strlist( &namelist, name );
+ if (!name && opt.def_secret_key && *opt.def_secret_key)
+ add_to_strlist (&namelist, opt.def_secret_key);
+ else if (name)
+ add_to_strlist (&namelist, name);
else
- include_unusable=0;
+ include_unusable = 0;
- rc = key_byname( retctx, namelist, NULL, sk, 1, include_unusable,
- retblock, NULL );
+ rc = key_byname (retctx, namelist, NULL, sk, 1, include_unusable,
+ retblock, NULL);
- free_strlist( namelist );
+ free_strlist (namelist);
- if( !rc && unprotect )
- rc = check_secret_key( sk, 0 );
+ if (!rc && unprotect)
+ rc = check_secret_key (sk, 0);
return rc;
}
-int
-get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock )
+int
+get_seckey_byname (PKT_secret_key * sk, const char *name, int unlock)
{
- return get_seckey_byname2 ( NULL, sk, name, unlock, NULL );
+ return get_seckey_byname2 (NULL, sk, name, unlock, NULL);
}
int
-get_seckey_bynames( GETKEY_CTX *retctx, PKT_secret_key *sk,
- strlist_t names, KBNODE *ret_keyblock )
+get_seckey_bynames (GETKEY_CTX * retctx, PKT_secret_key * sk,
+ strlist_t names, KBNODE * ret_keyblock)
{
- return key_byname( retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL );
+ return key_byname (retctx, names, NULL, sk, 1, 1, ret_keyblock, NULL);
}
int
-get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock )
+get_seckey_next (GETKEY_CTX ctx, PKT_secret_key * sk, KBNODE * ret_keyblock)
{
- int rc;
+ int rc;
- rc = lookup( ctx, ret_keyblock, 1 );
- if ( !rc && sk && ret_keyblock )
- sk_from_block ( ctx, sk, *ret_keyblock );
+ rc = lookup (ctx, ret_keyblock, 1);
+ if (!rc && sk && ret_keyblock)
+ sk_from_block (ctx, sk, *ret_keyblock);
- return rc;
+ return rc;
}
void
-get_seckey_end( GETKEY_CTX ctx )
+get_seckey_end (GETKEY_CTX ctx)
{
- get_pubkey_end( ctx );
+ get_pubkey_end (ctx);
}
-/****************
- * Search for a key with the given fingerprint.
+/* Search for a key with the given fingerprint.
* FIXME:
* We should replace this with the _byname function. Thiscsan be done
- * by creating a userID conforming to the unified fingerprint style.
- */
+ * by creating a userID conforming to the unified fingerprint style. */
int
-get_seckey_byfprint( PKT_secret_key *sk,
- const byte *fprint, size_t fprint_len)
+get_seckey_byfprint (PKT_secret_key * sk,
+ const byte * fprint, size_t fprint_len)
{
- int rc;
-
- if( fprint_len == 20 || fprint_len == 16 ) {
- struct getkey_ctx_s ctx;
- KBNODE kb = NULL;
-
- memset( &ctx, 0, sizeof ctx );
- ctx.exact = 1 ;
- ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new (1);
- ctx.nitems = 1;
- ctx.items[0].mode = fprint_len==16? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20;
- memcpy( ctx.items[0].u.fpr, fprint, fprint_len );
- rc = lookup( &ctx, &kb, 1 );
- if (!rc && sk )
- sk_from_block ( &ctx, sk, kb );
- release_kbnode ( kb );
- get_seckey_end( &ctx );
- }
- else
- rc = G10ERR_GENERAL; /* Oops */
- return rc;
+ int rc;
+
+ if (fprint_len == 20 || fprint_len == 16)
+ {
+ struct getkey_ctx_s ctx;
+ KBNODE kb = NULL;
+
+ memset (&ctx, 0, sizeof ctx);
+ ctx.exact = 1;
+ ctx.not_allocated = 1;
+ ctx.kr_handle = keydb_new (1);
+ ctx.nitems = 1;
+ ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
+ : KEYDB_SEARCH_MODE_FPR20;
+ memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
+ rc = lookup (&ctx, &kb, 1);
+ if (!rc && sk)
+ sk_from_block (&ctx, sk, kb);
+ release_kbnode (kb);
+ get_seckey_end (&ctx);
+ }
+ else
+ rc = G10ERR_GENERAL; /* Oops */
+ return rc;
}
/* Search for a secret key with the given fingerprint and return the
complete keyblock which may have more than only this key. */
int
-get_seckeyblock_byfprint (KBNODE *ret_keyblock, const byte *fprint,
- size_t fprint_len )
+get_seckeyblock_byfprint (KBNODE * ret_keyblock, const byte * fprint,
+ size_t fprint_len)
{
int rc;
struct getkey_ctx_s ctx;
-
+
if (fprint_len != 20 && fprint_len == 16)
- return G10ERR_GENERAL; /* Oops */
-
+ return G10ERR_GENERAL; /* Oops */
+
memset (&ctx, 0, sizeof ctx);
ctx.not_allocated = 1;
ctx.kr_handle = keydb_new (1);
ctx.nitems = 1;
- ctx.items[0].mode = (fprint_len==16
- ? KEYDB_SEARCH_MODE_FPR16
- : KEYDB_SEARCH_MODE_FPR20);
+ ctx.items[0].mode = (fprint_len == 16
+ ? KEYDB_SEARCH_MODE_FPR16 : KEYDB_SEARCH_MODE_FPR20);
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
rc = lookup (&ctx, ret_keyblock, 1);
get_seckey_end (&ctx);
-
+
return rc;
}
-
/************************************************
************* Merging stuff ********************
************************************************/
-/****************
- * merge all selfsignatures with the keys.
+/* Merge all self-signatures with the keys.
+
* FIXME: replace this at least for the public key parts
* by merge_selfsigs.
* It is still used in keyedit.c and
* at 2 or 3 other places - check whether it is really needed.
* It might be needed by the key edit and import stuff because
- * the keylock is changed.
- */
+ * the keylock is changed. */
void
-merge_keys_and_selfsig( KBNODE keyblock )
+merge_keys_and_selfsig (KBNODE keyblock)
{
- PKT_public_key *pk = NULL;
- PKT_secret_key *sk = NULL;
- PKT_signature *sig;
- KBNODE k;
- u32 kid[2] = { 0, 0 };
- u32 sigdate = 0;
-
- if (keyblock && keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) {
- /* divert to our new function */
- merge_selfsigs (keyblock);
- return;
- }
- /* still need the old one because the new one can't handle secret keys */
-
- for(k=keyblock; k; k = k->next ) {
- if( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- pk = k->pkt->pkt.public_key; sk = NULL;
- if( pk->version < 4 )
- pk = NULL; /* not needed for old keys */
- else if( k->pkt->pkttype == PKT_PUBLIC_KEY )
- keyid_from_pk( pk, kid );
- else if( !pk->expiredate ) { /* and subkey */
- /* insert the expiration date here */
- /*FIXME!!! pk->expiredate = subkeys_expiretime( k, kid );*/
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
+ PKT_signature *sig;
+ KBNODE k;
+ u32 kid[2] = { 0, 0 };
+ u32 sigdate = 0;
+
+ if (keyblock && keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ /* Divert to our new function. */
+ merge_selfsigs (keyblock);
+ return;
+ }
+
+ /* Still need the old one because the new one can't handle secret keys. */
+
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ pk = k->pkt->pkt.public_key;
+ sk = NULL;
+ if (pk->version < 4)
+ pk = NULL; /* Not needed for old keys. */
+ else if (k->pkt->pkttype == PKT_PUBLIC_KEY)
+ keyid_from_pk (pk, kid);
+ else if (!pk->expiredate)
+ {
+ /* and subkey */
+ /* insert the expiration date here */
+ /*FIXME!!! pk->expiredate = subkeys_expiretime( k, kid ); */
}
- sigdate = 0;
+ sigdate = 0;
}
- else if( k->pkt->pkttype == PKT_SECRET_KEY
- || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- pk = NULL; sk = k->pkt->pkt.secret_key;
- if( sk->version < 4 )
- sk = NULL;
- else if( k->pkt->pkttype == PKT_SECRET_KEY )
- keyid_from_sk( sk, kid );
- sigdate = 0;
+ else if (k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ pk = NULL;
+ sk = k->pkt->pkt.secret_key;
+ if (sk->version < 4)
+ sk = NULL;
+ else if (k->pkt->pkttype == PKT_SECRET_KEY)
+ keyid_from_sk (sk, kid);
+ sigdate = 0;
}
- else if( (pk || sk ) && k->pkt->pkttype == PKT_SIGNATURE
- && (sig=k->pkt->pkt.signature)->sig_class >= 0x10
- && sig->sig_class <= 0x30 && sig->version > 3
- && !(sig->sig_class == 0x18 || sig->sig_class == 0x28)
- && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1] ) {
- /* okay this is a self-signature which can be used.
- * This is not used for subkey binding signature, becuase this
- * is done above.
- * FIXME: We should only use this if the signature is valid
- * but this is time consuming - we must provide another
- * way to handle this
- */
- const byte *p;
- u32 ed;
-
- p = parse_sig_subpkt( sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL );
- if( pk ) {
- ed = p? pk->timestamp + buffer_to_u32(p):0;
- if( sig->timestamp > sigdate ) {
- pk->expiredate = ed;
- sigdate = sig->timestamp;
+ else if ((pk || sk) && k->pkt->pkttype == PKT_SIGNATURE
+ && (sig = k->pkt->pkt.signature)->sig_class >= 0x10
+ && sig->sig_class <= 0x30 && sig->version > 3
+ && !(sig->sig_class == 0x18 || sig->sig_class == 0x28)
+ && sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
+ {
+ /* okay this is a self-signature which can be used.
+ * This is not used for subkey binding signature, becuase this
+ * is done above.
+ * FIXME: We should only use this if the signature is valid
+ * but this is time consuming - we must provide another
+ * way to handle this
+ */
+ const byte *p;
+ u32 ed;
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if (pk)
+ {
+ ed = p ? pk->timestamp + buffer_to_u32 (p) : 0;
+ if (sig->timestamp > sigdate)
+ {
+ pk->expiredate = ed;
+ sigdate = sig->timestamp;
}
}
- else {
- ed = p? sk->timestamp + buffer_to_u32(p):0;
- if( sig->timestamp > sigdate ) {
- sk->expiredate = ed;
- sigdate = sig->timestamp;
+ else
+ {
+ ed = p ? sk->timestamp + buffer_to_u32 (p) : 0;
+ if (sig->timestamp > sigdate)
+ {
+ sk->expiredate = ed;
+ sigdate = sig->timestamp;
}
}
}
- if(pk && (pk->expiredate==0 ||
- (pk->max_expiredate && pk->expiredate>pk->max_expiredate)))
- pk->expiredate=pk->max_expiredate;
+ if (pk && (pk->expiredate == 0 ||
+ (pk->max_expiredate && pk->expiredate > pk->max_expiredate)))
+ pk->expiredate = pk->max_expiredate;
- if(sk && (sk->expiredate==0 ||
- (sk->max_expiredate && sk->expiredate>sk->max_expiredate)))
- sk->expiredate=sk->max_expiredate;
+ if (sk && (sk->expiredate == 0 ||
+ (sk->max_expiredate && sk->expiredate > sk->max_expiredate)))
+ sk->expiredate = sk->max_expiredate;
}
}
static int
-parse_key_usage(PKT_signature *sig)
+parse_key_usage (PKT_signature * sig)
{
- int key_usage=0;
+ int key_usage = 0;
const byte *p;
size_t n;
byte flags;
- p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_KEY_FLAGS,&n);
- if(p && n)
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_FLAGS, &n);
+ if (p && n)
{
- /* first octet of the keyflags */
- flags=*p;
+ /* First octet of the keyflags. */
+ flags = *p;
- if(flags & 1)
+ if (flags & 1)
{
key_usage |= PUBKEY_USAGE_CERT;
- flags&=~1;
+ flags &= ~1;
}
- if(flags & 2)
+ if (flags & 2)
{
key_usage |= PUBKEY_USAGE_SIG;
- flags&=~2;
+ flags &= ~2;
}
/* We do not distinguish between encrypting communications and
- encrypting storage. */
- if(flags & (0x04|0x08))
+ encrypting storage. */
+ if (flags & (0x04 | 0x08))
{
key_usage |= PUBKEY_USAGE_ENC;
- flags&=~(0x04|0x08);
+ flags &= ~(0x04 | 0x08);
}
- if(flags & 0x20)
+ if (flags & 0x20)
{
key_usage |= PUBKEY_USAGE_AUTH;
- flags&=~0x20;
+ flags &= ~0x20;
}
- if(flags)
+ if (flags)
key_usage |= PUBKEY_USAGE_UNKNOWN;
}
@@ -1344,8 +1381,8 @@ parse_key_usage(PKT_signature *sig)
return key_usage;
}
-/*
- * Apply information from SIGNODE (which is the valid self-signature
+
+/* Apply information from SIGNODE (which is the valid self-signature
* associated with that UID) to the UIDNODE:
* - wether the UID has been revoked
* - assumed creation date of the UID
@@ -1355,108 +1392,115 @@ parse_key_usage(PKT_signature *sig)
* - store the preferences
*/
static void
-fixup_uidnode ( KBNODE uidnode, KBNODE signode, u32 keycreated )
+fixup_uidnode (KBNODE uidnode, KBNODE signode, u32 keycreated)
{
- PKT_user_id *uid = uidnode->pkt->pkt.user_id;
- PKT_signature *sig = signode->pkt->pkt.signature;
- const byte *p, *sym, *hash, *zip;
- size_t n, nsym, nhash, nzip;
-
- sig->flags.chosen_selfsig = 1; /* we chose this one */
- uid->created = 0; /* not created == invalid */
- if ( IS_UID_REV ( sig ) )
- {
- uid->is_revoked = 1;
- return; /* has been revoked */
- }
- else
- uid->is_revoked = 0;
+ PKT_user_id *uid = uidnode->pkt->pkt.user_id;
+ PKT_signature *sig = signode->pkt->pkt.signature;
+ const byte *p, *sym, *hash, *zip;
+ size_t n, nsym, nhash, nzip;
+
+ sig->flags.chosen_selfsig = 1;/* We chose this one. */
+ uid->created = 0; /* Not created == invalid. */
+ if (IS_UID_REV (sig))
+ {
+ uid->is_revoked = 1;
+ return; /* Has been revoked. */
+ }
+ else
+ uid->is_revoked = 0;
- uid->expiredate = sig->expiredate;
+ uid->expiredate = sig->expiredate;
- if (sig->flags.expired)
- {
- uid->is_expired = 1;
- return; /* has expired */
- }
- else
- uid->is_expired = 0;
-
- uid->created = sig->timestamp; /* this one is okay */
- uid->selfsigversion = sig->version;
- /* If we got this far, it's not expired :) */
+ if (sig->flags.expired)
+ {
+ uid->is_expired = 1;
+ return; /* Has expired. */
+ }
+ else
uid->is_expired = 0;
- /* store the key flags in the helper variable for later processing */
- uid->help_key_usage=parse_key_usage(sig);
-
- /* ditto for the key expiration */
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
- if( p && buffer_to_u32(p) )
- uid->help_key_expire = keycreated + buffer_to_u32(p);
- else
- uid->help_key_expire = 0;
-
- /* Set the primary user ID flag - we will later wipe out some
- * of them to only have one in our keyblock */
- uid->is_primary = 0;
- p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL );
- if ( p && *p )
- uid->is_primary = 2;
- /* We could also query this from the unhashed area if it is not in
- * the hased area and then later try to decide which is the better
- * there should be no security problem with this.
- * For now we only look at the hashed one.
- */
-
- /* Now build the preferences list. These must come from the
- hashed section so nobody can modify the ciphers a key is
- willing to accept. */
- p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_SYM, &n );
- sym = p; nsym = p?n:0;
- p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_HASH, &n );
- hash = p; nhash = p?n:0;
- p = parse_sig_subpkt ( sig->hashed, SIGSUBPKT_PREF_COMPR, &n );
- zip = p; nzip = p?n:0;
- if (uid->prefs)
- xfree (uid->prefs);
- n = nsym + nhash + nzip;
- if (!n)
- uid->prefs = NULL;
- else {
- uid->prefs = xmalloc (sizeof (*uid->prefs) * (n+1));
- n = 0;
- for (; nsym; nsym--, n++) {
- uid->prefs[n].type = PREFTYPE_SYM;
- uid->prefs[n].value = *sym++;
- }
- for (; nhash; nhash--, n++) {
- uid->prefs[n].type = PREFTYPE_HASH;
- uid->prefs[n].value = *hash++;
- }
- for (; nzip; nzip--, n++) {
- uid->prefs[n].type = PREFTYPE_ZIP;
- uid->prefs[n].value = *zip++;
- }
- uid->prefs[n].type = PREFTYPE_NONE; /* end of list marker */
- uid->prefs[n].value = 0;
- }
-
- /* see whether we have the MDC feature */
- uid->flags.mdc = 0;
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
- if (p && n && (p[0] & 0x01))
- uid->flags.mdc = 1;
-
- /* and the keyserver modify flag */
- uid->flags.ks_modify = 1;
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
- if (p && n && (p[0] & 0x80))
- uid->flags.ks_modify = 0;
+ uid->created = sig->timestamp; /* This one is okay. */
+ uid->selfsigversion = sig->version;
+ /* If we got this far, it's not expired :) */
+ uid->is_expired = 0;
+
+ /* Store the key flags in the helper variable for later processing. */
+ uid->help_key_usage = parse_key_usage (sig);
+
+ /* Ditto for the key expiration. */
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if (p && buffer_to_u32 (p))
+ uid->help_key_expire = keycreated + buffer_to_u32 (p);
+ else
+ uid->help_key_expire = 0;
+
+ /* Set the primary user ID flag - we will later wipe out some
+ * of them to only have one in our keyblock. */
+ uid->is_primary = 0;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
+ if (p && *p)
+ uid->is_primary = 2;
+
+ /* We could also query this from the unhashed area if it is not in
+ * the hased area and then later try to decide which is the better
+ * there should be no security problem with this.
+ * For now we only look at the hashed one. */
+
+ /* Now build the preferences list. These must come from the
+ hashed section so nobody can modify the ciphers a key is
+ willing to accept. */
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_SYM, &n);
+ sym = p;
+ nsym = p ? n : 0;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_HASH, &n);
+ hash = p;
+ nhash = p ? n : 0;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_COMPR, &n);
+ zip = p;
+ nzip = p ? n : 0;
+ if (uid->prefs)
+ xfree (uid->prefs);
+ n = nsym + nhash + nzip;
+ if (!n)
+ uid->prefs = NULL;
+ else
+ {
+ uid->prefs = xmalloc (sizeof (*uid->prefs) * (n + 1));
+ n = 0;
+ for (; nsym; nsym--, n++)
+ {
+ uid->prefs[n].type = PREFTYPE_SYM;
+ uid->prefs[n].value = *sym++;
+ }
+ for (; nhash; nhash--, n++)
+ {
+ uid->prefs[n].type = PREFTYPE_HASH;
+ uid->prefs[n].value = *hash++;
+ }
+ for (; nzip; nzip--, n++)
+ {
+ uid->prefs[n].type = PREFTYPE_ZIP;
+ uid->prefs[n].value = *zip++;
+ }
+ uid->prefs[n].type = PREFTYPE_NONE; /* End of list marker */
+ uid->prefs[n].value = 0;
+ }
+
+ /* See whether we have the MDC feature. */
+ uid->flags.mdc = 0;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_FEATURES, &n);
+ if (p && n && (p[0] & 0x01))
+ uid->flags.mdc = 1;
+
+ /* And the keyserver modify flag. */
+ uid->flags.ks_modify = 1;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KS_FLAGS, &n);
+ if (p && n && (p[0] & 0x80))
+ uid->flags.ks_modify = 0;
}
static void
-sig_to_revoke_info(PKT_signature *sig,struct revoke_info *rinfo)
+sig_to_revoke_info (PKT_signature * sig, struct revoke_info *rinfo)
{
rinfo->date = sig->timestamp;
rinfo->algo = sig->pubkey_algo;
@@ -1465,71 +1509,77 @@ sig_to_revoke_info(PKT_signature *sig,struct revoke_info *rinfo)
}
static void
-merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
+merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
+ struct revoke_info *rinfo)
{
- PKT_public_key *pk = NULL;
- KBNODE k;
- u32 kid[2];
- u32 sigdate, uiddate, uiddate2;
- KBNODE signode, uidnode, uidnode2;
- u32 curtime = make_timestamp ();
- unsigned int key_usage = 0;
- u32 keytimestamp = 0;
- u32 key_expire = 0;
- int key_expire_seen = 0;
- byte sigversion = 0;
-
- *r_revoked = 0;
- memset(rinfo,0,sizeof(*rinfo));
-
- if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY )
- BUG ();
- pk = keyblock->pkt->pkt.public_key;
- keytimestamp = pk->timestamp;
-
- keyid_from_pk( pk, kid );
- pk->main_keyid[0] = kid[0];
- pk->main_keyid[1] = kid[1];
-
- if ( pk->version < 4 ) {
- /* before v4 the key packet itself contains the expiration
- * date and there was no way to change it, so we start with
- * the one from the key packet */
- key_expire = pk->max_expiredate;
- key_expire_seen = 1;
- }
-
- /* first pass: find the latest direct key self-signature.
- * We assume that the newest one overrides all others
- */
-
- /* In case this key was already merged */
- xfree(pk->revkey);
- pk->revkey=NULL;
- pk->numrevkeys=0;
-
- signode = NULL;
- sigdate = 0; /* helper to find the latest signature */
- for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next ) {
- if ( k->pkt->pkttype == PKT_SIGNATURE ) {
- PKT_signature *sig = k->pkt->pkt.signature;
- if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
- if ( check_key_signature( keyblock, k, NULL ) )
- ; /* signature did not verify */
- else if ( IS_KEY_REV (sig) ){
- /* key has been revoked - there is no way to override
- * such a revocation, so we theoretically can stop now.
- * We should not cope with expiration times for revocations
- * here because we have to assume that an attacker can
- * generate all kinds of signatures. However due to the
- * fact that the key has been revoked it does not harm
- * either and by continuing we gather some more info on
- * that key.
- */
- *r_revoked = 1;
- sig_to_revoke_info(sig,rinfo);
- }
- else if ( IS_KEY_SIG (sig) ) {
+ PKT_public_key *pk = NULL;
+ KBNODE k;
+ u32 kid[2];
+ u32 sigdate, uiddate, uiddate2;
+ KBNODE signode, uidnode, uidnode2;
+ u32 curtime = make_timestamp ();
+ unsigned int key_usage = 0;
+ u32 keytimestamp = 0;
+ u32 key_expire = 0;
+ int key_expire_seen = 0;
+ byte sigversion = 0;
+
+ *r_revoked = 0;
+ memset (rinfo, 0, sizeof (*rinfo));
+
+ if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ BUG ();
+ pk = keyblock->pkt->pkt.public_key;
+ keytimestamp = pk->timestamp;
+
+ keyid_from_pk (pk, kid);
+ pk->main_keyid[0] = kid[0];
+ pk->main_keyid[1] = kid[1];
+
+ if (pk->version < 4)
+ {
+ /* Before v4 the key packet itself contains the expiration date
+ * and there was no way to change it, so we start with the one
+ * from the key packet. */
+ key_expire = pk->max_expiredate;
+ key_expire_seen = 1;
+ }
+
+ /* First pass: Find the latest direct key self-signature. We assume
+ * that the newest one overrides all others. */
+
+ /* In case this key was already merged. */
+ xfree (pk->revkey);
+ pk->revkey = NULL;
+ pk->numrevkeys = 0;
+
+ signode = NULL;
+ sigdate = 0; /* Helper variable to find the latest signature. */
+ for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig = k->pkt->pkt.signature;
+ if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
+ {
+ if (check_key_signature (keyblock, k, NULL))
+ ; /* Signature did not verify. */
+ else if (IS_KEY_REV (sig))
+ {
+ /* Key has been revoked - there is no way to
+ * override such a revocation, so we theoretically
+ * can stop now. We should not cope with expiration
+ * times for revocations here because we have to
+ * assume that an attacker can generate all kinds of
+ * signatures. However due to the fact that the key
+ * has been revoked it does not harm either and by
+ * continuing we gather some more info on that
+ * key. */
+ *r_revoked = 1;
+ sig_to_revoke_info (sig, rinfo);
+ }
+ else if (IS_KEY_SIG (sig))
+ {
/* Add any revocation keys onto the pk. This is
particularly interesting since we normally only
get data from the most recent 1F signature, but
@@ -1537,588 +1587,620 @@ merge_selfsigs_main(KBNODE keyblock, int *r_revoked, struct revoke_info *rinfo)
revocation keys (PGP does it this way, and a
revocation key could be sensitive and hence in a
different signature). */
- if(sig->revkey) {
- int i;
-
- pk->revkey=
- xrealloc(pk->revkey,sizeof(struct revocation_key)*
- (pk->numrevkeys+sig->numrevkeys));
+ if (sig->revkey)
+ {
+ int i;
- for(i=0;i<sig->numrevkeys;i++)
- memcpy(&pk->revkey[pk->numrevkeys++],
- sig->revkey[i],
- sizeof(struct revocation_key));
- }
+ pk->revkey =
+ xrealloc (pk->revkey, sizeof (struct revocation_key) *
+ (pk->numrevkeys + sig->numrevkeys));
- if( sig->timestamp >= sigdate ) {
- if(sig->flags.expired)
- ; /* signature has expired - ignore it */
- else {
- sigdate = sig->timestamp;
- signode = k;
- if( sig->version > sigversion )
- sigversion = sig->version;
+ for (i = 0; i < sig->numrevkeys; i++)
+ memcpy (&pk->revkey[pk->numrevkeys++],
+ sig->revkey[i],
+ sizeof (struct revocation_key));
+ }
+ if (sig->timestamp >= sigdate)
+ {
+ if (sig->flags.expired)
+ ; /* Signature has expired - ignore it. */
+ else
+ {
+ sigdate = sig->timestamp;
+ signode = k;
+ if (sig->version > sigversion)
+ sigversion = sig->version;
+
+ }
}
- }
- }
- }
- }
+ }
+ }
+ }
}
- /* Remove dupes from the revocation keys */
+ /* Remove dupes from the revocation keys. */
- if(pk->revkey)
- {
- int i,j,x,changed=0;
+ if (pk->revkey)
+ {
+ int i, j, x, changed = 0;
+
+ for (i = 0; i < pk->numrevkeys; i++)
+ {
+ for (j = i + 1; j < pk->numrevkeys; j++)
+ {
+ if (memcmp (&pk->revkey[i], &pk->revkey[j],
+ sizeof (struct revocation_key)) == 0)
+ {
+ /* remove j */
- for(i=0;i<pk->numrevkeys;i++)
+ for (x = j; x < pk->numrevkeys - 1; x++)
+ pk->revkey[x] = pk->revkey[x + 1];
+
+ pk->numrevkeys--;
+ j--;
+ changed = 1;
+ }
+ }
+ }
+
+ if (changed)
+ pk->revkey = xrealloc (pk->revkey,
+ pk->numrevkeys *
+ sizeof (struct revocation_key));
+ }
+
+ if (signode)
+ {
+ /* Some information from a direct key signature take precedence
+ * over the same information given in UID sigs. */
+ PKT_signature *sig = signode->pkt->pkt.signature;
+ const byte *p;
+
+ key_usage = parse_key_usage (sig);
+
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if (p && buffer_to_u32 (p))
+ {
+ key_expire = keytimestamp + buffer_to_u32 (p);
+ key_expire_seen = 1;
+ }
+
+ /* Mark that key as valid: One direct key signature should
+ * render a key as valid. */
+ pk->is_valid = 1;
+ }
+
+ /* Pass 1.5: Look for key revocation signatures that were not made
+ by the key (i.e. did a revocation key issue a revocation for
+ us?). Only bother to do this if there is a revocation key in the
+ first place and we're not revoked already. */
+
+ if (!*r_revoked && pk->revkey)
+ for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_SIGNATURE)
{
- for(j=i+1;j<pk->numrevkeys;j++)
+ PKT_signature *sig = k->pkt->pkt.signature;
+
+ if (IS_KEY_REV (sig) &&
+ (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1]))
{
- if(memcmp(&pk->revkey[i],&pk->revkey[j],
- sizeof(struct revocation_key))==0)
+ int rc = check_revocation_keys (pk, sig);
+ if (rc == 0)
{
- /* remove j */
+ *r_revoked = 2;
+ sig_to_revoke_info (sig, rinfo);
+ /* Don't continue checking since we can't be any
+ more revoked than this. */
+ break;
+ }
+ else if (rc == G10ERR_NO_PUBKEY)
+ pk->maybe_revoked = 1;
- for(x=j;x<pk->numrevkeys-1;x++)
- pk->revkey[x]=pk->revkey[x+1];
+ /* A failure here means the sig did not verify, was
+ not issued by a revocation key, or a revocation
+ key loop was broken. If a revocation key isn't
+ findable, however, the key might be revoked and
+ we don't know it. */
- pk->numrevkeys--;
- j--;
- changed=1;
- }
+ /* TODO: In the future handle subkey and cert
+ revocations? PGP doesn't, but it's in 2440. */
}
}
-
- if(changed)
- pk->revkey=xrealloc(pk->revkey,
- pk->numrevkeys*sizeof(struct revocation_key));
}
- if ( signode )
- {
- /* some information from a direct key signature take precedence
- * over the same information given in UID sigs.
- */
- PKT_signature *sig = signode->pkt->pkt.signature;
- const byte *p;
-
- key_usage=parse_key_usage(sig);
-
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
- if( p && buffer_to_u32(p) )
- {
- key_expire = keytimestamp + buffer_to_u32(p);
- key_expire_seen = 1;
- }
+ /* Second pass: Look at the self-signature of all user IDs. */
+ signode = uidnode = NULL;
+ sigdate = 0; /* Helper variable to find the latest signature in one UID. */
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID)
+ {
+ if (uidnode && signode)
+ {
+ fixup_uidnode (uidnode, signode, keytimestamp);
+ pk->is_valid = 1;
+ }
+ uidnode = k;
+ signode = NULL;
+ sigdate = 0;
+ }
+ else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
+ {
+ PKT_signature *sig = k->pkt->pkt.signature;
+ if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
+ {
+ if (check_key_signature (keyblock, k, NULL))
+ ; /* signature did not verify */
+ else if ((IS_UID_SIG (sig) || IS_UID_REV (sig))
+ && sig->timestamp >= sigdate)
+ {
+ /* Note: we allow to invalidate cert revocations
+ * by a newer signature. An attacker can't use this
+ * because a key should be revoced with a key revocation.
+ * The reason why we have to allow for that is that at
+ * one time an email address may become invalid but later
+ * the same email address may become valid again (hired,
+ * fired, hired again). */
+
+ sigdate = sig->timestamp;
+ signode = k;
+ signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
+ if (sig->version > sigversion)
+ sigversion = sig->version;
+ }
+ }
+ }
+ }
+ if (uidnode && signode)
+ {
+ fixup_uidnode (uidnode, signode, keytimestamp);
+ pk->is_valid = 1;
+ }
- /* mark that key as valid: one direct key signature should
- * render a key as valid */
- pk->is_valid = 1;
- }
+ /* If the key isn't valid yet, and we have
+ --allow-non-selfsigned-uid set, then force it valid. */
+ if (!pk->is_valid && opt.allow_non_selfsigned_uid)
+ {
+ if (opt.verbose)
+ log_info (_("Invalid key %s made valid by"
+ " --allow-non-selfsigned-uid\n"), keystr_from_pk (pk));
+ pk->is_valid = 1;
+ }
- /* pass 1.5: look for key revocation signatures that were not made
- by the key (i.e. did a revocation key issue a revocation for
- us?). Only bother to do this if there is a revocation key in
- the first place and we're not revoked already. */
+ /* The key STILL isn't valid, so try and find an ultimately
+ trusted signature. */
+ if (!pk->is_valid)
+ {
+ uidnode = NULL;
- if(!*r_revoked && pk->revkey)
- for(k=keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next )
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
{
- if ( k->pkt->pkttype == PKT_SIGNATURE )
+ if (k->pkt->pkttype == PKT_USER_ID)
+ uidnode = k;
+ else if (k->pkt->pkttype == PKT_SIGNATURE && uidnode)
{
PKT_signature *sig = k->pkt->pkt.signature;
- if(IS_KEY_REV(sig) &&
- (sig->keyid[0]!=kid[0] || sig->keyid[1]!=kid[1]))
- {
- int rc=check_revocation_keys(pk,sig);
- if(rc==0)
+ if (sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1])
+ {
+ PKT_public_key *ultimate_pk;
+
+ ultimate_pk = xmalloc_clear (sizeof (*ultimate_pk));
+
+ /* We don't want to use the full get_pubkey to
+ avoid infinite recursion in certain cases.
+ There is no reason to check that an ultimately
+ trusted key is still valid - if it has been
+ revoked or the user should also renmove the
+ ultimate trust flag. */
+ if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
+ && check_key_signature2 (keyblock, k, ultimate_pk,
+ NULL, NULL, NULL, NULL) == 0
+ && get_ownertrust (ultimate_pk) == TRUST_ULTIMATE)
{
- *r_revoked=2;
- sig_to_revoke_info(sig,rinfo);
- /* don't continue checking since we can't be any
- more revoked than this */
+ free_public_key (ultimate_pk);
+ pk->is_valid = 1;
break;
}
- else if(rc==G10ERR_NO_PUBKEY)
- pk->maybe_revoked=1;
-
- /* A failure here means the sig did not verify, was
- not issued by a revocation key, or a revocation
- key loop was broken. If a revocation key isn't
- findable, however, the key might be revoked and
- we don't know it. */
- /* TODO: In the future handle subkey and cert
- revocations? PGP doesn't, but it's in 2440. */
+ free_public_key (ultimate_pk);
}
}
}
+ }
- /* second pass: look at the self-signature of all user IDs */
- signode = uidnode = NULL;
- sigdate = 0; /* helper to find the latest signature in one user ID */
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID ) {
- if ( uidnode && signode )
- {
- fixup_uidnode ( uidnode, signode, keytimestamp );
- pk->is_valid=1;
- }
- uidnode = k;
- signode = NULL;
- sigdate = 0;
- }
- else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode ) {
- PKT_signature *sig = k->pkt->pkt.signature;
- if ( sig->keyid[0] == kid[0] && sig->keyid[1]==kid[1] ) {
- if ( check_key_signature( keyblock, k, NULL ) )
- ; /* signature did not verify */
- else if ( (IS_UID_SIG (sig) || IS_UID_REV (sig))
- && sig->timestamp >= sigdate )
- {
- /* Note: we allow to invalidate cert revocations
- * by a newer signature. An attacker can't use this
- * because a key should be revoced with a key revocation.
- * The reason why we have to allow for that is that at
- * one time an email address may become invalid but later
- * the same email address may become valid again (hired,
- * fired, hired again).
- */
-
- sigdate = sig->timestamp;
- signode = k;
- signode->pkt->pkt.signature->flags.chosen_selfsig=0;
- if( sig->version > sigversion )
- sigversion = sig->version;
- }
- }
- }
+ /* Record the highest selfsig version so we know if this is a v3
+ key through and through, or a v3 key with a v4 selfsig
+ somewhere. This is useful in a few places to know if the key
+ must be treated as PGP2-style or OpenPGP-style. Note that a
+ selfsig revocation with a higher version number will also raise
+ this value. This is okay since such a revocation must be
+ issued by the user (i.e. it cannot be issued by someone else to
+ modify the key behavior.) */
+
+ pk->selfsigversion = sigversion;
+
+ /* Now that we had a look at all user IDs we can now get some information
+ * from those user IDs.
+ */
+
+ if (!key_usage)
+ {
+ /* Find the latest user ID with key flags set. */
+ uiddate = 0; /* Helper to find the latest user ID. */
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if (uid->help_key_usage && uid->created > uiddate)
+ {
+ key_usage = uid->help_key_usage;
+ uiddate = uid->created;
+ }
+ }
+ }
+ }
+ if (!key_usage)
+ {
+ /* No key flags at all: get it from the algo. */
+ key_usage = openpgp_pk_algo_usage (pk->pubkey_algo);
}
- if ( uidnode && signode ) {
- fixup_uidnode ( uidnode, signode, keytimestamp );
- pk->is_valid = 1;
+ else
+ {
+ /* Check that the usage matches the usage as given by the algo. */
+ int x = openpgp_pk_algo_usage (pk->pubkey_algo);
+ if (x) /* Mask it down to the actual allowed usage. */
+ key_usage &= x;
}
- /* If the key isn't valid yet, and we have
- --allow-non-selfsigned-uid set, then force it valid. */
- if(!pk->is_valid && opt.allow_non_selfsigned_uid)
- {
- if(opt.verbose)
- log_info(_("Invalid key %s made valid by"
- " --allow-non-selfsigned-uid\n"),keystr_from_pk(pk));
- pk->is_valid = 1;
- }
+ /* Whatever happens, it's a primary key, so it can certify. */
+ pk->pubkey_usage = key_usage | PUBKEY_USAGE_CERT;
- /* The key STILL isn't valid, so try and find an ultimately
- trusted signature. */
- if(!pk->is_valid)
- {
- uidnode=NULL;
+ if (!key_expire_seen)
+ {
+ /* Find the latest valid user ID with a key expiration set
+ * Note, that this may be a different one from the above because
+ * some user IDs may have no expiration date set. */
+ uiddate = 0;
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID)
+ {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if (uid->help_key_expire && uid->created > uiddate)
+ {
+ key_expire = uid->help_key_expire;
+ uiddate = uid->created;
+ }
+ }
+ }
+ }
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k=k->next)
- {
- if ( k->pkt->pkttype == PKT_USER_ID )
- uidnode = k;
- else if ( k->pkt->pkttype == PKT_SIGNATURE && uidnode )
- {
- PKT_signature *sig = k->pkt->pkt.signature;
+ /* Currently only v3 keys have a maximum expiration date, but I'll
+ bet v5 keys get this feature again. */
+ if (key_expire == 0
+ || (pk->max_expiredate && key_expire > pk->max_expiredate))
+ key_expire = pk->max_expiredate;
- if(sig->keyid[0] != kid[0] || sig->keyid[1]!=kid[1])
- {
- PKT_public_key *ultimate_pk;
-
- ultimate_pk=xmalloc_clear(sizeof(*ultimate_pk));
-
- /* We don't want to use the full get_pubkey to
- avoid infinite recursion in certain cases.
- There is no reason to check that an ultimately
- trusted key is still valid - if it has been
- revoked or the user should also renmove the
- ultimate trust flag. */
- if(get_pubkey_fast(ultimate_pk,sig->keyid)==0
- && check_key_signature2(keyblock,k,ultimate_pk,
- NULL,NULL,NULL,NULL)==0
- && get_ownertrust(ultimate_pk)==TRUST_ULTIMATE)
- {
- free_public_key(ultimate_pk);
- pk->is_valid=1;
- break;
- }
-
- free_public_key(ultimate_pk);
- }
- }
- }
- }
+ pk->has_expired = key_expire >= curtime ? 0 : key_expire;
+ pk->expiredate = key_expire;
- /* Record the highest selfsig version so we know if this is a v3
- key through and through, or a v3 key with a v4 selfsig
- somewhere. This is useful in a few places to know if the key
- must be treated as PGP2-style or OpenPGP-style. Note that a
- selfsig revocation with a higher version number will also raise
- this value. This is okay since such a revocation must be
- issued by the user (i.e. it cannot be issued by someone else to
- modify the key behavior.) */
-
- pk->selfsigversion=sigversion;
-
- /* Now that we had a look at all user IDs we can now get some information
- * from those user IDs.
- */
-
- if ( !key_usage ) {
- /* find the latest user ID with key flags set */
- uiddate = 0; /* helper to find the latest user ID */
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- k = k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID ) {
- PKT_user_id *uid = k->pkt->pkt.user_id;
- if ( uid->help_key_usage && uid->created > uiddate ) {
- key_usage = uid->help_key_usage;
- uiddate = uid->created;
- }
- }
- }
- }
- if ( !key_usage ) { /* no key flags at all: get it from the algo */
- key_usage = openpgp_pk_algo_usage ( pk->pubkey_algo );
- }
- else { /* check that the usage matches the usage as given by the algo */
- int x = openpgp_pk_algo_usage ( pk->pubkey_algo );
- if ( x ) /* mask it down to the actual allowed usage */
- key_usage &= x;
- }
-
- /* Whatever happens, it's a primary key, so it can certify. */
- pk->pubkey_usage = key_usage|PUBKEY_USAGE_CERT;
-
- if ( !key_expire_seen ) {
- /* find the latest valid user ID with a key expiration set
- * Note, that this may be a different one from the above because
- * some user IDs may have no expiration date set */
- uiddate = 0;
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- k = k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID ) {
- PKT_user_id *uid = k->pkt->pkt.user_id;
- if ( uid->help_key_expire && uid->created > uiddate ) {
- key_expire = uid->help_key_expire;
- uiddate = uid->created;
- }
- }
- }
- }
-
- /* Currently only v3 keys have a maximum expiration date, but I'll
- bet v5 keys get this feature again. */
- if(key_expire==0 || (pk->max_expiredate && key_expire>pk->max_expiredate))
- key_expire=pk->max_expiredate;
-
- pk->has_expired = key_expire >= curtime? 0 : key_expire;
- pk->expiredate = key_expire;
-
- /* Fixme: we should see how to get rid of the expiretime fields but
- * this needs changes at other places too. */
-
- /* and now find the real primary user ID and delete all others */
- uiddate = uiddate2 = 0;
- uidnode = uidnode2 = NULL;
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID &&
- !k->pkt->pkt.user_id->attrib_data) {
- PKT_user_id *uid = k->pkt->pkt.user_id;
- if (uid->is_primary)
- {
- if(uid->created > uiddate)
- {
- uiddate = uid->created;
+ /* Fixme: we should see how to get rid of the expiretime fields but
+ * this needs changes at other places too. */
+
+ /* And now find the real primary user ID and delete all others. */
+ uiddate = uiddate2 = 0;
+ uidnode = uidnode2 = NULL;
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data)
+ {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if (uid->is_primary)
+ {
+ if (uid->created > uiddate)
+ {
+ uiddate = uid->created;
+ uidnode = k;
+ }
+ else if (uid->created == uiddate && uidnode)
+ {
+ /* The dates are equal, so we need to do a
+ different (and arbitrary) comparison. This
+ should rarely, if ever, happen. It's good to
+ try and guarantee that two different GnuPG
+ users with two different keyrings at least pick
+ the same primary. */
+ if (cmp_user_ids (uid, uidnode->pkt->pkt.user_id) > 0)
uidnode = k;
- }
- else if(uid->created==uiddate && uidnode)
- {
- /* The dates are equal, so we need to do a
- different (and arbitrary) comparison. This
- should rarely, if ever, happen. It's good to
- try and guarantee that two different GnuPG
- users with two different keyrings at least pick
- the same primary. */
- if(cmp_user_ids(uid,uidnode->pkt->pkt.user_id)>0)
- uidnode=k;
- }
- }
- else
- {
- if(uid->created > uiddate2)
- {
- uiddate2 = uid->created;
+ }
+ }
+ else
+ {
+ if (uid->created > uiddate2)
+ {
+ uiddate2 = uid->created;
+ uidnode2 = k;
+ }
+ else if (uid->created == uiddate2 && uidnode2)
+ {
+ if (cmp_user_ids (uid, uidnode2->pkt->pkt.user_id) > 0)
uidnode2 = k;
- }
- else if(uid->created==uiddate2 && uidnode2)
- {
- if(cmp_user_ids(uid,uidnode2->pkt->pkt.user_id)>0)
- uidnode2=k;
- }
- }
- }
- }
- if ( uidnode ) {
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- k = k->next ) {
- if ( k->pkt->pkttype == PKT_USER_ID &&
- !k->pkt->pkt.user_id->attrib_data) {
- PKT_user_id *uid = k->pkt->pkt.user_id;
- if ( k != uidnode )
- uid->is_primary = 0;
- }
- }
- }
- else if( uidnode2 ) {
- /* none is flagged primary - use the latest user ID we have,
- and disambiguate with the arbitrary packet comparison. */
- uidnode2->pkt->pkt.user_id->is_primary = 1;
- }
- else
- {
- /* None of our uids were self-signed, so pick the one that
- sorts first to be the primary. This is the best we can do
- here since there are no self sigs to date the uids. */
+ }
+ }
+ }
+ }
+ if (uidnode)
+ {
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID &&
+ !k->pkt->pkt.user_id->attrib_data)
+ {
+ PKT_user_id *uid = k->pkt->pkt.user_id;
+ if (k != uidnode)
+ uid->is_primary = 0;
+ }
+ }
+ }
+ else if (uidnode2)
+ {
+ /* None is flagged primary - use the latest user ID we have,
+ and disambiguate with the arbitrary packet comparison. */
+ uidnode2->pkt->pkt.user_id->is_primary = 1;
+ }
+ else
+ {
+ /* None of our uids were self-signed, so pick the one that
+ sorts first to be the primary. This is the best we can do
+ here since there are no self sigs to date the uids. */
- uidnode = NULL;
+ uidnode = NULL;
- for(k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- k = k->next )
- {
- if(k->pkt->pkttype==PKT_USER_ID
- && !k->pkt->pkt.user_id->attrib_data)
- {
- if(!uidnode)
- {
- uidnode=k;
- uidnode->pkt->pkt.user_id->is_primary=1;
- continue;
- }
- else
- {
- if(cmp_user_ids(k->pkt->pkt.user_id,
- uidnode->pkt->pkt.user_id)>0)
- {
- uidnode->pkt->pkt.user_id->is_primary=0;
- uidnode=k;
- uidnode->pkt->pkt.user_id->is_primary=1;
- }
- else
- k->pkt->pkt.user_id->is_primary=0; /* just to be
- safe */
- }
- }
- }
- }
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data)
+ {
+ if (!uidnode)
+ {
+ uidnode = k;
+ uidnode->pkt->pkt.user_id->is_primary = 1;
+ continue;
+ }
+ else
+ {
+ if (cmp_user_ids (k->pkt->pkt.user_id,
+ uidnode->pkt->pkt.user_id) > 0)
+ {
+ uidnode->pkt->pkt.user_id->is_primary = 0;
+ uidnode = k;
+ uidnode->pkt->pkt.user_id->is_primary = 1;
+ }
+ else
+ k->pkt->pkt.user_id->is_primary = 0; /* just to be
+ safe */
+ }
+ }
+ }
+ }
}
/* Convert a buffer to a signature. Useful for 0x19 embedded sigs.
Caller must free the signature when they are done. */
static PKT_signature *
-buf_to_sig(const byte *buf,size_t len)
+buf_to_sig (const byte * buf, size_t len)
{
- PKT_signature *sig=xmalloc_clear(sizeof(PKT_signature));
- IOBUF iobuf=iobuf_temp_with_content(buf,len);
- int save_mode=set_packet_list_mode(0);
+ PKT_signature *sig = xmalloc_clear (sizeof (PKT_signature));
+ IOBUF iobuf = iobuf_temp_with_content (buf, len);
+ int save_mode = set_packet_list_mode (0);
- if(parse_signature(iobuf,PKT_SIGNATURE,len,sig)!=0)
+ if (parse_signature (iobuf, PKT_SIGNATURE, len, sig) != 0)
{
- xfree(sig);
- sig=NULL;
+ xfree (sig);
+ sig = NULL;
}
- set_packet_list_mode(save_mode);
- iobuf_close(iobuf);
+ set_packet_list_mode (save_mode);
+ iobuf_close (iobuf);
return sig;
}
static void
-merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
+merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
{
- PKT_public_key *mainpk = NULL, *subpk = NULL;
- PKT_signature *sig;
- KBNODE k;
- u32 mainkid[2];
- u32 sigdate = 0;
- KBNODE signode;
- u32 curtime = make_timestamp ();
- unsigned int key_usage = 0;
- u32 keytimestamp = 0;
- u32 key_expire = 0;
- const byte *p;
-
- if ( subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY )
- BUG ();
- mainpk = keyblock->pkt->pkt.public_key;
- if ( mainpk->version < 4 )
- return; /* (actually this should never happen) */
- keyid_from_pk( mainpk, mainkid );
- subpk = subnode->pkt->pkt.public_key;
- keytimestamp = subpk->timestamp;
-
- subpk->is_valid = 0;
- subpk->main_keyid[0] = mainpk->main_keyid[0];
- subpk->main_keyid[1] = mainpk->main_keyid[1];
-
- /* find the latest key binding self-signature. */
- signode = NULL;
- sigdate = 0; /* helper to find the latest signature */
- for(k=subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- k = k->next ) {
- if ( k->pkt->pkttype == PKT_SIGNATURE ) {
- sig = k->pkt->pkt.signature;
- if ( sig->keyid[0] == mainkid[0] && sig->keyid[1]==mainkid[1] ) {
- if ( check_key_signature( keyblock, k, NULL ) )
- ; /* signature did not verify */
- else if ( IS_SUBKEY_REV (sig) ) {
+ PKT_public_key *mainpk = NULL, *subpk = NULL;
+ PKT_signature *sig;
+ KBNODE k;
+ u32 mainkid[2];
+ u32 sigdate = 0;
+ KBNODE signode;
+ u32 curtime = make_timestamp ();
+ unsigned int key_usage = 0;
+ u32 keytimestamp = 0;
+ u32 key_expire = 0;
+ const byte *p;
+
+ if (subnode->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ BUG ();
+ mainpk = keyblock->pkt->pkt.public_key;
+ if (mainpk->version < 4)
+ return;/* (actually this should never happen) */
+ keyid_from_pk (mainpk, mainkid);
+ subpk = subnode->pkt->pkt.public_key;
+ keytimestamp = subpk->timestamp;
+
+ subpk->is_valid = 0;
+ subpk->main_keyid[0] = mainpk->main_keyid[0];
+ subpk->main_keyid[1] = mainpk->main_keyid[1];
+
+ /* Find the latest key binding self-signature. */
+ signode = NULL;
+ sigdate = 0; /* Helper to find the latest signature. */
+ for (k = subnode->next; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_SIGNATURE)
+ {
+ sig = k->pkt->pkt.signature;
+ if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1])
+ {
+ if (check_key_signature (keyblock, k, NULL))
+ ; /* Signature did not verify. */
+ else if (IS_SUBKEY_REV (sig))
+ {
/* Note that this means that the date on a
- revocation sig does not matter - even if the
- binding sig is dated after the revocation sig,
- the subkey is still marked as revoked. This
- seems ok, as it is just as easy to make new
- subkeys rather than re-sign old ones as the
- problem is in the distribution. Plus, PGP (7)
- does this the same way. */
- subpk->is_revoked = 1;
- sig_to_revoke_info(sig,&subpk->revoked);
- /* although we could stop now, we continue to
- * figure out other information like the old expiration
- * time */
- }
- else if ( IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate )
- {
- if(sig->flags.expired)
- ; /* signature has expired - ignore it */
- else
- {
- sigdate = sig->timestamp;
- signode = k;
- signode->pkt->pkt.signature->flags.chosen_selfsig=0;
- }
- }
- }
- }
+ revocation sig does not matter - even if the
+ binding sig is dated after the revocation sig,
+ the subkey is still marked as revoked. This
+ seems ok, as it is just as easy to make new
+ subkeys rather than re-sign old ones as the
+ problem is in the distribution. Plus, PGP (7)
+ does this the same way. */
+ subpk->is_revoked = 1;
+ sig_to_revoke_info (sig, &subpk->revoked);
+ /* Although we could stop now, we continue to
+ * figure out other information like the old expiration
+ * time. */
+ }
+ else if (IS_SUBKEY_SIG (sig) && sig->timestamp >= sigdate)
+ {
+ if (sig->flags.expired)
+ ; /* Signature has expired - ignore it. */
+ else
+ {
+ sigdate = sig->timestamp;
+ signode = k;
+ signode->pkt->pkt.signature->flags.chosen_selfsig = 0;
+ }
+ }
+ }
+ }
}
- /* no valid key binding */
- if ( !signode )
- return;
+ /* No valid key binding. */
+ if (!signode)
+ return;
- sig = signode->pkt->pkt.signature;
- sig->flags.chosen_selfsig=1; /* so we know which selfsig we chose later */
+ sig = signode->pkt->pkt.signature;
+ sig->flags.chosen_selfsig = 1; /* So we know which selfsig we chose later. */
- key_usage=parse_key_usage(sig);
- if ( !key_usage )
- {
- /* no key flags at all: get it from the algo */
- key_usage = openpgp_pk_algo_usage ( subpk->pubkey_algo );
- }
- else
- {
- /* check that the usage matches the usage as given by the algo */
- int x = openpgp_pk_algo_usage ( subpk->pubkey_algo );
- if ( x ) /* mask it down to the actual allowed usage */
- key_usage &= x;
- }
+ key_usage = parse_key_usage (sig);
+ if (!key_usage)
+ {
+ /* No key flags at all: get it from the algo. */
+ key_usage = openpgp_pk_algo_usage (subpk->pubkey_algo);
+ }
+ else
+ {
+ /* Check that the usage matches the usage as given by the algo. */
+ int x = openpgp_pk_algo_usage (subpk->pubkey_algo);
+ if (x) /* Mask it down to the actual allowed usage. */
+ key_usage &= x;
+ }
- subpk->pubkey_usage = key_usage;
-
- p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
- if ( p && buffer_to_u32(p) )
- key_expire = keytimestamp + buffer_to_u32(p);
- else
- key_expire = 0;
- subpk->has_expired = key_expire >= curtime? 0 : key_expire;
- subpk->expiredate = key_expire;
-
- /* algo doesn't exist */
- if(openpgp_pk_test_algo(subpk->pubkey_algo))
- return;
+ subpk->pubkey_usage = key_usage;
- subpk->is_valid = 1;
+ p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_KEY_EXPIRE, NULL);
+ if (p && buffer_to_u32 (p))
+ key_expire = keytimestamp + buffer_to_u32 (p);
+ else
+ key_expire = 0;
+ subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
+ subpk->expiredate = key_expire;
- /* Find the most recent 0x19 embedded signature on our self-sig. */
- if(subpk->backsig==0)
- {
- int seq=0;
- size_t n;
- PKT_signature *backsig=NULL;
+ /* Algo doesn't exist. */
+ if (openpgp_pk_test_algo (subpk->pubkey_algo))
+ return;
- sigdate=0;
+ subpk->is_valid = 1;
- /* We do this while() since there may be other embedded
- signatures in the future. We only want 0x19 here. */
+ /* Find the most recent 0x19 embedded signature on our self-sig. */
+ if (subpk->backsig == 0)
+ {
+ int seq = 0;
+ size_t n;
+ PKT_signature *backsig = NULL;
- while((p=enum_sig_subpkt(sig->hashed,
- SIGSUBPKT_SIGNATURE,&n,&seq,NULL)))
- if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
- {
- PKT_signature *tempsig=buf_to_sig(p,n);
- if(tempsig)
- {
- if(tempsig->timestamp>sigdate)
- {
- if(backsig)
- free_seckey_enc(backsig);
+ sigdate = 0;
- backsig=tempsig;
- sigdate=backsig->timestamp;
- }
- else
- free_seckey_enc(tempsig);
- }
- }
+ /* We do this while() since there may be other embedded
+ signatures in the future. We only want 0x19 here. */
- seq=0;
+ while ((p = enum_sig_subpkt (sig->hashed,
+ SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
+ if (n > 3
+ && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
+ {
+ PKT_signature *tempsig = buf_to_sig (p, n);
+ if (tempsig)
+ {
+ if (tempsig->timestamp > sigdate)
+ {
+ if (backsig)
+ free_seckey_enc (backsig);
- /* It is safe to have this in the unhashed area since the 0x19
- is located on the selfsig for convenience, not security. */
+ backsig = tempsig;
+ sigdate = backsig->timestamp;
+ }
+ else
+ free_seckey_enc (tempsig);
+ }
+ }
- while((p=enum_sig_subpkt(sig->unhashed,SIGSUBPKT_SIGNATURE,
- &n,&seq,NULL)))
- if(n>3 && ((p[0]==3 && p[2]==0x19) || (p[0]==4 && p[1]==0x19)))
- {
- PKT_signature *tempsig=buf_to_sig(p,n);
- if(tempsig)
- {
- if(tempsig->timestamp>sigdate)
- {
- if(backsig)
- free_seckey_enc(backsig);
+ seq = 0;
- backsig=tempsig;
- sigdate=backsig->timestamp;
- }
- else
- free_seckey_enc(tempsig);
- }
- }
+ /* It is safe to have this in the unhashed area since the 0x19
+ is located on the selfsig for convenience, not security. */
- if(backsig)
+ while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
+ &n, &seq, NULL)))
+ if (n > 3
+ && ((p[0] == 3 && p[2] == 0x19) || (p[0] == 4 && p[1] == 0x19)))
{
- /* At ths point, backsig contains the most recent 0x19 sig.
- Let's see if it is good. */
-
- /* 2==valid, 1==invalid, 0==didn't check */
- if(check_backsig(mainpk,subpk,backsig)==0)
- subpk->backsig=2;
- else
- subpk->backsig=1;
+ PKT_signature *tempsig = buf_to_sig (p, n);
+ if (tempsig)
+ {
+ if (tempsig->timestamp > sigdate)
+ {
+ if (backsig)
+ free_seckey_enc (backsig);
- free_seckey_enc(backsig);
+ backsig = tempsig;
+ sigdate = backsig->timestamp;
+ }
+ else
+ free_seckey_enc (tempsig);
+ }
}
- }
+
+ if (backsig)
+ {
+ /* At ths point, backsig contains the most recent 0x19 sig.
+ Let's see if it is good. */
+
+ /* 2==valid, 1==invalid, 0==didn't check */
+ if (check_backsig (mainpk, subpk, backsig) == 0)
+ subpk->backsig = 2;
+ else
+ subpk->backsig = 1;
+
+ free_seckey_enc (backsig);
+ }
+ }
}
-/*
+/*
* Merge information from the self-signatures with the key, so that
* we can later use them more easy.
* The function works by first applying the self signatures to the
@@ -2128,91 +2210,101 @@ merge_selfsigs_subkey( KBNODE keyblock, KBNODE subnode )
* We check all self signatures or validity and ignore all invalid signatures.
* All signatures are then ordered by their creation date ....
* For the primary key:
- * FIXME the docs
+ * FIXME the docs
*/
static void
-merge_selfsigs( KBNODE keyblock )
+merge_selfsigs (KBNODE keyblock)
{
- KBNODE k;
- int revoked;
- struct revoke_info rinfo;
- PKT_public_key *main_pk;
- prefitem_t *prefs;
- int mdc_feature;
-
- if ( keyblock->pkt->pkttype != PKT_PUBLIC_KEY ) {
- if (keyblock->pkt->pkttype == PKT_SECRET_KEY ) {
- log_error ("expected public key but found secret key "
- "- must stop\n");
- /* we better exit here becuase a public key is expected at
- other places too. FIXME: Figure this out earlier and
- don't get to here at all */
- g10_exit (1);
- }
- BUG ();
- }
-
- merge_selfsigs_main ( keyblock, &revoked, &rinfo );
-
- /* now merge in the data from each of the subkeys */
- for(k=keyblock; k; k = k->next ) {
- if ( k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- merge_selfsigs_subkey ( keyblock, k );
- }
- }
-
- main_pk = keyblock->pkt->pkt.public_key;
- if ( revoked || main_pk->has_expired || !main_pk->is_valid ) {
- /* if the primary key is revoked, expired, or invalid we
- * better set the appropriate flags on that key and all
- * subkeys */
- for(k=keyblock; k; k = k->next ) {
- if ( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- PKT_public_key *pk = k->pkt->pkt.public_key;
- if(!main_pk->is_valid)
- pk->is_valid = 0;
- if(revoked && !pk->is_revoked)
- {
- pk->is_revoked = revoked;
- memcpy(&pk->revoked,&rinfo,sizeof(rinfo));
- }
- if(main_pk->has_expired)
- pk->has_expired = main_pk->has_expired;
- }
+ KBNODE k;
+ int revoked;
+ struct revoke_info rinfo;
+ PKT_public_key *main_pk;
+ prefitem_t *prefs;
+ int mdc_feature;
+
+ if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
+ {
+ if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
+ {
+ log_error ("expected public key but found secret key "
+ "- must stop\n");
+ /* We better exit here because a public key is expected at
+ other places too. FIXME: Figure this out earlier and
+ don't get to here at all */
+ g10_exit (1);
+ }
+ BUG ();
+ }
+
+ merge_selfsigs_main (keyblock, &revoked, &rinfo);
+
+ /* Now merge in the data from each of the subkeys. */
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ merge_selfsigs_subkey (keyblock, k);
}
- return;
}
- /* set the preference list of all keys to those of the primary real
- * user ID. Note: we use these preferences when we don't know by
- * which user ID the key has been selected.
- * fixme: we should keep atoms of commonly used preferences or
- * use reference counting to optimize the preference lists storage.
- * FIXME: it might be better to use the intersection of
- * all preferences.
- * Do a similar thing for the MDC feature flag.
- */
- prefs = NULL;
- mdc_feature = 0;
- for (k=keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next) {
- if (k->pkt->pkttype == PKT_USER_ID
- && !k->pkt->pkt.user_id->attrib_data
- && k->pkt->pkt.user_id->is_primary) {
- prefs = k->pkt->pkt.user_id->prefs;
- mdc_feature = k->pkt->pkt.user_id->flags.mdc;
- break;
- }
- }
- for(k=keyblock; k; k = k->next ) {
- if ( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- PKT_public_key *pk = k->pkt->pkt.public_key;
- if (pk->prefs)
- xfree (pk->prefs);
- pk->prefs = copy_prefs (prefs);
- pk->mdc_feature = mdc_feature;
- }
+ main_pk = keyblock->pkt->pkt.public_key;
+ if (revoked || main_pk->has_expired || !main_pk->is_valid)
+ {
+ /* If the primary key is revoked, expired, or invalid we
+ * better set the appropriate flags on that key and all
+ * subkeys. */
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ PKT_public_key *pk = k->pkt->pkt.public_key;
+ if (!main_pk->is_valid)
+ pk->is_valid = 0;
+ if (revoked && !pk->is_revoked)
+ {
+ pk->is_revoked = revoked;
+ memcpy (&pk->revoked, &rinfo, sizeof (rinfo));
+ }
+ if (main_pk->has_expired)
+ pk->has_expired = main_pk->has_expired;
+ }
+ }
+ return;
+ }
+
+ /* Set the preference list of all keys to those of the primary real
+ * user ID. Note: we use these preferences when we don't know by
+ * which user ID the key has been selected.
+ * fixme: we should keep atoms of commonly used preferences or
+ * use reference counting to optimize the preference lists storage.
+ * FIXME: it might be better to use the intersection of
+ * all preferences.
+ * Do a similar thing for the MDC feature flag. */
+ prefs = NULL;
+ mdc_feature = 0;
+ for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_USER_ID
+ && !k->pkt->pkt.user_id->attrib_data
+ && k->pkt->pkt.user_id->is_primary)
+ {
+ prefs = k->pkt->pkt.user_id->prefs;
+ mdc_feature = k->pkt->pkt.user_id->flags.mdc;
+ break;
+ }
+ }
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ PKT_public_key *pk = k->pkt->pkt.public_key;
+ if (pk->prefs)
+ xfree (pk->prefs);
+ pk->prefs = copy_prefs (prefs);
+ pk->mdc_feature = mdc_feature;
+ }
}
}
@@ -2225,124 +2317,135 @@ merge_selfsigs( KBNODE keyblock )
* from the key.
*/
static void
-merge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
+merge_public_with_secret (KBNODE pubblock, KBNODE secblock)
{
- KBNODE pub;
-
- assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
- assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
-
- for (pub=pubblock; pub; pub = pub->next ) {
- if ( pub->pkt->pkttype == PKT_PUBLIC_KEY ) {
- PKT_public_key *pk = pub->pkt->pkt.public_key;
- PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
- assert ( pub == pubblock ); /* only in the first node */
- /* there is nothing to compare in this case, so just replace
- * some information */
- copy_public_parts_to_secret_key ( pk, sk );
- free_public_key ( pk );
- pub->pkt->pkttype = PKT_SECRET_KEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- }
- else if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- /* this is more complicated: it may happen that the sequence
- * of the subkeys dosn't match, so we have to find the
- * appropriate secret key */
- for (sec=secblock->next; sec; sec = sec->next ) {
- if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if ( !cmp_public_secret_key ( pk, sk ) ) {
- copy_public_parts_to_secret_key ( pk, sk );
- free_public_key ( pk );
- pub->pkt->pkttype = PKT_SECRET_SUBKEY;
- pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
- break;
- }
- }
- }
- if ( !sec )
- BUG(); /* already checked in premerge */
- }
+ KBNODE pub;
+
+ assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
+
+ for (pub = pubblock; pub; pub = pub->next)
+ {
+ if (pub->pkt->pkttype == PKT_PUBLIC_KEY)
+ {
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+ PKT_secret_key *sk = secblock->pkt->pkt.secret_key;
+ assert (pub == pubblock); /* Only in the first node. */
+ /* There is nothing to compare in this case, so just replace
+ * some information. */
+ copy_public_parts_to_secret_key (pk, sk);
+ free_public_key (pk);
+ pub->pkt->pkttype = PKT_SECRET_KEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ }
+ else if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ /* This is more complicated: It may happen that the sequence
+ * of the subkeys dosn't match, so we have to find the
+ * appropriate secret key. */
+ for (sec = secblock->next; sec; sec = sec->next)
+ {
+ if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if (!cmp_public_secret_key (pk, sk))
+ {
+ copy_public_parts_to_secret_key (pk, sk);
+ free_public_key (pk);
+ pub->pkt->pkttype = PKT_SECRET_SUBKEY;
+ pub->pkt->pkt.secret_key = copy_secret_key (NULL, sk);
+ break;
+ }
+ }
+ }
+ if (!sec)
+ BUG (); /* Already checked in premerge. */
+ }
}
}
+
/* This function checks that for every public subkey a corresponding
* secret subkey is available and deletes the public subkey otherwise.
* We need this function because we can't delete it later when we
* actually merge the secret parts into the pubring.
- * The function also plays some games with the node flags.
- */
+ * The function also plays some games with the node flags. */
static void
-premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
+premerge_public_with_secret (KBNODE pubblock, KBNODE secblock)
{
- KBNODE last, pub;
-
- assert ( pubblock->pkt->pkttype == PKT_PUBLIC_KEY );
- assert ( secblock->pkt->pkttype == PKT_SECRET_KEY );
-
- for (pub=pubblock,last=NULL; pub; last = pub, pub = pub->next ) {
- pub->flag &= ~3; /* reset bits 0 and 1 */
- if ( pub->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- KBNODE sec;
- PKT_public_key *pk = pub->pkt->pkt.public_key;
-
- for (sec=secblock->next; sec; sec = sec->next ) {
- if ( sec->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- PKT_secret_key *sk = sec->pkt->pkt.secret_key;
- if ( !cmp_public_secret_key ( pk, sk ) ) {
- if ( sk->protect.s2k.mode == 1001 ) {
- /* The secret parts are not available so
- we can't use that key for signing etc.
- Fix the pubkey usage */
- pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
- |PUBKEY_USAGE_AUTH);
- }
- /* transfer flag bits 0 and 1 to the pubblock */
- pub->flag |= (sec->flag &3);
- break;
- }
- }
- }
- if ( !sec ) {
- KBNODE next, ll;
-
- if (opt.verbose)
- log_info (_("no secret subkey"
- " for public subkey %s - ignoring\n"),
- keystr_from_pk (pk));
- /* we have to remove the subkey in this case */
- assert ( last );
- /* find the next subkey */
- for (next=pub->next,ll=pub;
- next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
- ll = next, next = next->next )
- ;
- /* make new link */
- last->next = next;
- /* release this public subkey with all sigs */
- ll->next = NULL;
- release_kbnode( pub );
- /* let the loop continue */
- pub = last;
- }
- }
- }
- /* We need to copy the found bits (0 and 1) from the secret key to
- the public key. This has already been done for the subkeys but
- got lost on the primary key - fix it here *. */
- pubblock->flag |= (secblock->flag & 3);
-}
+ KBNODE last, pub;
+ assert (pubblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ assert (secblock->pkt->pkttype == PKT_SECRET_KEY);
+
+ for (pub = pubblock, last = NULL; pub; last = pub, pub = pub->next)
+ {
+ pub->flag &= ~3; /* Reset bits 0 and 1. */
+ if (pub->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ KBNODE sec;
+ PKT_public_key *pk = pub->pkt->pkt.public_key;
+
+ for (sec = secblock->next; sec; sec = sec->next)
+ {
+ if (sec->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ PKT_secret_key *sk = sec->pkt->pkt.secret_key;
+ if (!cmp_public_secret_key (pk, sk))
+ {
+ if (sk->protect.s2k.mode == 1001)
+ {
+ /* The secret parts are not available so
+ we can't use that key for signing etc.
+ Fix the pubkey usage */
+ pk->pubkey_usage &= ~(PUBKEY_USAGE_SIG
+ | PUBKEY_USAGE_AUTH);
+ }
+ /* Transfer flag bits 0 and 1 to the pubblock. */
+ pub->flag |= (sec->flag & 3);
+ break;
+ }
+ }
+ }
+ if (!sec)
+ {
+ KBNODE next, ll;
+
+ if (opt.verbose)
+ log_info (_("no secret subkey"
+ " for public subkey %s - ignoring\n"),
+ keystr_from_pk (pk));
+ /* We have to remove the subkey in this case. */
+ assert (last);
+ /* Find the next subkey. */
+ for (next = pub->next, ll = pub;
+ next && next->pkt->pkttype != PKT_PUBLIC_SUBKEY;
+ ll = next, next = next->next)
+ ;
+ /* Make new link. */
+ last->next = next;
+ /* Release this public subkey with all sigs. */
+ ll->next = NULL;
+ release_kbnode (pub);
+ /* Let the loop continue. */
+ pub = last;
+ }
+ }
+ }
+ /* We need to copy the found bits (0 and 1) from the secret key to
+ the public key. This has already been done for the subkeys but
+ got lost on the primary key - fix it here. */
+ pubblock->flag |= (secblock->flag & 3);
+}
-/* See see whether the key fits
- * our requirements and in case we do not
- * request the primary key, we should select
- * a suitable subkey.
+/* See see whether the key fits our requirements and in case we do not
+ * request the primary key, we should select a suitable subkey.
+ *
* FIXME: Check against PGP 7 whether we still need a kludge
* to favor type 16 keys over type 20 keys when type 20
* has not been explitely requested.
@@ -2365,291 +2468,316 @@ premerge_public_with_secret ( KBNODE pubblock, KBNODE secblock )
*
* CTX ist the keyblock we are investigating, if FOUNDK is not NULL this
* is the key we actually found by looking at the keyid or a fingerprint and
- * may eitehr point to the primary or one of the subkeys.
- */
-
+ * may either point to the primary or one of the subkeys. */
static int
finish_lookup (GETKEY_CTX ctx)
{
- KBNODE keyblock = ctx->keyblock;
- KBNODE k;
- KBNODE foundk = NULL;
- PKT_user_id *foundu = NULL;
+ KBNODE keyblock = ctx->keyblock;
+ KBNODE k;
+ KBNODE foundk = NULL;
+ PKT_user_id *foundu = NULL;
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
- unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
- /* Request the primary if we're certifying another key, and also
- if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
- do not understand signatures made by a signing subkey. PGP 8
- does. */
- int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
- ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
- u32 latest_date;
- KBNODE latest_key;
- u32 curtime = make_timestamp ();
-
- assert( keyblock->pkt->pkttype == PKT_PUBLIC_KEY );
-
- ctx->found_key = NULL;
-
- if (ctx->exact) {
- for (k=keyblock; k; k = k->next) {
- if ( (k->flag & 1) ) {
- assert ( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
- foundk = k;
- break;
- }
- }
- }
-
- for (k=keyblock; k; k = k->next) {
- if ( (k->flag & 2) ) {
- assert (k->pkt->pkttype == PKT_USER_ID);
- foundu = k->pkt->pkt.user_id;
- break;
- }
- }
-
- if ( DBG_CACHE )
- log_debug( "finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
- (ulong)keyid_from_pk( keyblock->pkt->pkt.public_key, NULL),
- foundk? "one":"all", req_usage);
-
- if (!req_usage) {
- latest_key = foundk? foundk:keyblock;
- goto found;
- }
-
- latest_date = 0;
- latest_key = NULL;
- /* do not look at subkeys if a certification key is requested */
- if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim) {
- KBNODE nextk;
- /* either start a loop or check just this one subkey */
- for (k=foundk?foundk:keyblock; k; k = nextk ) {
- PKT_public_key *pk;
- nextk = k->next;
- if ( k->pkt->pkttype != PKT_PUBLIC_SUBKEY )
- continue;
- if ( foundk )
- nextk = NULL; /* what a hack */
- pk = k->pkt->pkt.public_key;
- if (DBG_CACHE)
- log_debug( "\tchecking subkey %08lX\n",
- (ulong)keyid_from_pk( pk, NULL));
- if ( !pk->is_valid ) {
- if (DBG_CACHE)
- log_debug( "\tsubkey not valid\n");
- continue;
- }
- if ( pk->is_revoked ) {
- if (DBG_CACHE)
- log_debug( "\tsubkey has been revoked\n");
- continue;
- }
- if ( pk->has_expired ) {
- if (DBG_CACHE)
- log_debug( "\tsubkey has expired\n");
- continue;
- }
- if ( pk->timestamp > curtime && !opt.ignore_valid_from ) {
- if (DBG_CACHE)
- log_debug( "\tsubkey not yet valid\n");
- continue;
- }
-
- if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
- if (DBG_CACHE)
- log_debug( "\tusage does not match: want=%x have=%x\n",
- req_usage, pk->pubkey_usage );
- continue;
- }
-
- if (DBG_CACHE)
- log_debug( "\tsubkey might be fine\n");
- /* In case a key has a timestamp of 0 set, we make sure
- that it is used. A better change would be to compare
- ">=" but that might also change the selected keys and
- is as such a more intrusive change. */
- if ( pk->timestamp > latest_date
- || (!pk->timestamp && !latest_date)) {
- latest_date = pk->timestamp;
- latest_key = k;
- }
- }
- }
-
- /* Okay now try the primary key unless we want an exact
- * key ID match on a subkey */
- if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim) {
- PKT_public_key *pk;
- if (DBG_CACHE && !foundk && !req_prim )
- log_debug( "\tno suitable subkeys found - trying primary\n");
- pk = keyblock->pkt->pkt.public_key;
- if ( !pk->is_valid ) {
- if (DBG_CACHE)
- log_debug( "\tprimary key not valid\n");
- }
- else if ( pk->is_revoked ) {
- if (DBG_CACHE)
- log_debug( "\tprimary key has been revoked\n");
- }
- else if ( pk->has_expired ) {
- if (DBG_CACHE)
- log_debug( "\tprimary key has expired\n");
- }
- else if ( !((pk->pubkey_usage&USAGE_MASK) & req_usage) ) {
- if (DBG_CACHE)
- log_debug( "\tprimary key usage does not match: "
- "want=%x have=%x\n",
- req_usage, pk->pubkey_usage );
- }
- else { /* okay */
- if (DBG_CACHE)
- log_debug( "\tprimary key may be used\n");
- latest_key = keyblock;
- latest_date = pk->timestamp;
- }
- }
-
- if ( !latest_key ) {
- if (DBG_CACHE)
- log_debug("\tno suitable key found - giving up\n");
- return 0;
- }
-
- found:
- if (DBG_CACHE)
- log_debug( "\tusing key %08lX\n",
- (ulong)keyid_from_pk( latest_key->pkt->pkt.public_key, NULL) );
-
- if (latest_key) {
- PKT_public_key *pk = latest_key->pkt->pkt.public_key;
- if (pk->user_id)
- free_user_id (pk->user_id);
- pk->user_id = scopy_user_id (foundu);
- }
-
- ctx->found_key = latest_key;
-
- if (latest_key != keyblock && opt.verbose)
- {
- char *tempkeystr=
- xstrdup(keystr_from_pk(latest_key->pkt->pkt.public_key));
- log_info(_("using subkey %s instead of primary key %s\n"),
- tempkeystr, keystr_from_pk(keyblock->pkt->pkt.public_key));
- xfree(tempkeystr);
- }
+ unsigned int req_usage = (ctx->req_usage & USAGE_MASK);
+ /* Request the primary if we're certifying another key, and also
+ if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
+ do not understand signatures made by a signing subkey. PGP 8
+ does. */
+ int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
+ ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
+ u32 latest_date;
+ KBNODE latest_key;
+ u32 curtime = make_timestamp ();
+
+ assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+
+ ctx->found_key = NULL;
+
+ if (ctx->exact)
+ {
+ for (k = keyblock; k; k = k->next)
+ {
+ if ((k->flag & 1))
+ {
+ assert (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+ foundk = k;
+ break;
+ }
+ }
+ }
+
+ for (k = keyblock; k; k = k->next)
+ {
+ if ((k->flag & 2))
+ {
+ assert (k->pkt->pkttype == PKT_USER_ID);
+ foundu = k->pkt->pkt.user_id;
+ break;
+ }
+ }
+
+ if (DBG_CACHE)
+ log_debug ("finish_lookup: checking key %08lX (%s)(req_usage=%x)\n",
+ (ulong) keyid_from_pk (keyblock->pkt->pkt.public_key, NULL),
+ foundk ? "one" : "all", req_usage);
+
+ if (!req_usage)
+ {
+ latest_key = foundk ? foundk : keyblock;
+ goto found;
+ }
+
+ latest_date = 0;
+ latest_key = NULL;
+ /* Do not look at subkeys if a certification key is requested. */
+ if ((!foundk || foundk->pkt->pkttype == PKT_PUBLIC_SUBKEY) && !req_prim)
+ {
+ KBNODE nextk;
+ /* ceither start a loop or check just this one subkey. */
+ for (k = foundk ? foundk : keyblock; k; k = nextk)
+ {
+ PKT_public_key *pk;
+ nextk = k->next;
+ if (k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+ if (foundk)
+ nextk = NULL; /* what a hack */
+ pk = k->pkt->pkt.public_key;
+ if (DBG_CACHE)
+ log_debug ("\tchecking subkey %08lX\n",
+ (ulong) keyid_from_pk (pk, NULL));
+ if (!pk->is_valid)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tsubkey not valid\n");
+ continue;
+ }
+ if (pk->is_revoked)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tsubkey has been revoked\n");
+ continue;
+ }
+ if (pk->has_expired)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tsubkey has expired\n");
+ continue;
+ }
+ if (pk->timestamp > curtime && !opt.ignore_valid_from)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tsubkey not yet valid\n");
+ continue;
+ }
+
+ if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
+ {
+ if (DBG_CACHE)
+ log_debug ("\tusage does not match: want=%x have=%x\n",
+ req_usage, pk->pubkey_usage);
+ continue;
+ }
+
+ if (DBG_CACHE)
+ log_debug ("\tsubkey might be fine\n");
+ /* In case a key has a timestamp of 0 set, we make sure
+ that it is used. A better change would be to compare
+ ">=" but that might also change the selected keys and
+ is as such a more intrusive change. */
+ if (pk->timestamp > latest_date || (!pk->timestamp && !latest_date))
+ {
+ latest_date = pk->timestamp;
+ latest_key = k;
+ }
+ }
+ }
+
+ /* Okay now try the primary key unless we want an exact
+ * key ID match on a subkey */
+ if ((!latest_key && !(ctx->exact && foundk != keyblock)) || req_prim)
+ {
+ PKT_public_key *pk;
+ if (DBG_CACHE && !foundk && !req_prim)
+ log_debug ("\tno suitable subkeys found - trying primary\n");
+ pk = keyblock->pkt->pkt.public_key;
+ if (!pk->is_valid)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tprimary key not valid\n");
+ }
+ else if (pk->is_revoked)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tprimary key has been revoked\n");
+ }
+ else if (pk->has_expired)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tprimary key has expired\n");
+ }
+ else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
+ {
+ if (DBG_CACHE)
+ log_debug ("\tprimary key usage does not match: "
+ "want=%x have=%x\n", req_usage, pk->pubkey_usage);
+ }
+ else /* Okay. */
+ {
+ if (DBG_CACHE)
+ log_debug ("\tprimary key may be used\n");
+ latest_key = keyblock;
+ latest_date = pk->timestamp;
+ }
+ }
+
+ if (!latest_key)
+ {
+ if (DBG_CACHE)
+ log_debug ("\tno suitable key found - giving up\n");
+ return 0;
+ }
+
+found:
+ if (DBG_CACHE)
+ log_debug ("\tusing key %08lX\n",
+ (ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL));
+
+ if (latest_key)
+ {
+ PKT_public_key *pk = latest_key->pkt->pkt.public_key;
+ if (pk->user_id)
+ free_user_id (pk->user_id);
+ pk->user_id = scopy_user_id (foundu);
+ }
+
+ ctx->found_key = latest_key;
+
+ if (latest_key != keyblock && opt.verbose)
+ {
+ char *tempkeystr =
+ xstrdup (keystr_from_pk (latest_key->pkt->pkt.public_key));
+ log_info (_("using subkey %s instead of primary key %s\n"),
+ tempkeystr, keystr_from_pk (keyblock->pkt->pkt.public_key));
+ xfree (tempkeystr);
+ }
- cache_user_id( keyblock );
-
- return 1; /* found */
+ cache_user_id (keyblock);
+
+ return 1; /* Found. */
}
static int
-lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
+lookup (GETKEY_CTX ctx, KBNODE * ret_keyblock, int secmode)
{
- int rc;
- KBNODE secblock = NULL; /* helper */
- int no_suitable_key = 0;
-
- rc = 0;
- while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems))) {
- /* If we are searching for the first key we have to make sure
- that the next iteration does not do an implicit reset.
- This can be triggered by an empty key ring. */
- if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
- ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
-
- rc = keydb_get_keyblock (ctx->kr_handle, &ctx->keyblock);
- if (rc) {
- log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
- rc = 0;
- goto skip;
- }
-
- if ( secmode ) {
- /* find the correspondig public key and use this
- * this one for the selection process */
- u32 aki[2];
- KBNODE k = ctx->keyblock;
-
- if (k->pkt->pkttype != PKT_SECRET_KEY)
- BUG();
-
- keyid_from_sk (k->pkt->pkt.secret_key, aki);
- k = get_pubkeyblock (aki);
- if( !k )
- {
- if (!opt.quiet)
- log_info(_("key %s: secret key without public key"
- " - skipped\n"), keystr(aki));
- goto skip;
- }
- secblock = ctx->keyblock;
- ctx->keyblock = k;
-
- premerge_public_with_secret ( ctx->keyblock, secblock );
- }
-
- /* warning: node flag bits 0 and 1 should be preserved by
- * merge_selfsigs. For secret keys, premerge did tranfer the
- * keys to the keyblock */
- merge_selfsigs ( ctx->keyblock );
- if ( finish_lookup (ctx) ) {
- no_suitable_key = 0;
- if ( secmode ) {
- merge_public_with_secret ( ctx->keyblock,
- secblock);
- release_kbnode (secblock);
- secblock = NULL;
- }
- goto found;
- }
- else
- no_suitable_key = 1;
-
- skip:
- /* release resources and continue search */
- if ( secmode ) {
- release_kbnode( secblock );
- secblock = NULL;
- }
- release_kbnode( ctx->keyblock );
- ctx->keyblock = NULL;
- }
-
- found:
- if( rc && rc != -1 )
- log_error("keydb_search failed: %s\n", g10_errstr(rc));
-
- if( !rc ) {
- *ret_keyblock = ctx->keyblock; /* return the keyblock */
- ctx->keyblock = NULL;
- }
- else if (rc == -1 && no_suitable_key)
- rc = secmode ? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
- else if( rc == -1 )
- rc = secmode ? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
-
- if ( secmode ) {
- release_kbnode( secblock );
- secblock = NULL;
- }
- release_kbnode( ctx->keyblock );
- ctx->keyblock = NULL;
-
- ctx->last_rc = rc;
- return rc;
+ int rc;
+ KBNODE secblock = NULL; /* Helper. */
+ int no_suitable_key = 0;
+
+ rc = 0;
+ while (!(rc = keydb_search (ctx->kr_handle, ctx->items, ctx->nitems)))
+ {
+ /* If we are searching for the first key we have to make sure
+ that the next iteration does not do an implicit reset.
+ This can be triggered by an empty key ring. */
+ if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
+ ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
+
+ rc = keydb_get_keyblock (ctx->kr_handle, &ctx->keyblock);
+ if (rc)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
+ rc = 0;
+ goto skip;
+ }
+
+ if (secmode)
+ {
+ /* Find the correspondig public key and use this
+ * this one for the selection process. */
+ u32 aki[2];
+ KBNODE k = ctx->keyblock;
+
+ if (k->pkt->pkttype != PKT_SECRET_KEY)
+ BUG ();
+
+ keyid_from_sk (k->pkt->pkt.secret_key, aki);
+ k = get_pubkeyblock (aki);
+ if (!k)
+ {
+ if (!opt.quiet)
+ log_info (_("key %s: secret key without public key"
+ " - skipped\n"), keystr (aki));
+ goto skip;
+ }
+ secblock = ctx->keyblock;
+ ctx->keyblock = k;
+
+ premerge_public_with_secret (ctx->keyblock, secblock);
+ }
+
+ /* Warning: node flag bits 0 and 1 should be preserved by
+ * merge_selfsigs. For secret keys, premerge did tranfer the
+ * keys to the keyblock. */
+ merge_selfsigs (ctx->keyblock);
+ if (finish_lookup (ctx))
+ {
+ no_suitable_key = 0;
+ if (secmode)
+ {
+ merge_public_with_secret (ctx->keyblock, secblock);
+ release_kbnode (secblock);
+ secblock = NULL;
+ }
+ goto found;
+ }
+ else
+ no_suitable_key = 1;
+
+ skip:
+ /* Release resources and continue search. */
+ if (secmode)
+ {
+ release_kbnode (secblock);
+ secblock = NULL;
+ }
+ release_kbnode (ctx->keyblock);
+ ctx->keyblock = NULL;
+ }
+
+found:
+ if (rc && rc != -1)
+ log_error ("keydb_search failed: %s\n", g10_errstr (rc));
+
+ if (!rc)
+ {
+ *ret_keyblock = ctx->keyblock; /* Return the keyblock. */
+ ctx->keyblock = NULL;
+ }
+ else if (rc == -1 && no_suitable_key)
+ rc = secmode ? G10ERR_UNU_SECKEY : G10ERR_UNU_PUBKEY;
+ else if (rc == -1)
+ rc = secmode ? G10ERR_NO_SECKEY : G10ERR_NO_PUBKEY;
+
+ if (secmode)
+ {
+ release_kbnode (secblock);
+ secblock = NULL;
+ }
+ release_kbnode (ctx->keyblock);
+ ctx->keyblock = NULL;
+
+ ctx->last_rc = rc;
+ return rc;
}
/****************
- * FIXME: Replace by the generic function
- * It does not work as it is right now - it is used at
+ * FIXME: Replace by the generic function
+ * It does not work as it is right now - it is used at
* 2 places: a) to get the key for an anonyous recipient
* b) to get the ultimately trusted keys.
* The a) usage might have some problems.
@@ -2667,268 +2795,289 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
* so that can free it's context.
*/
int
-enum_secret_keys( void **context, PKT_secret_key *sk,
- int with_subkeys, int with_spm )
+enum_secret_keys (void **context, PKT_secret_key * sk,
+ int with_subkeys, int with_spm)
{
- int rc=0;
- struct {
- int eof;
- int first;
- KEYDB_HANDLE hd;
- KBNODE keyblock;
- KBNODE node;
- } *c = *context;
-
-
- if( !c ) { /* make a new context */
- c = xmalloc_clear( sizeof *c );
- *context = c;
- c->hd = keydb_new (1);
- c->first = 1;
- c->keyblock = NULL;
- c->node = NULL;
- }
-
- if( !sk ) { /* free the context */
- keydb_release (c->hd);
- release_kbnode (c->keyblock);
- xfree( c );
- *context = NULL;
- return 0;
- }
-
- if( c->eof )
- return -1;
-
- do {
- /* get the next secret key from the current keyblock */
- for (; c->node; c->node = c->node->next) {
- if ((c->node->pkt->pkttype == PKT_SECRET_KEY
- || (with_subkeys
- && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) )
- && !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001
- && !with_spm)) {
- copy_secret_key (sk, c->node->pkt->pkt.secret_key );
- c->node = c->node->next;
- return 0; /* found */
- }
- }
- release_kbnode (c->keyblock);
- c->keyblock = c->node = NULL;
-
- rc = c->first? keydb_search_first (c->hd) : keydb_search_next (c->hd);
- c->first = 0;
- if (rc) {
- keydb_release (c->hd); c->hd = NULL;
- c->eof = 1;
- return -1; /* eof */
- }
-
- rc = keydb_get_keyblock (c->hd, &c->keyblock);
- c->node = c->keyblock;
- } while (!rc);
-
- return rc; /* error */
-}
+ int rc = 0;
+ struct
+ {
+ int eof;
+ int first;
+ KEYDB_HANDLE hd;
+ KBNODE keyblock;
+ KBNODE node;
+ } *c = *context;
+
+ if (!c)
+ {
+ /* Make a new context. */
+ c = xmalloc_clear (sizeof *c);
+ *context = c;
+ c->hd = keydb_new (1);
+ c->first = 1;
+ c->keyblock = NULL;
+ c->node = NULL;
+ }
+ if (!sk)
+ {
+ /* Free the context. */
+ keydb_release (c->hd);
+ release_kbnode (c->keyblock);
+ xfree (c);
+ *context = NULL;
+ return 0;
+ }
+
+ if (c->eof)
+ return -1;
+
+ do
+ {
+ /* Get the next secret key from the current keyblock. */
+ for (; c->node; c->node = c->node->next)
+ {
+ if ((c->node->pkt->pkttype == PKT_SECRET_KEY
+ || (with_subkeys
+ && c->node->pkt->pkttype == PKT_SECRET_SUBKEY))
+ && !(c->node->pkt->pkt.secret_key->protect.s2k.mode == 1001
+ && !with_spm))
+ {
+ copy_secret_key (sk, c->node->pkt->pkt.secret_key);
+ c->node = c->node->next;
+ return 0; /* Found. */
+ }
+ }
+ release_kbnode (c->keyblock);
+ c->keyblock = c->node = NULL;
+
+ rc = c->first ? keydb_search_first (c->hd) : keydb_search_next (c->hd);
+ c->first = 0;
+ if (rc)
+ {
+ keydb_release (c->hd);
+ c->hd = NULL;
+ c->eof = 1;
+ return -1; /* eof */
+ }
+
+ rc = keydb_get_keyblock (c->hd, &c->keyblock);
+ c->node = c->keyblock;
+ }
+ while (!rc);
+
+ return rc; /* Error. */
+}
+
+
/*********************************************
- *********** user ID printing helpers *******
+ *********** User ID printing helpers *******
*********************************************/
-/****************
- * Return a string with a printable representation of the user_id.
- * this string must be freed by xfree.
- */
-char*
-get_user_id_string( u32 *keyid )
+/* Return a string with a printable representation of the user_id.
+ * this string must be freed by xfree. */
+char *
+get_user_id_string (u32 * keyid)
{
user_id_db_t r;
char *p;
- int pass=0;
- /* try it two times; second pass reads from key resources */
+ int pass = 0;
+ /* Try it two times; second pass reads from key resources. */
do
{
- for(r=user_id_db; r; r = r->next )
+ for (r = user_id_db; r; r = r->next)
{
keyid_list_t a;
- for (a=r->keyids; a; a= a->next )
+ for (a = r->keyids; a; a = a->next)
{
- if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] )
+ if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
{
- p = xmalloc( keystrlen() + 1 + r->len + 1 );
- sprintf(p, "%s %.*s", keystr(keyid), r->len, r->name );
+ p = xmalloc (keystrlen () + 1 + r->len + 1);
+ sprintf (p, "%s %.*s", keystr (keyid), r->len, r->name);
return p;
}
}
- }
- } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
- p = xmalloc( keystrlen() + 5 );
- sprintf(p, "%s [?]", keystr(keyid));
+ }
+ }
+ while (++pass < 2 && !get_pubkey (NULL, keyid));
+ p = xmalloc (keystrlen () + 5);
+ sprintf (p, "%s [?]", keystr (keyid));
return p;
}
-char*
-get_user_id_string_native ( u32 *keyid )
+char *
+get_user_id_string_native (u32 * keyid)
{
- char *p = get_user_id_string( keyid );
- char *p2 = utf8_to_native( p, strlen(p), 0 );
- xfree(p);
+ char *p = get_user_id_string (keyid);
+ char *p2 = utf8_to_native (p, strlen (p), 0);
+ xfree (p);
return p2;
}
-char*
-get_long_user_id_string( u32 *keyid )
+char *
+get_long_user_id_string (u32 * keyid)
{
- user_id_db_t r;
- char *p;
- int pass=0;
- /* try it two times; second pass reads from key resources */
- do {
- for(r=user_id_db; r; r = r->next ) {
- keyid_list_t a;
- for (a=r->keyids; a; a= a->next ) {
- if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
- p = xmalloc( r->len + 20 );
- sprintf(p, "%08lX%08lX %.*s",
- (ulong)keyid[0], (ulong)keyid[1],
- r->len, r->name );
- return p;
- }
- }
- }
- } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
- p = xmalloc( 25 );
- sprintf(p, "%08lX%08lX [?]", (ulong)keyid[0], (ulong)keyid[1] );
- return p;
+ user_id_db_t r;
+ char *p;
+ int pass = 0;
+ /* Try it two times; second pass reads from key resources. */
+ do
+ {
+ for (r = user_id_db; r; r = r->next)
+ {
+ keyid_list_t a;
+ for (a = r->keyids; a; a = a->next)
+ {
+ if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
+ {
+ p = xmalloc (r->len + 20);
+ sprintf (p, "%08lX%08lX %.*s",
+ (ulong) keyid[0], (ulong) keyid[1],
+ r->len, r->name);
+ return p;
+ }
+ }
+ }
+ }
+ while (++pass < 2 && !get_pubkey (NULL, keyid));
+ p = xmalloc (25);
+ sprintf (p, "%08lX%08lX [?]", (ulong) keyid[0], (ulong) keyid[1]);
+ return p;
}
-char*
-get_user_id( u32 *keyid, size_t *rn )
+char *
+get_user_id (u32 * keyid, size_t * rn)
{
- user_id_db_t r;
- char *p;
- int pass=0;
-
- /* try it two times; second pass reads from key resources */
- do {
- for(r=user_id_db; r; r = r->next ) {
- keyid_list_t a;
- for (a=r->keyids; a; a= a->next ) {
- if( a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1] ) {
- p = xmalloc( r->len );
- memcpy(p, r->name, r->len );
- *rn = r->len;
- return p;
- }
- }
- }
- } while( ++pass < 2 && !get_pubkey( NULL, keyid ) );
- p = xstrdup( user_id_not_found_utf8 () );
- *rn = strlen(p);
- return p;
+ user_id_db_t r;
+ char *p;
+ int pass = 0;
+
+ /* Try it two times; second pass reads from key resources. */
+ do
+ {
+ for (r = user_id_db; r; r = r->next)
+ {
+ keyid_list_t a;
+ for (a = r->keyids; a; a = a->next)
+ {
+ if (a->keyid[0] == keyid[0] && a->keyid[1] == keyid[1])
+ {
+ p = xmalloc (r->len);
+ memcpy (p, r->name, r->len);
+ *rn = r->len;
+ return p;
+ }
+ }
+ }
+ }
+ while (++pass < 2 && !get_pubkey (NULL, keyid));
+ p = xstrdup (user_id_not_found_utf8 ());
+ *rn = strlen (p);
+ return p;
}
-char*
-get_user_id_native( u32 *keyid )
+char *
+get_user_id_native (u32 * keyid)
{
size_t rn;
- char *p = get_user_id( keyid, &rn );
- char *p2 = utf8_to_native( p, rn, 0 );
- xfree(p);
+ char *p = get_user_id (keyid, &rn);
+ char *p2 = utf8_to_native (p, rn, 0);
+ xfree (p);
return p2;
}
KEYDB_HANDLE
-get_ctx_handle(GETKEY_CTX ctx)
+get_ctx_handle (GETKEY_CTX ctx)
{
return ctx->kr_handle;
}
static void
-free_akl(struct akl *akl)
+free_akl (struct akl *akl)
{
- if(akl->spec)
- free_keyserver_spec(akl->spec);
+ if (akl->spec)
+ free_keyserver_spec (akl->spec);
- xfree(akl);
+ xfree (akl);
}
void
-release_akl(void)
+release_akl (void)
{
- while(opt.auto_key_locate)
+ while (opt.auto_key_locate)
{
- struct akl *akl2=opt.auto_key_locate;
- opt.auto_key_locate=opt.auto_key_locate->next;
- free_akl(akl2);
+ struct akl *akl2 = opt.auto_key_locate;
+ opt.auto_key_locate = opt.auto_key_locate->next;
+ free_akl (akl2);
}
}
/* Returns false on error. */
int
-parse_auto_key_locate(char *options)
+parse_auto_key_locate (char *options)
{
char *tok;
- while((tok=optsep(&options)))
+ while ((tok = optsep (&options)))
{
- struct akl *akl,*check,*last=NULL;
- int dupe=0;
+ struct akl *akl, *check, *last = NULL;
+ int dupe = 0;
- if(tok[0]=='\0')
+ if (tok[0] == '\0')
continue;
- akl=xmalloc_clear(sizeof(*akl));
+ akl = xmalloc_clear (sizeof (*akl));
- if(ascii_strcasecmp(tok,"nodefault")==0)
- akl->type=AKL_NODEFAULT;
- else if(ascii_strcasecmp(tok,"local")==0)
- akl->type=AKL_LOCAL;
- else if(ascii_strcasecmp(tok,"ldap")==0)
- akl->type=AKL_LDAP;
- else if(ascii_strcasecmp(tok,"keyserver")==0)
- akl->type=AKL_KEYSERVER;
+ if (ascii_strcasecmp (tok, "nodefault") == 0)
+ akl->type = AKL_NODEFAULT;
+ else if (ascii_strcasecmp (tok, "local") == 0)
+ akl->type = AKL_LOCAL;
+ else if (ascii_strcasecmp (tok, "ldap") == 0)
+ akl->type = AKL_LDAP;
+ else if (ascii_strcasecmp (tok, "keyserver") == 0)
+ akl->type = AKL_KEYSERVER;
#ifdef USE_DNS_CERT
- else if(ascii_strcasecmp(tok,"cert")==0)
- akl->type=AKL_CERT;
+ else if (ascii_strcasecmp (tok, "cert") == 0)
+ akl->type = AKL_CERT;
#endif
#ifdef USE_DNS_PKA
- else if(ascii_strcasecmp(tok,"pka")==0)
- akl->type=AKL_PKA;
+ else if (ascii_strcasecmp (tok, "pka") == 0)
+ akl->type = AKL_PKA;
#endif
- else if((akl->spec=parse_keyserver_uri(tok,1,NULL,0)))
- akl->type=AKL_SPEC;
+ else if ((akl->spec = parse_keyserver_uri (tok, 1, NULL, 0)))
+ akl->type = AKL_SPEC;
else
{
- free_akl(akl);
+ free_akl (akl);
return 0;
}
/* We must maintain the order the user gave us */
- for(check=opt.auto_key_locate;check;last=check,check=check->next)
+ for (check = opt.auto_key_locate; check;
+ last = check, check = check->next)
{
/* Check for duplicates */
- if(check->type==akl->type
- && (akl->type!=AKL_SPEC
- || (akl->type==AKL_SPEC
- && strcmp(check->spec->uri,akl->spec->uri)==0)))
+ if (check->type == akl->type
+ && (akl->type != AKL_SPEC
+ || (akl->type == AKL_SPEC
+ && strcmp (check->spec->uri, akl->spec->uri) == 0)))
{
- dupe=1;
- free_akl(akl);
+ dupe = 1;
+ free_akl (akl);
break;
}
}
- if(!dupe)
+ if (!dupe)
{
- if(last)
- last->next=akl;
+ if (last)
+ last->next = akl;
else
- opt.auto_key_locate=akl;
+ opt.auto_key_locate = akl;
}
}
diff --git a/g10/keydb.c b/g10/keydb.c
index 41b8c1d33..4236a5f94 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -353,6 +353,8 @@ keydb_new (int secret)
KEYDB_HANDLE hd;
int i, j;
+ if (secret)
+ log_debug ("FIXME: keydb_new called for secret keys\n");
hd = xmalloc_clear (sizeof *hd);
hd->found = -1;
diff --git a/g10/keylist.c b/g10/keylist.c
index 4a76ee065..460e889b2 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1,6 +1,6 @@
-/* keylist.c - print keys
+/* keylist.c - Print information about OpenPGP keys
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
- * 2008 Free Software Foundation, Inc.
+ * 2008, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -25,7 +25,7 @@
#include <errno.h>
#include <assert.h>
#ifdef HAVE_DOSISH_SYSTEM
-#include <fcntl.h> /* for setmode() */
+#include <fcntl.h> /* for setmode() */
#endif
#include "gpg.h"
@@ -41,10 +41,10 @@
#include "i18n.h"
#include "status.h"
-static void list_all(int);
-static void list_one( strlist_t names, int secret);
+static void list_all (int);
+static void list_one (strlist_t names, int secret);
static void locate_one (strlist_t names);
-static void print_card_serialno (PKT_secret_key *sk);
+static void print_card_serialno (PKT_secret_key * sk);
struct sig_stats
{
@@ -56,47 +56,47 @@ struct sig_stats
/* The stream used to write attribute packets to. */
static FILE *attrib_fp = NULL;
-/****************
- * List the keys
- * If list is NULL, all available keys are listed
- */
+
+/* List the keys. If list is NULL, all available keys are listed.
+ With LOCATE_MODE set the locate algorithm is used to find a
+ key. */
void
-public_key_list( strlist_t list, int locate_mode )
+public_key_list (strlist_t list, int locate_mode)
{
if (opt.with_colons)
{
- byte trust_model,marginals,completes,cert_depth;
- ulong created,nextcheck;
+ byte trust_model, marginals, completes, cert_depth;
+ ulong created, nextcheck;
- read_trust_options(&trust_model,&created,&nextcheck,
- &marginals,&completes,&cert_depth);
+ read_trust_options (&trust_model, &created, &nextcheck,
+ &marginals, &completes, &cert_depth);
- printf("tru:");
+ printf ("tru:");
- if(nextcheck && nextcheck <= make_timestamp())
- printf("o");
- if(trust_model!=opt.trust_model)
- printf("t");
- if(opt.trust_model==TM_PGP || opt.trust_model==TM_CLASSIC)
+ if (nextcheck && nextcheck <= make_timestamp ())
+ printf ("o");
+ if (trust_model != opt.trust_model)
+ printf ("t");
+ if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC)
{
- if(marginals!=opt.marginals_needed)
- printf("m");
- if(completes!=opt.completes_needed)
- printf("c");
- if(cert_depth!=opt.max_cert_depth)
- printf("d");
+ if (marginals != opt.marginals_needed)
+ printf ("m");
+ if (completes != opt.completes_needed)
+ printf ("c");
+ if (cert_depth != opt.max_cert_depth)
+ printf ("d");
}
- printf(":%d:%lu:%lu",trust_model,created,nextcheck);
+ printf (":%d:%lu:%lu", trust_model, created, nextcheck);
/* Only show marginals, completes, and cert_depth in the classic
- or PGP trust models since they are not meaningful
- otherwise. */
+ or PGP trust models since they are not meaningful
+ otherwise. */
- if(trust_model==TM_PGP || trust_model==TM_CLASSIC)
- printf(":%d:%d:%d",marginals,completes,cert_depth);
+ if (trust_model == TM_PGP || trust_model == TM_CLASSIC)
+ printf (":%d:%d:%d", marginals, completes, cert_depth);
- printf("\n");
+ printf ("\n");
}
/* We need to do the stale check right here because it might need to
@@ -116,38 +116,38 @@ public_key_list( strlist_t list, int locate_mode )
void
-secret_key_list( strlist_t list )
+secret_key_list (strlist_t list)
{
- check_trustdb_stale ();
+ check_trustdb_stale ();
- if( !list )
- list_all(1);
- else /* List by user id */
- list_one( list, 1 );
+ if (!list)
+ list_all (1);
+ else /* List by user id */
+ list_one (list, 1);
}
void
-print_seckey_info (PKT_secret_key *sk)
+print_seckey_info (PKT_secret_key * sk)
{
u32 keyid[2];
char *p;
keyid_from_sk (sk, keyid);
- p=get_user_id_native(keyid);
+ p = get_user_id_native (keyid);
tty_printf ("\nsec %4u%c/%s %s %s\n",
nbits_from_sk (sk),
pubkey_letter (sk->pubkey_algo),
- keystr(keyid), datestr_from_sk (sk), p);
-
+ keystr (keyid), datestr_from_sk (sk), p);
+
xfree (p);
}
/* Print information about the public key. With FP passed as NULL,
the tty output interface is used, otherwise output is directted to
- the given stream. */
+ the given stream. */
void
-print_pubkey_info (FILE *fp, PKT_public_key *pk)
+print_pubkey_info (FILE * fp, PKT_public_key * pk)
{
u32 keyid[2];
char *p;
@@ -155,135 +155,138 @@ print_pubkey_info (FILE *fp, PKT_public_key *pk)
keyid_from_pk (pk, keyid);
/* If the pk was chosen by a particular user ID, that is the one to
- print. */
- if(pk->user_id)
- p=utf8_to_native(pk->user_id->name,pk->user_id->len,0);
+ print. */
+ if (pk->user_id)
+ p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0);
else
- p=get_user_id_native(keyid);
+ p = get_user_id_native (keyid);
if (fp)
fprintf (fp, "pub %4u%c/%s %s %s\n",
- nbits_from_pk (pk),
- pubkey_letter (pk->pubkey_algo),
- keystr(keyid), datestr_from_pk (pk), p);
+ nbits_from_pk (pk),
+ pubkey_letter (pk->pubkey_algo),
+ keystr (keyid), datestr_from_pk (pk), p);
else
tty_printf ("\npub %4u%c/%s %s %s\n",
- nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
- keystr(keyid), datestr_from_pk (pk), p);
+ nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+ keystr (keyid), datestr_from_pk (pk), p);
xfree (p);
}
/* Print basic information of a secret key including the card serial
- number information. */
+ number information. */
void
-print_card_key_info (FILE *fp, KBNODE keyblock)
+print_card_key_info (FILE * fp, KBNODE keyblock)
{
KBNODE node;
int i;
- for (node = keyblock; node; node = node->next )
+ for (node = keyblock; node; node = node->next)
{
if (node->pkt->pkttype == PKT_SECRET_KEY
- || (node->pkt->pkttype == PKT_SECRET_SUBKEY) )
- {
- PKT_secret_key *sk = node->pkt->pkt.secret_key;
-
- tty_fprintf (fp, "%s%c %4u%c/%s ",
- node->pkt->pkttype == PKT_SECRET_KEY? "sec":"ssb",
- (sk->protect.s2k.mode==1001)?'#':
- (sk->protect.s2k.mode==1002)?'>':' ',
+ || (node->pkt->pkttype == PKT_SECRET_SUBKEY))
+ {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
+
+ tty_fprintf (fp, "%s%c %4u%c/%s ",
+ node->pkt->pkttype == PKT_SECRET_KEY ? "sec" : "ssb",
+ (sk->protect.s2k.mode == 1001) ? '#' :
+ (sk->protect.s2k.mode == 1002) ? '>' : ' ',
nbits_from_sk (sk),
- pubkey_letter (sk->pubkey_algo),
- keystr_from_sk(sk));
- tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
- tty_fprintf (fp, " ");
- tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
- if (sk->is_protected && sk->protect.s2k.mode == 1002)
- {
- tty_fprintf (fp, "\n ");
- tty_fprintf (fp, _("card-no: "));
- if (sk->protect.ivlen == 16
- && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
- {
- /* This is an OpenPGP card. */
- for (i=8; i < 14; i++)
- {
- if (i == 10)
- tty_fprintf (fp, " ");
- tty_fprintf (fp, "%02X", sk->protect.iv[i]);
- }
- }
- else
- { /* Something is wrong: Print all. */
- for (i=0; i < sk->protect.ivlen; i++)
- tty_fprintf (fp, "%02X", sk->protect.iv[i]);
- }
- }
- tty_fprintf (fp, "\n");
- }
+ pubkey_letter (sk->pubkey_algo), keystr_from_sk (sk));
+ tty_fprintf (fp, _("created: %s"), datestr_from_sk (sk));
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, _("expires: %s"), expirestr_from_sk (sk));
+ if (sk->is_protected && sk->protect.s2k.mode == 1002)
+ {
+ tty_fprintf (fp, "\n ");
+ tty_fprintf (fp, _("card-no: "));
+ if (sk->protect.ivlen == 16
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+ {
+ /* This is an OpenPGP card. */
+ for (i = 8; i < 14; i++)
+ {
+ if (i == 10)
+ tty_fprintf (fp, " ");
+ tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+ }
+ }
+ else
+ {
+ /* Something is wrong: Print all. */
+ for (i = 0; i < sk->protect.ivlen; i++)
+ tty_fprintf (fp, "%02X", sk->protect.iv[i]);
+ }
+ }
+ tty_fprintf (fp, "\n");
+ }
}
}
-/* Flags = 0x01 hashed 0x02 critical */
+/* Flags = 0x01 hashed 0x02 critical. */
static void
-status_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+status_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
+ const byte * buf)
{
char status[40];
/* Don't print these. */
- if(len>256)
+ if (len > 256)
return;
- sprintf(status,"%d %u %u ",type,flags,(unsigned int)len);
+ sprintf (status, "%d %u %u ", type, flags, (unsigned int) len);
- write_status_text_and_buffer(STATUS_SIG_SUBPACKET,status,buf,len,0);
+ write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0);
}
-/*
- mode=0 for stdout.
- mode=1 for log_info + status messages
- mode=2 for status messages only
-*/
+/* Print a policy URL. Allowed values for MODE are:
+ * 0 - print to stdout.
+ * 1 - use log_info and emit status messages.
+ * 2 - emit only status messages.
+ */
void
-show_policy_url(PKT_signature *sig,int indent,int mode)
+show_policy_url (PKT_signature * sig, int indent, int mode)
{
const byte *p;
size_t len;
- int seq=0,crit;
- FILE *fp=mode?log_get_stream():stdout;
+ int seq = 0, crit;
+ FILE *fp = mode ? log_get_stream () : stdout;
- while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,&len,&seq,&crit)))
+ while ((p =
+ enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit)))
{
- if(mode!=2)
+ if (mode != 2)
{
int i;
const char *str;
- for(i=0;i<indent;i++)
- putchar(' ');
+ for (i = 0; i < indent; i++)
+ putchar (' ');
- if(crit)
- str=_("Critical signature policy: ");
+ if (crit)
+ str = _("Critical signature policy: ");
else
- str=_("Signature policy: ");
- if(mode)
- log_info("%s",str);
+ str = _("Signature policy: ");
+ if (mode)
+ log_info ("%s", str);
else
- printf("%s",str);
- print_utf8_string(fp,p,len);
- fprintf(fp,"\n");
+ printf ("%s", str);
+ print_utf8_string (fp, p, len);
+ fprintf (fp, "\n");
}
- if(mode)
- write_status_buffer ( STATUS_POLICY_URL, p, len, 0 );
+ if (mode)
+ write_status_buffer (STATUS_POLICY_URL, p, len, 0);
}
}
+
/*
mode=0 for stdout.
mode=1 for log_info + status messages
@@ -291,37 +294,40 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
*/
/* TODO: use this */
void
-show_keyserver_url(PKT_signature *sig,int indent,int mode)
+show_keyserver_url (PKT_signature * sig, int indent, int mode)
{
const byte *p;
size_t len;
- int seq=0,crit;
- FILE *fp=mode?log_get_stream():stdout;
+ int seq = 0, crit;
+ FILE *fp = mode ? log_get_stream () : stdout;
- while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
+ while ((p =
+ enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq,
+ &crit)))
{
- if(mode!=2)
+ if (mode != 2)
{
int i;
const char *str;
- for(i=0;i<indent;i++)
- putchar(' ');
+ for (i = 0; i < indent; i++)
+ putchar (' ');
- if(crit)
- str=_("Critical preferred keyserver: ");
+ if (crit)
+ str = _("Critical preferred keyserver: ");
else
- str=_("Preferred keyserver: ");
- if(mode)
- log_info("%s",str);
+ str = _("Preferred keyserver: ");
+ if (mode)
+ log_info ("%s", str);
else
- printf("%s",str);
- print_utf8_string(fp,p,len);
- fprintf(fp,"\n");
+ printf ("%s", str);
+ print_utf8_string (fp, p, len);
+ fprintf (fp, "\n");
}
- if(mode)
- status_one_subpacket(SIGSUBPKT_PREF_KS,len,(crit?0x02:0)|0x01,p);
+ if (mode)
+ status_one_subpacket (SIGSUBPKT_PREF_KS, len,
+ (crit ? 0x02 : 0) | 0x01, p);
}
}
@@ -330,209 +336,223 @@ show_keyserver_url(PKT_signature *sig,int indent,int mode)
mode=1 for log_info + status messages
mode=2 for status messages only
- which bits:
- 1 == standard notations
- 2 == user notations
+ Defined bits in WHICH:
+ 1 == standard notations
+ 2 == user notations
*/
-
void
-show_notation(PKT_signature *sig,int indent,int mode,int which)
+show_notation (PKT_signature * sig, int indent, int mode, int which)
{
- FILE *fp=mode?log_get_stream():stdout;
- struct notation *nd,*notations;
+ FILE *fp = mode ? log_get_stream () : stdout;
+ struct notation *nd, *notations;
- if(which==0)
- which=3;
+ if (which == 0)
+ which = 3;
- notations=sig_to_notation(sig);
+ notations = sig_to_notation (sig);
/* There may be multiple notations in the same sig. */
- for(nd=notations;nd;nd=nd->next)
+ for (nd = notations; nd; nd = nd->next)
{
- if(mode!=2)
+ if (mode != 2)
{
- int has_at=!!strchr(nd->name,'@');
+ int has_at = !!strchr (nd->name, '@');
- if((which&1 && !has_at) || (which&2 && has_at))
+ if ((which & 1 && !has_at) || (which & 2 && has_at))
{
int i;
const char *str;
- for(i=0;i<indent;i++)
- putchar(' ');
+ for (i = 0; i < indent; i++)
+ putchar (' ');
- if(nd->flags.critical)
- str=_("Critical signature notation: ");
+ if (nd->flags.critical)
+ str = _("Critical signature notation: ");
else
- str=_("Signature notation: ");
- if(mode)
- log_info("%s",str);
+ str = _("Signature notation: ");
+ if (mode)
+ log_info ("%s", str);
else
- printf("%s",str);
+ printf ("%s", str);
/* This is all UTF8 */
- print_utf8_string(fp,nd->name,strlen(nd->name));
- fprintf(fp,"=");
- print_utf8_string(fp,nd->value,strlen(nd->value));
- fprintf(fp,"\n");
+ print_utf8_string (fp, nd->name, strlen (nd->name));
+ fprintf (fp, "=");
+ print_utf8_string (fp, nd->value, strlen (nd->value));
+ fprintf (fp, "\n");
}
}
- if(mode)
+ if (mode)
{
- write_status_buffer(STATUS_NOTATION_NAME,
- nd->name,strlen(nd->name),0);
- write_status_buffer(STATUS_NOTATION_DATA,
- nd->value,strlen(nd->value),50);
+ write_status_buffer (STATUS_NOTATION_NAME,
+ nd->name, strlen (nd->name), 0);
+ write_status_buffer (STATUS_NOTATION_DATA,
+ nd->value, strlen (nd->value), 50);
}
}
- free_notation(notations);
+ free_notation (notations);
}
static void
-print_signature_stats(struct sig_stats *s)
+print_signature_stats (struct sig_stats *s)
{
- if( s->inv_sigs == 1 )
- tty_printf(_("1 bad signature\n") );
- else if( s->inv_sigs )
- tty_printf(_("%d bad signatures\n"), s->inv_sigs );
- if( s->no_key == 1 )
- tty_printf(_("1 signature not checked due to a missing key\n") );
- else if( s->no_key )
- tty_printf(_("%d signatures not checked due to missing keys\n"),s->no_key);
- if( s->oth_err == 1 )
- tty_printf(_("1 signature not checked due to an error\n") );
- else if( s->oth_err )
- tty_printf(_("%d signatures not checked due to errors\n"), s->oth_err );
+ if (s->inv_sigs == 1)
+ tty_printf (_("1 bad signature\n"));
+ else if (s->inv_sigs)
+ tty_printf (_("%d bad signatures\n"), s->inv_sigs);
+ if (s->no_key == 1)
+ tty_printf (_("1 signature not checked due to a missing key\n"));
+ else if (s->no_key)
+ tty_printf (_("%d signatures not checked due to missing keys\n"),
+ s->no_key);
+ if (s->oth_err == 1)
+ tty_printf (_("1 signature not checked due to an error\n"));
+ else if (s->oth_err)
+ tty_printf (_("%d signatures not checked due to errors\n"), s->oth_err);
}
static void
-list_all( int secret )
+list_all (int secret)
{
- KEYDB_HANDLE hd;
- KBNODE keyblock = NULL;
- int rc=0;
- const char *lastresname, *resname;
- struct sig_stats stats;
-
- memset(&stats,0,sizeof(stats));
-
- hd = keydb_new (secret);
- if (!hd)
- rc = G10ERR_GENERAL;
- else
- rc = keydb_search_first (hd);
- if( rc ) {
- if( rc != -1 )
- log_error("keydb_search_first failed: %s\n", g10_errstr(rc) );
- goto leave;
+ KEYDB_HANDLE hd;
+ KBNODE keyblock = NULL;
+ int rc = 0;
+ const char *lastresname, *resname;
+ struct sig_stats stats;
+
+ memset (&stats, 0, sizeof (stats));
+
+ hd = keydb_new (secret);
+ if (!hd)
+ rc = G10ERR_GENERAL;
+ else
+ rc = keydb_search_first (hd);
+ if (rc)
+ {
+ if (rc != -1)
+ log_error ("keydb_search_first failed: %s\n", g10_errstr (rc));
+ goto leave;
}
- lastresname = NULL;
- do {
- rc = keydb_get_keyblock (hd, &keyblock);
- if (rc) {
- log_error ("keydb_get_keyblock failed: %s\n", g10_errstr(rc));
- goto leave;
- }
- if(!opt.with_colons)
- {
- resname = keydb_get_resource_name (hd);
- if (lastresname != resname )
- {
- int i;
-
- printf("%s\n", resname );
- for(i=strlen(resname); i; i-- )
- putchar('-');
- putchar('\n');
- lastresname = resname;
- }
- }
- merge_keys_and_selfsig( keyblock );
- list_keyblock( keyblock, secret, opt.fingerprint,
- opt.check_sigs?&stats:NULL);
- release_kbnode( keyblock );
- keyblock = NULL;
- } while (!(rc = keydb_search_next (hd)));
- if( rc && rc != -1 )
- log_error ("keydb_search_next failed: %s\n", g10_errstr(rc));
-
- if(opt.check_sigs && !opt.with_colons)
- print_signature_stats(&stats);
-
- leave:
- release_kbnode (keyblock);
- keydb_release (hd);
+ lastresname = NULL;
+ do
+ {
+ rc = keydb_get_keyblock (hd, &keyblock);
+ if (rc)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", g10_errstr (rc));
+ goto leave;
+ }
+ if (!opt.with_colons)
+ {
+ resname = keydb_get_resource_name (hd);
+ if (lastresname != resname)
+ {
+ int i;
+
+ printf ("%s\n", resname);
+ for (i = strlen (resname); i; i--)
+ putchar ('-');
+ putchar ('\n');
+ lastresname = resname;
+ }
+ }
+ merge_keys_and_selfsig (keyblock);
+ list_keyblock (keyblock, secret, opt.fingerprint,
+ opt.check_sigs ? &stats : NULL);
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ }
+ while (!(rc = keydb_search_next (hd)));
+ if (rc && rc != -1)
+ log_error ("keydb_search_next failed: %s\n", g10_errstr (rc));
+
+ if (opt.check_sigs && !opt.with_colons)
+ print_signature_stats (&stats);
+
+leave:
+ release_kbnode (keyblock);
+ keydb_release (hd);
}
static void
-list_one( strlist_t names, int secret )
+list_one (strlist_t names, int secret)
{
- int rc = 0;
- KBNODE keyblock = NULL;
- GETKEY_CTX ctx;
- const char *resname;
- const char *keyring_str = _("Keyring");
- int i;
- struct sig_stats stats;
-
- memset(&stats,0,sizeof(stats));
-
- /* fixme: using the bynames function has the disadvantage that we
- * don't know wether one of the names given was not found. OTOH,
- * this function has the advantage to list the names in the
- * sequence as defined by the keyDB and does not duplicate
- * outputs. A solution could be do test whether all given have
- * been listed (this needs a way to use the keyDB search
- * functions) or to have the search function return indicators for
- * found names. Yet another way is to use the keydb search
- * facilities directly. */
- if( secret ) {
- rc = get_seckey_bynames( &ctx, NULL, names, &keyblock );
- if( rc ) {
- log_error("error reading key: %s\n", g10_errstr(rc) );
- get_seckey_end( ctx );
- return;
+ int rc = 0;
+ KBNODE keyblock = NULL;
+ GETKEY_CTX ctx;
+ const char *resname;
+ const char *keyring_str = _("Keyring");
+ int i;
+ struct sig_stats stats;
+
+ memset (&stats, 0, sizeof (stats));
+
+ /* fixme: using the bynames function has the disadvantage that we
+ * don't know wether one of the names given was not found. OTOH,
+ * this function has the advantage to list the names in the
+ * sequence as defined by the keyDB and does not duplicate
+ * outputs. A solution could be do test whether all given have
+ * been listed (this needs a way to use the keyDB search
+ * functions) or to have the search function return indicators for
+ * found names. Yet another way is to use the keydb search
+ * facilities directly. */
+ if (secret)
+ {
+ rc = get_seckey_bynames (&ctx, NULL, names, &keyblock);
+ if (rc)
+ {
+ log_error ("error reading key: %s\n", g10_errstr (rc));
+ get_seckey_end (ctx);
+ return;
}
- do {
- if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
- resname = keydb_get_resource_name (get_ctx_handle(ctx));
- printf("%s: %s\n", keyring_str, resname);
- for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
- putchar('-');
- putchar('\n');
+ do
+ {
+ if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
+ {
+ resname = keydb_get_resource_name (get_ctx_handle (ctx));
+ printf ("%s: %s\n", keyring_str, resname);
+ for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
+ putchar ('-');
+ putchar ('\n');
}
- list_keyblock( keyblock, 1, opt.fingerprint, NULL );
- release_kbnode( keyblock );
- } while( !get_seckey_next( ctx, NULL, &keyblock ) );
- get_seckey_end( ctx );
+ list_keyblock (keyblock, 1, opt.fingerprint, NULL);
+ release_kbnode (keyblock);
+ }
+ while (!get_seckey_next (ctx, NULL, &keyblock));
+ get_seckey_end (ctx);
}
- else {
- rc = get_pubkey_bynames( &ctx, NULL, names, &keyblock );
- if( rc ) {
- log_error("error reading key: %s\n", g10_errstr(rc) );
- get_pubkey_end( ctx );
- return;
+ else
+ {
+ rc = get_pubkey_bynames (&ctx, NULL, names, &keyblock);
+ if (rc)
+ {
+ log_error ("error reading key: %s\n", g10_errstr (rc));
+ get_pubkey_end (ctx);
+ return;
}
- do {
- if ((opt.list_options&LIST_SHOW_KEYRING) && !opt.with_colons) {
- resname = keydb_get_resource_name (get_ctx_handle(ctx));
- printf("%s: %s\n", keyring_str, resname);
- for(i = strlen(resname) + strlen(keyring_str) + 2; i; i-- )
- putchar('-');
- putchar('\n');
+ do
+ {
+ if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons)
+ {
+ resname = keydb_get_resource_name (get_ctx_handle (ctx));
+ printf ("%s: %s\n", keyring_str, resname);
+ for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--)
+ putchar ('-');
+ putchar ('\n');
}
- list_keyblock( keyblock, 0, opt.fingerprint,
- opt.check_sigs?&stats:NULL );
- release_kbnode( keyblock );
- } while( !get_pubkey_next( ctx, NULL, &keyblock ) );
- get_pubkey_end( ctx );
+ list_keyblock (keyblock, 0, opt.fingerprint,
+ opt.check_sigs ? &stats : NULL);
+ release_kbnode (keyblock);
+ }
+ while (!get_pubkey_next (ctx, NULL, &keyblock));
+ get_pubkey_end (ctx);
}
- if(opt.check_sigs && !opt.with_colons)
- print_signature_stats(&stats);
+ if (opt.check_sigs && !opt.with_colons)
+ print_signature_stats (&stats);
}
@@ -545,542 +565,578 @@ locate_one (strlist_t names)
KBNODE keyblock = NULL;
struct sig_stats stats;
- memset (&stats,0,sizeof(stats));
-
- for (sl=names; sl; sl = sl->next)
+ memset (&stats, 0, sizeof (stats));
+
+ for (sl = names; sl; sl = sl->next)
{
rc = get_pubkey_byname (&ctx, NULL, sl->d, &keyblock, NULL, 1, 0);
if (rc)
- {
- if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
- log_error ("error reading key: %s\n", g10_errstr(rc) );
+ {
+ if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY)
+ log_error ("error reading key: %s\n", g10_errstr (rc));
}
else
- {
- do
- {
- list_keyblock (keyblock, 0, opt.fingerprint,
- opt.check_sigs? &stats : NULL );
- release_kbnode (keyblock);
- }
- while ( ctx && !get_pubkey_next (ctx, NULL, &keyblock));
- get_pubkey_end (ctx);
- ctx = NULL;
- }
+ {
+ do
+ {
+ list_keyblock (keyblock, 0, opt.fingerprint,
+ opt.check_sigs ? &stats : NULL);
+ release_kbnode (keyblock);
+ }
+ while (ctx && !get_pubkey_next (ctx, NULL, &keyblock));
+ get_pubkey_end (ctx);
+ ctx = NULL;
+ }
}
-
+
if (opt.check_sigs && !opt.with_colons)
print_signature_stats (&stats);
}
static void
-print_key_data( PKT_public_key *pk )
+print_key_data (PKT_public_key * pk)
{
- int n = pk ? pubkey_get_npkey( pk->pubkey_algo ) : 0;
- int i;
-
- for(i=0; i < n; i++ ) {
- printf("pkd:%d:%u:", i, mpi_get_nbits( pk->pkey[i] ) );
- mpi_print(stdout, pk->pkey[i], 1 );
- putchar(':');
- putchar('\n');
+ int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0;
+ int i;
+
+ for (i = 0; i < n; i++)
+ {
+ printf ("pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i]));
+ mpi_print (stdout, pk->pkey[i], 1);
+ putchar (':');
+ putchar ('\n');
}
}
static void
-print_capabilities (PKT_public_key *pk, PKT_secret_key *sk, KBNODE keyblock)
+print_capabilities (PKT_public_key * pk, PKT_secret_key * sk, KBNODE keyblock)
{
- if(pk || (sk && sk->protect.s2k.mode!=1001))
+ if (pk || (sk && sk->protect.s2k.mode != 1001))
{
- unsigned int use = pk? pk->pubkey_usage : sk->pubkey_usage;
+ unsigned int use = pk ? pk->pubkey_usage : sk->pubkey_usage;
int c_printed = 0;
-
- if ( use & PUBKEY_USAGE_ENC )
- putchar ('e');
- if ( use & PUBKEY_USAGE_SIG )
+ if (use & PUBKEY_USAGE_ENC)
+ putchar ('e');
+
+ if (use & PUBKEY_USAGE_SIG)
{
putchar ('s');
- if( pk? pk->is_primary : sk->is_primary )
- {
- putchar ('c');
- /* The PUBKEY_USAGE_CERT flag was introduced later and
- we used to always print 'c' for a primary key. To
- avoid any regression here we better track whether we
- printed 'c' already. */
- c_printed = 1;
- }
+ if (pk ? pk->is_primary : sk->is_primary)
+ {
+ putchar ('c');
+ /* The PUBKEY_USAGE_CERT flag was introduced later and
+ we used to always print 'c' for a primary key. To
+ avoid any regression here we better track whether we
+ printed 'c' already. */
+ c_printed = 1;
+ }
}
- if ( (use & PUBKEY_USAGE_CERT) && !c_printed )
- putchar ('c');
+ if ((use & PUBKEY_USAGE_CERT) && !c_printed)
+ putchar ('c');
- if ( (use & PUBKEY_USAGE_AUTH) )
- putchar ('a');
+ if ((use & PUBKEY_USAGE_AUTH))
+ putchar ('a');
}
- if ( keyblock ) { /* figure out the usable capabilities */
- KBNODE k;
- int enc=0, sign=0, cert=0, auth=0, disabled=0;
-
- for (k=keyblock; k; k = k->next ) {
- if ( k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
- pk = k->pkt->pkt.public_key;
-
- if(pk->is_primary)
- disabled=pk_is_disabled(pk);
-
- if ( pk->is_valid && !pk->is_revoked && !pk->has_expired ) {
- if ( pk->pubkey_usage & PUBKEY_USAGE_ENC )
- enc = 1;
- if ( pk->pubkey_usage & PUBKEY_USAGE_SIG )
- {
- sign = 1;
- if(pk->is_primary)
- cert = 1;
- }
- if ( pk->pubkey_usage & PUBKEY_USAGE_CERT )
- cert = 1;
- if ( (pk->pubkey_usage & PUBKEY_USAGE_AUTH) )
- auth = 1;
- }
- }
- else if ( k->pkt->pkttype == PKT_SECRET_KEY
- || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- sk = k->pkt->pkt.secret_key;
- if ( sk->is_valid && !sk->is_revoked && !sk->has_expired
- && sk->protect.s2k.mode!=1001 ) {
- if ( sk->pubkey_usage & PUBKEY_USAGE_ENC )
- enc = 1;
- if ( sk->pubkey_usage & PUBKEY_USAGE_SIG )
- {
- sign = 1;
- if(sk->is_primary)
- cert = 1;
- }
- if ( (sk->pubkey_usage & PUBKEY_USAGE_CERT) )
- cert = 1;
- if ( (sk->pubkey_usage & PUBKEY_USAGE_AUTH) )
- auth = 1;
- }
- }
- }
- if (enc)
- putchar ('E');
- if (sign)
- putchar ('S');
- if (cert)
- putchar ('C');
- if (auth)
- putchar ('A');
- if (disabled)
- putchar ('D');
+ if (keyblock)
+ { /* figure out the usable capabilities */
+ KBNODE k;
+ int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0;
+
+ for (k = keyblock; k; k = k->next)
+ {
+ if (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ pk = k->pkt->pkt.public_key;
+
+ if (pk->is_primary)
+ disabled = pk_is_disabled (pk);
+
+ if (pk->is_valid && !pk->is_revoked && !pk->has_expired)
+ {
+ if (pk->pubkey_usage & PUBKEY_USAGE_ENC)
+ enc = 1;
+ if (pk->pubkey_usage & PUBKEY_USAGE_SIG)
+ {
+ sign = 1;
+ if (pk->is_primary)
+ cert = 1;
+ }
+ if (pk->pubkey_usage & PUBKEY_USAGE_CERT)
+ cert = 1;
+ if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ auth = 1;
+ }
+ }
+ else if (k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ sk = k->pkt->pkt.secret_key;
+ if (sk->is_valid && !sk->is_revoked && !sk->has_expired
+ && sk->protect.s2k.mode != 1001)
+ {
+ if (sk->pubkey_usage & PUBKEY_USAGE_ENC)
+ enc = 1;
+ if (sk->pubkey_usage & PUBKEY_USAGE_SIG)
+ {
+ sign = 1;
+ if (sk->is_primary)
+ cert = 1;
+ }
+ if ((sk->pubkey_usage & PUBKEY_USAGE_CERT))
+ cert = 1;
+ if ((sk->pubkey_usage & PUBKEY_USAGE_AUTH))
+ auth = 1;
+ }
+ }
+ }
+ if (enc)
+ putchar ('E');
+ if (sign)
+ putchar ('S');
+ if (cert)
+ putchar ('C');
+ if (auth)
+ putchar ('A');
+ if (disabled)
+ putchar ('D');
}
- putchar(':');
+ putchar (':');
}
-/* Flags = 0x01 hashed 0x02 critical */
+/* FLAGS: 0x01 hashed
+ 0x02 critical */
static void
-print_one_subpacket(sigsubpkttype_t type,size_t len,int flags,const byte *buf)
+print_one_subpacket (sigsubpkttype_t type, size_t len, int flags,
+ const byte * buf)
{
size_t i;
- printf("spk:%d:%u:%u:",type,flags,(unsigned int)len);
+ printf ("spk:%d:%u:%u:", type, flags, (unsigned int) len);
- for(i=0;i<len;i++)
+ for (i = 0; i < len; i++)
{
/* printable ascii other than : and % */
- if(buf[i]>=32 && buf[i]<=126 && buf[i]!=':' && buf[i]!='%')
- printf("%c",buf[i]);
+ if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%')
+ printf ("%c", buf[i]);
else
- printf("%%%02X",buf[i]);
+ printf ("%%%02X", buf[i]);
}
- printf("\n");
+ printf ("\n");
}
void
-print_subpackets_colon(PKT_signature *sig)
+print_subpackets_colon (PKT_signature * sig)
{
byte *i;
- assert(opt.show_subpackets);
+ assert (opt.show_subpackets);
- for(i=opt.show_subpackets;*i;i++)
+ for (i = opt.show_subpackets; *i; i++)
{
const byte *p;
size_t len;
- int seq,crit;
+ int seq, crit;
- seq=0;
+ seq = 0;
- while((p=enum_sig_subpkt(sig->hashed,*i,&len,&seq,&crit)))
- print_one_subpacket(*i,len,0x01|(crit?0x02:0),p);
+ while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit)))
+ print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p);
- seq=0;
+ seq = 0;
- while((p=enum_sig_subpkt(sig->unhashed,*i,&len,&seq,&crit)))
- print_one_subpacket(*i,len,0x00|(crit?0x02:0),p);
+ while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit)))
+ print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p);
}
}
void
-dump_attribs(const PKT_user_id *uid,PKT_public_key *pk,PKT_secret_key *sk)
+dump_attribs (const PKT_user_id * uid, PKT_public_key * pk,
+ PKT_secret_key * sk)
{
int i;
- if(!attrib_fp)
+ if (!attrib_fp)
return;
- for(i=0;i<uid->numattribs;i++)
+ for (i = 0; i < uid->numattribs; i++)
{
- if(is_status_enabled())
+ if (is_status_enabled ())
{
byte array[MAX_FINGERPRINT_LEN], *p;
- char buf[(MAX_FINGERPRINT_LEN*2)+90];
- size_t j,n;
+ char buf[(MAX_FINGERPRINT_LEN * 2) + 90];
+ size_t j, n;
- if(pk)
- fingerprint_from_pk( pk, array, &n );
- else if(sk)
- fingerprint_from_sk( sk, array, &n );
+ if (pk)
+ fingerprint_from_pk (pk, array, &n);
+ else if (sk)
+ fingerprint_from_sk (sk, array, &n);
else
- BUG();
+ BUG ();
p = array;
- for(j=0; j < n ; j++, p++ )
- sprintf(buf+2*j, "%02X", *p );
-
- sprintf(buf+strlen(buf)," %lu %u %u %u %lu %lu %u",
- (ulong)uid->attribs[i].len,uid->attribs[i].type,i+1,
- uid->numattribs,(ulong)uid->created,(ulong)uid->expiredate,
- ((uid->is_primary?0x01:0)|
- (uid->is_revoked?0x02:0)|
- (uid->is_expired?0x04:0)));
- write_status_text(STATUS_ATTRIBUTE,buf);
+ for (j = 0; j < n; j++, p++)
+ sprintf (buf + 2 * j, "%02X", *p);
+
+ sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u",
+ (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1,
+ uid->numattribs, (ulong) uid->created,
+ (ulong) uid->expiredate,
+ ((uid->is_primary ? 0x01 : 0) | (uid->
+ is_revoked ? 0x02 : 0) |
+ (uid->is_expired ? 0x04 : 0)));
+ write_status_text (STATUS_ATTRIBUTE, buf);
}
- fwrite(uid->attribs[i].data,uid->attribs[i].len,1,attrib_fp);
+ fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp);
fflush (attrib_fp);
}
}
static void
-list_keyblock_print ( KBNODE keyblock, int secret, int fpr, void *opaque )
+list_keyblock_print (KBNODE keyblock, int secret, int fpr, void *opaque)
{
- int rc = 0;
- KBNODE kbctx;
- KBNODE node;
- PKT_public_key *pk;
- PKT_secret_key *sk;
- struct sig_stats *stats=opaque;
- int skip_sigs=0;
-
- /* get the keyid from the keyblock */
- node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
- if( !node ) {
- log_error("Oops; key lost!\n");
- dump_kbnode( keyblock );
- return;
+ int rc = 0;
+ KBNODE kbctx;
+ KBNODE node;
+ PKT_public_key *pk;
+ PKT_secret_key *sk;
+ struct sig_stats *stats = opaque;
+ int skip_sigs = 0;
+
+ /* get the keyid from the keyblock */
+ node = find_kbnode (keyblock, secret ? PKT_SECRET_KEY : PKT_PUBLIC_KEY);
+ if (!node)
+ {
+ log_error ("Oops; key lost!\n");
+ dump_kbnode (keyblock);
+ return;
+ }
+
+ if (secret)
+ {
+ pk = NULL;
+ sk = node->pkt->pkt.secret_key;
+
+ printf ("sec%c %4u%c/%s %s", (sk->protect.s2k.mode == 1001) ? '#' :
+ (sk->protect.s2k.mode == 1002) ? '>' : ' ',
+ nbits_from_sk (sk), pubkey_letter (sk->pubkey_algo),
+ keystr_from_sk (sk), datestr_from_sk (sk));
+
+ if (sk->has_expired)
+ {
+ printf (" [");
+ printf (_("expired: %s"), expirestr_from_sk (sk));
+ printf ("]");
+ }
+ else if (sk->expiredate)
+ {
+ printf (" [");
+ printf (_("expires: %s"), expirestr_from_sk (sk));
+ printf ("]");
+ }
+
+ printf ("\n");
}
+ else
+ {
+ pk = node->pkt->pkt.public_key;
+ sk = NULL;
+
+ check_trustdb_stale ();
+
+ printf ("pub %4u%c/%s %s",
+ nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo),
+ keystr_from_pk (pk), datestr_from_pk (pk));
- if( secret )
- {
- pk = NULL;
- sk = node->pkt->pkt.secret_key;
-
- printf("sec%c %4u%c/%s %s",(sk->protect.s2k.mode==1001)?'#':
- (sk->protect.s2k.mode==1002)?'>':' ',
- nbits_from_sk( sk ),pubkey_letter( sk->pubkey_algo ),
- keystr_from_sk(sk),datestr_from_sk( sk ));
-
- if(sk->has_expired)
- {
- printf(" [");
- printf(_("expired: %s"),expirestr_from_sk(sk));
- printf("]");
- }
- else if(sk->expiredate )
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_sk(sk));
- printf("]");
- }
-
- printf("\n");
- }
- else
- {
- pk = node->pkt->pkt.public_key;
- sk = NULL;
-
- check_trustdb_stale();
-
- printf("pub %4u%c/%s %s",
- nbits_from_pk(pk),pubkey_letter(pk->pubkey_algo),
- keystr_from_pk(pk),datestr_from_pk( pk ));
-
- /* We didn't include this before in the key listing, but there
- is room in the new format, so why not? */
-
- if(pk->is_revoked)
- {
- printf(" [");
- printf(_("revoked: %s"),revokestr_from_pk(pk));
- printf("]");
- }
- else if(pk->has_expired)
- {
- printf(" [");
- printf(_("expired: %s"),expirestr_from_pk(pk));
- printf("]");
- }
- else if(pk->expiredate)
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_pk(pk));
- printf("]");
- }
+ /* We didn't include this before in the key listing, but there
+ is room in the new format, so why not? */
+
+ if (pk->is_revoked)
+ {
+ printf (" [");
+ printf (_("revoked: %s"), revokestr_from_pk (pk));
+ printf ("]");
+ }
+ else if (pk->has_expired)
+ {
+ printf (" [");
+ printf (_("expired: %s"), expirestr_from_pk (pk));
+ printf ("]");
+ }
+ else if (pk->expiredate)
+ {
+ printf (" [");
+ printf (_("expires: %s"), expirestr_from_pk (pk));
+ printf ("]");
+ }
#if 0
- /* I need to think about this some more. It's easy enough to
- include, but it looks sort of confusing in the
- listing... */
- if(opt.list_options&LIST_SHOW_VALIDITY)
- {
- int validity=get_validity(pk,NULL);
- printf(" [%s]",trust_value_to_string(validity));
- }
+ /* I need to think about this some more. It's easy enough to
+ include, but it looks sort of confusing in the
+ listing... */
+ if (opt.list_options & LIST_SHOW_VALIDITY)
+ {
+ int validity = get_validity (pk, NULL);
+ printf (" [%s]", trust_value_to_string (validity));
+ }
#endif
- printf("\n");
- }
-
- if( fpr )
- print_fingerprint( pk, sk, 0 );
- print_card_serialno (sk);
- if( opt.with_key_data )
- print_key_data( pk );
-
- for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
- if( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode ) {
- PKT_user_id *uid=node->pkt->pkt.user_id;
-
- if(pk && (uid->is_expired || uid->is_revoked)
- && !(opt.list_options&LIST_SHOW_UNUSABLE_UIDS))
- {
- skip_sigs=1;
- continue;
- }
- else
- skip_sigs=0;
-
- if(attrib_fp && uid->attrib_data!=NULL)
- dump_attribs(uid,pk,sk);
-
- if((uid->is_revoked || uid->is_expired)
- || ((opt.list_options&LIST_SHOW_UID_VALIDITY) && pk))
- {
- const char *validity;
- int indent;
-
- validity=uid_trust_string_fixed(pk,uid);
- indent=(keystrlen()+9)-atoi(uid_trust_string_fixed(NULL,NULL));
-
- if(indent<0 || indent>40)
- indent=0;
-
- printf("uid%*s%s ",indent,"",validity);
- }
- else
- printf("uid%*s", (int)keystrlen()+10,"");
-
- print_utf8_string( stdout, uid->name, uid->len );
- putchar('\n');
-
- if((opt.list_options&LIST_SHOW_PHOTOS) && uid->attribs!=NULL)
- show_photos(uid->attribs,uid->numattribs,pk,sk,uid);
- }
- else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
- {
- PKT_public_key *pk2 = node->pkt->pkt.public_key;
-
- if((pk2->is_revoked || pk2->has_expired)
- && !(opt.list_options&LIST_SHOW_UNUSABLE_SUBKEYS))
- {
- skip_sigs=1;
- continue;
- }
- else
- skip_sigs=0;
-
- printf("sub %4u%c/%s %s",
- nbits_from_pk( pk2 ),pubkey_letter( pk2->pubkey_algo ),
- keystr_from_pk(pk2),datestr_from_pk(pk2));
- if( pk2->is_revoked )
- {
- printf(" [");
- printf(_("revoked: %s"),revokestr_from_pk(pk2));
- printf("]");
- }
- else if( pk2->has_expired )
- {
- printf(" [");
- printf(_("expired: %s"),expirestr_from_pk(pk2));
- printf("]");
- }
- else if( pk2->expiredate )
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_pk(pk2));
- printf("]");
- }
- putchar('\n');
- if( fpr > 1 )
- print_fingerprint( pk2, NULL, 0 );
- if( opt.with_key_data )
- print_key_data( pk2 );
- }
- else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
- {
- PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
-
- printf("ssb%c %4u%c/%s %s",
- (sk2->protect.s2k.mode==1001)?'#':
- (sk2->protect.s2k.mode==1002)?'>':' ',
- nbits_from_sk( sk2 ),pubkey_letter( sk2->pubkey_algo ),
- keystr_from_sk(sk2),datestr_from_sk( sk2 ) );
- if( sk2->expiredate )
- {
- printf(" [");
- printf(_("expires: %s"),expirestr_from_sk(sk2));
- printf("]");
- }
- putchar('\n');
- if( fpr > 1 )
- {
- print_fingerprint( NULL, sk2, 0 );
- print_card_serialno (sk2);
- }
- }
- else if( opt.list_sigs
- && node->pkt->pkttype == PKT_SIGNATURE
- && !skip_sigs ) {
- PKT_signature *sig = node->pkt->pkt.signature;
- int sigrc;
- char *sigstr;
-
- if( stats ) {
- /*fflush(stdout);*/
- rc = check_key_signature( keyblock, node, NULL );
- switch( gpg_err_code (rc) ) {
- case 0: sigrc = '!'; break;
- case GPG_ERR_BAD_SIGNATURE:
- stats->inv_sigs++; sigrc = '-'; break;
- case GPG_ERR_NO_PUBKEY:
- case GPG_ERR_UNUSABLE_PUBKEY: stats->no_key++; continue;
- default: stats->oth_err++; sigrc = '%'; break;
- }
+ printf ("\n");
+ }
+
+ if (fpr)
+ print_fingerprint (pk, sk, 0);
+ print_card_serialno (sk);
+ if (opt.with_key_data)
+ print_key_data (pk);
- /* TODO: Make sure a cached sig record here still has
- the pk that issued it. See also
- keyedit.c:print_and_check_one_sig */
+ for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode)
+ {
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ if (pk && (uid->is_expired || uid->is_revoked)
+ && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS))
+ {
+ skip_sigs = 1;
+ continue;
}
- else {
- rc = 0;
- sigrc = ' ';
+ else
+ skip_sigs = 0;
+
+ if (attrib_fp && uid->attrib_data != NULL)
+ dump_attribs (uid, pk, sk);
+
+ if ((uid->is_revoked || uid->is_expired)
+ || ((opt.list_options & LIST_SHOW_UID_VALIDITY) && pk))
+ {
+ const char *validity;
+ int indent;
+
+ validity = uid_trust_string_fixed (pk, uid);
+ indent =
+ (keystrlen () + 9) -
+ atoi (uid_trust_string_fixed (NULL, NULL));
+
+ if (indent < 0 || indent > 40)
+ indent = 0;
+
+ printf ("uid%*s%s ", indent, "", validity);
}
+ else
+ printf ("uid%*s", (int) keystrlen () + 10, "");
- if( sig->sig_class == 0x20 || sig->sig_class == 0x28
- || sig->sig_class == 0x30 )
- sigstr = "rev";
- else if( (sig->sig_class&~3) == 0x10 )
- sigstr = "sig";
- else if( sig->sig_class == 0x18 )
- sigstr = "sig";
- else if( sig->sig_class == 0x1F )
- sigstr = "sig";
- else {
- printf("sig "
- "[unexpected signature class 0x%02x]\n",sig->sig_class );
- continue;
+ print_utf8_string (stdout, uid->name, uid->len);
+ putchar ('\n');
+
+ if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
+ show_photos (uid->attribs, uid->numattribs, pk, sk, uid);
+ }
+ else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ PKT_public_key *pk2 = node->pkt->pkt.public_key;
+
+ if ((pk2->is_revoked || pk2->has_expired)
+ && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
+ {
+ skip_sigs = 1;
+ continue;
}
+ else
+ skip_sigs = 0;
- fputs( sigstr, stdout );
- printf("%c%c %c%c%c%c%c%c %s %s",
- sigrc,(sig->sig_class-0x10>0 &&
- sig->sig_class-0x10<4)?'0'+sig->sig_class-0x10:' ',
- sig->flags.exportable?' ':'L',
- sig->flags.revocable?' ':'R',
- sig->flags.policy_url?'P':' ',
- sig->flags.notation?'N':' ',
- sig->flags.expired?'X':' ',
- (sig->trust_depth>9)?'T':
- (sig->trust_depth>0)?'0'+sig->trust_depth:' ',
- keystr(sig->keyid),datestr_from_sig(sig));
- if(opt.list_options&LIST_SHOW_SIG_EXPIRE)
- printf(" %s", expirestr_from_sig(sig));
- printf(" ");
- if( sigrc == '%' )
- printf("[%s] ", g10_errstr(rc) );
- else if( sigrc == '?' )
- ;
- else if ( !opt.fast_list_mode ) {
- size_t n;
- char *p = get_user_id( sig->keyid, &n );
- print_utf8_string( stdout, p, n );
- xfree(p);
+ printf ("sub %4u%c/%s %s",
+ nbits_from_pk (pk2), pubkey_letter (pk2->pubkey_algo),
+ keystr_from_pk (pk2), datestr_from_pk (pk2));
+ if (pk2->is_revoked)
+ {
+ printf (" [");
+ printf (_("revoked: %s"), revokestr_from_pk (pk2));
+ printf ("]");
+ }
+ else if (pk2->has_expired)
+ {
+ printf (" [");
+ printf (_("expired: %s"), expirestr_from_pk (pk2));
+ printf ("]");
+ }
+ else if (pk2->expiredate)
+ {
+ printf (" [");
+ printf (_("expires: %s"), expirestr_from_pk (pk2));
+ printf ("]");
}
- putchar('\n');
+ putchar ('\n');
+ if (fpr > 1)
+ print_fingerprint (pk2, NULL, 0);
+ if (opt.with_key_data)
+ print_key_data (pk2);
+ }
+ else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
+
+ printf ("ssb%c %4u%c/%s %s",
+ (sk2->protect.s2k.mode == 1001) ? '#' :
+ (sk2->protect.s2k.mode == 1002) ? '>' : ' ',
+ nbits_from_sk (sk2), pubkey_letter (sk2->pubkey_algo),
+ keystr_from_sk (sk2), datestr_from_sk (sk2));
+ if (sk2->expiredate)
+ {
+ printf (" [");
+ printf (_("expires: %s"), expirestr_from_sk (sk2));
+ printf ("]");
+ }
+ putchar ('\n');
+ if (fpr > 1)
+ {
+ print_fingerprint (NULL, sk2, 0);
+ print_card_serialno (sk2);
+ }
+ }
+ else if (opt.list_sigs
+ && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int sigrc;
+ char *sigstr;
- if(sig->flags.policy_url
- && (opt.list_options&LIST_SHOW_POLICY_URLS))
- show_policy_url(sig,3,0);
+ if (stats)
+ {
+ rc = check_key_signature (keyblock, node, NULL);
+ switch (gpg_err_code (rc))
+ {
+ case 0:
+ sigrc = '!';
+ break;
+ case GPG_ERR_BAD_SIGNATURE:
+ stats->inv_sigs++;
+ sigrc = '-';
+ break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY:
+ stats->no_key++;
+ continue;
+ default:
+ stats->oth_err++;
+ sigrc = '%';
+ break;
+ }
- if(sig->flags.notation && (opt.list_options&LIST_SHOW_NOTATIONS))
- show_notation(sig,3,0,
- ((opt.list_options&LIST_SHOW_STD_NOTATIONS)?1:0)+
- ((opt.list_options&LIST_SHOW_USER_NOTATIONS)?2:0));
+ /* TODO: Make sure a cached sig record here still has
+ the pk that issued it. See also
+ keyedit.c:print_and_check_one_sig */
+ }
+ else
+ {
+ rc = 0;
+ sigrc = ' ';
+ }
- if(sig->flags.pref_ks
- && (opt.list_options&LIST_SHOW_KEYSERVER_URLS))
- show_keyserver_url(sig,3,0);
+ if (sig->sig_class == 0x20 || sig->sig_class == 0x28
+ || sig->sig_class == 0x30)
+ sigstr = "rev";
+ else if ((sig->sig_class & ~3) == 0x10)
+ sigstr = "sig";
+ else if (sig->sig_class == 0x18)
+ sigstr = "sig";
+ else if (sig->sig_class == 0x1F)
+ sigstr = "sig";
+ else
+ {
+ printf ("sig "
+ "[unexpected signature class 0x%02x]\n",
+ sig->sig_class);
+ continue;
+ }
- /* fixme: check or list other sigs here */
+ fputs (sigstr, stdout);
+ printf ("%c%c %c%c%c%c%c%c %s %s",
+ sigrc, (sig->sig_class - 0x10 > 0 &&
+ sig->sig_class - 0x10 <
+ 4) ? '0' + sig->sig_class - 0x10 : ' ',
+ sig->flags.exportable ? ' ' : 'L',
+ sig->flags.revocable ? ' ' : 'R',
+ sig->flags.policy_url ? 'P' : ' ',
+ sig->flags.notation ? 'N' : ' ',
+ sig->flags.expired ? 'X' : ' ',
+ (sig->trust_depth > 9) ? 'T' : (sig->trust_depth >
+ 0) ? '0' +
+ sig->trust_depth : ' ', keystr (sig->keyid),
+ datestr_from_sig (sig));
+ if (opt.list_options & LIST_SHOW_SIG_EXPIRE)
+ printf (" %s", expirestr_from_sig (sig));
+ printf (" ");
+ if (sigrc == '%')
+ printf ("[%s] ", g10_errstr (rc));
+ else if (sigrc == '?')
+ ;
+ else if (!opt.fast_list_mode)
+ {
+ size_t n;
+ char *p = get_user_id (sig->keyid, &n);
+ print_utf8_string (stdout, p, n);
+ xfree (p);
+ }
+ putchar ('\n');
+
+ if (sig->flags.policy_url
+ && (opt.list_options & LIST_SHOW_POLICY_URLS))
+ show_policy_url (sig, 3, 0);
+
+ if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS))
+ show_notation (sig, 3, 0,
+ ((opt.
+ list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0)
+ +
+ ((opt.
+ list_options & LIST_SHOW_USER_NOTATIONS) ? 2 :
+ 0));
+
+ if (sig->flags.pref_ks
+ && (opt.list_options & LIST_SHOW_KEYSERVER_URLS))
+ show_keyserver_url (sig, 3, 0);
+
+ /* fixme: check or list other sigs here */
}
}
- putchar('\n');
+ putchar ('\n');
}
void
-print_revokers(PKT_public_key *pk)
+print_revokers (PKT_public_key * pk)
{
/* print the revoker record */
- if( !pk->revkey && pk->numrevkeys )
- BUG();
+ if (!pk->revkey && pk->numrevkeys)
+ BUG ();
else
{
- int i,j;
+ int i, j;
- for (i=0; i < pk->numrevkeys; i++)
+ for (i = 0; i < pk->numrevkeys; i++)
{
byte *p;
printf ("rvk:::%d::::::", pk->revkey[i].algid);
p = pk->revkey[i].fpr;
- for (j=0; j < 20; j++, p++ )
+ for (j = 0; j < 20; j++, p++)
printf ("%02X", *p);
printf (":%02x%s:\n", pk->revkey[i].class,
- (pk->revkey[i].class&0x40)?"s":"");
+ (pk->revkey[i].class & 0x40) ? "s" : "");
}
}
}
static void
-list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
+list_keyblock_colon (KBNODE keyblock, int secret, int fpr)
{
int rc = 0;
KBNODE kbctx;
@@ -1093,57 +1149,55 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
int i;
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
- if ( !node )
+ node = find_kbnode (keyblock, secret ? PKT_SECRET_KEY : PKT_PUBLIC_KEY);
+ if (!node)
{
- log_error("Oops; key lost!\n");
- dump_kbnode( keyblock );
+ log_error ("Oops; key lost!\n");
+ dump_kbnode (keyblock);
return;
}
- if ( secret )
+ if (secret)
{
pk = NULL;
sk = node->pkt->pkt.secret_key;
- keyid_from_sk ( sk, keyid );
+ keyid_from_sk (sk, keyid);
printf ("sec::%u:%d:%08lX%08lX:%s:%s:::",
- nbits_from_sk( sk ),
- sk->pubkey_algo,
- (ulong)keyid[0],(ulong)keyid[1],
- colon_datestr_from_sk( sk ),
- colon_strtime (sk->expiredate)
- /* fixme: add LID here */ );
+ nbits_from_sk (sk),
+ sk->pubkey_algo,
+ (ulong) keyid[0], (ulong) keyid[1],
+ colon_datestr_from_sk (sk), colon_strtime (sk->expiredate)
+ /* fixme: add LID here */ );
}
else
{
pk = node->pkt->pkt.public_key;
sk = NULL;
- keyid_from_pk( pk, keyid );
- fputs( "pub:", stdout );
- if ( !pk->is_valid )
- putchar ('i');
- else if ( pk->is_revoked )
- putchar ('r');
- else if ( pk->has_expired )
- putchar ('e');
- else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
- ;
- else
- {
- trustletter = get_validity_info ( pk, NULL );
- if ( trustletter == 'u' )
- ulti_hack = 1;
- putchar(trustletter);
- }
+ keyid_from_pk (pk, keyid);
+ fputs ("pub:", stdout);
+ if (!pk->is_valid)
+ putchar ('i');
+ else if (pk->is_revoked)
+ putchar ('r');
+ else if (pk->has_expired)
+ putchar ('e');
+ else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
+ ;
+ else
+ {
+ trustletter = get_validity_info (pk, NULL);
+ if (trustletter == 'u')
+ ulti_hack = 1;
+ putchar (trustletter);
+ }
printf (":%u:%d:%08lX%08lX:%s:%s::",
- nbits_from_pk( pk ),
- pk->pubkey_algo,
- (ulong)keyid[0],(ulong)keyid[1],
- colon_datestr_from_pk( pk ),
- colon_strtime (pk->expiredate) );
- if ( !opt.fast_list_mode && !opt.no_expensive_trust_checks )
- putchar( get_ownertrust_info(pk) );
- putchar(':');
+ nbits_from_pk (pk),
+ pk->pubkey_algo,
+ (ulong) keyid[0], (ulong) keyid[1],
+ colon_datestr_from_pk (pk), colon_strtime (pk->expiredate));
+ if (!opt.fast_list_mode && !opt.no_expensive_trust_checks)
+ putchar (get_ownertrust_info (pk));
+ putchar (':');
}
putchar (':');
@@ -1151,21 +1205,21 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_capabilities (pk, sk, keyblock);
if (secret)
{
- putchar (':'); /* End of field 13. */
- putchar (':'); /* End of field 14. */
+ putchar (':'); /* End of field 13. */
+ putchar (':'); /* End of field 14. */
if (sk->protect.s2k.mode == 1001)
- putchar ('#'); /* Key is just a stub. */
+ putchar ('#'); /* Key is just a stub. */
else if (sk->protect.s2k.mode == 1002)
- {
- /* Key is stored on an external token (card) or handled by
- the gpg-agent. Print the serial number of that token
- here. */
- for (i=0; i < sk->protect.ivlen; i++)
- printf ("%02X", sk->protect.iv[i]);
- }
- putchar (':'); /* End of field 15. */
+ {
+ /* Key is stored on an external token (card) or handled by
+ the gpg-agent. Print the serial number of that token
+ here. */
+ for (i = 0; i < sk->protect.ivlen; i++)
+ printf ("%02X", sk->protect.iv[i]);
+ }
+ putchar (':'); /* End of field 15. */
}
- putchar('\n');
+ putchar ('\n');
if (pk)
print_revokers (pk);
if (fpr)
@@ -1174,231 +1228,238 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
print_key_data (pk);
- for ( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; )
+ for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));)
{
- if ( node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode )
- {
- char *str;
- PKT_user_id *uid=node->pkt->pkt.user_id;
-
- if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
- dump_attribs (node->pkt->pkt.user_id,pk,sk);
- /*
- * Fixme: We need a is_valid flag here too
- */
- str = uid->attrib_data? "uat":"uid";
- /* If we're listing a secret key, leave out the validity
- values for now. This is handled better in 1.9. */
- if (sk)
- printf ("%s:::::",str);
- else if ( uid->is_revoked )
- printf ("%s:r::::",str);
- else if ( uid->is_expired )
- printf ("%s:e::::",str);
- else if ( opt.no_expensive_trust_checks )
- printf ("%s:::::",str);
- else
- {
- int uid_validity;
-
- if ( pk && !ulti_hack )
- uid_validity=get_validity_info (pk, uid);
- else
- uid_validity = 'u';
- printf ("%s:%c::::",str,uid_validity);
- }
-
- printf ("%s:", colon_strtime (uid->created));
- printf ("%s:", colon_strtime (uid->expiredate));
-
- namehash_from_uid (uid);
-
- for (i=0; i < 20; i++ )
- printf ("%02X",uid->namehash[i]);
-
- printf ("::");
-
- if (uid->attrib_data)
- printf ("%u %lu",uid->numattribs,uid->attrib_len);
- else
- print_string (stdout,uid->name,uid->len, ':' );
- putchar (':');
- putchar ('\n');
- }
- else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
- {
- u32 keyid2[2];
- PKT_public_key *pk2 = node->pkt->pkt.public_key;
-
- keyid_from_pk ( pk2, keyid2 );
- fputs ("sub:", stdout );
- if ( !pk2->is_valid )
- putchar ('i');
- else if ( pk2->is_revoked )
- putchar ('r');
- else if ( pk2->has_expired )
- putchar ('e');
- else if ( opt.fast_list_mode || opt.no_expensive_trust_checks )
- ;
- else
- {
- /* TRUSTLETTER should always be defined here. */
- if (trustletter)
- printf ("%c", trustletter );
- }
- printf(":%u:%d:%08lX%08lX:%s:%s:::::",
- nbits_from_pk( pk2 ),
- pk2->pubkey_algo,
- (ulong)keyid2[0],(ulong)keyid2[1],
- colon_datestr_from_pk( pk2 ),
- colon_strtime (pk2->expiredate)
- /* fixme: add LID and ownertrust here */
- );
- print_capabilities (pk2, NULL, NULL);
- putchar ('\n');
- if ( fpr > 1 )
- print_fingerprint ( pk2, NULL, 0 );
- if ( opt.with_key_data )
- print_key_data( pk2 );
- }
- else if( node->pkt->pkttype == PKT_SECRET_SUBKEY )
- {
- u32 keyid2[2];
- PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
-
- keyid_from_sk ( sk2, keyid2 );
- printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
- nbits_from_sk( sk2 ),
- sk2->pubkey_algo,
- (ulong)keyid2[0],(ulong)keyid2[1],
- colon_datestr_from_sk( sk2 ),
- colon_strtime (sk2->expiredate)
- /* fixme: add LID */ );
- print_capabilities (NULL, sk2, NULL);
- putchar(':'); /* End of field 13. */
- putchar(':'); /* End of field 14. */
- if (sk2->protect.s2k.mode == 1001)
- putchar ('#'); /* Key is just a stub. */
- else if (sk2->protect.s2k.mode == 1002)
- {
- /* Key is stored on an external token (card) or handled by
- the gpg-agent. Print the serial number of that token
- here. */
- for (i=0; i < sk2->protect.ivlen; i++)
- printf ("%02X", sk2->protect.iv[i]);
- }
- putchar(':'); /* End of field 15. */
- putchar ('\n');
-
- if ( fpr > 1 )
- print_fingerprint ( NULL, sk2, 0 );
- }
- else if ( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE )
- {
- PKT_signature *sig = node->pkt->pkt.signature;
- int sigrc,fprokay=0;
- char *sigstr;
- size_t fplen;
- byte fparray[MAX_FINGERPRINT_LEN];
-
- if ( sig->sig_class == 0x20 || sig->sig_class == 0x28
- || sig->sig_class == 0x30 )
- sigstr = "rev";
- else if ( (sig->sig_class&~3) == 0x10 )
- sigstr = "sig";
- else if ( sig->sig_class == 0x18 )
- sigstr = "sig";
- else if ( sig->sig_class == 0x1F )
- sigstr = "sig";
- else
- {
- printf ("sig::::::::::%02x%c:\n",
- sig->sig_class, sig->flags.exportable?'x':'l');
- continue;
- }
-
- if ( opt.check_sigs )
- {
- PKT_public_key *signer_pk=NULL;
-
- fflush (stdout);
- if (opt.no_sig_cache)
- signer_pk = xmalloc_clear (sizeof(PKT_public_key));
-
- rc = check_key_signature2 ( keyblock, node, NULL, signer_pk,
- NULL, NULL, NULL );
- switch ( gpg_err_code (rc) )
- {
- case 0: sigrc = '!'; break;
- case GPG_ERR_BAD_SIGNATURE: sigrc = '-'; break;
- case GPG_ERR_NO_PUBKEY:
- case GPG_ERR_UNUSABLE_PUBKEY: sigrc = '?'; break;
- default: sigrc = '%'; break;
- }
-
- if (opt.no_sig_cache)
- {
- if (!rc)
- {
- fingerprint_from_pk (signer_pk, fparray, &fplen);
- fprokay = 1;
- }
- free_public_key(signer_pk);
- }
- }
- else
- {
- rc = 0;
- sigrc = ' ';
- }
- fputs ( sigstr, stdout );
- putchar (':');
- if ( sigrc != ' ' )
- putchar (sigrc);
- printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
- (ulong)sig->keyid[0], (ulong)sig->keyid[1],
- colon_datestr_from_sig(sig),
- colon_expirestr_from_sig(sig));
-
- if (sig->trust_depth || sig->trust_value)
- printf("%d %d",sig->trust_depth,sig->trust_value);
- printf (":");
-
- if (sig->trust_regexp)
- print_string (stdout,sig->trust_regexp,
- strlen(sig->trust_regexp),':');
- printf(":");
-
- if ( sigrc == '%' )
- printf("[%s] ", g10_errstr(rc) );
- else if ( sigrc == '?' )
- ;
- else if ( !opt.fast_list_mode )
- {
- size_t n;
- char *p = get_user_id( sig->keyid, &n );
- print_string( stdout, p, n, ':' );
- xfree(p);
- }
- printf (":%02x%c:", sig->sig_class,sig->flags.exportable?'x':'l');
-
- if (opt.no_sig_cache && opt.check_sigs && fprokay)
- {
- putchar (':');
-
- for (i=0; i < fplen ; i++ )
- printf ("%02X", fparray[i] );
-
- putchar (':');
- }
-
- printf ("\n");
-
- if (opt.show_subpackets)
- print_subpackets_colon (sig);
-
- /* fixme: check or list other sigs here */
- }
+ if (node->pkt->pkttype == PKT_USER_ID && !opt.fast_list_mode)
+ {
+ char *str;
+ PKT_user_id *uid = node->pkt->pkt.user_id;
+
+ if (attrib_fp && node->pkt->pkt.user_id->attrib_data != NULL)
+ dump_attribs (node->pkt->pkt.user_id, pk, sk);
+ /*
+ * Fixme: We need a is_valid flag here too
+ */
+ str = uid->attrib_data ? "uat" : "uid";
+ /* If we're listing a secret key, leave out the validity
+ values for now. This is handled better in 1.9. */
+ if (sk)
+ printf ("%s:::::", str);
+ else if (uid->is_revoked)
+ printf ("%s:r::::", str);
+ else if (uid->is_expired)
+ printf ("%s:e::::", str);
+ else if (opt.no_expensive_trust_checks)
+ printf ("%s:::::", str);
+ else
+ {
+ int uid_validity;
+
+ if (pk && !ulti_hack)
+ uid_validity = get_validity_info (pk, uid);
+ else
+ uid_validity = 'u';
+ printf ("%s:%c::::", str, uid_validity);
+ }
+
+ printf ("%s:", colon_strtime (uid->created));
+ printf ("%s:", colon_strtime (uid->expiredate));
+
+ namehash_from_uid (uid);
+
+ for (i = 0; i < 20; i++)
+ printf ("%02X", uid->namehash[i]);
+
+ printf ("::");
+
+ if (uid->attrib_data)
+ printf ("%u %lu", uid->numattribs, uid->attrib_len);
+ else
+ print_string (stdout, uid->name, uid->len, ':');
+ putchar (':');
+ putchar ('\n');
+ }
+ else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
+ {
+ u32 keyid2[2];
+ PKT_public_key *pk2 = node->pkt->pkt.public_key;
+
+ keyid_from_pk (pk2, keyid2);
+ fputs ("sub:", stdout);
+ if (!pk2->is_valid)
+ putchar ('i');
+ else if (pk2->is_revoked)
+ putchar ('r');
+ else if (pk2->has_expired)
+ putchar ('e');
+ else if (opt.fast_list_mode || opt.no_expensive_trust_checks)
+ ;
+ else
+ {
+ /* TRUSTLETTER should always be defined here. */
+ if (trustletter)
+ printf ("%c", trustletter);
+ }
+ printf (":%u:%d:%08lX%08lX:%s:%s:::::",
+ nbits_from_pk (pk2),
+ pk2->pubkey_algo,
+ (ulong) keyid2[0], (ulong) keyid2[1],
+ colon_datestr_from_pk (pk2), colon_strtime (pk2->expiredate)
+ /* fixme: add LID and ownertrust here */
+ );
+ print_capabilities (pk2, NULL, NULL);
+ putchar ('\n');
+ if (fpr > 1)
+ print_fingerprint (pk2, NULL, 0);
+ if (opt.with_key_data)
+ print_key_data (pk2);
+ }
+ else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ u32 keyid2[2];
+ PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
+
+ keyid_from_sk (sk2, keyid2);
+ printf ("ssb::%u:%d:%08lX%08lX:%s:%s:::::",
+ nbits_from_sk (sk2),
+ sk2->pubkey_algo,
+ (ulong) keyid2[0], (ulong) keyid2[1],
+ colon_datestr_from_sk (sk2), colon_strtime (sk2->expiredate)
+ /* fixme: add LID */ );
+ print_capabilities (NULL, sk2, NULL);
+ putchar (':'); /* End of field 13. */
+ putchar (':'); /* End of field 14. */
+ if (sk2->protect.s2k.mode == 1001)
+ putchar ('#'); /* Key is just a stub. */
+ else if (sk2->protect.s2k.mode == 1002)
+ {
+ /* Key is stored on an external token (card) or handled by
+ the gpg-agent. Print the serial number of that token
+ here. */
+ for (i = 0; i < sk2->protect.ivlen; i++)
+ printf ("%02X", sk2->protect.iv[i]);
+ }
+ putchar (':'); /* End of field 15. */
+ putchar ('\n');
+
+ if (fpr > 1)
+ print_fingerprint (NULL, sk2, 0);
+ }
+ else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE)
+ {
+ PKT_signature *sig = node->pkt->pkt.signature;
+ int sigrc, fprokay = 0;
+ char *sigstr;
+ size_t fplen;
+ byte fparray[MAX_FINGERPRINT_LEN];
+
+ if (sig->sig_class == 0x20 || sig->sig_class == 0x28
+ || sig->sig_class == 0x30)
+ sigstr = "rev";
+ else if ((sig->sig_class & ~3) == 0x10)
+ sigstr = "sig";
+ else if (sig->sig_class == 0x18)
+ sigstr = "sig";
+ else if (sig->sig_class == 0x1F)
+ sigstr = "sig";
+ else
+ {
+ printf ("sig::::::::::%02x%c:\n",
+ sig->sig_class, sig->flags.exportable ? 'x' : 'l');
+ continue;
+ }
+
+ if (opt.check_sigs)
+ {
+ PKT_public_key *signer_pk = NULL;
+
+ fflush (stdout);
+ if (opt.no_sig_cache)
+ signer_pk = xmalloc_clear (sizeof (PKT_public_key));
+
+ rc = check_key_signature2 (keyblock, node, NULL, signer_pk,
+ NULL, NULL, NULL);
+ switch (gpg_err_code (rc))
+ {
+ case 0:
+ sigrc = '!';
+ break;
+ case GPG_ERR_BAD_SIGNATURE:
+ sigrc = '-';
+ break;
+ case GPG_ERR_NO_PUBKEY:
+ case GPG_ERR_UNUSABLE_PUBKEY:
+ sigrc = '?';
+ break;
+ default:
+ sigrc = '%';
+ break;
+ }
+
+ if (opt.no_sig_cache)
+ {
+ if (!rc)
+ {
+ fingerprint_from_pk (signer_pk, fparray, &fplen);
+ fprokay = 1;
+ }
+ free_public_key (signer_pk);
+ }
+ }
+ else
+ {
+ rc = 0;
+ sigrc = ' ';
+ }
+ fputs (sigstr, stdout);
+ putchar (':');
+ if (sigrc != ' ')
+ putchar (sigrc);
+ printf ("::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo,
+ (ulong) sig->keyid[0], (ulong) sig->keyid[1],
+ colon_datestr_from_sig (sig),
+ colon_expirestr_from_sig (sig));
+
+ if (sig->trust_depth || sig->trust_value)
+ printf ("%d %d", sig->trust_depth, sig->trust_value);
+ printf (":");
+
+ if (sig->trust_regexp)
+ print_string (stdout, sig->trust_regexp,
+ strlen (sig->trust_regexp), ':');
+ printf (":");
+
+ if (sigrc == '%')
+ printf ("[%s] ", g10_errstr (rc));
+ else if (sigrc == '?')
+ ;
+ else if (!opt.fast_list_mode)
+ {
+ size_t n;
+ char *p = get_user_id (sig->keyid, &n);
+ print_string (stdout, p, n, ':');
+ xfree (p);
+ }
+ printf (":%02x%c:", sig->sig_class,
+ sig->flags.exportable ? 'x' : 'l');
+
+ if (opt.no_sig_cache && opt.check_sigs && fprokay)
+ {
+ putchar (':');
+
+ for (i = 0; i < fplen; i++)
+ printf ("%02X", fparray[i]);
+
+ putchar (':');
+ }
+
+ printf ("\n");
+
+ if (opt.show_subpackets)
+ print_subpackets_colon (sig);
+
+ /* fixme: check or list other sigs here */
+ }
}
}
@@ -1407,60 +1468,65 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
* packet) comes first. Fixme: Replace this by a generic sort
* function. */
static void
-do_reorder_keyblock (KBNODE keyblock,int attr)
+do_reorder_keyblock (KBNODE keyblock, int attr)
{
- KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
- KBNODE last, node;
-
- for (node=keyblock; node; primary0=node, node = node->next) {
- if( node->pkt->pkttype == PKT_USER_ID &&
- ((attr && node->pkt->pkt.user_id->attrib_data) ||
- (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
- node->pkt->pkt.user_id->is_primary ) {
- primary = primary2 = node;
- for (node=node->next; node; primary2=node, node = node->next ) {
- if( node->pkt->pkttype == PKT_USER_ID
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
- || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- break;
- }
- }
- break;
- }
+ KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;
+ KBNODE last, node;
+
+ for (node = keyblock; node; primary0 = node, node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID &&
+ ((attr && node->pkt->pkt.user_id->attrib_data) ||
+ (!attr && !node->pkt->pkt.user_id->attrib_data)) &&
+ node->pkt->pkt.user_id->is_primary)
+ {
+ primary = primary2 = node;
+ for (node = node->next; node; primary2 = node, node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY)
+ {
+ break;
+ }
+ }
+ break;
+ }
}
- if ( !primary )
- return; /* no primary key flag found (should not happen) */
+ if (!primary)
+ return; /* No primary key flag found (should not happen). */
- for (last=NULL, node=keyblock; node; last = node, node = node->next) {
- if( node->pkt->pkttype == PKT_USER_ID )
- break;
+ for (last = NULL, node = keyblock; node; last = node, node = node->next)
+ {
+ if (node->pkt->pkttype == PKT_USER_ID)
+ break;
}
- assert (node);
- assert (last); /* the user ID is never the first packet */
- assert (primary0); /* ditto (this is the node before primary) */
- if ( node == primary )
- return; /* already the first one */
-
- last->next = primary;
- primary0->next = primary2->next;
- primary2->next = node;
+ assert (node);
+ assert (last); /* The user ID is never the first packet. */
+ assert (primary0); /* Ditto (this is the node before primary). */
+ if (node == primary)
+ return; /* Already the first one. */
+
+ last->next = primary;
+ primary0->next = primary2->next;
+ primary2->next = node;
}
void
reorder_keyblock (KBNODE keyblock)
{
- do_reorder_keyblock(keyblock,1);
- do_reorder_keyblock(keyblock,0);
+ do_reorder_keyblock (keyblock, 1);
+ do_reorder_keyblock (keyblock, 0);
}
void
-list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
+list_keyblock (KBNODE keyblock, int secret, int fpr, void *opaque)
{
- reorder_keyblock (keyblock);
- if (opt.with_colons)
- list_keyblock_colon (keyblock, secret, fpr );
- else
- list_keyblock_print (keyblock, secret, fpr, opaque );
+ reorder_keyblock (keyblock);
+ if (opt.with_colons)
+ list_keyblock_colon (keyblock, secret, fpr);
+ else
+ list_keyblock_print (keyblock, secret, fpr, opaque);
}
/*
@@ -1472,137 +1538,153 @@ list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque )
* modes 1 and 2 will try and print both subkey and primary key fingerprints
*/
void
-print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode )
+print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
{
- byte array[MAX_FINGERPRINT_LEN], *p;
- size_t i, n;
- FILE *fp;
- const char *text;
- int primary=0;
-
- if(sk)
- {
- if(sk->main_keyid[0]==sk->keyid[0] && sk->main_keyid[1]==sk->keyid[1])
- primary=1;
- }
- else
- {
- if(pk->main_keyid[0]==pk->keyid[0] && pk->main_keyid[1]==pk->keyid[1])
- primary=1;
- }
-
- /* Just to be safe */
- if(mode&0x80 && !primary)
- {
- log_error("primary key is not really primary!\n");
- return;
- }
-
- mode&=~0x80;
-
- if(!primary && (mode==1 || mode==2))
- {
- if(sk)
- {
- PKT_secret_key *primary_sk=xmalloc_clear(sizeof(*primary_sk));
- get_seckey(primary_sk,sk->main_keyid);
- print_fingerprint(NULL,primary_sk,mode|0x80);
- free_secret_key(primary_sk);
- }
- else
- {
- PKT_public_key *primary_pk=xmalloc_clear(sizeof(*primary_pk));
- get_pubkey(primary_pk,pk->main_keyid);
- print_fingerprint(primary_pk,NULL,mode|0x80);
- free_public_key(primary_pk);
- }
- }
-
- if (mode == 1) {
- fp = log_get_stream ();
- if(primary)
- text = _("Primary key fingerprint:");
- else
- text = _(" Subkey fingerprint:");
+ byte array[MAX_FINGERPRINT_LEN], *p;
+ size_t i, n;
+ FILE *fp;
+ const char *text;
+ int primary = 0;
+
+ if (sk)
+ {
+ if (sk->main_keyid[0] == sk->keyid[0]
+ && sk->main_keyid[1] == sk->keyid[1])
+ primary = 1;
+ }
+ else
+ {
+ if (pk->main_keyid[0] == pk->keyid[0]
+ && pk->main_keyid[1] == pk->keyid[1])
+ primary = 1;
+ }
+
+ /* Just to be safe */
+ if (mode & 0x80 && !primary)
+ {
+ log_error ("primary key is not really primary!\n");
+ return;
+ }
+
+ mode &= ~0x80;
+
+ if (!primary && (mode == 1 || mode == 2))
+ {
+ if (sk)
+ {
+ PKT_secret_key *primary_sk = xmalloc_clear (sizeof (*primary_sk));
+ get_seckey (primary_sk, sk->main_keyid);
+ print_fingerprint (NULL, primary_sk, mode | 0x80);
+ free_secret_key (primary_sk);
+ }
+ else
+ {
+ PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
+ get_pubkey (primary_pk, pk->main_keyid);
+ print_fingerprint (primary_pk, NULL, mode | 0x80);
+ free_public_key (primary_pk);
+ }
}
- else if (mode == 2) {
- fp = NULL; /* use tty */
- if(primary)
- /* TRANSLATORS: this should fit into 24 bytes to that the
- * fingerprint data is properly aligned with the user ID */
- text = _(" Primary key fingerprint:");
- else
- text = _(" Subkey fingerprint:");
+
+ if (mode == 1)
+ {
+ fp = log_get_stream ();
+ if (primary)
+ text = _("Primary key fingerprint:");
+ else
+ text = _(" Subkey fingerprint:");
+ }
+ else if (mode == 2)
+ {
+ fp = NULL; /* Use tty. */
+ if (primary)
+ /* TRANSLATORS: this should fit into 24 bytes to that the
+ * fingerprint data is properly aligned with the user ID */
+ text = _(" Primary key fingerprint:");
+ else
+ text = _(" Subkey fingerprint:");
}
- else if (mode == 3) {
- fp = NULL; /* use tty */
- text = _(" Key fingerprint =");
+ else if (mode == 3)
+ {
+ fp = NULL; /* Use tty. */
+ text = _(" Key fingerprint =");
}
- else {
- fp = stdout;
- text = _(" Key fingerprint =");
+ else
+ {
+ fp = stdout;
+ text = _(" Key fingerprint =");
}
-
- if (sk)
- fingerprint_from_sk (sk, array, &n);
- else
- fingerprint_from_pk (pk, array, &n);
- p = array;
- if (opt.with_colons && !mode) {
- fprintf (fp, "fpr:::::::::");
- for (i=0; i < n ; i++, p++ )
- fprintf (fp, "%02X", *p );
- putc(':', fp);
+
+ if (sk)
+ fingerprint_from_sk (sk, array, &n);
+ else
+ fingerprint_from_pk (pk, array, &n);
+ p = array;
+ if (opt.with_colons && !mode)
+ {
+ fprintf (fp, "fpr:::::::::");
+ for (i = 0; i < n; i++, p++)
+ fprintf (fp, "%02X", *p);
+ putc (':', fp);
}
- else {
- if (fp)
- fputs (text, fp);
- else
- tty_printf ("%s", text);
- if (n == 20) {
- for (i=0; i < n ; i++, i++, p += 2 ) {
- if (fp) {
- if (i == 10 )
- putc(' ', fp);
- fprintf (fp, " %02X%02X", *p, p[1] );
- }
- else {
- if (i == 10 )
- tty_printf (" ");
- tty_printf (" %02X%02X", *p, p[1]);
- }
+ else
+ {
+ if (fp)
+ fputs (text, fp);
+ else
+ tty_printf ("%s", text);
+ if (n == 20)
+ {
+ for (i = 0; i < n; i++, i++, p += 2)
+ {
+ if (fp)
+ {
+ if (i == 10)
+ putc (' ', fp);
+ fprintf (fp, " %02X%02X", *p, p[1]);
+ }
+ else
+ {
+ if (i == 10)
+ tty_printf (" ");
+ tty_printf (" %02X%02X", *p, p[1]);
+ }
}
}
- else {
- for (i=0; i < n ; i++, p++ ) {
- if (fp) {
- if (i && !(i%8) )
- putc (' ', fp);
- fprintf (fp, " %02X", *p );
- }
- else {
- if (i && !(i%8) )
- tty_printf (" ");
- tty_printf (" %02X", *p );
- }
+ else
+ {
+ for (i = 0; i < n; i++, p++)
+ {
+ if (fp)
+ {
+ if (i && !(i % 8))
+ putc (' ', fp);
+ fprintf (fp, " %02X", *p);
+ }
+ else
+ {
+ if (i && !(i % 8))
+ tty_printf (" ");
+ tty_printf (" %02X", *p);
+ }
}
}
}
- if (fp)
- putc ('\n', fp);
- else
- tty_printf ("\n");
+ if (fp)
+ putc ('\n', fp);
+ else
+ tty_printf ("\n");
}
-/* Print the serial number of an OpenPGP card if available. */
+/* Print the serial number of an OpenPGP card if available. */
static void
-print_card_serialno (PKT_secret_key *sk)
+print_card_serialno (PKT_secret_key * sk)
{
int i;
if (!sk)
return;
- if (!sk->is_protected || sk->protect.s2k.mode != 1002)
+ if (!sk->is_protected || sk->protect.s2k.mode != 1002)
return; /* Not a card. */
if (opt.with_colons)
return; /* Handled elsewhere. */
@@ -1610,19 +1692,21 @@ print_card_serialno (PKT_secret_key *sk)
fputs (_(" Card serial no. ="), stdout);
putchar (' ');
if (sk->protect.ivlen == 16
- && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6) )
- { /* This is an OpenPGP card. Just print the relevant part. */
- for (i=8; i < 14; i++)
- {
- if (i == 10)
- putchar (' ');
- printf ("%02X", sk->protect.iv[i]);
- }
+ && !memcmp (sk->protect.iv, "\xD2\x76\x00\x01\x24\x01", 6))
+ {
+ /* This is an OpenPGP card. Just print the relevant part. */
+ for (i = 8; i < 14; i++)
+ {
+ if (i == 10)
+ putchar (' ');
+ printf ("%02X", sk->protect.iv[i]);
+ }
}
else
- { /* Something is wrong: Print all. */
- for (i=0; i < sk->protect.ivlen; i++)
- printf ("%02X", sk->protect.iv[i]);
+ {
+ /* Something is wrong: Print all. */
+ for (i = 0; i < sk->protect.ivlen; i++)
+ printf ("%02X", sk->protect.iv[i]);
}
putchar ('\n');
}
@@ -1632,32 +1716,32 @@ print_card_serialno (PKT_secret_key *sk)
void
set_attrib_fd (int fd)
{
- static int last_fd=-1;
+ static int last_fd = -1;
- if ( fd != -1 && last_fd == fd )
+ if (fd != -1 && last_fd == fd)
return;
- if ( attrib_fp && attrib_fp != stdout && attrib_fp != stderr
- && attrib_fp != log_get_stream () )
+ if (attrib_fp && attrib_fp != stdout && attrib_fp != stderr
+ && attrib_fp != log_get_stream ())
fclose (attrib_fp);
attrib_fp = NULL;
- if ( fd == -1 )
+ if (fd == -1)
return;
#ifdef HAVE_DOSISH_SYSTEM
setmode (fd, O_BINARY);
#endif
- if( fd == 1 )
+ if (fd == 1)
attrib_fp = stdout;
- else if( fd == 2 )
+ else if (fd == 2)
attrib_fp = stderr;
else
attrib_fp = fdopen (fd, "wb");
- if (!attrib_fp)
+ if (!attrib_fp)
{
- log_fatal("can't open fd %d for attribute output: %s\n",
- fd, strerror(errno));
+ log_fatal ("can't open fd %d for attribute output: %s\n",
+ fd, strerror (errno));
}
-
+
last_fd = fd;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 06:11:39 +0100