1 /* call-dirmngr.c - GPG operations to the Dirmngr.
2 * Copyright (C) 2011 Free Software Foundation, Inc.
3 * Copyright (C) 2015 g10 Code GmbH
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
39 #include "keyserver.h"
41 #include "call-dirmngr.h"
44 /* Parameter structure used to gather status info. */
45 struct ks_status_parm_s
47 const char *keyword; /* Look for this keyword or NULL for "SOURCE". */
52 /* Parameter structure used with the KS_SEARCH command. */
53 struct ks_search_parm_s
55 gpg_error_t lasterr; /* Last error code. */
56 membuf_t saveddata; /* Buffer to build complete lines. */
57 char *helpbuf; /* NULL or malloced buffer. */
58 size_t helpbufsize; /* Allocated size of HELPBUF. */
59 gpg_error_t (*data_cb)(void*, int, char*); /* Callback. */
60 void *data_cb_value; /* First argument for DATA_CB. */
61 struct ks_status_parm_s *stparm; /* Link to the status parameter. */
65 /* Parameter structure used with the KS_GET command. */
72 /* Parameter structure used with the KS_PUT command. */
76 kbnode_t keyblock; /* The optional keyblock. */
77 const void *data; /* The key in OpenPGP binary format. */
78 size_t datalen; /* The length of DATA. */
82 /* Parameter structure used with the DNS_CERT command. */
83 struct dns_cert_parm_s
92 /* Data used to associate an session with dirmngr contexts. We can't
93 use a simple one to one mapping because we sometimes need two
94 connections to the dirmngr; for example while doing a listing and
95 being in a data callback we may want to retrieve a key. The local
96 dirmngr data takes care of this. At the end of the session the
97 function dirmngr_deinit_session_data is called by gpg.c to cleanup
98 these resources. Note that gpg.h defines a typedef dirmngr_local_t
99 for this structure. */
100 struct dirmngr_local_s
102 /* Link to other contexts which are used simultaneously. */
103 struct dirmngr_local_s *next;
105 /* The active Assuan context. */
106 assuan_context_t ctx;
108 /* Flag set when the keyserver names have been send. */
109 int set_keyservers_done;
111 /* Flag set to true while an operation is running on CTX. */
117 /* Deinitialize all session data of dirmngr pertaining to CTRL. */
119 gpg_dirmngr_deinit_session_data (ctrl_t ctrl)
123 while ((dml = ctrl->dirmngr_local))
125 ctrl->dirmngr_local = dml->next;
127 log_error ("oops: trying to cleanup an active dirmngr context\n");
129 assuan_release (dml->ctx);
135 /* Print a warning if the server's version number is less than our
136 version number. Returns an error code on a connection problem. */
138 warn_version_mismatch (assuan_context_t ctx, const char *servername)
142 const char *myversion = strusage (13);
144 err = get_assuan_server_version (ctx, 0, &serverversion);
146 log_error (_("error getting version from '%s': %s\n"),
147 servername, gpg_strerror (err));
148 else if (!compare_version_strings (serverversion, myversion))
152 warn = xtryasprintf (_("server '%s' is older than us (%s < %s)"),
153 servername, serverversion, myversion);
155 err = gpg_error_from_syserror ();
158 log_info (_("WARNING: %s\n"), warn);
159 write_status_strings (STATUS_WARNING, "server_version_mismatch 0",
164 xfree (serverversion);
169 /* Try to connect to the Dirmngr via a socket or spawn it if possible.
170 Handle the server's initial greeting and set global options. */
172 create_context (ctrl_t ctrl, assuan_context_t *r_ctx)
175 assuan_context_t ctx;
178 err = start_new_dirmngr (&ctx,
179 GPG_ERR_SOURCE_DEFAULT,
181 opt.autostart, opt.verbose, DBG_IPC,
182 NULL /*gpg_status2*/, ctrl);
183 if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
190 log_info (_("no dirmngr running in this session\n"));
193 else if (!err && !(err = warn_version_mismatch (ctx, DIRMNGR_NAME)))
197 /* Tell the dirmngr that we want to collect audit event. */
198 /* err = assuan_transact (agent_ctx, "OPTION audit-events=1", */
199 /* NULL, NULL, NULL, NULL, NULL, NULL); */
200 if (opt.keyserver_options.http_proxy)
202 line = xtryasprintf ("OPTION http-proxy=%s",
203 opt.keyserver_options.http_proxy);
205 err = gpg_error_from_syserror ();
208 err = assuan_transact (ctx, line, NULL, NULL, NULL,
216 else if ((opt.keyserver_options.options & KEYSERVER_HONOR_KEYSERVER_URL))
218 /* Tell the dirmngr that this possibly privacy invading
219 option is in use. If Dirmngr is running in Tor mode, it
220 will return an error. */
221 err = assuan_transact (ctx, "OPTION honor-keyserver-url-used",
222 NULL, NULL, NULL, NULL, NULL, NULL);
223 if (gpg_err_code (err) == GPG_ERR_FORBIDDEN)
224 log_error (_("keyserver option \"honor-keyserver-url\""
225 " may not be used in Tor mode\n"));
226 else if (gpg_err_code (err) == GPG_ERR_UNKNOWN_OPTION)
227 err = 0; /* Old dirmngr versions do not support this option. */
232 assuan_release (ctx);
235 /* audit_log_ok (ctrl->audit, AUDIT_DIRMNGR_READY, err); */
243 /* Get a context for accessing dirmngr. If no context is available a
244 new one is created and - if required - dirmngr started. On success
245 an assuan context is stored at R_CTX. This context may only be
246 released by means of close_context. Note that NULL is stored at
249 open_context (ctrl_t ctrl, assuan_context_t *r_ctx)
257 for (dml = ctrl->dirmngr_local; dml && dml->is_active; dml = dml->next)
261 /* Found an inactive local session - return that. */
262 log_assert (!dml->is_active);
264 /* But first do the per session init if not yet done. */
265 if (!dml->set_keyservers_done)
267 keyserver_spec_t ksi;
269 /* Set all configured keyservers. We clear existing
270 keyservers so that any keyserver configured in GPG
271 overrides keyservers possibly still configured in Dirmngr
272 for the session (Note that the keyserver list of a
273 session in Dirmngr survives a RESET. */
274 for (ksi = opt.keyserver; ksi; ksi = ksi->next)
280 ksi == opt.keyserver? " --clear":"", ksi->uri);
282 err = gpg_error_from_syserror ();
285 err = assuan_transact (dml->ctx, line, NULL, NULL, NULL,
294 dml->set_keyservers_done = 1;
303 dml = xtrycalloc (1, sizeof *dml);
305 return gpg_error_from_syserror ();
306 err = create_context (ctrl, &dml->ctx);
313 /* To be on the nPth thread safe site we need to add it to a
314 list; this is far easier than to have a lock for this
315 function. It should not happen anyway but the code is free
316 because we need it for the is_active check above. */
317 dml->next = ctrl->dirmngr_local;
318 ctrl->dirmngr_local = dml;
323 /* Close the assuan context CTX or return it to a pool of unused
324 contexts. If CTX is NULL, the function does nothing. */
326 close_context (ctrl_t ctrl, assuan_context_t ctx)
333 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
338 log_fatal ("closing inactive dirmngr context %p\n", ctx);
343 log_fatal ("closing unknown dirmngr ctx %p\n", ctx);
347 /* Clear the set_keyservers_done flag on context CTX. */
349 clear_context_flags (ctrl_t ctrl, assuan_context_t ctx)
356 for (dml = ctrl->dirmngr_local; dml; dml = dml->next)
361 log_fatal ("clear_context_flags on inactive dirmngr ctx %p\n", ctx);
362 dml->set_keyservers_done = 0;
366 log_fatal ("clear_context_flags on unknown dirmngr ctx %p\n", ctx);
371 /* Status callback for ks_list, ks_get and ks_search. */
373 ks_status_cb (void *opaque, const char *line)
375 struct ks_status_parm_s *parm = opaque;
379 if ((s = has_leading_keyword (line, parm->keyword? parm->keyword : "SOURCE")))
383 parm->source = xtrystrdup (s);
385 err = gpg_error_from_syserror ();
394 /* Run the "KEYSERVER" command to return the name of the used
395 keyserver at R_KEYSERVER. */
397 gpg_dirmngr_ks_list (ctrl_t ctrl, char **r_keyserver)
400 assuan_context_t ctx;
401 struct ks_status_parm_s stparm;
403 memset (&stparm, 0, sizeof stparm);
404 stparm.keyword = "KEYSERVER";
408 err = open_context (ctrl, &ctx);
412 err = assuan_transact (ctx, "KEYSERVER", NULL, NULL,
413 NULL, NULL, ks_status_cb, &stparm);
418 err = gpg_error (GPG_ERR_NO_KEYSERVER);
423 *r_keyserver = stparm.source;
425 xfree (stparm.source);
426 stparm.source = NULL;
429 xfree (stparm.source);
430 close_context (ctrl, ctx);
436 /* Data callback for the KS_SEARCH command. */
438 ks_search_data_cb (void *opaque, const void *data, size_t datalen)
441 struct ks_search_parm_s *parm = opaque;
442 const char *line, *s;
443 size_t rawlen, linelen;
449 if (parm->stparm->source)
451 err = parm->data_cb (parm->data_cb_value, 1, parm->stparm->source);
457 /* Clear it so that we won't get back here unless the server
458 accidentally sends a second source status line. Note that
459 will not see all accidentally sent source lines because it
460 depends on whether data lines have been send in between. */
461 xfree (parm->stparm->source);
462 parm->stparm->source = NULL;
466 return 0; /* Ignore END commands. */
468 put_membuf (&parm->saveddata, data, datalen);
471 line = peek_membuf (&parm->saveddata, &rawlen);
474 parm->lasterr = gpg_error_from_syserror ();
475 return parm->lasterr; /* Tell the server about our problem. */
477 if ((s = memchr (line, '\n', rawlen)))
479 linelen = s - line; /* That is the length excluding the LF. */
480 if (linelen + 1 < sizeof fixedbuf)
482 /* We can use the static buffer. */
483 memcpy (fixedbuf, line, linelen);
484 fixedbuf[linelen] = 0;
485 if (linelen && fixedbuf[linelen-1] == '\r')
486 fixedbuf[linelen-1] = 0;
487 err = parm->data_cb (parm->data_cb_value, 0, fixedbuf);
491 if (linelen + 1 >= parm->helpbufsize)
493 xfree (parm->helpbuf);
494 parm->helpbufsize = linelen + 1 + 1024;
495 parm->helpbuf = xtrymalloc (parm->helpbufsize);
498 parm->lasterr = gpg_error_from_syserror ();
499 return parm->lasterr;
502 memcpy (parm->helpbuf, line, linelen);
503 parm->helpbuf[linelen] = 0;
504 if (linelen && parm->helpbuf[linelen-1] == '\r')
505 parm->helpbuf[linelen-1] = 0;
506 err = parm->data_cb (parm->data_cb_value, 0, parm->helpbuf);
512 clear_membuf (&parm->saveddata, linelen+1);
513 goto again; /* There might be another complete line. */
521 /* Run the KS_SEARCH command using the search string SEARCHSTR. All
522 data lines are passed to the CB function. That function is called
523 with CB_VALUE as its first argument, a 0 as second argument, and
524 the decoded data line as third argument. The callback function may
525 modify the data line and it is guaranteed that this data line is a
526 complete line with a terminating 0 character but without the
527 linefeed. NULL is passed to the callback to indicate EOF. */
529 gpg_dirmngr_ks_search (ctrl_t ctrl, const char *searchstr,
530 gpg_error_t (*cb)(void*, int, char *), void *cb_value)
533 assuan_context_t ctx;
534 struct ks_status_parm_s stparm;
535 struct ks_search_parm_s parm;
536 char line[ASSUAN_LINELENGTH];
538 err = open_context (ctrl, &ctx);
543 char *escsearchstr = percent_plus_escape (searchstr);
546 err = gpg_error_from_syserror ();
547 close_context (ctrl, ctx);
550 snprintf (line, sizeof line, "KS_SEARCH -- %s", escsearchstr);
551 xfree (escsearchstr);
554 memset (&stparm, 0, sizeof stparm);
555 memset (&parm, 0, sizeof parm);
556 init_membuf (&parm.saveddata, 1024);
558 parm.data_cb_value = cb_value;
559 parm.stparm = &stparm;
561 err = assuan_transact (ctx, line, ks_search_data_cb, &parm,
562 NULL, NULL, ks_status_cb, &stparm);
564 err = cb (cb_value, 0, NULL); /* Send EOF. */
566 xfree (get_membuf (&parm.saveddata, NULL));
567 xfree (parm.helpbuf);
568 xfree (stparm.source);
570 close_context (ctrl, ctx);
576 /* Data callback for the KS_GET and KS_FETCH commands. */
578 ks_get_data_cb (void *opaque, const void *data, size_t datalen)
581 struct ks_get_parm_s *parm = opaque;
585 return 0; /* Ignore END commands. */
587 if (es_write (parm->memfp, data, datalen, &nwritten))
588 err = gpg_error_from_syserror ();
594 /* Run the KS_GET command using the patterns in the array PATTERN. On
595 success an estream object is returned to retrieve the keys. On
596 error an error code is returned and NULL stored at R_FP.
598 The pattern may only use search specification which a keyserver can
599 use to retrieve keys. Because we know the format of the pattern we
600 don't need to escape the patterns before sending them to the
603 If R_SOURCE is not NULL the source of the data is stored as a
604 malloced string there. If a source is not known NULL is stored.
606 If there are too many patterns the function returns an error. That
607 could be fixed by issuing several search commands or by
608 implementing a different interface. However with long keyids we
609 are able to ask for (1000-10-1)/(2+8+1) = 90 keys at once. */
611 gpg_dirmngr_ks_get (ctrl_t ctrl, char **pattern,
612 keyserver_spec_t override_keyserver,
613 estream_t *r_fp, char **r_source)
616 assuan_context_t ctx;
617 struct ks_status_parm_s stparm;
618 struct ks_get_parm_s parm;
624 memset (&stparm, 0, sizeof stparm);
625 memset (&parm, 0, sizeof parm);
631 err = open_context (ctrl, &ctx);
635 /* If we have an override keyserver we first indicate that the next
636 user of the context needs to again setup the global keyservers and
637 them we send the override keyserver. */
638 if (override_keyserver)
640 clear_context_flags (ctrl, ctx);
641 line = xtryasprintf ("KEYSERVER --clear %s", override_keyserver->uri);
644 err = gpg_error_from_syserror ();
647 err = assuan_transact (ctx, line, NULL, NULL, NULL,
656 /* Lump all patterns into one string. */
657 init_membuf (&mb, 1024);
658 put_membuf_str (&mb, "KS_GET --");
659 for (idx=0; pattern[idx]; idx++)
661 put_membuf (&mb, " ", 1); /* Append Delimiter. */
662 put_membuf_str (&mb, pattern[idx]);
664 put_membuf (&mb, "", 1); /* Append Nul. */
665 line = get_membuf (&mb, &linelen);
668 err = gpg_error_from_syserror ();
671 if (linelen + 2 >= ASSUAN_LINELENGTH)
673 err = gpg_error (GPG_ERR_TOO_MANY);
677 parm.memfp = es_fopenmem (0, "rwb");
680 err = gpg_error_from_syserror ();
683 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
684 NULL, NULL, ks_status_cb, &stparm);
688 es_rewind (parm.memfp);
694 *r_source = stparm.source;
695 stparm.source = NULL;
699 es_fclose (parm.memfp);
700 xfree (stparm.source);
702 close_context (ctrl, ctx);
707 /* Run the KS_FETCH and pass URL as argument. On success an estream
708 object is returned to retrieve the keys. On error an error code is
709 returned and NULL stored at R_FP.
711 The url is expected to point to a small set of keys; in many cases
712 only to one key. However, schemes like finger may return several
713 keys. Note that the configured keyservers are ignored by the
716 gpg_dirmngr_ks_fetch (ctrl_t ctrl, const char *url, estream_t *r_fp)
719 assuan_context_t ctx;
720 struct ks_get_parm_s parm;
723 memset (&parm, 0, sizeof parm);
727 err = open_context (ctrl, &ctx);
731 line = strconcat ("KS_FETCH -- ", url, NULL);
734 err = gpg_error_from_syserror ();
737 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
739 err = gpg_error (GPG_ERR_TOO_LARGE);
743 parm.memfp = es_fopenmem (0, "rwb");
746 err = gpg_error_from_syserror ();
749 err = assuan_transact (ctx, line, ks_get_data_cb, &parm,
750 NULL, NULL, NULL, NULL);
754 es_rewind (parm.memfp);
759 es_fclose (parm.memfp);
761 close_context (ctrl, ctx);
768 record_output (estream_t output,
770 const char *validity,
771 /* The public key length or -1. */
773 /* The public key algo or -1. */
775 /* 2 ulongs or NULL. */
777 /* The creation / expiration date or 0. */
782 const char *type_str = NULL;
783 char *pub_key_length_str = NULL;
784 char *pub_key_algo_str = NULL;
785 char *keyid_str = NULL;
786 char *creation_date_str = NULL;
787 char *expiration_date_str = NULL;
788 char *userid_escaped = NULL;
795 case PKT_PUBLIC_SUBKEY:
805 log_assert (! "Unhandled type.");
808 if (pub_key_length > 0)
809 pub_key_length_str = xasprintf ("%d", pub_key_length);
811 if (pub_key_algo != -1)
812 pub_key_algo_str = xasprintf ("%d", pub_key_algo);
815 keyid_str = xasprintf ("%08lX%08lX", (ulong) keyid[0], (ulong) keyid[1]);
818 creation_date_str = xstrdup (colon_strtime (creation_date));
821 expiration_date_str = xstrdup (colon_strtime (expiration_date));
823 /* Quote ':', '%', and any 8-bit characters. */
829 int len = strlen (userid);
830 /* A 100k character limit on the uid should be way more than
832 if (len > 100 * 1024)
835 /* The minimum amount of space that we need. */
836 userid_escaped = xmalloc (len * 3 + 1);
838 for (r = 0; r < len; r++)
840 if (userid[r] == ':' || userid[r]== '%' || (userid[r] & 0x80))
842 sprintf (&userid_escaped[w], "%%%02X", (byte) userid[r]);
846 userid_escaped[w ++] = userid[r];
848 userid_escaped[w] = '\0';
851 es_fprintf (output, "%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s:%s\n",
854 pub_key_length_str ?: "",
855 pub_key_algo_str ?: "",
857 creation_date_str ?: "",
858 expiration_date_str ?: "",
859 "" /* Certificate S/N */,
860 "" /* Ownertrust. */,
861 userid_escaped ?: "",
862 "" /* Signature class. */,
863 "" /* Key capabilities. */,
864 "" /* Issuer certificate fingerprint. */,
865 "" /* Flag field. */,
866 "" /* S/N of a token. */,
868 "" /* Curve name. */);
870 xfree (userid_escaped);
871 xfree (expiration_date_str);
872 xfree (creation_date_str);
874 xfree (pub_key_algo_str);
875 xfree (pub_key_length_str);
878 /* Handle the KS_PUT inquiries. */
880 ks_put_inq_cb (void *opaque, const char *line)
882 struct ks_put_parm_s *parm = opaque;
885 if (has_leading_keyword (line, "KEYBLOCK"))
888 err = assuan_send_data (parm->ctx, parm->data, parm->datalen);
890 else if (has_leading_keyword (line, "KEYBLOCK_INFO"))
895 /* Parse the keyblock and send info lines back to the server. */
896 fp = es_fopenmem (0, "rw,samethread");
898 err = gpg_error_from_syserror ();
900 /* Note: the output format for the INFO block follows the colon
901 format as described in doc/DETAILS. We don't actually reuse
902 the functionality from g10/keylist.c to produce the output,
903 because we don't need all of it and some of it is quite
904 expensive to generate.
906 The fields are (the starred fields are the ones we need):
908 * Field 1 - Type of record
910 * Field 3 - Key length
911 * Field 4 - Public key algorithm
913 * Field 6 - Creation date
914 * Field 7 - Expiration date
915 Field 8 - Certificate S/N, UID hash, trust signature info
918 Field 11 - Signature class
919 Field 12 - Key capabilities
920 Field 13 - Issuer certificate fingerprint or other info
921 Field 14 - Flag field
922 Field 15 - S/N of a token
923 Field 16 - Hash algorithm
924 Field 17 - Curve name
926 for (node = parm->keyblock; !err && node; node=node->next)
928 switch (node->pkt->pkttype)
931 case PKT_PUBLIC_SUBKEY:
933 PKT_public_key *pk = node->pkt->pkt.public_key;
939 if (pk->flags.revoked)
940 validity[i ++] = 'r';
942 validity[i ++] = 'e';
945 keyid_from_pk (pk, NULL);
947 record_output (fp, node->pkt->pkttype, validity,
948 nbits_from_pk (pk), pk->pubkey_algo,
949 pk->keyid, pk->timestamp, pk->expiredate,
956 PKT_user_id *uid = node->pkt->pkt.user_id;
958 if (!uid->attrib_data)
965 validity[i ++] = 'r';
967 validity[i ++] = 'e';
970 record_output (fp, node->pkt->pkttype, validity,
972 uid->created, uid->expiredate,
978 /* This bit is really for the benefit of people who
979 store their keys in LDAP servers. It makes it easy
980 to do queries for things like "all keys signed by
984 PKT_signature *sig = node->pkt->pkt.signature;
986 if (IS_UID_SIG (sig))
987 record_output (fp, node->pkt->pkttype, NULL,
989 sig->timestamp, sig->expiredate, NULL);
996 /* Given that the last operation was an es_fprintf we should
997 get the correct ERRNO if ferror indicates an error. */
999 err = gpg_error_from_syserror ();
1002 /* Without an error and if we have an keyblock at all, send the
1004 if (!err && parm->keyblock)
1011 while (!(rc=es_read (fp, buffer, sizeof buffer, &nread)) && nread)
1013 err = assuan_send_data (parm->ctx, buffer, nread);
1018 err = gpg_error_from_syserror ();
1023 return gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
1029 /* Send a key to the configured server. {DATA,DATLEN} contains the
1030 key in OpenPGP binary transport format. If KEYBLOCK is not NULL it
1031 has the internal representaion of that key; this is for example
1032 used to convey meta data to LDAP keyservers. */
1034 gpg_dirmngr_ks_put (ctrl_t ctrl, void *data, size_t datalen, kbnode_t keyblock)
1037 assuan_context_t ctx;
1038 struct ks_put_parm_s parm;
1040 memset (&parm, 0, sizeof parm);
1042 /* We are going to parse the keyblock, thus we better make sure the
1043 all information is readily available. */
1045 merge_keys_and_selfsig (keyblock);
1047 err = open_context (ctrl, &ctx);
1052 parm.keyblock = keyblock;
1054 parm.datalen = datalen;
1056 err = assuan_transact (ctx, "KS_PUT", NULL, NULL,
1057 ks_put_inq_cb, &parm, NULL, NULL);
1059 close_context (ctrl, ctx);
1065 /* Data callback for the DNS_CERT and WKD_GET commands. */
1067 dns_cert_data_cb (void *opaque, const void *data, size_t datalen)
1069 struct dns_cert_parm_s *parm = opaque;
1070 gpg_error_t err = 0;
1074 return 0; /* Ignore END commands. */
1076 return 0; /* Data is not required. */
1078 if (es_write (parm->memfp, data, datalen, &nwritten))
1079 err = gpg_error_from_syserror ();
1085 /* Status callback for the DNS_CERT command. */
1087 dns_cert_status_cb (void *opaque, const char *line)
1089 struct dns_cert_parm_s *parm = opaque;
1090 gpg_error_t err = 0;
1094 if ((s = has_leading_keyword (line, "FPR")))
1098 if (!(buf = xtrystrdup (s)))
1099 err = gpg_error_from_syserror ();
1101 err = gpg_error (GPG_ERR_DUP_KEY);
1102 else if (!hex2str (buf, buf, strlen (buf)+1, &nbytes))
1103 err = gpg_error_from_syserror ();
1104 else if (nbytes < 20)
1105 err = gpg_error (GPG_ERR_TOO_SHORT);
1108 parm->fpr = xtrymalloc (nbytes);
1110 err = gpg_error_from_syserror ();
1112 memcpy (parm->fpr, buf, (parm->fprlen = nbytes));
1116 else if ((s = has_leading_keyword (line, "URL")) && *s)
1119 err = gpg_error (GPG_ERR_DUP_KEY);
1120 else if (!(parm->url = xtrystrdup (s)))
1121 err = gpg_error_from_syserror ();
1127 /* Ask the dirmngr for a DNS CERT record. Depending on the found
1128 subtypes different return values are set:
1130 - For a PGP subtype a new estream with that key will be returned at
1131 R_KEY and the other return parameters are set to NULL/0.
1133 - For an IPGP subtype the fingerprint is stored as a malloced block
1134 at (R_FPR,R_FPRLEN). If an URL is available it is stored as a
1135 malloced string at R_URL; NULL is stored if there is no URL.
1137 If CERTTYPE is DNS_CERTTYPE_ANY this function returns the first
1138 CERT record found with a supported type; it is expected that only
1139 one CERT record is used. If CERTTYPE is one of the supported
1140 certtypes, only records with this certtype are considered and the
1141 first one found is returned. All R_* args are optional.
1143 If CERTTYPE is NULL the DANE method is used to fetch the key.
1146 gpg_dirmngr_dns_cert (ctrl_t ctrl, const char *name, const char *certtype,
1148 unsigned char **r_fpr, size_t *r_fprlen,
1152 assuan_context_t ctx;
1153 struct dns_cert_parm_s parm;
1156 memset (&parm, 0, sizeof parm);
1166 err = open_context (ctrl, &ctx);
1170 line = es_bsprintf ("DNS_CERT %s %s", certtype? certtype : "--dane", name);
1173 err = gpg_error_from_syserror ();
1176 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1178 err = gpg_error (GPG_ERR_TOO_LARGE);
1182 parm.memfp = es_fopenmem (0, "rwb");
1185 err = gpg_error_from_syserror ();
1188 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1189 NULL, NULL, dns_cert_status_cb, &parm);
1195 es_rewind (parm.memfp);
1196 *r_key = parm.memfp;
1200 if (r_fpr && parm.fpr)
1206 *r_fprlen = parm.fprlen;
1208 if (r_url && parm.url)
1217 es_fclose (parm.memfp);
1219 close_context (ctrl, ctx);
1224 /* Ask the dirmngr for PKA info. On success the retrieved fingerprint
1225 is returned in a malloced buffer at R_FPR and its length is stored
1226 at R_FPRLEN. If an URL is available it is stored as a malloced
1227 string at R_URL. On error all return values are set to NULL/0. */
1229 gpg_dirmngr_get_pka (ctrl_t ctrl, const char *userid,
1230 unsigned char **r_fpr, size_t *r_fprlen,
1234 assuan_context_t ctx;
1235 struct dns_cert_parm_s parm;
1238 memset (&parm, 0, sizeof parm);
1246 err = open_context (ctrl, &ctx);
1250 line = es_bsprintf ("DNS_CERT --pka -- %s", userid);
1253 err = gpg_error_from_syserror ();
1256 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1258 err = gpg_error (GPG_ERR_TOO_LARGE);
1262 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1263 NULL, NULL, dns_cert_status_cb, &parm);
1267 if (r_fpr && parm.fpr)
1273 *r_fprlen = parm.fprlen;
1275 if (r_url && parm.url)
1285 close_context (ctrl, ctx);
1291 /* Ask the dirmngr to retrieve a key via the Web Key Directory
1292 * protocol. On success a new estream with the key is stored at
1296 gpg_dirmngr_wkd_get (ctrl_t ctrl, const char *name, estream_t *r_key)
1299 assuan_context_t ctx;
1300 struct dns_cert_parm_s parm;
1303 memset (&parm, 0, sizeof parm);
1305 err = open_context (ctrl, &ctx);
1309 line = es_bsprintf ("WKD_GET -- %s", name);
1312 err = gpg_error_from_syserror ();
1315 if (strlen (line) + 2 >= ASSUAN_LINELENGTH)
1317 err = gpg_error (GPG_ERR_TOO_LARGE);
1321 parm.memfp = es_fopenmem (0, "rwb");
1324 err = gpg_error_from_syserror ();
1327 err = assuan_transact (ctx, line, dns_cert_data_cb, &parm,
1328 NULL, NULL, NULL, &parm);
1334 es_rewind (parm.memfp);
1335 *r_key = parm.memfp;
1342 es_fclose (parm.memfp);
1344 close_context (ctrl, ctx);