1 /* import.c - import a key into our key storage.
2 * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc.
3 * Copyright (C) 2014 Werner Koch
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
38 #include "keyserver-internal.h"
39 #include "call-agent.h"
40 #include "../common/membuf.h"
53 ulong secret_imported;
55 ulong skipped_new_keys;
59 ulong v3keys; /* Number of V3 keys seen. */
63 static int import (ctrl_t ctrl,
64 IOBUF inp, const char* fname, struct import_stats_s *stats,
65 unsigned char **fpr, size_t *fpr_len, unsigned int options,
66 import_screener_t screener, void *screener_arg);
67 static int read_block (IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root,
69 static void revocation_present (ctrl_t ctrl, kbnode_t keyblock);
70 static int import_one (ctrl_t ctrl,
71 const char *fname, kbnode_t keyblock,
72 struct import_stats_s *stats,
73 unsigned char **fpr, size_t *fpr_len,
74 unsigned int options, int from_sk, int silent,
75 import_screener_t screener, void *screener_arg);
76 static int import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
77 struct import_stats_s *stats, int batch,
78 unsigned int options, int for_migration,
79 import_screener_t screener, void *screener_arg);
80 static int import_revoke_cert( const char *fname, kbnode_t node,
81 struct import_stats_s *stats);
82 static int chk_self_sigs (const char *fname, kbnode_t keyblock,
83 PKT_public_key *pk, u32 *keyid, int *non_self );
84 static int delete_inv_parts (const char *fname, kbnode_t keyblock,
85 u32 *keyid, unsigned int options );
86 static int merge_blocks (const char *fname, kbnode_t keyblock_orig,
87 kbnode_t keyblock, u32 *keyid,
88 int *n_uids, int *n_sigs, int *n_subk );
89 static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs,
90 const char *fname, u32 *keyid );
91 static int append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs,
92 const char *fname, u32 *keyid );
93 static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs,
94 const char *fname, u32 *keyid );
95 static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs,
96 const char *fname, u32 *keyid );
99 parse_import_options(char *str,unsigned int *options,int noisy)
101 struct parse_options import_opts[]=
103 {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
104 N_("import signatures that are marked as local-only")},
106 {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
107 N_("repair damage from the pks keyserver during import")},
109 {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
110 N_("do not clear the ownertrust values during import")},
112 {"fast-import",IMPORT_FAST,NULL,
113 N_("do not update the trustdb after import")},
115 {"merge-only",IMPORT_MERGE_ONLY,NULL,
116 N_("only accept updates to existing keys")},
118 {"import-clean",IMPORT_CLEAN,NULL,
119 N_("remove unusable parts from key after import")},
121 {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
122 N_("remove as much as possible from key after import")},
124 /* Aliases for backward compatibility */
125 {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
126 {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
128 {"import-unusable-sigs",0,NULL,NULL},
129 {"import-clean-sigs",0,NULL,NULL},
130 {"import-clean-uids",0,NULL,NULL},
131 {"convert-sk-to-pk",0, NULL,NULL}, /* Not anymore needed due to
136 return parse_options(str,options,import_opts,noisy);
141 import_new_stats_handle (void)
143 return xmalloc_clear ( sizeof (struct import_stats_s) );
148 import_release_stats_handle (import_stats_t p)
155 * Import the public keys from the given filename. Input may be armored.
156 * This function rejects all keys which are not validly self signed on at
157 * least one userid. Only user ids which are self signed will be imported.
158 * Other signatures are not checked.
160 * Actually this function does a merge. It works like this:
163 * - check self-signatures and remove all userids and their signatures
164 * without/invalid self-signatures.
165 * - reject the keyblock, if we have no valid userid.
166 * - See whether we have this key already in one of our pubrings.
167 * If not, simply add it to the default keyring.
168 * - Compare the key and the self-signatures of the new and the one in
169 * our keyring. If they are different something weird is going on;
171 * - See whether we have only non-self-signature on one user id; if not
172 * ask the user what to do.
173 * - compare the signatures: If we already have this signature, check
174 * that they compare okay; if not, issue a warning and ask the user.
175 * (consider looking at the timestamp and use the newest?)
176 * - Simply add the signature. Can't verify here because we may not have
177 * the signature's public key yet; verification is done when putting it
178 * into the trustdb, which is done automagically as soon as this pubkey
180 * - Proceed with next signature.
182 * Key revocation certificates have special handling.
185 import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
186 import_stats_t stats_handle,
187 unsigned char **fpr, size_t *fpr_len,
188 unsigned int options,
189 import_screener_t screener, void *screener_arg)
193 struct import_stats_s *stats = stats_handle;
196 stats = import_new_stats_handle ();
200 rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options,
201 screener, screener_arg);
205 if (!fnames && !nnames)
206 nnames = 1; /* Ohh what a ugly hack to jump into the loop */
208 for (i=0; i < nnames; i++)
210 const char *fname = fnames? fnames[i] : NULL;
211 IOBUF inp2 = iobuf_open(fname);
215 if (inp2 && is_secured_file (iobuf_get_fd (inp2)))
219 gpg_err_set_errno (EPERM);
222 log_error (_("can't open '%s': %s\n"), fname, strerror (errno));
225 rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options,
226 screener, screener_arg);
228 /* Must invalidate that ugly cache to actually close it. */
229 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
231 log_error ("import from '%s' failed: %s\n",
232 fname, gpg_strerror (rc) );
241 import_print_stats (stats);
242 import_release_stats_handle (stats);
245 /* If no fast import and the trustdb is dirty (i.e. we added a key
246 or userID that had something other than a selfsig, a signature
247 that was other than a selfsig, or any revocation), then
248 update/check the trustdb if the user specified by setting
249 interactive or by not setting no-auto-check-trustdb */
251 if (!(options & IMPORT_FAST))
252 check_or_update_trustdb ();
259 import_keys (ctrl_t ctrl, char **fnames, int nnames,
260 import_stats_t stats_handle, unsigned int options )
262 import_keys_internal (ctrl, NULL, fnames, nnames, stats_handle,
263 NULL, NULL, options, NULL, NULL);
267 import_keys_stream (ctrl_t ctrl, IOBUF inp, import_stats_t stats_handle,
268 unsigned char **fpr, size_t *fpr_len, unsigned int options)
270 return import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
271 fpr, fpr_len, options, NULL, NULL);
275 /* Variant of import_keys_stream reading from an estream_t. */
277 import_keys_es_stream (ctrl_t ctrl, estream_t fp,
278 import_stats_t stats_handle,
279 unsigned char **fpr, size_t *fpr_len,
280 unsigned int options,
281 import_screener_t screener, void *screener_arg)
286 inp = iobuf_esopen (fp, "r", 1);
289 rc = gpg_error_from_syserror ();
290 log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc));
294 rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
295 fpr, fpr_len, options,
296 screener, screener_arg);
304 import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
305 unsigned char **fpr,size_t *fpr_len, unsigned int options,
306 import_screener_t screener, void *screener_arg)
308 PACKET *pending_pkt = NULL;
309 kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
310 grasp the return semantics of
315 getkey_disable_caches ();
317 if (!opt.no_armor) /* Armored reading is not disabled. */
319 armor_filter_context_t *afx;
321 afx = new_armor_context ();
322 afx->only_keyblocks = 1;
323 push_armor_filter (afx, inp);
324 release_armor_context (afx);
327 while (!(rc = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
329 stats->v3keys += v3keys;
330 if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
331 rc = import_one (ctrl, fname, keyblock,
332 stats, fpr, fpr_len, options, 0, 0,
333 screener, screener_arg);
334 else if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
335 rc = import_secret_one (ctrl, fname, keyblock, stats,
336 opt.batch, options, 0,
337 screener, screener_arg);
338 else if (keyblock->pkt->pkttype == PKT_SIGNATURE
339 && keyblock->pkt->pkt.signature->sig_class == 0x20 )
340 rc = import_revoke_cert( fname, keyblock, stats );
343 log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
345 release_kbnode (keyblock);
347 /* fixme: we should increment the not imported counter but
348 this does only make sense if we keep on going despite of
349 errors. For now we do this only if the imported key is too
351 if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
352 && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
354 stats->not_imported++;
359 if (!(++stats->count % 100) && !opt.quiet)
360 log_info (_("%lu keys processed so far\n"), stats->count );
362 stats->v3keys += v3keys;
365 else if (rc && gpg_err_code (rc) != GPG_ERR_INV_KEYRING)
366 log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc));
372 /* Helper to migrate secring.gpg to GnuPG 2.1. */
374 import_old_secring (ctrl_t ctrl, const char *fname)
378 PACKET *pending_pkt = NULL;
379 kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
380 grasp the return semantics of
382 struct import_stats_s *stats;
385 inp = iobuf_open (fname);
386 if (inp && is_secured_file (iobuf_get_fd (inp)))
390 gpg_err_set_errno (EPERM);
394 err = gpg_error_from_syserror ();
395 log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
399 getkey_disable_caches();
400 stats = import_new_stats_handle ();
401 while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
403 if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
404 err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1,
406 release_kbnode (keyblock);
410 import_release_stats_handle (stats);
413 else if (err && gpg_err_code (err) != GPG_ERR_INV_KEYRING)
414 log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
416 log_error ("import from '%s' failed: %s\n", fname, gpg_strerror (err));
419 iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
426 import_print_stats (import_stats_t stats)
430 log_info(_("Total number processed: %lu\n"),
431 stats->count + stats->v3keys);
433 log_info(_(" skipped PGP-2 keys: %lu\n"), stats->v3keys);
434 if (stats->skipped_new_keys )
435 log_info(_(" skipped new keys: %lu\n"),
436 stats->skipped_new_keys );
437 if (stats->no_user_id )
438 log_info(_(" w/o user IDs: %lu\n"), stats->no_user_id );
441 log_info(_(" imported: %lu"), stats->imported );
444 if (stats->unchanged )
445 log_info(_(" unchanged: %lu\n"), stats->unchanged );
447 log_info(_(" new user IDs: %lu\n"), stats->n_uids );
449 log_info(_(" new subkeys: %lu\n"), stats->n_subk );
451 log_info(_(" new signatures: %lu\n"), stats->n_sigs );
453 log_info(_(" new key revocations: %lu\n"), stats->n_revoc );
454 if (stats->secret_read )
455 log_info(_(" secret keys read: %lu\n"), stats->secret_read );
456 if (stats->secret_imported )
457 log_info(_(" secret keys imported: %lu\n"), stats->secret_imported );
458 if (stats->secret_dups )
459 log_info(_(" secret keys unchanged: %lu\n"), stats->secret_dups );
460 if (stats->not_imported )
461 log_info(_(" not imported: %lu\n"), stats->not_imported );
462 if (stats->n_sigs_cleaned)
463 log_info(_(" signatures cleaned: %lu\n"),stats->n_sigs_cleaned);
464 if (stats->n_uids_cleaned)
465 log_info(_(" user IDs cleaned: %lu\n"),stats->n_uids_cleaned);
468 if (is_status_enabled ())
472 snprintf (buf, sizeof buf,
473 "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
474 stats->count + stats->v3keys,
483 stats->secret_imported,
485 stats->skipped_new_keys,
488 write_status_text (STATUS_IMPORT_RES, buf);
493 /* Return true if PKTTYPE is valid in a keyblock. */
495 valid_keyblock_packet (int pkttype)
500 case PKT_PUBLIC_SUBKEY:
502 case PKT_SECRET_SUBKEY:
515 * Read the next keyblock from stream A.
516 * PENDING_PKT should be initialzed to NULL
517 * and not changed by the caller.
518 * Return: 0 = okay, -1 no more blocks or another errorcode.
519 * The int at at R_V3KEY counts the number of unsupported v3
523 read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
527 kbnode_t root = NULL;
528 int in_cert, in_v3key;
534 root = new_kbnode( *pending_pkt );
541 pkt = xmalloc (sizeof *pkt);
544 while ((rc=parse_packet(a, pkt)) != -1)
546 if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
547 && (pkt->pkttype == PKT_PUBLIC_KEY
548 || pkt->pkttype == PKT_SECRET_KEY)))
556 else if (rc ) /* (ignore errors) */
558 if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET)
559 ; /* Do not show a diagnostic. */
562 log_error("read_block: read error: %s\n", gpg_strerror (rc) );
563 rc = GPG_ERR_INV_KEYRING;
571 if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY
572 || pkt->pkttype == PKT_SECRET_KEY))
580 if (!root && pkt->pkttype == PKT_SIGNATURE
581 && pkt->pkt.signature->sig_class == 0x20 )
583 /* This is a revocation certificate which is handled in a
585 root = new_kbnode( pkt );
590 /* Make a linked list of all packets. */
591 switch (pkt->pkttype)
594 if (check_compress_algo (pkt->pkt.compressed->algorithm))
596 rc = GPG_ERR_COMPR_ALGO;
601 compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
602 pkt->pkt.compressed->buf = NULL;
603 push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
610 /* Skip those packets. */
617 if (in_cert ) /* Store this packet. */
625 if (in_cert && valid_keyblock_packet (pkt->pkttype))
628 root = new_kbnode (pkt);
630 add_kbnode (root, new_kbnode (pkt));
631 pkt = xmalloc (sizeof *pkt);
639 if (rc == -1 && root )
643 release_kbnode( root );
652 /* Walk through the subkeys on a pk to find if we have the PKS
653 disease: multiple subkeys with their binding sigs stripped, and the
654 sig for the first subkey placed after the last subkey. That is,
655 instead of "pk uid sig sub1 bind1 sub2 bind2 sub3 bind3" we have
656 "pk uid sig sub1 sub2 sub3 bind1". We can't do anything about sub2
657 and sub3, as they are already lost, but we can try and rescue sub1
658 by reordering the keyblock so that it reads "pk uid sig sub1 bind1
659 sub2 sub3". Returns TRUE if the keyblock was modified. */
661 fix_pks_corruption (kbnode_t keyblock)
666 kbnode_t last = NULL;
667 kbnode_t sknode=NULL;
669 /* First determine if we have the problem at all. Look for 2 or
670 more subkeys in a row, followed by a single binding sig. */
671 for (node=keyblock; node; last=node, node=node->next)
673 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
679 else if (node->pkt->pkttype == PKT_SIGNATURE
680 && node->pkt->pkt.signature->sig_class == 0x18
684 /* We might have the problem, as this key has two subkeys in
685 a row without any intervening packets. */
691 /* Temporarily attach node to sknode. */
692 node->next = sknode->next;
696 /* Note we aren't checking whether this binding sig is a
697 selfsig. This is not necessary here as the subkey and
698 binding sig will be rejected later if that is the
700 if (check_key_signature (keyblock,node,NULL))
702 /* Not a match, so undo the changes. */
703 sknode->next = node->next;
710 sknode->flag |= 1; /* Mark it good so we don't need to
724 /* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus
725 direct key signatures. A side effect of this was that a later
726 import of the same good direct key signatures was not possible
727 because the cmp_signature check in merge_blocks considered them
728 equal. Although direct key signatures are now checked during
729 import, there might still be bogus signatures sitting in a keyring.
730 We need to detect and delete them before doing a merge. This
731 function returns the number of removed sigs. */
733 fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid)
739 for (node = keyblock->next; node; node=node->next)
741 if (node->pkt->pkttype == PKT_USER_ID)
743 if (node->pkt->pkttype == PKT_SIGNATURE
744 && IS_KEY_SIG (node->pkt->pkt.signature))
746 err = check_key_signature (keyblock, node, NULL);
747 if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )
749 /* If we don't know the error, we can't decide; this is
750 not a problem because cmp_signature can't compare the
752 log_info ("key %s: invalid direct key signature removed\n",
754 delete_kbnode (node);
765 print_import_ok (PKT_public_key *pk, unsigned int reason)
767 byte array[MAX_FINGERPRINT_LEN], *s;
768 char buf[MAX_FINGERPRINT_LEN*2+30], *p;
771 snprintf (buf, sizeof buf, "%u ", reason);
772 p = buf + strlen (buf);
774 fingerprint_from_pk (pk, array, &n);
776 for (i=0; i < n ; i++, s++, p += 2)
777 sprintf (p, "%02X", *s);
779 write_status_text (STATUS_IMPORT_OK, buf);
784 print_import_check (PKT_public_key * pk, PKT_user_id * id)
792 buf = xmalloc (17+41+id->len+32);
793 keyid_from_pk (pk, keyid);
794 sprintf (buf, "%08X%08X ", keyid[0], keyid[1]);
796 fingerprint_from_pk (pk, fpr, &n);
797 for (i = 0; i < n; i++, pos += 2)
798 sprintf (buf+pos, "%02X", fpr[i]);
800 strcat (buf, id->name);
801 write_status_text (STATUS_IMPORT_CHECK, buf);
807 check_prefs_warning(PKT_public_key *pk)
809 log_info(_("WARNING: key %s contains preferences for unavailable\n"
810 "algorithms on these user IDs:\n"), keystr_from_pk(pk));
815 check_prefs (ctrl_t ctrl, kbnode_t keyblock)
821 merge_keys_and_selfsig(keyblock);
822 pk=keyblock->pkt->pkt.public_key;
824 for(node=keyblock;node;node=node->next)
826 if(node->pkt->pkttype==PKT_USER_ID
827 && node->pkt->pkt.user_id->created
828 && node->pkt->pkt.user_id->prefs)
830 PKT_user_id *uid = node->pkt->pkt.user_id;
831 prefitem_t *prefs = uid->prefs;
832 char *user = utf8_to_native(uid->name,strlen(uid->name),0);
834 for(;prefs->type;prefs++)
836 char num[10]; /* prefs->value is a byte, so we're over
839 sprintf(num,"%u",prefs->value);
841 if(prefs->type==PREFTYPE_SYM)
843 if (openpgp_cipher_test_algo (prefs->value))
846 (openpgp_cipher_test_algo (prefs->value)
848 : openpgp_cipher_algo_name (prefs->value));
850 check_prefs_warning(pk);
851 log_info(_(" \"%s\": preference for cipher"
852 " algorithm %s\n"), user, algo);
856 else if(prefs->type==PREFTYPE_HASH)
858 if(openpgp_md_test_algo(prefs->value))
861 (gcry_md_test_algo (prefs->value)
863 : gcry_md_algo_name (prefs->value));
865 check_prefs_warning(pk);
866 log_info(_(" \"%s\": preference for digest"
867 " algorithm %s\n"), user, algo);
871 else if(prefs->type==PREFTYPE_ZIP)
873 if(check_compress_algo (prefs->value))
875 const char *algo=compress_algo_to_string(prefs->value);
877 check_prefs_warning(pk);
878 log_info(_(" \"%s\": preference for compression"
879 " algorithm %s\n"),user,algo?algo:num);
891 log_info(_("it is strongly suggested that you update"
892 " your preferences and\n"));
893 log_info(_("re-distribute this key to avoid potential algorithm"
894 " mismatch problems\n"));
899 strlist_t locusr = NULL;
901 byte fpr[MAX_FINGERPRINT_LEN], *p;
902 char username[(MAX_FINGERPRINT_LEN*2)+1];
905 p = fingerprint_from_pk (pk,fpr,&fprlen);
906 for(i=0;i<fprlen;i++,p++)
907 sprintf(username+2*i,"%02X",*p);
908 add_to_strlist(&locusr,username);
910 append_to_strlist(&sl,"updpref");
911 append_to_strlist(&sl,"save");
913 keyedit_menu (ctrl, username, locusr, sl, 1, 1 );
915 free_strlist(locusr);
918 log_info(_("you can update your preferences with:"
919 " gpg --edit-key %s updpref save\n"),keystr_from_pk(pk));
925 * Try to import one keyblock. Return an error only in serious cases,
926 * but never for an invalid keyblock. It uses log_error to increase
927 * the internal errorcount, so that invalid input can be detected by
928 * programs which called gpg. If SILENT is no messages are printed -
929 * even most error messages are suppressed.
932 import_one (ctrl_t ctrl,
933 const char *fname, kbnode_t keyblock, struct import_stats_s *stats,
934 unsigned char **fpr, size_t *fpr_len, unsigned int options,
935 int from_sk, int silent,
936 import_screener_t screener, void *screener_arg)
939 PKT_public_key *pk_orig;
940 kbnode_t node, uidnode;
941 kbnode_t keyblock_orig = NULL;
942 byte fpr2[MAX_FINGERPRINT_LEN];
951 char pkstrbuf[PUBKEY_STRING_SIZE];
953 /* Get the key and print some info about it. */
954 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
958 pk = node->pkt->pkt.public_key;
960 fingerprint_from_pk (pk, fpr2, &fpr2len);
961 for (an = fpr2len; an < MAX_FINGERPRINT_LEN; an++)
963 keyid_from_pk( pk, keyid );
964 uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
966 if (opt.verbose && !opt.interactive && !silent)
968 log_info( "pub %s/%s %s ",
969 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
970 keystr_from_pk(pk), datestr_from_pk(pk) );
972 print_utf8_buffer (log_get_stream (),
973 uidnode->pkt->pkt.user_id->name,
974 uidnode->pkt->pkt.user_id->len );
982 log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
986 if (screener && screener (keyblock, screener_arg))
988 log_error (_("key %s: %s\n"), keystr_from_pk (pk),
989 _("rejected by import screener"));
993 if (opt.interactive && !silent)
995 if (is_status_enabled())
996 print_import_check (pk, uidnode->pkt->pkt.user_id);
997 merge_keys_and_selfsig (keyblock);
999 show_basic_key_info (keyblock);
1001 if (!cpr_get_answer_is_yes ("import.okay",
1002 "Do you want to import this key? (y/N) "))
1006 collapse_uids(&keyblock);
1008 /* Clean the key that we're about to import, to cut down on things
1009 that we have to clean later. This has no practical impact on the
1010 end result, but does result in less logging which might confuse
1012 if (options&IMPORT_CLEAN)
1013 clean_key (keyblock,opt.verbose,options&IMPORT_MINIMAL,NULL,NULL);
1015 clear_kbnode_flags( keyblock );
1017 if ((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
1019 log_info (_("key %s: PKS subkey corruption repaired\n"),
1020 keystr_from_pk(pk));
1022 rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
1024 return rc== -1? 0:rc;
1026 /* If we allow such a thing, mark unsigned uids as valid */
1027 if (opt.allow_non_selfsigned_uid)
1029 for (node=keyblock; node; node = node->next )
1030 if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) )
1032 char *user=utf8_to_native(node->pkt->pkt.user_id->name,
1033 node->pkt->pkt.user_id->len,0);
1035 log_info( _("key %s: accepted non self-signed user ID \"%s\"\n"),
1036 keystr_from_pk(pk),user);
1041 if (!delete_inv_parts( fname, keyblock, keyid, options ) )
1045 log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
1047 log_info(_("this may be caused by a missing self-signature\n"));
1049 stats->no_user_id++;
1053 /* Do we have this key already in one of our pubrings ? */
1054 pk_orig = xmalloc_clear( sizeof *pk_orig );
1055 rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len);
1056 if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
1057 && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY )
1060 log_error (_("key %s: public key not found: %s\n"),
1061 keystr(keyid), gpg_strerror (rc));
1063 else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
1065 if (opt.verbose && !silent )
1066 log_info( _("key %s: new key - skipped\n"), keystr(keyid));
1068 stats->skipped_new_keys++;
1070 else if (rc ) /* Insert this key. */
1076 return gpg_error_from_syserror ();
1078 rc = keydb_locate_writable (hd);
1081 log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc));
1083 return GPG_ERR_GENERAL;
1085 if (opt.verbose > 1 )
1086 log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) );
1088 rc = keydb_insert_keyblock (hd, keyblock );
1090 log_error (_("error writing keyring '%s': %s\n"),
1091 keydb_get_resource_name (hd), gpg_strerror (rc));
1092 else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
1094 /* This should not be possible since we delete the
1095 ownertrust when a key is deleted, but it can happen if
1096 the keyring and trustdb are out of sync. It can also
1097 be made to happen with the trusted-key command and by
1098 importing and locally exported key. */
1100 clear_ownertrusts (pk);
1102 revalidation_mark ();
1107 if (!opt.quiet && !silent)
1109 char *p = get_user_id_byfpr_native (fpr2);
1110 log_info (_("key %s: public key \"%s\" imported\n"),
1114 if (is_status_enabled())
1116 char *us = get_long_user_id_string( keyid );
1117 write_status_text( STATUS_IMPORTED, us );
1119 print_import_ok (pk, 1);
1127 int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned;
1129 /* Compare the original against the new key; just to be sure nothing
1130 * weird is going on */
1131 if (cmp_public_keys( pk_orig, pk ) )
1134 log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
1138 /* Now read the original keyblock again so that we can use
1139 that handle for updating the keyblock. */
1143 rc = gpg_error_from_syserror ();
1146 keydb_disable_caching (hd);
1147 rc = keydb_search_fpr (hd, fpr2);
1150 log_error (_("key %s: can't locate original keyblock: %s\n"),
1151 keystr(keyid), gpg_strerror (rc));
1155 rc = keydb_get_keyblock (hd, &keyblock_orig);
1158 log_error (_("key %s: can't read original keyblock: %s\n"),
1159 keystr(keyid), gpg_strerror (rc));
1164 /* Make sure the original direct key sigs are all sane. */
1165 n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
1167 commit_kbnode (&keyblock_orig);
1169 /* and try to merge the block */
1170 clear_kbnode_flags( keyblock_orig );
1171 clear_kbnode_flags( keyblock );
1172 n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
1173 rc = merge_blocks( fname, keyblock_orig, keyblock,
1174 keyid, &n_uids, &n_sigs, &n_subk );
1181 if ((options & IMPORT_CLEAN))
1182 clean_key (keyblock_orig,opt.verbose,options&IMPORT_MINIMAL,
1183 &n_uids_cleaned,&n_sigs_cleaned);
1185 if (n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned)
1188 /* KEYBLOCK_ORIG has been updated; write */
1189 rc = keydb_update_keyblock (hd, keyblock_orig);
1191 log_error (_("error writing keyring '%s': %s\n"),
1192 keydb_get_resource_name (hd), gpg_strerror (rc) );
1194 revalidation_mark ();
1197 if (!opt.quiet && !silent)
1199 char *p = get_user_id_byfpr_native (fpr2);
1201 log_info( _("key %s: \"%s\" 1 new user ID\n"),
1204 log_info( _("key %s: \"%s\" %d new user IDs\n"),
1205 keystr(keyid),p,n_uids);
1207 log_info( _("key %s: \"%s\" 1 new signature\n"),
1210 log_info( _("key %s: \"%s\" %d new signatures\n"),
1211 keystr(keyid), p, n_sigs );
1213 log_info( _("key %s: \"%s\" 1 new subkey\n"),
1216 log_info( _("key %s: \"%s\" %d new subkeys\n"),
1217 keystr(keyid), p, n_subk );
1218 if (n_sigs_cleaned==1)
1219 log_info(_("key %s: \"%s\" %d signature cleaned\n"),
1220 keystr(keyid),p,n_sigs_cleaned);
1221 else if (n_sigs_cleaned)
1222 log_info(_("key %s: \"%s\" %d signatures cleaned\n"),
1223 keystr(keyid),p,n_sigs_cleaned);
1224 if (n_uids_cleaned==1)
1225 log_info(_("key %s: \"%s\" %d user ID cleaned\n"),
1226 keystr(keyid),p,n_uids_cleaned);
1227 else if (n_uids_cleaned)
1228 log_info(_("key %s: \"%s\" %d user IDs cleaned\n"),
1229 keystr(keyid),p,n_uids_cleaned);
1233 stats->n_uids +=n_uids;
1234 stats->n_sigs +=n_sigs;
1235 stats->n_subk +=n_subk;
1236 stats->n_sigs_cleaned +=n_sigs_cleaned;
1237 stats->n_uids_cleaned +=n_uids_cleaned;
1239 if (is_status_enabled () && !silent)
1240 print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1245 if (is_status_enabled ())
1246 print_import_ok (pk, 0);
1248 if (!opt.quiet && !silent)
1250 char *p = get_user_id_byfpr_native (fpr2);
1251 log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
1258 keydb_release (hd); hd = NULL;
1262 if (mod_key || new_key || same_key)
1264 /* A little explanation for this: we fill in the fingerprint
1265 when importing keys as it can be useful to know the
1266 fingerprint in certain keyserver-related cases (a keyserver
1267 asked for a particular name, but the key doesn't have that
1268 name). However, in cases where we're importing more than
1269 one key at a time, we cannot know which key to fingerprint.
1270 In these cases, rather than guessing, we do not
1271 fingerprinting at all, and we must hope the user ID on the
1272 keys are useful. Note that we need to do this for new
1273 keys, merged keys and even for unchanged keys. This is
1274 required because for example the --auto-key-locate feature
1275 may import an already imported key and needs to know the
1276 fingerprint of the key in all cases. */
1280 /* Note that we need to compare against 0 here because
1281 COUNT gets only incremented after returning from this
1284 *fpr = fingerprint_from_pk (pk, NULL, fpr_len);
1290 /* Now that the key is definitely incorporated into the keydb, we
1291 need to check if a designated revocation is present or if the
1292 prefs are not rational so we can warn the user. */
1296 revocation_present (ctrl, keyblock_orig);
1297 if (!from_sk && have_secret_key_with_kid (keyid))
1298 check_prefs (ctrl, keyblock_orig);
1302 revocation_present (ctrl, keyblock);
1303 if (!from_sk && have_secret_key_with_kid (keyid))
1304 check_prefs (ctrl, keyblock);
1307 release_kbnode( keyblock_orig );
1308 free_public_key( pk_orig );
1314 /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The
1315 function prints diagnostics and returns an error code. If BATCH is
1316 true the secret keys are stored by gpg-agent in the transfer format
1317 (i.e. no re-protection and aksing for passphrases). */
1319 transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
1320 kbnode_t sec_keyblock, int batch, int force)
1322 gpg_error_t err = 0;
1325 kbnode_t ctx = NULL;
1327 PKT_public_key *main_pk, *pk;
1328 struct seckey_info *ski;
1332 void *format_args[2*PUBKEY_MAX_NSKEY];
1333 gcry_sexp_t skey, prot, tmpsexp;
1334 gcry_sexp_t curve = NULL;
1335 unsigned char *transferkey = NULL;
1336 size_t transferkeylen;
1337 gcry_cipher_hd_t cipherhd = NULL;
1338 unsigned char *wrappedkey = NULL;
1339 size_t wrappedkeylen;
1340 char *cache_nonce = NULL;
1341 int stub_key_skipped = 0;
1343 /* Get the current KEK. */
1344 err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
1347 log_error ("error getting the KEK: %s\n", gpg_strerror (err));
1351 /* Prepare a cipher context. */
1352 err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
1353 GCRY_CIPHER_MODE_AESWRAP, 0);
1355 err = gcry_cipher_setkey (cipherhd, kek, keklen);
1362 while ((node = walk_kbnode (sec_keyblock, &ctx, 0)))
1364 if (node->pkt->pkttype != PKT_SECRET_KEY
1365 && node->pkt->pkttype != PKT_SECRET_SUBKEY)
1367 pk = node->pkt->pkt.public_key;
1371 /* Make sure the keyids are available. */
1372 keyid_from_pk (pk, NULL);
1373 if (node->pkt->pkttype == PKT_SECRET_KEY)
1375 pk->main_keyid[0] = pk->keyid[0];
1376 pk->main_keyid[1] = pk->keyid[1];
1380 pk->main_keyid[0] = main_pk->keyid[0];
1381 pk->main_keyid[1] = main_pk->keyid[1];
1385 ski = pk->seckey_info;
1392 stats->secret_read++;
1395 /* We ignore stub keys. The way we handle them in other parts
1396 of the code is by asking the agent whether any secret key is
1397 available for a given keyblock and then concluding that we
1398 have a secret key; all secret (sub)keys of the keyblock the
1399 agent does not know of are then stub keys. This works also
1400 for card stub keys. The learn command or the card-status
1401 command may be used to check with the agent whether a card
1402 has been inserted and a stub key is in turn generated by the
1404 if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
1406 stub_key_skipped = 1;
1410 /* Convert our internal secret key object into an S-expression. */
1411 nskey = pubkey_get_nskey (pk->pubkey_algo);
1412 if (!nskey || nskey > PUBKEY_MAX_NSKEY)
1414 err = gpg_error (GPG_ERR_BAD_SECKEY);
1415 log_error ("internal error: %s\n", gpg_strerror (err));
1419 init_membuf (&mbuf, 50);
1420 put_membuf_str (&mbuf, "(skey");
1421 if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1422 || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1423 || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1426 char *curvestr = openpgp_oid_to_str (pk->pkey[0]);
1428 err = gpg_error_from_syserror ();
1431 const char *curvename = openpgp_oid_to_curve (curvestr, 1);
1432 err = gcry_sexp_build (&curve, NULL, "(curve %s)",
1433 curvename?curvename:curvestr);
1438 /* Append the public key element Q. */
1439 put_membuf_str (&mbuf, " _ %m");
1440 format_args[j++] = pk->pkey + 1;
1442 /* Append the secret key element D. For ECDH we
1443 skip PKEY[2] because this holds the KEK which is
1444 not needed by gpg-agent. */
1445 i = pk->pubkey_algo == PUBKEY_ALGO_ECDH? 3 : 2;
1446 if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1447 put_membuf_str (&mbuf, " e %m");
1449 put_membuf_str (&mbuf, " _ %m");
1450 format_args[j++] = pk->pkey + i;
1456 /* Standard case for the old (non-ECC) algorithms. */
1457 for (i=j=0; i < nskey; i++)
1460 continue; /* Protected keys only have NPKEY+1 elements. */
1462 if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1463 put_membuf_str (&mbuf, " e %m");
1465 put_membuf_str (&mbuf, " _ %m");
1466 format_args[j++] = pk->pkey + i;
1469 put_membuf_str (&mbuf, ")");
1470 put_membuf (&mbuf, "", 1);
1472 xfree (get_membuf (&mbuf, NULL));
1475 char *format = get_membuf (&mbuf, NULL);
1477 err = gpg_error_from_syserror ();
1479 err = gcry_sexp_build_array (&skey, NULL, format, format_args);
1484 log_error ("error building skey array: %s\n", gpg_strerror (err));
1488 if (ski->is_protected)
1492 /* Note that the IVLEN may be zero if we are working on a
1493 dummy key. We can't express that in an S-expression and
1494 thus we send dummy data for the IV. */
1495 snprintf (countbuf, sizeof countbuf, "%lu",
1496 (unsigned long)ski->s2k.count);
1497 err = gcry_sexp_build
1499 " (protection %s %s %b %d %s %b %s)\n",
1500 ski->sha1chk? "sha1":"sum",
1501 openpgp_cipher_algo_name (ski->algo),
1502 ski->ivlen? (int)ski->ivlen:1,
1503 ski->ivlen? ski->iv: (const unsigned char*)"X",
1505 openpgp_md_algo_name (ski->s2k.hash_algo),
1506 (int)sizeof (ski->s2k.salt), ski->s2k.salt,
1510 err = gcry_sexp_build (&prot, NULL, " (protection none)\n");
1513 xfree (transferkey);
1516 err = gcry_sexp_build (&tmpsexp, NULL,
1517 "(openpgp-private-key\n"
1524 openpgp_pk_algo_name (pk->pubkey_algo),
1526 (int)(unsigned long)ski->csum, prot);
1527 gcry_sexp_release (skey);
1528 gcry_sexp_release (prot);
1530 err = make_canon_sexp_pad (tmpsexp, 1, &transferkey, &transferkeylen);
1531 gcry_sexp_release (tmpsexp);
1534 log_error ("error building transfer key: %s\n", gpg_strerror (err));
1539 wrappedkeylen = transferkeylen + 8;
1541 wrappedkey = xtrymalloc (wrappedkeylen);
1543 err = gpg_error_from_syserror ();
1545 err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen,
1546 transferkey, transferkeylen);
1549 xfree (transferkey);
1552 /* Send the wrapped key to the agent. */
1554 char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1);
1555 err = agent_import_key (ctrl, desc, &cache_nonce,
1556 wrappedkey, wrappedkeylen, batch, force);
1562 log_info (_("key %s: secret key imported\n"),
1563 keystr_from_pk_with_sub (main_pk, pk));
1565 stats->secret_imported++;
1567 else if ( gpg_err_code (err) == GPG_ERR_EEXIST )
1570 log_info (_("key %s: secret key already exists\n"),
1571 keystr_from_pk_with_sub (main_pk, pk));
1574 stats->secret_dups++;
1578 log_error (_("key %s: error sending to agent: %s\n"),
1579 keystr_from_pk_with_sub (main_pk, pk),
1580 gpg_strerror (err));
1581 if (gpg_err_code (err) == GPG_ERR_CANCELED
1582 || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1583 break; /* Don't try the other subkeys. */
1587 if (!err && stub_key_skipped)
1588 /* We need to notify user how to migrate stub keys. */
1589 err = gpg_error (GPG_ERR_NOT_PROCESSED);
1592 gcry_sexp_release (curve);
1593 xfree (cache_nonce);
1595 xfree (transferkey);
1596 gcry_cipher_close (cipherhd);
1602 /* Walk a secret keyblock and produce a public keyblock out of it.
1603 Returns a new node or NULL on error. */
1605 sec_to_pub_keyblock (kbnode_t sec_keyblock)
1607 kbnode_t pub_keyblock = NULL;
1608 kbnode_t ctx = NULL;
1609 kbnode_t secnode, pubnode;
1611 while ((secnode = walk_kbnode (sec_keyblock, &ctx, 0)))
1613 if (secnode->pkt->pkttype == PKT_SECRET_KEY
1614 || secnode->pkt->pkttype == PKT_SECRET_SUBKEY)
1616 /* Make a public key. */
1620 pkt = xtrycalloc (1, sizeof *pkt);
1621 pk = pkt? copy_public_key (NULL, secnode->pkt->pkt.public_key): NULL;
1625 release_kbnode (pub_keyblock);
1628 if (secnode->pkt->pkttype == PKT_SECRET_KEY)
1629 pkt->pkttype = PKT_PUBLIC_KEY;
1631 pkt->pkttype = PKT_PUBLIC_SUBKEY;
1632 pkt->pkt.public_key = pk;
1634 pubnode = new_kbnode (pkt);
1638 pubnode = clone_kbnode (secnode);
1642 pub_keyblock = pubnode;
1644 add_kbnode (pub_keyblock, pubnode);
1647 return pub_keyblock;
1651 * Ditto for secret keys. Handling is simpler than for public keys.
1652 * We allow secret key importing only when allow is true, this is so
1653 * that a secret key can not be imported accidentally and thereby tampering
1654 * with the trust calculation.
1657 import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
1658 struct import_stats_s *stats, int batch, unsigned int options,
1660 import_screener_t screener, void *screener_arg)
1663 struct seckey_info *ski;
1664 kbnode_t node, uidnode;
1668 kbnode_t pub_keyblock;
1669 char pkstrbuf[PUBKEY_STRING_SIZE];
1671 /* Get the key and print some info about it */
1672 node = find_kbnode (keyblock, PKT_SECRET_KEY);
1676 pk = node->pkt->pkt.public_key;
1678 keyid_from_pk (pk, keyid);
1679 uidnode = find_next_kbnode (keyblock, PKT_USER_ID);
1681 if (screener && screener (keyblock, screener_arg))
1683 log_error (_("secret key %s: %s\n"), keystr_from_pk (pk),
1684 _("rejected by import screener"));
1688 if (opt.verbose && !for_migration)
1690 log_info ("sec %s/%s %s ",
1691 pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
1692 keystr_from_pk (pk), datestr_from_pk (pk));
1694 print_utf8_buffer (log_get_stream (), uidnode->pkt->pkt.user_id->name,
1695 uidnode->pkt->pkt.user_id->len);
1698 stats->secret_read++;
1700 if ((options & IMPORT_NO_SECKEY))
1703 log_error (_("importing secret keys not allowed\n"));
1710 log_error( _("key %s: no user ID\n"), keystr_from_pk (pk));
1714 ski = pk->seckey_info;
1717 /* Actually an internal error. */
1718 log_error ("key %s: secret key info missing\n", keystr_from_pk (pk));
1722 /* A quick check to not import keys with an invalid protection
1723 cipher algorithm (only checks the primary key, though). */
1724 if (ski->algo > 110)
1727 log_error (_("key %s: secret key with invalid cipher %d"
1728 " - skipped\n"), keystr_from_pk (pk), ski->algo);
1732 #ifdef ENABLE_SELINUX_HACKS
1735 /* We don't allow to import secret keys because that may be used
1736 to put a secret key into the keyring and the user might later
1737 be tricked into signing stuff with that key. */
1738 log_error (_("importing secret keys not allowed\n"));
1743 clear_kbnode_flags (keyblock);
1745 nr_prev = stats->skipped_new_keys;
1747 /* Make a public key out of the key. */
1748 pub_keyblock = sec_to_pub_keyblock (keyblock);
1750 log_error ("key %s: failed to create public key from secret key\n",
1751 keystr_from_pk (pk));
1754 /* Note that this outputs an IMPORT_OK status message for the
1755 public key block, and below we will output another one for
1756 the secret keys. FIXME? */
1757 import_one (ctrl, fname, pub_keyblock, stats,
1758 NULL, NULL, options, 1, for_migration,
1759 screener, screener_arg);
1761 /* Fixme: We should check for an invalid keyblock and
1762 cancel the secret key import in this case. */
1763 release_kbnode (pub_keyblock);
1765 /* At least we cancel the secret key import when the public key
1766 import was skipped due to MERGE_ONLY option and a new
1768 if (stats->skipped_new_keys <= nr_prev)
1770 /* Read the keyblock again to get the effects of a merge. */
1771 /* Fixme: we should do this based on the fingerprint or
1772 even better let import_one return the merged
1774 node = get_pubkeyblock (keyid);
1776 log_error ("key %s: failed to re-lookup public key\n",
1777 keystr_from_pk (pk));
1782 nr_prev = stats->secret_imported;
1783 err = transfer_secret_keys (ctrl, stats, keyblock, batch, 0);
1784 if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
1786 /* TRANSLATORS: For smartcard, each private key on
1787 host has a reference (stub) to a smartcard and
1788 actual private key data is stored on the card. A
1789 single smartcard can have up to three private key
1790 data. Importing private key stub is always
1791 skipped in 2.1, and it returns
1792 GPG_ERR_NOT_PROCESSED. Instead, user should be
1793 suggested to run 'gpg --card-status', then,
1794 references to a card will be automatically
1796 log_info (_("To migrate '%s', with each smartcard, "
1797 "run: %s\n"), "secring.gpg", "gpg --card-status");
1804 log_info (_("key %s: secret key imported\n"),
1805 keystr_from_pk (pk));
1806 if (stats->secret_imported > nr_prev)
1808 if (is_status_enabled ())
1809 print_import_ok (pk, status);
1810 check_prefs (ctrl, node);
1812 release_kbnode (node);
1822 * Import a revocation certificate; this is a single signature packet.
1825 import_revoke_cert (const char *fname, kbnode_t node,
1826 struct import_stats_s *stats)
1828 PKT_public_key *pk = NULL;
1830 kbnode_t keyblock = NULL;
1831 KEYDB_HANDLE hd = NULL;
1837 log_assert (!node->next );
1838 log_assert (node->pkt->pkttype == PKT_SIGNATURE );
1839 log_assert (node->pkt->pkt.signature->sig_class == 0x20 );
1841 keyid[0] = node->pkt->pkt.signature->keyid[0];
1842 keyid[1] = node->pkt->pkt.signature->keyid[1];
1844 pk = xmalloc_clear( sizeof *pk );
1845 rc = get_pubkey( pk, keyid );
1846 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY )
1848 log_error(_("key %s: no public key -"
1849 " can't apply revocation certificate\n"), keystr(keyid));
1855 log_error(_("key %s: public key not found: %s\n"),
1856 keystr(keyid), gpg_strerror (rc));
1860 /* Read the original keyblock. */
1864 rc = gpg_error_from_syserror ();
1869 byte afp[MAX_FINGERPRINT_LEN];
1872 fingerprint_from_pk (pk, afp, &an);
1873 while (an < MAX_FINGERPRINT_LEN)
1875 rc = keydb_search_fpr (hd, afp);
1879 log_error (_("key %s: can't locate original keyblock: %s\n"),
1880 keystr(keyid), gpg_strerror (rc));
1883 rc = keydb_get_keyblock (hd, &keyblock );
1886 log_error (_("key %s: can't read original keyblock: %s\n"),
1887 keystr(keyid), gpg_strerror (rc));
1891 /* it is okay, that node is not in keyblock because
1892 * check_key_signature works fine for sig_class 0x20 in this
1894 rc = check_key_signature( keyblock, node, NULL);
1897 log_error( _("key %s: invalid revocation certificate"
1898 ": %s - rejected\n"), keystr(keyid), gpg_strerror (rc));
1902 /* check whether we already have this */
1903 for(onode=keyblock->next; onode; onode=onode->next ) {
1904 if (onode->pkt->pkttype == PKT_USER_ID )
1906 else if (onode->pkt->pkttype == PKT_SIGNATURE
1907 && !cmp_signatures(node->pkt->pkt.signature,
1908 onode->pkt->pkt.signature))
1911 goto leave; /* yes, we already know about it */
1916 insert_kbnode( keyblock, clone_kbnode(node), 0 );
1918 /* and write the keyblock back */
1919 rc = keydb_update_keyblock (hd, keyblock );
1921 log_error (_("error writing keyring '%s': %s\n"),
1922 keydb_get_resource_name (hd), gpg_strerror (rc) );
1929 char *p=get_user_id_native (keyid);
1930 log_info( _("key %s: \"%s\" revocation certificate imported\n"),
1936 /* If the key we just revoked was ultimately trusted, remove its
1937 ultimate trust. This doesn't stop the user from putting the
1938 ultimate trust back, but is a reasonable solution for now. */
1939 if(get_ownertrust(pk)==TRUST_ULTIMATE)
1940 clear_ownertrusts(pk);
1942 revalidation_mark ();
1946 release_kbnode( keyblock );
1947 free_public_key( pk );
1953 * Loop over the keyblock and check all self signatures.
1954 * Mark all user-ids with a self-signature by setting flag bit 0.
1955 * Mark all user-ids with an invalid self-signature by setting bit 1.
1956 * This works also for subkeys, here the subkey is marked. Invalid or
1957 * extra subkey sigs (binding or revocation) are marked for deletion.
1958 * non_self is set to true if there are any sigs other than self-sigs
1962 chk_self_sigs (const char *fname, kbnode_t keyblock,
1963 PKT_public_key *pk, u32 *keyid, int *non_self )
1965 kbnode_t n, knode = NULL;
1968 u32 bsdate=0, rsdate=0;
1969 kbnode_t bsnode = NULL, rsnode = NULL;
1974 for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1976 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1986 if ( n->pkt->pkttype != PKT_SIGNATURE )
1989 sig = n->pkt->pkt.signature;
1990 if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
1996 /* This just caches the sigs for later use. That way we
1997 import a fully-cached key which speeds things up. */
1998 if (!opt.no_sig_cache)
1999 check_key_signature (keyblock, n, NULL);
2001 if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
2003 kbnode_t unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
2006 log_error( _("key %s: no user ID for signature\n"),
2008 return -1; /* The complete keyblock is invalid. */
2011 /* If it hasn't been marked valid yet, keep trying. */
2012 if (!(unode->flag&1))
2014 rc = check_key_signature (keyblock, n, NULL);
2019 char *p = utf8_to_native
2020 (unode->pkt->pkt.user_id->name,
2021 strlen (unode->pkt->pkt.user_id->name),0);
2022 log_info (gpg_err_code(rc) == GPG_ERR_PUBKEY_ALGO ?
2023 _("key %s: unsupported public key "
2024 "algorithm on user ID \"%s\"\n"):
2025 _("key %s: invalid self-signature "
2026 "on user ID \"%s\"\n"),
2032 unode->flag |= 1; /* Mark that signature checked. */
2035 else if (IS_KEY_SIG (sig))
2037 rc = check_key_signature (keyblock, n, NULL);
2041 log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2042 _("key %s: unsupported public key algorithm\n"):
2043 _("key %s: invalid direct key signature\n"),
2048 else if ( IS_SUBKEY_SIG (sig) )
2050 /* Note that this works based solely on the timestamps like
2051 the rest of gpg. If the standard gets revocation
2052 targets, this may need to be revised. */
2057 log_info (_("key %s: no subkey for key binding\n"),
2059 n->flag |= 4; /* delete this */
2063 rc = check_key_signature (keyblock, n, NULL);
2067 log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2068 _("key %s: unsupported public key"
2070 _("key %s: invalid subkey binding\n"),
2076 /* It's valid, so is it newer? */
2077 if (sig->timestamp >= bsdate)
2079 knode->flag |= 1; /* The subkey is valid. */
2082 /* Delete the last binding sig since this
2086 log_info (_("key %s: removed multiple subkey"
2087 " binding\n"),keystr(keyid));
2091 bsdate = sig->timestamp;
2094 n->flag |= 4; /* older */
2098 else if ( IS_SUBKEY_REV (sig) )
2100 /* We don't actually mark the subkey as revoked right now,
2101 so just check that the revocation sig is the most recent
2102 valid one. Note that we don't care if the binding sig is
2103 newer than the revocation sig. See the comment in
2104 getkey.c:merge_selfsigs_subkey for more. */
2108 log_info (_("key %s: no subkey for key revocation\n"),
2110 n->flag |= 4; /* delete this */
2114 rc = check_key_signature (keyblock, n, NULL);
2118 log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2119 _("key %s: unsupported public"
2120 " key algorithm\n"):
2121 _("key %s: invalid subkey revocation\n"),
2127 /* It's valid, so is it newer? */
2128 if (sig->timestamp >= rsdate)
2132 /* Delete the last revocation sig since
2133 this one is newer. */
2136 log_info (_("key %s: removed multiple subkey"
2137 " revocation\n"),keystr(keyid));
2141 rsdate = sig->timestamp;
2144 n->flag |= 4; /* older */
2155 * delete all parts which are invalid and those signatures whose
2156 * public key algorithm is not available in this implemenation;
2157 * but consider RSA as valid, because parse/build_packets knows
2159 * returns: true if at least one valid user-id is left over.
2162 delete_inv_parts( const char *fname, kbnode_t keyblock,
2163 u32 *keyid, unsigned int options)
2166 int nvalid=0, uid_seen=0, subkey_seen=0;
2170 for (node=keyblock->next; node; node = node->next )
2172 if (node->pkt->pkttype == PKT_USER_ID)
2175 if ((node->flag & 2) || !(node->flag & 1) )
2179 char *p=utf8_to_native(node->pkt->pkt.user_id->name,
2180 node->pkt->pkt.user_id->len,0);
2181 log_info( _("key %s: skipped user ID \"%s\"\n"),
2185 delete_kbnode( node ); /* the user-id */
2186 /* and all following packets up to the next user-id */
2188 && node->next->pkt->pkttype != PKT_USER_ID
2189 && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
2190 && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
2191 delete_kbnode( node->next );
2198 else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2199 || node->pkt->pkttype == PKT_SECRET_SUBKEY )
2201 if ((node->flag & 2) || !(node->flag & 1) )
2204 log_info( _("key %s: skipped subkey\n"),keystr(keyid));
2206 delete_kbnode( node ); /* the subkey */
2207 /* and all following signature packets */
2209 && node->next->pkt->pkttype == PKT_SIGNATURE ) {
2210 delete_kbnode( node->next );
2217 else if (node->pkt->pkttype == PKT_SIGNATURE
2218 && openpgp_pk_test_algo (node->pkt->pkt.signature->pubkey_algo)
2219 && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
2221 delete_kbnode( node ); /* build_packet() can't handle this */
2223 else if (node->pkt->pkttype == PKT_SIGNATURE
2224 && !node->pkt->pkt.signature->flags.exportable
2225 && !(options&IMPORT_LOCAL_SIGS)
2226 && !have_secret_key_with_kid (node->pkt->pkt.signature->keyid))
2228 /* here we violate the rfc a bit by still allowing
2229 * to import non-exportable signature when we have the
2230 * the secret key used to create this signature - it
2231 * seems that this makes sense */
2233 log_info( _("key %s: non exportable signature"
2234 " (class 0x%02X) - skipped\n"),
2235 keystr(keyid), node->pkt->pkt.signature->sig_class );
2236 delete_kbnode( node );
2238 else if (node->pkt->pkttype == PKT_SIGNATURE
2239 && node->pkt->pkt.signature->sig_class == 0x20)
2244 log_info( _("key %s: revocation certificate"
2245 " at wrong place - skipped\n"),keystr(keyid));
2246 delete_kbnode( node );
2250 /* If the revocation cert is from a different key than
2251 the one we're working on don't check it - it's
2252 probably from a revocation key and won't be
2253 verifiable with this key anyway. */
2255 if(node->pkt->pkt.signature->keyid[0]==keyid[0]
2256 && node->pkt->pkt.signature->keyid[1]==keyid[1])
2258 int rc = check_key_signature( keyblock, node, NULL);
2262 log_info( _("key %s: invalid revocation"
2263 " certificate: %s - skipped\n"),
2264 keystr(keyid), gpg_strerror (rc));
2265 delete_kbnode( node );
2270 else if (node->pkt->pkttype == PKT_SIGNATURE
2271 && (node->pkt->pkt.signature->sig_class == 0x18
2272 || node->pkt->pkt.signature->sig_class == 0x28)
2276 log_info( _("key %s: subkey signature"
2277 " in wrong place - skipped\n"), keystr(keyid));
2278 delete_kbnode( node );
2280 else if (node->pkt->pkttype == PKT_SIGNATURE
2281 && !IS_CERT(node->pkt->pkt.signature))
2284 log_info(_("key %s: unexpected signature class (0x%02X) -"
2285 " skipped\n"),keystr(keyid),
2286 node->pkt->pkt.signature->sig_class);
2287 delete_kbnode(node);
2289 else if ((node->flag & 4) ) /* marked for deletion */
2290 delete_kbnode( node );
2293 /* note: because keyblock is the public key, it is never marked
2294 * for deletion and so keyblock cannot change */
2295 commit_kbnode( &keyblock );
2301 * It may happen that the imported keyblock has duplicated user IDs.
2302 * We check this here and collapse those user IDs together with their
2304 * Returns: True if the keyblock has changed.
2307 collapse_uids( kbnode_t *keyblock )
2312 for(uid1=*keyblock;uid1;uid1=uid1->next)
2316 if(is_deleted_kbnode(uid1))
2319 if(uid1->pkt->pkttype!=PKT_USER_ID)
2322 for(uid2=uid1->next;uid2;uid2=uid2->next)
2324 if(is_deleted_kbnode(uid2))
2327 if(uid2->pkt->pkttype!=PKT_USER_ID)
2330 if(cmp_user_ids(uid1->pkt->pkt.user_id,
2331 uid2->pkt->pkt.user_id)==0)
2333 /* We have a duplicated uid */
2338 /* Now take uid2's signatures, and attach them to
2340 for(last=uid2;last->next;last=last->next)
2342 if(is_deleted_kbnode(last))
2345 if(last->next->pkt->pkttype==PKT_USER_ID
2346 || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
2347 || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
2352 (find_prev_kbnode(*keyblock,uid2,0))->next=last->next;
2354 /* Now put uid2 in place as part of uid1 */
2355 last->next=uid1->next;
2357 delete_kbnode(uid2);
2359 /* Now dedupe uid1 */
2360 for(sig1=uid1->next;sig1;sig1=sig1->next)
2364 if(is_deleted_kbnode(sig1))
2367 if(sig1->pkt->pkttype==PKT_USER_ID
2368 || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
2369 || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
2372 if(sig1->pkt->pkttype!=PKT_SIGNATURE)
2375 for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
2377 if(is_deleted_kbnode(sig2))
2380 if(sig2->pkt->pkttype==PKT_USER_ID
2381 || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
2382 || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
2385 if(sig2->pkt->pkttype!=PKT_SIGNATURE)
2388 if(cmp_signatures(sig1->pkt->pkt.signature,
2389 sig2->pkt->pkt.signature)==0)
2391 /* We have a match, so delete the second
2393 delete_kbnode(sig2);
2402 commit_kbnode(keyblock);
2404 if(any && !opt.quiet)
2406 const char *key="???";
2408 if ((uid1 = find_kbnode (*keyblock, PKT_PUBLIC_KEY)) )
2409 key = keystr_from_pk (uid1->pkt->pkt.public_key);
2410 else if ((uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY)) )
2411 key = keystr_from_pk (uid1->pkt->pkt.public_key);
2413 log_info (_("key %s: duplicated user ID detected - merged\n"), key);
2420 /* Check for a 0x20 revocation from a revocation key that is not
2421 present. This may be called without the benefit of merge_xxxx so
2422 you can't rely on pk->revkey and friends. */
2424 revocation_present (ctrl_t ctrl, kbnode_t keyblock)
2426 kbnode_t onode, inode;
2427 PKT_public_key *pk = keyblock->pkt->pkt.public_key;
2429 for(onode=keyblock->next;onode;onode=onode->next)
2431 /* If we reach user IDs, we're done. */
2432 if(onode->pkt->pkttype==PKT_USER_ID)
2435 if(onode->pkt->pkttype==PKT_SIGNATURE &&
2436 onode->pkt->pkt.signature->sig_class==0x1F &&
2437 onode->pkt->pkt.signature->revkey)
2440 PKT_signature *sig=onode->pkt->pkt.signature;
2442 for(idx=0;idx<sig->numrevkeys;idx++)
2446 keyid_from_fingerprint(sig->revkey[idx].fpr,
2447 MAX_FINGERPRINT_LEN,keyid);
2449 for(inode=keyblock->next;inode;inode=inode->next)
2451 /* If we reach user IDs, we're done. */
2452 if(inode->pkt->pkttype==PKT_USER_ID)
2455 if(inode->pkt->pkttype==PKT_SIGNATURE &&
2456 inode->pkt->pkt.signature->sig_class==0x20 &&
2457 inode->pkt->pkt.signature->keyid[0]==keyid[0] &&
2458 inode->pkt->pkt.signature->keyid[1]==keyid[1])
2460 /* Okay, we have a revocation key, and a
2461 revocation issued by it. Do we have the key
2465 rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr,
2466 MAX_FINGERPRINT_LEN);
2467 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2468 || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2470 char *tempkeystr=xstrdup(keystr_from_pk(pk));
2472 /* No, so try and get it */
2473 if ((opt.keyserver_options.options
2474 & KEYSERVER_AUTO_KEY_RETRIEVE)
2475 && keyserver_any_configured (ctrl))
2477 log_info(_("WARNING: key %s may be revoked:"
2478 " fetching revocation key %s\n"),
2479 tempkeystr,keystr(keyid));
2480 keyserver_import_fprint (ctrl,
2481 sig->revkey[idx].fpr,
2482 MAX_FINGERPRINT_LEN,
2485 /* Do we have it now? */
2486 rc=get_pubkey_byfprint_fast (NULL,
2487 sig->revkey[idx].fpr,
2488 MAX_FINGERPRINT_LEN);
2491 if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2492 || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2493 log_info(_("WARNING: key %s may be revoked:"
2494 " revocation key %s not present.\n"),
2495 tempkeystr,keystr(keyid));
2508 * compare and merge the blocks
2510 * o compare the signatures: If we already have this signature, check
2511 * that they compare okay; if not, issue a warning and ask the user.
2512 * o Simply add the signature. Can't verify here because we may not have
2513 * the signature's public key yet; verification is done when putting it
2514 * into the trustdb, which is done automagically as soon as this pubkey
2516 * Note: We indicate newly inserted packets with flag bit 0
2519 merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock,
2520 u32 *keyid, int *n_uids, int *n_sigs, int *n_subk )
2522 kbnode_t onode, node;
2525 /* 1st: handle revocation certificates */
2526 for (node=keyblock->next; node; node=node->next )
2528 if (node->pkt->pkttype == PKT_USER_ID )
2530 else if (node->pkt->pkttype == PKT_SIGNATURE
2531 && node->pkt->pkt.signature->sig_class == 0x20)
2533 /* check whether we already have this */
2535 for (onode=keyblock_orig->next; onode; onode=onode->next)
2537 if (onode->pkt->pkttype == PKT_USER_ID )
2539 else if (onode->pkt->pkttype == PKT_SIGNATURE
2540 && onode->pkt->pkt.signature->sig_class == 0x20
2541 && !cmp_signatures(onode->pkt->pkt.signature,
2542 node->pkt->pkt.signature))
2550 kbnode_t n2 = clone_kbnode(node);
2551 insert_kbnode( keyblock_orig, n2, 0 );
2556 char *p=get_user_id_native (keyid);
2557 log_info(_("key %s: \"%s\" revocation"
2558 " certificate added\n"), keystr(keyid),p);
2565 /* 2nd: merge in any direct key (0x1F) sigs */
2566 for(node=keyblock->next; node; node=node->next)
2568 if (node->pkt->pkttype == PKT_USER_ID )
2570 else if (node->pkt->pkttype == PKT_SIGNATURE
2571 && node->pkt->pkt.signature->sig_class == 0x1F)
2573 /* check whether we already have this */
2575 for (onode=keyblock_orig->next; onode; onode=onode->next)
2577 if (onode->pkt->pkttype == PKT_USER_ID)
2579 else if (onode->pkt->pkttype == PKT_SIGNATURE
2580 && onode->pkt->pkt.signature->sig_class == 0x1F
2581 && !cmp_signatures(onode->pkt->pkt.signature,
2582 node->pkt->pkt.signature))
2590 kbnode_t n2 = clone_kbnode(node);
2591 insert_kbnode( keyblock_orig, n2, 0 );
2595 log_info( _("key %s: direct key signature added\n"),
2601 /* 3rd: try to merge new certificates in */
2602 for (onode=keyblock_orig->next; onode; onode=onode->next)
2604 if (!(onode->flag & 1) && onode->pkt->pkttype == PKT_USER_ID)
2606 /* find the user id in the imported keyblock */
2607 for (node=keyblock->next; node; node=node->next)
2608 if (node->pkt->pkttype == PKT_USER_ID
2609 && !cmp_user_ids( onode->pkt->pkt.user_id,
2610 node->pkt->pkt.user_id ) )
2612 if (node ) /* found: merge */
2614 rc = merge_sigs( onode, node, n_sigs, fname, keyid );
2621 /* 4th: add new user-ids */
2622 for (node=keyblock->next; node; node=node->next)
2624 if (node->pkt->pkttype == PKT_USER_ID)
2626 /* do we have this in the original keyblock */
2627 for (onode=keyblock_orig->next; onode; onode=onode->next )
2628 if (onode->pkt->pkttype == PKT_USER_ID
2629 && !cmp_user_ids( onode->pkt->pkt.user_id,
2630 node->pkt->pkt.user_id ) )
2632 if (!onode ) /* this is a new user id: append */
2634 rc = append_uid( keyblock_orig, node, n_sigs, fname, keyid);
2642 /* 5th: add new subkeys */
2643 for (node=keyblock->next; node; node=node->next)
2646 if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2648 /* do we have this in the original keyblock? */
2649 for(onode=keyblock_orig->next; onode; onode=onode->next)
2650 if (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
2651 && !cmp_public_keys( onode->pkt->pkt.public_key,
2652 node->pkt->pkt.public_key))
2654 if (!onode ) /* This is a new subkey: append. */
2656 rc = append_key (keyblock_orig, node, n_sigs, fname, keyid);
2662 else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
2664 /* do we have this in the original keyblock? */
2665 for (onode=keyblock_orig->next; onode; onode=onode->next )
2666 if (onode->pkt->pkttype == PKT_SECRET_SUBKEY
2667 && !cmp_public_keys (onode->pkt->pkt.public_key,
2668 node->pkt->pkt.public_key) )
2670 if (!onode ) /* This is a new subkey: append. */
2672 rc = append_key (keyblock_orig, node, n_sigs, fname, keyid);
2680 /* 6th: merge subkey certificates */
2681 for (onode=keyblock_orig->next; onode; onode=onode->next)
2683 if (!(onode->flag & 1)
2684 && (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
2685 || onode->pkt->pkttype == PKT_SECRET_SUBKEY))
2687 /* find the subkey in the imported keyblock */
2688 for(node=keyblock->next; node; node=node->next)
2690 if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2691 || node->pkt->pkttype == PKT_SECRET_SUBKEY)
2692 && !cmp_public_keys( onode->pkt->pkt.public_key,
2693 node->pkt->pkt.public_key ) )
2696 if (node) /* Found: merge. */
2698 rc = merge_keysigs( onode, node, n_sigs, fname, keyid );
2710 * Append the userid starting with NODE and all signatures to KEYBLOCK.
2713 append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs,
2714 const char *fname, u32 *keyid )
2717 kbnode_t n_where = NULL;
2722 log_assert (node->pkt->pkttype == PKT_USER_ID );
2724 /* find the position */
2725 for (n = keyblock; n; n_where = n, n = n->next)
2727 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
2728 || n->pkt->pkttype == PKT_SECRET_SUBKEY )
2734 /* and append/insert */
2737 /* we add a clone to the original keyblock, because this
2738 * one is released first */
2739 n = clone_kbnode(node);
2742 insert_kbnode( n_where, n, 0 );
2746 add_kbnode( keyblock, n );
2749 if (n->pkt->pkttype == PKT_SIGNATURE )
2753 if (node && node->pkt->pkttype != PKT_SIGNATURE )
2762 * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_USER_ID.
2763 * (how should we handle comment packets here?)
2766 merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs,
2767 const char *fname, u32 *keyid)
2775 log_assert (dst->pkt->pkttype == PKT_USER_ID);
2776 log_assert (src->pkt->pkttype == PKT_USER_ID);
2778 for (n=src->next; n && n->pkt->pkttype != PKT_USER_ID; n = n->next)
2780 if (n->pkt->pkttype != PKT_SIGNATURE )
2782 if (n->pkt->pkt.signature->sig_class == 0x18
2783 || n->pkt->pkt.signature->sig_class == 0x28 )
2784 continue; /* skip signatures which are only valid on subkeys */
2787 for (n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
2788 if (!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
2795 /* This signature is new or newer, append N to DST.
2796 * We add a clone to the original keyblock, because this
2797 * one is released first */
2798 n2 = clone_kbnode(n);
2799 insert_kbnode( dst, n2, PKT_SIGNATURE );
2811 * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY.
2814 merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs,
2815 const char *fname, u32 *keyid)
2823 log_assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
2824 || dst->pkt->pkttype == PKT_SECRET_SUBKEY);
2826 for (n=src->next; n ; n = n->next)
2828 if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
2829 || n->pkt->pkttype == PKT_PUBLIC_KEY )
2831 if (n->pkt->pkttype != PKT_SIGNATURE )
2835 for (n2=dst->next; n2; n2 = n2->next)
2837 if (n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
2838 || n2->pkt->pkttype == PKT_PUBLIC_KEY )
2840 if (n2->pkt->pkttype == PKT_SIGNATURE
2841 && (n->pkt->pkt.signature->keyid[0]
2842 == n2->pkt->pkt.signature->keyid[0])
2843 && (n->pkt->pkt.signature->keyid[1]
2844 == n2->pkt->pkt.signature->keyid[1])
2845 && (n->pkt->pkt.signature->timestamp
2846 <= n2->pkt->pkt.signature->timestamp)
2847 && (n->pkt->pkt.signature->sig_class
2848 == n2->pkt->pkt.signature->sig_class))
2856 /* This signature is new or newer, append N to DST.
2857 * We add a clone to the original keyblock, because this
2858 * one is released first */
2859 n2 = clone_kbnode(n);
2860 insert_kbnode( dst, n2, PKT_SIGNATURE );
2872 * Append the subkey starting with NODE and all signatures to KEYBLOCK.
2873 * Mark all new and copied packets by setting flag bit 0.
2876 append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs,
2877 const char *fname, u32 *keyid)
2884 log_assert (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2885 || node->pkt->pkttype == PKT_SECRET_SUBKEY);
2889 /* we add a clone to the original keyblock, because this
2890 * one is released first */
2891 n = clone_kbnode(node);
2892 add_kbnode( keyblock, n );
2895 if (n->pkt->pkttype == PKT_SIGNATURE )
2899 if (node && node->pkt->pkttype != PKT_SIGNATURE )