1 /* keydb.h - Key database
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2015, 2016 g10 Code GmbH
6 * This file is part of GnuPG.
8 * GnuPG is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 3 of the License, or
11 * (at your option) any later version.
13 * GnuPG is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, see <https://www.gnu.org/licenses/>.
25 #include "../common/types.h"
26 #include "../common/util.h"
29 /* What qualifies as a certification (key-signature in contrast to a
30 * data signature)? Note that a back signature is special and can be
31 * made by key and data signatures capable subkeys.) */
32 #define IS_CERT(s) (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \
33 || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s))
34 #define IS_SIG(s) (!IS_CERT(s))
35 #define IS_KEY_SIG(s) ((s)->sig_class == 0x1f)
36 #define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10)
37 #define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
38 #define IS_BACK_SIG(s) ((s)->sig_class == 0x19)
39 #define IS_KEY_REV(s) ((s)->sig_class == 0x20)
40 #define IS_UID_REV(s) ((s)->sig_class == 0x30)
41 #define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28)
44 typedef struct getkey_ctx_s *GETKEY_CTX;
45 typedef struct getkey_ctx_s *getkey_ctx_t;
48 * A Keyblock is all packets which form an entire certificate;
49 * i.e. the public key, certificate, trust packets, user ids,
50 * signatures, and subkey.
52 * This structure is also used to bind arbitrary packets together.
55 struct kbnode_struct {
60 ulong recno; /* used while updating the trustdb */
63 #define is_deleted_kbnode(a) ((a)->private_flag & 1)
64 #define is_cloned_kbnode(a) ((a)->private_flag & 2)
67 /* Bit flags used with build_pk_list. */
70 PK_LIST_ENCRYPT_TO = 1, /* This is an encrypt-to recipient. */
71 PK_LIST_HIDDEN = 2, /* This is a hidden recipient. */
72 PK_LIST_CONFIG = 4, /* Specified via config file. */
73 PK_LIST_FROM_FILE = 8 /* Take key from file with that name. */
76 /* To store private data in the flags the private data must be left
77 * shifted by this value. */
84 /* Structure to hold a couple of public key certificates. */
85 typedef struct pk_list *PK_LIST; /* Deprecated. */
86 typedef struct pk_list *pk_list_t;
91 int flags; /* See PK_LIST_ constants. */
94 /* Structure to hold a list of secret key certificates. */
95 typedef struct sk_list *SK_LIST;
100 int mark; /* not used */
103 /* structure to collect all information which can be used to
104 * identify a public key */
105 typedef struct pubkey_find_info *PUBKEY_FIND_INFO;
106 struct pubkey_find_info {
110 byte fingerprint[MAX_FINGERPRINT_LEN];
115 /* Helper type for preference functions. */
122 /* Constants to describe from where a key was fetched or updated. */
126 KEYORG_KS = 1, /* Public keyserver. */
127 KEYORG_KS_PREF = 2, /* Preferred keysrver. */
128 KEYORG_DANE = 3, /* OpenPGP DANE. */
129 KEYORG_WKD = 4, /* Web Key Directory. */
130 KEYORG_URL = 5, /* Trusted URL. */
131 KEYORG_FILE = 6, /* Trusted file. */
132 KEYORG_SELF = 7 /* We generated it. */
138 #define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */
139 #define KEYDB_RESOURCE_FLAG_DEFAULT 4 /* The default one. */
140 #define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */
141 #define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */
143 /* Format a search term for debugging output. The caller must free
145 char *keydb_search_desc_dump (struct keydb_search_desc *desc);
147 /* Register a resource (keyring or keybox). */
148 gpg_error_t keydb_add_resource (const char *url, unsigned int flags);
150 /* Dump some statistics to the log. */
151 void keydb_dump_stats (void);
153 /* Create a new database handle. Returns NULL on error, sets ERRNO,
154 and prints an error diagnostic. */
155 KEYDB_HANDLE keydb_new (void);
157 /* Free all resources owned by the database handle. */
158 void keydb_release (KEYDB_HANDLE hd);
160 /* Take a lock on the files immediately and not only during insert or
161 * update. This lock is released with keydb_release. */
162 gpg_error_t keydb_lock (KEYDB_HANDLE hd);
164 /* Set a flag on the handle to suppress use of cached results. This
165 is required for updating a keyring and for key listings. Fixme:
166 Using a new parameter for keydb_new might be a better solution. */
167 void keydb_disable_caching (KEYDB_HANDLE hd);
169 /* Save the last found state and invalidate the current selection. */
170 void keydb_push_found_state (KEYDB_HANDLE hd);
172 /* Restore the previous save state. */
173 void keydb_pop_found_state (KEYDB_HANDLE hd);
175 /* Return the file name of the resource. */
176 const char *keydb_get_resource_name (KEYDB_HANDLE hd);
178 /* Return the keyblock last found by keydb_search. */
179 gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
181 /* Update the keyblock KB. */
182 gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
184 /* Insert a keyblock into one of the underlying keyrings or keyboxes. */
185 gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
187 /* Delete the currently selected keyblock. */
188 gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
190 /* Find the first writable resource. */
191 gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd);
193 /* Rebuild the on-disk caches of all key resources. */
194 void keydb_rebuild_caches (ctrl_t ctrl, int noisy);
196 /* Return the number of skipped blocks (because they were to large to
197 read from a keybox) since the last search reset. */
198 unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
200 /* Clears the current search result and resets the handle's position. */
201 gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
203 /* Search the database for keys matching the search description. */
204 gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
205 size_t ndesc, size_t *descindex);
207 /* Return the first non-legacy key in the database. */
208 gpg_error_t keydb_search_first (KEYDB_HANDLE hd);
210 /* Return the next key (not the next matching key!). */
211 gpg_error_t keydb_search_next (KEYDB_HANDLE hd);
213 /* This is a convenience function for searching for keys with a long
215 gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
217 /* This is a convenience function for searching for keys with a long
218 (20 byte) fingerprint. */
219 gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
223 void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
224 int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
226 void release_pk_list (PK_LIST pk_list);
227 int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
228 gpg_error_t find_and_check_key (ctrl_t ctrl,
229 const char *name, unsigned int use,
230 int mark_hidden, int from_file,
231 pk_list_t *pk_list_addr);
233 int algo_available( preftype_t preftype, int algo,
234 const union pref_hint *hint );
235 int select_algo_from_prefs( PK_LIST pk_list, int preftype,
236 int request, const union pref_hint *hint);
237 int select_mdc_from_pklist (PK_LIST pk_list);
238 void warn_missing_mdc_from_pklist (PK_LIST pk_list);
239 void warn_missing_aes_from_pklist (PK_LIST pk_list);
242 int random_is_faked (void);
243 void release_sk_list( SK_LIST sk_list );
244 gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr,
245 SK_LIST *ret_sk_list, unsigned use);
247 /*-- passphrase.h --*/
248 unsigned char encode_s2k_iterations (int iterations);
249 int have_static_passphrase(void);
250 const char *get_static_passphrase (void);
251 void set_passphrase_from_string(const char *pass);
252 void read_passphrase_from_fd( int fd );
253 void passphrase_clear_cache (const char *cacheid);
254 DEK *passphrase_to_dek_ext(u32 *keyid, int pubkey_algo,
255 int cipher_algo, STRING2KEY *s2k, int mode,
256 const char *tryagain_text,
257 const char *custdesc, const char *custprompt,
259 DEK *passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
260 int create, int nocache,
261 const char *tryagain_text, int *canceled);
262 void set_next_passphrase( const char *s );
263 char *get_last_passphrase(void);
264 void next_to_last_passphrase(void);
266 void emit_status_need_passphrase (ctrl_t ctrl, u32 *keyid,
267 u32 *mainkeyid, int pubkey_algo);
269 #define FORMAT_KEYDESC_NORMAL 0
270 #define FORMAT_KEYDESC_IMPORT 1
271 #define FORMAT_KEYDESC_EXPORT 2
272 #define FORMAT_KEYDESC_DELKEY 3
273 char *gpg_format_keydesc (ctrl_t ctrl,
274 PKT_public_key *pk, int mode, int escaped);
279 /* Cache a copy of a public key in the public key cache. */
280 void cache_public_key( PKT_public_key *pk );
282 /* Disable and drop the public key cache. */
283 void getkey_disable_caches(void);
285 /* Return the public key with the key id KEYID and store it at PK. */
286 int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
288 /* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
289 account nor does it merge in the self-signed data. This function
290 also only considers primary keys. */
291 int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
293 /* Return the key block for the key with KEYID. */
294 kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
296 /* A list used by get_pubkeys to gather all of the matches. */
299 struct pubkey_s *next;
300 /* The key to use (either the public key or the subkey). */
304 typedef struct pubkey_s *pubkey_t;
306 /* Free a single key. This does not remove key from any list! */
307 void pubkey_free (pubkey_t key);
309 /* Free a list of public keys. */
310 void pubkeys_free (pubkey_t keys);
312 /* Returns all keys that match the search specification SEARCH_TERMS.
313 The returned keys should be freed using pubkeys_free. */
315 get_pubkeys (ctrl_t ctrl,
316 char *search_terms, int use, int include_unusable, char *source,
317 int warn_possibly_ambiguous,
320 /* Find a public key identified by NAME. */
321 int get_pubkey_byname (ctrl_t ctrl,
322 GETKEY_CTX *retctx, PKT_public_key *pk,
324 KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
325 int include_unusable, int no_akl );
327 /* Likewise, but only return the best match if NAME resembles a mail
329 gpg_error_t get_best_pubkey_byname (ctrl_t ctrl,
330 GETKEY_CTX *retctx, PKT_public_key *pk,
331 const char *name, KBNODE *ret_keyblock,
332 int include_unusable, int no_akl);
334 /* Get a public key directly from file FNAME. */
335 gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
336 PKT_public_key *pk, const char *fname);
338 /* Return the public key with the key id KEYID iff the secret key is
339 * available and store it at PK. */
340 gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
342 /* Lookup a key with the specified fingerprint. */
343 int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
344 const byte *fprint, size_t fprint_len);
346 /* This function is similar to get_pubkey_byfprint, but it doesn't
347 merge the self-signed data into the public key and subkeys or into
349 gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk,
350 const byte *fprint, size_t fprint_len);
352 /* This function is similar to get_pubkey_byfprint, but it doesn't
353 merge the self-signed data into the public key and subkeys or into
355 gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock,
357 const byte *fprint, size_t fprint_len,
361 /* Returns true if a secret key is available for the public key with
363 int have_secret_key_with_kid (u32 *keyid);
365 /* Parse the --default-key parameter. Returns the last key (in terms
366 of when the option is given) that is available. */
367 const char *parse_def_secret_key (ctrl_t ctrl);
369 /* Look up a secret key. */
370 gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk);
371 gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
372 const byte *fpr, size_t fpr_len);
374 /* Search for keys matching some criteria. */
375 gpg_error_t getkey_bynames (ctrl_t ctrl,
376 getkey_ctx_t *retctx, PKT_public_key *pk,
377 strlist_t names, int want_secret,
378 kbnode_t *ret_keyblock);
380 /* Search for one key matching some criteria. */
381 gpg_error_t getkey_byname (ctrl_t ctrl,
382 getkey_ctx_t *retctx, PKT_public_key *pk,
383 const char *name, int want_secret,
384 kbnode_t *ret_keyblock);
386 /* Return the next search result. */
387 gpg_error_t getkey_next (ctrl_t ctrl, getkey_ctx_t ctx,
388 PKT_public_key *pk, kbnode_t *ret_keyblock);
390 /* Release any resources used by a key listing context. */
391 void getkey_end (ctrl_t ctrl, getkey_ctx_t ctx);
393 /* Return the database handle used by this context. The context still
395 KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
397 /* Enumerate some secret keys. */
398 gpg_error_t enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *pk);
400 /* Set the mainkey_id fields for all keys in KEYBLOCK. */
401 void setup_main_keyids (kbnode_t keyblock);
403 /* This function merges information from the self-signed data into the
405 void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
407 char*get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
408 char*get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
409 char*get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn);
410 char*get_user_id_native (ctrl_t ctrl, u32 *keyid);
411 char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
412 char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
414 void release_akl(void);
415 int parse_auto_key_locate(const char *options);
416 int parse_key_origin (char *string);
417 const char *key_origin_string (int origin);
420 int pubkey_letter( int algo );
421 char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
422 #define PUBKEY_STRING_SIZE 32
423 u32 v3_keyid (gcry_mpi_t a, u32 *ki);
424 void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
425 char *format_keyid (u32 *keyid, int format, char *buffer, int len);
427 /* Return PK's keyid. The memory is owned by PK. */
428 u32 *pk_keyid (PKT_public_key *pk);
430 /* Return the keyid of the primary key associated with PK. The memory
432 u32 *pk_main_keyid (PKT_public_key *pk);
434 /* Order A and B. If A < B then return -1, if A == B then return 0,
435 and if A > B then return 1. */
436 static int GPGRT_ATTR_UNUSED
437 keyid_cmp (const u32 *a, const u32 *b)
450 /* Return whether PK is a primary key. */
451 static int GPGRT_ATTR_UNUSED
452 pk_is_primary (PKT_public_key *pk)
454 return keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0;
457 /* Copy the keyid in SRC to DEST and return DEST. */
458 u32 *keyid_copy (u32 *dest, const u32 *src);
460 size_t keystrlen(void);
461 const char *keystr(u32 *keyid);
462 const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid);
463 const char *keystr_from_pk(PKT_public_key *pk);
464 const char *keystr_from_pk_with_sub (PKT_public_key *main_pk,
465 PKT_public_key *sub_pk);
467 /* Return PK's key id as a string using the default format. PK owns
469 const char *pk_keyid_str (PKT_public_key *pk);
471 const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc);
472 u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
473 u32 keyid_from_sig (PKT_signature *sig, u32 *keyid );
474 u32 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len,
476 byte *namehash_from_uid(PKT_user_id *uid);
477 unsigned nbits_from_pk( PKT_public_key *pk );
479 /* Convert an UTC TIMESTAMP into an UTC yyyy-mm-dd string. Return
480 * that string. The caller should pass a buffer with at least a size
481 * of MK_DATESTR_SIZE. */
482 char *mk_datestr (char *buffer, size_t bufsize, u32 timestamp);
483 #define MK_DATESTR_SIZE 11
485 const char *datestr_from_pk( PKT_public_key *pk );
486 const char *datestr_from_sig( PKT_signature *sig );
487 const char *expirestr_from_pk( PKT_public_key *pk );
488 const char *expirestr_from_sig( PKT_signature *sig );
489 const char *revokestr_from_pk( PKT_public_key *pk );
490 const char *usagestr_from_pk (PKT_public_key *pk, int fill);
491 const char *colon_strtime (u32 t);
492 const char *colon_datestr_from_pk (PKT_public_key *pk);
493 const char *colon_datestr_from_sig (PKT_signature *sig);
494 const char *colon_expirestr_from_sig (PKT_signature *sig);
495 byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
496 char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
497 char *format_hexfingerprint (const char *fingerprint,
498 char *buffer, size_t buflen);
499 gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array);
500 gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip);
504 KBNODE new_kbnode( PACKET *pkt );
505 KBNODE clone_kbnode( KBNODE node );
506 void release_kbnode( KBNODE n );
507 void delete_kbnode( KBNODE node );
508 void add_kbnode( KBNODE root, KBNODE node );
509 void insert_kbnode( KBNODE root, KBNODE node, int pkttype );
510 void move_kbnode( KBNODE *root, KBNODE node, KBNODE where );
511 void remove_kbnode( KBNODE *root, KBNODE node );
512 KBNODE find_prev_kbnode( KBNODE root, KBNODE node, int pkttype );
513 KBNODE find_next_kbnode( KBNODE node, int pkttype );
514 KBNODE find_kbnode( KBNODE node, int pkttype );
515 KBNODE walk_kbnode( KBNODE root, KBNODE *context, int all );
516 void clear_kbnode_flags( KBNODE n );
517 int commit_kbnode( KBNODE *root );
518 void dump_kbnode( KBNODE node );
520 #endif /*G10_KEYDB_H*/