1 /* keydb.c - Key database routines
2 * Copyright (C) 2002, 2003, 2007, 2008, 2009, 2010 Free Software
7 * This file is part of OpenCDK.
9 * The OpenCDK library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
41 #define KEYID_CMP(a, b) ((a[0]) == (b[0]) && (a[1]) == (b[1]))
42 #define KEYDB_CACHE_ENTRIES 8
44 static void keydb_cache_free (key_table_t cache);
45 static int classify_data (const byte * buf, size_t len);
46 static cdk_kbnode_t find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk);
49 keydb_idx_mkname (const char *file)
51 static const char *fmt = "%s.idx";
53 size_t len = strlen (file) + strlen (fmt);
55 fname = cdk_calloc (1, len + 1);
58 if (snprintf (fname, len, fmt, file) <= 0)
64 /* This functions builds an index of the keyring into a separate file
65 with the name keyring.ext.idx. It contains the offset of all public-
66 and public subkeys. The format of the file is:
68 4 octets offset of the packet
72 We store the keyid and the fingerprint due to the fact we can't get
73 the keyid from a v3 fingerprint directly.
76 keydb_idx_build (const char *file)
79 cdk_stream_t inp, out = NULL;
80 byte buf[4 + 8 + KEY_FPR_LEN];
91 rc = cdk_stream_open (file, &inp);
98 idx_name = keydb_idx_mkname (file);
101 cdk_stream_close (inp);
103 return CDK_Out_Of_Core;
105 rc = cdk_stream_create (idx_name, &out);
109 cdk_stream_close (inp);
115 while (!cdk_stream_eof (inp))
117 off_t pos = cdk_stream_tell (inp);
119 rc = cdk_pkt_read (inp, pkt);
122 _cdk_log_debug ("index build failed packet off=%lu\n", pos);
123 /* FIXME: The index is incomplete */
126 if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
127 pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
129 _cdk_u32tobuf (pos, buf);
130 cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
131 _cdk_u32tobuf (keyid[0], buf + 4);
132 _cdk_u32tobuf (keyid[1], buf + 8);
133 cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
134 cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
139 cdk_pkt_release (pkt);
141 cdk_stream_close (out);
142 cdk_stream_close (inp);
149 * cdk_keydb_idx_rebuild:
150 * @hd: key database handle
152 * Rebuild the key index files for the given key database.
155 cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
162 if (!db || !db->name || !dbs)
165 return CDK_Inv_Value;
170 tmp_idx_name = keydb_idx_mkname (db->name);
174 return CDK_Out_Of_Core;
176 err = stat (tmp_idx_name, &stbuf);
177 cdk_free (tmp_idx_name);
178 /* This function expects an existing index which can be rebuild,
179 if no index exists we do not build one and just return. */
183 cdk_stream_close (dbs->idx);
187 dbs->idx_name = keydb_idx_mkname (db->name);
191 return CDK_Out_Of_Core;
194 rc = keydb_idx_build (db->name);
196 rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
204 keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx)
212 return CDK_Inv_Value;
215 idx = cdk_calloc (1, sizeof *idx);
219 return CDK_Out_Of_Core;
222 while (!cdk_stream_eof (inp))
224 if (cdk_stream_read (inp, buf, 4) == CDK_EOF)
226 idx->offset = _cdk_buftou32 (buf);
227 cdk_stream_read (inp, buf, 4);
228 idx->keyid[0] = _cdk_buftou32 (buf);
229 cdk_stream_read (inp, buf, 4);
230 idx->keyid[1] = _cdk_buftou32 (buf);
231 cdk_stream_read (inp, idx->fpr, KEY_FPR_LEN);
235 return cdk_stream_eof (inp) ? CDK_EOF : 0;
240 keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
248 return CDK_Inv_Value;
250 if ((keyid && fpr) || (!keyid && !fpr))
256 /* We need an initialize the offset var with a value
257 because it might be possible the returned offset will
258 be 0 and then we cannot differ between the begin and an EOF. */
260 cdk_stream_seek (inp, 0);
261 while (keydb_idx_parse (inp, &idx) != CDK_EOF)
263 if (keyid && KEYID_CMP (keyid, idx->keyid))
265 *r_off = idx->offset;
268 else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
270 *r_off = idx->offset;
277 return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
282 * cdk_keydb_new_from_mem:
283 * @r_hd: The keydb output handle.
284 * @data: The raw key data.
285 * @datlen: The length of the raw data.
287 * Create a new keyring db handle from the contents of a buffer.
290 cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret,
291 const void *data, size_t datlen)
299 return CDK_Inv_Value;
302 db = calloc (1, sizeof *db);
303 rc = cdk_stream_tmp_from_mem (data, datlen, &db->fp);
310 if (cdk_armor_filter_use (db->fp))
311 cdk_stream_set_armor_flag (db->fp, 0);
312 db->type = CDK_DBTYPE_DATA;
320 * cdk_keydb_new_from_stream:
321 * @r_hd: the output keydb handle
322 * @secret: does the stream contain secret key data
323 * @in: the input stream to use
325 * This function creates a new keydb handle based on the given
326 * stream. The stream is not closed in cdk_keydb_free() and it
327 * is up to the caller to close it. No decoding is done.
330 cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret, cdk_stream_t in)
337 return CDK_Inv_Value;
341 hd = calloc (1, sizeof *hd);
344 hd->type = CDK_DBTYPE_STREAM;
348 /* We do not push any filters and thus we expect that the format
349 of the stream has the format the user wanted. */
356 cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret, const char *fname)
363 return CDK_Inv_Value;
366 hd = calloc (1, sizeof *hd);
367 hd->name = cdk_strdup (fname);
372 return CDK_Out_Of_Core;
374 hd->type = secret ? CDK_DBTYPE_SK_KEYRING : CDK_DBTYPE_PK_KEYRING;
384 * @r_hd: handle to store the new keydb object
385 * @type: type of the keyring
386 * @data: data which depends on the keyring type
387 * @count: length of the data
389 * Create a new keydb object
392 cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data, size_t count)
396 case CDK_DBTYPE_PK_KEYRING:
397 case CDK_DBTYPE_SK_KEYRING:
398 return cdk_keydb_new_from_file (r_hd, type == CDK_DBTYPE_SK_KEYRING,
399 (const char *) data);
401 case CDK_DBTYPE_DATA:
402 return cdk_keydb_new_from_mem (r_hd, 0, data, count);
404 case CDK_DBTYPE_STREAM:
405 return cdk_keydb_new_from_stream (r_hd, 0, (cdk_stream_t) data);
418 * @hd: the keydb object
420 * Free the keydb object.
423 cdk_keydb_free (cdk_keydb_hd_t hd)
434 if (hd->fp && !hd->fp_ref)
436 cdk_stream_close (hd->fp);
448 _cdk_keydb_open (cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
456 return CDK_Inv_Value;
460 if ((hd->type == CDK_DBTYPE_DATA || hd->type == CDK_DBTYPE_STREAM)
464 cdk_stream_seek (kr, 0);
466 else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
467 hd->type == CDK_DBTYPE_SK_KEYRING)
469 rc = cdk_stream_open (hd->name, &kr);
474 if (cdk_armor_filter_use (kr))
475 cdk_stream_set_armor_flag (kr, 0);
491 find_by_keyid (cdk_kbnode_t knode, cdk_keydb_search_t ks)
496 for (node = knode; node; node = node->next)
498 if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
499 node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
500 node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
501 node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
503 _cdk_pkt_get_keyid (node->pkt, keyid);
506 case CDK_DBSEARCH_SHORT_KEYID:
507 if (keyid[1] == ks->u.keyid[1])
511 case CDK_DBSEARCH_KEYID:
512 if (KEYID_CMP (keyid, ks->u.keyid))
517 _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
527 find_by_fpr (cdk_kbnode_t knode, cdk_keydb_search_t ks)
530 byte fpr[KEY_FPR_LEN];
532 if (ks->type != CDK_DBSEARCH_FPR)
535 for (node = knode; node; node = node->next)
537 if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
538 node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
539 node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
540 node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
542 _cdk_pkt_get_fingerprint (node->pkt, fpr);
543 if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
554 find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks)
560 for (node = knode; node; node = node->next)
562 if (node->pkt->pkttype != CDK_PKT_USER_ID)
564 if (node->pkt->pkt.user_id->attrib_img != NULL)
565 continue; /* Skip attribute packets. */
566 uidlen = node->pkt->pkt.user_id->len;
567 name = node->pkt->pkt.user_id->name;
570 case CDK_DBSEARCH_EXACT:
572 (strlen (ks->u.pattern) == uidlen &&
573 !strncmp (ks->u.pattern, name, uidlen)))
577 case CDK_DBSEARCH_SUBSTR:
580 if (name && strlen (ks->u.pattern) > uidlen)
582 if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
586 default: /* Invalid mode */
595 keydb_cache_free (key_table_t cache)
610 keydb_cache_find (cdk_keydb_search_t desc)
612 key_table_t cache = desc->cache;
615 for (t = cache; t; t = t->next)
619 case CDK_DBSEARCH_SHORT_KEYID:
620 case CDK_DBSEARCH_KEYID:
621 if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
625 case CDK_DBSEARCH_EXACT:
626 if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
627 !strcmp (desc->u.pattern, desc->u.pattern))
631 case CDK_DBSEARCH_SUBSTR:
632 if (strstr (desc->u.pattern, desc->u.pattern))
636 case CDK_DBSEARCH_FPR:
637 if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
648 keydb_cache_add (cdk_keydb_search_t dbs, off_t offset)
652 if (dbs->ncache > KEYDB_CACHE_ENTRIES)
653 return 0; /* FIXME: we should replace the last entry. */
654 k = cdk_calloc (1, sizeof *k);
658 return CDK_Out_Of_Core;
663 k->next = dbs->cache;
666 _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset,
672 idx_init (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
674 cdk_error_t ec, rc = 0;
676 if (cdk_stream_get_length (db->fp) < 524288)
682 dbs->idx_name = keydb_idx_mkname (db->name);
685 rc = CDK_Out_Of_Core;
688 ec = cdk_stream_open (dbs->idx_name, &dbs->idx);
690 if (ec && !db->secret)
692 rc = keydb_idx_build (db->name);
694 rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
697 _cdk_log_debug ("create key index table\n");
701 /* This is no real error, it just means we can't create
702 the index at the given directory. maybe we've no write
703 access. in this case, we simply disable the index. */
704 _cdk_log_debug ("disable key index table err=%d\n", rc);
716 * cdk_keydb_search_start:
718 * @db: key database handle
719 * @type: specifies the search type
720 * @desc: description which depends on the type
722 * Create a new keydb search object.
725 cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
736 return CDK_Inv_Value;
738 if (type != CDK_DBSEARCH_NEXT && !desc)
744 *st = cdk_calloc (1, sizeof (cdk_keydb_search_s));
748 return CDK_Out_Of_Core;
751 rc = idx_init (db, *st);
752 if (rc != CDK_Success)
762 case CDK_DBSEARCH_EXACT:
763 case CDK_DBSEARCH_SUBSTR:
764 cdk_free ((*st)->u.pattern);
765 (*st)->u.pattern = cdk_strdup (desc);
766 if (!(*st)->u.pattern)
770 return CDK_Out_Of_Core;
774 case CDK_DBSEARCH_SHORT_KEYID:
776 (*st)->u.keyid[1] = keyid[0];
779 case CDK_DBSEARCH_KEYID:
781 (*st)->u.keyid[0] = keyid[0];
782 (*st)->u.keyid[1] = keyid[1];
785 case CDK_DBSEARCH_FPR:
786 memcpy ((*st)->u.fpr, desc, KEY_FPR_LEN);
789 case CDK_DBSEARCH_NEXT:
792 case CDK_DBSEARCH_AUTO:
793 /* Override the type with the actual db search type. */
794 (*st)->type = classify_data (desc, strlen (desc));
797 case CDK_DBSEARCH_SUBSTR:
798 case CDK_DBSEARCH_EXACT:
799 cdk_free ((*st)->u.pattern);
800 p = (*st)->u.pattern = cdk_strdup (desc);
805 return CDK_Out_Of_Core;
809 case CDK_DBSEARCH_SHORT_KEYID:
810 case CDK_DBSEARCH_KEYID:
812 if (!strncmp (p, "0x", 2))
816 (*st)->u.keyid[0] = 0;
817 (*st)->u.keyid[1] = strtoul (p, NULL, 16);
819 else if (strlen (p) == 16)
821 (*st)->u.keyid[0] = strtoul (p, NULL, 16);
822 (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
825 { /* Invalid key ID object. */
832 case CDK_DBSEARCH_FPR:
834 if (strlen (p) != 2 * KEY_FPR_LEN)
840 for (i = 0; i < KEY_FPR_LEN; i++)
843 tmp[1] = p[2 * i + 1];
845 (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
853 _cdk_log_debug ("cdk_keydb_search_start: invalid mode = %d\n", type);
863 keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
864 int *r_cache_hit, off_t * r_off)
868 if (!hd || !r_cache_hit || !r_off)
871 return CDK_Inv_Value;
874 /* Reset the values. */
878 c = keydb_cache_find (ks);
881 _cdk_log_debug ("cache: found entry in cache.\n");
887 /* No index cache available so we just return here. */
893 if (ks->type == CDK_DBSEARCH_KEYID)
895 if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
898 return CDK_Error_No_Key;
900 _cdk_log_debug ("cache: found keyid entry in idx table.\n");
903 else if (ks->type == CDK_DBSEARCH_FPR)
905 if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
908 return CDK_Error_No_Key;
910 _cdk_log_debug ("cache: found fpr entry in idx table.\n");
919 cdk_keydb_search_release (cdk_keydb_search_t st)
921 keydb_cache_free (st->cache);
924 cdk_stream_close (st->idx);
928 if (st->type == CDK_DBSEARCH_EXACT || st->type == CDK_DBSEARCH_SUBSTR)
929 cdk_free (st->u.pattern);
936 * @st: the search handle
937 * @hd: the keydb object
938 * @ret_key: kbnode object to store the key
940 * Search for a key in the given keyring. The search mode is handled
941 * via @ks. If the key was found, @ret_key contains the key data.
944 cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
945 cdk_kbnode_t * ret_key)
950 off_t pos = 0, off = 0;
951 int key_found = 0, cache_hit = 0;
953 if (!hd || !ret_key || !st)
956 return CDK_Inv_Value;
962 rc = _cdk_keydb_open (hd, &kr);
971 /* It is possible the index is not up-to-date and thus we do
972 not find the requesed key. In this case, we reset cache hit
973 and continue our normal search procedure. */
974 rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
981 while (!key_found && !rc)
983 if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
984 cdk_stream_seek (kr, off);
985 else if (st->type == CDK_DBSEARCH_NEXT)
986 cdk_stream_seek (kr, st->off);
988 pos = cdk_stream_tell (kr);
990 rc = cdk_keydb_get_keyblock (kr, &knode);
1005 case CDK_DBSEARCH_SHORT_KEYID:
1006 case CDK_DBSEARCH_KEYID:
1007 key_found = find_by_keyid (knode, st);
1010 case CDK_DBSEARCH_FPR:
1011 key_found = find_by_fpr (knode, st);
1014 case CDK_DBSEARCH_EXACT:
1015 case CDK_DBSEARCH_SUBSTR:
1016 key_found = find_by_pattern (knode, st);
1019 case CDK_DBSEARCH_NEXT:
1020 st->off = cdk_stream_tell (kr);
1021 key_found = knode ? 1 : 0;
1027 if (!keydb_cache_find (st))
1028 keydb_cache_add (st, pos);
1032 cdk_kbnode_release (knode);
1036 if (key_found && rc == CDK_EOF)
1038 else if (rc == CDK_EOF && !key_found)
1041 rc = CDK_Error_No_Key;
1043 *ret_key = key_found ? knode : NULL;
1048 cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_key)
1051 cdk_keydb_search_t st;
1053 if (!hd || !keyid || !ret_key)
1056 return CDK_Inv_Value;
1059 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
1061 rc = cdk_keydb_search (st, hd, ret_key);
1063 cdk_keydb_search_release (st);
1069 cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr,
1070 cdk_kbnode_t * r_key)
1073 cdk_keydb_search_t st;
1075 if (!hd || !fpr || !r_key)
1078 return CDK_Inv_Value;
1081 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_FPR, (byte *) fpr);
1083 rc = cdk_keydb_search (st, hd, r_key);
1085 cdk_keydb_search_release (st);
1091 cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
1092 cdk_kbnode_t * ret_key)
1095 cdk_keydb_search_t st;
1097 if (!hd || !patt || !ret_key)
1100 return CDK_Inv_Value;
1103 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_SUBSTR, (char *) patt);
1105 rc = cdk_keydb_search (st, hd, ret_key);
1110 cdk_keydb_search_release (st);
1116 keydb_check_key (cdk_packet_t pkt)
1118 cdk_pkt_pubkey_t pk;
1121 if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1122 pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
1124 pk = pkt->pkt.public_key;
1127 else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
1128 pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
1130 pk = pkt->pkt.secret_key->pk;
1133 else /* No key object. */
1135 valid = !pk->is_revoked && !pk->has_expired;
1138 return valid && !pk->is_invalid;
1142 /* Find the first kbnode with the requested packet type
1143 that represents a valid key. */
1145 kbnode_find_valid (cdk_kbnode_t root, cdk_packet_type_t pkttype)
1149 for (n = root; n; n = n->next)
1151 if (n->pkt->pkttype != pkttype)
1153 if (keydb_check_key (n->pkt))
1162 keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk)
1164 cdk_kbnode_t node, key;
1168 req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
1170 return kbnode_find_valid (root, req_type);
1172 node = cdk_kbnode_find (root, req_type);
1173 if (node && !keydb_check_key (node->pkt))
1178 /* We iteratre over the all nodes and search for keys or
1179 subkeys which match the usage and which are not invalid.
1180 A timestamp is used to figure out the newest valid key. */
1181 for (node = root; node; node = node->next)
1183 if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1184 node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
1185 && keydb_check_key (node->pkt)
1186 && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
1188 if (node->pkt->pkt.public_key->timestamp > timestamp)
1191 if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
1192 node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
1193 && keydb_check_key (node->pkt)
1194 && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
1196 if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
1206 keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode)
1211 for (node = root; node; node = node->next)
1213 if (!_cdk_pkt_get_keyid (node->pkt, kid))
1215 if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1])
1217 else if (kid[0] == keyid[0] && kid[1] == keyid[1])
1225 _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
1226 cdk_seckey_t * ret_sk, int usage)
1228 cdk_kbnode_t knode = NULL;
1229 cdk_kbnode_t node, sk_node, pk_node;
1230 cdk_pkt_seckey_t sk;
1234 cdk_keydb_search_t st;
1236 if (!ret_sk || !usage)
1239 return CDK_Inv_Value;
1245 return CDK_Error_No_Keyring;
1249 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
1256 rc = cdk_keydb_search (st, hd, &knode);
1263 cdk_keydb_search_release (st);
1265 sk_node = keydb_find_byusage (knode, usage, 0);
1268 cdk_kbnode_release (knode);
1270 return CDK_Unusable_Key;
1273 /* We clone the node with the secret key to avoid that the
1274 packet will be released. */
1275 _cdk_kbnode_clone (sk_node);
1276 sk = sk_node->pkt->pkt.secret_key;
1278 for (node = knode; node; node = node->next)
1280 if (node->pkt->pkttype == CDK_PKT_USER_ID)
1282 s = node->pkt->pkt.user_id->name;
1283 if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
1285 _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
1291 /* To find the self signature, we need the primary public key because
1292 the selected secret key might be different from the primary key. */
1293 pk_node = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
1296 cdk_kbnode_release (knode);
1298 return CDK_Unusable_Key;
1300 node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
1301 if (sk->pk->uid && node)
1302 _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
1304 /* We only release the outer packet. */
1305 _cdk_pkt_detach_free (sk_node->pkt, &pkttype, (void *) &sk);
1306 cdk_kbnode_release (knode);
1313 _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
1314 cdk_pubkey_t * ret_pk, int usage)
1316 cdk_kbnode_t knode, node, pk_node;
1317 cdk_pkt_pubkey_t pk;
1320 cdk_keydb_search_t st;
1322 if (!ret_pk || !usage)
1325 return CDK_Inv_Value;
1330 return CDK_Error_No_Keyring;
1334 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
1336 rc = cdk_keydb_search (st, hd, &knode);
1343 cdk_keydb_search_release (st);
1345 node = keydb_find_byusage (knode, usage, 1);
1348 cdk_kbnode_release (knode);
1350 return CDK_Unusable_Key;
1354 _cdk_copy_pubkey (&pk, node->pkt->pkt.public_key);
1355 for (node = knode; node; node = node->next)
1357 if (node->pkt->pkttype == CDK_PKT_USER_ID)
1359 s = node->pkt->pkt.user_id->name;
1360 if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
1362 _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
1368 /* Same as in the sk code, the selected key can be a sub key
1369 and thus we need the primary key to find the self sig. */
1370 pk_node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
1373 cdk_kbnode_release (knode);
1375 return CDK_Unusable_Key;
1377 node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
1378 if (pk->uid && node)
1379 _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
1380 cdk_kbnode_release (knode);
1389 * @hd: key db handle
1390 * @keyid: keyid of the key
1391 * @r_pk: the allocated public key
1393 * Perform a key database search by keyid and return the raw public
1394 * key without any signatures or user id's.
1397 cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
1399 cdk_kbnode_t knode = NULL, node;
1404 cdk_keydb_search_t st;
1406 if (!keyid || !r_pk)
1409 return CDK_Inv_Value;
1414 return CDK_Error_No_Keyring;
1418 s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
1419 rc = cdk_keydb_search_start (&st, hd, s_type, keyid);
1425 rc = cdk_keydb_search (st, hd, &knode);
1426 cdk_keydb_search_release (st);
1433 node = keydb_find_bykeyid (knode, keyid, s_type);
1436 cdk_kbnode_release (knode);
1438 return CDK_Error_No_Key;
1441 /* See comment in cdk_keydb_get_sk() */
1442 _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &pk);
1444 _cdk_kbnode_clone (node);
1445 cdk_kbnode_release (knode);
1453 * @hd: key db handle
1454 * @keyid: the keyid of the key
1455 * @ret_sk: the allocated secret key
1457 * Perform a key database search by keyid and return
1458 * only the raw secret key without the additional nodes,
1459 * like the user id or the signatures.
1462 cdk_keydb_get_sk (cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
1464 cdk_kbnode_t snode, node;
1469 if (!keyid || !ret_sk)
1472 return CDK_Inv_Value;
1477 return CDK_Error_No_Keyring;
1481 rc = cdk_keydb_get_bykeyid (hd, keyid, &snode);
1488 node = keydb_find_bykeyid (snode, keyid, CDK_DBSEARCH_KEYID);
1491 cdk_kbnode_release (snode);
1493 return CDK_Error_No_Key;
1496 /* We need to release the packet itself but not its contents
1497 and thus we detach the openpgp packet and release the structure. */
1498 _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &sk);
1499 _cdk_kbnode_clone (node);
1500 cdk_kbnode_release (snode);
1508 is_selfsig (cdk_kbnode_t node, const u32 * keyid)
1510 cdk_pkt_signature_t sig;
1512 if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
1514 sig = node->pkt->pkt.signature;
1515 if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
1516 sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
1523 /* Find the newest self signature for the public key @pk
1524 and return the signature node. */
1526 find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
1528 cdk_kbnode_t n, sig;
1532 cdk_pk_get_keyid (pk, keyid);
1535 for (n = key; n; n = n->next)
1537 if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts)
1539 ts = n->pkt->pkt.signature->timestamp;
1548 key_usage_to_cdk_usage (unsigned int usage)
1550 unsigned key_usage = 0;
1552 if (usage & 0x01) /* cert + sign data */
1553 key_usage |= CDK_KEY_USG_CERT_SIGN;
1554 if (usage & 0x02) /* cert + sign data */
1555 key_usage |= CDK_KEY_USG_DATA_SIGN;
1556 if (usage & 0x04) /* encrypt comm. + storage */
1557 key_usage |= CDK_KEY_USG_COMM_ENCR;
1558 if (usage & 0x08) /* encrypt comm. + storage */
1559 key_usage |= CDK_KEY_USG_STORAGE_ENCR;
1560 if (usage & 0x10) /* encrypt comm. + storage */
1561 key_usage |= CDK_KEY_USG_SPLIT_KEY;
1563 key_usage |= CDK_KEY_USG_AUTH;
1564 if (usage & 0x80) /* encrypt comm. + storage */
1565 key_usage |= CDK_KEY_USG_SHARED_KEY;
1571 keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid)
1573 cdk_kbnode_t node, kbnode, unode;
1574 cdk_subpkt_t s = NULL;
1575 cdk_pkt_signature_t sig = NULL;
1576 cdk_pkt_userid_t uid = NULL;
1577 const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
1578 size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
1579 size_t key_expire = 0;
1584 return CDK_Inv_Value;
1587 for (node = key; node; node = node->next)
1589 if (!is_selfsig (node, keyid))
1591 unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
1595 return CDK_Error_No_Key;
1597 uid = unode->pkt->pkt.user_id;
1598 sig = node->pkt->pkt.signature;
1599 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
1601 uid->is_primary = 1;
1602 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
1603 if (s && s->size == 1 && s->d[0] & 0x01)
1604 uid->mdc_feature = 1;
1605 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
1606 if (s && s->size == 4)
1607 key_expire = _cdk_buftou32 (s->d);
1608 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
1615 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
1622 s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
1629 if (uid->prefs != NULL)
1630 cdk_free (uid->prefs);
1631 if (!n || !hashalg || !compalg || !symalg)
1635 uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
1639 return CDK_Out_Of_Core;
1642 for (; nsymalg; nsymalg--, n++)
1644 uid->prefs[n].type = CDK_PREFTYPE_SYM;
1645 uid->prefs[n].value = *symalg++;
1647 for (; nhashalg; nhashalg--, n++)
1649 uid->prefs[n].type = CDK_PREFTYPE_HASH;
1650 uid->prefs[n].value = *hashalg++;
1652 for (; ncompalg; ncompalg--, n++)
1654 uid->prefs[n].type = CDK_PREFTYPE_ZIP;
1655 uid->prefs[n].value = *compalg++;
1658 uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
1659 uid->prefs[n].value = 0;
1660 uid->prefs_size = n;
1664 /* Now we add the extracted information to the primary key. */
1665 kbnode = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
1668 cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
1669 if (uid && uid->prefs && n)
1671 if (pk->prefs != NULL)
1672 cdk_free (pk->prefs);
1673 pk->prefs = _cdk_copy_prefs (uid->prefs);
1678 pk->expiredate = pk->timestamp + key_expire;
1679 pk->has_expired = pk->expiredate > (u32) gnutls_time (NULL) ? 0 : 1;
1690 keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
1692 cdk_kbnode_t node, kb;
1693 cdk_pkt_signature_t sig;
1694 cdk_pkt_pubkey_t pk;
1695 cdk_subpkt_t s = NULL;
1696 u32 expiredate = 0, curtime = (u32) gnutls_time (NULL);
1702 return CDK_Inv_Value;
1707 return CDK_Inv_Mode;
1710 kb = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
1715 for (node = knode; node; node = node->next)
1717 if (node->pkt->pkttype == CDK_PKT_USER_ID)
1718 node->pkt->pkt.user_id->is_revoked = 0;
1719 else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1720 node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
1721 node->pkt->pkt.public_key->is_revoked = 0;
1724 kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
1728 return CDK_Wrong_Format;
1730 cdk_pk_get_keyid (kb->pkt->pkt.public_key, keyid);
1732 for (node = knode; node; node = node->next)
1734 if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
1736 sig = node->pkt->pkt.signature;
1737 /* Revocation certificates for primary keys */
1738 if (sig->sig_class == 0x20)
1740 kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
1743 kb->pkt->pkt.public_key->is_revoked = 1;
1745 _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
1750 return CDK_Error_No_Key;
1753 /* Revocation certificates for subkeys */
1754 else if (sig->sig_class == 0x28)
1756 kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
1759 kb->pkt->pkt.public_key->is_revoked = 1;
1761 _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
1766 return CDK_Error_No_Key;
1769 /* Revocation certifcates for user ID's */
1770 else if (sig->sig_class == 0x30)
1772 if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
1773 continue; /* revokes an earlier signature, no userID. */
1774 kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
1777 kb->pkt->pkt.user_id->is_revoked = 1;
1779 _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
1784 return CDK_Error_No_Key;
1787 /* Direct certificates for primary keys */
1788 else if (sig->sig_class == 0x1F)
1790 kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
1793 pk = kb->pkt->pkt.public_key;
1795 s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
1796 CDK_SIGSUBPKT_KEY_EXPIRE);
1799 expiredate = _cdk_buftou32 (s->d);
1800 pk->expiredate = pk->timestamp + expiredate;
1801 pk->has_expired = pk->expiredate > curtime ? 0 : 1;
1804 _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
1809 return CDK_Error_No_Key;
1812 /* Direct certificates for subkeys */
1813 else if (sig->sig_class == 0x18)
1815 kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
1818 pk = kb->pkt->pkt.public_key;
1820 s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
1821 CDK_SIGSUBPKT_KEY_EXPIRE);
1824 expiredate = _cdk_buftou32 (s->d);
1825 pk->expiredate = pk->timestamp + expiredate;
1826 pk->has_expired = pk->expiredate > curtime ? 0 : 1;
1829 _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
1834 return CDK_Error_No_Key;
1839 node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
1840 if (node && node->pkt->pkt.public_key->version == 3)
1842 /* v3 public keys have no additonal signatures for the key directly.
1843 we say the key is valid when we have at least a self signature. */
1844 pk = node->pkt->pkt.public_key;
1845 for (node = knode; node; node = node->next)
1847 if (is_selfsig (node, keyid))
1854 if (node && (node->pkt->pkt.public_key->is_revoked ||
1855 node->pkt->pkt.public_key->has_expired))
1857 /* If the primary key has been revoked, mark all subkeys as invalid
1858 because without a primary key they are not useable */
1859 for (node = knode; node; node = node->next)
1861 if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
1862 node->pkt->pkt.public_key->is_invalid = 1;
1870 add_key_usage (cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
1872 cdk_kbnode_t p, ctx;
1876 while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
1878 pkt = cdk_kbnode_get_packet (p);
1879 if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
1880 || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
1881 && pkt->pkt.public_key->keyid[0] == keyid[0]
1882 && pkt->pkt.public_key->keyid[1] == keyid[1])
1884 pkt->pkt.public_key->pubkey_usage = usage;
1892 cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode)
1895 cdk_kbnode_t knode, node;
1896 cdk_desig_revoker_t revkeys;
1898 u32 keyid[2], main_keyid[2];
1900 int key_seen, got_key;
1902 if (!inp || !r_knode)
1905 return CDK_Inv_Value;
1908 /* Reset all values. */
1909 keyid[0] = keyid[1] = 0;
1910 main_keyid[0] = main_keyid[1] = 0;
1913 key_seen = got_key = 0;
1917 while (!cdk_stream_eof (inp))
1920 old_off = cdk_stream_tell (inp);
1921 rc = cdk_pkt_read (inp, pkt);
1924 cdk_pkt_release (pkt);
1928 { /* Release all packets we reached so far. */
1929 _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
1930 cdk_kbnode_release (knode);
1936 if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1937 pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
1938 pkt->pkttype == CDK_PKT_SECRET_KEY ||
1939 pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
1941 if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1942 pkt->pkttype == CDK_PKT_SECRET_KEY))
1944 /* The next key starts here so set the file pointer
1945 and leave the loop. */
1946 cdk_stream_seek (inp, old_off);
1947 cdk_pkt_release (pkt);
1950 if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
1951 pkt->pkttype == CDK_PKT_SECRET_KEY)
1953 _cdk_pkt_get_keyid (pkt, main_keyid);
1956 else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
1957 pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
1959 if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
1961 pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
1962 pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
1966 pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
1967 pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
1970 /* We save this for the signature */
1971 _cdk_pkt_get_keyid (pkt, keyid);
1974 else if (pkt->pkttype == CDK_PKT_USER_ID)
1976 else if (pkt->pkttype == CDK_PKT_SIGNATURE)
1980 pkt->pkt.signature->key[0] = keyid[0];
1981 pkt->pkt.signature->key[1] = keyid[1];
1982 if (pkt->pkt.signature->sig_class == 0x1F &&
1983 pkt->pkt.signature->revkeys)
1984 revkeys = pkt->pkt.signature->revkeys;
1987 cdk_subpkt_find (pkt->pkt.signature->hashed,
1988 CDK_SIGSUBPKT_KEY_FLAGS);
1991 unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
1992 add_key_usage (knode, pkt->pkt.signature->key, key_usage);
1995 node = cdk_kbnode_new (pkt);
1999 _cdk_kbnode_add (knode, node);
2004 keydb_merge_selfsig (knode, main_keyid);
2005 rc = keydb_parse_allsigs (knode, NULL, 0);
2008 node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
2010 node->pkt->pkt.public_key->revkeys = revkeys;
2014 cdk_kbnode_release (knode);
2015 *r_knode = got_key ? knode : NULL;
2017 /* It is possible that we are in an EOF condition after we
2018 successfully read a keyblock. For example if the requested
2019 key is the last in the file. */
2020 if (rc == CDK_EOF && got_key)
2026 /* Return the type of the given data. In case it cannot be classified,
2027 a substring search will be performed. */
2029 classify_data (const byte * buf, size_t len)
2034 if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
2035 { /* Skip hex prefix. */
2040 /* The length of the data does not match either a keyid or a fingerprint. */
2041 if (len != 8 && len != 16 && len != 40)
2042 return CDK_DBSEARCH_SUBSTR;
2044 for (i = 0; i < len; i++)
2046 if (!isxdigit (buf[i]))
2047 return CDK_DBSEARCH_SUBSTR;
2050 return CDK_DBSEARCH_SUBSTR;
2054 type = CDK_DBSEARCH_SHORT_KEYID;
2057 type = CDK_DBSEARCH_KEYID;
2060 type = CDK_DBSEARCH_FPR;
2063 type = CDK_DBSEARCH_SUBSTR;
2073 * @hd: the keydb handle
2074 * @out: the output stream
2075 * @remusr: the list of key pattern to export
2077 * Export a list of keys to the given output stream.
2078 * Use string list with names for pattering searching.
2079 * This procedure strips local signatures.
2082 cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
2084 cdk_kbnode_t knode, node;
2088 cdk_keydb_search_t st;
2090 for (r = remusr; r; r = r->next)
2092 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
2098 rc = cdk_keydb_search (st, hd, &knode);
2099 cdk_keydb_search_release (st);
2107 node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
2111 return CDK_Error_No_Key;
2114 /* If the key is a version 3 key, use the old packet
2115 format for the output. */
2116 if (node->pkt->pkt.public_key->version == 3)
2121 for (node = knode; node; node = node->next)
2123 /* No specified format; skip them */
2124 if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
2126 /* We never export local signed signatures */
2127 if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
2128 !node->pkt->pkt.signature->flags.exportable)
2130 /* Filter out invalid signatures */
2131 if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
2132 (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
2135 /* Adjust the ctb flag if needed. */
2136 node->pkt->old_ctb = old_ctb;
2137 rc = cdk_pkt_write (out, node->pkt);
2140 cdk_kbnode_release (knode);
2145 cdk_kbnode_release (knode);
2153 find_key_packet (cdk_kbnode_t knode, int *r_is_sk)
2157 pkt = cdk_kbnode_find_packet (knode, CDK_PKT_PUBLIC_KEY);
2160 pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY);
2162 *r_is_sk = pkt ? 1 : 0;
2168 /* Return 1 if the is allowd in a key node. */
2170 is_key_node (cdk_kbnode_t node)
2172 switch (node->pkt->pkttype)
2174 case CDK_PKT_SIGNATURE:
2175 case CDK_PKT_SECRET_KEY:
2176 case CDK_PKT_PUBLIC_KEY:
2177 case CDK_PKT_SECRET_SUBKEY:
2178 case CDK_PKT_PUBLIC_SUBKEY:
2179 case CDK_PKT_USER_ID:
2180 case CDK_PKT_ATTRIBUTE:
2192 cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode)
2194 cdk_kbnode_t node, chk;
2203 return CDK_Inv_Value;
2206 pkt = find_key_packet (knode, NULL);
2210 return CDK_Inv_Packet;
2213 _cdk_pkt_get_keyid (pkt, keyid);
2215 cdk_keydb_get_bykeyid (hd, keyid, &chk);
2217 { /* FIXME: search for new signatures */
2218 cdk_kbnode_release (chk);
2222 /* We append data to the stream so we need to close
2223 the stream here to re-open it later. */
2226 cdk_stream_close (hd->fp);
2230 rc = _cdk_stream_append (hd->name, &out);
2237 for (node = knode; node; node = node->next)
2239 if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
2240 continue; /* No uniformed syntax for this packet */
2241 if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
2242 !node->pkt->pkt.signature->flags.exportable)
2244 _cdk_log_debug ("key db import: skip local signature\n");
2248 if (!is_key_node (node))
2250 _cdk_log_debug ("key db import: skip invalid node of type %d\n",
2251 node->pkt->pkttype);
2255 rc = cdk_pkt_write (out, node->pkt);
2258 cdk_stream_close (out);
2264 cdk_stream_close (out);
2265 hd->stats.new_keys++;
2272 _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
2274 cdk_kbnode_t knode = NULL, unode = NULL;
2277 cdk_keydb_search_t st;
2282 return CDK_Inv_Value;
2285 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
2291 rc = cdk_keydb_search (st, hd, &knode);
2292 cdk_keydb_search_release (st);
2300 rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
2303 rc = cdk_keydb_search (st, hd, &unode);
2304 cdk_keydb_search_release (st);
2308 cdk_kbnode_release (knode);
2314 cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
2315 if (unode && find_by_keyid (unode, st))
2317 cdk_keydb_search_release (st);
2318 cdk_kbnode_release (unode);
2320 cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
2321 if (knode && find_by_pattern (knode, st))
2323 cdk_keydb_search_release (st);
2324 cdk_kbnode_release (knode);
2326 return check == 2 ? 0 : CDK_Inv_Value;
2331 * cdk_keydb_check_sk:
2332 * @hd: the key db handle
2333 * @keyid: the 64-bit keyid
2335 * Check if a secret key with the given key ID is available
2336 * in the key database.
2339 cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
2349 return CDK_Inv_Value;
2354 return CDK_Inv_Mode;
2357 rc = _cdk_keydb_open (hd, &db);
2364 while (!cdk_pkt_read (db, pkt))
2366 if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
2367 pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
2372 cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
2373 if (KEYID_CMP (kid, keyid))
2375 cdk_pkt_release (pkt);
2380 cdk_pkt_release (pkt);
2382 return CDK_Error_No_Key;
2387 * cdk_listkey_start:
2388 * @r_ctx: pointer to store the new context
2389 * @db: the key database handle
2390 * @patt: string pattern
2391 * @fpatt: recipients from a stringlist to show
2393 * Prepare a key listing with the given parameters. Two modes are supported.
2394 * The first mode uses string pattern to determine if the key should be
2395 * returned or not. The other mode uses a string list to request the key
2396 * which should be listed.
2399 cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
2400 const char *patt, cdk_strlist_t fpatt)
2409 return CDK_Inv_Value;
2411 if ((patt && fpatt) || (!patt && !fpatt))
2414 return CDK_Inv_Mode;
2416 rc = _cdk_keydb_open (db, &inp);
2422 ctx = cdk_calloc (1, sizeof *ctx);
2426 return CDK_Out_Of_Core;
2432 ctx->u.patt = cdk_strdup (patt);
2436 return CDK_Out_Of_Core;
2442 for (l = fpatt; l; l = l->next)
2443 cdk_strlist_add (&ctx->u.fpatt, l->d);
2445 ctx->type = patt ? 1 : 0;
2453 * cdk_listkey_close:
2454 * @ctx: the list key context
2456 * Free the list key context.
2459 cdk_listkey_close (cdk_listkey_t ctx)
2465 cdk_free (ctx->u.patt);
2467 cdk_strlist_free (ctx->u.fpatt);
2474 * @ctx: list key context
2475 * @r_key: the pointer to the new key node object
2477 * Retrieve the next key from the pattern of the key list context.
2480 cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
2482 if (!ctx || !ret_key)
2485 return CDK_Inv_Value;
2490 return CDK_Inv_Mode;
2493 if (ctx->type && ctx->u.patt[0] == '*')
2494 return cdk_keydb_get_keyblock (ctx->inp, ret_key);
2498 struct cdk_keydb_search_s ks;
2503 rc = cdk_keydb_get_keyblock (ctx->inp, &node);
2509 memset (&ks, 0, sizeof (ks));
2510 ks.type = CDK_DBSEARCH_SUBSTR;
2511 ks.u.pattern = ctx->u.patt;
2512 if (find_by_pattern (node, &ks))
2517 cdk_kbnode_release (node);
2524 ctx->t = ctx->u.fpatt;
2525 else if (ctx->t->next)
2526 ctx->t = ctx->t->next;
2529 return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
2532 return CDK_General_Error;
2537 _cdk_keydb_is_secret (cdk_keydb_hd_t db)