/* getkey.c - Get a key from the database
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
* 2007, 2008, 2010 Free Software Foundation, Inc.
- * Copyright (C) 2015 g10 Code GmbH
+ * Copyright (C) 2015, 2016 g10 Code GmbH
*
* This file is part of GnuPG.
*
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ * along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <assert.h>
#include <ctype.h>
#include "gpg.h"
-#include "util.h"
+#include "../common/util.h"
#include "packet.h"
-#include "iobuf.h"
+#include "../common/iobuf.h"
#include "keydb.h"
#include "options.h"
#include "main.h"
#include "trustdb.h"
-#include "i18n.h"
+#include "../common/i18n.h"
#include "keyserver-internal.h"
#include "call-agent.h"
-#include "host2net.h"
-#include "mbox-util.h"
+#include "../common/host2net.h"
+#include "../common/mbox-util.h"
+#include "../common/status.h"
#define MAX_PK_CACHE_ENTRIES PK_UID_CACHE_SIZE
#define MAX_UID_CACHE_ENTRIES PK_UID_CACHE_SIZE
#error We need the cache for key creation
#endif
+/* Flags values returned by the lookup code. Note that the values are
+ * directly used by the KEY_CONSIDERED status line. */
+#define LOOKUP_NOT_SELECTED (1<<0)
+#define LOOKUP_ALL_SUBKEYS_EXPIRED (1<<1) /* or revoked */
+
+
+/* A context object used by the lookup functions. */
struct getkey_ctx_s
{
/* Part of the search criteria: whether the search is an exact
static user_id_db_t user_id_db;
static int uid_cache_entries; /* Number of entries in uid cache. */
-static void merge_selfsigs (kbnode_t keyblock);
-static int lookup (getkey_ctx_t ctx,
- kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
- int want_secret);
+static void merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock);
+static int lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
+ kbnode_t *ret_keyblock, kbnode_t *ret_found_key);
+static kbnode_t finish_lookup (kbnode_t keyblock,
+ unsigned int req_usage, int want_exact,
+ int want_secret, unsigned int *r_flags);
+static void print_status_key_considered (kbnode_t keyblock, unsigned int flags);
+
#if 0
static void
pk_cache_entries--;
}
}
- assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
+ log_assert (pk_cache_entries < MAX_PK_CACHE_ENTRIES);
}
pk_cache_entries++;
ce = xmalloc (sizeof *ce);
{
if (k->pkt->pkttype == PKT_USER_ID
&& !k->pkt->pkt.user_id->attrib_data
- && k->pkt->pkt.user_id->is_primary)
+ && k->pkt->pkt.user_id->flags.primary)
{
*uidlen = k->pkt->pkt.user_id->len;
return k->pkt->pkt.user_id->name;
/* Disable and drop the public key cache (which is filled by
cache_public_key and get_pubkey). Note: there is currently no way
- to reenable this cache. */
+ to re-enable this cache. */
void
getkey_disable_caches ()
{
}
}
-/* Returns all keys that match the search specfication SEARCH_TERMS.
-
- This function also checks for and warns about duplicate entries in
- the keydb, which can occur if the user has configured multiple
- keyrings or keyboxes or if a keyring or keybox was corrupted.
-
- Note: SEARCH_TERMS will not be expanded (i.e., it may not be a
- group).
-
- USE is the operation for which the key is required. It must be
- either PUBKEY_USAGE_ENC, PUBKEY_USAGE_SIG, PUBKEY_USAGE_CERT or
- PUBKEY_USAGE_AUTH.
-
- XXX: Currently, only PUBKEY_USAGE_ENC and PUBKEY_USAGE_SIG are
- implemented.
- INCLUDE_UNUSABLE indicates whether disabled keys are allowed.
- (Recipients specified with --encrypt-to and --hidden-encrypt-to may
- be disabled. It is possible to edit disabled keys.)
-
- SOURCE is the context in which SEARCH_TERMS was specified, e.g.,
- "--encrypt-to", etc. If this function is called interactively,
- then this should be NULL.
-
- If WARN_POSSIBLY_AMBIGUOUS is set, then emits a warning if the user
- does not specify a long key id or a fingerprint.
-
- The results are placed in *KEYS. *KEYS must be NULL! */
+/* Returns all keys that match the search specification SEARCH_TERMS.
+ *
+ * This function also checks for and warns about duplicate entries in
+ * the keydb, which can occur if the user has configured multiple
+ * keyrings or keyboxes or if a keyring or keybox was corrupted.
+ *
+ * Note: SEARCH_TERMS will not be expanded (i.e., it may not be a
+ * group).
+ *
+ * USE is the operation for which the key is required. It must be
+ * either PUBKEY_USAGE_ENC, PUBKEY_USAGE_SIG, PUBKEY_USAGE_CERT or
+ * PUBKEY_USAGE_AUTH.
+ *
+ * INCLUDE_UNUSABLE indicates whether disabled keys are allowed.
+ * (Recipients specified with --encrypt-to and --hidden-encrypt-to may
+ * be disabled. It is possible to edit disabled keys.)
+ *
+ * SOURCE is the context in which SEARCH_TERMS was specified, e.g.,
+ * "--encrypt-to", etc. If this function is called interactively,
+ * then this should be NULL.
+ *
+ * If WARN_POSSIBLY_AMBIGUOUS is set, then emits a warning if the user
+ * does not specify a long key id or a fingerprint.
+ *
+ * The results are placed in *KEYS. *KEYS must be NULL!
+ *
+ * Fixme: Currently, only PUBKEY_USAGE_ENC and PUBKEY_USAGE_SIG are
+ * implemented. */
gpg_error_t
get_pubkeys (ctrl_t ctrl,
char *search_terms, int use, int include_unusable, char *source,
pubkey_t *r_keys)
{
/* We show a warning when a key appears multiple times in the DB.
- This can happen for two reasons:
-
- - The user has configured multiple keyrings or keyboxes.
-
- - The keyring or keybox has been corrupted in some way, e.g., a
- bug or a random process changing them.
-
- For each duplicate, we only want to show the key once. Hence,
- this list. */
+ * This can happen for two reasons:
+ *
+ * - The user has configured multiple keyrings or keyboxes.
+ *
+ * - The keyring or keybox has been corrupted in some way, e.g., a
+ * bug or a random process changing them.
+ *
+ * For each duplicate, we only want to show the key once. Hence,
+ * this list. */
static strlist_t key_dups;
-
- /* USE transformed to a string. */
- char *use_str;
-
gpg_error_t err;
-
+ char *use_str; /* USE transformed to a string. */
KEYDB_SEARCH_DESC desc;
-
GETKEY_CTX ctx;
pubkey_t results = NULL;
pubkey_t r;
-
int count;
-
char fingerprint[2 * MAX_FINGERPRINT_LEN + 1];
if (DBG_LOOKUP)
search_terms, gpg_strerror (err));
if (!opt.quiet && source)
log_info (_("(check argument of option '%s')\n"), source);
- goto out;
+ goto leave;
}
if (warn_possibly_ambiguous
count = 0;
do
{
- PKT_public_key *pk = xmalloc_clear (sizeof *pk);
+ PKT_public_key *pk;
KBNODE kb;
+
+ pk = xtrycalloc (1, sizeof *pk);
+ if (!pk)
+ {
+ err = gpg_error_from_syserror ();
+ goto leave;
+ }
+
pk->req_usage = use;
if (! ctx)
err = get_pubkey_byname (ctrl, &ctx, pk, search_terms, &kb, NULL,
include_unusable, 1);
else
- err = getkey_next (ctx, pk, &kb);
+ err = getkey_next (ctrl, ctx, pk, &kb);
- if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
- /* No more results. */
+ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND) /* No more results. */
{
xfree (pk);
break;
}
- else if (err)
- /* An error (other than "not found"). */
+ else if (err) /* An error (other than "not found"). */
{
- log_error (_("error looking up: %s\n"),
- gpg_strerror (err));
+ log_error (_("error looking up: %s\n"), gpg_strerror (err));
xfree (pk);
break;
}
/* Another result! */
count ++;
- r = xmalloc_clear (sizeof (*r));
+ r = xtrycalloc (1, sizeof (*r));
+ if (!r)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (pk);
+ goto leave;
+ }
r->pk = pk;
r->keyblock = kb;
r->next = results;
results = r;
}
while (ctx);
- getkey_end (ctx);
+ getkey_end (ctrl, ctx);
if (DBG_LOOKUP)
{
}
if (! results && gpg_err_code (err) == GPG_ERR_NOT_FOUND)
- /* No match. */
- {
+ { /* No match. */
if (DBG_LOOKUP)
log_debug ("%s: '%s' not found.\n", __func__, search_terms);
if (!opt.quiet && source)
log_info (_("(check argument of option '%s')\n"), source);
- goto out;
+ goto leave;
}
else if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
- /* No more matches. */
- ;
+ ; /* No more matches. */
else if (err)
- /* Some other error. An error message was already printed
- out. Free RESULTS and continue. */
- goto out;
+ { /* Some other error. An error message was already printed out.
+ * Free RESULTS and continue. */
+ goto leave;
+ }
/* Check for duplicates. */
if (DBG_LOOKUP)
{
if (cmp_public_keys (r->keyblock->pkt->pkt.public_key,
r2->keyblock->pkt->pkt.public_key) != 0)
- /* Not a dup. */
- {
+ { /* Not a dup. */
prevp = &r2->next;
next = r2->next;
continue;
fingerprint, sizeof fingerprint));
}
- out:
+ leave:
if (err)
pubkeys_free (results);
else
static void
-pk_from_block (GETKEY_CTX ctx, PKT_public_key * pk, KBNODE keyblock,
- KBNODE found_key)
+pk_from_block (PKT_public_key *pk, kbnode_t keyblock, kbnode_t found_key)
{
- KBNODE a = found_key ? found_key : keyblock;
-
- (void) ctx;
+ kbnode_t a = found_key ? found_key : keyblock;
- assert (a->pkt->pkttype == PKT_PUBLIC_KEY
- || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+ log_assert (a->pkt->pkttype == PKT_PUBLIC_KEY
+ || a->pkt->pkttype == PKT_PUBLIC_SUBKEY);
copy_public_key (pk, a->pkt->pkt.public_key);
}
* has definitely been merged into the public key using
* merge_selfsigs. */
int
-get_pubkey (PKT_public_key * pk, u32 * keyid)
+get_pubkey (ctrl_t ctrl, PKT_public_key * pk, u32 * keyid)
{
int internal = 0;
int rc = 0;
/* More init stuff. */
if (!pk)
{
- pk = xmalloc_clear (sizeof *pk);
internal++;
+ pk = xtrycalloc (1, sizeof *pk);
+ if (!pk)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
}
memset (&ctx, 0, sizeof ctx);
ctx.exact = 1; /* Use the key ID exactly as given. */
ctx.not_allocated = 1;
- ctx.kr_handle = keydb_new ();
- if (!ctx.kr_handle)
+
+ if (ctrl && ctrl->cached_getkey_kdb)
+ {
+ ctx.kr_handle = ctrl->cached_getkey_kdb;
+ ctrl->cached_getkey_kdb = NULL;
+ keydb_search_reset (ctx.kr_handle);
+ }
+ else
{
- rc = gpg_error_from_syserror ();
- goto leave;
+ ctx.kr_handle = keydb_new ();
+ if (!ctx.kr_handle)
+ {
+ rc = gpg_error_from_syserror ();
+ goto leave;
+ }
}
ctx.nitems = 1;
ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage;
- rc = lookup (&ctx, &kb, &found_key, 0);
+ rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc)
{
- pk_from_block (&ctx, pk, kb, found_key);
+ pk_from_block (pk, kb, found_key);
}
- getkey_end (&ctx);
+ getkey_end (ctrl, &ctx);
release_kbnode (kb);
}
if (!rc)
KBNODE keyblock;
u32 pkid[2];
- assert (pk);
+ log_assert (pk);
#if MAX_PK_CACHE_ENTRIES
{
/* Try to get it from the cache */
return GPG_ERR_NO_PUBKEY;
}
- assert (keyblock && keyblock->pkt
- && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ log_assert (keyblock && keyblock->pkt
+ && keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
/* We return the primary key. If KEYID matched a subkey, then we
return an error. */
* The self-signed data has already been merged into the public key
* using merge_selfsigs. */
kbnode_t
-get_pubkeyblock (u32 * keyid)
+get_pubkeyblock (ctrl_t ctrl, u32 * keyid)
{
struct getkey_ctx_s ctx;
int rc = 0;
ctx.items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
- rc = lookup (&ctx, &keyblock, NULL, 0);
- getkey_end (&ctx);
+ rc = lookup (ctrl, &ctx, 0, &keyblock, NULL);
+ getkey_end (ctrl, &ctx);
return rc ? NULL : keyblock;
}
* The self-signed data has already been merged into the public key
* using merge_selfsigs. */
gpg_error_t
-get_seckey (PKT_public_key *pk, u32 *keyid)
+get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
{
gpg_error_t err;
struct getkey_ctx_s ctx;
ctx.items[0].u.kid[0] = keyid[0];
ctx.items[0].u.kid[1] = keyid[1];
ctx.req_usage = pk->req_usage;
- err = lookup (&ctx, &keyblock, &found_key, 1);
+ err = lookup (ctrl, &ctx, 1, &keyblock, &found_key);
if (!err)
{
- pk_from_block (&ctx, pk, keyblock, found_key);
+ pk_from_block (pk, keyblock, found_key);
}
- getkey_end (&ctx);
+ getkey_end (ctrl, &ctx);
release_kbnode (keyblock);
if (!err)
/* Skip unusable keys. A key is unusable if it is revoked, expired or
disabled or if the selected user id is revoked or expired. */
static int
-skip_unusable (void *dummy, u32 * keyid, int uid_no)
+skip_unusable (void *opaque, u32 * keyid, int uid_no)
{
+ ctrl_t ctrl = opaque;
int unusable = 0;
KBNODE keyblock;
PKT_public_key *pk;
- (void) dummy;
-
- keyblock = get_pubkeyblock (keyid);
+ keyblock = get_pubkeyblock (ctrl, keyid);
if (!keyblock)
{
log_error ("error checking usability status of %s\n", keystr (keyid));
if (uids_seen != uid_no)
continue;
- if (user_id->is_revoked || user_id->is_expired)
+ if (user_id->flags.revoked || user_id->flags.expired)
unusable = 1;
break;
/* If UID_NO is non-zero, then the keyblock better have at least
that many UIDs. */
- assert (uids_seen == uid_no);
+ log_assert (uids_seen == uid_no);
}
if (!unusable)
returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
(if want_secret is set) is returned if the key is not found. */
static int
-key_byname (GETKEY_CTX *retctx, strlist_t namelist,
+key_byname (ctrl_t ctrl, GETKEY_CTX *retctx, strlist_t namelist,
PKT_public_key *pk,
int want_secret, int include_unusable,
KBNODE * ret_kb, KEYDB_HANDLE * ret_kdbhd)
if (retctx)
{
/* Reset the returned context in case of error. */
- assert (!ret_kdbhd); /* Not allowed because the handle is stored
- in the context. */
+ log_assert (!ret_kdbhd); /* Not allowed because the handle is stored
+ in the context. */
*retctx = NULL;
}
if (ret_kdbhd)
ctx->nitems = 1;
ctx->items[0].mode = KEYDB_SEARCH_MODE_FIRST;
if (!include_unusable)
- ctx->items[0].skipfnc = skip_unusable;
+ {
+ ctx->items[0].skipfnc = skip_unusable;
+ ctx->items[0].skipfncvalue = ctrl;
+ }
}
else
{
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR16
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR20
&& ctx->items[n].mode != KEYDB_SEARCH_MODE_FPR)
- ctx->items[n].skipfnc = skip_unusable;
+ {
+ ctx->items[n].skipfnc = skip_unusable;
+ ctx->items[n].skipfncvalue = ctrl;
+ }
}
}
if (!ctx->kr_handle)
{
rc = gpg_error_from_syserror ();
- getkey_end (ctx);
+ getkey_end (ctrl, ctx);
return rc;
}
ctx->req_usage = pk->req_usage;
}
- rc = lookup (ctx, ret_kb, &found_key, want_secret);
+ rc = lookup (ctrl, ctx, want_secret, ret_kb, &found_key);
if (!rc && pk)
{
- pk_from_block (ctx, pk, *ret_kb, found_key);
+ pk_from_block (pk, *ret_kb, found_key);
}
release_kbnode (help_kb);
*ret_kdbhd = ctx->kr_handle;
ctx->kr_handle = NULL;
}
- getkey_end (ctx);
+ getkey_end (ctrl, ctx);
}
return rc;
/* Find a public key identified by NAME.
*
- * If name appears to be a valid valid RFC822 mailbox (i.e., email
+ * If name appears to be a valid RFC822 mailbox (i.e., email
* address) and auto key lookup is enabled (no_akl == 0), then the
* specified auto key lookup methods (--auto-key-lookup) are used to
* import the key into the local keyring. Otherwise, just the local
int nodefault = 0;
int anylocalfirst = 0;
+ /* If RETCTX is not NULL, then RET_KDBHD must be NULL. */
+ log_assert (retctx == NULL || ret_kdbhd == NULL);
+
if (retctx)
*retctx = NULL;
is_mbox = is_valid_mailbox (name);
/* The auto-key-locate feature works as follows: there are a number
- of methods to look up keys. By default, the local keyring is
- tried first. Then, each method listed in the --auto-key-locate is
- tried in the order it appears.
-
- This can be changed as follows:
-
- - if nodefault appears anywhere in the list of options, then
- the local keyring is not tried first, or,
-
- - if local appears anywhere in the list of options, then the
- local keyring is not tried first, but in the order in which
- it was listed in the --auto-key-locate option.
-
- Note: we only save the search context in RETCTX if the local
- method is the first method tried (either explicitly or
- implicitly). */
+ * of methods to look up keys. By default, the local keyring is
+ * tried first. Then, each method listed in the --auto-key-locate is
+ * tried in the order it appears.
+ *
+ * This can be changed as follows:
+ *
+ * - if nodefault appears anywhere in the list of options, then
+ * the local keyring is not tried first, or,
+ *
+ * - if local appears anywhere in the list of options, then the
+ * local keyring is not tried first, but in the order in which
+ * it was listed in the --auto-key-locate option.
+ *
+ * Note: we only save the search context in RETCTX if the local
+ * method is the first method tried (either explicitly or
+ * implicitly). */
if (!no_akl)
- /* auto-key-locate is enabled. */
{
+ /* auto-key-locate is enabled. */
+
/* nodefault is true if "nodefault" or "local" appear. */
for (akl = opt.auto_key_locate; akl; akl = akl->next)
if (akl->type == AKL_NODEFAULT || akl->type == AKL_LOCAL)
}
if (!nodefault)
- /* "nodefault" didn't occur. Thus, "local" is implicitly the
- first method to try. */
- anylocalfirst = 1;
+ {
+ /* "nodefault" didn't occur. Thus, "local" is implicitly the
+ * first method to try. */
+ anylocalfirst = 1;
+ }
if (nodefault && is_mbox)
- /* Either "nodefault" or "local" (explicitly) appeared in the auto
- key locate list and NAME appears to be an email address. Don't
- try the local keyring. */
{
+ /* Either "nodefault" or "local" (explicitly) appeared in the
+ * auto key locate list and NAME appears to be an email address.
+ * Don't try the local keyring. */
rc = GPG_ERR_NO_PUBKEY;
}
else
- /* Either "nodefault" and "local" don't appear in the auto key
- locate list (in which case we try the local keyring first) or
- NAME does not appear to be an email address (in which case we
- only try the local keyring). In this case, lookup NAME in the
- local keyring. */
{
+ /* Either "nodefault" and "local" don't appear in the auto key
+ * locate list (in which case we try the local keyring first) or
+ * NAME does not appear to be an email address (in which case we
+ * only try the local keyring). In this case, lookup NAME in
+ * the local keyring. */
add_to_strlist (&namelist, name);
- rc = key_byname (retctx, namelist, pk, 0,
+ rc = key_byname (ctrl, retctx, namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd);
}
/* If the requested name resembles a valid mailbox and automatic
retrieval has been enabled, we try to import the key. */
if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY && !no_akl && is_mbox)
- /* NAME wasn't present in the local keyring (or we didn't try the
- local keyring). Since the auto key locate feature is enabled
- and NAME appears to be an email address, try the auto locate
- feature. */
{
+ /* NAME wasn't present in the local keyring (or we didn't try
+ * the local keyring). Since the auto key locate feature is
+ * enabled and NAME appears to be an email address, try the auto
+ * locate feature. */
for (akl = opt.auto_key_locate; akl; akl = akl->next)
{
unsigned char *fpr = NULL;
size_t fpr_len;
- int did_key_byname = 0;
+ int did_akl_local = 0;
int no_fingerprint = 0;
const char *mechanism = "?";
case AKL_LOCAL:
mechanism = "Local";
- did_key_byname = 1;
+ did_akl_local = 1;
if (retctx)
{
- getkey_end (*retctx);
+ getkey_end (ctrl, *retctx);
*retctx = NULL;
}
add_to_strlist (&namelist, name);
- rc = key_byname (anylocalfirst ? retctx : NULL,
+ rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd);
break;
glo_ctrl.in_auto_key_retrieve--;
break;
+ case AKL_WKD:
+ mechanism = "WKD";
+ glo_ctrl.in_auto_key_retrieve++;
+ rc = keyserver_import_wkd (ctrl, name, 0, &fpr, &fpr_len);
+ glo_ctrl.in_auto_key_retrieve--;
+ break;
+
case AKL_LDAP:
mechanism = "LDAP";
glo_ctrl.in_auto_key_retrieve++;
case AKL_KEYSERVER:
/* Strictly speaking, we don't need to only use a valid
- mailbox for the getname search, but it helps cut down
- on the problem of searching for something like "john"
- and getting a whole lot of keys back. */
+ * mailbox for the getname search, but it helps cut down
+ * on the problem of searching for something like "john"
+ * and getting a whole lot of keys back. */
if (keyserver_any_configured (ctrl))
{
mechanism = "keyserver";
}
/* Use the fingerprint of the key that we actually fetched.
- This helps prevent problems where the key that we fetched
- doesn't have the same name that we used to fetch it. In
- the case of CERT and PKA, this is an actual security
- requirement as the URL might point to a key put in by an
- attacker. By forcing the use of the fingerprint, we
- won't use the attacker's key here. */
+ * This helps prevent problems where the key that we fetched
+ * doesn't have the same name that we used to fetch it. In
+ * the case of CERT and PKA, this is an actual security
+ * requirement as the URL might point to a key put in by an
+ * attacker. By forcing the use of the fingerprint, we
+ * won't use the attacker's key here. */
if (!rc && fpr)
{
char fpr_string[MAX_FINGERPRINT_LEN * 2 + 1];
- assert (fpr_len <= MAX_FINGERPRINT_LEN);
+ log_assert (fpr_len <= MAX_FINGERPRINT_LEN);
free_strlist (namelist);
namelist = NULL;
add_to_strlist (&namelist, fpr_string);
}
- else if (!rc && !fpr && !did_key_byname)
- /* The acquisition method said no failure occurred, but it
- didn't return a fingerprint. That's a failure. */
- {
- no_fingerprint = 1;
+ else if (!rc && !fpr && !did_akl_local)
+ { /* The acquisition method said no failure occurred, but
+ * it didn't return a fingerprint. That's a failure. */
+ no_fingerprint = 1;
rc = GPG_ERR_NO_PUBKEY;
}
xfree (fpr);
fpr = NULL;
- if (!rc && !did_key_byname)
- /* There was no error and we didn't do a local lookup.
- This means that we imported a key into the local
- keyring. Try to read the imported key from the
- keyring. */
- {
+ if (!rc && !did_akl_local)
+ { /* There was no error and we didn't do a local lookup.
+ * This means that we imported a key into the local
+ * keyring. Try to read the imported key from the
+ * keyring. */
if (retctx)
{
- getkey_end (*retctx);
+ getkey_end (ctrl, *retctx);
*retctx = NULL;
}
- rc = key_byname (anylocalfirst ? retctx : NULL,
+ rc = key_byname (ctrl, anylocalfirst ? retctx : NULL,
namelist, pk, 0,
include_unusable, ret_keyblock, ret_kdbhd);
}
if (!rc)
{
/* Key found. */
- log_info (_("automatically retrieved '%s' via %s\n"),
- name, mechanism);
+ if (opt.verbose)
+ log_info (_("automatically retrieved '%s' via %s\n"),
+ name, mechanism);
break;
}
if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
if (rc && retctx)
{
- getkey_end (*retctx);
+ getkey_end (ctrl, *retctx);
*retctx = NULL;
}
if (retctx && *retctx)
{
- assert (!(*retctx)->extra_list);
+ log_assert (!(*retctx)->extra_list);
(*retctx)->extra_list = namelist;
}
else
}
+\f
+
+/* Comparison machinery for get_best_pubkey_byname. */
+
+/* First we have a struct to cache computed information about the key
+ * in question. */
+struct pubkey_cmp_cookie
+{
+ int valid; /* Is this cookie valid? */
+ PKT_public_key key; /* The key. */
+ PKT_user_id *uid; /* The matching UID packet. */
+ unsigned int validity; /* Computed validity of (KEY, UID). */
+ u32 creation_time; /* Creation time of the newest subkey
+ capable of encryption. */
+};
+
+
+/* Then we have a series of helper functions. */
+static int
+key_is_ok (const PKT_public_key *key)
+{
+ return (! key->has_expired && ! key->flags.revoked
+ && key->flags.valid && ! key->flags.disabled);
+}
+
+
+static int
+uid_is_ok (const PKT_public_key *key, const PKT_user_id *uid)
+{
+ return key_is_ok (key) && ! uid->flags.revoked;
+}
+
+
+static int
+subkey_is_ok (const PKT_public_key *sub)
+{
+ return ! sub->flags.revoked && sub->flags.valid && ! sub->flags.disabled;
+}
+
+
+/* Finally this function compares a NEW key to the former candidate
+ * OLD. Returns < 0 if the old key is worse, > 0 if the old key is
+ * better, == 0 if it is a tie. */
+static int
+pubkey_cmp (ctrl_t ctrl, const char *name, struct pubkey_cmp_cookie *old,
+ struct pubkey_cmp_cookie *new, KBNODE new_keyblock)
+{
+ kbnode_t n;
+
+ new->creation_time = 0;
+ for (n = find_next_kbnode (new_keyblock, PKT_PUBLIC_SUBKEY);
+ n; n = find_next_kbnode (n, PKT_PUBLIC_SUBKEY))
+ {
+ PKT_public_key *sub = n->pkt->pkt.public_key;
+
+ if ((sub->pubkey_usage & PUBKEY_USAGE_ENC) == 0)
+ continue;
+
+ if (! subkey_is_ok (sub))
+ continue;
+
+ if (sub->timestamp > new->creation_time)
+ new->creation_time = sub->timestamp;
+ }
+
+ for (n = find_next_kbnode (new_keyblock, PKT_USER_ID);
+ n; n = find_next_kbnode (n, PKT_USER_ID))
+ {
+ PKT_user_id *uid = n->pkt->pkt.user_id;
+ char *mbox = mailbox_from_userid (uid->name);
+ int match = mbox ? strcasecmp (name, mbox) == 0 : 0;
+
+ xfree (mbox);
+ if (! match)
+ continue;
+
+ new->uid = scopy_user_id (uid);
+ new->validity =
+ get_validity (ctrl, new_keyblock, &new->key, uid, NULL, 0) & TRUST_MASK;
+ new->valid = 1;
+
+ if (! old->valid)
+ return -1; /* No OLD key. */
+
+ if (! uid_is_ok (&old->key, old->uid) && uid_is_ok (&new->key, uid))
+ return -1; /* Validity of the NEW key is better. */
+
+ if (old->validity < new->validity)
+ return -1; /* Validity of the NEW key is better. */
+
+ if (old->validity == new->validity && uid_is_ok (&new->key, uid)
+ && old->creation_time < new->creation_time)
+ return -1; /* Both keys are of the same validity, but the
+ NEW key is newer. */
+ }
+
+ /* Stick with the OLD key. */
+ return 1;
+}
+
+
+/* This function works like get_pubkey_byname, but if the name
+ * resembles a mail address, the results are ranked and only the best
+ * result is returned. */
+gpg_error_t
+get_best_pubkey_byname (ctrl_t ctrl, GETKEY_CTX *retctx, PKT_public_key *pk,
+ const char *name, KBNODE *ret_keyblock,
+ int include_unusable, int no_akl)
+{
+ gpg_error_t err;
+ struct getkey_ctx_s *ctx = NULL;
+
+ if (retctx)
+ *retctx = NULL;
+
+ err = get_pubkey_byname (ctrl, &ctx, pk, name, ret_keyblock,
+ NULL, include_unusable, no_akl);
+ if (err)
+ {
+ getkey_end (ctrl, ctx);
+ return err;
+ }
+
+ if (is_valid_mailbox (name) && ctx)
+ {
+ /* Rank results and return only the most relevant key. */
+ struct pubkey_cmp_cookie best = { 0 };
+ struct pubkey_cmp_cookie new = { 0 };
+ kbnode_t new_keyblock;
+
+ while (getkey_next (ctrl, ctx, &new.key, &new_keyblock) == 0)
+ {
+ int diff = pubkey_cmp (ctrl, name, &best, &new, new_keyblock);
+ release_kbnode (new_keyblock);
+ if (diff < 0)
+ {
+ /* New key is better. */
+ release_public_key_parts (&best.key);
+ free_user_id (best.uid);
+ best = new;
+ }
+ else if (diff > 0)
+ {
+ /* Old key is better. */
+ release_public_key_parts (&new.key);
+ free_user_id (new.uid);
+ new.uid = NULL;
+ }
+ else
+ {
+ /* A tie. Keep the old key. */
+ release_public_key_parts (&new.key);
+ free_user_id (new.uid);
+ new.uid = NULL;
+ }
+ }
+ getkey_end (ctrl, ctx);
+ ctx = NULL;
+ free_user_id (best.uid);
+ best.uid = NULL;
+
+ if (best.valid)
+ {
+ if (retctx || ret_keyblock)
+ {
+ ctx = xtrycalloc (1, sizeof **retctx);
+ if (! ctx)
+ err = gpg_error_from_syserror ();
+ else
+ {
+ ctx->kr_handle = keydb_new ();
+ if (! ctx->kr_handle)
+ {
+ err = gpg_error_from_syserror ();
+ xfree (ctx);
+ ctx = NULL;
+ if (retctx)
+ *retctx = NULL;
+ }
+ else
+ {
+ u32 *keyid = pk_keyid (&best.key);
+ ctx->exact = 1;
+ ctx->nitems = 1;
+ ctx->items[0].mode = KEYDB_SEARCH_MODE_LONG_KID;
+ ctx->items[0].u.kid[0] = keyid[0];
+ ctx->items[0].u.kid[1] = keyid[1];
+
+ if (ret_keyblock)
+ {
+ release_kbnode (*ret_keyblock);
+ *ret_keyblock = NULL;
+ err = getkey_next (ctrl, ctx, NULL, ret_keyblock);
+ }
+ }
+ }
+ }
+
+ if (pk)
+ *pk = best.key;
+ else
+ release_public_key_parts (&best.key);
+ }
+ }
+
+ if (err && ctx)
+ {
+ getkey_end (ctrl, ctx);
+ ctx = NULL;
+ }
+
+ if (retctx && ctx)
+ *retctx = ctx;
+ else
+ getkey_end (ctrl, ctx);
+
+ return err;
+}
+
+\f
+
+/* Get a public key from a file.
+ *
+ * PK is the buffer to store the key. The caller needs to make sure
+ * that PK->REQ_USAGE is valid. PK->REQ_USAGE is passed through to
+ * the lookup function and is a mask of PUBKEY_USAGE_SIG,
+ * PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT. If this is non-zero, only
+ * keys with the specified usage will be returned.
+ *
+ * FNAME is the file name. That file should contain exactly one
+ * keyblock.
+ *
+ * This function returns 0 on success. Otherwise, an error code is
+ * returned. In particular, GPG_ERR_NO_PUBKEY is returned if the key
+ * is not found.
+ *
+ * The self-signed data has already been merged into the public key
+ * using merge_selfsigs. The caller must release the content of PK by
+ * calling release_public_key_parts (or, if PK was malloced, using
+ * free_public_key).
+ */
+gpg_error_t
+get_pubkey_fromfile (ctrl_t ctrl, PKT_public_key *pk, const char *fname)
+{
+ gpg_error_t err;
+ kbnode_t keyblock;
+ kbnode_t found_key;
+ unsigned int infoflags;
+
+ err = read_key_from_file (ctrl, fname, &keyblock);
+ if (!err)
+ {
+ /* Warning: node flag bits 0 and 1 should be preserved by
+ * merge_selfsigs. FIXME: Check whether this still holds. */
+ merge_selfsigs (ctrl, keyblock);
+ found_key = finish_lookup (keyblock, pk->req_usage, 0, 0, &infoflags);
+ print_status_key_considered (keyblock, infoflags);
+ if (found_key)
+ pk_from_block (pk, keyblock, found_key);
+ else
+ err = gpg_error (GPG_ERR_UNUSABLE_PUBKEY);
+ }
+
+ release_kbnode (keyblock);
+ return err;
+}
+
+
/* Lookup a key with the specified fingerprint.
*
* If PK is not NULL, the public key of the first result is returned
* be done by creating a userID conforming to the unified fingerprint
* style. */
int
-get_pubkey_byfprint (PKT_public_key *pk, kbnode_t *r_keyblock,
+get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
const byte * fprint, size_t fprint_len)
{
int rc;
ctx.items[0].mode = fprint_len == 16 ? KEYDB_SEARCH_MODE_FPR16
: KEYDB_SEARCH_MODE_FPR20;
memcpy (ctx.items[0].u.fpr, fprint, fprint_len);
- rc = lookup (&ctx, &kb, &found_key, 0);
+ rc = lookup (ctrl, &ctx, 0, &kb, &found_key);
if (!rc && pk)
- pk_from_block (&ctx, pk, kb, found_key);
+ pk_from_block (pk, kb, found_key);
if (!rc && r_keyblock)
{
*r_keyblock = kb;
kb = NULL;
}
release_kbnode (kb);
- getkey_end (&ctx);
+ getkey_end (ctrl, &ctx);
}
else
rc = GPG_ERR_GENERAL; /* Oops */
*
* Like get_pubkey_byfprint, PK may be NULL. In that case, this
* function effectively just checks for the existence of the key. */
-int
+gpg_error_t
get_pubkey_byfprint_fast (PKT_public_key * pk,
const byte * fprint, size_t fprint_len)
{
- int rc = 0;
- KEYDB_HANDLE hd;
+ gpg_error_t err;
KBNODE keyblock;
+
+ err = get_keyblock_byfprint_fast (&keyblock, NULL, fprint, fprint_len, 0);
+ if (!err)
+ {
+ if (pk)
+ copy_public_key (pk, keyblock->pkt->pkt.public_key);
+ release_kbnode (keyblock);
+ }
+
+ return err;
+}
+
+
+/* This function is similar to get_pubkey_byfprint_fast but returns a
+ * keydb handle at R_HD and the keyblock at R_KEYBLOCK. R_KEYBLOCK or
+ * R_HD may be NULL. If LOCK is set the handle has been opend in
+ * locked mode and keydb_disable_caching () has been called. On error
+ * R_KEYBLOCK is set to NULL but R_HD must be released by the caller;
+ * it may have a value of NULL, though. This allows to do an insert
+ * operation on a locked keydb handle. */
+gpg_error_t
+get_keyblock_byfprint_fast (kbnode_t *r_keyblock, KEYDB_HANDLE *r_hd,
+ const byte *fprint, size_t fprint_len, int lock)
+{
+ gpg_error_t err;
+ KEYDB_HANDLE hd;
+ kbnode_t keyblock;
byte fprbuf[MAX_FINGERPRINT_LEN];
int i;
+ if (r_keyblock)
+ *r_keyblock = NULL;
+ if (r_hd)
+ *r_hd = NULL;
+
for (i = 0; i < MAX_FINGERPRINT_LEN && i < fprint_len; i++)
fprbuf[i] = fprint[i];
while (i < MAX_FINGERPRINT_LEN)
if (!hd)
return gpg_error_from_syserror ();
- rc = keydb_search_fpr (hd, fprbuf);
- if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND)
+ if (lock)
{
- keydb_release (hd);
- return GPG_ERR_NO_PUBKEY;
+ err = keydb_lock (hd);
+ if (err)
+ {
+ /* If locking did not work, we better don't return a handle
+ * at all - there was a reason that locking has been
+ * requested. */
+ keydb_release (hd);
+ return err;
+ }
+ keydb_disable_caching (hd);
}
- rc = keydb_get_keyblock (hd, &keyblock);
- keydb_release (hd);
- if (rc)
+
+ /* Fo all other errors we return the handle. */
+ if (r_hd)
+ *r_hd = hd;
+
+ err = keydb_search_fpr (hd, fprbuf);
+ if (gpg_err_code (err) == GPG_ERR_NOT_FOUND)
{
- log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc));
- return GPG_ERR_NO_PUBKEY;
+ if (!r_hd)
+ keydb_release (hd);
+ return gpg_error (GPG_ERR_NO_PUBKEY);
+ }
+ err = keydb_get_keyblock (hd, &keyblock);
+ if (err)
+ {
+ log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (err));
+ if (!r_hd)
+ keydb_release (hd);
+ return gpg_error (GPG_ERR_NO_PUBKEY);
}
- assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
- || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
- if (pk)
- copy_public_key (pk, keyblock->pkt->pkt.public_key);
- release_kbnode (keyblock);
+ log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY
+ || keyblock->pkt->pkttype == PKT_PUBLIC_SUBKEY);
/* Not caching key here since it won't have all of the fields
properly set. */
+ if (r_keyblock)
+ *r_keyblock = keyblock;
+ else
+ release_kbnode (keyblock);
+
+ if (!r_hd)
+ keydb_release (hd);
+
return 0;
}
+
const char *
parse_def_secret_key (ctrl_t ctrl)
{
continue;
}
- merge_selfsigs (kb);
+ merge_selfsigs (ctrl, kb);
err = gpg_error (GPG_ERR_NO_SECKEY);
node = kb;
}
else
{
- if (! warned)
+ if (! warned && ! opt.quiet)
log_info (_("using \"%s\" as default secret key for signing\n"),
t->d);
break;
else
include_unusable = 0;
- err = key_byname (NULL, namelist, pk, 1, include_unusable, NULL, NULL);
+ err = key_byname (ctrl, NULL, namelist, pk, 1, include_unusable, NULL, NULL);
free_strlist (namelist);
* returned. In particular, GPG_ERR_NO_PUBKEY or GPG_ERR_NO_SECKEY
* (if want_secret is set) is returned if the key is not found. */
gpg_error_t
-getkey_bynames (getkey_ctx_t *retctx, PKT_public_key *pk,
+getkey_bynames (ctrl_t ctrl, getkey_ctx_t *retctx, PKT_public_key *pk,
strlist_t names, int want_secret, kbnode_t *ret_keyblock)
{
- return key_byname (retctx, names, pk, want_secret, 1,
+ return key_byname (ctrl, retctx, names, pk, want_secret, 1,
ret_keyblock, NULL);
}
else
with_unusable = 0;
- err = key_byname (retctx, namelist, pk, want_secret, with_unusable,
+ err = key_byname (ctrl, retctx, namelist, pk, want_secret, with_unusable,
ret_keyblock, NULL);
/* FIXME: Check that we really return GPG_ERR_NO_SECKEY if
* If PK is not NULL, the public key of the next result is returned in
* *PK. Note: The self-signed data has already been merged into the
* public key using merge_selfsigs. Free *PK by calling
- * release_public_key_parts (or, if PK was allocated using xfree, you
+ * release_public_key_parts (or, if PK was allocated using xmalloc, you
* can use free_public_key, which calls release_public_key_parts(PK)
* and then xfree(PK)).
*
* RET_KEYBLOCK can be given as NULL; if it is not NULL it the entire
- * found keyblock wis retruned hich must be released with
+ * found keyblock is returned which must be released with
* release_kbnode. If the function returns an error NULL is stored at
* RET_KEYBLOCK.
*
* The self-signed data has already been merged into the public key
* using merge_selfsigs. */
gpg_error_t
-getkey_next (getkey_ctx_t ctx, PKT_public_key *pk, kbnode_t *ret_keyblock)
+getkey_next (ctrl_t ctrl, getkey_ctx_t ctx,
+ PKT_public_key *pk, kbnode_t *ret_keyblock)
{
int rc; /* Fixme: Make sure this is proper gpg_error */
+ KBNODE keyblock = NULL;
KBNODE found_key = NULL;
/* We need to disable the caching so that for an exact key search we
used without respecting the current file pointer! */
keydb_disable_caching (ctx->kr_handle);
- rc = lookup (ctx, ret_keyblock, &found_key, ctx->want_secret);
- if (!rc && pk && ret_keyblock)
- pk_from_block (ctx, pk, *ret_keyblock, found_key);
+ /* FOUND_KEY is only valid as long as RET_KEYBLOCK is. If the
+ * caller wants PK, but not RET_KEYBLOCK, we need hand in our own
+ * keyblock. */
+ if (pk && ret_keyblock == NULL)
+ ret_keyblock = &keyblock;
+
+ rc = lookup (ctrl, ctx, ctx->want_secret,
+ ret_keyblock, pk ? &found_key : NULL);
+ if (!rc && pk)
+ {
+ log_assert (found_key);
+ pk_from_block (pk, NULL, found_key);
+ release_kbnode (keyblock);
+ }
return rc;
}
/* Release any resources used by a key listing context. This must be
* called on the context returned by, e.g., getkey_byname. */
void
-getkey_end (getkey_ctx_t ctx)
+getkey_end (ctrl_t ctrl, getkey_ctx_t ctx)
{
if (ctx)
{
+#ifdef HAVE_W32_SYSTEM
+
+ /* FIXME: This creates a big regression for Windows because the
+ * keyring is only released after the global ctrl is released.
+ * So if an operation does a getkey and then tries to modify the
+ * keyring it will fail on Windows with a sharing violation. We
+ * need to modify all keyring write operations to also take the
+ * ctrl and close the cached_getkey_kdb handle to make writing
+ * work. See: GnuPG-bug-id: 3097 */
+ (void)ctrl;
keydb_release (ctx->kr_handle);
+
+#else /*!HAVE_W32_SYSTEM*/
+
+ if (ctrl && !ctrl->cached_getkey_kdb)
+ ctrl->cached_getkey_kdb = ctx->kr_handle;
+ else
+ keydb_release (ctx->kr_handle);
+
+#endif /*!HAVE_W32_SYSTEM*/
+
free_strlist (ctx->extra_list);
if (!ctx->not_allocated)
xfree (ctx);
* useful, however, if you change the keyblock, e.g., by adding or
* removing a self-signed data packet. */
void
-merge_keys_and_selfsig (KBNODE keyblock)
+merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock)
{
if (!keyblock)
;
else if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
- merge_selfsigs (keyblock);
+ merge_selfsigs (ctrl, keyblock);
else
log_debug ("FIXME: merging secret key blocks is not anymore available\n");
}
uid->created = 0; /* Not created == invalid. */
if (IS_UID_REV (sig))
{
- uid->is_revoked = 1;
+ uid->flags.revoked = 1;
return; /* Has been revoked. */
}
else
- uid->is_revoked = 0;
+ uid->flags.revoked = 0;
uid->expiredate = sig->expiredate;
if (sig->flags.expired)
{
- uid->is_expired = 1;
+ uid->flags.expired = 1;
return; /* Has expired. */
}
else
- uid->is_expired = 0;
+ uid->flags.expired = 0;
uid->created = sig->timestamp; /* This one is okay. */
uid->selfsigversion = sig->version;
/* If we got this far, it's not expired :) */
- uid->is_expired = 0;
+ uid->flags.expired = 0;
/* Store the key flags in the helper variable for later processing. */
uid->help_key_usage = parse_key_usage (sig);
/* Set the primary user ID flag - we will later wipe out some
* of them to only have one in our keyblock. */
- uid->is_primary = 0;
+ uid->flags.primary = 0;
p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PRIMARY_UID, NULL);
if (p && *p)
- uid->is_primary = 2;
+ uid->flags.primary = 2;
/* We could also query this from the unhashed area if it is not in
* the hased area and then later try to decide which is the better
/* Given a keyblock, parse the key block and extract various pieces of
- information and save them with the primary key packet and the user
- id packets. For instance, some information is stored in signature
- packets. We find the latest such valid packet (since the user can
- change that information) and copy its contents into the
- PKT_public_key.
-
- Note that R_REVOKED may be set to 0, 1 or 2.
-
- This function fills in the following fields in the primary key's
- keyblock:
-
- main_keyid (computed)
- revkey / numrevkeys (derived from self signed key data)
- flags.valid (whether we have at least 1 self-sig)
- flags.maybe_revoked (whether a designed revoked the key, but
- we are missing the key to check the sig)
- selfsigversion (highest version of any valid self-sig)
- pubkey_usage (derived from most recent self-sig or most
- recent user id)
- has_expired (various sources)
- expiredate (various sources)
-
- See the documentation for fixup_uidnode for how the user id packets
- are modified. In addition to that the primary user id's is_primary
- field is set to 1 and the other user id's is_primary are set to
- 0. */
+ * information and save them with the primary key packet and the user
+ * id packets. For instance, some information is stored in signature
+ * packets. We find the latest such valid packet (since the user can
+ * change that information) and copy its contents into the
+ * PKT_public_key.
+ *
+ * Note that R_REVOKED may be set to 0, 1 or 2.
+ *
+ * This function fills in the following fields in the primary key's
+ * keyblock:
+ *
+ * main_keyid (computed)
+ * revkey / numrevkeys (derived from self signed key data)
+ * flags.valid (whether we have at least 1 self-sig)
+ * flags.maybe_revoked (whether a designed revoked the key, but
+ * we are missing the key to check the sig)
+ * selfsigversion (highest version of any valid self-sig)
+ * pubkey_usage (derived from most recent self-sig or most
+ * recent user id)
+ * has_expired (various sources)
+ * expiredate (various sources)
+ *
+ * See the documentation for fixup_uidnode for how the user id packets
+ * are modified. In addition to that the primary user id's is_primary
+ * field is set to 1 and the other user id's is_primary are set to 0.
+ */
static void
-merge_selfsigs_main (KBNODE keyblock, int *r_revoked,
+merge_selfsigs_main (ctrl_t ctrl, kbnode_t keyblock, int *r_revoked,
struct revoke_info *rinfo)
{
PKT_public_key *pk = NULL;
memset (rinfo, 0, sizeof (*rinfo));
/* Section 11.1 of RFC 4880 determines the order of packets within a
- message. There are three sections, which must occur in the
- following order: the public key, the user ids and user attributes
- and the subkeys. Within each section, each primary packet (e.g.,
- a user id packet) is followed by one or more signature packets,
- which modify that packet. */
+ * message. There are three sections, which must occur in the
+ * following order: the public key, the user ids and user attributes
+ * and the subkeys. Within each section, each primary packet (e.g.,
+ * a user id packet) is followed by one or more signature packets,
+ * which modify that packet. */
/* According to Section 11.1 of RFC 4880, the public key must be the
- first packet. */
+ first packet. Note that parse_keyblock_image ensures that the
+ first packet is the public key. */
if (keyblock->pkt->pkttype != PKT_PUBLIC_KEY)
- /* parse_keyblock_image ensures that the first packet is the
- public key. */
BUG ();
pk = keyblock->pkt->pkt.public_key;
keytimestamp = pk->timestamp;
}
/* First pass:
-
- - Find the latest direct key self-signature. We assume that the
- newest one overrides all others.
-
- - Determine whether the key has been revoked.
-
- - Gather all revocation keys (unlike other data, we don't just
- take them from the latest self-signed packet).
-
- - Determine max (sig[...]->version).
+ *
+ * - Find the latest direct key self-signature. We assume that the
+ * newest one overrides all others.
+ *
+ * - Determine whether the key has been revoked.
+ *
+ * - Gather all revocation keys (unlike other data, we don't just
+ * take them from the latest self-signed packet).
+ *
+ * - Determine max (sig[...]->version).
*/
/* Reset this in case this key was already merged. */
sigdate = 0; /* Helper variable to find the latest signature. */
/* According to Section 11.1 of RFC 4880, the public key comes first
- and is immediately followed by any signature packets that modify
- it. */
+ * and is immediately followed by any signature packets that modify
+ * it. */
for (k = keyblock;
k && k->pkt->pkttype != PKT_USER_ID
&& k->pkt->pkttype != PKT_ATTRIBUTE
{
PKT_signature *sig = k->pkt->pkt.signature;
if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
- /* Self sig. */
- {
- if (check_key_signature (keyblock, k, NULL))
+ { /* Self sig. */
+
+ if (check_key_signature (ctrl, keyblock, k, NULL))
; /* Signature did not verify. */
else if (IS_KEY_REV (sig))
{
else if (IS_KEY_SIG (sig))
{
/* Add the indicated revocations keys from all
- signatures not just the latest. We do this
- because you need multiple 1F sigs to properly
- handle revocation keys (PGP does it this way, and
- a revocation key could be sensitive and hence in
- a different signature). */
+ * signatures not just the latest. We do this
+ * because you need multiple 1F sigs to properly
+ * handle revocation keys (PGP does it this way, and
+ * a revocation key could be sensitive and hence in
+ * a different signature). */
if (sig->revkey)
{
int i;
}
if (sig->timestamp >= sigdate)
- /* This is the latest signature so far. */
- {
+ { /* This is the latest signature so far. */
+
if (sig->flags.expired)
; /* Signature has expired - ignore it. */
else
sizeof (struct revocation_key));
}
+ /* SIGNODE is the 1F signature packet with the latest creation time.
+ * Extract some information from it. */
if (signode)
- /* SIGNODE is the 1F signature packet with the latest creation
- time. Extract some information from it. */
{
/* Some information from a direct key signature take precedence
* over the same information given in UID sigs. */
}
/* Pass 1.5: Look for key revocation signatures that were not made
- by the key (i.e. did a revocation key issue a revocation for
- us?). Only bother to do this if there is a revocation key in the
- first place and we're not revoked already. */
+ * by the key (i.e. did a revocation key issue a revocation for
+ * us?). Only bother to do this if there is a revocation key in the
+ * first place and we're not revoked already. */
if (!*r_revoked && pk->revkey)
for (k = keyblock; k && k->pkt->pkttype != PKT_USER_ID; k = k->next)
if (IS_KEY_REV (sig) &&
(sig->keyid[0] != kid[0] || sig->keyid[1] != kid[1]))
{
- int rc = check_revocation_keys (pk, sig);
+ int rc = check_revocation_keys (ctrl, pk, sig);
if (rc == 0)
{
*r_revoked = 2;
sig_to_revoke_info (sig, rinfo);
/* Don't continue checking since we can't be any
- more revoked than this. */
+ * more revoked than this. */
break;
}
else if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY)
pk->flags.maybe_revoked = 1;
/* A failure here means the sig did not verify, was
- not issued by a revocation key, or a revocation
- key loop was broken. If a revocation key isn't
- findable, however, the key might be revoked and
- we don't know it. */
+ * not issued by a revocation key, or a revocation
+ * key loop was broken. If a revocation key isn't
+ * findable, however, the key might be revoked and
+ * we don't know it. */
- /* TODO: In the future handle subkey and cert
- revocations? PGP doesn't, but it's in 2440. */
+ /* Fixme: In the future handle subkey and cert
+ * revocations? PGP doesn't, but it's in 2440. */
}
}
}
/* Second pass: Look at the self-signature of all user IDs. */
/* According to RFC 4880 section 11.1, user id and attribute packets
- are in the second section, after the public key packet and before
- the subkey packets. */
+ * are in the second section, after the public key packet and before
+ * the subkey packets. */
signode = uidnode = NULL;
sigdate = 0; /* Helper variable to find the latest signature in one UID. */
for (k = keyblock; k && k->pkt->pkttype != PKT_PUBLIC_SUBKEY; k = k->next)
{
if (k->pkt->pkttype == PKT_USER_ID || k->pkt->pkttype == PKT_ATTRIBUTE)
- /* New user id packet. */
- {
+ { /* New user id packet. */
+
+ /* Apply the data from the most recent self-signed packet to
+ * the preceding user id packet. */
if (uidnode && signode)
- /* Apply the data from the most recent self-signed packet
- to the preceding user id packet. */
{
fixup_uidnode (uidnode, signode, keytimestamp);
pk->flags.valid = 1;
}
+
/* Clear SIGNODE. The only relevant self-signed data for
- UIDNODE follows it. */
+ * UIDNODE follows it. */
if (k->pkt->pkttype == PKT_USER_ID)
uidnode = k;
else
uidnode = NULL;
+
signode = NULL;
sigdate = 0;
}
PKT_signature *sig = k->pkt->pkt.signature;
if (sig->keyid[0] == kid[0] && sig->keyid[1] == kid[1])
{
- if (check_key_signature (keyblock, k, NULL))
+ if (check_key_signature (ctrl, keyblock, k, NULL))
; /* signature did not verify */
else if ((IS_UID_SIG (sig) || IS_UID_REV (sig))
&& sig->timestamp >= sigdate)
{
- /* Note: we allow to invalidate cert revocations
+ /* Note: we allow invalidation of cert revocations
* by a newer signature. An attacker can't use this
* because a key should be revoked with a key revocation.
* The reason why we have to allow for that is that at
}
/* If the key isn't valid yet, and we have
- --allow-non-selfsigned-uid set, then force it valid. */
+ * --allow-non-selfsigned-uid set, then force it valid. */
if (!pk->flags.valid && opt.allow_non_selfsigned_uid)
{
if (opt.verbose)
}
/* The key STILL isn't valid, so try and find an ultimately
- trusted signature. */
+ * trusted signature. */
if (!pk->flags.valid)
{
uidnode = NULL;
ultimate_pk = xmalloc_clear (sizeof (*ultimate_pk));
- /* We don't want to use the full get_pubkey to
- avoid infinite recursion in certain cases.
- There is no reason to check that an ultimately
- trusted key is still valid - if it has been
- revoked the user should also remove the
- ultimate trust flag. */
+ /* We don't want to use the full get_pubkey to avoid
+ * infinite recursion in certain cases. There is no
+ * reason to check that an ultimately trusted key is
+ * still valid - if it has been revoked the user
+ * should also remove the ultimate trust flag. */
if (get_pubkey_fast (ultimate_pk, sig->keyid) == 0
- && check_key_signature2 (keyblock, k, ultimate_pk,
+ && check_key_signature2 (ctrl,
+ keyblock, k, ultimate_pk,
NULL, NULL, NULL, NULL) == 0
- && get_ownertrust (ultimate_pk) == TRUST_ULTIMATE)
+ && get_ownertrust (ctrl, ultimate_pk) == TRUST_ULTIMATE)
{
free_public_key (ultimate_pk);
pk->flags.valid = 1;
}
}
- /* Record the highest selfsig version so we know if this is a v3
- key through and through, or a v3 key with a v4 selfsig
- somewhere. This is useful in a few places to know if the key
- must be treated as PGP2-style or OpenPGP-style. Note that a
- selfsig revocation with a higher version number will also raise
- this value. This is okay since such a revocation must be
- issued by the user (i.e. it cannot be issued by someone else to
- modify the key behavior.) */
+ /* Record the highest selfsig version so we know if this is a v3 key
+ * through and through, or a v3 key with a v4 selfsig somewhere.
+ * This is useful in a few places to know if the key must be treated
+ * as PGP2-style or OpenPGP-style. Note that a selfsig revocation
+ * with a higher version number will also raise this value. This is
+ * okay since such a revocation must be issued by the user (i.e. it
+ * cannot be issued by someone else to modify the key behavior.) */
pk->selfsigversion = sigversion;
- /* Now that we had a look at all user IDs we can now get some information
- * from those user IDs.
- */
+ /* Now that we had a look at all user IDs we can now get some
+ * information from those user IDs. */
if (!key_usage)
{
if (k->pkt->pkttype == PKT_USER_ID)
{
PKT_user_id *uid = k->pkt->pkt.user_id;
+
if (uid->help_key_usage && uid->created > uiddate)
{
key_usage = uid->help_key_usage;
}
}
}
+
if (!key_usage)
{
/* No key flags at all: get it from the algo. */
}
/* Currently only v3 keys have a maximum expiration date, but I'll
- bet v5 keys get this feature again. */
+ * bet v5 keys get this feature again. */
if (key_expire == 0
|| (pk->max_expiredate && key_expire > pk->max_expiredate))
key_expire = pk->max_expiredate;
pk->has_expired = key_expire >= curtime ? 0 : key_expire;
pk->expiredate = key_expire;
- /* Fixme: we should see how to get rid of the expiretime fields but
- * this needs changes at other places too. */
+ /* Fixme: we should see how to get rid of the expiretime fields but
+ * this needs changes at other places too. */
/* And now find the real primary user ID and delete all others. */
uiddate = uiddate2 = 0;
if (k->pkt->pkttype == PKT_USER_ID && !k->pkt->pkt.user_id->attrib_data)
{
PKT_user_id *uid = k->pkt->pkt.user_id;
- if (uid->is_primary)
+ if (uid->flags.primary)
{
if (uid->created > uiddate)
{
}
else if (uid->created == uiddate && uidnode)
{
- /* The dates are equal, so we need to do a
- different (and arbitrary) comparison. This
- should rarely, if ever, happen. It's good to
- try and guarantee that two different GnuPG
- users with two different keyrings at least pick
- the same primary. */
+ /* The dates are equal, so we need to do a different
+ * (and arbitrary) comparison. This should rarely,
+ * if ever, happen. It's good to try and guarantee
+ * that two different GnuPG users with two different
+ * keyrings at least pick the same primary. */
if (cmp_user_ids (uid, uidnode->pkt->pkt.user_id) > 0)
uidnode = k;
}
{
PKT_user_id *uid = k->pkt->pkt.user_id;
if (k != uidnode)
- uid->is_primary = 0;
+ uid->flags.primary = 0;
}
}
}
else if (uidnode2)
{
/* None is flagged primary - use the latest user ID we have,
- and disambiguate with the arbitrary packet comparison. */
- uidnode2->pkt->pkt.user_id->is_primary = 1;
+ * and disambiguate with the arbitrary packet comparison. */
+ uidnode2->pkt->pkt.user_id->flags.primary = 1;
}
else
{
/* None of our uids were self-signed, so pick the one that
- sorts first to be the primary. This is the best we can do
- here since there are no self sigs to date the uids. */
+ * sorts first to be the primary. This is the best we can do
+ * here since there are no self sigs to date the uids. */
uidnode = NULL;
if (!uidnode)
{
uidnode = k;
- uidnode->pkt->pkt.user_id->is_primary = 1;
+ uidnode->pkt->pkt.user_id->flags.primary = 1;
continue;
}
else
if (cmp_user_ids (k->pkt->pkt.user_id,
uidnode->pkt->pkt.user_id) > 0)
{
- uidnode->pkt->pkt.user_id->is_primary = 0;
+ uidnode->pkt->pkt.user_id->flags.primary = 0;
uidnode = k;
- uidnode->pkt->pkt.user_id->is_primary = 1;
+ uidnode->pkt->pkt.user_id->flags.primary = 1;
}
else
- k->pkt->pkt.user_id->is_primary = 0; /* just to be
- safe */
+ {
+ /* just to be safe: */
+ k->pkt->pkt.user_id->flags.primary = 0;
+ }
}
}
}
}
}
+
/* Convert a buffer to a signature. Useful for 0x19 embedded sigs.
- Caller must free the signature when they are done. */
+ * Caller must free the signature when they are done. */
static PKT_signature *
buf_to_sig (const byte * buf, size_t len)
{
return sig;
}
-/* Use the self-signed data to fill in various fields in subkeys.
-
- KEYBLOCK is the whole keyblock. SUBNODE is the subkey to fill in.
-
- Sets the following fields on the subkey:
- main_keyid
- flags.valid if the subkey has a valid self-sig binding
- flags.revoked
- flags.backsig
- pubkey_usage
- has_expired
- expired_date
-
- On this subkey's most revent valid self-signed packet, the
- following field is set:
-
- flags.chosen_selfsig
- */
+/* Use the self-signed data to fill in various fields in subkeys.
+ *
+ * KEYBLOCK is the whole keyblock. SUBNODE is the subkey to fill in.
+ *
+ * Sets the following fields on the subkey:
+ *
+ * main_keyid
+ * flags.valid if the subkey has a valid self-sig binding
+ * flags.revoked
+ * flags.backsig
+ * pubkey_usage
+ * has_expired
+ * expired_date
+ *
+ * On this subkey's most revent valid self-signed packet, the
+ * following field is set:
+ *
+ * flags.chosen_selfsig
+ */
static void
-merge_selfsigs_subkey (KBNODE keyblock, KBNODE subnode)
+merge_selfsigs_subkey (ctrl_t ctrl, kbnode_t keyblock, kbnode_t subnode)
{
PKT_public_key *mainpk = NULL, *subpk = NULL;
PKT_signature *sig;
sig = k->pkt->pkt.signature;
if (sig->keyid[0] == mainkid[0] && sig->keyid[1] == mainkid[1])
{
- if (check_key_signature (keyblock, k, NULL))
+ if (check_key_signature (ctrl, keyblock, k, NULL))
; /* Signature did not verify. */
else if (IS_SUBKEY_REV (sig))
{
/* Note that this means that the date on a
- revocation sig does not matter - even if the
- binding sig is dated after the revocation sig,
- the subkey is still marked as revoked. This
- seems ok, as it is just as easy to make new
- subkeys rather than re-sign old ones as the
- problem is in the distribution. Plus, PGP (7)
- does this the same way. */
+ * revocation sig does not matter - even if the
+ * binding sig is dated after the revocation sig,
+ * the subkey is still marked as revoked. This
+ * seems ok, as it is just as easy to make new
+ * subkeys rather than re-sign old ones as the
+ * problem is in the distribution. Plus, PGP (7)
+ * does this the same way. */
subpk->flags.revoked = 1;
sig_to_revoke_info (sig, &subpk->revoked);
/* Although we could stop now, we continue to
key_expire = keytimestamp + buf32_to_u32 (p);
else
key_expire = 0;
+
subpk->has_expired = key_expire >= curtime ? 0 : key_expire;
subpk->expiredate = key_expire;
sigdate = 0;
/* We do this while() since there may be other embedded
- signatures in the future. We only want 0x19 here. */
+ * signatures in the future. We only want 0x19 here. */
while ((p = enum_sig_subpkt (sig->hashed,
SIGSUBPKT_SIGNATURE, &n, &seq, NULL)))
seq = 0;
/* It is safe to have this in the unhashed area since the 0x19
- is located on the selfsig for convenience, not security. */
+ * is located on the selfsig for convenience, not security. */
while ((p = enum_sig_subpkt (sig->unhashed, SIGSUBPKT_SIGNATURE,
&n, &seq, NULL)))
if (backsig)
{
/* At this point, backsig contains the most recent 0x19 sig.
- Let's see if it is good. */
+ * Let's see if it is good. */
/* 2==valid, 1==invalid, 0==didn't check */
if (check_backsig (mainpk, subpk, backsig) == 0)
/* Merge information from the self-signatures with the public key,
- subkeys and user ids to make using them more easy.
-
- See documentation for merge_selfsigs_main, merge_selfsigs_subkey
- and fixup_uidnode for exactly which fields are updated. */
+ * subkeys and user ids to make using them more easy.
+ *
+ * See documentation for merge_selfsigs_main, merge_selfsigs_subkey
+ * and fixup_uidnode for exactly which fields are updated. */
static void
-merge_selfsigs (KBNODE keyblock)
+merge_selfsigs (ctrl_t ctrl, kbnode_t keyblock)
{
KBNODE k;
int revoked;
log_error ("expected public key but found secret key "
"- must stop\n");
/* We better exit here because a public key is expected at
- other places too. FIXME: Figure this out earlier and
- don't get to here at all */
+ * other places too. FIXME: Figure this out earlier and
+ * don't get to here at all */
g10_exit (1);
}
BUG ();
}
- merge_selfsigs_main (keyblock, &revoked, &rinfo);
+ merge_selfsigs_main (ctrl, keyblock, &revoked, &rinfo);
/* Now merge in the data from each of the subkeys. */
for (k = keyblock; k; k = k->next)
{
if (k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
- merge_selfsigs_subkey (keyblock, k);
+ merge_selfsigs_subkey (ctrl, keyblock, k);
}
}
{
if (k->pkt->pkttype == PKT_USER_ID
&& !k->pkt->pkt.user_id->attrib_data
- && k->pkt->pkt.user_id->is_primary)
+ && k->pkt->pkt.user_id->flags.primary)
{
prefs = k->pkt->pkt.user_id->prefs;
mdc_feature = k->pkt->pkt.user_id->flags.mdc;
\f
/* See whether the key satisfies any additional requirements specified
- in CTX. If so, return 1 and set CTX->FOUND_KEY to an appropriate
- key or subkey. Otherwise, return 0 if there was no appropriate
- key.
-
- In case the primary key is not required, select a suitable subkey.
- We need the primary key if PUBKEY_USAGE_CERT is set in
- CTX->REQ_USAGE or we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG
- is set in CTX->REQ_USAGE.
-
- If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
- are set in CTX->REQ_USAGE, we filter by the key's function.
- Concretely, if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then
- we only return a key if it is (at least) either a signing or a
- certification key.
-
- If CTX->REQ_USAGE is set, then we reject any keys that are not good
- (i.e., valid, not revoked, not expired, etc.). This allows the
- getkey functions to be used for plain key listings.
-
- Sets the matched key's user id field (pk->user_id) to the user id
- that matched the low-level search criteria or NULL.
-
-
- This function needs to handle several different cases:
-
- 1. No requested usage and no primary key requested
- Examples for this case are that we have a keyID to be used
- for decrytion or verification.
- 2. No usage but primary key requested
- This is the case for all functions which work on an
- entire keyblock, e.g. for editing or listing
- 3. Usage and primary key requested
- FXME
- 4. Usage but no primary key requested
- FIXME
-
+ * in CTX. If so, return the node of an appropriate key or subkey.
+ * Otherwise, return NULL if there was no appropriate key.
+ *
+ * Note that we do not return a reference, i.e. the result must not be
+ * freed using 'release_kbnode'.
+ *
+ * In case the primary key is not required, select a suitable subkey.
+ * We need the primary key if PUBKEY_USAGE_CERT is set in REQ_USAGE or
+ * we are in PGP6 or PGP7 mode and PUBKEY_USAGE_SIG is set in
+ * REQ_USAGE.
+ *
+ * If any of PUBKEY_USAGE_SIG, PUBKEY_USAGE_ENC and PUBKEY_USAGE_CERT
+ * are set in REQ_USAGE, we filter by the key's function. Concretely,
+ * if PUBKEY_USAGE_SIG and PUBKEY_USAGE_CERT are set, then we only
+ * return a key if it is (at least) either a signing or a
+ * certification key.
+ *
+ * If REQ_USAGE is set, then we reject any keys that are not good
+ * (i.e., valid, not revoked, not expired, etc.). This allows the
+ * getkey functions to be used for plain key listings.
+ *
+ * Sets the matched key's user id field (pk->user_id) to the user id
+ * that matched the low-level search criteria or NULL.
+ *
+ * If R_FLAGS is not NULL set certain flags for more detailed error
+ * reporting. Used flags are:
+ *
+ * - LOOKUP_ALL_SUBKEYS_EXPIRED :: All Subkeys are expired or have
+ * been revoked.
+ * - LOOKUP_NOT_SELECTED :: No suitable key found
+ *
+ * This function needs to handle several different cases:
+ *
+ * 1. No requested usage and no primary key requested
+ * Examples for this case are that we have a keyID to be used
+ * for decrytion or verification.
+ * 2. No usage but primary key requested
+ * This is the case for all functions which work on an
+ * entire keyblock, e.g. for editing or listing
+ * 3. Usage and primary key requested
+ * FIXME
+ * 4. Usage but no primary key requested
+ * FIXME
+ *
*/
-static KBNODE
-finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
+static kbnode_t
+finish_lookup (kbnode_t keyblock, unsigned int req_usage, int want_exact,
+ int want_secret, unsigned int *r_flags)
{
- KBNODE k;
+ kbnode_t k;
- /* If CTX->EXACT is set, the key or subkey that actually matched the
+ /* If WANT_EXACT is set, the key or subkey that actually matched the
low-level search criteria. */
- KBNODE foundk = NULL;
+ kbnode_t foundk = NULL;
/* The user id (if any) that matched the low-level search criteria. */
PKT_user_id *foundu = NULL;
-#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
- unsigned int req_usage = (ctx->req_usage & USAGE_MASK);
+ u32 latest_date;
+ kbnode_t latest_key;
+ PKT_public_key *pk;
+ int req_prim;
+ u32 curtime = make_timestamp ();
- /* Request the primary if we're certifying another key, and also
- if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
- do not understand signatures made by a signing subkey. PGP 8
- does. */
- int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
- ((PGP6 || PGP7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
+ if (r_flags)
+ *r_flags = 0;
- u32 curtime = make_timestamp ();
+#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC|PUBKEY_USAGE_CERT)
+ req_usage &= USAGE_MASK;
- u32 latest_date;
- KBNODE latest_key;
- PKT_public_key *pk;
+ /* Request the primary if we're certifying another key, and also if
+ * signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 do
+ * not understand signatures made by a signing subkey. PGP 8 does. */
+ req_prim = ((req_usage & PUBKEY_USAGE_CERT)
+ || ((PGP6 || PGP7) && (req_usage & PUBKEY_USAGE_SIG)));
- assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
+ log_assert (keyblock->pkt->pkttype == PKT_PUBLIC_KEY);
- if (ctx->exact)
- /* Get the key or subkey that matched the low-level search
- criteria. */
+ /* For an exact match mark the primary or subkey that matched the
+ low-level search criteria. */
+ if (want_exact)
{
for (k = keyblock; k; k = k->next)
{
if ((k->flag & 1))
{
- assert (k->pkt->pkttype == PKT_PUBLIC_KEY
- || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+ log_assert (k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY);
foundk = k;
pk = k->pkt->pkt.public_key;
pk->flags.exact = 1;
{
if ((k->flag & 2))
{
- assert (k->pkt->pkttype == PKT_USER_ID);
+ log_assert (k->pkt->pkttype == PKT_USER_ID);
foundu = k->pkt->pkt.user_id;
break;
}
latest_date = 0;
latest_key = NULL;
- /* Set latest_key to the latest (the one with the most recent
- timestamp) good (valid, not revoked, not expired, etc.) subkey.
-
- Don't bother if we are only looking for a primary key or we need
- an exact match and the exact match is not a subkey. */
+ /* Set LATEST_KEY to the latest (the one with the most recent
+ * timestamp) good (valid, not revoked, not expired, etc.) subkey.
+ *
+ * Don't bother if we are only looking for a primary key or we need
+ * an exact match and the exact match is not a subkey. */
if (req_prim || (foundk && foundk->pkt->pkttype != PKT_PUBLIC_SUBKEY))
;
else
{
- KBNODE nextk;
+ kbnode_t nextk;
+ int n_subkeys = 0;
+ int n_revoked_or_expired = 0;
/* Either start a loop or check just this one subkey. */
for (k = foundk ? foundk : keyblock; k; k = nextk)
{
if (foundk)
- /* If FOUNDK is not NULL, then only consider that exact
- key, i.e., don't iterate. */
- nextk = NULL;
+ {
+ /* If FOUNDK is not NULL, then only consider that exact
+ key, i.e., don't iterate. */
+ nextk = NULL;
+ }
else
nextk = k->next;
if (DBG_LOOKUP)
log_debug ("\tchecking subkey %08lX\n",
(ulong) keyid_from_pk (pk, NULL));
+
if (!pk->flags.valid)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey not valid\n");
continue;
}
+ if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tusage does not match: want=%x have=%x\n",
+ req_usage, pk->pubkey_usage);
+ continue;
+ }
+
+ n_subkeys++;
if (pk->flags.revoked)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey has been revoked\n");
+ n_revoked_or_expired++;
continue;
}
if (pk->has_expired)
{
if (DBG_LOOKUP)
log_debug ("\tsubkey has expired\n");
+ n_revoked_or_expired++;
continue;
}
if (pk->timestamp > curtime && !opt.ignore_valid_from)
continue;
}
- if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
- {
- if (DBG_LOOKUP)
- log_debug ("\tusage does not match: want=%x have=%x\n",
- req_usage, pk->pubkey_usage);
- continue;
- }
+ if (want_secret && agent_probe_secret_key (NULL, pk))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tno secret key\n");
+ continue;
+ }
if (DBG_LOOKUP)
log_debug ("\tsubkey might be fine\n");
latest_key = k;
}
}
+ if (n_subkeys == n_revoked_or_expired && r_flags)
+ *r_flags |= LOOKUP_ALL_SUBKEYS_EXPIRED;
}
/* Check if the primary key is ok (valid, not revoke, not expire,
- matches requested usage) if:
-
- - we didn't find an appropriate subkey and we're not doing an
- exact search,
-
- - we're doing an exact match and the exact match was the
- primary key, or,
-
- - we're just considering the primary key. */
- if ((!latest_key && !ctx->exact) || foundk == keyblock || req_prim)
+ * matches requested usage) if:
+ *
+ * - we didn't find an appropriate subkey and we're not doing an
+ * exact search,
+ *
+ * - we're doing an exact match and the exact match was the
+ * primary key, or,
+ *
+ * - we're just considering the primary key. */
+ if ((!latest_key && !want_exact) || foundk == keyblock || req_prim)
{
if (DBG_LOOKUP && !foundk && !req_prim)
log_debug ("\tno suitable subkeys found - trying primary\n");
if (DBG_LOOKUP)
log_debug ("\tprimary key not valid\n");
}
+ else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
+ {
+ if (DBG_LOOKUP)
+ log_debug ("\tprimary key usage does not match: "
+ "want=%x have=%x\n", req_usage, pk->pubkey_usage);
+ }
else if (pk->flags.revoked)
{
if (DBG_LOOKUP)
if (DBG_LOOKUP)
log_debug ("\tprimary key has expired\n");
}
- else if (!((pk->pubkey_usage & USAGE_MASK) & req_usage))
- {
- if (DBG_LOOKUP)
- log_debug ("\tprimary key usage does not match: "
- "want=%x have=%x\n", req_usage, pk->pubkey_usage);
- }
else /* Okay. */
{
if (DBG_LOOKUP)
{
if (DBG_LOOKUP)
log_debug ("\tno suitable key found - giving up\n");
+ if (r_flags)
+ *r_flags |= LOOKUP_NOT_SELECTED;
return NULL; /* Not found. */
}
-found:
+ found:
if (DBG_LOOKUP)
log_debug ("\tusing key %08lX\n",
(ulong) keyid_from_pk (latest_key->pkt->pkt.public_key, NULL));
if (latest_key)
{
pk = latest_key->pkt->pkt.public_key;
- if (pk->user_id)
- free_user_id (pk->user_id);
+ free_user_id (pk->user_id);
pk->user_id = scopy_user_id (foundu);
}
}
-/* A high-level function to lookup keys.
+/* Print a KEY_CONSIDERED status line. */
+static void
+print_status_key_considered (kbnode_t keyblock, unsigned int flags)
+{
+ char hexfpr[2*MAX_FINGERPRINT_LEN + 1];
+ kbnode_t node;
+ char flagbuf[20];
+
+ if (!is_status_enabled ())
+ return;
- This function builds on top of the low-level keydb API. It first
- searches the database using the description stored in CTX->ITEMS,
- then it filters the results using CTX and, finally, if WANT_SECRET
- is set, it ignores any keys for which no secret key is available.
+ for (node=keyblock; node; node = node->next)
+ if (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY)
+ break;
+ if (!node)
+ {
+ log_error ("%s: keyblock w/o primary key\n", __func__);
+ return;
+ }
- Unlike the low-level search functions, this function also merges
- all of the self-signed data into the keys, subkeys and user id
- packets (see the merge_selfsigs for details).
+ hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr);
+ snprintf (flagbuf, sizeof flagbuf, " %u", flags);
+ write_status_strings (STATUS_KEY_CONSIDERED, hexfpr, flagbuf, NULL);
+}
- On success the key's keyblock is stored at *RET_KEYBLOCK. */
+
+
+/* A high-level function to lookup keys.
+ *
+ * This function builds on top of the low-level keydb API. It first
+ * searches the database using the description stored in CTX->ITEMS,
+ * then it filters the results using CTX and, finally, if WANT_SECRET
+ * is set, it ignores any keys for which no secret key is available.
+ *
+ * Unlike the low-level search functions, this function also merges
+ * all of the self-signed data into the keys, subkeys and user id
+ * packets (see the merge_selfsigs for details).
+ *
+ * On success the key's keyblock is stored at *RET_KEYBLOCK, and the
+ * specific subkey is stored at *RET_FOUND_KEY. Note that we do not
+ * return a reference in *RET_FOUND_KEY, i.e. the result must not be
+ * freed using 'release_kbnode', and it is only valid until
+ * *RET_KEYBLOCK is deallocated. Therefore, if RET_FOUND_KEY is not
+ * NULL, then RET_KEYBLOCK must not be NULL. */
static int
-lookup (getkey_ctx_t ctx, kbnode_t *ret_keyblock, kbnode_t *ret_found_key,
- int want_secret)
+lookup (ctrl_t ctrl, getkey_ctx_t ctx, int want_secret,
+ kbnode_t *ret_keyblock, kbnode_t *ret_found_key)
{
int rc;
int no_suitable_key = 0;
KBNODE keyblock = NULL;
KBNODE found_key = NULL;
+ unsigned int infoflags;
+ log_assert (ret_found_key == NULL || ret_keyblock != NULL);
if (ret_keyblock)
*ret_keyblock = NULL;
break;
/* If we are iterating over the entire database, then we need to
- change from KEYDB_SEARCH_MODE_FIRST, which does an implicit
- reset, to KEYDB_SEARCH_MODE_NEXT, which gets the next
- record. */
+ * change from KEYDB_SEARCH_MODE_FIRST, which does an implicit
+ * reset, to KEYDB_SEARCH_MODE_NEXT, which gets the next record. */
if (ctx->nitems && ctx->items->mode == KEYDB_SEARCH_MODE_FIRST)
ctx->items->mode = KEYDB_SEARCH_MODE_NEXT;
goto skip;
}
- if (want_secret && agent_probe_any_secret_key (NULL, keyblock))
- goto skip; /* No secret key available. */
+ if (want_secret)
+ {
+ rc = agent_probe_any_secret_key (NULL, keyblock);
+ if (gpg_err_code(rc) == GPG_ERR_NO_SECKEY)
+ goto skip; /* No secret key available. */
+ if (rc)
+ goto found; /* Unexpected error. */
+ }
/* Warning: node flag bits 0 and 1 should be preserved by
- * merge_selfsigs. For secret keys, premerge transferred the
- * keys to the keyblock. */
- merge_selfsigs (keyblock);
- found_key = finish_lookup (ctx, keyblock);
+ * merge_selfsigs. */
+ merge_selfsigs (ctrl, keyblock);
+ found_key = finish_lookup (keyblock, ctx->req_usage, ctx->exact,
+ want_secret, &infoflags);
+ print_status_key_considered (keyblock, infoflags);
if (found_key)
{
no_suitable_key = 0;
goto found;
}
else
- no_suitable_key = 1;
+ {
+ no_suitable_key = 1;
+ }
skip:
/* Release resources and continue search. */
release_kbnode (keyblock);
keyblock = NULL;
/* The keyblock cache ignores the current "file position".
- Thus, if we request the next result and the cache matches
- (and it will since it is what we just looked for), we'll get
- the same entry back! We can avoid this infinite loop by
- disabling the cache. */
+ * Thus, if we request the next result and the cache matches
+ * (and it will since it is what we just looked for), we'll get
+ * the same entry back! We can avoid this infinite loop by
+ * disabling the cache. */
keydb_disable_caching (ctx->kr_handle);
}
-found:
+ found:
if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND)
log_error ("keydb_search failed: %s\n", gpg_strerror (rc));
if (!rc)
{
if (ret_keyblock)
- *ret_keyblock = keyblock; /* Return the keyblock. */
- keyblock = NULL;
+ {
+ *ret_keyblock = keyblock; /* Return the keyblock. */
+ keyblock = NULL;
+ }
}
else if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND && no_suitable_key)
rc = want_secret? GPG_ERR_UNUSABLE_SECKEY : GPG_ERR_UNUSABLE_PUBKEY;
{
gpg_error_t err = 0;
const char *name;
+ kbnode_t keyblock;
struct
{
int eof;
strlist_t sl;
kbnode_t keyblock;
kbnode_t node;
+ getkey_ctx_t ctx;
} *c = *context;
if (!c)
{
/* Free the context. */
release_kbnode (c->keyblock);
+ getkey_end (ctrl, c->ctx);
xfree (c);
*context = NULL;
return 0;
do
{
name = NULL;
+ keyblock = NULL;
switch (c->state)
{
case 0: /* First try to use the --default-key. */
c->state++;
break;
+ case 3: /* Init search context to enum all secret keys. */
+ err = getkey_bynames (ctrl, &c->ctx, NULL, NULL, 1,
+ &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (ctrl, c->ctx);
+ c->ctx = NULL;
+ }
+ c->state++;
+ break;
+
+ case 4: /* Get next item from the context. */
+ if (c->ctx)
+ {
+ err = getkey_next (ctrl, c->ctx, NULL, &keyblock);
+ if (err)
+ {
+ release_kbnode (keyblock);
+ keyblock = NULL;
+ getkey_end (ctrl, c->ctx);
+ c->ctx = NULL;
+ }
+ }
+ else
+ c->state++;
+ break;
+
default: /* No more names to check - stop. */
c->eof = 1;
return gpg_error (GPG_ERR_EOF);
}
}
- while (!name || !*name);
+ while ((!name || !*name) && !keyblock);
- err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
- if (err)
+ if (keyblock)
+ c->node = c->keyblock = keyblock;
+ else
{
- /* getkey_byname might return a keyblock even in the
- error case - I have not checked. Thus better release
- it. */
- release_kbnode (c->keyblock);
- c->keyblock = NULL;
+ err = getkey_byname (ctrl, NULL, NULL, name, 1, &c->keyblock);
+ if (err)
+ {
+ /* getkey_byname might return a keyblock even in the
+ error case - I have not checked. Thus better release
+ it. */
+ release_kbnode (c->keyblock);
+ c->keyblock = NULL;
+ }
+ else
+ c->node = c->keyblock;
}
- else
- c->node = c->keyblock;
}
/* Get the next key from the current keyblock. */
}
}
+gpg_error_t
+get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
+ const byte *fpr_card, size_t fpr_len)
+{
+ gpg_error_t err;
+ strlist_t namelist = NULL;
+
+ const char *def_secret_key = parse_def_secret_key (ctrl);
+
+ if (def_secret_key)
+ add_to_strlist (&namelist, def_secret_key);
+ else if (fpr_card)
+ return get_pubkey_byfprint (ctrl, pk, NULL, fpr_card, fpr_len);
+
+ if (!fpr_card
+ || (def_secret_key && def_secret_key[strlen (def_secret_key)-1] == '!'))
+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, NULL, NULL);
+ else
+ { /* Default key is specified and card key is also available. */
+ kbnode_t k, keyblock = NULL;
+
+ err = key_byname (ctrl, NULL, namelist, pk, 1, 0, &keyblock, NULL);
+ if (!err)
+ for (k = keyblock; k; k = k->next)
+ {
+ PKT_public_key *pk_candidate;
+ char fpr[MAX_FINGERPRINT_LEN];
+
+ if (k->pkt->pkttype != PKT_PUBLIC_KEY
+ &&k->pkt->pkttype != PKT_PUBLIC_SUBKEY)
+ continue;
+
+ pk_candidate = k->pkt->pkt.public_key;
+ if (!pk_candidate->flags.valid)
+ continue;
+ if (!((pk_candidate->pubkey_usage & USAGE_MASK) & pk->req_usage))
+ continue;
+ fingerprint_from_pk (pk_candidate, fpr, NULL);
+ if (!memcmp (fpr_card, fpr, fpr_len))
+ {
+ release_public_key_parts (pk);
+ copy_public_key (pk, pk_candidate);
+ break;
+ }
+ }
+ release_kbnode (keyblock);
+ }
+
+ free_strlist (namelist);
+
+ return err;
+}
\f
/*********************************************
*********** User ID printing helpers *******
/* Return a string with a printable representation of the user_id.
* this string must be freed by xfree. */
static char *
-get_user_id_string (u32 * keyid, int mode, size_t *r_len)
+get_user_id_string (ctrl_t ctrl, u32 * keyid, int mode, size_t *r_len)
{
user_id_db_t r;
keyid_list_t a;
}
}
}
- while (++pass < 2 && !get_pubkey (NULL, keyid));
+ while (++pass < 2 && !get_pubkey (ctrl, NULL, keyid));
if (mode == 2)
p = xstrdup (user_id_not_found_utf8 ());
char *
-get_user_id_string_native (u32 * keyid)
+get_user_id_string_native (ctrl_t ctrl, u32 * keyid)
{
- char *p = get_user_id_string (keyid, 0, NULL);
+ char *p = get_user_id_string (ctrl, keyid, 0, NULL);
char *p2 = utf8_to_native (p, strlen (p), 0);
xfree (p);
return p2;
char *
-get_long_user_id_string (u32 * keyid)
+get_long_user_id_string (ctrl_t ctrl, u32 * keyid)
{
- return get_user_id_string (keyid, 1, NULL);
+ return get_user_id_string (ctrl, keyid, 1, NULL);
}
/* Please try to use get_user_byfpr instead of this one. */
char *
-get_user_id (u32 * keyid, size_t * rn)
+get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn)
{
- return get_user_id_string (keyid, 2, rn);
+ return get_user_id_string (ctrl, keyid, 2, rn);
}
/* Please try to use get_user_id_byfpr_native instead of this one. */
char *
-get_user_id_native (u32 * keyid)
+get_user_id_native (ctrl_t ctrl, u32 *keyid)
{
size_t rn;
- char *p = get_user_id (keyid, &rn);
+ char *p = get_user_id (ctrl, keyid, &rn);
char *p2 = utf8_to_native (p, rn, 0);
xfree (p);
return p2;
terminated. To determine the length of the string, you must use
*RN. */
char *
-get_user_id_byfpr (const byte *fpr, size_t *rn)
+get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn)
{
user_id_db_t r;
char *p;
}
}
while (++pass < 2
- && !get_pubkey_byfprint (NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
+ && !get_pubkey_byfprint (ctrl, NULL, NULL, fpr, MAX_FINGERPRINT_LEN));
p = xstrdup (user_id_not_found_utf8 ());
*rn = strlen (p);
return p;
encoding. The returned string needs to be freed. Unlike
get_user_id_byfpr, the returned string is NUL terminated. */
char *
-get_user_id_byfpr_native (const byte *fpr)
+get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr)
{
size_t rn;
- char *p = get_user_id_byfpr (fpr, &rn);
+ char *p = get_user_id_byfpr (ctrl, fpr, &rn);
char *p2 = utf8_to_native (p, rn, 0);
xfree (p);
return p2;
/* Returns false on error. */
int
-parse_auto_key_locate (char *options)
+parse_auto_key_locate (const char *options_arg)
{
char *tok;
+ char *options, *options_buf;
+ options = options_buf = xstrdup (options_arg);
while ((tok = optsep (&options)))
{
struct akl *akl, *check, *last = NULL;
akl->type = AKL_LDAP;
else if (ascii_strcasecmp (tok, "keyserver") == 0)
akl->type = AKL_KEYSERVER;
-#ifdef USE_DNS_CERT
else if (ascii_strcasecmp (tok, "cert") == 0)
akl->type = AKL_CERT;
-#endif
else if (ascii_strcasecmp (tok, "pka") == 0)
akl->type = AKL_PKA;
else if (ascii_strcasecmp (tok, "dane") == 0)
akl->type = AKL_DANE;
+ else if (ascii_strcasecmp (tok, "wkd") == 0)
+ akl->type = AKL_WKD;
else if ((akl->spec = parse_keyserver_uri (tok, 1)))
akl->type = AKL_SPEC;
else
{
free_akl (akl);
+ xfree (options_buf);
return 0;
}
}
}
+ xfree (options_buf);
return 1;
}
+\f
+/* The list of key origins. */
+static struct {
+ const char *name;
+ int origin;
+} key_origin_list[] =
+ {
+ { "self", KEYORG_SELF },
+ { "file", KEYORG_FILE },
+ { "url", KEYORG_URL },
+ { "wkd", KEYORG_WKD },
+ { "dane", KEYORG_DANE },
+ { "ks-pref", KEYORG_KS_PREF },
+ { "ks", KEYORG_KS },
+ { "unknown", KEYORG_UNKNOWN }
+ };
+
+/* Parse the argument for --key-origin. Return false on error. */
+int
+parse_key_origin (char *string)
+{
+ int i;
+ char *comma;
+
+ comma = strchr (string, ',');
+ if (comma)
+ *comma = 0;
+
+ if (!ascii_strcasecmp (string, "help"))
+ {
+ log_info (_("valid values for option '%s':\n"), "--key-origin");
+ for (i=0; i < DIM (key_origin_list); i++)
+ log_info (" %s\n", key_origin_list[i].name);
+ g10_exit (1);
+ }
+
+ for (i=0; i < DIM (key_origin_list); i++)
+ if (!ascii_strcasecmp (string, key_origin_list[i].name))
+ {
+ opt.key_origin = key_origin_list[i].origin;
+ xfree (opt.key_origin_url);
+ opt.key_origin_url = NULL;
+ if (comma && comma[1])
+ {
+ opt.key_origin_url = xstrdup (comma+1);
+ trim_spaces (opt.key_origin_url);
+ }
+
+ return 1;
+ }
+
+ if (comma)
+ *comma = ',';
+ return 0;
+}
+
+/* Return a string or "?" for the key ORIGIN. */
+const char *
+key_origin_string (int origin)
+{
+ int i;
+
+ for (i=0; i < DIM (key_origin_list); i++)
+ if (key_origin_list[i].origin == origin)
+ return key_origin_list[i].name;
+ return "?";
+}
+
+
+\f
/* Returns true if a secret key is available for the public key with
key id KEYID; returns false if not. This function ignores legacy
keys. Note: this is just a fast check and does not tell us whether
match a single key or subkey. */
if ((node->flag & 1))
{
- assert (node->pkt->pkttype == PKT_PUBLIC_KEY
- || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
+ log_assert (node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY);
if (!agent_probe_secret_key (NULL, node->pkt->pkt.public_key))
result = 1; /* Secret key available. */
projects / platform / upstream / gpg2.git / blobdiff