#include "../common/util.h"
#include "packet.h"
-/* What qualifies as a certification (rather than a signature?) */
-#define IS_CERT(s) (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \
- || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s))
+/* What qualifies as a certification (key-signature in contrast to a
+ * data signature)? Note that a back signature is special and can be
+ * made by key and data signatures capable subkeys.) */
+#define IS_CERT(s) (IS_KEY_SIG(s) \
+ || IS_UID_SIG(s) \
+ || IS_SUBKEY_SIG(s) \
+ || IS_KEY_REV(s) \
+ || IS_UID_REV(s) \
+ || IS_SUBKEY_REV(s) \
+ || IS_ATTST_SIGS(s) )
#define IS_SIG(s) (!IS_CERT(s))
#define IS_KEY_SIG(s) ((s)->sig_class == 0x1f)
#define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10)
+#define IS_ATTST_SIGS(s) ((s)->sig_class == 0x16)
#define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
+#define IS_BACK_SIG(s) ((s)->sig_class == 0x19)
#define IS_KEY_REV(s) ((s)->sig_class == 0x20)
#define IS_UID_REV(s) ((s)->sig_class == 0x30)
#define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28)
* This structure is also used to bind arbitrary packets together.
*/
-struct kbnode_struct {
- KBNODE next;
- PACKET *pkt;
- int flag;
- int private_flag;
- ulong recno; /* used while updating the trustdb */
+struct kbnode_struct
+{
+ kbnode_t next;
+ PACKET *pkt;
+ int flag; /* Local use during keyblock processing (not cloned).*/
+ unsigned int tag; /* Ditto. */
+ int private_flag;
};
#define is_deleted_kbnode(a) ((a)->private_flag & 1)
#define is_cloned_kbnode(a) ((a)->private_flag & 2)
+/*
+ * A structure to store key identification as well as some stuff
+ * needed for key validation.
+ */
+struct key_item {
+ struct key_item *next;
+ unsigned int ownertrust,min_ownertrust;
+ byte trust_depth;
+ byte trust_value;
+ char *trust_regexp;
+ u32 kid[2];
+};
+
+
/* Bit flags used with build_pk_list. */
enum
{
/* Helper type for preference functions. */
-union pref_hint
+struct pref_hint
{
- int digest_length;
+ int digest_length; /* We want at least this digest length. */
+ int exact; /* We need to use exactly this length. */
};
};
+/*
+ * Check whether the signature SIG is in the klist K.
+ */
+static inline struct key_item *
+is_in_klist (struct key_item *k, PKT_signature *sig)
+{
+ for (; k; k = k->next)
+ {
+ if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
+ return k;
+ }
+ return NULL;
+}
+
+
+/*-- call-keyboxd.c --*/
+
+/* Release all open contexts to the keyboxd. */
+void gpg_keyboxd_deinit_session_data (ctrl_t ctrl);
+
+/* Create a new database handle. Returns NULL on error, sets ERRNO,
+ * and prints an error diagnostic. */
+KEYDB_HANDLE keydb_new (ctrl_t ctrl);
+
+/* Release a keydb handle. */
+void keydb_release (KEYDB_HANDLE hd);
+
+/* Take a lock if we are not using the keyboxd. */
+gpg_error_t keydb_lock (KEYDB_HANDLE hd);
+
+/* Return the keyblock last found by keydb_search. */
+gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb);
+
+/* Update the keyblock KB. */
+gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
+
+/* Insert a keyblock into one of the storage system. */
+gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
+
+/* Delete the currently selected keyblock. */
+gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
+
+/* Clears the current search result and resets the handle's position. */
+gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
+
+/* Search the database for keys matching the search description. */
+gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
+ size_t ndesc, size_t *descindex);
+
+
+
/*-- keydb.c --*/
#define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */
/* Dump some statistics to the log. */
void keydb_dump_stats (void);
-/* Create a new database handle. Returns NULL on error, sets ERRNO,
- and prints an error diagnostic. */
-KEYDB_HANDLE keydb_new (void);
-
-/* Free all resources owned by the database handle. */
-void keydb_release (KEYDB_HANDLE hd);
-
/* Set a flag on the handle to suppress use of cached results. This
is required for updating a keyring and for key listings. Fixme:
Using a new parameter for keydb_new might be a better solution. */
/* Return the file name of the resource. */
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
-/* Return the keyblock last found by keydb_search. */
-gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb);
-
-/* Update the keyblock KB. */
-gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
-
-/* Insert a keyblock into one of the underlying keyrings or keyboxes. */
-gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
-
-/* Delete the currently selected keyblock. */
-gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
-
/* Find the first writable resource. */
gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd);
read from a keybox) since the last search reset. */
unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
-/* Clears the current search result and resets the handle's position. */
-gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
-
-/* Search the database for keys matching the search description. */
-gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
- size_t ndesc, size_t *descindex);
-
/* Return the first non-legacy key in the database. */
gpg_error_t keydb_search_first (KEYDB_HANDLE hd);
key id. */
gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
-/* This is a convenience function for searching for keys with a long
- (20 byte) fingerprint. */
-gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
+/* This is a convenience function for searching for keys by
+ * fingerprint. */
+gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr, size_t fprlen);
/*-- pkclist.c --*/
void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
-int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig);
+gpg_error_t check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock,
+ PKT_public_key *pk, PKT_signature *sig);
void release_pk_list (PK_LIST pk_list);
+int expand_id (const char *id, strlist_t *into, unsigned int flags);
+strlist_t expand_group (strlist_t input, int prepend_input);
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
gpg_error_t find_and_check_key (ctrl_t ctrl,
const char *name, unsigned int use,
pk_list_t *pk_list_addr);
int algo_available( preftype_t preftype, int algo,
- const union pref_hint *hint );
+ const struct pref_hint *hint );
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
- int request, const union pref_hint *hint);
+ int request, const struct pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list);
-void warn_missing_mdc_from_pklist (PK_LIST pk_list);
+aead_algo_t select_aead_from_pklist (pk_list_t pk_list);
+void warn_missing_aead_from_pklist (PK_LIST pk_list);
void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/
SK_LIST *ret_sk_list, unsigned use);
/*-- passphrase.h --*/
-unsigned char encode_s2k_iterations (int iterations);
+
+/* Flags for passphrase_to_dek */
+#define GETPASSWORD_FLAG_SYMDECRYPT 1
+
int have_static_passphrase(void);
const char *get_static_passphrase (void);
void set_passphrase_from_string(const char *pass);
void read_passphrase_from_fd( int fd );
void passphrase_clear_cache (const char *cacheid);
-DEK *passphrase_to_dek_ext(u32 *keyid, int pubkey_algo,
- int cipher_algo, STRING2KEY *s2k, int mode,
- const char *tryagain_text,
- const char *custdesc, const char *custprompt,
- int *canceled);
DEK *passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
int create, int nocache,
- const char *tryagain_text, int *canceled);
+ const char *tryagain_text, unsigned int flags,
+ int *canceled);
void set_next_passphrase( const char *s );
char *get_last_passphrase(void);
void next_to_last_passphrase(void);
#define FORMAT_KEYDESC_IMPORT 1
#define FORMAT_KEYDESC_EXPORT 2
#define FORMAT_KEYDESC_DELKEY 3
+#define FORMAT_KEYDESC_KEYGRIP 4
char *gpg_format_keydesc (ctrl_t ctrl,
PKT_public_key *pk, int mode, int escaped);
/* Disable and drop the public key cache. */
void getkey_disable_caches(void);
+/* Return the public key used for signature SIG and store it at PK. */
+gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
+ PKT_public_key *pk, PKT_signature *sig,
+ PKT_public_key *forced_pk);
+
/* Return the public key with the key id KEYID and store it at PK. */
int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
+/* Same as get_pubkey but with auto LDAP fetch. */
+gpg_error_t get_pubkey_with_ldap_fallback (ctrl_t ctrl,
+ PKT_public_key *pk, u32 * keyid);
+
/* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
account nor does it merge in the self-signed data. This function
also only considers primary keys. */
-int get_pubkey_fast (PKT_public_key *pk, u32 *keyid);
+int get_pubkey_fast (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
+
+/* Return the entire keyblock used to create SIG. This is a
+ * specialized version of get_pubkeyblock. */
+kbnode_t get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig);
/* Return the key block for the key with KEYID. */
kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
};
typedef struct pubkey_s *pubkey_t;
-/* Free a single key. This does not remove key from any list! */
-void pubkey_free (pubkey_t key);
-
/* Free a list of public keys. */
void pubkeys_free (pubkey_t keys);
-/* Returns all keys that match the search specification SEARCH_TERMS.
- The returned keys should be freed using pubkeys_free. */
-gpg_error_t
-get_pubkeys (ctrl_t ctrl,
- char *search_terms, int use, int include_unusable, char *source,
- int warn_possibly_ambiguous,
- pubkey_t *r_keys);
+
+/* Mode flags for get_pubkey_byname. */
+enum get_pubkey_modes
+ {
+ GET_PUBKEY_NORMAL = 0,
+ GET_PUBKEY_NO_AKL = 1,
+ GET_PUBKEY_NO_LOCAL = 2
+ };
/* Find a public key identified by NAME. */
-int get_pubkey_byname (ctrl_t ctrl,
+int get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name,
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
- int include_unusable, int no_akl );
+ int include_unusable);
/* Likewise, but only return the best match if NAME resembles a mail
* address. */
-gpg_error_t get_best_pubkey_byname (ctrl_t ctrl,
+gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name, KBNODE *ret_keyblock,
- int include_unusable, int no_akl);
+ int include_unusable);
/* Get a public key directly from file FNAME. */
gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
PKT_public_key *pk, const char *fname);
+/* Get a public key from a buffer. */
+gpg_error_t get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf,
+ const void *buffer, size_t buflen,
+ u32 *want_keyid, kbnode_t *r_keyblock);
+
/* Return the public key with the key id KEYID iff the secret key is
* available and store it at PK. */
gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
/* This function is similar to get_pubkey_byfprint, but it doesn't
merge the self-signed data into the public key and subkeys or into
the user ids. */
-int get_pubkey_byfprint_fast (PKT_public_key *pk,
- const byte *fprint, size_t fprint_len);
+gpg_error_t get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key *pk,
+ const byte *fprint, size_t fprint_len);
+
+/* This function is similar to get_pubkey_byfprint, but it doesn't
+ merge the self-signed data into the public key and subkeys or into
+ the user ids. */
+gpg_error_t get_keyblock_byfprint_fast (ctrl_t ctrl,
+ kbnode_t *r_keyblock,
+ KEYDB_HANDLE *r_hd,
+ const byte *fprint, size_t fprint_len,
+ int lock);
+
/* Returns true if a secret key is available for the public key with
key id KEYID. */
-int have_secret_key_with_kid (u32 *keyid);
+int have_secret_key_with_kid (ctrl_t ctrl, u32 *keyid);
/* Parse the --default-key parameter. Returns the last key (in terms
of when the option is given) that is available. */
data structures. */
void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
-char*get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
-char*get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
-char*get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn);
-char*get_user_id_native (ctrl_t ctrl, u32 *keyid);
-char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn);
-char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr);
+char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
+char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
+char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid);
+char *get_user_id_native (ctrl_t ctrl, u32 *keyid);
+char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr, size_t fprlen);
void release_akl(void);
-int parse_auto_key_locate(char *options);
+int akl_empty_or_only_local (void);
+int parse_auto_key_locate(const char *options);
int parse_key_origin (char *string);
const char *key_origin_string (int origin);
char *mk_datestr (char *buffer, size_t bufsize, u32 timestamp);
#define MK_DATESTR_SIZE 11
+const char *dateonlystr_from_pk (PKT_public_key *pk);
const char *datestr_from_pk( PKT_public_key *pk );
+const char *dateonlystr_from_sig( PKT_signature *sig );
const char *datestr_from_sig( PKT_signature *sig );
const char *expirestr_from_pk( PKT_public_key *pk );
const char *expirestr_from_sig( PKT_signature *sig );
const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
+void fpr20_from_pk (PKT_public_key *pk, byte array[20]);
char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
char *format_hexfingerprint (const char *fingerprint,
char *buffer, size_t buflen);
projects / platform / upstream / gpg2.git / blobdiff