2008, 2009 g10 Code GmbH
This file is part of GPGME.
-
+
GPGME is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
-
+
GPGME is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
-
+
You should have received a copy of the GNU Lesser General Public
- License along with this program; if not, see <http://www.gnu.org/licenses/>.
+ License along with this program; if not, see <https://www.gnu.org/licenses/>.
*/
#if HAVE_CONFIG_H
#include <assert.h>
#include <ctype.h>
#include <errno.h>
+#include <limits.h>
/* Suppress warning for accessing deprecated member "class". */
#define _GPGME_IN_GPGME
{
struct _gpgme_op_keylist_result result;
+ /* The error code from ERROR keydb_search. */
+ gpgme_error_t keydb_search_err;
+
gpgme_key_t tmp_key;
/* This points to the last uid in tmp_key. */
void *hook;
op_data_t opd;
+ (void)args;
+
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err)
opd->result.truncated = 1;
break;
+ case GPGME_STATUS_ERROR:
+ err = _gpgme_parse_failure (args);
+ if (!opd->keydb_search_err && !strcmp (args, "keydb_search"))
+ opd->keydb_search_err = err;
+ err = 0;
+ break;
+
default:
break;
}
- return 0;
+ return err;
}
\f
case 'r':
uid->revoked = 1;
break;
-
+
case 'i':
uid->invalid = 1;
break;
reference to smartcards. FIELD is the content of the field and we
are allowed to modify it. */
static gpg_error_t
-parse_sec_field15 (gpgme_subkey_t subkey, char *field)
+parse_sec_field15 (gpgme_key_t key, gpgme_subkey_t subkey, char *field)
{
if (!*field)
; /* Empty. */
{
/* This is a stub for an offline key. We reset the SECRET flag
of the subkey here. Note that the secret flag of the entire
- key will be true even then. */
+ key will be true even then. We even explicitly set
+ key->secret to make it works for GPGME_KEYLIST_MODE_WITH_SECRET. */
subkey->secret = 0;
+ key->secret = 1;
}
else if (strchr ("01234567890ABCDEFabcdef", *field))
{
/* Fields starts with a hex digit; thus it is a serial number. */
+ key->secret = 1;
subkey->is_cardkey = 1;
subkey->card_number = strdup (field);
if (!subkey->card_number)
return gpg_error_from_syserror ();
}
+ else if (*field == '+')
+ {
+ key->secret = 1;
+ subkey->secret = 1;
+ }
else
{
/* RFU. */
}
+/* Parse a tfs record. */
+static gpg_error_t
+parse_tfs_record (gpgme_user_id_t uid, char **field, int nfield)
+{
+ gpg_error_t err;
+ gpgme_tofu_info_t ti;
+ unsigned long uval;
+
+ /* We add only the first TOFU record in case future versions emit
+ * several. */
+ if (uid->tofu)
+ return 0;
+
+ /* Check that we have enough fields and that the version is supported. */
+ if (nfield < 8 || atoi(field[1]) != 1)
+ return trace_gpg_error (GPG_ERR_INV_ENGINE);
+
+ ti = calloc (1, sizeof *ti);
+ if (!ti)
+ return gpg_error_from_syserror ();
+
+ /* Note that we allow a value of up to 7 which is what we can store
+ * in the ti->validity. */
+ err = _gpgme_strtoul_field (field[2], &uval);
+ if (err || uval > 7)
+ goto inv_engine;
+ ti->validity = uval;
+
+ /* Parse the sign-count. */
+ err = _gpgme_strtoul_field (field[3], &uval);
+ if (err)
+ goto inv_engine;
+ if (uval > USHRT_MAX)
+ uval = USHRT_MAX;
+ ti->signcount = uval;
+
+ /* Parse the encr-count. */
+ err = _gpgme_strtoul_field (field[4], &uval);
+ if (err)
+ goto inv_engine;
+ if (uval > USHRT_MAX)
+ uval = USHRT_MAX;
+ ti->encrcount = uval;
+
+ /* Parse the policy. */
+ if (!strcmp (field[5], "none"))
+ ti->policy = GPGME_TOFU_POLICY_NONE;
+ else if (!strcmp (field[5], "auto"))
+ ti->policy = GPGME_TOFU_POLICY_AUTO;
+ else if (!strcmp (field[5], "good"))
+ ti->policy = GPGME_TOFU_POLICY_GOOD;
+ else if (!strcmp (field[5], "bad"))
+ ti->policy = GPGME_TOFU_POLICY_BAD;
+ else if (!strcmp (field[5], "ask"))
+ ti->policy = GPGME_TOFU_POLICY_ASK;
+ else /* "unknown" and invalid policy strings. */
+ ti->policy = GPGME_TOFU_POLICY_UNKNOWN;
+
+ /* Parse first and last seen timestamps. */
+ err = _gpgme_strtoul_field (field[6], &uval);
+ if (err)
+ goto inv_engine;
+ ti->signfirst = uval;
+ err = _gpgme_strtoul_field (field[7], &uval);
+ if (err)
+ goto inv_engine;
+ ti->signlast = uval;
+
+ if (nfield > 9)
+ {
+ /* This condition is only to allow for gpg 2.1.15 - can
+ * eventually be removed. */
+ err = _gpgme_strtoul_field (field[8], &uval);
+ if (err)
+ goto inv_engine;
+ ti->encrfirst = uval;
+ err = _gpgme_strtoul_field (field[9], &uval);
+ if (err)
+ goto inv_engine;
+ ti->encrlast = uval;
+ }
+
+ /* Ready. */
+ uid->tofu = ti;
+ return 0;
+
+ inv_engine:
+ free (ti);
+ return trace_gpg_error (GPG_ERR_INV_ENGINE);
+}
+
+
/* We have read an entire key into tmp_key and should now finish it.
It is assumed that this releases tmp_key. */
static void
gpgme_ctx_t ctx = (gpgme_ctx_t) priv;
enum
{
- RT_NONE, RT_SIG, RT_UID, RT_SUB, RT_PUB, RT_FPR,
+ RT_NONE, RT_SIG, RT_UID, RT_TFS, RT_SUB, RT_PUB, RT_FPR, RT_GRP,
RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK
}
rectype = RT_NONE;
-#define NR_FIELDS 16
+#define NR_FIELDS 17
char *field[NR_FIELDS];
int fields = 0;
void *hook;
rectype = RT_CRT;
else if (!strcmp (field[0], "crs"))
rectype = RT_CRS;
- else if (!strcmp (field[0], "fpr") && key)
+ else if (!strcmp (field[0], "fpr") && key)
rectype = RT_FPR;
+ else if (!strcmp (field[0], "grp") && key)
+ rectype = RT_GRP;
else if (!strcmp (field[0], "uid") && key)
rectype = RT_UID;
+ else if (!strcmp (field[0], "tfs") && key)
+ rectype = RT_TFS;
else if (!strcmp (field[0], "sub") && key)
- rectype = RT_SUB;
+ rectype = RT_SUB;
else if (!strcmp (field[0], "ssb") && key)
rectype = RT_SSB;
else if (!strcmp (field[0], "spk") && key)
rectype = RT_SPK;
- else
+ else
rectype = RT_NONE;
- /* Only look at signatures immediately following a user ID. For
- this, clear the user ID pointer when encountering anything but a
- signature. */
- if (rectype != RT_SIG && rectype != RT_REV)
+ /* Only look at signature and trust info records immediately
+ following a user ID. For this, clear the user ID pointer when
+ encountering anything but a signature or trust record. */
+ if (rectype != RT_SIG && rectype != RT_REV && rectype != RT_TFS)
opd->tmp_uid = NULL;
/* Only look at subpackets immediately following a signature. For
int i = atoi (field[2]);
/* Ignore invalid values. */
if (i > 1)
- subkey->length = i;
+ subkey->length = i;
}
/* Field 4 has the public key algorithm. */
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
- subkey->pubkey_algo = i;
+ subkey->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol);
}
/* Field 5 has the long keyid. Allow short key IDs for the
{
key->issuer_serial = strdup (field[7]);
if (!key->issuer_serial)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
}
-
+
/* Field 9 has the ownertrust. */
if (fields >= 9)
set_ownertrust (key, field[8]);
set_mainkey_capability (key, field[11]);
/* Field 15 carries special flags of a secret key. */
- if (fields >= 15 && key->secret)
+ if (fields >= 15
+ && (key->secret
+ || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET)))
{
- err = parse_sec_field15 (subkey, field[14]);
+ err = parse_sec_field15 (key, subkey, field[14]);
if (err)
return err;
}
+
+ /* Field 17 has the curve name for ECC. */
+ if (fields >= 17 && *field[16])
+ {
+ subkey->curve = strdup (field[16]);
+ if (!subkey->curve)
+ return gpg_error_from_syserror ();
+ }
+
break;
case RT_SUB:
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
- subkey->pubkey_algo = i;
+ subkey->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol);
}
/* Field 5 has the long keyid. */
/* Field 8 is reserved (LID). */
/* Field 9 has the ownertrust. */
/* Field 10, the user ID, is n/a for a subkey. */
-
+
/* Field 11 has the signature class. */
/* Field 12 has the capabilities. */
set_subkey_capability (subkey, field[11]);
/* Field 15 carries special flags of a secret key. */
- if (fields >= 15 && key->secret)
+ if (fields >= 15
+ && (key->secret
+ || (ctx->keylist_mode & GPGME_KEYLIST_MODE_WITH_SECRET)))
{
- err = parse_sec_field15 (subkey, field[14]);
+ err = parse_sec_field15 (key, subkey, field[14]);
if (err)
return err;
}
+
+ /* Field 17 has the curve name for ECC. */
+ if (fields >= 17 && *field[16])
+ {
+ subkey->curve = strdup (field[16]);
+ if (!subkey->curve)
+ return gpg_error_from_syserror ();
+ }
+
break;
case RT_UID:
if (fields >= 10)
{
if (_gpgme_key_append_name (key, field[9], 1))
- return gpg_error_from_errno (GPG_ERR_ENOMEM); /* FIXME */
+ return gpg_error (GPG_ERR_ENOMEM); /* FIXME */
else
{
if (field[1])
}
break;
+ case RT_TFS:
+ if (opd->tmp_uid)
+ {
+ err = parse_tfs_record (opd->tmp_uid, field, fields);
+ if (err)
+ return err;
+ }
+ break;
+
case RT_FPR:
/* Field 10 has the fingerprint (take only the first one). */
if (fields >= 10 && field[9] && *field[9])
{
subkey->fpr = strdup (field[9]);
if (!subkey->fpr)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
+ }
+ /* If this is the first subkey, store the fingerprint also
+ in the KEY object. */
+ if (subkey == key->subkeys)
+ {
+ if (key->fpr && strcmp (key->fpr, subkey->fpr))
+ {
+ /* FPR already set but mismatch: Should never happen. */
+ return trace_gpg_error (GPG_ERR_INTERNAL);
+ }
+ if (!key->fpr)
+ {
+ key->fpr = strdup (subkey->fpr);
+ if (!key->fpr)
+ return gpg_error_from_syserror ();
+ }
}
}
{
key->chain_id = strdup (field[12]);
if (!key->chain_id)
- return gpg_error_from_errno (errno);
+ return gpg_error_from_syserror ();
+ }
+ break;
+
+ case RT_GRP:
+ /* Field 10 has the keygrip. */
+ if (fields >= 10 && field[9] && *field[9])
+ {
+ /* Need to apply it to the last subkey because all subkeys
+ have a keygrip. */
+ subkey = key->_last_subkey;
+ if (!subkey->keygrip)
+ {
+ subkey->keygrip = strdup (field[9]);
+ if (!subkey->keygrip)
+ return gpg_error_from_syserror ();
+ }
}
break;
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
- keysig->pubkey_algo = i;
+ keysig->pubkey_algo = _gpgme_map_pk_algo (i, ctx->protocol);
}
-
+
/* Field 5 has the long keyid. */
if (fields >= 5 && strlen (field[4]) == DIM(keysig->_keyid) - 1)
strcpy (keysig->_keyid, field[4]);
-
+
/* Field 6 has the timestamp (seconds). */
if (fields >= 6)
keysig->timestamp = _gpgme_parse_timestamp (field[5], NULL);
keysig->_last_notation = notation;
}
}
-
+
case RT_NONE:
/* Unknown record. */
break;
gpgme_error_t err;
void *hook;
op_data_t opd;
+ int flags = 0;
TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_start", ctx,
"pattern=%s, secret_only=%i", pattern, secret_only);
if (err)
return TRACE_ERR (err);
+ if (ctx->offline)
+ flags |= GPGME_ENGINE_FLAG_OFFLINE;
+
err = _gpgme_engine_op_keylist (ctx->engine, pattern, secret_only,
- ctx->keylist_mode);
+ ctx->keylist_mode, flags);
return TRACE_ERR (err);
}
gpgme_error_t err;
void *hook;
op_data_t opd;
+ int flags = 0;
TRACE_BEG2 (DEBUG_CTX, "gpgme_op_keylist_ext_start", ctx,
"secret_only=%i, reserved=0x%x", secret_only, reserved);
if (err)
return TRACE_ERR (err);
+ if (ctx->offline)
+ flags |= GPGME_ENGINE_FLAG_OFFLINE;
+
err = _gpgme_engine_op_keylist_ext (ctx->engine, pattern, secret_only,
- reserved, ctx->keylist_mode);
+ reserved, ctx->keylist_mode,
+ flags);
return TRACE_ERR (err);
}
return TRACE_ERR (err);
if (!opd->key_cond)
- return TRACE_ERR (gpg_error (GPG_ERR_EOF));
+ return TRACE_ERR (opd->keydb_search_err? opd->keydb_search_err
+ /**/ : gpg_error (GPG_ERR_EOF));
- opd->key_cond = 0;
+ opd->key_cond = 0;
assert (opd->key_queue);
}
queue_item = opd->key_queue;
opd->key_queue = queue_item->next;
if (!opd->key_queue)
opd->key_cond = 0;
-
+
*r_key = queue_item->key;
free (queue_item);
return TRACE_SUC2 ("key=%p (%s)", *r_key,
- ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ?
+ ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ?
(*r_key)->subkeys->fpr : "invalid");
}
gpgme_op_keylist_end (gpgme_ctx_t ctx)
{
TRACE (DEBUG_CTX, "gpgme_op_keylist_end", ctx);
-
+
if (!ctx)
return gpg_error (GPG_ERR_INV_VALUE);
if (!ctx || !r_key || !fpr)
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
-
+
if (strlen (fpr) < 8) /* We have at least a key ID. */
return TRACE_ERR (gpg_error (GPG_ERR_INV_VALUE));
if (! err)
{
TRACE_LOG2 ("key=%p (%s)", *r_key,
- ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ?
+ ((*r_key)->subkeys && (*r_key)->subkeys->fpr) ?
(*r_key)->subkeys->fpr : "invalid");
}
return TRACE_ERR (err);
projects / platform / upstream / gpgme.git / blobdiff