security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/kbx/keybox.h

142 lines
4.7 KiB
C
Raw Normal View History

This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* keybox.h - Keybox operations
gpg: First working support for keyboxes. * g10/getkey.c (get_pubkey_fast): Improve the assertion. * kbx/keybox.h: Include iobuf.h. * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. (KEYBOX_WITH_OPENPGP): Remove use of this macro. (pgp_create_key_part_single): New. (pgp_temp_store_kid): Change to use the keybox-openpgp parser. (pgp_create_key_part): Ditto. (pgp_create_uid_part): Ditto. (pgp_create_sig_part): Ditto. (pgp_create_blob_keyblock): Ditto. (_keybox_create_openpgp_blob): Ditto. * kbx/keybox-search.c (keybox_get_keyblock): New. * kbx/keybox-update.c (keybox_insert_keyblock): New. * g10/keydb.c (parse_keyblock_image): (keydb_get_keyblock): Support keybox. (build_keyblock_image): New. (keydb_insert_keyblock): Support keybox. * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print a kbx file to stdout. * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 bytes. -- Import and key listing does now work with the keybox format. It is still quite slow and signature caching is completely missing. Increasing the maximum allowed length for a keyblock was required due to a 700k keyblock which inhibited kbxutil to list the file. kbxutil's option name --import-openpgp is not quite appropriate because it only creates KBX blobs from OpenPGP data.
2012-12-28 14:03:16 +01:00
* Copyright (C) 2001, 2003, 2012 Free Software Foundation, Inc.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#ifndef KEYBOX_H
#define KEYBOX_H 1
#ifdef __cplusplus
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
extern "C" {
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#if 0
}
#endif
#endif
gpg: First working support for keyboxes. * g10/getkey.c (get_pubkey_fast): Improve the assertion. * kbx/keybox.h: Include iobuf.h. * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. (KEYBOX_WITH_OPENPGP): Remove use of this macro. (pgp_create_key_part_single): New. (pgp_temp_store_kid): Change to use the keybox-openpgp parser. (pgp_create_key_part): Ditto. (pgp_create_uid_part): Ditto. (pgp_create_sig_part): Ditto. (pgp_create_blob_keyblock): Ditto. (_keybox_create_openpgp_blob): Ditto. * kbx/keybox-search.c (keybox_get_keyblock): New. * kbx/keybox-update.c (keybox_insert_keyblock): New. * g10/keydb.c (parse_keyblock_image): (keydb_get_keyblock): Support keybox. (build_keyblock_image): New. (keydb_insert_keyblock): Support keybox. * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print a kbx file to stdout. * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 bytes. -- Import and key listing does now work with the keybox format. It is still quite slow and signature caching is completely missing. Increasing the maximum allowed length for a keyblock was required due to a 700k keyblock which inhibited kbxutil to list the file. kbxutil's option name --import-openpgp is not quite appropriate because it only creates KBX blobs from OpenPGP data.
2012-12-28 14:03:16 +01:00
#include "../common/iobuf.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "keybox-search-desc.h"
#ifdef KEYBOX_WITH_X509
# include <ksba.h>
#endif
* keybox.h (keybox_flag_t): New. * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
2004-02-02 18:09:35 +01:00
typedef struct keybox_handle *KEYBOX_HANDLE;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* keybox.h (keybox_flag_t): New. * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
2004-02-02 18:09:35 +01:00
typedef enum
{
KEYBOX_FLAG_BLOB, /* The blob flags. */
KEYBOX_FLAG_VALIDITY, /* The validity of the entire key. */
KEYBOX_FLAG_OWNERTRUST, /* The assigned ownertrust. */
KEYBOX_FLAG_KEY, /* The key flags; requires a key index. */
KEYBOX_FLAG_UID, /* The user ID flags; requires an uid index. */
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
KEYBOX_FLAG_UID_VALIDITY,/* The validity of a specific uid, requires
* keybox.h (keybox_flag_t): New. * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
2004-02-02 18:09:35 +01:00
an uid index. */
gpg: Add signature cache support to the keybox. * g10/keydb.c (parse_keyblock_image): Add arg SIGSTATUS. (keydb_get_keyblock): Handle it. (build_keyblock_image): Add arg SIGSTATUS. (keydb_insert_keyblock): Handle it. * kbx/keybox-blob.c (pgp_create_sig_part): Add arg SIGSTATUS. (_keybox_create_openpgp_blob): Ditto. * kbx/kbxutil.c (import_openpgp): Adjust for above change. * kbx/keybox.h (KEYBOX_FLAG_SIG_INFO): New. * kbx/keybox-search.c (_keybox_get_flag_location): Handle new flag. (keybox_get_keyblock): Add arg R_SIGSTATUS. * kbx/keybox-update.c (keybox_insert_keyblock): Add arg SIGSTATUS. -- With this change a key listing using the keybox format is now double as fast as using a keyring. The memory use dropped as well. Measured with about 1500 keys.
2012-12-28 17:17:56 +01:00
KEYBOX_FLAG_CREATED_AT, /* The date the block was created. */
KEYBOX_FLAG_SIG_INFO, /* The signature info block. */
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
} keybox_flag_t;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
kbx/ * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
2007-03-20 17:57:40 +01:00
/* Flag values used with KEYBOX_FLAG_BLOB. */
#define KEYBOX_FLAG_BLOB_SECRET 1
#define KEYBOX_FLAG_BLOB_EPHEMERAL 2
kbx: Let keydb_search skip unwanted blobs. * kbx/keybox.h (keybox_blobtype_t): New. * kbx/keybox-defs.h (BLOBTYPE_*): Replace by KEYBOX_BLOBTYPE_*. * kbx/keybox-search.c (keybox_search): Add arg want_blobtype and skip non-matching blobs. * sm/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_X509 to keybox_search. * g10/keydb.c (keydb_search): Pass KEYBOX_BLOBTYPE_PGP to keybox_search. -- Without this fix a listing of all keys would fail because the wrong blob type would be returned for the gpg or gpgsm. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-31 12:15:34 +01:00
/* The keybox blob types. */
typedef enum
{
KEYBOX_BLOBTYPE_EMPTY = 0,
KEYBOX_BLOBTYPE_HEADER = 1,
KEYBOX_BLOBTYPE_PGP = 2,
KEYBOX_BLOBTYPE_X509 = 3
} keybox_blobtype_t;
kbx/ * keybox.h (KEYBOX_FLAG_BLOB_SECRET, KEYBOX_FLAG_BLOB_EPHEMERAL): New. * keybox-update.c (keybox_compress): Use it here instead of a magic constant. sm/ * fingerprint.c (gpgsm_get_fingerprint): Add caching. (gpgsm_get_fingerprint_string): Use bin2hexcolon(). (gpgsm_get_fingerprint_hexstring): Use bin2hex and allocate only as much memory as required. (gpgsm_get_keygrip_hexstring): Use bin2hex. * certchain.c (gpgsm_validate_chain): Keep track of the certificate chain and reset the ephemeral flags. * keydb.c (keydb_set_cert_flags): New args EPHEMERAL and MASK. Changed caller to use a mask of ~0. Return a proper error code if the certificate is not available.
2007-03-20 17:57:40 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- keybox-init.c --*/
gpg: Make sure to mark a duplicate registered keybox as primary. * kbx/keybox-init.c (keybox_register_file): Change interface to return the token even if the file has already been registered. * g10/keydb.c (primary_keyring): Rename to primary_keydb. (maybe_create_keyring_or_box): Change return type to gpg_error_t. (keydb_add_resource): Ditto. s/rc/err/. (keydb_add_resource): Mark an already registered as primary. * sm/keydb.c (maybe_create_keybox): Change return type to gpg_error_t. (keydb_add_resource): Ditto. s/rc/err/. (keydb_add_resource): Adjust for changed keybox_register_file. -- This change aligns the registering of keyboxes with those of keyrings. This fixes a potential bug: gpg --keyring foo.kbx --keyring bar.gpg --keyring foo.kbx would have marked bar.gpg as primary resource and thus inserting new keys there. The correct and now fixed behavior is to insert to foo.kbx. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 09:29:39 +01:00
gpg_error_t keybox_register_file (const char *fname, int secret,
void **r_token);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int keybox_is_writable (void *token);
gpg: Take care to use pubring.kbx if it has ever been used. * kbx/keybox-defs.h (struct keybox_handle): Add field for_openpgp. * kbx/keybox-file.c (_keybox_write_header_blob): Set openpgp header flag. * kbx/keybox-blob.c (_keybox_update_header_blob): Add arg for_openpgp and set header flag. * kbx/keybox-init.c (keybox_new): Rename to do_keybox_new, make static and add arg for_openpgp. (keybox_new_openpgp, keybox_new_x509): New. Use them instead of the former keybox_new. * kbx/keybox-update.c (blob_filecopy): Add arg for_openpgp and set the openpgp header flags. * g10/keydb.c (rt_from_file): New. Factored out and extended from keydb_add_resource. (keydb_add_resource): Switch to the kbx file if it has the openpgp flag set. * kbx/keybox-dump.c (dump_header_blob): Print header flags. -- The problem was reported by dkg on gnupg-devel (2014-10-07): I just discovered a new problem, though, which will affect people on systems that have gpg and gpg2 coinstalled: 0) create a new keyring with gpg2, and use it exclusively with gpg2 for a while. 1) somehow (accidentally?) use gpg (1.4.x) again -- this creates ~/.gnupg/pubring.gpg 2) future runs of gpg2 now only look at pubring.gpg and ignore pubring.kbx -- the keys you had accumulated in the keybox are no longer listed in the output of gpg2 --list-keys Note that gpgsm has always used pubring.kbx and thus this file might already be there but without gpg ever inserted a key. The new flag in the KBX header gives us an indication whether a KBX file has ever been written by gpg >= 2.1. If that is the case we will use it instead of the default pubring.gpg. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 19:10:32 +02:00
KEYBOX_HANDLE keybox_new_openpgp (void *token, int secret);
KEYBOX_HANDLE keybox_new_x509 (void *token, int secret);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void keybox_release (KEYBOX_HANDLE hd);
gpgsm: Add a way to save a found state. * kbx/keybox-defs.h (keybox_found_s): New. (keybox_handle): Factor FOUND out to above. Add saved_found. * kbx/keybox-init.c (keybox_release): Release saved_found. (keybox_push_found_state, keybox_pop_found_state): New. * sm/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init it. (keydb_push_found_state, keydb_pop_found_state): New.
2014-06-02 15:55:00 +02:00
void keybox_push_found_state (KEYBOX_HANDLE hd);
void keybox_pop_found_state (KEYBOX_HANDLE hd);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
sm: Change keydb code to use the keybox locking. * kbx/keybox-init.c (keybox_lock): New arg TIMEOUT. Change all callers to pass -1 when locking. * sm/keydb.c (struct resource_item): Remove LOCKANDLE. (struct keydb_handle): Add KEEP_LOCK. (keydb_add_resource): Use keybox locking instead of a separate dotlock for testing whether we can run a compress. (keydb_release): Reset KEEP_LOCK. (keydb_lock): Set KEEP_LOCK. (unlock_all): Take care of KEEP_LOCK. (lock_all): Use keybox_lock instead of dotlock fucntions. (keydb_delete): Remove arg UNLOCK. * sm/delete.c (delete_one): Adjust keydb_delete. Due to the KEEP_LOCK the keydb_release takes care of unlocking. -- This aligns the code more with g10/keydb.c and avoids the separate calls to dotlock_take. GnuPG-bug-id: 4505 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-14 13:36:08 +02:00
gpg_error_t keybox_lock (KEYBOX_HANDLE hd, int yes, long timeout);
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
/*-- keybox-file.c --*/
/* Fixme: This function does not belong here: Provide a better
interface to create a new keybox file. */
Replace most of the remaining stdio calls by estream calls. -- We need to use es_fopen on Windows to cope with non-ascii file names. This is quite a large but fortunately straightforward change. At a very few places we keep using stdio (for example due to the use of popen). GnuPG-bug-id: 5098 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-10-20 11:52:16 +02:00
gpg_error_t _keybox_write_header_blob (estream_t fp, int openpgp_flag);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- keybox-search.c --*/
kbx: Add framework for the SEARCH command * kbx/backend-kbx.c: New. * kbx/backend-support.c: New. * kbx/backend.h: New. * kbx/frontend.c: New. * kbx/frontend.h: New. * kbx/kbxserver.c: Implement SEARCH and NEXT command. * kbx/keybox-search-desc.h (enum pubkey_types): New. * kbx/keybox-search.c (keybox_get_data): New. * kbx/keyboxd.c (main): Add a standard resource. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-06 16:07:33 +02:00
gpg_error_t keybox_get_data (KEYBOX_HANDLE hd,
void **r_buffer, size_t *r_length,
kbx: Redefine the UBID which is now the primary fingerprint. * common/util.h (UBID_LEN): New. Use it at all places. * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item. * kbx/keybox-dump.c (print_ubib): Remove. (_keybox_dump_blob): Do not print the now removed ubid flag. * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants for the size of the ubid and grip. * kbx/keybox-search.c (blob_cmp_ubid): New. (has_ubid): Make it a simple wrapper around blob_cmp_ubid. (keybox_get_data): Add arg 'r_ubid'. * kbx/frontend.h (enum kbxd_store_modes): New. * kbx/kbxserver.c (cmd_store): Add new option --insert. * kbx/backend-cache.c (be_cache_initialize): New. (be_cache_add_resource): Call it here. * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'. (be_kbx_search): Get the UBID from keybox_get_data. * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ... (be_ubid_from_blob): new. Change all callers. * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but use the new cache init function. (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the ubid. Take care of the mode. -- It turned out that using the hash of the entire blob was not helpful. Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint of the blob. In case this is a v5 OpenPGP key a left truncated version of the SHA-256 hash is used; in all other cases the full SHA-1 hash. Using a SHA-256 hash does not make sense because v4 keys are and will for some time be the majority of keys and thus padding them with zeroes won't make any difference. Even if fingerprint collisions can eventually be created we will assume that the keys are bogus and that it does not make sense to store its twin also in our key storage. We can also easily extend the update code to detect a collision and reject the update. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-28 09:39:35 +01:00
enum pubkey_types *r_pubkey_type,
unsigned char *r_ubid);
gpg: Set the node flags while retrieving a keyblock. * g10/keydb.c (parse_keyblock_image): Add args PK_NO and UID_NO and set the note flags accordingly. (keydb_get_keyblock): Transfer PK_NO and UID_NO to parse_keyblock_image. * kbx/keybox-search.c (blob_cmp_fpr, blob_cmp_fpr_part) (blob_cmp_name, blob_cmp_mail): Return the key/user number. (keybox_search): Set the key and user number into the found struct. (keybox_get_keyblock): Add args R_PK_NO and R_UID_NO and set them from the found struct. -- getkey.c needs to know whether the correct subkey was found. Thus we need to set the node flags the same way we did it with the keyring storage.
2013-01-07 21:14:52 +01:00
gpg_error_t keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
doc: Fixed variable naming. * kbx/keybox.h: Fix naming of arguments. * scd/ccid-driver.c (print_error) [TEST]: Add missing break. Note that this is anyway an impossible case. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-26 11:24:08 +01:00
int *r_pk_no, int *r_uid_no);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#ifdef KEYBOX_WITH_X509
Replaced deprecated type names
2003-12-17 13:27:21 +01:00
int keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *ret_cert);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#endif /*KEYBOX_WITH_X509*/
* keybox.h (keybox_flag_t): New. * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
2004-02-02 18:09:35 +01:00
int keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
kbx: Change return type of search functions to gpg_error_t. * kbx/keybox-search.c (keybox_search_reset): Change return type to gpg_error_t. (keybox_search): Ditto. Also handle GPG_ERR_EOF. * sm/keydb.c (keydb_search_reset): Ditto. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-13 15:08:42 +01:00
gpg_error_t keybox_search_reset (KEYBOX_HANDLE hd);
gpg_error_t keybox_search (KEYBOX_HANDLE hd,
KEYBOX_SEARCH_DESC *desc, size_t ndesc,
keybox_blobtype_t want_blobtype,
size_t *r_descindex, unsigned long *r_skipped);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Improve the keyblock cache's transparency. * kbx/keybox-search.c (keybox_seek): New function. * g10/keydb.c (keydb_search): When reading from the cache, seek to just after the cached record. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-15 13:09:27 +01:00
off_t keybox_offset (KEYBOX_HANDLE hd);
gpg_error_t keybox_seek (KEYBOX_HANDLE hd, off_t offset);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- keybox-update.c --*/
gpg: First working support for keyboxes. * g10/getkey.c (get_pubkey_fast): Improve the assertion. * kbx/keybox.h: Include iobuf.h. * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. (KEYBOX_WITH_OPENPGP): Remove use of this macro. (pgp_create_key_part_single): New. (pgp_temp_store_kid): Change to use the keybox-openpgp parser. (pgp_create_key_part): Ditto. (pgp_create_uid_part): Ditto. (pgp_create_sig_part): Ditto. (pgp_create_blob_keyblock): Ditto. (_keybox_create_openpgp_blob): Ditto. * kbx/keybox-search.c (keybox_get_keyblock): New. * kbx/keybox-update.c (keybox_insert_keyblock): New. * g10/keydb.c (parse_keyblock_image): (keydb_get_keyblock): Support keybox. (build_keyblock_image): New. (keydb_insert_keyblock): Support keybox. * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print a kbx file to stdout. * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 bytes. -- Import and key listing does now work with the keybox format. It is still quite slow and signature caching is completely missing. Increasing the maximum allowed length for a keyblock was required due to a 700k keyblock which inhibited kbxutil to list the file. kbxutil's option name --import-openpgp is not quite appropriate because it only creates KBX blobs from OpenPGP data.
2012-12-28 14:03:16 +01:00
gpg_error_t keybox_insert_keyblock (KEYBOX_HANDLE hd,
gpg: Remove the use of the signature information from a KBX. * g10/keydb.c (keyblock_cache): Remove field SIGSTATUS. (keyblock_cache_clear): Adjust for that removal. (parse_keyblock_image): Remove arg SIGSTATUS. Remove the signature cache setting; this is now done in the parser. (keydb_get_keyblock): Do not set SIGSTATUS. (build_keyblock_image): Remove arg SIGSTATUS and simplify. Change caller. * kbx/keybox-blob.c: Explain that the signature information is not anymore used. (_keybox_create_openpgp_blob): Remove arg SIGSTATUS and change callers. * kbx/keybox-search.c (keybox_get_keyblock): Remove arg R_SIGSTATUS and change callers. * kbx/keybox-update.c (keybox_insert_keyblock): Likewise. -- This thing was too complicated and has been replaced by the new ring trust packet code. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 15:18:45 +02:00
const void *image, size_t imagelen);
gpg: First working support for keyboxes. * g10/getkey.c (get_pubkey_fast): Improve the assertion. * kbx/keybox.h: Include iobuf.h. * kbx/keybox-blob.c (keyboxblob_uid): Add field OFF. (KEYBOX_WITH_OPENPGP): Remove use of this macro. (pgp_create_key_part_single): New. (pgp_temp_store_kid): Change to use the keybox-openpgp parser. (pgp_create_key_part): Ditto. (pgp_create_uid_part): Ditto. (pgp_create_sig_part): Ditto. (pgp_create_blob_keyblock): Ditto. (_keybox_create_openpgp_blob): Ditto. * kbx/keybox-search.c (keybox_get_keyblock): New. * kbx/keybox-update.c (keybox_insert_keyblock): New. * g10/keydb.c (parse_keyblock_image): (keydb_get_keyblock): Support keybox. (build_keyblock_image): New. (keydb_insert_keyblock): Support keybox. * kbx/kbxutil.c (import_openpgp, main): Add option --dry-run and print a kbx file to stdout. * kbx/keybox-file.c (_keybox_read_blob2): Allow keyblocks up to 10^6 bytes. -- Import and key listing does now work with the keybox format. It is still quite slow and signature caching is completely missing. Increasing the maximum allowed length for a keyblock was required due to a 700k keyblock which inhibited kbxutil to list the file. kbxutil's option name --import-openpgp is not quite appropriate because it only creates KBX blobs from OpenPGP data.
2012-12-28 14:03:16 +01:00
gpg_error_t keybox_update_keyblock (KEYBOX_HANDLE hd,
const void *image, size_t imagelen);
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
#ifdef KEYBOX_WITH_X509
Replaced deprecated type names
2003-12-17 13:27:21 +01:00
int keybox_insert_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
unsigned char *sha1_digest);
Replaced deprecated type names
2003-12-17 13:27:21 +01:00
int keybox_update_cert (KEYBOX_HANDLE hd, ksba_cert_t cert,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
unsigned char *sha1_digest);
#endif /*KEYBOX_WITH_X509*/
* keybox.h (keybox_flag_t): New. * keybox-search.c (get_flag_from_image, keybox_get_flags): New. (_keybox_get_flag_location): New. * certchain.c (gpgsm_validate_chain): Mark revoked certs in the keybox. * keylist.c (list_cert_colon): New arg VALIDITY; use it to print a revoked flag. (list_internal_keys): Retrieve validity flag. (list_external_cb): Pass 0 as validity flag. * keydb.c (keydb_get_flags, keydb_set_flags): New. (keydb_set_cert_flags): New. (lock_all): Return a proper error code. (keydb_lock): New. (keydb_delete): Don't lock but check that it has been locked. (keydb_update_keyblock): Ditto. * delete.c (delete_one): Take a lock.
2004-02-02 18:09:35 +01:00
int keybox_set_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int value);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int keybox_delete (KEYBOX_HANDLE hd);
The keybox gets now compressed after 3 hours and ephemeral stored certificates are deleted after about a day.
2004-04-26 10:09:25 +02:00
int keybox_compress (KEYBOX_HANDLE hd);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- --*/
#if 0
int keybox_locate_writable (KEYBOX_HANDLE hd);
int keybox_rebuild_cache (void *);
#endif
/*-- keybox-util.c --*/
kbx: Add function keybox_tmp_names to avoid code duplication. * kbx/keybox-update.c (create_tmp_file): Move some code to... * kbx/keybox-util.c (keybox_tmp_names): new. * g10/keyring.c: Include keybox.h. (create_tmp_file): Replace parts by keybox_tmp_names. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-14 16:29:45 +01:00
gpg_error_t keybox_tmp_names (const char *filename, int for_keyring,
char **r_bakname, char **r_tmpname);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#ifdef __cplusplus
}
#endif
#endif /*KEYBOX_H*/