security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity
gnupg/g10/keydb.h

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

606 lines
22 KiB
C
Raw Normal View History

This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/* keydb.h - Key database
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
* 2006, 2010 Free Software Foundation, Inc.
gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid. * g10/keydb.h (keyid_cmp): New function. * g10/keyid.c (pk_keyid): New function. (pk_main_keyid): New function. (keyid_copy): New function. (pk_keyid_str): New function. * g10/packet.h (PKT_public_key): Update comments for main_keyid and keyid. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk, NULL) to ensure that pk->keyid is valid. Because it is easy to forget to do this, these accessor functions take care of it.
2016-02-19 14:48:56 +01:00
* Copyright (C) 2015, 2016 g10 Code GmbH
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
Changed to GPLv3. Removed intl/.
2007-07-04 21:49:40 +02:00
* the Free Software Foundation; either version 3 of the License, or
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
Change all http://www.gnu.org in license notices to https:// --
2016-11-05 12:02:19 +01:00
* along with this program; if not, see <https://www.gnu.org/licenses/>.
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
*/
#ifndef G10_KEYDB_H
#define G10_KEYDB_H
Remove -I option to common. * dirmngr/Makefile.am (AM_CPPFLAGS): Remove -I$(top_srcdir)/common. * g10/Makefile.am (AM_CPPFLAGS): Ditto. * g13/Makefile.am (AM_CPPFLAGS): Ditto. * kbx/Makefile.am (AM_CPPFLAGS): Ditto. * scd/Makefile.am (AM_CPPFLAGS): Ditto. * sm/Makefile.am (AM_CPPFLAGS): Ditto. * tools/Makefile.am (AM_CPPFLAGS): Ditto. * Throughout: Follow the change. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-03-07 12:21:23 +01:00
#include "../common/types.h"
#include "../common/util.h"
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#include "packet.h"
doc: Add a code comment about back signatures. --
2018-04-06 11:01:46 +02:00
/* What qualifies as a certification (key-signature in contrast to a
* data signature)? Note that a back signature is special and can be
* made by key and data signatures capable subkeys.) */
gpg: Prepare parser for the new attestation certificates. * common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New. * g10/keydb.h (IS_ATTST_SIGS): New. (IS_CERT): Include the new one. * g10/sign.c (mk_notation_policy_etc): Do not put notations into attestation key signatures. * g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo. Print the attestation sigs. (parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS. (can_handle_critical): Ditto. (enum_sig_subpkt): Pass digest algo to dump_sig_subpkt. -- This change allows to list the new subpacket with --list-packets. Example output: :signature packet: algo 22, keyid C694723A1370EAB1 version 4, created 1567097576, md5len 0, sigclass 0x16 digest algo 8, begin of digest ff 0c hashed subpkt 2 len 4 (sig created 2019-08-29) hashed subpkt 37 len 32 (attst-sigs: 1 A794C6E9CCFE2F34C67E07[...]) hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...]) subpkt 16 len 8 (issuer key ID C694723A1370EAB1) data: [256 bits] data: [256 bits] GnuPG-bug-id: 4694 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 21:27:13 +02:00
#define IS_CERT(s) (IS_KEY_SIG(s) \
|| IS_UID_SIG(s) \
|| IS_SUBKEY_SIG(s) \
|| IS_KEY_REV(s) \
|| IS_UID_REV(s) \
|| IS_SUBKEY_REV(s) \
|| IS_ATTST_SIGS(s) )
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define IS_SIG(s) (!IS_CERT(s))
#define IS_KEY_SIG(s) ((s)->sig_class == 0x1f)
#define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10)
gpg: Prepare parser for the new attestation certificates. * common/openpgpdefs.h (SIGSUBPKT_ATTST_SIGS): New. * g10/keydb.h (IS_ATTST_SIGS): New. (IS_CERT): Include the new one. * g10/sign.c (mk_notation_policy_etc): Do not put notations into attestation key signatures. * g10/parse-packet.c (dump_sig_subpkt): Add new arg digest_algo. Print the attestation sigs. (parse_one_sig_subpkt): Support SIGSUBPKT_ATTST_SIGS. (can_handle_critical): Ditto. (enum_sig_subpkt): Pass digest algo to dump_sig_subpkt. -- This change allows to list the new subpacket with --list-packets. Example output: :signature packet: algo 22, keyid C694723A1370EAB1 version 4, created 1567097576, md5len 0, sigclass 0x16 digest algo 8, begin of digest ff 0c hashed subpkt 2 len 4 (sig created 2019-08-29) hashed subpkt 37 len 32 (attst-sigs: 1 A794C6E9CCFE2F34C67E07[...]) hashed subpkt 33 len 21 (issuer fpr v4 156A3872[...]) subpkt 16 len 8 (issuer key ID C694723A1370EAB1) data: [256 bits] data: [256 bits] GnuPG-bug-id: 4694 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-05 21:27:13 +02:00
#define IS_ATTST_SIGS(s) ((s)->sig_class == 0x16)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
gpg: Re-indent sig-check.c and use signature class macros. * g10/keydb.h (IS_BACK_SIG): New. * g10/sig-check.c: Re-indent and use macros. -- This makes the code easier to understand. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 10:18:53 +02:00
#define IS_BACK_SIG(s) ((s)->sig_class == 0x19)
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
#define IS_KEY_REV(s) ((s)->sig_class == 0x20)
#define IS_UID_REV(s) ((s)->sig_class == 0x30)
#define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28)
struct getkey_ctx_s;
typedef struct getkey_ctx_s *GETKEY_CTX;
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
typedef struct getkey_ctx_s *getkey_ctx_t;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/****************
* A Keyblock is all packets which form an entire certificate;
* i.e. the public key, certificate, trust packets, user ids,
* signatures, and subkey.
*
* This structure is also used to bind arbitrary packets together.
*/
gpg: Avoid importing secret keys if the keyblock is not valid. * g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by new field TAG. * g10/kbnode.c (alloc_node): Change accordingly. * g10/import.c (import_one): Add arg r_valid. (sec_to_pub_keyblock): Set tags. (resync_sec_with_pub_keyblock): New. (import_secret_one): Change return code to gpg_error_t. Return an error code if sec_to_pub_keyblock failed. Resync secret keyblock. -- When importing an invalid secret key ring for example without key binding signatures or no UIDs, gpg used to let gpg-agent store the secret keys anyway. This is clearly a bug because the diagnostics before claimed that for example the subkeys have been skipped. Importing the secret key parameters then anyway is surprising in particular because a gpg -k does not show the key. After importing the public key the secret keys suddenly showed up. This changes the behaviour of GnuPG-bug-id: 4392 to me more consistent but is not a solution to the actual bug. Caution: The ecc.scm test now fails because two of the sample keys don't have binding signatures. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-15 19:50:37 +01:00
struct kbnode_struct
{
kbnode_t next;
PACKET *pkt;
int flag; /* Local use during keyblock processing (not cloned).*/
unsigned int tag; /* Ditto. */
int private_flag;
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
};
#define is_deleted_kbnode(a) ((a)->private_flag & 1)
#define is_cloned_kbnode(a) ((a)->private_flag & 2)
gpg: Move key cleaning functions to a separate file. * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid) (clean_uid_from_key, clean_one_uid, clean_key): Move to ... * g10/key-clean.c: new file. * g10/key-clean.h: New. * g10/Makefile.am (gpg_sources): Add new files. * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include new header. * g10/trustdb.h (struct key_item, is_in_klist): Move to ... * g10/keydb.h: here. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 11:40:16 +02:00
/*
* A structure to store key identification as well as some stuff
* needed for key validation.
*/
struct key_item {
struct key_item *next;
unsigned int ownertrust,min_ownertrust;
byte trust_depth;
byte trust_value;
char *trust_regexp;
u32 kid[2];
};
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
/* Bit flags used with build_pk_list. */
gpg: Use enums instead of defines. * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum. (PK_LIST_HIDDEN): Likewise. (PK_LIST_CONFIG): Likewise. (PK_LIST_SHIFT): Likewise.n -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Using an enum has the advantage that the symbol can be used in gdb.
2015-12-17 10:36:27 +01:00
enum
{
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
PK_LIST_ENCRYPT_TO = 1, /* This is an encrypt-to recipient. */
PK_LIST_HIDDEN = 2, /* This is a hidden recipient. */
PK_LIST_CONFIG = 4, /* Specified via config file. */
PK_LIST_FROM_FILE = 8 /* Take key from file with that name. */
gpg: Use enums instead of defines. * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum. (PK_LIST_HIDDEN): Likewise. (PK_LIST_CONFIG): Likewise. (PK_LIST_SHIFT): Likewise.n -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Using an enum has the advantage that the symbol can be used in gdb.
2015-12-17 10:36:27 +01:00
};
gpg: Remove unused definitions. * g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants. (keyblock_pos_struct, KBPOS): Remove struct and type. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 12:43:13 +01:00
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
/* To store private data in the flags the private data must be left
gpg: Remove unused definitions. * g10/keydb.h (rt_UNKNOWN, rt_RING): Remove constants. (keyblock_pos_struct, KBPOS): Remove struct and type. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-01-17 12:43:13 +01:00
* shifted by this value. */
gpg: Use enums instead of defines. * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum. (PK_LIST_HIDDEN): Likewise. (PK_LIST_CONFIG): Likewise. (PK_LIST_SHIFT): Likewise.n -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Using an enum has the advantage that the symbol can be used in gdb.
2015-12-17 10:36:27 +01:00
enum
{
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
PK_LIST_SHIFT = 4
gpg: Use enums instead of defines. * g10/keydb.h (PK_LIST_ENCRYPT_TO): Change from a macro to an enum. (PK_LIST_HIDDEN): Likewise. (PK_LIST_CONFIG): Likewise. (PK_LIST_SHIFT): Likewise.n -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Using an enum has the advantage that the symbol can be used in gdb.
2015-12-17 10:36:27 +01:00
};
gpg: Do not pre-check keys given on the command line. * g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG) (PK_LIST_SHIFT): New. * g10/pkclist.c (build_pk_list): Use them here. * g10/gpg.c (check_user_ids, main): Ditto. * g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR. (check_user_ids): Skip check for command line specified options. -- If a key has been given on the command line and it has not been given by one of the encrypt-to options, we now skip the checks. The reason is that the actual key selection code does its own checks and provides proper status message to the caller to detect the wrong keys. Without this we would break most frontends because they expect for example STATUS_INV_RECP. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-04 08:56:02 +01:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
Some changes to suport g13.
2009-09-30 17:28:38 +02:00
/* Structure to hold a couple of public key certificates. */
typedef struct pk_list *PK_LIST; /* Deprecated. */
typedef struct pk_list *pk_list_t;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct pk_list
Some changes to suport g13.
2009-09-30 17:28:38 +02:00
{
PK_LIST next;
PKT_public_key *pk;
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
int flags; /* See PK_LIST_ constants. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
};
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
/* Structure to hold a list of secret key certificates. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
typedef struct sk_list *SK_LIST;
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
struct sk_list
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
{
SK_LIST next;
PKT_public_key *pk;
int mark; /* not used */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
};
/* structure to collect all information which can be used to
* identify a public key */
typedef struct pubkey_find_info *PUBKEY_FIND_INFO;
struct pubkey_find_info {
u32 keyid[2];
unsigned nbits;
byte pubkey_algo;
byte fingerprint[MAX_FINGERPRINT_LEN];
char userid[1];
};
Spelling fixes in docs and comments. -- In addition, fix trailing spaces in tests/inittests. GnuPG-bug-id: 3121 Reported-by: ka7 (klemens) Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-04-28 03:06:33 +02:00
/* Helper type for preference functions. */
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. * g10/keydb.h (pref_hint): Change from union to struct and add field 'exact'. Adjust callers. * g10/pkclist.c (algo_available): Take care of the exact hint. * g10/sign.c (sign_file): Rework the hash detection from recipient prefs. -- This fixes a encrypt+sign case like: One recipient key has SHA512 as highest ranked hash preference but the the signing key is a 256 bit curve. Because we don't want to use a truncated hash with ECDSA, we need to have an exact match - this is in particular important for smartcard which check that the hash matches the curves. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
2020-11-13 15:43:30 +01:00
struct pref_hint
Preparing a new release
2006-07-27 16:18:55 +02:00
{
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. * g10/keydb.h (pref_hint): Change from union to struct and add field 'exact'. Adjust callers. * g10/pkclist.c (algo_available): Take care of the exact hint. * g10/sign.c (sign_file): Rework the hash detection from recipient prefs. -- This fixes a encrypt+sign case like: One recipient key has SHA512 as highest ranked hash preference but the the signing key is a 256 bit curve. Because we don't want to use a truncated hash with ECDSA, we need to have an exact match - this is in particular important for smartcard which check that the hash matches the curves. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
2020-11-13 15:43:30 +01:00
int digest_length; /* We want at least this digest length. */
int exact; /* We need to use exactly this length. */
Preparing a new release
2006-07-27 16:18:55 +02:00
};
gpg: Revamp reading and writing of ring trust packets. * g10/parse-packet.c (parse_trust): Rename to ... (parse_ring_trust): this. Change args and implement new ring trust packet format. (parse): Add special ring trust packet handling. * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and KEYSRC. (PKT_public_key): Ditto. (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts. (PKT_ring_trust): New. (struct packet_struct): Remove member RING_TRUST. (strcu parse_packet_ctx_s): Add field SKIP_META. (init_parse_packet): Init SKIPT_META. * g10/free-packet.c (release_public_key_parts): Free UDPATEURL. (free_user_id): Ditto. * g10/mainproc.c (list_node): Remove printing of non-documented "rtv" lines. * g10/build-packet.c (build_packet_and_meta): New. (do_ring_trust): New. * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta in backup mode. (do_export_one_keyblock): Ditto. * g10/import.c (read_block): Add arg WITH_META. Skip ring trust packets if that ism not set. (import): Call read_block WITH_META in restore mode. * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS) (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not yet used, though. * g10/keydb.c (parse_keyblock_image): Allow ring trust packets. (build_keyblock_image): Ditto. Use build_packet_and_meta. * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of ring trust packets. (write_keyblock): Use build_packet_and_meta. Remove special treatment of ring trust packets and initialization of the signature caches. -- This patch introduced the framework to store meta data for keys and user ids in the keyrings/keyboxes. Ring trust packets are implementation defined and have always been used in gpg to cache the signature verification status. Ring trust packets are only exported with the export option "backup" and only imported with the import option "restore". The new code uses a cleaner way to handle the ring trust packets: When the parser reads a ring trust packet and the previously read packet matches the type of that ring trust packet, the information is stored in that previously read packet (signature, user id, or primary key) and the next packet is read immediately. Thus only the parser sees the ring trust packets. Ring trust packets are written by using the new function build_packet_and_meta instead of build_packet. That function writes a ring trust packet when the needed information is available. As a side-effect of this patch the signature status cache works again and "gpg --check-sigs" is thus much faster. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
/* Constants to describe from where a key was fetched or updated. */
enum
{
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
KEYORG_UNKNOWN = 0,
KEYORG_KS = 1, /* Public keyserver. */
KEYORG_KS_PREF = 2, /* Preferred keysrver. */
KEYORG_DANE = 3, /* OpenPGP DANE. */
KEYORG_WKD = 4, /* Web Key Directory. */
KEYORG_URL = 5, /* Trusted URL. */
KEYORG_FILE = 6, /* Trusted file. */
doc: Comment fixes and one trailing comma fix. --
2017-07-20 14:49:07 +02:00
KEYORG_SELF = 7 /* We generated it. */
gpg: Revamp reading and writing of ring trust packets. * g10/parse-packet.c (parse_trust): Rename to ... (parse_ring_trust): this. Change args and implement new ring trust packet format. (parse): Add special ring trust packet handling. * g10/packet.h (PKT_user_id): New fields KEYUPDATE, UPDATEURL, and KEYSRC. (PKT_public_key): Ditto. (RING_TRUST_SIG, RING_TRUST_KEY, RING_TRUST_UID): New consts. (PKT_ring_trust): New. (struct packet_struct): Remove member RING_TRUST. (strcu parse_packet_ctx_s): Add field SKIP_META. (init_parse_packet): Init SKIPT_META. * g10/free-packet.c (release_public_key_parts): Free UDPATEURL. (free_user_id): Ditto. * g10/mainproc.c (list_node): Remove printing of non-documented "rtv" lines. * g10/build-packet.c (build_packet_and_meta): New. (do_ring_trust): New. * g10/export.c (write_keyblock_to_output): Use build_packet_and_meta in backup mode. (do_export_one_keyblock): Ditto. * g10/import.c (read_block): Add arg WITH_META. Skip ring trust packets if that ism not set. (import): Call read_block WITH_META in restore mode. * g10/keydb.h (KEYSRC_UNKNOWN, KEYSRC_FILE, KEYSRC_KS, KEYSRC_PREF_KS) (KEYSRC_WKD, KEYSRC_WKD_SD, KEYSRC_DANE): New constants. They are not yet used, though. * g10/keydb.c (parse_keyblock_image): Allow ring trust packets. (build_keyblock_image): Ditto. Use build_packet_and_meta. * g10/keyring.c (keyring_get_keyblock): Remove specila treatment of ring trust packets. (write_keyblock): Use build_packet_and_meta. Remove special treatment of ring trust packets and initialization of the signature caches. -- This patch introduced the framework to store meta data for keys and user ids in the keyrings/keyboxes. Ring trust packets are implementation defined and have always been used in gpg to cache the signature verification status. Ring trust packets are only exported with the export option "backup" and only imported with the import option "restore". The new code uses a cleaner way to handle the ring trust packets: When the parser reads a ring trust packet and the previously read packet matches the type of that ring trust packet, the information is stored in that previously read packet (signature, user id, or primary key) and the next packet is read immediately. Thus only the parser sees the ring trust packets. Ring trust packets are written by using the new function build_packet_and_meta instead of build_packet. That function writes a ring trust packet when the needed information is available. As a side-effect of this patch the signature status cache works again and "gpg --check-sigs" is thus much faster. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-30 09:07:02 +02:00
};
gpg: Move key cleaning functions to a separate file. * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid) (clean_uid_from_key, clean_one_uid, clean_key): Move to ... * g10/key-clean.c: new file. * g10/key-clean.h: New. * g10/Makefile.am (gpg_sources): Add new files. * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include new header. * g10/trustdb.h (struct key_item, is_in_klist): Move to ... * g10/keydb.h: here. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 11:40:16 +02:00
/*
* Check whether the signature SIG is in the klist K.
*/
static inline struct key_item *
is_in_klist (struct key_item *k, PKT_signature *sig)
{
for (; k; k = k->next)
{
if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1])
return k;
}
return NULL;
}
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
/*-- call-keyboxd.c --*/
gpg: First rough implementation of keyboxd access for key lookup. * g10/Makefile.am: Add nPth flags. * g10/gpg.c: Include npth.h. (gpg_deinit_default_ctrl): Deinit call-keyboxd local data. (main): Init nPth. * g10/keydb-private.h (struct keydb_handle_s): Add field 'kbl' and remove the search result and the assuan context. * g10/call-keyboxd.c (struct keyboxd_local_s): Add more fields. (lock_datastream, unlock_datastream): New. (gpg_keyboxd_deinit_session_data): Adjust for changed data structures. (prepare_data_pipe): New. (open_context): Return kbl instead of an Assuan context. Init mutexes etc. (close_context): Merge into ... (keydb_release): here. Adjust for changed data structures. (datastream_thread): New. (keydb_get_keyblock): Implement datastream stuff. (keydb_search): Ditto. * common/asshelp.c (wait_for_sock): Add arg connect_flags. (start_new_service): Set FDPASSING flag for the keyboxd. -- This code as a lot of rough edges, in particular it relies on a well behaving keyboxd. We need to add code to shutdown the datastream reader thread in case of errors and to properly get it up again. We also need to make really sure that both threads run in lockstep so that the datastream thread is only active while we are sending a command to the keyboxd. We should also see whether we can depend nPth initialization on the --use-keyboxd option to avoid any problems with nPth. And we need to test on Windows. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-10 16:05:54 +02:00
/* Release all open contexts to the keyboxd. */
void gpg_keyboxd_deinit_session_data (ctrl_t ctrl);
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
/* Create a new database handle. Returns NULL on error, sets ERRNO,
* and prints an error diagnostic. */
KEYDB_HANDLE keydb_new (ctrl_t ctrl);
/* Release a keydb handle. */
void keydb_release (KEYDB_HANDLE hd);
/* Take a lock if we are not using the keyboxd. */
gpg_error_t keydb_lock (KEYDB_HANDLE hd);
/* Return the keyblock last found by keydb_search. */
gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, kbnode_t *ret_kb);
/* Update the keyblock KB. */
gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb);
/* Insert a keyblock into one of the storage system. */
gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb);
/* Delete the currently selected keyblock. */
gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd);
/* Clears the current search result and resets the handle's position. */
gpg_error_t keydb_search_reset (KEYDB_HANDLE hd);
/* Search the database for keys matching the search description. */
gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
size_t ndesc, size_t *descindex);
gpg: Move key cleaning functions to a separate file. * g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid) (clean_uid_from_key, clean_one_uid, clean_key): Move to ... * g10/key-clean.c: new file. * g10/key-clean.h: New. * g10/Makefile.am (gpg_sources): Add new files. * g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include new header. * g10/trustdb.h (struct key_item, is_in_klist): Move to ... * g10/keydb.h: here. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 11:40:16 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- keydb.c --*/
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
#define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */
#define KEYDB_RESOURCE_FLAG_DEFAULT 4 /* The default one. */
#define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */
gpg: Allow gpgv to work with a trustedkeys.kbx file. * g10/keydb.h (KEYDB_RESOURCE_FLAG_GPGVDEF): New. * g10/keydb.c (keydb_add_resource): Take care of new flag. * g10/gpgv.c (main): Use new flag. -- GnuPG-bug-id: 2025 Signed-off-by: Werner Koch <wk@gnupg.org>
2015-08-07 15:53:56 +02:00
#define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
gpg: Make debugging search descriptors easier. * g10/keydb.c (dump_search_desc): Rename from this... (keydb_search_desc_dump): ... to this. Only process a single search descriptor. Improve output. Don't mark as static. Update callers. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-11-17 11:36:38 +01:00
/* Format a search term for debugging output. The caller must free
the result. */
char *keydb_search_desc_dump (struct keydb_search_desc *desc);
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Register a resource (keyring or keybox). */
gpg: First patches to support a keybox storage backend. * kbx/keybox-defs.h (_keybox_write_header_blob): Move prototype to .. * kbx/keybox.h: here. * kbx/keybox-init.c (keybox_lock): Add dummy function * g10/keydb.c: Include keybox.h. (KeydbResourceType): Add KEYDB_RESOURCE_TYPE_KEYBOX. (struct resource_item): Add field kb. (maybe_create_keyring_or_box): Add error descriptions to diagnostics. Add arg IS_BOX. Write a header for a new keybox file. (keydb_add_resource): No more need for the force flag. Rename the local variable "force" to "create". Add URL scheme "gnupg-kbx". Add magic test to detect a keybox file. Add basic support for keybox. (keydb_new, keydb_get_resource_name, keydb_delete_keyblock) (keydb_locate_writable, keydb_search_reset, keydb_search2): Add support for keybox. (lock_all, unlock_all): Ditto. * g10/Makefile.am (needed_libs): Add libkeybox.a. (gpg2_LDADD, gpgv2_LDADD): Add KSBA_LIBS as a workaround. * g10/keydb.h (KEYDB_RESOURCE_FLAG_PRIMARY) KEYDB_RESOURCE_FLAG_DEFAULT, KEYDB_RESOURCE_FLAG_READONLY): New. * g10/gpg.c, g10/gpgv.c (main): Use new constants. -- I did most of these changes back in 2011 and only cleaned them up now. More to follow soon.
2012-12-27 15:04:29 +01:00
gpg_error_t keydb_add_resource (const char *url, unsigned int flags);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
/* Dump some statistics to the log. */
void keydb_dump_stats (void);
/* Set a flag on the handle to suppress use of cached results. This
is required for updating a keyring and for key listings. Fixme:
Using a new parameter for keydb_new might be a better solution. */
gpg: Allow importing keys with duplicated long key ids. * g10/keydb.c (keydb_handle): Add field no_caching. (keyblock_cache): Repalce field kid by fpr. (keydb_disable_caching): New. (keydb_search): Use the fingerprint as cache index. * g10/import.c (import_one): Use the fingerprint and not the kid to lookup the key. Call keydb_disable_caching beofre re-searching for update. * tests/openpgp/import.test: Add a test case. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-13 14:01:29 +02:00
void keydb_disable_caching (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Save the last found state and invalidate the current selection. */
gpg: Add push/pop found state feature to keydb. * g10/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init new field. (keydb_push_found_state, keydb_pop_found_state): New. * g10/keyring.c (kyring_handle): Add field saved_found. (keyring_push_found_state, keyring_pop_found_state): New. -- We have the same feature in gpgsm. It is very useful to check for an unambiguous user id with a follow up update of the keyblock. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 15:51:11 +02:00
void keydb_push_found_state (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Restore the previous save state. */
gpg: Add push/pop found state feature to keydb. * g10/keydb.c (keydb_handle): Add field saved_found. (keydb_new): Init new field. (keydb_push_found_state, keydb_pop_found_state): New. * g10/keyring.c (kyring_handle): Add field saved_found. (keyring_push_found_state, keyring_pop_found_state): New. -- We have the same feature in gpgsm. It is very useful to check for an unambiguous user id with a follow up update of the keyblock. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-08 15:51:11 +02:00
void keydb_pop_found_state (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the file name of the resource. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Find the first writable resource. */
g10: Remove unused parameter. * g10/keydb.h (keydb_locate_writable): Remove unused parameter reserved. Update users. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-28 16:22:59 +02:00
gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
/* Rebuild the on-disk caches of all key resources. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
void keydb_rebuild_caches (ctrl_t ctrl, int noisy);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
/* Return the number of skipped blocks (because they were to large to
read from a keybox) since the last search reset. */
gpg: Skip overlong keys and a print a warning. * kbx/keybox-search.c (keybox_search): Add arg r_skipped and skip too long blobs. * sm/keydb.c (keydb_search): Call keybox_search with a dummy param. * g10/keydb.c (struct keydb_handle): Add field skipped_long_blobs. (keydb_search_reset): Reset that field. (keydb_search): Update that field. (keydb_get_skipped_counter): New. * g10/keylist.c (list_all): Print count of skipped keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-10-09 21:01:49 +02:00
unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the first non-legacy key in the database. */
Re-indentation of keydb.c and error code changes. Returning -1 as an error code is not very clean given that gpg error has more descriptive error codes. Thus we now return GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
gpg_error_t keydb_search_first (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the next key (not the next matching key!). */
Re-indentation of keydb.c and error code changes. Returning -1 as an error code is not very clean given that gpg error has more descriptive error codes. Thus we now return GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
gpg_error_t keydb_search_next (KEYDB_HANDLE hd);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
/* This is a convenience function for searching for keys with a long
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
key id. */
Re-indentation of keydb.c and error code changes. Returning -1 as an error code is not very clean given that gpg error has more descriptive error codes. Thus we now return GPG_ERR_NOT_FOUND for all search operations and adjusted all callers.
2011-04-29 15:07:11 +02:00
gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
g10: Improve interface documentation of the keydb API. * g10/keydb.c: Improve code comments and documentation of internal interfaces. Improve documentation of public APIs and move that to... * g10/keydb.h: ... this file. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-08-31 11:14:21 +02:00
kbx: Add support for 32 byte fingerprints. * common/userids.c (classify_user_id): Support 32 byte fingerprints. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New. (struct keydb_search_desc): Add field fprlen. * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field version and increase size of fpr to 32. * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs. (struct keyboxblob_key): Add field fprlen and increase size of fpr. (pgp_create_key_part_single): Allow larger fingerprints. (create_blob_header): Implement blob version 2 and add arg want_fpr32. (_keybox_create_openpgp_blob): Detect the need for blob version 2. * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte fingerprints. (blob_cmp_fpr): Ditto. (blob_cmp_fpr_part): Ditto. (has_fingerprint): Add arg fprlen and pass on. (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed has_fingerprint. * kbx/keybox-openpgp.c (parse_key): Support version 5 keys. * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2. * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32. * g10/export.c (exact_subkey_match_p): Ditto. * g10/gpg.c (main): Ditto. * g10/getkey.c (get_pubkey_byfprint): Adjust for changed KEYDB_SEARCH_MODE_FPR. * g10/keydb.c (keydb_search_desc_dump): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR. (keydb_search): Add new arg fprlen and change all callers. * g10/keyedit.c (find_by_primary_fpr): Ditto. * g10/keyid.c (keystr_from_desc): Ditto. * g10/keyring.c (keyring_search): Ditto. * g10/keyserver.c (print_keyrec): Ditto. (parse_keyrec): Ditto. (keyserver_export): Ditto. (keyserver_retrieval_screener): Ditto. (keyserver_import): Ditto. (keyserver_import_fprint): Ditto. (keyidlist): Ditto. (keyserver_get_chunk): Ditto. * g10/keydb.c (keydb_search): Add new arg fprlen and change all callers. * sm/keydb.c (keydb_search_fpr): Adjust for changed KEYDB_SEARCH_MODE_FPR. -- This prepares the support for OpenPGP v5 keys. The new version 2 blob format is needed for the longer fingerprints and we also use this opportunity to prepare for storing the keygrip in the blob for faster lookup by keygrip. Right now this is not yet functional. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 08:54:59 +01:00
/* This is a convenience function for searching for keys by
* fingerprint. */
gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr, size_t fprlen);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Improve speed of --check-sigs and --lish-sigs. * g10/keydb.c (kid_list_t): New. (kid_not_found_table, n_kid_not_found_table): New. (kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New. (keydb_insert_keyblock): Flush the new cache. (keydb_delete_keyblock): Ditto. (keydb_update_keyblock): Ditto. (keydb_search): Use the new cache. (keydb_dump_stats): New. * g10/gpg.c (g10_exit): Dump keydb stats. -- What we do here is to keep track of key searches by long keyids (as stored in all signatures) so that we do not need to scan the keybox again after we already found that this keyid will result in not-found. As soon as we change gpg to run as a co-process we should store this table per session because other instances of gpg may have updated the keybox without us knowing. On a test ring with gpg: 94721 good signatures gpg: 6831 bad signatures gpg: 150703 signatures not checked due to missing keys gpg: 5 signatures not checked due to errors gpg: keydb: kid_not_found_table: total: 14132 this new cache speeds a --check-sigs listing up from 28 minutes to less than 3 minutes. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-06-20 15:03:32 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- pkclist.c --*/
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode );
gpg: If possible TRUST values now depend on signer's UID or --sender. * g10/mainproc.c (check_sig_and_print): Add failsafe check for PK. Pass KEYBLOCK down do check_signatures_trust. Protect existsing error ocde in case the signature expired. * g10/pkclist.c (is_in_sender_list): New. (check_signatures_trust): Add args keyblock and pk. Add new uid based checking code. * g10/test-stubs.c, g10/gpgv.c: Adjust stubs. -- GnuPG-bug-id: 4735 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-06-08 20:13:25 +02:00
gpg_error_t check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock,
PKT_public_key *pk, PKT_signature *sig);
Some changes to suport g13.
2009-09-30 17:28:38 +02:00
void release_pk_list (PK_LIST pk_list);
gpg: expand GPG groups when resolving a key * g10/expand-group.c: New * g10/pkclist.c: Extract expand_group and expand_id into expand-group.c. * g10/keydb.h: Add prototypes of expand_id and expand_group. * g10/getkey.c: Use expand_group before resolving key references. * g10/Makefile.am: Compile expand-group.c. -- When searching a key by its name, try to expand the provided name in case it is a GPG group reference. This GPG group resolution is performed before the individual keys are verified. This allows key listing using a GPG group reference. In particular, this modification fixes the encryption to group support in KDE's Kmail which is broken since version 18.04. Signed-off-by: Stephan Mueller <stephan.mueller@atsec.com> - Changed new filename to use a dash instead of an underscore. - Indendation changes. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-02-19 08:14:41 +01:00
int expand_id (const char *id, strlist_t *into, unsigned int flags);
gpg: Fix expand GPG groups when resolving a key * g10/expand-group.c (expand_group): Add arg prepend_input. * g10/pkclist.c (build_pk_list): Adjust for it. * g10/getkey.c (key_byname): Keep the expanded names in the CTX and don't premature free them. (get_pubkey_byname): Append the namelist to the extra_list. -- The original patch didn't kept the expanded list in the context and also would duplicate names which are not group names. The latter does not really harm but the former lead to a use after free. Original patch was applied just a few weeks ago. Fixes-commit: e825aea2ba3529c333d7ec2c76e63998cb83d999 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-30 14:08:13 +02:00
strlist_t expand_group (strlist_t input, int prepend_input);
gpg: Remove unused parameter. * g10/pkclist.c (build_pk_list): Remove parameter use, which is always called set to PUBKEY_USAGE_ENC. Update callers. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2015-12-18 13:26:40 +01:00
int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list);
Exporting secret keys via gpg-agent is now basically supported. A couple of forward ported changes. Doc updates.
2010-10-01 22:33:53 +02:00
gpg_error_t find_and_check_key (ctrl_t ctrl,
Nuked almost all trailing white space. We better do this once and for all instead of cluttering all future commits with diffs of trailing white spaces. In the majority of cases blank or single lines are affected and thus this change won't disturb a git blame too much. For future commits the pre-commit scripts checks that this won't happen again.
2011-02-04 12:57:53 +01:00
const char *name, unsigned int use,
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
int mark_hidden, int from_file,
pk_list_t *pk_list_addr);
Some changes to suport g13.
2009-09-30 17:28:38 +02:00
Preparing a new release
2006-07-27 16:18:55 +02:00
int algo_available( preftype_t preftype, int algo,
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. * g10/keydb.h (pref_hint): Change from union to struct and add field 'exact'. Adjust callers. * g10/pkclist.c (algo_available): Take care of the exact hint. * g10/sign.c (sign_file): Rework the hash detection from recipient prefs. -- This fixes a encrypt+sign case like: One recipient key has SHA512 as highest ranked hash preference but the the signing key is a 256 bit curve. Because we don't want to use a truncated hash with ECDSA, we need to have an exact match - this is in particular important for smartcard which check that the hash matches the curves. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
2020-11-13 15:43:30 +01:00
const struct pref_hint *hint );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int select_algo_from_prefs( PK_LIST pk_list, int preftype,
gpg: Fix the encrypt+sign hash algo preference selection for ECDSA. * g10/keydb.h (pref_hint): Change from union to struct and add field 'exact'. Adjust callers. * g10/pkclist.c (algo_available): Take care of the exact hint. * g10/sign.c (sign_file): Rework the hash detection from recipient prefs. -- This fixes a encrypt+sign case like: One recipient key has SHA512 as highest ranked hash preference but the the signing key is a 256 bit curve. Because we don't want to use a truncated hash with ECDSA, we need to have an exact match - this is in particular important for smartcard which check that the hash matches the curves. Signed-off-by: Werner Koch <wk@gnupg.org> Ported-from-stable: aeed0b93ff660fe271d8f98f8d5ce60aa5bf3ebe
2020-11-13 15:43:30 +01:00
int request, const struct pref_hint *hint);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int select_mdc_from_pklist (PK_LIST pk_list);
gpg: Unify AEAD parameter retrieval. * g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo. * g10/encrypt.c (use_aead): Return the AEAD algo. (encrypt_simple): Adjust for this change. (encrypt_crypt): Ditto. (encrypt_filter): Ditto. * g10/sign.c (sign_symencrypt_file): Ditto. * g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New. (openpgp_aead_algo_info): New. * g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (write_header): Use new fucntion. * g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove. (decrypt_data): Use new function. Also allow for chunkbytes other than 10. -- Note that other chunk bytes than 10 and in particular 0 (64 byte chunks) have not yet been tested. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 16:23:02 +01:00
aead_algo_t select_aead_from_pklist (pk_list_t pk_list);
gpg: Remove MDC options * g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc and --no-disable-mdc into NOPs. * g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used. (use_aead): Ignore MDC options. Print warning for missing MDC feature flags. * g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ... (warn_missing_aead_from_pklist): this and adjust. -- The MDC is now always used except with --rfc2440 which will lead to a a big fat warning. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 12:42:44 +02:00
void warn_missing_aead_from_pklist (PK_LIST pk_list);
Collected fixes.
2006-11-05 16:08:58 +01:00
void warn_missing_aes_from_pklist (PK_LIST pk_list);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- skclist.c --*/
Migrated more stuff to doc/ Migrated the gpg regression tests. Some changes tp the gpg code to fix bugs and for the use in testing. make distcheck works now with gpg enabled.
2006-08-21 22:20:23 +02:00
int random_is_faked (void);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void release_sk_list( SK_LIST sk_list );
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr,
SK_LIST *ret_sk_list, unsigned use);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- passphrase.h --*/
gpg: Use a more descriptive prompt for symmetric decryption. * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. * sm/decrypt.c (pwri_decrypt): Use "passphrase". -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b) Note that we keep on using the term "passphrase" although "password" would be better. There are however so many occurance of this and given it is a bike shedding topic we fix that in the PO files. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:27:54 +02:00
/* Flags for passphrase_to_dek */
#define GETPASSWORD_FLAG_SYMDECRYPT 1
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
int have_static_passphrase(void);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
const char *get_static_passphrase (void);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void set_passphrase_from_string(const char *pass);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void read_passphrase_from_fd( int fd );
gpg: Cleanup of dek_to_passphrase function (part 2). * g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg MODE to NOCACHE. (passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg MODE into CREATE and NOCACHE. Change all callers and adjust stubs. (passphrase_clear_cache): Remove args KEYID and ALGO. They are not used. Change caller. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-08-08 18:45:29 +02:00
void passphrase_clear_cache (const char *cacheid);
DEK *passphrase_to_dek (int cipher_algo, STRING2KEY *s2k,
int create, int nocache,
gpg: Use a more descriptive prompt for symmetric decryption. * g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New. (passphrase_to_dek_ext): Remove this obsolete prototype. * g10/passphrase.c (passphrase_get): Add arg flags. Use new flag value. (passphrase_to_dek): Add arg flags and pass it on. * g10/mainproc.c (proc_symkey_enc): Use new flag. * sm/decrypt.c (pwri_decrypt): Use "passphrase". -- Signed-off-by: Werner Koch <wk@gnupg.org> (cherry picked from commit 03f83bcda5d1f8d8246bcc1afc603b7f74d0626b) Note that we keep on using the term "passphrase" although "password" would be better. There are however so many occurance of this and given it is a bike shedding topic we fix that in the PO files. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-05-17 19:27:54 +02:00
const char *tryagain_text, unsigned int flags,
int *canceled);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void set_next_passphrase( const char *s );
char *get_last_passphrase(void);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void next_to_last_passphrase(void);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
void emit_status_need_passphrase (ctrl_t ctrl, u32 *keyid,
u32 *mainkeyid, int pubkey_algo);
gpg: Add pinentry-mode feature. * g10/gpg.c: Include shareddefs.h. (main): Add option --pinentry-mode. * g10/options.h (struct opt): Add field pinentry_mode. * g10/passphrase.c: Include shareddefs.h. (have_static_passphrase): Take care of loopback pinentry_mode. (read_passphrase_from_fd): Ditto. (get_static_passphrase): New. (passphrase_to_dek_ext): Factor some code out to ... (emit_status_need_passphrase): new. * g10/call-agent.c (start_agent): Send the pinentry mode. (default_inq_cb): Take care of the PASSPHRASE inquiry. Return a proper error code. (agent_pksign): Add args keyid, mainkeyid and pubkey_algo. (agent_pkdecrypt): Ditto. * g10/pubkey-enc.c (get_it): Pass new args. * g10/sign.c (do_sign): Pass new args. * g10/call-agent.c (struct default_inq_parm_s): New. Change all similar structs to reference this one. Change all users and inquire callback to use this struct, instead of NULL or some undefined but not used structs. This change will help to eventually get rid of global variables. -- This new features allows to use gpg without a Pinentry. As a prerequisite the agent must be configured to allow the loopback pinentry mode (option --allow-loopback-pinentry). For example gpg2 --pinentry-mode=loopback FILE.gpg may be used to decrypt FILE.gpg while entering the passphrase on the tty. If batch is used, --passphrase et al. may be used, if --command-fd is used, the passphrase may be provided by another process. Note that there are no try-again prompts in case of a bad passphrase.
2013-02-07 20:37:58 +01:00
gpg: Change pinentry prompt to talk about "secret key". * g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings. * g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT) (FORMAT_KEYDESC_EXPORT): New. Use them for clarity. -- The use of the term "certificate" was more confusing than helpful.
2014-04-14 14:40:18 +02:00
#define FORMAT_KEYDESC_NORMAL 0
#define FORMAT_KEYDESC_IMPORT 1
#define FORMAT_KEYDESC_EXPORT 2
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
#define FORMAT_KEYDESC_DELKEY 3
gpg: Allow passing a keygrip as description to pinentry. * g10/keydb.h (FORMAT_KEYDESC_KEYGRIP): New. * g10/passphrase.c (gpg_format_keydesc): Add new mode. Signed-off-by: Werner Koch <wk@gnupg.org>
2021-12-20 17:08:17 +01:00
#define FORMAT_KEYDESC_KEYGRIP 4
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
char *gpg_format_keydesc (ctrl_t ctrl,
PKT_public_key *pk, int mode, int escaped);
Provide a useful pinentry prompt.
2010-04-27 16:11:41 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- getkey.c --*/
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Cache a copy of a public key in the public key cache. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void cache_public_key( PKT_public_key *pk );
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Disable and drop the public key cache. */
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
void getkey_disable_caches(void);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER. * g10/getkey.c (get_pubkey_for_sig): New. (get_pubkeyblock_for_sig): New. * g10/mainproc.c (issuer_fpr_raw): Give global scope. (check_sig_and_print): Use get_pubkeyblock_for_sig. * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. * g10/sig-check.c (check_signature2): Ditto. (check_signature_over_key_or_uid): Ditto. -- GnuPG-bug-id: 4046 The whole getkey stuff is still a mess with way to much duplication and missing caching of already fetched data. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 20:55:32 +02:00
/* Return the public key used for signature SIG and store it at PK. */
gpg_error_t get_pubkey_for_sig (ctrl_t ctrl,
gpg: Make use of the included key block in a signature. * g10/import.c (read_key_from_file): Rename to ... (read_key_from_file_or_buffer): this and add new parameters. Adjust callers. (import_included_key_block): New. * g10/packet.h (PKT_signature): Add field flags.key_block. * g10/parse-packet.c (parse_signature): Set that flags. * g10/sig-check.c (check_signature2): Add parm forced_pk and change all callers. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Try the included key block if no key is available. -- This is is the second part to support the new Key Block subpacket. The idea is that after having received a signed mail, it is instantly possible to reply encrypted - without the need for any centralized infrastructure. There is one case where this does not work: A signed mail is received using a specified signer ID (e.g. using gpg --sender option) and the key block with only that user ID is thus imported. The next time a mail is received using the same key but with a different user ID; the signatures checks out using the key imported the last time. However, the new user id is not imported. Now when trying to reply to that last mail, no key will be found. We need to see whether we can update a key in such a case. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 17:14:34 +01:00
PKT_public_key *pk, PKT_signature *sig,
PKT_public_key *forced_pk);
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER. * g10/getkey.c (get_pubkey_for_sig): New. (get_pubkeyblock_for_sig): New. * g10/mainproc.c (issuer_fpr_raw): Give global scope. (check_sig_and_print): Use get_pubkeyblock_for_sig. * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. * g10/sig-check.c (check_signature2): Ditto. (check_signature_over_key_or_uid): Ditto. -- GnuPG-bug-id: 4046 The whole getkey stuff is still a mess with way to much duplication and missing caching of already fetched data. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 20:55:32 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the public key with the key id KEYID and store it at PK. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Auto import keys specified with --trusted-keys. * g10/getkey.c (get_pubkey_with_ldap_fallback): New. * g10/trustdb.c (verify_own_keys): Use it.
2021-04-25 20:03:07 +02:00
/* Same as get_pubkey but with auto LDAP fetch. */
gpg_error_t get_pubkey_with_ldap_fallback (ctrl_t ctrl,
PKT_public_key *pk, u32 * keyid);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
/* Similar to get_pubkey, but it does not take PK->REQ_USAGE into
account nor does it merge in the self-signed data. This function
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
also only considers primary keys. */
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
int get_pubkey_fast (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER. * g10/getkey.c (get_pubkey_for_sig): New. (get_pubkeyblock_for_sig): New. * g10/mainproc.c (issuer_fpr_raw): Give global scope. (check_sig_and_print): Use get_pubkeyblock_for_sig. * g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig. * g10/sig-check.c (check_signature2): Ditto. (check_signature_over_key_or_uid): Ditto. -- GnuPG-bug-id: 4046 The whole getkey stuff is still a mess with way to much duplication and missing caching of already fetched data. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 20:55:32 +02:00
/* Return the entire keyblock used to create SIG. This is a
* specialized version of get_pubkeyblock. */
kbnode_t get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig);
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the key block for the key with KEYID. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Don't check for ambiguous keys. * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
2015-12-22 14:57:53 +01:00
/* A list used by get_pubkeys to gather all of the matches. */
gpg: Rename struct pubkey to pukey_s and add pubkey_t. * g10/keydb.h (struct pubkey): Rename to pubkey_s. (pubkey_t): New. Change all struct pubkey_s to use this type. * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. -- It is common in GnuPG to use a suffix of _s for struct names. There is no technical need for this (actually this pattern comes from pre ANSI C compilers which had no separate namespaces) but it avoid surprises when reading the code. Adding the pubkey_t type is mainly to improve font locking by using the common suffix _t for a typedefed type. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:45:20 +01:00
struct pubkey_s
gpg: Don't check for ambiguous keys. * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
2015-12-22 14:57:53 +01:00
{
gpg: Rename struct pubkey to pukey_s and add pubkey_t. * g10/keydb.h (struct pubkey): Rename to pubkey_s. (pubkey_t): New. Change all struct pubkey_s to use this type. * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. -- It is common in GnuPG to use a suffix of _s for struct names. There is no technical need for this (actually this pattern comes from pre ANSI C compilers which had no separate namespaces) but it avoid surprises when reading the code. Adding the pubkey_t type is mainly to improve font locking by using the common suffix _t for a typedefed type. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:45:20 +01:00
struct pubkey_s *next;
gpg: Don't check for ambiguous keys. * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
2015-12-22 14:57:53 +01:00
/* The key to use (either the public key or the subkey). */
PKT_public_key *pk;
kbnode_t keyblock;
};
gpg: Rename struct pubkey to pukey_s and add pubkey_t. * g10/keydb.h (struct pubkey): Rename to pubkey_s. (pubkey_t): New. Change all struct pubkey_s to use this type. * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. -- It is common in GnuPG to use a suffix of _s for struct names. There is no technical need for this (actually this pattern comes from pre ANSI C compilers which had no separate namespaces) but it avoid surprises when reading the code. Adding the pubkey_t type is mainly to improve font locking by using the common suffix _t for a typedefed type. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:45:20 +01:00
typedef struct pubkey_s *pubkey_t;
gpg: Don't check for ambiguous keys. * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
2015-12-22 14:57:53 +01:00
/* Free a list of public keys. */
gpg: Rename struct pubkey to pukey_s and add pubkey_t. * g10/keydb.h (struct pubkey): Rename to pubkey_s. (pubkey_t): New. Change all struct pubkey_s to use this type. * g10/getkey.c (get_pubkeys): Rename arg keys to r_keys. -- It is common in GnuPG to use a suffix of _s for struct names. There is no technical need for this (actually this pattern comes from pre ANSI C compilers which had no separate namespaces) but it avoid surprises when reading the code. Adding the pubkey_t type is mainly to improve font locking by using the common suffix _t for a typedefed type. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-23 15:45:20 +01:00
void pubkeys_free (pubkey_t keys);
gpg: Don't check for ambiguous keys. * g10/gpg.c (struct result): Move from here... * g10/keydb.h (struct pubkey): ... to here. Update users. * g10/gpg.c (check_user_ids): Move from here... * g10/getkey.c (get_pubkeys): ... to here. Update users. Use get_pubkey_byname to look up the keys (this also prunes invalid keys). (pubkey_free): New function. (pubkeys_free): New function. * g10/gpg.c (main): Don't check for ambiguous key specifications. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Regression-due-to: e8c53fc This change not only moves the checks for ambiguous key specifications from gpg.c to getkey.c, it also disables the checks. The old code was too divorced from the actual key lookups and, as such, it reproduced the logic. Unfortunately, the reproduction was a poor one: despite fixing some inconsistencies (e.g., 10cca02), it still didn't deal with group expansion or the auto key lookup functionality. Given the amount of instability introduced by this change, we (Neal & Werner) decided it is better to defer introducing this functionality until 2.3.
2015-12-22 14:57:53 +01:00
gpg: Make the get_pubkey_byname interface easier to understand. * g10/keydb.h (enum get_pubkey_modes): New. * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and change all callers. -- This change prepares the implementation of GET_PUBKEY_NO_LOCAL. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 10:42:48 +02:00
/* Mode flags for get_pubkey_byname. */
enum get_pubkey_modes
{
GET_PUBKEY_NORMAL = 0,
GET_PUBKEY_NO_AKL = 1,
GET_PUBKEY_NO_LOCAL = 2
};
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Find a public key identified by NAME. */
gpg: Make the get_pubkey_byname interface easier to understand. * g10/keydb.h (enum get_pubkey_modes): New. * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and change all callers. -- This change prepares the implementation of GET_PUBKEY_NO_LOCAL. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 10:42:48 +02:00
int get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name,
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd,
gpg: Make the get_pubkey_byname interface easier to understand. * g10/keydb.h (enum get_pubkey_modes): New. * g10/getkey.c (get_pubkey_byname): Repalce no_akl by a mode arg and change all callers. -- This change prepares the implementation of GET_PUBKEY_NO_LOCAL. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 10:42:48 +02:00
int include_unusable);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
g10: Improve and unify key selection for -r and --locate-keys. * g10/getkey.c (struct pubkey_cmp_cookie): New type. (key_is_ok, uid_is_ok, subkey_is_ok): New functions. (pubkey_cmp): Likewise. (get_best_pubkey_byname): Likewise. * g10/keydb.h (get_best_pubkey_byname): New prototype. * g10/keylist.c (locate_one): Use the new function. * g10/pkclist.c (find_and_check_key): Likewise. * tests/openpgp/Makefile.am (XTESTS): Add new test. (TEST_FILES): Add new files. * tests/openpgp/key-selection.scm: New file. * tests/openpgp/key-selection/0.asc: Likewise. * tests/openpgp/key-selection/1.asc: Likewise. * tests/openpgp/key-selection/2.asc: Likewise. * tests/openpgp/key-selection/3.asc: Likewise. * tests/openpgp/key-selection/4.asc: Likewise. -- When a name resembling a mail address is given to either --locate-keys or --recipient, rank the search results and use only the most relevant key. This also lets us query which key will be used for encryption using --locate-keys. However, note that --locate-keys may also return keys incapable of encryption, though it will prefer keys that have an encryption subkey. GnuPG-bug-id: 2359 Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 18:48:51 +02:00
/* Likewise, but only return the best match if NAME resembles a mail
* address. */
gpg: New command --locate-external-key. * g10/gpg.c (aLocateExtKeys): New. (opts): Add --locate-external-keys. (main): Implement that. * g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL. (get_best_pubkey_byname): Add arg 'mode' and pass on to get_pubkey_byname. Change callers. * g10/keylist.c (public_key_list): Add arg 'no_local'. (locate_one): Ditto. Pass on to get_best_pubkey_byname. -- This new command is a shortcut for --auto-key-locate nodefault,clear,wkd,... --locate-key and uses the default or configured AKL list but does so without local. See also GnuPG-bug-id: 4599 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
gpg: Minor rework for better readibility of get_best_pubkey_byname. * g10/getkey.c (get_best_pubkey_byname): Change return type to gpg_error_t. Use var name err instead of rc. Move a gpg_error_from_syserror closer to the call. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-28 11:08:32 +02:00
GETKEY_CTX *retctx, PKT_public_key *pk,
const char *name, KBNODE *ret_keyblock,
gpg: Remove unused arg from a function. * g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'. Change both callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 15:11:10 +02:00
int include_unusable);
g10: Improve and unify key selection for -r and --locate-keys. * g10/getkey.c (struct pubkey_cmp_cookie): New type. (key_is_ok, uid_is_ok, subkey_is_ok): New functions. (pubkey_cmp): Likewise. (get_best_pubkey_byname): Likewise. * g10/keydb.h (get_best_pubkey_byname): New prototype. * g10/keylist.c (locate_one): Use the new function. * g10/pkclist.c (find_and_check_key): Likewise. * tests/openpgp/Makefile.am (XTESTS): Add new test. (TEST_FILES): Add new files. * tests/openpgp/key-selection.scm: New file. * tests/openpgp/key-selection/0.asc: Likewise. * tests/openpgp/key-selection/1.asc: Likewise. * tests/openpgp/key-selection/2.asc: Likewise. * tests/openpgp/key-selection/3.asc: Likewise. * tests/openpgp/key-selection/4.asc: Likewise. -- When a name resembling a mail address is given to either --locate-keys or --recipient, rank the search results and use only the most relevant key. This also lets us query which key will be used for encryption using --locate-keys. However, note that --locate-keys may also return keys incapable of encryption, though it will prefer keys that have an encryption subkey. GnuPG-bug-id: 2359 Signed-off-by: Justus Winter <justus@g10code.com>
2016-10-27 18:48:51 +02:00
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
/* Get a public key directly from file FNAME. */
gpg_error_t get_pubkey_fromfile (ctrl_t ctrl,
gpg: Actually encrypt to ADSKs. * g10/getkey.c (get_pubkey_fromfile): Add optional arg r_keyblock. * g10/pkclist.c (find_and_check_key): Also encrypt to RENC subkeys. -- GnuPG-bug-id: 6395
2023-03-01 18:56:29 +01:00
PKT_public_key *pk, const char *fname,
kbnode_t *r_keyblock);
gpg: New options --recipient-file and --hidden-recipient-file. * g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New. (opts): Add options --recipient-file and --hidden-recipient-file. (main): Implement them. Also remove duplicate code from similar options. * g10/keydb.h (PK_LIST_FROM_FILE): New. (PK_LIST_SHIFT): Bump up. * g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE. (find_and_check_key): Add and implement arg FROM_FILE. (build_pk_list): Pass new value for new arg. * g10/getkey.c (get_pubkey_fromfile): New. * g10/gpgv.c (read_key_from_file): New stub. * g10/test-stubs.c (read_key_from_file): New stub. * g10/server.c (cmd_recipient): Add flag --file. * g10/import.c (read_key_from_file): New. * tests/openpgp/defs.scm (key-file1): New. (key-file2): New. * tests/openpgp/setup.scm: Add their private keys and import the key-file1. * tests/openpgp/encrypt.scm: Add new test. -- Signed-off-by: Werner Koch <wk@gnupg.org>
2016-07-06 14:03:50 +02:00
gpg: Make use of the included key block in a signature. * g10/import.c (read_key_from_file): Rename to ... (read_key_from_file_or_buffer): this and add new parameters. Adjust callers. (import_included_key_block): New. * g10/packet.h (PKT_signature): Add field flags.key_block. * g10/parse-packet.c (parse_signature): Set that flags. * g10/sig-check.c (check_signature2): Add parm forced_pk and change all callers. * g10/mainproc.c (do_check_sig): Ditto. (check_sig_and_print): Try the included key block if no key is available. -- This is is the second part to support the new Key Block subpacket. The idea is that after having received a signed mail, it is instantly possible to reply encrypted - without the need for any centralized infrastructure. There is one case where this does not work: A signed mail is received using a specified signer ID (e.g. using gpg --sender option) and the key block with only that user ID is thus imported. The next time a mail is received using the same key but with a different user ID; the signatures checks out using the key imported the last time. However, the new user id is not imported. Now when trying to reply to that last mail, no key will be found. We need to see whether we can update a key in such a case. GnuPG-bug-id: 4856 Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 17:14:34 +01:00
/* Get a public key from a buffer. */
gpg_error_t get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf,
const void *buffer, size_t buflen,
u32 *want_keyid, kbnode_t *r_keyblock);
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the public key with the key id KEYID iff the secret key is
* available and store it at PK. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Lookup a key with the specified fingerprint. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock,
gpg: Improve 'General key info' line of --card-status. * g10/keylist.c (print_pubkey_info): Print either "pub" or "sub". * g10/getkey.c (get_pubkey_byfprint): Add optional arg R_KEYBLOCK. * g10/keyid.c (keyid_from_fingerprint): Adjust for change. * g10/revoke.c (gen_desig_revoke): Adjust for change. * g10/card-util.c (card_status): Simplify by using new arg. Align card-no string. * g10/card-util.c (card_status): Remove not used GnuPG-1 code. -- This now prints "sub" if the first used card key is actually a subkey. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-05-07 12:01:12 +02:00
const byte *fprint, size_t fprint_len);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
/* This function is similar to get_pubkey_byfprint, but it doesn't
merge the self-signed data into the public key and subkeys or into
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
the user ids. */
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
gpg_error_t get_pubkey_byfprint_fast (ctrl_t ctrl, PKT_public_key *pk,
gpg: Improve keydb handling in the main import function. * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ... (get_keyblock_byfprint_fast): .. new function. * g10/import.c (revocation_present): s/int rc/gpg_error_t err/. (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a handle. Remove the now surplus keyblock fetch in the merge branch. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 17:52:41 +02:00
const byte *fprint, size_t fprint_len);
/* This function is similar to get_pubkey_byfprint, but it doesn't
merge the self-signed data into the public key and subkeys or into
the user ids. */
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
gpg_error_t get_keyblock_byfprint_fast (ctrl_t ctrl,
kbnode_t *r_keyblock,
gpg: Improve keydb handling in the main import function. * g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ... (get_keyblock_byfprint_fast): .. new function. * g10/import.c (revocation_present): s/int rc/gpg_error_t err/. (import_one): Use get_keyblock_byfprint_fast to get the keyblock and a handle. Remove the now surplus keyblock fetch in the merge branch. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 17:52:41 +02:00
KEYDB_HANDLE *r_hd,
const byte *fprint, size_t fprint_len,
int lock);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
gpg: Take care of keydb_new returning NULL. * g10/keydb.c (keydb_new): Print an error message if needed. Also use xtrycalloc because we return an error anyway. * g10/delkey.c (do_delete_key): Handle error retruned by keydb_new. * g10/export.c (do_export_stream): Ditto. * g10/getkey.c (get_pubkey): Ditto. (get_pubkey_fast): Ditto. (get_pubkeyblock): Ditto. (get_seckey): Ditto. (key_byname): Ditto. (get_pubkey_byfprint): Ditto. (get_pubkey_byfprint_fast): Ditto. (parse_def_secret_key): Ditto. (have_secret_key_with_kid): Ditto. * g10/import.c (import_one): Ditto. (import_revoke_cert): Ditto. * g10/keyedit.c (keyedit_quick_adduid): Ditto. * g10/keygen.c (quick_generate_keypair): Ditto. (do_generate_keypair): Ditto. * g10/trustdb.c (validate_keys): Ditto. * g10/keyserver.c (keyidlist): Ditto. * g10/revoke.c (gen_desig_revoke): Ditto. (gen_revoke): Ditto. * g10/gpg.c (check_user_ids): Ditto. (main): Do not print an error message for keydb_new error. * g10/keylist.c (list_all): Use actual error code returned by keydb_new. * g10/t-keydb-get-keyblock.c (do_test): Abort on keydb_new error. * g10/t-keydb.c (do_test): Ditto. * g10/keyring.c (keyring_new): Actually return an error so that the existing keydb_new error checking makes sense for a keyring resource. (keyring_rebuild_cache): Take care of keyring_new returning an error. -- Commit 04a6b903 changed keydb_new to return an error. However the error was not checked at most places which we fix with this patch. To make things easier keydb_new prints an error message itself. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-12-03 12:18:32 +01:00
/* Returns true if a secret key is available for the public key with
key id KEYID. */
gpg: New option --use-keyboxd. * g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts. (opts): New options --use-keyboxd and --keyboxd-program. (main): Implement them. * g10/keydb.c: Move some defs out to ... * g10/keydb-private.h: new file. * g10/keydb.c: prefix function names with "internal" and move original functions to ... * g10/call-keyboxd.c: new file. Divert to the internal fucntion if --use-keyboxd is used. Add a CTRL arg to most fucntions and change all callers. * g10/Makefile.am (common_source): Add new files. (noinst_PROGRAMS): Do bot build gpgcompose. -- Note that this is just the framework with only a basic implementation of searching via keyboxd. Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 14:34:09 +02:00
int have_secret_key_with_kid (ctrl_t ctrl, u32 *keyid);
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
gpg: Add --encrypt-to-default-key. * g10/getkey.c (parse_def_secret_key): Drop the static qualifier and export the function. * g10/gpg.c (enum cmd_and_opt_values): Add value oEncryptToDefaultKey. (opts): Handle oEncryptToDefaultKey. (main): Likewise. * g10/options.h (opt): Add field encrypt_to_default_key. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> GnuPG-bug-id: 807
2015-11-03 23:39:46 +01:00
/* Parse the --default-key parameter. Returns the last key (in terms
of when the option is given) that is available. */
const char *parse_def_secret_key (ctrl_t ctrl);
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Look up a secret key. */
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk);
g10: Fix default-key selection for signing, possibly by card. * g10/call-agent.c (warn_version_mismatch): Revert. (start_agent): Suppress version mismatch if relevant. * g10/getkey.c (get_seckey_default_or_card): New. * g10/skclist.c (build_sk_list): Use get_seckey_default_or_card. -- The change of 97a2394, which prefers available card than default key specified is too strong. Fixes-commit: 97a2394ecafaa6f58e4a1f70ecfd04408dc15606 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-05-22 02:27:36 +02:00
gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk,
const byte *fpr, size_t fpr_len);
More changes on the way to remove secring.gpg.
2010-04-21 18:26:17 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Search for keys matching some criteria. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
gpg_error_t getkey_bynames (ctrl_t ctrl,
getkey_ctx_t *retctx, PKT_public_key *pk,
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
strlist_t names, int want_secret,
kbnode_t *ret_keyblock);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Search for one key matching some criteria. */
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
gpg_error_t getkey_byname (ctrl_t ctrl,
getkey_ctx_t *retctx, PKT_public_key *pk,
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
const char *name, int want_secret,
kbnode_t *ret_keyblock);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Return the next search result. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
gpg_error_t getkey_next (ctrl_t ctrl, getkey_ctx_t ctx,
PKT_public_key *pk, kbnode_t *ret_keyblock);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Release any resources used by a key listing context. */
gpg: Pass CTRL also to getkey_end. * g10/getkey.c (getkey_end): Add arg CTRL. Change all callers. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:35:28 +02:00
void getkey_end (ctrl_t ctrl, getkey_ctx_t ctx);
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
/* Return the database handle used by this context. The context still
owns the handle. */
KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx);
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Enumerate some secret keys. */
gpg: Allow multiple --default-key options. Take the last available key. * g10/getkey.c (parse_def_secret_key): New function. (get_seckey_default): Add parameter ctrl. Update callers. Use parse_def_secret_key to get the default secret key, if any. (getkey_byname): Likewise. (enum_secret_keys): Likewise. * g10/options.h (opt): Change def_secret_key's type from a char * to a strlist_t. * g10/gpg.c (main): When processing --default-key, add the key to OPT.DEF_SECRET_KEY. * g10/gpgv.c (get_session_key): Add parameter ctrl. Update callers. * g10/mainproc.c (proc_pubkey_enc): Likewise. (do_proc_packets): Likewise. * g10/pkclist.c (default_recipient): Likewise. * g10/pubkey-enc.c (get_session_key): Likewise. * g10/sign.c (clearsign_file): Likewise. (sign_symencrypt_file): Likewise. * g10/skclist.c (build_sk_list): Likewise. * g10/test-stubs.c (get_session_key): Likewise. -- Signed-off-by: Neal H. Walield <neal@g10code.com> GnuPG-bug-id: 806
2015-11-03 23:15:27 +01:00
gpg_error_t enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *pk);
Various changes to eventually support openpgp keys in pgp-agent. Comment fixes. Minor chnages in preparation of a W32CE port.
2010-02-02 15:06:19 +01:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* Set the mainkey_id fields for all keys in KEYBLOCK. */
gpg: Re-enable secret key deletion. * g10/call-agent.c (agent_delete_key): New. * g10/keydb.h (FORMAT_KEYDESC_DELKEY): New. * g10/passphrase.c (gpg_format_keydesc): Support new format. * g10/delkey.c (do_delete_key): Add secret key deletion.
2014-04-15 16:40:48 +02:00
void setup_main_keyids (kbnode_t keyblock);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Move documentation from keydb.h to keydb.c and getkey.c. -- When using tags (e.g. GNU global) to navigate the source code it is way easier to have the documentation close to the function we are looking at. Having the documentation in the header file would require an extra manual lookup to understand the function. Signed-off-by: Werner Koch <wk@gnupg.org>
2016-01-11 11:41:49 +01:00
/* This function merges information from the self-signed data into the
data structures. */
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
gpg: Allow adding of Additional Decryption Subkeys. * g10/free-packet.c (copy_public_key): Factor some code out to ... (copy_public_key_basics): new. * g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints. * g10/packet.h (PUBKEY_USAGE_RENC): Fix value. (SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c. (SIGNHINT_ADSK): New. (PKT_public_key): Change pubkey_usage from byte to u16. (PKT_user_id): Cosmetic fix: change help_key_usage from int to u16. * g10/getkey.c (parse_key_usage): Make public. * g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in account. * g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK. (make_keysig_packet): Ditto. (do_sign): No time warp check in ADSK mode. * g10/sig-check.c (check_signature_metadata_validity): Ditto. * g10/keygen.c (struct opaque_data_usage_and_pk): Remove. (write_keybinding): Do not use the removed struct. (do_add_key_flags): Support PUBKEY_USAGE_RENC and others. (keygen_add_key_flags_and_expire): Rewrite and make public. * g10/keyedit.c (enum cmdids): Add cmdADDADSK. (keyedit_menu): Add command "addadsk". (menu_addadsk): New. -- This makes use of a new encryption flag: The "restricted encryption key" (2nd,0x04) does not take part in any automatic selection of encryption keys. It is only found on a subkey signature (type 0x18), one that refers to the key the flag applies to. Followup patches will add encryption support and a --quick command. GnuPG-bug-id: 6395
2023-03-01 17:22:20 +01:00
/* This function parses the key flags and returns PUBKEY_USAGE_ flags. */
unsigned int parse_key_usage (PKT_signature *sig);
gpg: Extend the "sig" record in --list-mode. * g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call callers. (get_user_id): Add arg R_NOUID. Change call callers. * g10/mainproc.c (issuer_fpr_string): Make global. * g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key also in --list-mode. Print the "issuer fpr" field also if there is an issuer fingerprint subpacket. -- Scripts used to rely on the "User ID not found" string even in the --with-colons listing. However, that is not a good idea because that string is subject to translations etc. Now we have an explicit way of telling that a key is missing. For example: gpg --list-sigs --with-colons | \ awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}' Prints all keyids or fingerprint of signing keys for which we do not have the key in our local keyring. Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid);
char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid);
char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid);
char *get_user_id_native (ctrl_t ctrl, u32 *keyid);
gpg: Fix printing of the user id during import. * g10/getkey.c (struct keyid_list): Add field fprlen. (cache_user_id): Set and test it. (get_user_id_byfpr): Make static, add arg fprlen and use it. (get_user_id_byfpr_native): Add arg fprlen and change all callers. -- This was a regression in the 2.3 base. GnuPG-bug-id: 3801 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-05 17:02:43 +02:00
char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr, size_t fprlen);
g10: Improve documentation and comments for getkey.c. * g10/getkey.c: Improve documentation and comments for most functions. Move documentation for public functions from here... * g10/keydb.h: ... to here. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>.
2015-09-16 14:01:48 +02:00
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void release_akl(void);
gpg: Allow --locate-external-key even with --no-auto-key-locate. * g10/getkey.c (akl_empty_or_only_local): New. * g10/gpg.c (DEFAULT_AKL_LIST): New. (main): Use it here. (main) <aLocateExtKeys>: Set default AKL if none is set. -- This better matches the expectations of the user. The used list in this case is the default list ("local,wkd") with local ignored by the command anyway. GnuPG-bug-id: 4662 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-08-23 13:22:15 +02:00
int akl_empty_or_only_local (void);
gpg: Default to --auto-key-locate "local,wkd" and --auto-key-retrieve. * g10/gpg.c (main): Add KEYSERVER_AUTO_KEY_RETRIEVE to the default keyserver options. Set the default for --auto-key-locate to "local,wkd". Reset that default iff --auto-key-locate has been given in the option file or in the commandline. * g10/getkey.c (parse_auto_key_locate): Work on a copy of the arg. -- GnuPG-bug-id: 3324 Signed-off-by: Werner Koch <wk@gnupg.org>
2017-08-04 21:58:46 +02:00
int parse_auto_key_locate(const char *options);
gpg: New option --key-origin. * g10/keydb.h (KEYORG_): Rename to KEYORG_. * g10/packet.h (PKT_user_id): Rename field keysrc to keyorg. Adjust users. (PKT_public_key): Ditto. (PKT_ring_trust): Ditto. * g10/options.h (struct opt): Add field key_origin. * g10/getkey.c (parse_key_origin): New. * g10/gpg.c (oKeyOrigin): New. (opts): Add "keys-origin". (main): Set option. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-13 17:28:32 +02:00
int parse_key_origin (char *string);
gpg: New option --with-key-origin. * g10/getkey.c (parse_key_origin): Factor list out as ... (key_origin_list): new struct. (key_origin_string): New. * g10/gpg.c (oWithKeyOrigin): New const. (opts): New option --with-key-origin. (main): Implement option. * g10/options.h (struct opt): New flag with_key_origin. * g10/keylist.c (list_keyblock_print): Print key origin info. (list_keyblock_colon): Ditto.
2017-07-20 17:27:48 +02:00
const char *key_origin_string (int origin);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- keyid.c --*/
int pubkey_letter( int algo );
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize);
gpg: Add option --assert-pubkey_algo. * g10/keyid.c (parse_one_algo_string): New. (compare_pubkey_string_part): New. (compare_pubkey_string): New. * g10/verify.c (check_assert_signer_list): New. * g10/mainproc.c (check_sig_and_print): Call check_assert_pubkey_algo. * g10/options.h (opt): Add field assert_pubkey_algos. * g10/gpg.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Reorder RC modifications. Check assert_pubkey_algo_false. * common/status.h (ASSERT_PUBKEY_ALGOS): new. * common/t-support.h (LEAN_T_SUPPORT): Use a simplified version if this macro is set. * g10/gpgv.c (oAssertPubkeyAlgo): New. (opts): Add "--assert-pubkey_algo". (assert_pubkey_algo_false): New. (main): Parse option. (g10_exit): Check assert_pubkey_algo_false. * g10/t-keyid.c: New. * g10/Makefile.am: Add t-keyid. * g10/test-stubs.c: Add assert_pubkey_algos and assert_signer_list and remove from other tests. (check_assert_signer_list): Ditto. (check_assert_pubkey_algo): Ditto. -- GnuPG-bug-id: 6946
2024-02-10 14:24:50 +01:00
int compare_pubkey_string (const char *astr, const char *bstr);
gpg: Change format for the key size in --list-key and --edit-key. * g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode. * g10/options.h (struct opt): Add field legacy_list_mode. * g10/keydb.h (PUBKEY_STRING_SIZE): New. * g10/keyid.c (pubkey_string): New. * g10/import.c (import_one, import_secret_one): Use pubkey_string. * g10/keylist.c (print_seckey_info): Ditto. (print_pubkey_info, print_card_key_info): Ditto. (list_keyblock_print): Ditto. * g10/mainproc.c (list_node): Ditto. * g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto. * g10/keyedit.c (show_key_with_all_names): Ditto. Also change the format. (show_basic_key_info): Ditto. * common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519". (openpgp_oid_to_curve): Downcase "ed25519" -- For ECC it seems to be better to show the name of the curve and not just the size of the prime field. The curve name does not anymore fit into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length format does not work either. Thus the new format uses "rsa2048" - RSA with 2048 bit "elg1024" - Elgamal with 1024 bit "ed25519" - ECC using the curve Ed25519. "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4". unless --legacy-list-mode is given. In does not anymore line up nicely in columns thus I expect further changes to this new format. Signed-off-by: Werner Koch <wk@gnupg.org>
2014-02-05 10:37:59 +01:00
#define PUBKEY_STRING_SIZE 32
g10/ does build again.
2006-05-23 18:19:43 +02:00
u32 v3_keyid (gcry_mpi_t a, u32 *ki);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk );
gpg: Fix format_keyid when dynamically allocating the buffer. * g10/keyid.c (format_keyid): Return a char *, not a const char *. If BUFFER is NULL, then set LEN to the static buffer's size. -- Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-02-08 00:31:35 +01:00
char *format_keyid (u32 *keyid, int format, char *buffer, int len);
gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid. * g10/keydb.h (keyid_cmp): New function. * g10/keyid.c (pk_keyid): New function. (pk_main_keyid): New function. (keyid_copy): New function. (pk_keyid_str): New function. * g10/packet.h (PKT_public_key): Update comments for main_keyid and keyid. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk, NULL) to ensure that pk->keyid is valid. Because it is easy to forget to do this, these accessor functions take care of it.
2016-02-19 14:48:56 +01:00
/* Return PK's keyid. The memory is owned by PK. */
u32 *pk_keyid (PKT_public_key *pk);
/* Return the keyid of the primary key associated with PK. The memory
is owned by PK. */
u32 *pk_main_keyid (PKT_public_key *pk);
/* Order A and B. If A < B then return -1, if A == B then return 0,
and if A > B then return 1. */
static int GPGRT_ATTR_UNUSED
keyid_cmp (const u32 *a, const u32 *b)
{
if (a[0] < b[0])
return -1;
if (a[0] > b[0])
return 1;
if (a[1] < b[1])
return -1;
if (a[1] > b[1])
return 1;
return 0;
}
gpg: New list-option --show-unusable-sigs. * g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
2023-02-07 14:25:58 +01:00
/* Return true if both keyids are equal. */
static int GPGRT_ATTR_UNUSED
keyid_eq (const u32 *a, const u32 *b)
{
return a[0] == b[0] && a[1] == b[1];
}
g10: Add a convenience function for checking if a key is a primary key * g10/keydb.h (pk_is_primary): New function. * g10/tofu.c (get_trust): Use it. (tofu_register_signature): Likewise. (tofu_register_encryption): Likewise. (tofu_set_policy): Likewise. (tofu_get_policy): Likewise. Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 16:19:32 +01:00
/* Return whether PK is a primary key. */
static int GPGRT_ATTR_UNUSED
pk_is_primary (PKT_public_key *pk)
{
gpg: New list-option --show-unusable-sigs. * g10/options.h (LIST_SHOW_UNUSABLE_SIGS): New. * g10/gpg.c (parse_list_options): Add "show-unusable-sigs". * g10/keydb.h (keyid_eq): New. (pk_is_primary): New. * g10/keylist.c (list_signature_print): Early return for weak key signatures. Print "self-signature" instead of user-id. (list_keyblock_print): Simplify and always set self-sig node flag. -- This patch avoid the printing of often hundreds of "Invalid digest algorithm" notices during key signature listings if those key signatures were done with SHA1. The new option can be used to revert the behaviour. We now also print "[self-signature]" with --check-sigs or --list-sigs instead of the primary user id. This makes such listing easier to read.
2023-02-07 14:25:58 +01:00
return keyid_eq (pk_keyid (pk), pk_main_keyid (pk));
g10: Add a convenience function for checking if a key is a primary key * g10/keydb.h (pk_is_primary): New function. * g10/tofu.c (get_trust): Use it. (tofu_register_signature): Likewise. (tofu_register_encryption): Likewise. (tofu_set_policy): Likewise. (tofu_get_policy): Likewise. Signed-off-by: Neal H. Walfield <neal@g10code.com>
2016-11-21 16:19:32 +01:00
}
gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid. * g10/keydb.h (keyid_cmp): New function. * g10/keyid.c (pk_keyid): New function. (pk_main_keyid): New function. (keyid_copy): New function. (pk_keyid_str): New function. * g10/packet.h (PKT_public_key): Update comments for main_keyid and keyid. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk, NULL) to ensure that pk->keyid is valid. Because it is easy to forget to do this, these accessor functions take care of it.
2016-02-19 14:48:56 +01:00
/* Copy the keyid in SRC to DEST and return DEST. */
u32 *keyid_copy (u32 *dest, const u32 *src);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
size_t keystrlen(void);
const char *keystr(u32 *keyid);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *keystr_from_pk(PKT_public_key *pk);
Import OpenPGP keys into the agent.
2010-08-31 17:58:39 +02:00
const char *keystr_from_pk_with_sub (PKT_public_key *main_pk,
PKT_public_key *sub_pk);
gpg: Add accessor & utility functions for pk->keyid and pk->main_keyid. * g10/keydb.h (keyid_cmp): New function. * g10/keyid.c (pk_keyid): New function. (pk_main_keyid): New function. (keyid_copy): New function. (pk_keyid_str): New function. * g10/packet.h (PKT_public_key): Update comments for main_keyid and keyid. -- Signed-off-by: Neal H. Walfield <neal@g10code.com> Before accessing pk->keyid, it is necessary to call keyid_from_pk (pk, NULL) to ensure that pk->keyid is valid. Because it is easy to forget to do this, these accessor functions take care of it.
2016-02-19 14:48:56 +01:00
/* Return PK's key id as a string using the default format. PK owns
the storage. */
const char *pk_keyid_str (PKT_public_key *pk);
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
gpg: Pass CTRL to many more functions. -- For proper operations as a server we need to avoid global variables. Thus we need to pass the session state CTRL to most functions. Quite a lot of changes but fortunately straightforward to do. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-03-31 20:03:52 +02:00
u32 keyid_from_sig (PKT_signature *sig, u32 *keyid );
u32 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len,
u32 *keyid);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
byte *namehash_from_uid(PKT_user_id *uid);
unsigned nbits_from_pk( PKT_public_key *pk );
gpg: Make function mk_datestr public. * g10/keydb.h (MK_DATESTR_SIZE): New. * g10/keyid.c (mk_datestr): Make public. Add arg bufsize and use snprintf. Change arg atime to u32. (datestr_from_pk): Simplify. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. -- Note that this also reduces the size of the static buffers from 16 to 11 which is sufficient for the string. In the past we added the 5 extra bytes to cope for bugs in gmtime which is now handles by snprintf. Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-20 13:36:44 +02:00
/* Convert an UTC TIMESTAMP into an UTC yyyy-mm-dd string. Return
* that string. The caller should pass a buffer with at least a size
* of MK_DATESTR_SIZE. */
char *mk_datestr (char *buffer, size_t bufsize, u32 timestamp);
#define MK_DATESTR_SIZE 11
gpg: New option --full-timestrings. * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:01:07 +01:00
const char *dateonlystr_from_pk (PKT_public_key *pk);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *datestr_from_pk( PKT_public_key *pk );
gpg: New option --full-timestrings. * g10/options.h (opt): Add flags.full_timestrings. * g10/gpg.c (oFullTimestrings): New. (opts): New option. (main): Set new flag. * g10/keyid.c (dateonlystr_from_pk): New. (dateonlystr_from_sig): New. (datestr_from_pk): Divert to isotimestamp if requested. (datestr_from_sig): Ditto. (expirestr_from_pk): Ditto. (expirestr_from_sig): Ditto. (revokestr_from_pk): Ditto. * g10/import.c (impex_filter_getval): Use dateonlystr_from_sig and dateonlystr_from_pk. -- Quite helpful for debugging keys. Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-13 14:01:07 +01:00
const char *dateonlystr_from_sig( PKT_signature *sig );
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *datestr_from_sig( PKT_signature *sig );
const char *expirestr_from_pk( PKT_public_key *pk );
const char *expirestr_from_sig( PKT_signature *sig );
Merged with gpg 1.4.3 code. The gpg part does not yet build.
2006-04-19 13:26:11 +02:00
const char *revokestr_from_pk( PKT_public_key *pk );
gpg: Add list-option "show-usage". * g10/gpg.c (parse_list_options): Add "show-usage". * g10/options.h (LIST_SHOW_USAGE): New. * g10/keyid.c (usagestr_from_pk): Add arg FILL. Change caller. * g10/keylist.c (list_keyblock_print): Print usage info.
2014-08-12 10:36:30 +02:00
const char *usagestr_from_pk (PKT_public_key *pk, int fill);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
const char *colon_strtime (u32 t);
const char *colon_datestr_from_pk (PKT_public_key *pk);
const char *colon_datestr_from_sig (PKT_signature *sig);
const char *colon_expirestr_from_sig (PKT_signature *sig);
byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len );
gpg: Add option --with-v5-fingerprint * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
2023-09-04 16:34:55 +02:00
byte *v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len);
gpg: Fix trustdb for v5key. * g10/keydb.h (fpr20_from_pk): New. * g10/keyid.c (fpr20_from_pk): New. * g10/tdbio.c (tdbio_search_trust_byfpr): Use fpr20_from_pk. * g10/trustdb.c (keyid_from_fpr20): New. (verify_own_keys): Use keyid_from_fpr20. (tdb_update_ownertrust): Use fpr20_from_pk. (update_min_ownertrust): Likewise. (update_validity): Likewise. -- For the compatibility of existing implementation, we keep the format of trustdb untouched. The format of trustdb uses 20-byte fingerprint for the trust record entry. To handle both of v4key (with 20-byte fingerprint) and v5 key (with 32-byte fingerprint), we introduce FPR20 fingerprint, internally. For v4key, FPR20 is as same as v4 fingerprint. For v5key, FPR20 is constructed from v5key fingerprint. GnuPG-bug-id: 5000 Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-08-07 05:46:09 +02:00
void fpr20_from_pk (PKT_public_key *pk, byte array[20]);
gpg: Prepare for a new export option export-realclean. * g10/options.h (EXPORT_REALCLEAN): New. Also re-assign other values to keep them more in sync with the corresponding import values. * g10/export.c (parse_export_options): Add "export-realclean". (do_export_stream): Call clean_all_uids directly with the options arg. * g10/import.c (import_one_real): Change for direct use of options in clean_all_uids. * g10/key-clean.c (is_trusted_key_sig): New. Stub for now. (clean_sigs_from_uid): Re-purpose self_only to a general options arg. Implement EXPORT_REALCLEAN code path. (clean_one_uid): Re-purpose self_only to a general options arg. (clean_all_uids): Ditto. * g10/keyedit.c (keyedit_menu): Use EXPORT_MINIMAL instead of a simple flag. (menu_clean): Re-purpose self_only to a general options arg. * g10/keyid.c (fpr20_from_pk): Factor code out to .... (fpr20_from_fpr): new. Remove useless case for ARRAY being NULL. * g10/tdbio.c (tdbio_search_trust_byfpr): Add arg fprlen and use fpr20_from_fpr if needed. (tdbio_search_trust_bypk): Pass 20 for the fingerprint length. -- Note that this code has no function yet. Another patch will follow to extract the trusted-keys flag from the trustdb.
2024-03-04 14:22:42 +01:00
void fpr20_from_fpr (const byte *fpr, unsigned int fprlen, byte array[20]);
gpg: Use only one fingerprint formatting function. * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New. * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN. Change all callers. (format_hexfingerprint): New. * g10/keylist.c (print_fingerprint): Change to use hexfingerprint. * g10/tofu.c (fingerprint_format): Remove. Replace calls by format_hexfingerprint. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-14 09:13:02 +01:00
char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
gpg: Add option --with-v5-fingerprint * g10/gpg.c (oWithV5Fingerprint): New. (opts): Add new option. (main): Set option. * g10/options.h (opt): Add with_v5_fingerprint. * g10/keyid.c (hash_public_key): Factor out to ... (do_hash_public_key): this. Add new arg to foce v5 style hashing. (v5_fingerprint_from_pk): New. (v5hexfingerprint): New. * g10/keylist.c (print_fingerprint): Print v5 fingerprint for v4 keys if the option is set. -- GnuPG-bug-id: 6705
2023-09-04 16:34:55 +02:00
char *v5hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen);
gpg: Use only one fingerprint formatting function. * g10/gpg.h (MAX_FORMATTED_FINGERPRINT_LEN): New. * g10/keyid.c (hexfingerprint): Add optional args BUFFER and BUFLEN. Change all callers. (format_hexfingerprint): New. * g10/keylist.c (print_fingerprint): Change to use hexfingerprint. * g10/tofu.c (fingerprint_format): Remove. Replace calls by format_hexfingerprint. Signed-off-by: Werner Koch <wk@gnupg.org>
2015-11-14 09:13:02 +01:00
char *format_hexfingerprint (const char *fingerprint,
char *buffer, size_t buflen);
gpg: Support dual keygrips. * g10/keyid.c (keygrip_from_pk): Add arg get_second to support dual algos. Implement for Kyber. (hexkeygrip_from_pk): Extend for dual algos. * g10/call-agent.c (agent_keytotpm): Bail out for dual algos. (agent_keytocard): Ditto. (agent_probe_secret_key): Handle dual algos. (agent_probe_any_secret_key): Ditto. (agent_get_keyinfo): Allow for dual algos but take only the first key. * g10/export.c (do_export_one_keyblock): Bail out for dual algos. -- This also adds some fixmes which we eventually need to address. GnuPG-bug-id: 6815
2024-04-05 12:02:32 +02:00
gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array,
int get_second);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip);
gpg: Fix writing ECDH keys to OpenPGP smartcards. * agent/command.c (cmd_keytocard): Add new arg for ECDH params. * scd/app-openpgp.c (ecc_writekey): Use provided ECDH params to compute the fingerprint. * g10/call-agent.c (agent_keytocard): Add arg ecdh_param_str. * g10/keyid.c (ecdh_param_str_from_pk): New. * g10/card-util.c (card_store_subkey): Pass ECDH params to writekey. * g10/keygen.c (card_store_key_with_backup): Ditto. * scd/app-openpgp.c (store_fpr): Add arg update. (rsa_read_pubkey, ecc_read_pubkey): Add arg meta_update and avoid writing the fingerprint back to the card if not set. (read_public_key): Also add arg meta_update. (get_public_key): Do not pass it as true here... (do_genkey): ... but here. (rsa_write_key, ecc_writekey): Force string the fingerprint. -- The problem showed up because in 2.4 we changed the standard ECDH parameter some years ago. Now when trying to write an ECDH key created by 2.2 with 2.4 to an openpgp card, scdaemon computes a wrong fingerprint and thus gpg was not able to find the key again by fingerprint. The patch also avoids updating the stored fingerprint in certain situations. This fix is somewhat related to GnuPG-bug-id: 6378
2023-04-21 14:04:04 +02:00
char *ecdh_param_str_from_pk (PKT_public_key *pk);
Generating an OpenPGP key cia gpg-agent basically works.
2010-04-20 19:57:50 +02:00
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
/*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt );
gpg: Import stray revocation certificates. * g10/kbnode.c (new_kbnode2): New. * g10/import.c (delete_inv_parts): New arg r_otherrevsigs to store misplaced revocations. (import_revoke_cert): Allow to pass an entire list. (import_one): Import revocations found by delete_inv_parts. -- It might be useful to distribute revocations of old keys along with new keys. This is in particicualrr useful for WKD stored keys. This patch allows to put unrelated standalone revocations into a key. For example they can simply appended to a keyblock. Right now it is a bit inaesthetic to see diagnostics about misplaced or bad revocation signatures.
2022-10-28 09:29:30 +02:00
kbnode_t new_kbnode2 (kbnode_t list, PACKET *pkt);
This commit was manufactured by cvs2svn to create branch 'GNUPG-1-9-BRANCH'.
2003-06-05 09:14:21 +02:00
KBNODE clone_kbnode( KBNODE node );
void release_kbnode( KBNODE n );
void delete_kbnode( KBNODE node );
void add_kbnode( KBNODE root, KBNODE node );
void insert_kbnode( KBNODE root, KBNODE node, int pkttype );
void move_kbnode( KBNODE *root, KBNODE node, KBNODE where );
void remove_kbnode( KBNODE *root, KBNODE node );
KBNODE find_prev_kbnode( KBNODE root, KBNODE node, int pkttype );
KBNODE find_next_kbnode( KBNODE node, int pkttype );
KBNODE find_kbnode( KBNODE node, int pkttype );
KBNODE walk_kbnode( KBNODE root, KBNODE *context, int all );
void clear_kbnode_flags( KBNODE n );
int commit_kbnode( KBNODE *root );
void dump_kbnode( KBNODE node );
#endif /*G10_KEYDB_H*/