diff --git a/kbx/ChangeLog b/kbx/ChangeLog index b41305e3f..715acbdcf 100644 --- a/kbx/ChangeLog +++ b/kbx/ChangeLog @@ -1,3 +1,14 @@ +2002-06-19 Werner Koch + + * keybox-init.c (keybox_set_ephemeral): New. + * keybox-blob.c (create_blob_header): Store epheermal flag. + (_keybox_create_x509_blob): Pass epheermal flag on. + * keybox-update.c (keybox_insert_cert): Ditto. + * keybox-search.c (blob_get_blob_flags): New. + (keybox_search): Ignore ephemeral blobs when not in ephemeral mode. + + * keybox-dump.c (_keybox_dump_blob): Print blob flags as strings. + 2002-02-25 Werner Koch * keybox-search.c (blob_cmp_mail): Use case-insensitive compare diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index 2c80a10ad..34e2c9712 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -1,5 +1,5 @@ /* keybox-blob.c - KBX Blob handling - * Copyright (C) 2000, 2001 Free Software Foundation, Inc. + * Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -47,9 +47,10 @@ X.509 specific are noted like [X.509: xxx] byte version number of this blob type (1) u16 Blob flags bit 0 = contains secret key material + bit 1 = ephemeral blob (e.g. used while quering external resources) u32 offset to the OpenPGP keyblock or X509 DER encoded certificate - u32 ant its length + u32 and its length u16 number of keys (at least 1!) [X509: always 1] u16 size of additional key information n times: @@ -529,7 +530,7 @@ release_kid_list (struct keyid_list *kl) static int -create_blob_header (KEYBOXBLOB blob, int blobtype) +create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral) { struct membuf *a = blob->buf; int i; @@ -537,7 +538,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype) put32 ( a, 0 ); /* blob length, needs fixup */ put8 ( a, blobtype); put8 ( a, 1 ); /* blob type version */ - put16 ( a, 0 ); /* blob flags */ + put16 ( a, as_ephemeral? 2:0 ); /* blob flags */ put32 ( a, 0 ); /* offset to the raw data, needs fixup */ put32 ( a, 0 ); /* length of the raw data, needs fixup */ @@ -688,7 +689,7 @@ create_blob_finish (KEYBOXBLOB blob) #ifdef KEYBOX_WITH_OPENPGP int -_keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock) +_keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral) { int rc = 0; KBNODE node; @@ -737,7 +738,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock) init_membuf (&blob->bufbuf, 1024); blob->buf = &blob->bufbuf; - rc = create_blob_header (blob, BLOBTYPE_OPENPGP); + rc = create_blob_header (blob, BLOBTYPE_OPENPGP, as_ephemeral); if (rc) goto leave; rc = pgp_create_blob_keyblock (blob, keyblock); @@ -805,7 +806,7 @@ x509_email_kludge (const char *name) remove that parameter */ int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert, - unsigned char *sha1_digest) + unsigned char *sha1_digest, int as_ephemeral) { int i, rc = 0; KEYBOXBLOB blob; @@ -916,7 +917,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert, init_membuf (&blob->bufbuf, 1024); blob->buf = &blob->bufbuf; /* write out what we already have */ - rc = create_blob_header (blob, BLOBTYPE_X509); + rc = create_blob_header (blob, BLOBTYPE_X509, as_ephemeral); if (rc) goto leave; rc = x509_create_blob_cert (blob, cert); diff --git a/kbx/keybox-defs.h b/kbx/keybox-defs.h index 8b5b91b54..978bb229e 100644 --- a/kbx/keybox-defs.h +++ b/kbx/keybox-defs.h @@ -63,6 +63,7 @@ struct keybox_handle { FILE *fp; int eof; int error; + int ephemeral; struct { KEYBOXBLOB blob; off_t offset; @@ -93,7 +94,7 @@ struct keybox_handle { #endif /*KEYBOX_WITH_OPENPGP*/ #ifdef KEYBOX_WITH_X509 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert, - unsigned char *sha1_digest); + unsigned char *sha1_digest, int as_ephemeral); #endif /*KEYBOX_WITH_X509*/ int _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen); diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c index d84ae7349..530b4647f 100644 --- a/kbx/keybox-dump.c +++ b/kbx/keybox-dump.c @@ -134,8 +134,28 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp) fprintf (fp, "Version: %d\n", buffer[5]); n = get16 (buffer + 6); - fprintf( fp, "Blob-Flags: %04lX\n", n); - + fprintf( fp, "Blob-Flags: %04lX", n); + if (n) + { + int any = 0; + + fputs (" (", fp); + if ((n & 1)) + { + fputs ("secret", fp); + any++; + } + if ((n & 2)) + { + if (any) + putc (',', fp); + fputs ("ephemeral", fp); + any++; + } + putc (')', fp); + } + putc ('\n', fp); + rawdata_off = get32 (buffer + 8); rawdata_len = get32 (buffer + 12); diff --git a/kbx/keybox-file.c b/kbx/keybox-file.c index 715d3fbe2..79a2e1719 100644 --- a/kbx/keybox-file.c +++ b/kbx/keybox-file.c @@ -25,7 +25,8 @@ #include "keybox-defs.h" -/* Read a block at the current postion ant return it in r_blocb. r_blob may be NULL sto simply skip the current block */ +/* Read a block at the current postion and return it in r_blob. + r_blob may be NULL to simply skip the current block */ int _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp) { diff --git a/kbx/keybox-init.c b/kbx/keybox-init.c index 1a4a587b9..b1d279999 100644 --- a/kbx/keybox-init.c +++ b/kbx/keybox-init.c @@ -116,5 +116,12 @@ keybox_get_resource_name (KEYBOX_HANDLE hd) return hd->kb->fname; } - +int +keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes) +{ + if (!hd) + return KEYBOX_Invalid_Handle; + hd->ephemeral = yes; + return 0; +} diff --git a/kbx/keybox-search.c b/kbx/keybox-search.c index c7434cd93..e57754344 100644 --- a/kbx/keybox-search.c +++ b/kbx/keybox-search.c @@ -1,5 +1,5 @@ /* keybox-search.c - Search operations - * Copyright (C) 2001 Free Software Foundation, Inc. + * Copyright (C) 2001, 2002 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -73,6 +73,19 @@ blob_get_type (KEYBOXBLOB blob) return buffer[4]; } +static unsigned int +blob_get_blob_flags (KEYBOXBLOB blob) +{ + const unsigned char *buffer; + size_t length; + + buffer = _keybox_get_blob_image (blob, &length); + if (length < 8) + return 0; /* oops */ + + return get16 (buffer + 6); +} + static int blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen) @@ -457,6 +470,9 @@ keybox_search_reset (KEYBOX_HANDLE hd) return 0; } + +/* Note: When in ephemeral mode the search function does visit all + blobs but in standard mode, blobs flagged as ephemeral are ignored. */ int keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc) { @@ -578,11 +594,17 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc) for (;;) { + unsigned int blobflags; + _keybox_release_blob (blob); blob = NULL; rc = _keybox_read_blob (&blob, hd->fp); if (rc) break; + blobflags = blob_get_blob_flags (blob); + if (!hd->ephemeral && (blobflags & 2)) + continue; /* not in ephemeral mode but blob is flagged ephemeral */ + for (n=0; n < ndesc; n++) { switch (desc[n].mode) diff --git a/kbx/keybox-update.c b/kbx/keybox-update.c index d49c3d027..96a30b9c1 100644 --- a/kbx/keybox-update.c +++ b/kbx/keybox-update.c @@ -357,7 +357,7 @@ keybox_insert_cert (KEYBOX_HANDLE hd, KsbaCert cert, hd->fp = NULL; } - rc = _keybox_create_x509_blob (&blob, cert, sha1_digest); + rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral); if (!rc) { rc = blob_filecopy (1, fname, blob, hd->secret, 0, 0 ); diff --git a/kbx/keybox.h b/kbx/keybox.h index fcacc49d3..a763ec837 100644 --- a/kbx/keybox.h +++ b/kbx/keybox.h @@ -75,6 +75,7 @@ int keybox_is_writable (void *token); KEYBOX_HANDLE keybox_new (void *token, int secret); void keybox_release (KEYBOX_HANDLE hd); const char *keybox_get_resource_name (KEYBOX_HANDLE hd); +int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes); /*-- keybox-search.c --*/