* keybox-init.c (keybox_set_ephemeral): New.

* keybox-blob.c (create_blob_header): Store epheermal flag.
(_keybox_create_x509_blob): Pass epheermal flag on.
* keybox-update.c (keybox_insert_cert): Ditto.
* keybox-search.c (blob_get_blob_flags): New.
(keybox_search): Ignore ephemeral blobs when not in ephemeral mode.

* keybox-dump.c (_keybox_dump_blob): Print blob flags as strings.

kbx/ChangeLog

@@ -1,3 +1,14 @@
+2002-06-19  Werner Koch  <wk@gnupg.org>
+
+	* keybox-init.c (keybox_set_ephemeral): New.
+	* keybox-blob.c (create_blob_header): Store epheermal flag.
+	(_keybox_create_x509_blob): Pass epheermal flag on.
+	* keybox-update.c (keybox_insert_cert): Ditto.
+	* keybox-search.c (blob_get_blob_flags): New.
+	(keybox_search): Ignore ephemeral blobs when not in ephemeral mode.
+
+	* keybox-dump.c (_keybox_dump_blob): Print blob flags as strings.
+
 2002-02-25  Werner Koch  <wk@gnupg.org>
 
 	* keybox-search.c (blob_cmp_mail): Use case-insensitive compare

kbx/keybox-blob.c

@@ -1,5 +1,5 @@
 /* keybox-blob.c - KBX Blob handling
- *	Copyright (C) 2000, 2001 Free Software Foundation, Inc.
+ *	Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -47,9 +47,10 @@ X.509 specific are noted like [X.509: xxx]
  byte version number of this blob type (1)
  u16  Blob flags
 	bit 0 = contains secret key material
+        bit 1 = ephemeral blob (e.g. used while quering external resources)
 
  u32  offset to the OpenPGP keyblock or X509 DER encoded certificate
- u32  ant its length
+ u32  and its length
  u16  number of keys (at least 1!) [X509: always 1]
  u16  size of additional key information
  n times:
@@ -529,7 +530,7 @@ release_kid_list (struct keyid_list *kl)
 
 
 static int
-create_blob_header (KEYBOXBLOB blob, int blobtype)
+create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
 {
   struct membuf *a = blob->buf;
   int i;
@@ -537,7 +538,7 @@ create_blob_header (KEYBOXBLOB blob, int blobtype)
   put32 ( a, 0 ); /* blob length, needs fixup */
   put8 ( a, blobtype);  
   put8 ( a, 1 );  /* blob type version */
-  put16 ( a, 0 ); /* blob flags */
+  put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
 
   put32 ( a, 0 ); /* offset to the raw data, needs fixup */
   put32 ( a, 0 ); /* length of the raw data, needs fixup */
@@ -688,7 +689,7 @@ create_blob_finish (KEYBOXBLOB blob)
 #ifdef KEYBOX_WITH_OPENPGP
 
 int
-_keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock)
+_keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock, int as_ephemeral)
 {
   int rc = 0;
   KBNODE node;
@@ -737,7 +738,7 @@ _keybox_create_pgp_blob (KEYBOXBLOB *r_blob, KBNODE keyblock)
   
   init_membuf (&blob->bufbuf, 1024);
   blob->buf = &blob->bufbuf;
-  rc = create_blob_header (blob, BLOBTYPE_OPENPGP);
+  rc = create_blob_header (blob, BLOBTYPE_OPENPGP, as_ephemeral);
   if (rc)
     goto leave;
   rc = pgp_create_blob_keyblock (blob, keyblock);
@@ -805,7 +806,7 @@ x509_email_kludge (const char *name)
    remove that parameter */
 int
 _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
-                          unsigned char *sha1_digest)
+                          unsigned char *sha1_digest, int as_ephemeral)
 {
   int i, rc = 0;
   KEYBOXBLOB blob;
@@ -916,7 +917,7 @@ _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
   init_membuf (&blob->bufbuf, 1024);
   blob->buf = &blob->bufbuf;
   /* write out what we already have */
-  rc = create_blob_header (blob, BLOBTYPE_X509);
+  rc = create_blob_header (blob, BLOBTYPE_X509, as_ephemeral);
   if (rc)
     goto leave;
   rc = x509_create_blob_cert (blob, cert);

kbx/keybox-defs.h

@@ -63,6 +63,7 @@ struct keybox_handle {
   FILE *fp;
   int eof;
   int error;
+  int ephemeral;  
   struct {
     KEYBOXBLOB blob;
     off_t offset;
@@ -93,7 +94,7 @@ struct keybox_handle {
 #endif /*KEYBOX_WITH_OPENPGP*/
 #ifdef KEYBOX_WITH_X509
 int _keybox_create_x509_blob (KEYBOXBLOB *r_blob, KsbaCert cert,
-                              unsigned char *sha1_digest);
+                              unsigned char *sha1_digest, int as_ephemeral);
 #endif /*KEYBOX_WITH_X509*/
 
 int  _keybox_new_blob (KEYBOXBLOB *r_blob, char *image, size_t imagelen);

kbx/keybox-dump.c

@@ -134,7 +134,27 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
   fprintf (fp, "Version: %d\n", buffer[5]);
   
   n = get16 (buffer + 6);
-  fprintf( fp, "Blob-Flags: %04lX\n", n);
+  fprintf( fp, "Blob-Flags: %04lX", n);
+  if (n)
+    {
+      int any = 0;
+
+      fputs (" (", fp);
+      if ((n & 1))
+        {
+          fputs ("secret", fp);
+          any++;
+        }
+      if ((n & 2))
+        {
+          if (any)
+            putc (',', fp);
+          fputs ("ephemeral", fp);
+          any++;
+        }
+      putc (')', fp);
+    }
+  putc ('\n', fp);
 
   rawdata_off = get32 (buffer + 8);
   rawdata_len = get32 (buffer + 12);

kbx/keybox-file.c

@@ -25,7 +25,8 @@
 
 #include "keybox-defs.h"
 
-/* Read a block at the current postion ant return it in r_blocb.  r_blob may be NULL sto simply skip the current block */
+/* Read a block at the current postion and return it in r_blob.
+   r_blob may be NULL to simply skip the current block */
 int
 _keybox_read_blob (KEYBOXBLOB *r_blob, FILE *fp)
 {

kbx/keybox-init.c

@@ -116,5 +116,12 @@ keybox_get_resource_name (KEYBOX_HANDLE hd)
   return hd->kb->fname;
 }
 
-
+int
+keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes)
+{
+  if (!hd)
+    return KEYBOX_Invalid_Handle; 
+  hd->ephemeral = yes;
+  return 0;
+}
 

kbx/keybox-search.c

@@ -1,5 +1,5 @@
 /* keybox-search.c - Search operations
- *	Copyright (C) 2001 Free Software Foundation, Inc.
+ *	Copyright (C) 2001, 2002 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -73,6 +73,19 @@ blob_get_type (KEYBOXBLOB blob)
   return buffer[4];
 }
 
+static unsigned int
+blob_get_blob_flags (KEYBOXBLOB blob)
+{
+  const unsigned char *buffer;
+  size_t length;
+
+  buffer = _keybox_get_blob_image (blob, &length);
+  if (length < 8)
+    return 0; /* oops */
+
+  return get16 (buffer + 6);
+}
+
 
 static int
 blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
@@ -457,6 +470,9 @@ keybox_search_reset (KEYBOX_HANDLE hd)
   return 0;   
 }
 
+
+/* Note: When in ephemeral mode the search function does visit all
+   blobs but in standard mode, blobs flagged as ephemeral are ignored.  */
 int 
 keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
 {
@@ -578,11 +594,17 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc)
 
   for (;;)
     {
+      unsigned int blobflags;
+
       _keybox_release_blob (blob); blob = NULL;
       rc = _keybox_read_blob (&blob, hd->fp);
       if (rc)
         break;
 
+      blobflags = blob_get_blob_flags (blob);
+      if (!hd->ephemeral && (blobflags & 2))
+        continue; /* not in ephemeral mode but blob is flagged ephemeral */
+
       for (n=0; n < ndesc; n++) 
         {
           switch (desc[n].mode)

kbx/keybox-update.c

@@ -357,7 +357,7 @@ keybox_insert_cert (KEYBOX_HANDLE hd, KsbaCert cert,
       hd->fp = NULL;
     }
 
-  rc = _keybox_create_x509_blob (&blob, cert, sha1_digest);
+  rc = _keybox_create_x509_blob (&blob, cert, sha1_digest, hd->ephemeral);
   if (!rc)
     {
       rc = blob_filecopy (1, fname, blob, hd->secret, 0, 0 );

kbx/keybox.h

@@ -75,6 +75,7 @@ int keybox_is_writable (void *token);
 KEYBOX_HANDLE keybox_new (void *token, int secret);
 void keybox_release (KEYBOX_HANDLE hd);
 const char *keybox_get_resource_name (KEYBOX_HANDLE hd);
+int keybox_set_ephemeral (KEYBOX_HANDLE hd, int yes);
 
 
 /*-- keybox-search.c --*/