Backported getkey.c from 1.1

2025-07-03 22:56:33 +02:00 · 2001-02-08 16:28:28 +00:00 · 2001-02-08 16:28:28 +00:00 · 2af87f8829
commit 2af87f8829
parent a910f4f50c
29 changed files with 3688 additions and 3025 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,6 +1,32 @@
+2001-02-08  Werner Koch  <wk@gnupg.org>
+
+	* parse-packet.c (parse_encrypted): Fixed listing of pktlen for
+	MDC packets.
+
+	* getkey.c: Backported the version of this file from gpg 1.1. this
+	involved some changes in other files too.
+	* parse-packet.c (parse_key): Clear req_usage.
+	* skclist.c (build_sk_list): Use req_usage to pass the usage
+	information to the lookup function.
+	* pkclist.c (build_pk_list): Ditto.
+	* free-packet.c (copy_public_parts_to_secret_key): New.
+	* keydb.h: Add IS_* macros to check the sig_class.
+	* misc.c (openpgp_cipher_test_algo): New.
+	(openpgp_pk_test_algo): New.
+	(openpgp_pk_algo_usage): New.
+	(openpgp_md_test_algo): New.
+	* packet.h: Add a few fields to PKT_{public,secret}_key and
+	PKT_user_id.
+	* seckey-cert.c (do_check): Use the new main_keyid field.
+
+2001-02-04  Werner Koch  <wk@gnupg.org>
+
+	* encr-data.c (decrypt_data): Catch error when we had problems to
+	parse the encrypted packet. By Timo.
+
 2001-01-29  Werner Koch  <wk@gnupg.org>

-	* g10.c (main): --batch dioes now set nogreeting.
+	* g10.c (main): --batch does now set nogreeting.

 	* delkey.c (do_delete_key): Fixed delete-both functionality.

--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@ -93,6 +93,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	log_error("key setup failed: %s\n", g10_errstr(rc) );
 	goto leave;
    }
+    if (!ed->buf) {
+        log_error(_("problem handling encrypted packet\n"));
+        goto leave;
+    }

    cipher_setiv( dfx.cipher_hd, NULL, 0 );

--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@ -140,6 +140,29 @@ copy_public_key( PKT_public_key *d, PKT_public_key *s )
   return copy_public_key_new_namehash( d, s, NULL );
 }

+/****************
+ * Replace all common parts of a sk by the one from the public key.
+ * This is a hack and a better solution will be to just store the real secret
+ * parts somewhere and don't duplicate all the other stuff.
+ */
+void
+copy_public_parts_to_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
+{
+    sk->expiredate  = pk->expiredate;     
+    sk->pubkey_algo = pk->pubkey_algo;    
+    sk->pubkey_usage= pk->pubkey_usage;
+    sk->created     = pk->created;        
+    sk->req_usage   = pk->req_usage;
+    sk->req_algo    = pk->req_algo;
+    sk->has_expired = pk->has_expired;    
+    sk->is_revoked  = pk->is_revoked;     
+    sk->is_valid    = pk->is_valid;    
+    sk->main_keyid[0]= pk->main_keyid[0];
+    sk->main_keyid[1]= pk->main_keyid[1];
+    sk->keyid[0]    = pk->keyid[0];
+    sk->keyid[1]    = pk->keyid[1];
+}
+
 PKT_signature *
 copy_signature( PKT_signature *d, PKT_signature *s )
 {
--- a/g10/getkey.c
+++ b/g10/getkey.c
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -31,6 +31,14 @@

 #define MAX_FINGERPRINT_LEN 20

+#define IS_KEY_SIG(s)    ((s)->sig_class == 0x1f)
+#define IS_UID_SIG(s)    (((s)->sig_class & ~3) == 0x10)
+#define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18)
+#define IS_KEY_REV(s)    ((s)->sig_class == 0x20)
+#define IS_UID_REV(s)    ((s)->sig_class == 0x30)
+#define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28)
+
+
 struct getkey_ctx_s;
 typedef struct getkey_ctx_s *GETKEY_CTX;

--- a/g10/main.h
+++ b/g10/main.h
@ -61,6 +61,10 @@ u16 checksum_mpi( MPI a );
 u16 checksum_mpi_counted_nbits( MPI a );
 u32 buffer_to_u32( const byte *buffer );
 const byte *get_session_marker( size_t *rlen );
+int openpgp_cipher_test_algo( int algo );
+int openpgp_pk_test_algo( int algo, unsigned int usage_flags );
+int openpgp_pk_algo_usage ( int algo );
+int openpgp_md_test_algo( int algo );

 /*-- helptext.c --*/
 void display_online_help( const char *keyword );
--- a/g10/misc.c
+++ b/g10/misc.c
@ -275,5 +275,78 @@ get_session_marker( size_t *rlen )
    return marker;
 }

+/****************
+ * Wrapper around the libgcrypt function with addional checks on
+ * openPGP contraints for the algo ID.
+ */
+int
+openpgp_cipher_test_algo( int algo )
+{
+    if( algo < 0 || algo > 110 )
+        return G10ERR_CIPHER_ALGO;
+    return check_cipher_algo(algo);
+}
+
+int
+openpgp_pk_test_algo( int algo, unsigned int usage_flags )
+{
+    if( algo < 0 || algo > 110 )
+	return G10ERR_PUBKEY_ALGO;
+    return check_pubkey_algo2( algo, usage_flags );
+}
+
+int 
+openpgp_pk_algo_usage ( int algo )
+{
+    int usage = 0; 
+    
+    /* they are hardwired in gpg 1.0 */
+    switch ( algo ) {    
+      case PUBKEY_ALGO_RSA:
+          usage = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC;
+          break;
+      case PUBKEY_ALGO_RSA_E:
+          usage = PUBKEY_USAGE_ENC;
+          break;
+      case PUBKEY_ALGO_RSA_S:
+          usage = PUBKEY_USAGE_SIG;
+          break;
+      case PUBKEY_ALGO_ELGAMAL_E:
+          usage = PUBKEY_USAGE_ENC;
+          break;
+      case PUBKEY_ALGO_DSA:  
+          usage = PUBKEY_USAGE_SIG;
+          break;
+      case PUBKEY_ALGO_ELGAMAL:
+          usage = PUBKEY_USAGE_SIG | PUBKEY_USAGE_ENC;
+          break;
+      default:
+          break;
+    }
+    return usage;
+
+}
+
+
+
+int
+openpgp_md_test_algo( int algo )
+{
+    if( algo < 0 || algo > 110 )
+        return G10ERR_DIGEST_ALGO;
+    return check_digest_algo(algo);
+}
+
+
+
+
+
+
+
+
+
+
+
+


--- a/g10/packet.h
+++ b/g10/packet.h
@ -122,7 +122,14 @@ typedef struct {
    byte    version;
    byte    pubkey_algo;    /* algorithm used for public key scheme */
    byte    pubkey_usage;   /* for now only used to pass it to getkey() */
+    u32     created;        /* according to the self-signature */
+    byte    req_usage;      /* hack to pass a request to getkey() */
+    byte    req_algo;       /* Ditto */
+    u32     has_expired;    /* set to the expiration date if expired */ 
+    int     is_revoked;     /* key has been revoked */
+    int     is_valid;       /* key (especially subkey) is valid */
    ulong   local_id;	    /* internal use, valid if > 0 */
+    u32     main_keyid[2];  /* keyid of the primary key */
    u32     keyid[2];	    /* calculated by keyid_from_pk() */
    byte    *namehash;	    /* if != NULL: found by this name */
    MPI     pkey[PUBKEY_MAX_NPKEY];
@ -135,6 +142,14 @@ typedef struct {
    byte    version;
    byte    pubkey_algo;    /* algorithm used for public key scheme */
    byte    pubkey_usage;
+    u32     created;        /* according to the self-signature */
+    byte    req_usage;
+    byte    req_algo;
+    u32     has_expired;    /* set to the expiration date if expired */ 
+    int     is_revoked;     /* key has been revoked */
+    int     is_valid;       /* key (especially subkey) is valid */
+    u32     main_keyid[2];  /* keyid of the primary key */
+    u32     keyid[2];   
    byte is_primary;
    byte is_protected;	/* The secret info is protected and must */
 			/* be decrypted before use, the protected */
@ -160,6 +175,10 @@ typedef struct {
    int  len;		  /* length of the name */
    char *photo;	  /* if this is not NULL, the packet is a photo ID */
    int photolen;	  /* and the length of the photo */
+    int help_key_usage;
+    u32 help_key_expire;
+    int is_primary;
+    u32 created;          /* according to the self-signature */
    char name[1];
 } PKT_user_id;

@ -329,6 +348,7 @@ PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
 PKT_public_key *copy_public_key_new_namehash( PKT_public_key *d,
 					      PKT_public_key *s,
 					      const byte *namehash );
+void copy_public_parts_to_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
 PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
 PKT_signature *copy_signature( PKT_signature *d, PKT_signature *s );
 PKT_user_id *copy_user_id( PKT_user_id *d, PKT_user_id *s );
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -1315,6 +1315,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 	sk->version = version;
 	sk->is_primary = pkttype == PKT_SECRET_KEY;
 	sk->pubkey_algo = algorithm;
+	sk->req_usage = 0; 
 	sk->pubkey_usage = 0; /* not yet used */
    }
    else {
@ -1325,7 +1326,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
 	pk->hdrbytes	= hdrlen;
 	pk->version	= version;
 	pk->pubkey_algo = algorithm;
+	pk->req_usage = 0; 
 	pk->pubkey_usage = 0; /* not yet used */
+        pk->is_revoked = 0;
 	pk->keyid[0] = 0;
 	pk->keyid[1] = 0;
    }
@ -1724,6 +1727,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
 				       PACKET *pkt, int new_ctb )
 {
    PKT_encrypted *ed;
+    unsigned long orig_pktlen = pktlen;

    ed = pkt->pkt.encrypted =  m_alloc(sizeof *pkt->pkt.encrypted );
    ed->len = pktlen;
@ -1734,8 +1738,9 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
 	/* fixme: add some pktlen sanity checks */
 	int version;

-#warning decrementing pktlen here is bad as it gives a bad value in the listing
-	version = iobuf_get_noeof(inp); pktlen--;
+	version = iobuf_get_noeof(inp); 
+        if (orig_pktlen)
+            pktlen--;
 	if( version != 1 ) {
 	    log_error("encrypted_mdc packet with unknown version %d\n",
 								version);
@ -1744,14 +1749,14 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
 	}
 	ed->mdc_method = DIGEST_ALGO_SHA1;
    }
-    if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
+    if( orig_pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
 	log_error("packet(%d) too short\n", pkttype);
 	skip_rest(inp, pktlen);
 	goto leave;
    }
    if( list_mode ) {
-	if( pktlen )
-	    printf(":encrypted data packet:\n\tlength: %lu\n", pktlen);
+	if( orig_pktlen )
+	    printf(":encrypted data packet:\n\tlength: %lu\n", orig_pktlen);
 	else
 	    printf(":encrypted data packet:\n\tlength: unknown\n");
 	if( ed->mdc_method )
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -813,7 +813,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 	    any_recipients = 1;
 	else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) {
 	    pk = m_alloc_clear( sizeof *pk );
-	    pk->pubkey_usage = use;
+	    pk->req_usage = use;
 	    if( (rc = get_pubkey_byname( NULL, pk, rov->d, NULL )) ) {
 		free_public_key( pk ); pk = NULL;
 		log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) );
@ -870,7 +870,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 	    if( pk )
 		free_public_key( pk );
 	    pk = m_alloc_clear( sizeof *pk );
-	    pk->pubkey_usage = use;
+	    pk->req_usage = use;
 	    rc = get_pubkey_byname( NULL, pk, answer, NULL );
 	    if( rc )
 		tty_printf(_("No such user ID.\n"));
@ -936,7 +936,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
    }
    else if( !any_recipients && (def_rec = default_recipient()) ) {
 	pk = m_alloc_clear( sizeof *pk );
-	pk->pubkey_usage = use;
+	pk->req_usage = use;
 	rc = get_pubkey_byname( NULL, pk, def_rec, NULL );
 	if( rc )
 	    log_error(_("unknown default recipient `%s'\n"), def_rec );
@ -961,7 +961,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
 		continue; /* encrypt-to keys are already handled */

 	    pk = m_alloc_clear( sizeof *pk );
-	    pk->pubkey_usage = use;
+	    pk->req_usage = use;
 	    if( (rc = get_pubkey_byname( NULL, pk, remusr->d, NULL )) ) {
 		free_public_key( pk ); pk = NULL;
 		log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -63,10 +63,8 @@ do_check( PKT_secret_key *sk )
 	keyid_from_sk( sk, keyid );
 	keyid[2] = keyid[3] = 0;
 	if( !sk->is_primary ) {
-	    PKT_secret_key *sk2 = m_alloc_clear( sizeof *sk2 );
-	    if( !get_primary_seckey( sk2, keyid ) )
-		keyid_from_sk( sk2, keyid+2 );
-	    free_secret_key( sk2 );
+            keyid[2] = sk->main_keyid[0];
+            keyid[3] = sk->main_keyid[1];
 	}
 	dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
 				 &sk->protect.s2k, 0 );
--- a/g10/skclist.c
+++ b/g10/skclist.c
@ -71,7 +71,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
 	PKT_secret_key *sk;

 	sk = m_alloc_clear( sizeof *sk );
-	sk->pubkey_usage = use;
+	sk->req_usage = use;
 	if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
 	    free_secret_key( sk ); sk = NULL;
 	    log_error("no default secret key: %s\n", g10_errstr(rc) );
@ -107,7 +107,7 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
 	    PKT_secret_key *sk;

 	    sk = m_alloc_clear( sizeof *sk );
-	    sk->pubkey_usage = use;
+	    sk->req_usage = use;
 	    if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
 		free_secret_key( sk ); sk = NULL;
 		log_error(_("skipped `%s': %s\n"), locusr->d, g10_errstr(rc) );