security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

added some trust model stuff

Browse source
This commit is contained in:
Werner Koch 1998-01-16 21:15:24 +00:00
parent 1ce26aa6d6
commit 4ec1775f3e
49 changed files with 1580 additions and 331 deletions
Download patch file Download diff file Expand all files Collapse all files

1
g10/Makefile.am
View file

@ -40,6 +40,7 @@ g10_SOURCES = g10.c \
seckey-cert.c \
seskey.c \
sign.c \
import.c \
comment.c \
sig-check.c

26
g10/Makefile.in
View file

@ -78,6 +78,7 @@ g10_SOURCES = g10.c \
seckey-cert.c \
seskey.c \
sign.c \
import.c \
comment.c \
sig-check.c
@ -103,7 +104,8 @@ g10_OBJECTS = g10.o build-packet.o compress.o encode.o encr-data.o \
free-packet.o getkey.o pkclist.o skclist.o ringedit.o kbnode.o keygen.o \
mainproc.o armor.o mdfilter.o textfilter.o cipher.o elg.o rsa.o \
openfile.o keyid.o trustdb.o parse-packet.o passphrase.o plaintext.o \
pubkey-enc.o seckey-cert.o seskey.o sign.o comment.o sig-check.o
pubkey-enc.o seckey-cert.o seskey.o sign.o import.o comment.o \
sig-check.o
EXTRA_g10_SOURCES =
g10_LDADD = $(LDADD)
DIST_COMMON = Makefile.am Makefile.in
@ -123,17 +125,17 @@ $(srcdir)/.deps/cipher.P $(srcdir)/.deps/comment.P \
$(srcdir)/.deps/compress.P $(srcdir)/.deps/elg.P \
$(srcdir)/.deps/encode.P $(srcdir)/.deps/encr-data.P \
$(srcdir)/.deps/free-packet.P $(srcdir)/.deps/g10.P \
$(srcdir)/.deps/getkey.P $(srcdir)/.deps/kbnode.P \
$(srcdir)/.deps/keygen.P $(srcdir)/.deps/keyid.P \
$(srcdir)/.deps/mainproc.P $(srcdir)/.deps/mdfilter.P \
$(srcdir)/.deps/openfile.P $(srcdir)/.deps/parse-packet.P \
$(srcdir)/.deps/passphrase.P $(srcdir)/.deps/pkclist.P \
$(srcdir)/.deps/plaintext.P $(srcdir)/.deps/pubkey-enc.P \
$(srcdir)/.deps/ringedit.P $(srcdir)/.deps/rsa.P \
$(srcdir)/.deps/seckey-cert.P $(srcdir)/.deps/seskey.P \
$(srcdir)/.deps/sig-check.P $(srcdir)/.deps/sign.P \
$(srcdir)/.deps/skclist.P $(srcdir)/.deps/textfilter.P \
$(srcdir)/.deps/trustdb.P
$(srcdir)/.deps/getkey.P $(srcdir)/.deps/import.P \
$(srcdir)/.deps/kbnode.P $(srcdir)/.deps/keygen.P \
$(srcdir)/.deps/keyid.P $(srcdir)/.deps/mainproc.P \
$(srcdir)/.deps/mdfilter.P $(srcdir)/.deps/openfile.P \
$(srcdir)/.deps/parse-packet.P $(srcdir)/.deps/passphrase.P \
$(srcdir)/.deps/pkclist.P $(srcdir)/.deps/plaintext.P \
$(srcdir)/.deps/pubkey-enc.P $(srcdir)/.deps/ringedit.P \
$(srcdir)/.deps/rsa.P $(srcdir)/.deps/seckey-cert.P \
$(srcdir)/.deps/seskey.P $(srcdir)/.deps/sig-check.P \
$(srcdir)/.deps/sign.P $(srcdir)/.deps/skclist.P \
$(srcdir)/.deps/textfilter.P $(srcdir)/.deps/trustdb.P
SOURCES = $(g10_SOURCES)
OBJECTS = $(g10_OBJECTS)

15
g10/armor.c
View file

@ -275,7 +275,7 @@ check_input( armor_filter_context_t *afx, IOBUF a )
{
int rc = 0;
int c;
size_t n = 0, nn=0, nn_limit=0;
size_t n = 0, nn=0;
struct fhdr_struct fhdr;
assert( DIM(afx->helpbuf) >= 50 );
@ -339,7 +339,7 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
{
int rc = 0;
int c;
size_t n = 0, nn=0, nn_limit=0;
size_t n = 0;
struct fhdr_struct *fhdr = afx->fake;
byte *helpbuf = afx->helpbuf;
int helpidx = afx->helpidx;
@ -347,7 +347,6 @@ fake_packet( armor_filter_context_t *afx, IOBUF a,
byte *tempbuf = afx->tempbuf;
int tempidx = afx->tempidx;
int templen = afx->templen;
int defer=1;
/* FIXME: have to read one ahead or do some other mimic to
* get rid of the lf before the "begin signed message"
@ -417,7 +416,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
int c, c2;
int checkcrc=0;
int rc = 0;
size_t n = 0, nn=0;
size_t n = 0;
int idx, i;
u32 crc;
@ -450,7 +449,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
idx = (idx+1) % 4;
}
for(i=0; i < n; i++ )
crc = (crc << 8) ^ crc_table[(crc >> 16)&0xff ^ buf[i]];
crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
crc &= 0x00ffffff;
afx->crc = crc;
afx->idx = idx;
@ -533,7 +532,7 @@ armor_filter( void *opaque, int control,
{
size_t size = *ret_len;
armor_filter_context_t *afx = opaque;
int rc=0, i, c, c2;
int rc=0, i, c;
byte radbuf[3];
int idx, idx2;
size_t n=0;
@ -553,7 +552,7 @@ armor_filter( void *opaque, int control,
}
else if( control == IOBUFCTRL_UNDERFLOW ) {
if( size < 20 )
log_bug(NULL); /* supplied buffer maybe too short */
BUG(); /* supplied buffer maybe too short */
if( afx->inp_eof ) {
*ret_len = 0;
@ -608,7 +607,7 @@ armor_filter( void *opaque, int control,
radbuf[i] = afx->radbuf[i];
for(i=0; i < size; i++ )
crc = (crc << 8) ^ crc_table[(crc >> 16)&0xff ^ buf[i]];
crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
crc &= 0x00ffffff;
for( ; size; buf++, size-- ) {

101
g10/build-packet.c
View file

@ -50,7 +50,8 @@ static int calc_header_length( u32 len );
static int write_16(IOBUF inp, u16 a);
static int write_32(IOBUF inp, u32 a);
static int write_header( IOBUF out, int ctb, u32 len );
static int write_header2( IOBUF out, int ctb, u32 len, int blkmode );
static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen, int blkmode );
static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
static int write_version( IOBUF out, int ctb );
/****************
@ -67,7 +68,10 @@ build_packet( IOBUF out, PACKET *pkt )
if( DBG_PACKET )
log_debug("build_packet() type=%d\n", pkt->pkttype );
assert( pkt->pkt.generic );
ctb = 0x80 | ((pkt->pkttype & 15)<<2);
if( pkt->pkttype > 15 ) /* new format */
ctb = 0xc0 | (pkt->pkttype & 0x3f);
else
ctb = 0x80 | ((pkt->pkttype & 15)<<2);
switch( pkt->pkttype ) {
case PKT_USER_ID:
rc = do_user_id( out, ctb, pkt->pkt.user_id );
@ -164,7 +168,10 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
int rc = 0;
IOBUF a = iobuf_temp();
write_version( a, ctb );
if( !pkc->version )
iobuf_put( a, 3 );
else
iobuf_put( a, pkc->version );
write_32(a, pkc->timestamp );
write_16(a, pkc->valid_days );
iobuf_put(a, pkc->pubkey_algo );
@ -182,7 +189,7 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
goto leave;
}
write_header(out, ctb, iobuf_get_temp_length(a) );
write_header2(out, ctb, iobuf_get_temp_length(a), pkc->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@ -202,6 +209,7 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
int rc = 0;
int c;
IOBUF a = iobuf_temp();
FILE *fp = fopen("dump.pkc", "a");
/* build the packet */
init_packet(&pkt);
@ -209,9 +217,11 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
pkt.pkt.public_cert = pkc;
if( (rc = build_packet( a, &pkt )) )
log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc));
while( (c=iobuf_get(a)) != -1 )
while( (c=iobuf_get(a)) != -1 ) {
putc( c, fp);
md_putc( md, c );
}
fclose(fp);
iobuf_cancel(a);
}
@ -222,7 +232,10 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
int rc = 0;
IOBUF a = iobuf_temp();
write_version( a, ctb );
if( !skc->version )
iobuf_put( a, 3 );
else
iobuf_put( a, skc->version );
write_32(a, skc->timestamp );
write_16(a, skc->valid_days );
iobuf_put(a, skc->pubkey_algo );
@ -262,7 +275,7 @@ do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
goto leave;
}
write_header(out, ctb, iobuf_get_temp_length(a) );
write_header2(out, ctb, iobuf_get_temp_length(a), skc->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@ -365,7 +378,7 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
int rc = 0;
/* we must use the old convention and don't use blockmode */
write_header2(out, ctb, 0, 0 );
write_header2(out, ctb, 0, 0, 0 );
iobuf_put(out, cd->algorithm );
/* This is all. The caller has to write the real data */
@ -433,7 +446,6 @@ do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
leave:
iobuf_close(a);
return rc;
}
@ -482,20 +494,39 @@ calc_header_length( u32 len )
static int
write_header( IOBUF out, int ctb, u32 len )
{
return write_header2( out, ctb, len, 1 );
return write_header2( out, ctb, len, 0, 1 );
}
/****************
* if HDRLEN is > 0, try to build a header of this length.
* we need this, so hat we can hash packets without reading them again.
*/
static int
write_header2( IOBUF out, int ctb, u32 len, int blkmode )
write_header2( IOBUF out, int ctb, u32 len, int hdrlen, int blkmode )
{
if( !len )
ctb |= 3;
else if( len < 256 )
;
else if( len < 65536 )
ctb |= 1;
else
ctb |= 2;
if( ctb & 0x40 )
return write_new_header( out, ctb, len, hdrlen );
if( hdrlen ) {
if( !len )
ctb |= 3;
else if( hdrlen == 2 && len < 256 )
;
else if( hdrlen == 3 && len < 65536 )
ctb |= 1;
else
ctb |= 2;
}
else {
if( !len )
ctb |= 3;
else if( len < 256 )
;
else if( len < 65536 )
ctb |= 1;
else
ctb |= 2;
}
if( iobuf_put(out, ctb ) )
return -1;
if( !len ) {
@ -515,6 +546,36 @@ write_header2( IOBUF out, int ctb, u32 len, int blkmode )
return 0;
}
static int
write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
{
if( hdrlen )
log_bug("can't cope with hdrlen yet\n");
if( iobuf_put(out, ctb ) )
return -1;
if( !len ) {
log_bug("can't write partial headers yet\n");
}
else {
if( len < 192 ) {
if( iobuf_put(out, len ) )
return -1;
}
else if( len < 8384 ) {
len -= 192;
if( iobuf_put( out, (len / 256) + 192) )
return -1;
if( iobuf_put( out, (len % 256) ) )
return -1;
}
else
log_bug("need a partial header to code a length %lu\n", (ulong)len);
}
return 0;
}
static int
write_version( IOBUF out, int ctb )
{

6
g10/compress.c
View file

@ -41,7 +41,6 @@ static void
init_compress( compress_filter_context_t *zfx, z_stream *zs )
{
int rc;
byte *inbuf, *outbuf;
int level;
@ -102,9 +101,6 @@ static void
init_uncompress( compress_filter_context_t *zfx, z_stream *zs )
{
int rc;
byte *inbuf, *outbuf;
int level;
/****************
* PGP uses a windowsize of 13 bits. Using a negative value for
@ -175,7 +171,7 @@ compress_filter( void *opaque, int control,
size_t size = *ret_len;
compress_filter_context_t *zfx = opaque;
z_stream *zs = zfx->opaque;
int zrc, rc=0;
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) {
if( !zfx->status ) {

4
g10/encode.c
View file

@ -265,7 +265,7 @@ encrypt_filter( void *opaque, int control,
int rc=0;
if( control == IOBUFCTRL_UNDERFLOW ) { /* decrypt */
log_bug(NULL); /* not used */
BUG(); /* not used */
}
else if( control == IOBUFCTRL_FLUSH ) { /* encrypt */
if( !efx->header_okay ) {
@ -317,7 +317,7 @@ write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out )
else if( enc->pubkey_algo == PUBKEY_ALGO_RSA )
g10_rsa_encrypt( pkc, enc, dek );
else
log_bug(NULL);
BUG();
/* and write it */
init_packet(&pkt);
pkt.pkttype = PKT_PUBKEY_ENC;

69
g10/g10.c
View file

@ -22,6 +22,7 @@
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "packet.h"
@ -35,11 +36,13 @@
#include "cipher.h"
#include "filter.h"
#include "trustdb.h"
#include "ttyio.h"
enum cmd_values { aNull = 0,
aSym, aStore, aEncr, aPrimegen, aKeygen, aSign, aSignEncr,
aPrintMDs, aSignKey, aClearsig, aListPackets, aEditSig,
aKMode, aKModeC, aChangePass,
aKMode, aKModeC, aChangePass, aImport, aListTrustDB,
aListTrustPath,
aTest };
@ -88,6 +91,15 @@ strusage( int level )
return p;
}
static void
wrong_args( const char *text)
{
fputs("Usage: g10 [options] ",stderr);
fputs(text,stderr);
putc('\n',stderr);
exit(2);
}
static void
set_debug(void)
{
@ -174,11 +186,15 @@ main( int argc, char **argv )
{ 527, "cipher-algo", 2 , "select default cipher algorithm" },
{ 528, "pubkey-algo", 2 , "select default puplic key algorithm" },
{ 529, "digest-algo", 2 , "select default message digest algorithm" },
{ 530, "import", 0 , "put public keys into the trustdb" },
{ 531, "list-trustdb",0 , "\r"},
{ 532, "quick-random", 0, "\r"},
{ 533, "list-trust-path",0, "\r"},
{0} };
ARGPARSE_ARGS pargs;
IOBUF a;
int rc;
int rc=0;
int orig_argc;
char **orig_argv;
const char *fname, *fname_print;
@ -316,9 +332,10 @@ main( int argc, char **argv )
case 529:
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break;
break;
case 530: set_cmd( &cmd, aImport); break;
case 531: set_cmd( &cmd, aListTrustDB); break;
case 532: quick_random_gen(1); break;
case 533: set_cmd( &cmd, aListTrustPath); break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
@ -393,11 +410,15 @@ main( int argc, char **argv )
}
}
if( cmd != aPrimegen && cmd != aPrintMDs ) {
rc = check_trustdb(0);
if( rc )
log_error("failed to initialize the TrustDB: %s\n", g10_errstr(rc));
switch( cmd ) {
case aPrimegen:
case aPrintMDs:
break;
case aListTrustDB: rc = init_trustdb( argc? 1:0 ); break;
default: rc = init_trustdb(1); break;
}
if( rc )
log_error("failed to initialize the TrustDB: %s\n", g10_errstr(rc));
switch( cmd ) {
@ -487,7 +508,7 @@ main( int argc, char **argv )
int i, seq=0;
const char *s;
while( s=get_keyring(seq++) ) {
while( (s=get_keyring(seq++)) ) {
if( !(a = iobuf_open(s)) ) {
log_error("can't open '%s'\n", s);
continue;
@ -554,6 +575,32 @@ main( int argc, char **argv )
case aTest: do_test( argc? atoi(*argv): 0 ); break;
case aImport:
if( !argc )
usage(1);
for( ; argc; argc--, argv++ ) {
rc = import_pubkeys( *argv );
if( rc )
log_error("import from '%s' failed: %s\n",
*argv, g10_errstr(rc) );
}
break;
case aListTrustDB:
if( !argc )
list_trustdb(NULL);
else {
for( ; argc; argc--, argv++ )
list_trustdb( *argv );
}
break;
case aListTrustPath:
if( argc != 2 )
wrong_args("--list-trust-path <maxdepth> <username>");
list_trust_path( atoi(*argv), argv[1] );
break;
case aListPackets:
opt.list_packets=1;
default:
@ -631,8 +678,6 @@ print_mds( const char *fname )
if( ferror(fp) )
log_error("%s: %s\n", fname, strerror(errno) );
else {
byte *p;
md_final(md);
printf( "%s: MD5 =", fname ); print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
printf("\n%s: RMD160 =", fname ); print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );

146
g10/import.c Normal file
View file

@ -0,0 +1,146 @@
/* import.c
* Copyright (c) 1998 by Werner Koch (dd9jn)
*
* This file is part of G10.
*
* G10 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* G10 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "options.h"
#include "packet.h"
#include "errors.h"
#include "keydb.h"
#include "memory.h"
#include "util.h"
#include "trustdb.h"
/****************
* Import the public keys from the given filename.
* Import is a somewhat misleading name, as we (only) add informations
* about the public keys into aout trustdb.
*
* NOTE: this function is not really needed and will be changed to
* a function which reads a plain textfile, describing a public
* key and its associated ownertrust. This can be used (together
* with the export function) to make a backup of the assigned
* ownertrusts.
*/
int
import_pubkeys( const char *filename )
{
int rc;
PACKET pkt;
int save_mode;
ulong offset;
IOBUF iobuf = NULL;
init_packet(&pkt);
save_mode = set_packet_list_mode(0);
if( !(iobuf = iobuf_open( filename )) ) {
rc = G10ERR_KEYRING_OPEN;
goto leave;
}
while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
PKT_public_cert *pkc = pkt.pkt.public_cert;
u32 keyid[2];
int otrust;
assert( pkt.pkttype == PKT_PUBLIC_CERT );
keyid_from_pkc( pkc, keyid );
rc = get_ownertrust( pkc, &otrust );
if( rc && rc != -1 ) {
log_error("error getting otrust of %08lX: %s\n",
keyid[1], g10_errstr(rc) );
}
else if( rc == -1 ) { /* No pubkey in trustDB: Insert */
rc = insert_trust_record( pkc );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
}
else {
rc = get_ownertrust( pkc, &otrust );
if( rc )
log_fatal("failed to reread the pubkey record: %s\n",
g10_errstr(rc) );
log_info("key %08lX inserted in trustdb (localid=%lu)\n",
keyid[1], pkc->local_id );
}
}
else
log_info("key %08lX already in trustdb (localid=%lu)\n",
keyid[1], pkc->local_id );
free_packet(&pkt);
}
iobuf_close(iobuf);
if( !(iobuf = iobuf_open( filename )) ) {
rc = G10ERR_KEYRING_OPEN;
goto leave;
}
while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
PKT_public_cert *pkc = pkt.pkt.public_cert;
u32 keyid[2];
int trustlevel;
assert( pkt.pkttype == PKT_PUBLIC_CERT );
keyid_from_pkc( pkc, keyid );
rc = check_pkc_trust( pkc, &trustlevel );
if( rc ) {
log_error("error checking trust of %08lX: %s\n",
keyid[1], g10_errstr(rc) );
}
else if( trustlevel & TRUST_NO_PUBKEY ) {
/* No pubkey in trustDB: Insert and check again */
rc = insert_trust_record( pkc );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
}
else {
rc = check_pkc_trust( pkc, &trustlevel );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel & TRUST_NO_PUBKEY )
BUG();
}
}
free_packet(&pkt);
}
leave:
iobuf_close(iobuf);
free_packet(&pkt);
set_packet_list_mode(save_mode);
return rc;
}

17
g10/keydb.h
View file

@ -72,6 +72,17 @@ struct skc_list {
int mark;
};
/* structure to collect all informations which can be used to
* identify a public key */
typedef struct pubkey_find_info *PUBKEY_FIND_INFO;
struct pubkey_find_info {
u32 keyid[2];
unsigned nbits;
byte pubkey_algo;
byte fingerprint[20];
char userid[1];
};
/*-- pkclist.c --*/
void release_pkc_list( PKC_LIST pkc_list );
@ -128,9 +139,9 @@ void clear_kbnode_flags( KBNODE n );
/*-- ringedit.c --*/
int add_keyblock_resource( const char *filename, int force, int secret );
int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
int search_keyblock( PACKET *pkt, KBPOS *kbpos, int secret );
int search_keyblock_byname( KBPOS *kbpos, const char *username );
int search_secret_keyblock_byname( KBPOS *kbpos, const char *username );
int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
int find_keyblock_byname( KBPOS *kbpos, const char *username );
int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
int lock_keyblock( KBPOS *kbpos );
void unlock_keyblock( KBPOS *kbpos );
int read_keyblock( KBPOS *kbpos, KBNODE *ret_root );

26
g10/keygen.c
View file

@ -113,7 +113,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
break;
}
if( !node )
log_bug(NULL); /* no user id packet in tree */
BUG(); /* no user id packet in tree */
uid = node->pkt->pkt.user_id;
/* get the pkc packet from the pub_tree */
for( kbctx=NULL; (node=walk_kbtree( pub_root, &kbctx)) ; ) {
@ -121,7 +121,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
break;
}
if( !node )
log_bug(NULL);
BUG();
pkc = node->pkt->pkt.public_cert;
/* and make the signature */
@ -149,12 +149,11 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
PKT_public_cert *pkc;
ELG_public_key pk;
ELG_secret_key sk;
unsigned nbytes;
elg_generate( &pk, &sk, nbits );
skc = m_alloc( sizeof *skc );
pkc = m_alloc( sizeof *pkc );
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL;
@ -217,8 +216,8 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io, DEK *dek,
rsa_generate( &pk, &sk, nbits );
skc = m_alloc( sizeof *skc );
pkc = m_alloc( sizeof *pkc );
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_RSA;
@ -297,8 +296,6 @@ generate_keypair()
char *pub_fname = NULL;
char *sec_fname = NULL;
char *uid = NULL;
IOBUF pub_io = NULL;
IOBUF sec_io = NULL;
KBNODE pub_root = NULL;
KBNODE sec_root = NULL;
PKT_secret_cert *skc = NULL;
@ -473,9 +470,14 @@ generate_keypair()
p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
if( *amail )
p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
#ifndef HAVE_DEV_RANDOM
strcpy(p, " (INSECURE!)" );
/* append a warning if we do not have dev/random
* or it is switched into quick testmode */
#ifdef HAVE_DEV_RANDOM
if( quick_random_gen(-1) )
#endif
strcpy(p, " (INSECURE!)" );
tty_printf("You selected this USER-ID:\n \"%s\"\n\n", uid);
for(;;) {
@ -570,7 +572,7 @@ generate_keypair()
else if( algo == PUBKEY_ALGO_DSA )
rc = gen_dsa(nbits, pub_root, sec_root, dek, &skc );
else
log_bug(NULL);
BUG();
if( !rc )
write_uid(pub_root, uid );
if( !rc )

1
g10/keyid.c
View file

@ -106,7 +106,6 @@ static MD_HANDLE
v3_elg_fingerprint_md_skc( PKT_secret_cert *skc )
{
PKT_public_cert pkc;
byte *p;
pkc.pubkey_algo = skc->pubkey_algo;
pkc.timestamp = skc->timestamp;

5
g10/main.h
View file

@ -48,7 +48,7 @@ int edit_keysigs( const char *username );
int change_passphrase( const char *username );
/*-- sig-check.c --*/
int check_key_signature( KBNODE root, KBNODE node );
int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig );
/*-- keygen.c --*/
void generate_keypair(void);
@ -77,5 +77,8 @@ void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );
void g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );
/*-- import.c --*/
int import_pubkeys( const char *filename );
#endif /*G10_MAIN_H*/

10
g10/mainproc.c
View file

@ -110,7 +110,6 @@ add_secret_cert( CTX c, PACKET *pkt )
static int
add_user_id( CTX c, PACKET *pkt )
{
u32 keyid[2];
KBNODE node, n1, n2;
if( !c->cert ) {
@ -142,7 +141,6 @@ add_user_id( CTX c, PACKET *pkt )
static int
add_signature( CTX c, PACKET *pkt )
{
u32 keyid[2];
KBNODE node, n1, n2;
if( !c->cert ) {
@ -329,7 +327,7 @@ do_check_sig( CTX c, KBNODE node )
if( c->cert->pkt->pkt.public_cert->mfx.md )
md = md_copy( c->cert->pkt->pkt.public_cert->mfx.md );
else
log_bug(NULL);
BUG();
md_write( md, n1->pkt->pkt.user_id->name, n1->pkt->pkt.user_id->len);
}
else {
@ -356,7 +354,7 @@ static void
print_userid( PACKET *pkt )
{
if( !pkt )
log_bug(NULL);
BUG();
if( pkt->pkttype != PKT_USER_ID ) {
printf("ERROR: unexpected packet type %d", pkt->pkttype );
return;
@ -493,9 +491,7 @@ proc_packets( IOBUF a )
{
CTX c = m_alloc_clear( sizeof *c );
PACKET *pkt = m_alloc( sizeof *pkt );
int rc, result;
int lvl0, lvl1;
u32 keyid[2];
int rc;
int newpkt;
c->iobuf = a;

10
g10/packet.h
View file

@ -42,9 +42,8 @@ typedef enum {
PKT_PLAINTEXT =11, /* plaintext data with filename and mode */
PKT_RING_TRUST =12, /* keyring trust packet */
PKT_USER_ID =13, /* user id packet */
PKT_COMMENT =14, /* comment packet */
PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
PKT_NEW_COMMENT =16 /* new comment packet (OpenPGP) */
PKT_COMMENT =16 /* new comment packet (OpenPGP) */
} pkttype_t;
typedef struct packet_struct PACKET;
@ -74,6 +73,7 @@ typedef struct {
typedef struct {
u32 keyid[2]; /* 64 bit keyid */
ulong local_id; /* internal use, valid if > 0 */
u32 timestamp; /* signature made */
byte sig_class; /* sig classification, append for MD calculation*/
byte pubkey_algo; /* algorithm used for public key scheme */
@ -96,9 +96,11 @@ typedef struct {
typedef struct {
u32 timestamp; /* certificate made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
md_filter_context_t mfx;
u32 local_id; /* internal use, valid if > 0 */
ulong local_id; /* internal use, valid if > 0 */
union {
struct {
MPI p; /* prime */
@ -115,6 +117,8 @@ typedef struct {
typedef struct {
u32 timestamp; /* certificate made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
union {
struct {

148
g10/parse-packet.c
View file

@ -50,6 +50,7 @@ static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *packet );
static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static void parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen );
static void parse_comment( IOBUF inp, int pkttype, unsigned long pktlen );
static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen );
static int parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
@ -58,7 +59,7 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
#if 0
static u16
checksum( byte *p )
{
@ -70,6 +71,7 @@ checksum( byte *p )
a += *p++;
return a;
}
#endif
static unsigned short
read_16(IOBUF inp)
@ -143,10 +145,11 @@ search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos )
static int
parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip )
{
int rc, ctb, pkttype, lenbytes;
int rc, c, ctb, pkttype, lenbytes;
unsigned long pktlen;
byte hdr[5];
int hdrlen;
int pgp3 = 0;
*skip = 0;
assert( !pkt->pkt.generic );
@ -157,22 +160,49 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip )
hdrlen=0;
hdr[hdrlen++] = ctb;
if( !(ctb & 0x80) ) {
log_error("invalid packet at '%s'\n", iobuf_where(inp) );
log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
return G10ERR_INVALID_PACKET;
}
/* we handle the pgp 3 extensions here, so that we can skip such packets*/
pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
lenbytes = (ctb & 0x40) || ((ctb&3)==3)? 0 : (1<<(ctb & 3));
pktlen = 0;
if( !lenbytes ) {
pktlen = 0; /* don't know the value */
if( pkttype != PKT_COMPRESSED )
iobuf_set_block_mode(inp, 1);
pgp3 = !!(ctb & 0x40);
if( pgp3 ) {
pkttype = ctb & 0x3f;
if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET;
}
hdr[hdrlen++] = c;
if( c < 192 )
pktlen = c;
else if( c < 224 ) {
pktlen = (c - 192) * 256;
if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 2nd length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET;
}
hdr[hdrlen++] = c;
pktlen += c + 192;
}
else { /* partial body length */
pktlen = 1 << (c & 0x1f);
log_debug("partial body length of %lu bytes\n", pktlen );
iobuf_set_partial_block_mode(inp, pktlen);
pktlen = 0;/* to indicate partial length */
}
}
else {
for( ; lenbytes; lenbytes-- ) {
pktlen <<= 8;
pktlen |= hdr[hdrlen++] = iobuf_get_noeof(inp);
pkttype = (ctb>>2)&0xf;
lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
if( !lenbytes ) {
pktlen = 0; /* don't know the value */
if( pkttype != PKT_COMPRESSED )
iobuf_set_block_mode(inp, 1);
}
else {
for( ; lenbytes; lenbytes-- ) {
pktlen <<= 8;
pktlen |= hdr[hdrlen++] = iobuf_get_noeof(inp);
}
}
}
@ -183,10 +213,10 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip )
}
if( DBG_PACKET )
log_debug("parse_packet(iob=%d): type=%d length=%lu\n",
iobuf_id(inp), pkttype, pktlen );
log_debug("parse_packet(iob=%d): type=%d length=%lu%s\n",
iobuf_id(inp), pkttype, pktlen, pgp3?" (pgp3)":"" );
pkt->pkttype = pkttype;
rc = G10ERR_UNKNOWN_PACKET; /* default to no error */
rc = G10ERR_UNKNOWN_PACKET; /* default error */
switch( pkttype ) {
case PKT_PUBLIC_CERT:
pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert );
@ -211,6 +241,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip )
case PKT_USER_ID:
rc = parse_user_id(inp, pkttype, pktlen, pkt );
break;
case PKT_PUBKEY_SUBCERT:
parse_subkey(inp, pkttype, pktlen);
break;
case PKT_COMMENT:
parse_comment(inp, pkttype, pktlen);
break;
@ -234,12 +267,43 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, int *skip )
return rc;
}
static void
dump_hex_line( int c, int *i )
{
if( *i && !(*i%8) ) {
if( *i && !(*i%24) )
printf("\n%4d:", *i );
else
putchar(' ');
}
if( c == -1 )
printf(" EOF" );
else
printf(" %02x", c );
++*i;
}
static void
skip_packet( IOBUF inp, int pkttype, unsigned long pktlen )
{
if( list_mode )
if( list_mode ) {
printf(":unknown packet: type %2d, length %lu\n", pkttype, pktlen );
if( pkttype ) {
int c, i=0 ;
printf("dump:");
if( iobuf_in_block_mode(inp) ) {
while( (c=iobuf_get(inp)) != -1 )
dump_hex_line(c, &i);
}
else {
for( ; pktlen; pktlen-- )
dump_hex_line(iobuf_get(inp), &i);
}
putchar('\n');
return;
}
}
skip_rest(inp,pktlen);
}
@ -278,7 +342,7 @@ parse_publickey( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
k->keyid[1] = read_32(inp); pktlen -= 4;
k->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
printf(":public key packet: keyid %08lX%08lX\n",
printf(":public key encoded packet: keyid %08lX%08lX\n",
k->keyid[0], k->keyid[1]);
if( k->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
n = pktlen;
@ -394,7 +458,6 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_onepass_sig *ops )
{
int version;
unsigned n;
if( pktlen < 13 ) {
log_error("packet(%d) too short\n", pkttype);
@ -461,22 +524,27 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
timestamp = read_32(inp); pktlen -= 4;
if( is_v4 )
valid_period = 0;
else
else {
valid_period = read_16(inp); pktlen -= 2;
}
algorithm = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
printf(":%s key certification packet:\n"
printf(":%s key packet:\n"
"\tversion %d, created %lu, valid for %hu days\n",
pkttype == PKT_PUBLIC_CERT? "public": "secret",
version, timestamp, valid_period );
if( pkttype == PKT_SECRET_CERT ) {
pkt->pkt.secret_cert->timestamp = timestamp;
pkt->pkt.secret_cert->valid_days = valid_period;
pkt->pkt.secret_cert->hdrbytes = hdrlen;
pkt->pkt.secret_cert->version = version;
pkt->pkt.secret_cert->pubkey_algo = algorithm;
}
else {
pkt->pkt.public_cert->timestamp = timestamp;
pkt->pkt.public_cert->valid_days = valid_period;
pkt->pkt.public_cert->hdrbytes = hdrlen;
pkt->pkt.public_cert->version = version;
pkt->pkt.public_cert->pubkey_algo = algorithm;
}
@ -486,7 +554,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
n = pktlen; elg_g = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; elg_y = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
printf( "\telg p: ");
printf( "\telg p: ");
mpi_print(stdout, elg_p, mpi_print_mode );
printf("\n\telg g: ");
mpi_print(stdout, elg_g, mpi_print_mode );
@ -502,7 +570,6 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
else {
PKT_secret_cert *cert = pkt->pkt.secret_cert;
byte temp[8];
byte *mpibuf;
pkt->pkt.secret_cert->d.elg.p = elg_p;
pkt->pkt.secret_cert->d.elg.g = elg_g;
@ -558,7 +625,6 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
else {
PKT_secret_cert *cert = pkt->pkt.secret_cert;
byte temp[8];
byte *mpibuf;
pkt->pkt.secret_cert->d.rsa.rsa_n = rsa_pub_mod;
pkt->pkt.secret_cert->d.rsa.rsa_e = rsa_pub_exp;
@ -636,6 +702,39 @@ parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
return 0;
}
static void
parse_subkey( IOBUF inp, int pkttype, unsigned long pktlen )
{
int version;
version = iobuf_get_noeof(inp); pktlen--;
if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
/* early versions of G10 use old comments packets; luckily all those
* comments are are started by a hash */
if( list_mode ) {
printf(":old comment packet: \"" );
for( ; pktlen; pktlen-- ) {
int c;
c = iobuf_get_noeof(inp);
if( c >= ' ' && c <= 'z' )
putchar(c);
else
printf("\\x%02x", c );
}
printf("\"\n");
}
skip_rest(inp, pktlen);
return;
}
if( list_mode )
printf(":public subkey packet: \"" );
skip_rest(inp, pktlen);
}
static void
parse_comment( IOBUF inp, int pkttype, unsigned long pktlen )
{
@ -749,7 +848,6 @@ static int
parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
{
PKT_compressed *zd;
int algorithm;
/* pktlen is here 0, but data follows
* (this should be the last object in a file or

1
g10/passphrase.c
View file

@ -22,6 +22,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include "util.h"
#include "memory.h"

3
g10/pkclist.c
View file

@ -56,7 +56,7 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel & TRUST_NO_PUBKEY )
log_bug(NULL);
BUG();
}
@ -84,7 +84,6 @@ int
build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list )
{
PKC_LIST pkc_list = NULL;
PKC_LIST pkc_rover = NULL;
int rc;
if( !remusr ) { /* ask!!! */

121
g10/ringedit.c
View file

@ -68,7 +68,12 @@ typedef struct resource_table_struct RESTBL;
static RESTBL resource_table[MAX_RESOURCES];
static int search( PACKET *pkt, KBPOS *kbpos, int secret );
static int keyring_search( PACKET *pkt, KBPOS *kbpos, IOBUF iobuf );
static int keyring_search2( PUBKEY_FIND_INFO info, KBPOS *kbpos,
const char *fname);
static int keyring_read( KBPOS *kbpos, KBNODE *ret_root );
static int keyring_insert( KBPOS *kbpos, KBNODE root );
static int keyring_delete( KBPOS *kbpos );
@ -138,6 +143,37 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
return -1; /* not found */
}
/****************
* Find a keyblock from the informations provided in INFO
* This can only be used fro public keys
*/
int
find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos )
{
int i, rc, last_rc=-1;
for(i=0; i < MAX_RESOURCES; i++ ) {
if( resource_table[i].used && !resource_table[i].secret ) {
/* note: here we have to add different search functions,
* depending on the type of the resource */
rc = keyring_search2( info, kbpos, resource_table[i].fname );
if( !rc ) {
kbpos->resno = i;
return 0;
}
if( rc != -1 ) {
log_error("error searching resource %d: %s\n",
i, g10_errstr(rc));
last_rc = rc;
}
}
}
return last_rc;
}
/****************
* Search a keyblock which starts with the given packet and put all
* informations into KBPOS, which can be used later to access this key block.
@ -149,8 +185,8 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
*
* Returns: 0 if found, -1 if not found or an errorcode.
*/
int
search_keyblock( PACKET *pkt, KBPOS *kbpos, int secret )
static int
search( PACKET *pkt, KBPOS *kbpos, int secret )
{
int i, rc, last_rc=-1;
@ -179,7 +215,7 @@ search_keyblock( PACKET *pkt, KBPOS *kbpos, int secret )
* of the keyblock.
*/
int
search_keyblock_byname( KBPOS *kbpos, const char *username )
find_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
@ -194,7 +230,7 @@ search_keyblock_byname( KBPOS *kbpos, const char *username )
init_packet( &pkt );
pkt.pkttype = PKT_PUBLIC_CERT;
pkt.pkt.public_cert = pkc;
rc = search_keyblock( &pkt, kbpos, 0 );
rc = search( &pkt, kbpos, 0 );
free_public_cert(pkc);
return rc;
}
@ -204,7 +240,7 @@ search_keyblock_byname( KBPOS *kbpos, const char *username )
* of the keyblock. This function does not unprotect the secret key.
*/
int
search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
find_secret_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
@ -219,7 +255,7 @@ search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
init_packet( &pkt );
pkt.pkttype = PKT_SECRET_CERT;
pkt.pkt.secret_cert = skc;
rc = search_keyblock( &pkt, kbpos, 1 );
rc = search( &pkt, kbpos, 1 );
free_secret_cert(skc);
return rc;
}
@ -229,13 +265,11 @@ search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
* Lock the keyblock; wait until it's available
* This function may change the internal data in kbpos, in cases
* when the to be locked keyblock has been modified.
* fixme: remove this function and add an option to search_keyblock()?
* fixme: remove this function and add an option to search()?
*/
int
lock_keyblock( KBPOS *kbpos )
{
int rc;
if( !check_pos(kbpos) )
return G10ERR_GENERAL;
return 0;
@ -248,7 +282,7 @@ void
unlock_keyblock( KBPOS *kbpos )
{
if( !check_pos(kbpos) )
log_bug(NULL);
BUG();
}
/****************
@ -389,7 +423,7 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf )
break; /* found */
}
else
log_bug(NULL);
BUG();
free_packet(&pkt);
}
if( !rc )
@ -401,6 +435,68 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf )
return rc;
}
/****************
* search one keyring, return 0 if found, -1 if not found or an errorcode.
* this version uses the finger print and other informations
*/
static int
keyring_search2( PUBKEY_FIND_INFO info, KBPOS *kbpos, const char *fname )
{
int rc;
PACKET pkt;
int save_mode;
ulong offset;
IOBUF iobuf;
init_packet(&pkt);
save_mode = set_packet_list_mode(0);
#if 0
if( iobuf_seek( iobuf, 0 ) ) {
log_error("can't rewind keyring file: %s\n", g10_errstr(rc));
rc = G10ERR_KEYRING_OPEN;
goto leave;
}
#else
iobuf = iobuf_open( fname );
if( !iobuf ) {
log_error("can't open '%s'\n", fname );
rc = G10ERR_OPEN_FILE;
goto leave;
}
#endif
while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
PKT_public_cert *pkc = pkt.pkt.public_cert;
u32 keyid[2];
assert( pkt.pkttype == PKT_PUBLIC_CERT );
keyid_from_pkc( pkc, keyid );
if( keyid[0] == info->keyid[0] && keyid[1] == info->keyid[1]
&& pkc->pubkey_algo == info->pubkey_algo ) {
/* fixme: shall we check nbits too? (good for rsa keys) */
/* fixme: check userid???? */
size_t len;
byte *fp = fingerprint_from_pkc( pkc, &len );
if( !memcmp( fp, info->fingerprint, len ) ) {
m_free(fp);
break; /* found */
}
m_free(fp);
}
free_packet(&pkt);
}
if( !rc )
kbpos->offset = offset;
leave:
iobuf_close(iobuf);
free_packet(&pkt);
set_packet_list_mode(save_mode);
return rc;
}
static int
keyring_read( KBPOS *kbpos, KBNODE *ret_root )
@ -562,7 +658,6 @@ keyring_delete( KBPOS *kbpos )
{
RESTBL *rentry;
IOBUF fp;
KBNODE kbctx, node;
int rc;
u32 len;
int ctb;
@ -588,7 +683,7 @@ keyring_delete( KBPOS *kbpos )
/*log_debug("writing a dummy packet of length %lu\n", (ulong)len);*/
if( len < 2 )
log_bug(NULL);
BUG();
if( len < 256 ) {
ctb = 0x80;

10
g10/seckey-cert.c
View file

@ -60,7 +60,7 @@ static int
check_elg( PKT_secret_cert *cert )
{
byte *buffer;
u16 n, csum=0;
u16 csum=0;
int res;
unsigned nbytes;
u32 keyid[2];
@ -73,7 +73,7 @@ check_elg( PKT_secret_cert *cert )
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.elg.protect_algo ) {
case CIPHER_ALGO_NONE: log_bug(NULL); break;
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
dek = get_passphrase_hash( keyid, NULL );
@ -142,7 +142,7 @@ protect_elg( PKT_secret_cert *cert, DEK *dek )
BLOWFISH_context *blowfish_ctx=NULL;
switch( cert->d.elg.protect_algo ) {
case CIPHER_ALGO_NONE: log_bug(NULL); break;
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
@ -171,7 +171,7 @@ static int
check_rsa( PKT_secret_cert *cert )
{
byte *buffer;
u16 n, csum=0;
u16 csum=0;
int res;
unsigned nbytes;
u32 keyid[2];
@ -183,7 +183,7 @@ check_rsa( PKT_secret_cert *cert )
switch( cert->d.rsa.protect_algo ) {
/* FIXME: use test variables to check for the correct key */
case CIPHER_ALGO_NONE: log_bug(NULL); break;
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
dek = get_passphrase_hash( keyid, NULL );

13
g10/seskey.c
View file

@ -46,7 +46,7 @@ make_session_key( DEK *dek )
randomize_buffer( dek->key, dek->keylen, 1 );
break;
default: log_bug("invalid algo %d in make_session_key()\n");
default: log_bug("invalid algo %d in make_session_key()\n", dek->algo);
}
}
@ -116,9 +116,8 @@ encode_rmd160_value( byte *md, unsigned len, unsigned nbits )
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
int nframe = (nbits+7) / 8;
byte *p;
MPI frame;
int i,n,c;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 42 || len != 20 )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
@ -156,9 +155,8 @@ encode_sha1_value( byte *md, unsigned len, unsigned nbits )
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
int nframe = (nbits+7) / 8;
byte *p;
MPI frame;
int i,n,c;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 42 || len != 20 )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
@ -197,9 +195,8 @@ encode_md5_value( byte *md, unsigned len, unsigned nbits )
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
int nframe = (nbits+7) / 8;
byte *p;
MPI frame;
int i,n,c;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 38 || len != 16 )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
@ -236,7 +233,7 @@ encode_md_value( MD_HANDLE md, unsigned nbits )
case DIGEST_ALGO_SHA1:
return encode_sha1_value( md_read(md, DIGEST_ALGO_SHA1), 20, nbits );
default:
log_bug(NULL);
BUG();
}
}

15
g10/sig-check.c
View file

@ -143,7 +143,7 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
md_putc( digest, a & 0xff );
}
md_final( digest );
dp = md_read( digest, 0 );
dp = md_read( digest, DIGEST_ALGO_RMD160 );
for(i=19; i >= 0; i--, dp++ )
if( mpi_getbyte( result, i ) != *dp ) {
rc = G10ERR_BAD_SIGN;
@ -187,7 +187,7 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
md_putc( digest, a & 0xff );
}
md_final( digest );
dp = md_read( digest, 0 );
dp = md_read( digest, DIGEST_ALGO_MD5 );
for(i=15; i >= 0; i--, dp++ )
if( mpi_getbyte( result, i ) != *dp ) {
rc = G10ERR_BAD_SIGN;
@ -220,7 +220,7 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
* check the signature pointed to by NODE. This is a key signatures
*/
int
check_key_signature( KBNODE root, KBNODE node )
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
KBNODE unode;
MD_HANDLE md;
@ -229,6 +229,8 @@ check_key_signature( KBNODE root, KBNODE node )
int algo;
int rc;
if( is_selfsig )
*is_selfsig = 0;
assert( node->pkt->pkttype == PKT_SIGNATURE );
assert( (node->pkt->pkt.signature->sig_class&~3) == 0x10 );
assert( root->pkt->pkttype == PKT_PUBLIC_CERT );
@ -250,6 +252,13 @@ check_key_signature( KBNODE root, KBNODE node )
if( unode && unode->pkt->pkttype == PKT_USER_ID ) {
PKT_user_id *uid = unode->pkt->pkt.user_id;
if( is_selfsig ) {
u32 keyid[2];
keyid_from_pkc( pkc, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
md = md_open( algo, 0 );
hash_public_cert( md, pkc );
md_write( md, uid->name, uid->len );

19
g10/sign.c
View file

@ -52,7 +52,7 @@ complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
else if( sig->pubkey_algo == PUBKEY_ALGO_RSA )
g10_rsa_sign( skc, sig, md );
else
log_bug(NULL);
BUG();
/* fixme: should we check wether the signature is okay? */
@ -89,7 +89,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
PACKET pkt;
PKT_plaintext *pt = NULL;
u32 filesize;
int last_rc, rc = 0;
int rc = 0;
PKC_LIST pkc_list = NULL;
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
@ -318,7 +318,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
#endif/*HAVE_RSA_CIPHER*/
else
log_bug(NULL);
BUG();
md_close( md );
@ -428,7 +428,7 @@ check_all_keysigs( KBNODE keyblock )
int sigrc;
tty_printf("sig");
switch( (rc = check_key_signature( keyblock, node )) ) {
switch( (rc = check_key_signature( keyblock, node,NULL)) ) {
case 0: node->flag = 0; sigrc = '!'; break;
case G10ERR_BAD_SIGN: inv_sigs++; node->flag = 1; sigrc = '-'; break;
case G10ERR_NO_PUBKEY: no_key++; node->flag = 2; sigrc = '?'; break;
@ -478,7 +478,6 @@ remove_keysigs( KBNODE keyblock, int all )
&& node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
PKT_signature *sig = node->pkt->pkt.signature;
int sigrc;
if( all ) {
/* fixme: skip self-sig */
@ -546,14 +545,13 @@ sign_key( const char *username, STRLIST locusr )
KBNODE kbctx, node;
KBPOS kbpos;
PKT_public_cert *pkc;
int any;
u32 pkc_keyid[2];
char *answer;
memset( &mfx, 0, sizeof mfx);
/* search the userid */
rc = search_keyblock_byname( &kbpos, username );
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("user '%s' not found\n", username );
goto leave;
@ -687,12 +685,10 @@ edit_keysigs( const char *username )
KBNODE kbctx, node;
KBPOS kbpos;
PKT_public_cert *pkc;
int any;
u32 pkc_keyid[2];
char *answer;
/* search the userid */
rc = search_keyblock_byname( &kbpos, username );
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("user '%s' not found\n", username );
goto leave;
@ -755,13 +751,12 @@ change_passphrase( const char *username )
KBNODE kbctx, node;
KBPOS kbpos;
PKT_secret_cert *skc;
int any;
u32 skc_keyid[2];
char *answer;
int changed=0;
/* search the userid */
rc = search_secret_keyblock_byname( &kbpos, username );
rc = find_secret_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("secret key for user '%s' not found\n", username );
goto leave;

1
g10/skclist.c
View file

@ -49,7 +49,6 @@ int
build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock )
{
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
int rc;
if( !locusr ) { /* use the default one */

859
g10/trustdb.c
View file

File diff suppressed because it is too large Load diff

6
g10/trustdb.h
View file

@ -34,8 +34,12 @@
/*-- trustdb.c --*/
int check_trustdb( int level );
void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username );
int init_trustdb( int level );
int check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel );
int get_ownertrust( PKT_public_cert *pkc, int *r_otrust );
int insert_trust_record( PKT_public_cert *pkc );
int verify_private_data(void);
int sign_private_data(void);