security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

textual changes

This commit is contained in:
Werner Koch 1998-06-29 12:30:57 +00:00
parent 5911e300ff
commit 77a6af76d0
38 changed files with 1540 additions and 1560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
THANKS
View File

@ -18,10 +18,12 @@ James Troup J.J.Troup@scm.brad.ac.uk
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
Jörg Schilling schilling@fokus.gmd.de
Lars Kellogg-Stedman lars@bu.edu
Marco d'Itri md@linux.it
Mark Adler madler@alumni.caltech.edu
Martin Schulte schulte@thp.uni-koeln.de
Matthew Skala mskala@ansuz.sooke.bc.ca
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
Peter Gutmann pgut001@cs.auckland.ac.nz
Ralph Gillen gillen@theochem.uni-duesseldorf.de
Thomas Roessler roessler@guug.de

5
TODO
View File

@ -1,4 +1,6 @@
* add options: --default-signature-user, --default-encryption-user
* make preferences work
* rewrite --list-packets or put it into another tool.
@ -37,9 +39,6 @@
flag that we may have a cached signature for this (and use the address
of PKC to lookup the hash).
* change the misleading usage of "public key certificate" to
"public key data" or something like this.
* replace getkey.c#enum_secret_keys

2
VERSION
View File

@ -1 +1 @@
0.3.0a
0.3.0b

19
g10/ChangeLog
View File

@ -1,3 +1,22 @@
Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h: changed all "_cert" to "_key", "subcert" to "subkey".
* free-packet.c (free_packet): Removed memory leak for subkeys.
Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de)
* import.c (import_keys): Renamed from import_pubkeys.
(import_secret_one): New.
* g10.c (aExportSecret): New.
* export.c (export_seckeys): New.
* parse-packet.c (parse_certificate): Cleaned up.
(parse_packet): Trust packets are now considered as unknown.
(parse_pubkey_warning): New.
Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de)
* keygen.c (has_invalid_email_chars): New.

2
g10/OPTIONS
View File

@ -41,6 +41,8 @@ store
list-secret-keys
#
export-secret-keys
# export secret keys (which may be usefuil in some cases)
#-----------------------------------------------
#--- options

6
g10/armor.c
View File

@ -88,6 +88,7 @@ static char *head_strings[] = {
"BEGIN PGP SIGNATURE",
"BEGIN PGP SIGNED MESSAGE",
"BEGIN PGP ARMORED FILE",
"BEGIN PGP SECRET KEY BLOCK",
NULL
};
static char *tail_strings[] = {
@ -96,6 +97,7 @@ static char *tail_strings[] = {
"END PGP SIGNATURE",
"END dummy",
"END PGP ARMORED FILE",
"END PGP SECRET KEY BLOCK",
NULL
};
@ -153,8 +155,8 @@ is_armored( byte *buf )
pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
switch( pkttype ) {
case PKT_MARKER:
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
case PKT_PUBKEY_ENC:
case PKT_SIGNATURE:
case PKT_COMMENT:

104
g10/build-packet.c
View File

@ -36,8 +36,8 @@
static int do_comment( IOBUF out, int ctb, PKT_comment *rem );
static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
static int do_public_cert( IOBUF out, int ctb, PKT_public_cert *pk );
static int do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *pk );
static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
static u32 calc_plaintext( PKT_plaintext *pt );
@ -82,13 +82,13 @@ build_packet( IOBUF out, PACKET *pkt )
case PKT_COMMENT:
rc = do_comment( out, ctb, pkt->pkt.comment );
break;
case PKT_PUBKEY_SUBCERT:
case PKT_PUBLIC_CERT:
rc = do_public_cert( out, ctb, pkt->pkt.public_cert );
case PKT_PUBLIC_SUBKEY:
case PKT_PUBLIC_KEY:
rc = do_public_key( out, ctb, pkt->pkt.public_key );
break;
case PKT_SECKEY_SUBCERT:
case PKT_SECRET_CERT:
rc = do_secret_cert( out, ctb, pkt->pkt.secret_cert );
case PKT_SECRET_SUBKEY:
case PKT_SECRET_KEY:
rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
break;
case PKT_SYMKEY_ENC:
rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
@ -135,8 +135,8 @@ calc_packet_length( PACKET *pkt )
break;
case PKT_USER_ID:
case PKT_COMMENT:
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
case PKT_SYMKEY_ENC:
case PKT_PUBKEY_ENC:
case PKT_ENCRYPTED:
@ -174,25 +174,25 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
}
static int
do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
{
int rc = 0;
int n, i;
IOBUF a = iobuf_temp();
if( !pkc->version )
if( !pk->version )
iobuf_put( a, 3 );
else
iobuf_put( a, pkc->version );
write_32(a, pkc->timestamp );
if( pkc->version < 4 )
write_16(a, pkc->valid_days );
iobuf_put(a, pkc->pubkey_algo );
n = pubkey_get_npkey( pkc->pubkey_algo );
iobuf_put( a, pk->version );
write_32(a, pk->timestamp );
if( pk->version < 4 )
write_16(a, pk->valid_days );
iobuf_put(a, pk->pubkey_algo );
n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ )
mpi_write(a, pkc->pkey[i] );
mpi_write(a, pk->pkey[i] );
write_header2(out, ctb, iobuf_get_temp_length(a), pkc->hdrbytes, 1 );
write_header2(out, ctb, iobuf_get_temp_length(a), pk->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@ -205,25 +205,25 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
* Make a hash value from the public key certificate
*/
void
hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
hash_public_key( MD_HANDLE md, PKT_public_key *pk )
{
PACKET pkt;
int rc = 0;
int c;
IOBUF a = iobuf_temp();
#if 0
FILE *fp = fopen("dump.pkc", "a");
FILE *fp = fopen("dump.pk", "a");
int i=0;
fprintf(fp, "\nHashing PKC (v%d):\n", pkc->version);
fprintf(fp, "\nHashing PK (v%d):\n", pk->version);
#endif
/* build the packet */
init_packet(&pkt);
pkt.pkttype = PKT_PUBLIC_CERT;
pkt.pkt.public_cert = pkc;
pkt.pkttype = PKT_PUBLIC_KEY;
pkt.pkt.public_key = pk;
if( (rc = build_packet( a, &pkt )) )
log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc));
log_fatal("build public_key for hashing failed: %s\n", g10_errstr(rc));
while( (c=iobuf_get(a)) != -1 ) {
#if 0
fprintf( fp," %02x", c );
@ -243,51 +243,51 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
static int
do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
{
int rc = 0;
int i, nskey, npkey;
IOBUF a = iobuf_temp();
if( !skc->version )
if( !sk->version )
iobuf_put( a, 3 );
else
iobuf_put( a, skc->version );
write_32(a, skc->timestamp );
if( skc->version < 4 )
write_16(a, skc->valid_days );
iobuf_put(a, skc->pubkey_algo );
nskey = pubkey_get_nskey( skc->pubkey_algo );
npkey = pubkey_get_npkey( skc->pubkey_algo );
iobuf_put( a, sk->version );
write_32(a, sk->timestamp );
if( sk->version < 4 )
write_16(a, sk->valid_days );
iobuf_put(a, sk->pubkey_algo );
nskey = pubkey_get_nskey( sk->pubkey_algo );
npkey = pubkey_get_npkey( sk->pubkey_algo );
assert( npkey < nskey );
for(i=0; i < npkey; i++ )
mpi_write(a, skc->skey[i] );
if( skc->is_protected ) {
if( is_RSA(skc->pubkey_algo) && skc->version < 4 ) {
iobuf_put(a, skc->protect.algo );
iobuf_write(a, skc->protect.iv, 8 );
mpi_write(a, sk->skey[i] );
if( sk->is_protected ) {
if( is_RSA(sk->pubkey_algo) && sk->version < 4 ) {
iobuf_put(a, sk->protect.algo );
iobuf_write(a, sk->protect.iv, 8 );
}
else {
iobuf_put(a, 0xff );
iobuf_put(a, skc->protect.algo );
iobuf_put(a, skc->protect.s2k.mode );
iobuf_put(a, skc->protect.s2k.hash_algo );
if( skc->protect.s2k.mode == 1
|| skc->protect.s2k.mode == 4 )
iobuf_write(a, skc->protect.s2k.salt, 8 );
if( skc->protect.s2k.mode == 4 )
write_32(a, skc->protect.s2k.count );
iobuf_write(a, skc->protect.iv, 8 );
iobuf_put(a, sk->protect.algo );
iobuf_put(a, sk->protect.s2k.mode );
iobuf_put(a, sk->protect.s2k.hash_algo );
if( sk->protect.s2k.mode == 1
|| sk->protect.s2k.mode == 4 )
iobuf_write(a, sk->protect.s2k.salt, 8 );
if( sk->protect.s2k.mode == 4 )
write_32(a, sk->protect.s2k.count );
iobuf_write(a, sk->protect.iv, 8 );
}
}
else
iobuf_put(a, 0 );
for( ; i < nskey; i++ )
mpi_write(a, skc->skey[i] );
write_16(a, skc->csum );
mpi_write(a, sk->skey[i] );
write_16(a, sk->csum );
write_header2(out, ctb, iobuf_get_temp_length(a), skc->hdrbytes, 1 );
write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;

32
g10/encode.c
View File

@ -37,7 +37,7 @@
static int encode_simple( const char *filename, int mode );
static int write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out );
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@ -185,13 +185,13 @@ encode_crypt( const char *filename, STRLIST remusr )
cipher_filter_context_t cfx;
armor_filter_context_t afx;
compress_filter_context_t zfx;
PKC_LIST pkc_list;
PK_LIST pk_list;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
if( (rc=build_pkc_list( remusr, &pkc_list, 2)) )
if( (rc=build_pk_list( remusr, &pk_list, 2)) )
return rc;
/* prepare iobufs */
@ -222,7 +222,7 @@ encode_crypt( const char *filename, STRLIST remusr )
if( DBG_CIPHER )
log_hexdump("DEK is: ", cfx.dek->key, cfx.dek->keylen );
rc = write_pubkey_enc_from_list( pkc_list, cfx.dek, out );
rc = write_pubkey_enc_from_list( pk_list, cfx.dek, out );
if( rc )
goto leave;
@ -269,7 +269,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->buf = NULL;
free_packet(&pkt);
m_free(cfx.dek);
release_pkc_list( pkc_list );
release_pk_list( pk_list );
return rc;
}
@ -297,7 +297,7 @@ encrypt_filter( void *opaque, int control,
log_hexdump("DEK is: ",
efx->cfx.dek->key, efx->cfx.dek->keylen );
rc = write_pubkey_enc_from_list( efx->pkc_list, efx->cfx.dek, a );
rc = write_pubkey_enc_from_list( efx->pk_list, efx->cfx.dek, a );
if( rc )
return rc;
@ -318,26 +318,26 @@ encrypt_filter( void *opaque, int control,
/****************
* Write pubkey-enc packets from the list of PKCs to OUT.
* Write pubkey-enc packets from the list of PKs to OUT.
*/
static int
write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out )
write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
{
PACKET pkt;
PKT_public_cert *pkc;
PKT_public_key *pk;
PKT_pubkey_enc *enc;
int rc;
for( ; pkc_list; pkc_list = pkc_list->next ) {
for( ; pk_list; pk_list = pk_list->next ) {
MPI frame;
pkc = pkc_list->pkc;
pk = pk_list->pk;
enc = m_alloc_clear( sizeof *enc );
enc->pubkey_algo = pkc->pubkey_algo;
keyid_from_pkc( pkc, enc->keyid );
frame = encode_session_key( dek, pubkey_nbits( pkc->pubkey_algo,
pkc->pkey ) );
rc = pubkey_encrypt( pkc->pubkey_algo, enc->data, frame, pkc->pkey );
enc->pubkey_algo = pk->pubkey_algo;
keyid_from_pk( pk, enc->keyid );
frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo,
pk->pkey ) );
rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey );
mpi_free( frame );
if( rc )
log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) );

20
g10/export.c
View File

@ -33,6 +33,7 @@
#include "util.h"
#include "main.h"
static int do_export( STRLIST users, int secret );
/****************
* Export the public keys (to standard out or --output).
@ -41,6 +42,18 @@
*/
int
export_pubkeys( STRLIST users )
{
return do_export( users, 0 );
}
int
export_seckeys( STRLIST users )
{
return do_export( users, 1 );
}
static int
do_export( STRLIST users, int secret )
{
int rc = 0;
armor_filter_context_t afx;
@ -64,14 +77,14 @@ export_pubkeys( STRLIST users )
}
if( opt.armor ) {
afx.what = 1;
afx.what = secret?5:1;
iobuf_push_filter( out, armor_filter, &afx );
}
if( opt.compress_keys && opt.compress )
iobuf_push_filter( out, compress_filter, &zfx );
if( all ) {
rc = enum_keyblocks( 0, &kbpos, &keyblock );
rc = enum_keyblocks( secret?5:0, &kbpos, &keyblock );
if( rc ) {
if( rc != -1 )
log_error("enum_keyblocks(open) failed: %s\n", g10_errstr(rc) );
@ -94,7 +107,8 @@ export_pubkeys( STRLIST users )
}
else {
/* search the userid */
rc = find_keyblock_byname( &kbpos, sl->d );
rc = secret? find_secret_keyblock_byname( &kbpos, sl->d )
: find_keyblock_byname( &kbpos, sl->d );
if( rc ) {
log_error("%s: user not found: %s\n", sl->d, g10_errstr(rc) );
rc = 0;

60
g10/free-packet.c
View File

@ -62,26 +62,26 @@ free_seckey_enc( PKT_signature *sig )
void
release_public_cert_parts( PKT_public_cert *cert )
release_public_key_parts( PKT_public_key *pk )
{
int n, i;
n = pubkey_get_npkey( cert->pubkey_algo );
n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ ) {
mpi_free( cert->pkey[i] );
cert->pkey[i] = NULL;
mpi_free( pk->pkey[i] );
pk->pkey[i] = NULL;
}
}
void
free_public_cert( PKT_public_cert *cert )
free_public_key( PKT_public_key *pk )
{
release_public_cert_parts( cert );
m_free(cert);
release_public_key_parts( pk );
m_free(pk);
}
PKT_public_cert *
copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
PKT_public_key *
copy_public_key( PKT_public_key *d, PKT_public_key *s )
{
int n, i;
@ -95,26 +95,26 @@ copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
}
void
release_secret_cert_parts( PKT_secret_cert *cert )
release_secret_key_parts( PKT_secret_key *sk )
{
int n, i;
n = pubkey_get_nskey( cert->pubkey_algo );
n = pubkey_get_nskey( sk->pubkey_algo );
for(i=0; i < n; i++ ) {
mpi_free( cert->skey[i] );
cert->skey[i] = NULL;
mpi_free( sk->skey[i] );
sk->skey[i] = NULL;
}
}
void
free_secret_cert( PKT_secret_cert *cert )
free_secret_key( PKT_secret_key *sk )
{
release_secret_cert_parts( cert );
m_free(cert);
release_secret_key_parts( sk );
m_free(sk);
}
PKT_secret_cert *
copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s )
PKT_secret_key *
copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
{
int n, i;
@ -208,11 +208,13 @@ free_packet( PACKET *pkt )
case PKT_SYMKEY_ENC:
free_symkey_enc( pkt->pkt.symkey_enc );
break;
case PKT_PUBLIC_CERT:
free_public_cert( pkt->pkt.public_cert );
case PKT_PUBLIC_KEY:
case PKT_PUBLIC_SUBKEY:
free_public_key( pkt->pkt.public_key );
break;
case PKT_SECRET_CERT:
free_secret_cert( pkt->pkt.secret_cert );
case PKT_SECRET_KEY:
case PKT_SECRET_SUBKEY:
free_secret_key( pkt->pkt.secret_key );
break;
case PKT_COMMENT:
free_comment( pkt->pkt.comment );
@ -240,7 +242,7 @@ free_packet( PACKET *pkt )
* Returns 0 if they match.
*/
int
cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
{
int n, i;
@ -264,20 +266,20 @@ cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
* Returns 0 if they match.
*/
int
cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc )
cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
{
int n, i;
if( pkc->timestamp != skc->timestamp )
if( pk->timestamp != sk->timestamp )
return -1;
if( pkc->valid_days != skc->valid_days )
if( pk->valid_days != sk->valid_days )
return -1;
if( pkc->pubkey_algo != skc->pubkey_algo )
if( pk->pubkey_algo != sk->pubkey_algo )
return -1;
n = pubkey_get_npkey( pkc->pubkey_algo );
n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ ) {
if( mpi_cmp( pkc->pkey[i] , skc->skey[i] ) )
if( mpi_cmp( pk->pkey[i] , sk->skey[i] ) )
return -1;
}
return 0;

17
g10/g10.c
View File

@ -75,6 +75,7 @@ static ARGPARSE_OPTS opts[] = {
{ 542, "gen-revoke",0, N_("generate a revocation certificate")},
#endif
{ 537, "export" , 0, N_("export keys") },
{ 563, "export-secret-keys" , 0, "@" },
{ 530, "import", 0 , N_("import/merge keys")},
{ 521, "list-packets",0,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT
@ -176,7 +177,8 @@ enum cmd_values { aNull = 0,
aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey,
aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys,
aListSigs, aKeyadd, aListSecretKeys,
aExport, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aExport, aExportSecret,
aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest,
aNOP };
@ -595,6 +597,7 @@ main( int argc, char **argv )
case 560: register_cipher_extension(pargs.r.ret_str); break;
case 561: opt.rfc1991 = 1; break;
case 562: opt.emulate_bugs |= 1; break;
case 563: set_cmd( &cmd, aExportSecret); break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
@ -855,12 +858,12 @@ main( int argc, char **argv )
case aImport:
if( !argc ) {
rc = import_pubkeys( NULL );
rc = import_keys( NULL );
if( rc )
log_error("import failed: %s\n", g10_errstr(rc) );
}
for( ; argc; argc--, argv++ ) {
rc = import_pubkeys( *argv );
rc = import_keys( *argv );
if( rc )
log_error("import from '%s' failed: %s\n",
*argv, g10_errstr(rc) );
@ -875,6 +878,14 @@ main( int argc, char **argv )
free_strlist(sl);
break;
case aExportSecret:
sl = NULL;
for( ; argc; argc--, argv++ )
add_to_strlist( &sl, *argv );
export_seckeys( sl );
free_strlist(sl);
break;
#ifdef IS_G10
case aGenRevoke:
if( argc != 1 )

284
g10/getkey.c
View File

@ -32,7 +32,7 @@
#include "options.h"
#include "main.h"
#define MAX_PKC_CACHE_ENTRIES 500
#define MAX_PK_CACHE_ENTRIES 500
typedef struct keyid_list {
@ -47,11 +47,11 @@ typedef struct user_id_db {
char name[1];
} *user_id_db_t;
typedef struct pkc_cache_entry {
struct pkc_cache_entry *next;
typedef struct pk_cache_entry {
struct pk_cache_entry *next;
u32 keyid[2];
PKT_public_cert *pkc;
} *pkc_cache_entry_t;
PKT_public_key *pk;
} *pk_cache_entry_t;
typedef struct enum_seckey_context {
int eof;
@ -65,14 +65,14 @@ static STRLIST secret_keyrings;
static keyid_list_t unknown_keyids;
static user_id_db_t user_id_db;
static pkc_cache_entry_t pkc_cache;
static int pkc_cache_entries; /* number of entries in pkc cache */
static pk_cache_entry_t pk_cache;
static int pk_cache_entries; /* number of entries in pk cache */
static int lookup( PKT_public_cert *pkc,
static int lookup( PKT_public_key *pk,
int mode, u32 *keyid, const char *name,
KBNODE *ret_keyblock );
static int lookup_skc( PKT_secret_cert *skc,
static int lookup_sk( PKT_secret_key *sk,
int mode, u32 *keyid, const char *name );
/* note this function may be called before secure memory is
@ -170,42 +170,42 @@ add_secret_keyring( const char *name )
static void
cache_public_cert( PKT_public_cert *pkc )
cache_public_key( PKT_public_key *pk )
{
pkc_cache_entry_t ce;
pk_cache_entry_t ce;
u32 keyid[2];
if( is_ELGAMAL(pkc->pubkey_algo)
|| pkc->pubkey_algo == PUBKEY_ALGO_DSA
|| is_RSA(pkc->pubkey_algo) ) {
keyid_from_pkc( pkc, keyid );
if( is_ELGAMAL(pk->pubkey_algo)
|| pk->pubkey_algo == PUBKEY_ALGO_DSA
|| is_RSA(pk->pubkey_algo) ) {
keyid_from_pk( pk, keyid );
}
else
return; /* don't know how to get the keyid */
for( ce = pkc_cache; ce; ce = ce->next )
for( ce = pk_cache; ce; ce = ce->next )
if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
if( DBG_CACHE )
log_debug("cache_public_cert: already in cache\n");
log_debug("cache_public_key: already in cache\n");
return;
}
if( pkc_cache_entries > MAX_PKC_CACHE_ENTRIES ) {
if( pk_cache_entries > MAX_PK_CACHE_ENTRIES ) {
/* FIMXE: use another algorithm to free some cache slots */
if( pkc_cache_entries == MAX_PKC_CACHE_ENTRIES ) {
pkc_cache_entries++;
log_info("too many entries in pkc cache - disabled\n");
if( pk_cache_entries == MAX_PK_CACHE_ENTRIES ) {
pk_cache_entries++;
log_info("too many entries in pk cache - disabled\n");
}
ce = pkc_cache;
free_public_cert( ce->pkc );
ce = pk_cache;
free_public_key( ce->pk );
}
else {
pkc_cache_entries++;
pk_cache_entries++;
ce = m_alloc( sizeof *ce );
ce->next = pkc_cache;
pkc_cache = ce;
ce->next = pk_cache;
pk_cache = ce;
}
ce->pkc = copy_public_cert( NULL, pkc );
ce->pk = copy_public_key( NULL, pk );
ce->keyid[0] = keyid[0];
ce->keyid[1] = keyid[1];
}
@ -238,17 +238,17 @@ cache_user_id( PKT_user_id *uid, u32 *keyid )
/****************
* Get a public key and store it into the allocated pkc
* can be called with PKC set to NULL to just read it into some
* Get a public key and store it into the allocated pk
* can be called with PK set to NULL to just read it into some
* internal structures.
*/
int
get_pubkey( PKT_public_cert *pkc, u32 *keyid )
get_pubkey( PKT_public_key *pk, u32 *keyid )
{
keyid_list_t kl;
int internal = 0;
int rc = 0;
pkc_cache_entry_t ce;
pk_cache_entry_t ce;
/* let's see whether we checked the keyid already */
for( kl = unknown_keyids; kl; kl = kl->next )
@ -256,21 +256,21 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
return G10ERR_NO_PUBKEY; /* already checked and not found */
/* Try to get it from our cache */
for( ce = pkc_cache; ce; ce = ce->next )
for( ce = pk_cache; ce; ce = ce->next )
if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
if( pkc )
copy_public_cert( pkc, ce->pkc );
if( pk )
copy_public_key( pk, ce->pk );
return 0;
}
/* more init stuff */
if( !pkc ) {
pkc = m_alloc_clear( sizeof *pkc );
if( !pk ) {
pk = m_alloc_clear( sizeof *pk );
internal++;
}
/* do a lookup */
rc = lookup( pkc, 11, keyid, NULL, NULL );
rc = lookup( pk, 11, keyid, NULL, NULL );
if( !rc )
goto leave;
@ -284,9 +284,9 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
leave:
if( !rc )
cache_public_cert( pkc );
cache_public_key( pk );
if( internal )
m_free(pkc);
m_free(pk);
return rc;
}
@ -320,7 +320,7 @@ hextobyte( const byte *s )
/****************
* Try to get the pubkey by the userid. This function looks for the
* first pubkey certificate which has the given name in a user_id.
* if pkc has the pubkey algo set, the function will only return
* if pk has the pubkey algo set, the function will only return
* a pubkey with that algo.
*
* - If the username starts with 8,9,16 or 17 hex-digits (the first one
@ -344,7 +344,7 @@ hextobyte( const byte *s )
static int
key_byname( int secret,
PKT_public_cert *pkc, PKT_secret_cert *skc, const char *name )
PKT_public_key *pk, PKT_secret_key *sk, const char *name )
{
int internal = 0;
int rc = 0;
@ -439,35 +439,35 @@ key_byname( int secret,
goto leave;
if( secret ) {
if( !skc ) {
skc = m_alloc_clear( sizeof *skc );
if( !sk ) {
sk = m_alloc_clear( sizeof *sk );
internal++;
}
rc = mode < 16? lookup_skc( skc, mode, keyid, name )
: lookup_skc( skc, mode, keyid, fprint );
rc = mode < 16? lookup_sk( sk, mode, keyid, name )
: lookup_sk( sk, mode, keyid, fprint );
}
else {
if( !pkc ) {
pkc = m_alloc_clear( sizeof *pkc );
if( !pk ) {
pk = m_alloc_clear( sizeof *pk );
internal++;
}
rc = mode < 16? lookup( pkc, mode, keyid, name, NULL )
: lookup( pkc, mode, keyid, fprint, NULL );
rc = mode < 16? lookup( pk, mode, keyid, name, NULL )
: lookup( pk, mode, keyid, fprint, NULL );
}
leave:
if( internal && secret )
m_free( skc );
m_free( sk );
else if( internal )
m_free( pkc );
m_free( pk );
return rc;
}
int
get_pubkey_byname( PKT_public_cert *pkc, const char *name )
get_pubkey_byname( PKT_public_key *pk, const char *name )
{
return key_byname( 0, pkc, NULL, name );
return key_byname( 0, pk, NULL, name );
}
@ -481,31 +481,31 @@ get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len )
{
int rc;
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
if( fprint_len == 20 || fprint_len == 16 )
rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock );
rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock );
else
rc = G10ERR_GENERAL; /* Oops */
free_public_cert( pkc );
free_public_key( pk );
return rc;
}
/****************
* Get a secret key and store it into skc
* Get a secret key and store it into sk
*/
int
get_seckey( PKT_secret_cert *skc, u32 *keyid )
get_seckey( PKT_secret_key *sk, u32 *keyid )
{
int rc;
rc = lookup_skc( skc, 11, keyid, NULL );
rc = lookup_sk( sk, 11, keyid, NULL );
if( !rc ) {
/* check the secret key (this may prompt for a passprase to
* unlock the secret key
*/
rc = check_secret_key( skc );
rc = check_secret_key( sk );
}
return rc;
@ -519,30 +519,30 @@ get_seckey( PKT_secret_cert *skc, u32 *keyid )
int
seckey_available( u32 *keyid )
{
PKT_secret_cert *skc;
PKT_secret_key *sk;
int rc;
skc = m_alloc_clear( sizeof *skc );
rc = lookup_skc( skc, 11, keyid, NULL );
free_secret_cert( skc );
sk = m_alloc_clear( sizeof *sk );
rc = lookup_sk( sk, 11, keyid, NULL );
free_secret_key( sk );
return rc;
}
/****************
* Get a secret key by name and store it into skc
* If NAME is NULL use the default certificate
* Get a secret key by name and store it into sk
* If NAME is NULL use the default key
*/
int
get_seckey_byname( PKT_secret_cert *skc, const char *name, int unprotect )
get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
{
int rc;
rc = name ? key_byname( 1, NULL, skc, name )
: lookup_skc( skc, 15, NULL, NULL );
rc = name ? key_byname( 1, NULL, sk, name )
: lookup_sk( sk, 15, NULL, NULL );
if( !rc && unprotect )
rc = check_secret_key( skc );
rc = check_secret_key( sk );
return rc;
}
@ -606,26 +606,26 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode )
static void
add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
{
PKT_public_cert *pkc = knode->pkt->pkt.public_cert;
PKT_public_key *pk = knode->pkt->pkt.public_key;
PKT_signature *sig;
KBNODE k;
u32 kid[2];
assert( knode->pkt->pkttype == PKT_PUBLIC_CERT
|| knode->pkt->pkttype == PKT_PUBKEY_SUBCERT );
assert( knode->pkt->pkttype == PKT_PUBLIC_KEY
|| knode->pkt->pkttype == PKT_PUBLIC_SUBKEY );
if( pkc->version < 4 )
if( pk->version < 4 )
return; /* this is only needed for version >=4 packets */
/* find the selfsignature */
if( knode->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
k = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( knode->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
k = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !k )
BUG(); /* keyblock without primary key!!! */
keyid_from_pkc( knode->pkt->pkt.public_cert, kid );
keyid_from_pk( knode->pkt->pkt.public_key, kid );
}
else
keyid_from_pkc( pkc, kid );
keyid_from_pk( pk, kid );
for(k=keyblock; k; k = k->next ) {
if( k->pkt->pkttype == PKT_SIGNATURE
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
@ -641,8 +641,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
*/
const byte *p;
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
pkc->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
/* fixme: add usage etc. to pkc */
pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
/* fixme: add usage etc. to pk */
break;
}
}
@ -660,13 +660,13 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
* 15 = Get the first key.
* 16 = lookup by 16 byte fingerprint which is stored in NAME
* 20 = lookup by 20 byte fingerprint which is stored in NAME
* Caller must provide an empty PKC, if the pubkey_algo is filled in, only
* Caller must provide an empty PK, if the pubkey_algo is filled in, only
* a key of this algo will be returned.
* If ret_keyblock is not NULL, the complete keyblock is returned also
* and the caller must release it.
*/
static int
lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
lookup( PKT_public_key *pk, int mode, u32 *keyid,
const char *name, KBNODE *ret_keyblock )
{
int rc;
@ -692,15 +692,15 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
k->pkt->pkt.user_id->len, name, mode)) {
/* we found a matching name, look for the key */
for(kk=keyblock; kk; kk = kk->next )
if( ( kk->pkt->pkttype == PKT_PUBLIC_CERT
|| kk->pkt->pkttype == PKT_PUBKEY_SUBCERT )
&& ( !pkc->pubkey_algo
|| pkc->pubkey_algo
== kk->pkt->pkt.public_cert->pubkey_algo))
if( ( kk->pkt->pkttype == PKT_PUBLIC_KEY
|| kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
&& ( !pk->pubkey_algo
|| pk->pubkey_algo
== kk->pkt->pkt.public_key->pubkey_algo))
break;
if( kk ) {
u32 aki[2];
keyid_from_pkc( kk->pkt->pkt.public_cert, aki );
keyid_from_pk( kk->pkt->pkt.public_key, aki );
cache_user_id( k->pkt->pkt.user_id, aki );
k = kk;
break;
@ -714,24 +714,24 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
pkc->pubkey_algo, mode );
pk->pubkey_algo, mode );
}
for(k=keyblock; k; k = k->next ) {
if( k->pkt->pkttype == PKT_PUBLIC_CERT
|| k->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
if( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
if( mode == 10 || mode == 11 ) {
u32 aki[2];
keyid_from_pkc( k->pkt->pkt.public_cert, aki );
keyid_from_pk( k->pkt->pkt.public_key, aki );
if( DBG_CACHE ) {
log_debug(" aki=%08lx%08lx algo=%d\n",
(ulong)aki[0], (ulong)aki[1],
k->pkt->pkt.public_cert->pubkey_algo );
k->pkt->pkt.public_key->pubkey_algo );
}
if( aki[1] == keyid[1]
&& ( mode == 10 || aki[0] == keyid[0] )
&& ( !pkc->pubkey_algo
|| pkc->pubkey_algo
== k->pkt->pkt.public_cert->pubkey_algo) ){
&& ( !pk->pubkey_algo
|| pk->pubkey_algo
== k->pkt->pkt.public_key->pubkey_algo) ){
/* cache the userid */
for(kk=keyblock; kk; kk = kk->next )
if( kk->pkt->pkttype == PKT_USER_ID )
@ -744,19 +744,19 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
}
}
else if( mode == 15 ) { /* get the first key */
if( !pkc->pubkey_algo
|| pkc->pubkey_algo
== k->pkt->pkt.public_cert->pubkey_algo )
if( !pk->pubkey_algo
|| pk->pubkey_algo
== k->pkt->pkt.public_key->pubkey_algo )
break;
}
else if( mode == 16 || mode == 20 ) {
size_t an;
byte *afp = fingerprint_from_pkc(
k->pkt->pkt.public_cert, &an );
byte *afp = fingerprint_from_pk(
k->pkt->pkt.public_key, &an );
if( an == mode && !memcmp( afp, name, an)
&& ( !pkc->pubkey_algo
|| pkc->pubkey_algo
== k->pkt->pkt.public_cert->pubkey_algo) ) {
&& ( !pk->pubkey_algo
|| pk->pubkey_algo
== k->pkt->pkt.public_key->pubkey_algo) ) {
m_free(afp);
break;
}
@ -768,9 +768,9 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
}
}
if( k ) { /* found */
assert( k->pkt->pkttype == PKT_PUBLIC_CERT
|| k->pkt->pkttype == PKT_PUBKEY_SUBCERT );
copy_public_cert( pkc, k->pkt->pkt.public_cert );
assert( k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
copy_public_key( pk, k->pkt->pkt.public_key );
add_stuff_from_selfsig( keyblock, k );
if( ret_keyblock ) {
*ret_keyblock = keyblock;
@ -797,7 +797,7 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
* Ditto for secret keys
*/
static int
lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
lookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name )
{
int rc;
KBNODE keyblock = NULL;
@ -822,46 +822,46 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
k->pkt->pkt.user_id->len, name, mode)) {
/* we found a matching name, look for the key */
for(kk=keyblock; kk; kk = kk->next )
if( ( kk->pkt->pkttype == PKT_SECRET_CERT
|| kk->pkt->pkttype == PKT_SECKEY_SUBCERT )
&& ( !skc->pubkey_algo
|| skc->pubkey_algo
== kk->pkt->pkt.secret_cert->pubkey_algo))
if( ( kk->pkt->pkttype == PKT_SECRET_KEY
|| kk->pkt->pkttype == PKT_SECRET_SUBKEY )
&& ( !sk->pubkey_algo
|| sk->pubkey_algo
== kk->pkt->pkt.secret_key->pubkey_algo))
break;
if( kk ) {
u32 aki[2];
keyid_from_skc( kk->pkt->pkt.secret_cert, aki );
keyid_from_sk( kk->pkt->pkt.secret_key, aki );
cache_user_id( k->pkt->pkt.user_id, aki );
k = kk;
break;
}
else
log_error("No key for userid (in skc)\n");
log_error("No key for userid (in sk)\n");
}
}
}
else { /* keyid or fingerprint lookup */
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup_skc keyid=%08lx%08lx req_algo=%d mode=%d\n",
log_debug("lookup_sk keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
skc->pubkey_algo, mode );
sk->pubkey_algo, mode );
}
for(k=keyblock; k; k = k->next ) {
if( k->pkt->pkttype == PKT_SECRET_CERT
|| k->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
if( k->pkt->pkttype == PKT_SECRET_KEY
|| k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
if( mode == 10 || mode == 11 ) {
u32 aki[2];
keyid_from_skc( k->pkt->pkt.secret_cert, aki );
keyid_from_sk( k->pkt->pkt.secret_key, aki );
if( DBG_CACHE ) {
log_debug(" aki=%08lx%08lx algo=%d\n",
(ulong)aki[0], (ulong)aki[1],
k->pkt->pkt.secret_cert->pubkey_algo );
k->pkt->pkt.secret_key->pubkey_algo );
}
if( aki[1] == keyid[1]
&& ( mode == 10 || aki[0] == keyid[0] )
&& ( !skc->pubkey_algo
|| skc->pubkey_algo
== k->pkt->pkt.secret_cert->pubkey_algo) ){
&& ( !sk->pubkey_algo
|| sk->pubkey_algo
== k->pkt->pkt.secret_key->pubkey_algo) ){
/* cache the userid */
for(kk=keyblock; kk; kk = kk->next )
if( kk->pkt->pkttype == PKT_USER_ID )
@ -874,19 +874,19 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
}
}
else if( mode == 15 ) { /* get the first key */
if( !skc->pubkey_algo
|| skc->pubkey_algo
== k->pkt->pkt.secret_cert->pubkey_algo )
if( !sk->pubkey_algo
|| sk->pubkey_algo
== k->pkt->pkt.secret_key->pubkey_algo )
break;
}
else if( mode == 16 || mode == 20 ) {
size_t an;
byte *afp = fingerprint_from_skc(
k->pkt->pkt.secret_cert, &an );
byte *afp = fingerprint_from_sk(
k->pkt->pkt.secret_key, &an );
if( an == mode && !memcmp( afp, name, an)
&& ( !skc->pubkey_algo
|| skc->pubkey_algo
== k->pkt->pkt.secret_cert->pubkey_algo) ) {
&& ( !sk->pubkey_algo
|| sk->pubkey_algo
== k->pkt->pkt.secret_key->pubkey_algo) ) {
m_free(afp);
break;
}
@ -898,9 +898,9 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
}
}
if( k ) { /* found */
assert( k->pkt->pkttype == PKT_SECRET_CERT
|| k->pkt->pkttype == PKT_SECKEY_SUBCERT );
copy_secret_cert( skc, k->pkt->pkt.secret_cert );
assert( k->pkt->pkttype == PKT_SECRET_KEY
|| k->pkt->pkttype == PKT_SECRET_SUBKEY );
copy_secret_key( sk, k->pkt->pkt.secret_key );
break; /* enumeration */
}
release_kbnode( keyblock );
@ -924,16 +924,16 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
* Enumerate all secret keys. Caller must use these procedure:
* 1) create a void pointer and initialize it to NULL
* 2) pass this void pointer by reference to this function
* and provide space for the secret key (pass a buffer for skc)
* and provide space for the secret key (pass a buffer for sk)
* 3) call this function as long as it does not return -1
* to indicate EOF.
* 4) Always call this function a last time with SKC set to NULL,
* 4) Always call this function a last time with SK set to NULL,
* so that can free it's context.
*
* Return
*/
int
enum_secret_keys( void **context, PKT_secret_cert *skc )
enum_secret_keys( void **context, PKT_secret_key *sk )
{
int rc=0;
PACKET pkt;
@ -946,7 +946,7 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
c->sl = secret_keyrings;
}
if( !skc ) { /* free the context */
if( !sk ) { /* free the context */
m_free( c );
*context = NULL;
return 0;
@ -968,9 +968,9 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
while( (rc=parse_packet(c->iobuf, &pkt)) != -1 ) {
if( rc )
; /* e.g. unknown packet */
else if( pkt.pkttype == PKT_SECRET_CERT
|| pkt.pkttype == PKT_SECKEY_SUBCERT ) {
copy_secret_cert( skc, pkt.pkt.secret_cert );
else if( pkt.pkttype == PKT_SECRET_KEY
|| pkt.pkttype == PKT_SECRET_SUBKEY ) {
copy_secret_key( sk, pkt.pkt.secret_key );
set_packet_list_mode(save_mode);
return 0; /* found */
}

136
g10/import.c
View File

@ -38,9 +38,10 @@
static int read_block( IOBUF a, compress_filter_context_t *cfx,
PACKET **pending_pkt, KBNODE *ret_root );
static int import_one( const char *fname, KBNODE keyblock );
static int import_secret_one( const char *fname, KBNODE keyblock );
static int import_revoke_cert( const char *fname, KBNODE node );
static int chk_self_sigs( const char *fname, KBNODE keyblock,
PKT_public_cert *pkc, u32 *keyid );
PKT_public_key *pk, u32 *keyid );
static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid );
static int merge_blocks( const char *fname, KBNODE keyblock_orig,
KBNODE keyblock, u32 *keyid,
@ -83,7 +84,7 @@ static int merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
*
*/
int
import_pubkeys( const char *fname )
import_keys( const char *fname )
{
armor_filter_context_t afx;
compress_filter_context_t cfx;
@ -108,8 +109,10 @@ import_pubkeys( const char *fname )
iobuf_push_filter( inp, armor_filter, &afx );
while( !(rc = read_block( inp, &cfx, &pending_pkt, &keyblock) )) {
if( keyblock->pkt->pkttype == PKT_PUBLIC_CERT )
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
rc = import_one( fname, keyblock );
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
rc = import_secret_one( fname, keyblock );
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock );
@ -156,7 +159,9 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
init_packet(pkt);
while( (rc=parse_packet(a, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
if( rc != G10ERR_UNKNOWN_PACKET ) {
if( rc == G10ERR_PUBKEY_ALGO )
parse_pubkey_warning( pkt );
else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_block: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
@ -191,8 +196,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
break;
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
if( in_cert ) { /* store this packet */
*pending_pkt = pkt;
pkt = NULL;
@ -234,8 +239,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
static int
import_one( const char *fname, KBNODE keyblock )
{
PKT_public_cert *pkc;
PKT_public_cert *pkc_orig;
PKT_public_key *pk;
PKT_public_key *pk_orig;
KBNODE node, uidnode;
KBNODE keyblock_orig = NULL;
KBPOS kbpos;
@ -243,21 +248,19 @@ import_one( const char *fname, KBNODE keyblock )
int rc = 0;
/* get the key and print some info about it */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( !node ) {
log_error("%s: Oops; public key not found anymore!\n", fname);
return G10ERR_GENERAL; /* really serious */
}
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node )
BUG();
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, keyid );
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
if( opt.verbose ) {
log_info("%s: pub %4u%c/%08lX %s ", fname,
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid[1], datestr_from_pkc(pkc) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk(pk) );
if( uidnode )
print_string( stderr, uidnode->pkt->pkt.user_id->name,
uidnode->pkt->pkt.user_id->len, 0 );
@ -269,7 +272,7 @@ import_one( const char *fname, KBNODE keyblock )
}
clear_kbnode_flags( keyblock );
rc = chk_self_sigs( fname, keyblock , pkc, keyid );
rc = chk_self_sigs( fname, keyblock , pk, keyid );
if( rc )
return rc== -1? 0:rc;
@ -280,8 +283,8 @@ import_one( const char *fname, KBNODE keyblock )
}
/* do we have this key already in one of our pubrings ? */
pkc_orig = m_alloc_clear( sizeof *pkc_orig );
rc = get_pubkey( pkc_orig, keyid );
pk_orig = m_alloc_clear( sizeof *pk_orig );
rc = get_pubkey( pk_orig, keyid );
if( rc && rc != G10ERR_NO_PUBKEY ) {
log_error("%s: key %08lX, public key not found: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@ -310,7 +313,7 @@ import_one( const char *fname, KBNODE keyblock )
/* Compare the original against the new key; just to be sure nothing
* weird is going on */
if( cmp_public_certs( pkc_orig, pkc ) ) {
if( cmp_public_keys( pk_orig, pk ) ) {
log_error("%s: key %08lX, doesn't match our copy\n",
fname, (ulong)keyid[1]);
rc = G10ERR_GENERAL;
@ -321,7 +324,7 @@ import_one( const char *fname, KBNODE keyblock )
* ask the user what to do. <--- fixme */
/* now read the original keyblock */
rc = find_keyblock_bypkc( &kbpos, pkc_orig );
rc = find_keyblock_bypk( &kbpos, pk_orig );
if( rc ) {
log_error("%s: key %08lX, can't locate original keyblock: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@ -379,7 +382,80 @@ import_one( const char *fname, KBNODE keyblock )
leave:
release_kbnode( keyblock_orig );
free_public_cert( pkc_orig );
free_public_key( pk_orig );
return rc;
}
/****************
* Ditto for secret keys. Handling is simpler than for public keys.
*/
static int
import_secret_one( const char *fname, KBNODE keyblock )
{
PKT_secret_key *sk;
KBNODE node, uidnode;
KBNODE keyblock_orig = NULL;
KBPOS kbpos;
u32 keyid[2];
int rc = 0;
/* get the key and print some info about it */
node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node )
BUG();
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
if( opt.verbose ) {
log_info("%s: sec %4u%c/%08lX %s ", fname,
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
(ulong)keyid[1], datestr_from_sk(sk) );
if( uidnode )
print_string( stderr, uidnode->pkt->pkt.user_id->name,
uidnode->pkt->pkt.user_id->len, 0 );
putc('\n', stderr);
}
if( !uidnode ) {
log_error("%s: No user id for key %08lX\n", fname, (ulong)keyid[1]);
return 0;
}
clear_kbnode_flags( keyblock );
/* do we have this key already in one of our secrings ? */
rc = seckey_available( keyid );
if( rc == G10ERR_NO_SECKEY ) { /* simply insert this key */
/* get default resource */
if( get_keyblock_handle( NULL, 1, &kbpos ) ) {
log_error("no default secret keyring\n");
return G10ERR_GENERAL;
}
if( opt.verbose > 1 )
log_info("%s: writing to '%s'\n",
fname, keyblock_resource_name(&kbpos) );
if( (rc=lock_keyblock( &kbpos )) )
log_error("can't lock secret keyring '%s': %s\n",
keyblock_resource_name(&kbpos), g10_errstr(rc) );
else if( (rc=insert_keyblock( &kbpos, keyblock )) )
log_error("%s: can't write to '%s': %s\n", fname,
keyblock_resource_name(&kbpos), g10_errstr(rc) );
unlock_keyblock( &kbpos );
/* we are ready */
log_info("%s: key %08lX imported\n", fname, (ulong)keyid[1]);
}
else if( !rc ) { /* we can't merge secret keys */
log_error("%s: key %08lX already in secret keyring\n",
fname, (ulong)keyid[1]);
}
else
log_error("%s: key %08lX, secret key not found: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
release_kbnode( keyblock_orig );
return rc;
}
@ -390,7 +466,7 @@ import_one( const char *fname, KBNODE keyblock )
static int
import_revoke_cert( const char *fname, KBNODE node )
{
PKT_public_cert *pkc=NULL;
PKT_public_key *pk=NULL;
KBNODE onode, keyblock = NULL;
KBPOS kbpos;
u32 keyid[2];
@ -403,8 +479,8 @@ import_revoke_cert( const char *fname, KBNODE node )
keyid[0] = node->pkt->pkt.signature->keyid[0];
keyid[1] = node->pkt->pkt.signature->keyid[1];
pkc = m_alloc_clear( sizeof *pkc );
rc = get_pubkey( pkc, keyid );
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc == G10ERR_NO_PUBKEY ) {
log_info("%s: key %08lX, no public key - "
"can't apply revocation certificate\n",
@ -419,7 +495,7 @@ import_revoke_cert( const char *fname, KBNODE node )
}
/* read the original keyblock */
rc = find_keyblock_bypkc( &kbpos, pkc );
rc = find_keyblock_bypk( &kbpos, pk );
if( rc ) {
log_error("%s: key %08lX, can't locate original keyblock: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@ -478,7 +554,7 @@ import_revoke_cert( const char *fname, KBNODE node )
leave:
release_kbnode( keyblock );
free_public_cert( pkc );
free_public_key( pk );
return rc;
}
@ -490,7 +566,7 @@ import_revoke_cert( const char *fname, KBNODE node )
*/
static int
chk_self_sigs( const char *fname, KBNODE keyblock,
PKT_public_cert *pkc, u32 *keyid )
PKT_public_key *pk, u32 *keyid )
{
KBNODE n, unode;
PKT_signature *sig;

22
g10/kbnode.c
View File

@ -150,13 +150,13 @@ find_next_kbnode( KBNODE node, int pkttype )
if( !pkttype )
return node;
else if( pkttype == PKT_USER_ID
&& ( node->pkt->pkttype == PKT_PUBLIC_CERT
|| node->pkt->pkttype == PKT_SECRET_CERT ) )
&& ( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_SECRET_KEY ) )
return NULL;
else if( pkttype == PKT_SIGNATURE
&& ( node->pkt->pkttype == PKT_USER_ID
|| node->pkt->pkttype == PKT_PUBLIC_CERT
|| node->pkt->pkttype == PKT_SECRET_CERT ) )
|| node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_SECRET_KEY ) )
return NULL;
else if( node->pkt->pkttype == pkttype )
return node;
@ -248,14 +248,14 @@ dump_kbnode( KBNODE node )
const char *s;
switch( node->pkt->pkttype ) {
case 0: s="empty"; break;
case PKT_PUBLIC_CERT: s="public-key"; break;
case PKT_SECRET_CERT: s="secret-key"; break;
case PKT_SECKEY_SUBCERT: s= "secret-subkey"; break;
case PKT_PUBLIC_KEY: s="public-key"; break;
case PKT_SECRET_KEY: s="secret-key"; break;
case PKT_SECRET_SUBKEY: s= "secret-subkey"; break;
case PKT_PUBKEY_ENC: s="public-enc"; break;
case PKT_SIGNATURE: s="signature"; break;
case PKT_ONEPASS_SIG: s="onepass-sig"; break;
case PKT_USER_ID: s="user-id"; break;
case PKT_PUBKEY_SUBCERT: s="public-subkey"; break;
case PKT_PUBLIC_SUBKEY: s="public-subkey"; break;
case PKT_COMMENT: s="comment"; break;
case PKT_RING_TRUST: s="trust"; break;
case PKT_PLAINTEXT: s="plaintext"; break;
@ -275,10 +275,10 @@ dump_kbnode( KBNODE node )
fprintf(stderr, " keyid=%08lX\n",
(ulong)node->pkt->pkt.signature->keyid[1] );
}
else if( node->pkt->pkttype == PKT_PUBLIC_CERT
|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
else if( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
fprintf(stderr, " keyid=%08lX\n", (ulong)
keyid_from_pkc( node->pkt->pkt.public_cert, NULL ));
keyid_from_pk( node->pkt->pkt.public_key, NULL ));
}
else
fputs("\n", stderr);

52
g10/keydb.h
View File

@ -58,18 +58,18 @@ struct keyblock_pos_struct {
typedef struct keyblock_pos_struct KBPOS;
/* structure to hold a couple of public key certificates */
typedef struct pkc_list *PKC_LIST;
struct pkc_list {
PKC_LIST next;
PKT_public_cert *pkc;
typedef struct pk_list *PK_LIST;
struct pk_list {
PK_LIST next;
PKT_public_key *pk;
int mark;
};
/* structure to hold a couple of secret key certificates */
typedef struct skc_list *SKC_LIST;
struct skc_list {
SKC_LIST next;
PKT_secret_cert *skc;
typedef struct sk_list *SK_LIST;
struct sk_list {
SK_LIST next;
PKT_secret_key *sk;
int mark;
};
@ -86,12 +86,12 @@ struct pubkey_find_info {
/*-- pkclist.c --*/
void release_pkc_list( PKC_LIST pkc_list );
int build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage );
void release_pk_list( PK_LIST pk_list );
int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );
/*-- skclist.c --*/
void release_skc_list( SKC_LIST skc_list );
int build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list,
void release_sk_list( SK_LIST sk_list );
int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
int unlock, unsigned usage );
/*-- passphrase.h --*/
@ -106,29 +106,29 @@ void add_keyring( const char *name );
const char *get_keyring( int sequence );
const char *get_secret_keyring( int sequence );
void add_secret_keyring( const char *name );
int get_pubkey( PKT_public_cert *pkc, u32 *keyid );
int get_pubkey_byname( PKT_public_cert *pkc, const char *name );
int get_seckey( PKT_secret_cert *skc, u32 *keyid );
int get_pubkey( PKT_public_key *pk, u32 *keyid );
int get_pubkey_byname( PKT_public_key *pk, const char *name );
int get_seckey( PKT_secret_key *sk, u32 *keyid );
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len );
int seckey_available( u32 *keyid );
int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock );
int enum_secret_keys( void **context, PKT_secret_cert *skc );
int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
int enum_secret_keys( void **context, PKT_secret_key *sk );
char*get_user_id_string( u32 *keyid );
char*get_user_id( u32 *keyid, size_t *rn );
/*-- keyid.c --*/
int pubkey_letter( int algo );
u32 keyid_from_skc( PKT_secret_cert *skc, u32 *keyid );
u32 keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid );
u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
unsigned nbits_from_pkc( PKT_public_cert *pkc );
unsigned nbits_from_skc( PKT_secret_cert *skc );
const char *datestr_from_pkc( PKT_public_cert *pkc );
const char *datestr_from_skc( PKT_secret_cert *skc );
unsigned nbits_from_pk( PKT_public_key *pk );
unsigned nbits_from_sk( PKT_secret_key *sk );
const char *datestr_from_pk( PKT_public_key *pk );
const char *datestr_from_sk( PKT_secret_key *sk );
const char *datestr_from_sig( PKT_signature *sig );
byte *fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len );
byte *fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len );
byte *fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len );
byte *fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len );
/*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt );
@ -150,7 +150,7 @@ const char *keyblock_resource_name( KBPOS *kbpos );
int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
int find_keyblock_byname( KBPOS *kbpos, const char *username );
int find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc );
int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
int lock_keyblock( KBPOS *kbpos );
void unlock_keyblock( KBPOS *kbpos );

188
g10/keyedit.c
View File

@ -40,12 +40,12 @@
static void
show_fingerprint( PKT_public_cert *pkc )
show_fingerprint( PKT_public_key *pk )
{
byte *array, *p;
size_t i, n;
p = array = fingerprint_from_pkc( pkc, &n );
p = array = fingerprint_from_pk( pk, &n );
tty_printf(" Fingerprint:");
if( n == 20 ) {
for(i=0; i < n ; i++, i++, p += 2 ) {
@ -70,20 +70,20 @@ show_fingerprint( PKT_public_cert *pkc )
* Ask whether the user is willing to sign the key. Return true if so.
*/
static int
sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid )
sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
{
char *answer;
int yes;
tty_printf("\nAre you really sure that you want to sign this key:\n\n"
"%4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid_from_pkc( pkc, NULL ),
datestr_from_pkc( pkc ) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
(ulong)keyid_from_pk( pk, NULL ),
datestr_from_pk( pk ) );
tty_print_string( uid->name, uid->len );
tty_printf("\n");
show_fingerprint(pkc);
show_fingerprint(pk);
tty_printf("\n");
answer = tty_get("Sign this key? ");
tty_kill_prompt();
@ -231,13 +231,13 @@ sign_key( const char *username, STRLIST locusr )
{
md_filter_context_t mfx;
int rc = 0;
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
KBNODE keyblock = NULL;
KBNODE kbctx, node;
KBPOS kbpos;
PKT_public_cert *pkc;
u32 pkc_keyid[2];
PKT_public_key *pk;
u32 pk_keyid[2];
char *answer;
memset( &mfx, 0, sizeof mfx);
@ -250,7 +250,7 @@ sign_key( const char *username, STRLIST locusr )
}
/* build a list of all signators */
rc=build_skc_list( locusr, &skc_list, 0, 1 );
rc=build_sk_list( locusr, &sk_list, 0, 1 );
if( rc )
goto leave;
@ -263,23 +263,23 @@ sign_key( const char *username, STRLIST locusr )
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, pkc_keyid );
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
pkc_keyid[1], datestr_from_pkc(pkc) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
pk_keyid[1], datestr_from_pk(pk) );
{
size_t n;
char *p = get_user_id( pkc_keyid, &n );
char *p = get_user_id( pk_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
@ -292,35 +292,35 @@ sign_key( const char *username, STRLIST locusr )
answer = tty_get("To you want to remove some of the invalid sigs? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
remove_keysigs( keyblock, pkc_keyid, 0 );
remove_keysigs( keyblock, pk_keyid, 0 );
m_free(answer);
}
}
/* check whether we it is possible to sign this key */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
u32 akeyid[2];
keyid_from_skc( skc_rover->skc, akeyid );
keyid_from_sk( sk_rover->sk, akeyid );
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID )
skc_rover->mark = 1;
sk_rover->mark = 1;
else if( node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
&& akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
log_info("Already signed by keyid %08lX\n",
(ulong)akeyid[1] );
skc_rover->mark = 0;
sk_rover->mark = 0;
}
}
}
}
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
if( skc_rover->mark )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
if( sk_rover->mark )
break;
}
if( !skc_rover ) {
if( !sk_rover ) {
log_info("Nothing to sign\n");
goto leave;
}
@ -334,19 +334,19 @@ sign_key( const char *username, STRLIST locusr )
* no, present each user-id in turn and ask which one should be signed
* (only one) - if there is already a single-user-sig, do nothing.
* (this is propably already out in the world) */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
if( !skc_rover->mark )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
if( !sk_rover->mark )
continue;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) {
if( sign_it_p( pk, node->pkt->pkt.user_id ) ) {
PACKET *pkt;
PKT_signature *sig;
rc = make_keysig_packet( &sig, pkc,
rc = make_keysig_packet( &sig, pk,
node->pkt->pkt.user_id,
NULL,
skc_rover->skc,
sk_rover->sk,
0x10, 0, NULL, NULL );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
@ -370,7 +370,7 @@ sign_key( const char *username, STRLIST locusr )
leave:
release_kbnode( keyblock );
release_skc_list( skc_list );
release_sk_list( sk_list );
md_close( mfx.md );
return rc;
}
@ -384,8 +384,8 @@ edit_keysigs( const char *username )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc;
u32 pkc_keyid[2];
PKT_public_key *pk;
u32 pk_keyid[2];
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
@ -402,23 +402,23 @@ edit_keysigs( const char *username )
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, pkc_keyid );
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
pkc_keyid[1], datestr_from_pkc(pkc) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
pk_keyid[1], datestr_from_pk(pk) );
{
size_t n;
char *p = get_user_id( pkc_keyid, &n );
char *p = get_user_id( pk_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
@ -426,7 +426,7 @@ edit_keysigs( const char *username )
clear_kbnode_flags( keyblock );
check_all_keysigs( keyblock );
if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) {
if( remove_keysigs( keyblock, pk_keyid, 1 ) ) {
rc = update_keyblock( &kbpos, keyblock );
if( rc ) {
log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
@ -450,8 +450,8 @@ delete_key( const char *username, int secret )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc = NULL;
PKT_secret_cert *skc = NULL;
PKT_public_key *pk = NULL;
PKT_secret_key *sk = NULL;
u32 keyid[2];
int okay=0;
@ -471,7 +471,7 @@ delete_key( const char *username, int secret )
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT );
node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; key not found anymore!\n");
rc = G10ERR_GENERAL;
@ -479,12 +479,12 @@ delete_key( const char *username, int secret )
}
if( secret ) {
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, keyid );
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid );
}
else {
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, keyid );
pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, keyid );
rc = seckey_available( keyid );
if( !rc ) {
log_error(_(
@ -513,14 +513,14 @@ delete_key( const char *username, int secret )
if( secret )
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
keyid[1], datestr_from_skc(skc) );
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
keyid[1], datestr_from_sk(sk) );
else
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
keyid[1], datestr_from_pkc(pkc) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
keyid[1], datestr_from_pk(pk) );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
m_free(p);
@ -564,7 +564,7 @@ change_passphrase( const char *username )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_secret_cert *skc;
PKT_secret_key *sk;
u32 keyid[2];
char *answer;
int changed=0;
@ -585,19 +585,19 @@ change_passphrase( const char *username )
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_SECRET_CERT );
node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node ) {
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, keyid );
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid );
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
keyid[1], datestr_from_skc(skc) );
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( keyid, &n );
@ -606,18 +606,18 @@ change_passphrase( const char *username )
tty_printf("\n");
}
for(node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
keyid_from_skc( subskc, keyid );
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
keyid_from_sk( subsk, keyid );
tty_printf("sub %4u%c/%08lX %s\n",
nbits_from_skc( subskc ),
pubkey_letter( subskc->pubkey_algo ),
keyid[1], datestr_from_skc(subskc) );
nbits_from_sk( subsk ),
pubkey_letter( subsk->pubkey_algo ),
keyid[1], datestr_from_sk(subsk) );
}
}
clear_kbnode_flags( keyblock );
switch( is_secret_key_protected( skc ) ) {
switch( is_secret_key_protected( sk ) ) {
case -1:
rc = G10ERR_PUBKEY_ALGO;
break;
@ -626,7 +626,7 @@ change_passphrase( const char *username )
break;
default:
tty_printf("Key is protected.\n");
rc = check_secret_key( skc );
rc = check_secret_key( sk );
if( !rc )
passphrase = get_last_passphrase();
break;
@ -634,10 +634,10 @@ change_passphrase( const char *username )
/* unprotect all subkeys (use the supplied passphrase or ask)*/
for(node=keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
set_next_passphrase( passphrase );
rc = check_secret_key( subskc );
rc = check_secret_key( subsk );
if( rc )
break;
}
@ -671,15 +671,15 @@ change_passphrase( const char *username )
break;
}
else { /* okay */
skc->protect.algo = dek->algo;
skc->protect.s2k = *s2k;
rc = protect_secret_key( skc, dek );
sk->protect.algo = dek->algo;
sk->protect.s2k = *s2k;
rc = protect_secret_key( sk, dek );
for(node=keyblock; !rc && node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
subskc->protect.algo = dek->algo;
subskc->protect.s2k = *s2k;
rc = protect_secret_key( subskc, dek );
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
subsk->protect.algo = dek->algo;
subsk->protect.s2k = *s2k;
rc = protect_secret_key( subsk, dek );
}
}
if( rc )
@ -717,9 +717,9 @@ change_passphrase( const char *username )
* If digest_algo is 0 the function selects an appropriate one.
*/
int
make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
PKT_user_id *uid, PKT_public_cert *subpkc,
PKT_secret_cert *skc,
make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
int (*mksubpkt)(PKT_signature *, void *), void *opaque
)
@ -731,7 +731,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
assert( (sigclass >= 0x10 && sigclass <= 0x13)
|| sigclass == 0x20 || sigclass == 0x18 );
if( !digest_algo ) {
switch( skc->pubkey_algo ) {
switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
case PUBKEY_ALGO_RSA_S:
case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break;
@ -741,12 +741,12 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
md = md_open( digest_algo, 0 );
/* hash the public key certificate and the user id */
hash_public_cert( md, pkc );
hash_public_key( md, pk );
if( sigclass == 0x18 ) { /* subkey binding */
hash_public_cert( md, subpkc );
hash_public_key( md, subpk );
}
else if( sigclass != 0x20 ) {
if( skc->version >=4 ) {
if( sk->version >=4 ) {
byte buf[5];
buf[0] = 0xb4; /* indicates a userid packet */
buf[1] = uid->len >> 24; /* always use 4 length bytes */
@ -759,9 +759,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
}
/* and make the signature packet */
sig = m_alloc_clear( sizeof *sig );
sig->version = skc->version;
keyid_from_skc( skc, sig->keyid );
sig->pubkey_algo = skc->pubkey_algo;
sig->version = sk->version;
keyid_from_sk( sk, sig->keyid );
sig->pubkey_algo = sk->pubkey_algo;
sig->digest_algo = digest_algo;
sig->timestamp = make_timestamp();
sig->sig_class = sigclass;
@ -807,7 +807,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
}
md_final(md);
rc = complete_sig( sig, skc, md );
rc = complete_sig( sig, sk, md );
}
md_close( md );

233
g10/keygen.c
View File

@ -53,12 +53,12 @@ write_uid( KBNODE root, const char *s )
static int
add_key_expire( PKT_signature *sig, void *opaque )
{
PKT_secret_cert *skc = opaque;
PKT_secret_key *sk = opaque;
byte buf[8];
u32 u;
if( skc->valid_days ) {
u = skc->valid_days * 86400L;
if( sk->valid_days ) {
u = sk->valid_days * 86400L;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
@ -109,14 +109,14 @@ add_prefs( PKT_signature *sig, void *opaque )
static int
write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
{
PACKET *pkt;
PKT_signature *sig;
PKT_user_id *uid;
int rc=0;
KBNODE node;
PKT_public_cert *pkc;
PKT_public_key *pk;
if( opt.verbose )
log_info(_("writing self signature\n"));
@ -126,15 +126,15 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
if( !node )
BUG(); /* no user id packet in tree */
uid = node->pkt->pkt.user_id;
/* get the pkc packet from the pub_tree */
node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
/* get the pk packet from the pub_tree */
node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
if( !node )
BUG();
pkc = node->pkt->pkt.public_cert;
pk = node->pkt->pkt.public_key;
/* and make the signature */
rc = make_keysig_packet( &sig, pkc, uid, NULL, skc, 0x13, 0,
add_prefs, skc );
rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
add_prefs, sk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@ -148,34 +148,34 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
}
static int
write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
{
PACKET *pkt;
PKT_signature *sig;
int rc=0;
KBNODE node;
PKT_public_cert *pkc, *subpkc;
PKT_public_key *pk, *subpk;
if( opt.verbose )
log_info(_("writing key binding signature\n"));
/* get the pkc packet from the pub_tree */
node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
/* get the pk packet from the pub_tree */
node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
if( !node )
BUG();
pkc = node->pkt->pkt.public_cert;
pk = node->pkt->pkt.public_key;
/* find the last subkey */
subpkc = NULL;
subpk = NULL;
for(node=pub_root; node; node = node->next ) {
if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
subpkc = node->pkt->pkt.public_cert;
if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
subpk = node->pkt->pkt.public_key;
}
if( !subpkc )
if( !subpk )
BUG();
/* and make the signature */
rc = make_keysig_packet( &sig, pkc, NULL, subpkc, skc, 0x18, 0,
add_key_expire, skc );
rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
add_key_expire, sk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@ -191,14 +191,14 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
static int
gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days,
STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days,
int version )
{
int rc;
int i;
PACKET *pkt;
PKT_secret_cert *skc;
PKT_public_cert *pkc;
PKT_secret_key *sk;
PKT_public_key *pk;
MPI skey[4];
MPI *factors;
@ -209,48 +209,48 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc;
}
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->version = pkc->version = version;
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = algo;
pkc->pkey[0] = mpi_copy( skey[0] );
pkc->pkey[1] = mpi_copy( skey[1] );
pkc->pkey[2] = mpi_copy( skey[2] );
skc->skey[0] = skey[0];
skc->skey[1] = skey[1];
skc->skey[2] = skey[2];
skc->skey[3] = skey[3];
skc->is_protected = 0;
skc->protect.algo = 0;
sk = m_alloc_clear( sizeof *sk );
pk = m_alloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = make_timestamp();
sk->version = pk->version = version;
sk->valid_days = pk->valid_days = valid_days;
sk->pubkey_algo = pk->pubkey_algo = algo;
pk->pkey[0] = mpi_copy( skey[0] );
pk->pkey[1] = mpi_copy( skey[1] );
pk->pkey[2] = mpi_copy( skey[2] );
sk->skey[0] = skey[0];
sk->skey[1] = skey[1];
sk->skey[2] = skey[2];
sk->skey[3] = skey[3];
sk->is_protected = 0;
sk->protect.algo = 0;
skc->csum = checksum_mpi_counted_nbits( skc->skey[3] );
if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
*ret_skc = copy_secret_cert( NULL, skc );
sk->csum = checksum_mpi_counted_nbits( sk->skey[3] );
if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
*ret_sk = copy_secret_key( NULL, sk );
if( dek ) {
skc->protect.algo = dek->algo;
skc->protect.s2k = *s2k;
rc = protect_secret_key( skc, dek );
sk->protect.algo = dek->algo;
sk->protect.s2k = *s2k;
rc = protect_secret_key( sk, dek );
if( rc ) {
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
free_public_cert(pkc);
free_secret_cert(skc);
free_public_key(pk);
free_secret_key(sk);
return rc;
}
}
pkt = m_alloc_clear(sizeof *pkt);
pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
pkt->pkt.public_cert = pkc;
pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
/* don't know whether it makes sense to have the factors, so for now
* we store them in the secret keyring (but they are not secret) */
pkt = m_alloc_clear(sizeof *pkt);
pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
pkt->pkt.secret_cert = skc;
pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
for(i=0; factors[i]; i++ )
add_kbnode( sec_root,
@ -265,13 +265,13 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
*/
static int
gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days )
STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days )
{
int rc;
int i;
PACKET *pkt;
PKT_secret_cert *skc;
PKT_public_cert *pkc;
PKT_secret_key *sk;
PKT_public_key *pk;
MPI skey[5];
MPI *factors;
@ -284,43 +284,43 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc;
}
skc = m_alloc_clear( sizeof *skc );
pkc = m_alloc_clear( sizeof *pkc );
skc->timestamp = pkc->timestamp = make_timestamp();
skc->version = pkc->version = 4;
skc->valid_days = pkc->valid_days = valid_days;
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA;
pkc->pkey[0] = mpi_copy( skey[0] );
pkc->pkey[1] = mpi_copy( skey[1] );
pkc->pkey[2] = mpi_copy( skey[2] );
pkc->pkey[3] = mpi_copy( skey[3] );
skc->skey[0] = skey[0];
skc->skey[1] = skey[1];
skc->skey[2] = skey[2];
skc->skey[3] = skey[3];
skc->skey[4] = skey[4];
skc->is_protected = 0;
skc->protect.algo = 0;
sk = m_alloc_clear( sizeof *sk );
pk = m_alloc_clear( sizeof *pk );
sk->timestamp = pk->timestamp = make_timestamp();
sk->version = pk->version = 4;
sk->valid_days = pk->valid_days = valid_days;
sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
pk->pkey[0] = mpi_copy( skey[0] );
pk->pkey[1] = mpi_copy( skey[1] );
pk->pkey[2] = mpi_copy( skey[2] );
pk->pkey[3] = mpi_copy( skey[3] );
sk->skey[0] = skey[0];
sk->skey[1] = skey[1];
sk->skey[2] = skey[2];
sk->skey[3] = skey[3];
sk->skey[4] = skey[4];
sk->is_protected = 0;
sk->protect.algo = 0;
skc->csum = checksum_mpi_counted_nbits( skc->skey[4] );
if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
*ret_skc = copy_secret_cert( NULL, skc );
sk->csum = checksum_mpi_counted_nbits( sk->skey[4] );
if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
*ret_sk = copy_secret_key( NULL, sk );
if( dek ) {
skc->protect.algo = dek->algo;
skc->protect.s2k = *s2k;
rc = protect_secret_key( skc, dek );
sk->protect.algo = dek->algo;
sk->protect.s2k = *s2k;
rc = protect_secret_key( sk, dek );
if( rc ) {
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
free_public_cert(pkc);
free_secret_cert(skc);
free_public_key(pk);
free_secret_key(sk);
return rc;
}
}
pkt = m_alloc_clear(sizeof *pkt);
pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
pkt->pkt.public_cert = pkc;
pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
/* don't know whether it makes sense to have the factors, so for now
@ -330,8 +330,8 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
* are known.
*/
pkt = m_alloc_clear(sizeof *pkt);
pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
pkt->pkt.secret_cert = skc;
pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
for(i=1; factors[i]; i++ ) /* the first one is q */
add_kbnode( sec_root,
@ -698,7 +698,7 @@ ask_passphrase( STRING2KEY **ret_s2k )
static int
do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
DEK *dek, STRING2KEY *s2k, PKT_secret_cert **skc, int valid_days,
DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, int valid_days,
int v4_packet )
{
int rc=0;
@ -711,9 +711,9 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E )
rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k,
skc, valid_days, v4_packet? 4:3 );
sk, valid_days, v4_packet? 4:3 );
else if( algo == PUBKEY_ALGO_DSA )
rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, skc, valid_days);
rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, valid_days);
else
BUG();
if( !rc ) {
@ -740,7 +740,7 @@ generate_keypair()
char *uid = NULL;
KBNODE pub_root = NULL;
KBNODE sec_root = NULL;
PKT_secret_cert *skc = NULL;
PKT_secret_key *sk = NULL;
DEK *dek;
STRING2KEY *s2k;
int rc;
@ -777,33 +777,33 @@ generate_keypair()
/* we create the packets as a tree of kbnodes. Because the structure
* we create is known in advance we simply generate a linked list
* The first packet is a dummy comment packet which we flag
* as deleted. The very first packet must always be a CERT packet.
* as deleted. The very first packet must always be a KEY packet.
*/
pub_root = make_comment_node("#"); delete_kbnode(pub_root);
sec_root = make_comment_node("#"); delete_kbnode(sec_root);
if( both )
rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root,
dek, s2k, &skc, ndays, 1);
dek, s2k, &sk, ndays, 1);
else
rc = do_create( algo, nbits, pub_root, sec_root,
dek, s2k, &skc, ndays, v4);
dek, s2k, &sk, ndays, v4);
if( !rc )
write_uid(pub_root, uid );
if( !rc )
write_uid(sec_root, uid );
if( !rc )
rc = write_selfsig(pub_root, pub_root, skc);
rc = write_selfsig(pub_root, pub_root, sk);
if( !rc )
rc = write_selfsig(sec_root, pub_root, skc);
rc = write_selfsig(sec_root, pub_root, sk);
if( both ) {
rc = do_create( algo, nbits, pub_root, sec_root,
dek, s2k, NULL, ndays, 1 );
if( !rc )
rc = write_keybinding(pub_root, pub_root, skc);
rc = write_keybinding(pub_root, pub_root, sk);
if( !rc )
rc = write_keybinding(sec_root, pub_root, skc);
rc = write_keybinding(sec_root, pub_root, sk);
}
@ -814,7 +814,6 @@ generate_keypair()
int rc2 = -1;
/* we can now write the certificates */
if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) {
if( add_keyblock_resource( pub_fname, 1, 0 ) ) {
log_error("can add keyblock file '%s'\n", pub_fname );
@ -868,8 +867,8 @@ generate_keypair()
tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) );
release_kbnode( pub_root );
release_kbnode( sec_root );
if( skc ) /* the unprotected secret certificate */
free_secret_cert(skc);
if( sk ) /* the unprotected secret key */
free_secret_key(sk);
m_free(uid);
m_free(dek);
m_free(s2k);
@ -889,7 +888,7 @@ generate_subkeypair( const char *username )
KBNODE pub_keyblock = NULL;
KBNODE sec_keyblock = NULL;
KBNODE node;
PKT_secret_cert *skc = NULL; /* this is the primary skc */
PKT_secret_key *sk = NULL; /* this is the primary sk */
u32 keyid[2];
int v4, algo, ndays;
unsigned nbits;
@ -926,21 +925,21 @@ generate_subkeypair( const char *username )
}
/* break out the primary key */
node = find_kbnode( sec_keyblock, PKT_SECRET_CERT );
node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
if( !node ) {
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
/* make a copy of the skc to keep the protected one in the keyblock */
skc = copy_secret_cert( NULL, node->pkt->pkt.secret_cert );
keyid_from_skc( skc, keyid );
/* make a copy of the sk to keep the protected one in the keyblock */
sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
keyid_from_sk( sk, keyid );
/* display primary and all secondary keys */
tty_printf("sec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
keyid[1], datestr_from_skc(skc) );
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( keyid, &n );
@ -949,13 +948,13 @@ generate_subkeypair( const char *username )
tty_printf("\n");
}
for(node=sec_keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
keyid_from_skc( subskc, keyid );
if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *subsk = node->pkt->pkt.secret_key;
keyid_from_sk( subsk, keyid );
tty_printf("sub %4u%c/%08lX %s\n",
nbits_from_skc( subskc ),
pubkey_letter( subskc->pubkey_algo ),
keyid[1], datestr_from_skc(subskc) );
nbits_from_sk( subsk ),
pubkey_letter( subsk->pubkey_algo ),
keyid[1], datestr_from_sk(subsk) );
}
}
tty_printf("\n");
@ -963,7 +962,7 @@ generate_subkeypair( const char *username )
/* unprotect to get the passphrase */
switch( is_secret_key_protected( skc ) ) {
switch( is_secret_key_protected( sk ) ) {
case -1:
rc = G10ERR_PUBKEY_ALGO;
break;
@ -972,7 +971,7 @@ generate_subkeypair( const char *username )
break;
default:
tty_printf("Key is protected.\n");
rc = check_secret_key( skc );
rc = check_secret_key( sk );
if( !rc )
passphrase = get_last_passphrase();
break;
@ -997,9 +996,9 @@ generate_subkeypair( const char *username )
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
dek, s2k, NULL, ndays, v4 );
if( !rc )
rc = write_keybinding(pub_keyblock, pub_keyblock, skc);
rc = write_keybinding(pub_keyblock, pub_keyblock, sk);
if( !rc )
rc = write_keybinding(sec_keyblock, pub_keyblock, skc);
rc = write_keybinding(sec_keyblock, pub_keyblock, sk);
/* write back */
if( !rc ) {
rc = update_keyblock( &pub_kbpos, pub_keyblock );
@ -1021,8 +1020,8 @@ generate_subkeypair( const char *username )
m_free( passphrase );
m_free( dek );
m_free( s2k );
if( skc ) /* release the copy of the (now unprotected) secret key */
free_secret_cert(skc);
if( sk ) /* release the copy of the (now unprotected) secret key */
free_secret_key(sk);
release_kbnode( sec_keyblock );
release_kbnode( pub_keyblock );
set_next_passphrase( NULL );

108
g10/keyid.c
View File

@ -49,7 +49,7 @@ pubkey_letter( int algo )
static MD_HANDLE
do_fingerprint_md( PKT_public_cert *pkc )
do_fingerprint_md( PKT_public_key *pk )
{
MD_HANDLE md;
unsigned n;
@ -57,36 +57,36 @@ do_fingerprint_md( PKT_public_cert *pkc )
unsigned nn[PUBKEY_MAX_NPKEY];
byte *pp[PUBKEY_MAX_NPKEY];
int i;
int npkey = pubkey_get_npkey( pkc->pubkey_algo );
int npkey = pubkey_get_npkey( pk->pubkey_algo );
md = md_open( pkc->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
n = pkc->version < 4 ? 8 : 6;
md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
n = pk->version < 4 ? 8 : 6;
for(i=0; i < npkey; i++ ) {
nb[i] = mpi_get_nbits(pkc->pkey[i]);
pp[i] = mpi_get_buffer( pkc->pkey[i], nn+i, NULL );
nb[i] = mpi_get_nbits(pk->pkey[i]);
pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL );
n += 2 + nn[i];
}
md_putc( md, 0x99 ); /* ctb */
md_putc( md, n >> 8 ); /* 2 byte length header */
md_putc( md, n );
if( pkc->version < 4 )
if( pk->version < 4 )
md_putc( md, 3 );
else
md_putc( md, 4 );
{ u32 a = pkc->timestamp;
{ u32 a = pk->timestamp;
md_putc( md, a >> 24 );
md_putc( md, a >> 16 );
md_putc( md, a >> 8 );
md_putc( md, a );
}
if( pkc->version < 4 ) {
u16 a = pkc->valid_days;
if( pk->version < 4 ) {
u16 a = pk->valid_days;
md_putc( md, a >> 8 );
md_putc( md, a );
}
md_putc( md, pkc->pubkey_algo );
md_putc( md, pk->pubkey_algo );
for(i=0; i < npkey; i++ ) {
md_putc( md, nb[i]>>8);
md_putc( md, nb[i] );
@ -99,29 +99,29 @@ do_fingerprint_md( PKT_public_cert *pkc )
}
static MD_HANDLE
do_fingerprint_md_skc( PKT_secret_cert *skc )
do_fingerprint_md_sk( PKT_secret_key *sk )
{
PKT_public_cert pkc;
int npkey = pubkey_get_npkey( skc->pubkey_algo ); /* npkey is correct! */
PKT_public_key pk;
int npkey = pubkey_get_npkey( sk->pubkey_algo ); /* npkey is correct! */
int i;
pkc.pubkey_algo = skc->pubkey_algo;
pkc.version = skc->version;
pkc.timestamp = skc->timestamp;
pkc.valid_days = skc->valid_days;
pkc.pubkey_algo = skc->pubkey_algo;
pk.pubkey_algo = sk->pubkey_algo;
pk.version = sk->version;
pk.timestamp = sk->timestamp;
pk.valid_days = sk->valid_days;
pk.pubkey_algo = sk->pubkey_algo;
for( i=0; i < npkey; i++ )
pkc.pkey[i] = skc->skey[i];
return do_fingerprint_md( &pkc );
pk.pkey[i] = sk->skey[i];
return do_fingerprint_md( &pk );
}
/****************
* Get the keyid from the secret key certificate and put it into keyid
* Get the keyid from the secret key and put it into keyid
* if this is not NULL. Return the 32 low bits of the keyid.
*/
u32
keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
{
u32 lowbits;
u32 dummy_keyid[2];
@ -129,13 +129,13 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
lowbits = mpi_get_keyid( skc->skey[0], keyid ); /* take n */
if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
lowbits = mpi_get_keyid( sk->skey[0], keyid ); /* take n */
}
else {
const byte *dp;
MD_HANDLE md;
md = do_fingerprint_md_skc(skc);
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@ -148,11 +148,11 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
/****************
* Get the keyid from the public key certificate and put it into keyid
* Get the keyid from the public key and put it into keyid
* if this is not NULL. Return the 32 low bits of the keyid.
*/
u32
keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
keyid_from_pk( PKT_public_key *pk, u32 *keyid )
{
u32 lowbits;
u32 dummy_keyid[2];
@ -160,13 +160,13 @@ keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
lowbits = mpi_get_keyid( pkc->pkey[0], keyid ); /* from n */
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
lowbits = mpi_get_keyid( pk->pkey[0], keyid ); /* from n */
}
else {
const byte *dp;
MD_HANDLE md;
md = do_fingerprint_md(pkc);
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@ -189,34 +189,34 @@ keyid_from_sig( PKT_signature *sig, u32 *keyid )
}
/****************
* return the number of bits used in the pkc
* return the number of bits used in the pk
*/
unsigned
nbits_from_pkc( PKT_public_cert *pkc )
nbits_from_pk( PKT_public_key *pk )
{
return pubkey_nbits( pkc->pubkey_algo, pkc->pkey );
return pubkey_nbits( pk->pubkey_algo, pk->pkey );
}
/****************
* return the number of bits used in the skc
* return the number of bits used in the sk
*/
unsigned
nbits_from_skc( PKT_secret_cert *skc )
nbits_from_sk( PKT_secret_key *sk )
{
return pubkey_nbits( skc->pubkey_algo, skc->skey );
return pubkey_nbits( sk->pubkey_algo, sk->skey );
}
/****************
* return a string with the creation date of the pkc
* return a string with the creation date of the pk
* Note: this is alloced in a static buffer.
* Format is: yyyy-mm-dd
*/
const char *
datestr_from_pkc( PKT_public_cert *pkc )
datestr_from_pk( PKT_public_key *pk )
{
static char buffer[11+5];
struct tm *tp;
time_t atime = pkc->timestamp;
time_t atime = pk->timestamp;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@ -224,11 +224,11 @@ datestr_from_pkc( PKT_public_cert *pkc )
}
const char *
datestr_from_skc( PKT_secret_cert *skc )
datestr_from_sk( PKT_secret_key *sk )
{
static char buffer[11+5];
struct tm *tp;
time_t atime = skc->timestamp;
time_t atime = sk->timestamp;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@ -249,30 +249,28 @@ datestr_from_sig( PKT_signature *sig )
/**************** .
* Return a byte array with the fingerprint for the given PKC/SKC
* Return a byte array with the fingerprint for the given PK/SK
* The length of the array is returned in ret_len. Caller must free
* the array.
*/
byte *
fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len )
{
byte *p, *buf, *array;
const char *dp;
size_t len;
unsigned n;
if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
md = md_open( DIGEST_ALGO_MD5, 0);
p = buf = mpi_get_buffer( pkc->pkey[0], &n, NULL );
p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL );
md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( pkc->pkey[1], &n, NULL );
p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL );
md_write( md, p, n );
m_free(buf);
md_final(md);
@ -283,7 +281,7 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
}
else {
MD_HANDLE md;
md = do_fingerprint_md(pkc);
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
array = m_alloc( len );
@ -296,22 +294,22 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
}
byte *
fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len )
{
byte *p, *buf, *array;
const char *dp;
size_t len;
unsigned n;
if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
md = md_open( DIGEST_ALGO_MD5, 0);
p = buf = mpi_get_buffer( skc->skey[1], &n, NULL );
p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( skc->skey[0], &n, NULL );
p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
md_write( md, p, n );
m_free(buf);
md_final(md);
@ -322,7 +320,7 @@ fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
}
else {
MD_HANDLE md;
md = do_fingerprint_md_skc(skc);
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
array = m_alloc( len );

112
g10/keylist.c
View File

@ -37,7 +37,7 @@
static void list_all(int);
static void list_one(const char *name, int secret);
static void fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc );
static void fingerprint( PKT_public_key *pk, PKT_secret_key *sk );
/****************
@ -99,8 +99,8 @@ list_one( const char *name, int secret )
KBNODE kbctx;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc;
PKT_secret_cert *skc;
PKT_public_key *pk;
PKT_secret_key *sk;
u32 keyid[2];
int any=0;
int trustletter = 0;
@ -122,54 +122,54 @@ list_one( const char *name, int secret )
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, secret? PKT_SECRET_CERT : PKT_PUBLIC_CERT );
node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; key lost!\n");
goto leave;
}
if( secret ) {
pkc = NULL;
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, keyid );
pk = NULL;
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid );
if( opt.with_colons )
printf("sec::%u:%d:%08lX%08lX:%s:%u:::",
nbits_from_skc( skc ),
skc->pubkey_algo,
nbits_from_sk( sk ),
sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_skc( skc ),
(unsigned)skc->valid_days
datestr_from_sk( sk ),
(unsigned)sk->valid_days
/* fixme: add LID here */ );
else
printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
(ulong)keyid[1],
datestr_from_skc( skc ) );
datestr_from_sk( sk ) );
}
else {
pkc = node->pkt->pkt.public_cert;
skc = NULL;
keyid_from_pkc( pkc, keyid );
pk = node->pkt->pkt.public_key;
sk = NULL;
keyid_from_pk( pk, keyid );
if( opt.with_colons ) {
trustletter = query_trust_info( pkc );
trustletter = query_trust_info( pk );
printf("pub:%c:%u:%d:%08lX%08lX:%s:%u:",
trustletter,
nbits_from_pkc( pkc ),
pkc->pubkey_algo,
nbits_from_pk( pk ),
pk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_pkc( pkc ),
(unsigned)pkc->valid_days );
if( pkc->local_id )
printf("%lu", pkc->local_id );
datestr_from_pk( pk ),
(unsigned)pk->valid_days );
if( pk->local_id )
printf("%lu", pk->local_id );
putchar(':');
/* fixme: add ownertrust here */
putchar(':');
}
else
printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1],
datestr_from_pkc( pkc ) );
datestr_from_pk( pk ) );
}
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
@ -187,70 +187,70 @@ list_one( const char *name, int secret )
putchar('\n');
if( !any ) {
if( opt.fingerprint )
fingerprint( pkc, skc );
fingerprint( pk, sk );
any = 1;
}
}
else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
u32 keyid2[2];
PKT_public_cert *pkc2 = node->pkt->pkt.public_cert;
PKT_public_key *pk2 = node->pkt->pkt.public_key;
if( !any ) {
putchar('\n');
if( opt.fingerprint )
fingerprint( pkc, skc ); /* of the main key */
fingerprint( pk, sk ); /* of the main key */
any = 1;
}
keyid_from_pkc( pkc2, keyid2 );
keyid_from_pk( pk2, keyid2 );
if( opt.with_colons ) {
printf("sub:%c:%u:%d:%08lX%08lX:%s:%u:",
trustletter,
nbits_from_pkc( pkc2 ),
pkc2->pubkey_algo,
nbits_from_pk( pk2 ),
pk2->pubkey_algo,
(ulong)keyid2[0],(ulong)keyid2[1],
datestr_from_pkc( pkc2 ),
(unsigned)pkc2->valid_days
datestr_from_pk( pk2 ),
(unsigned)pk2->valid_days
/* fixme: add LID and ownertrust here */
);
if( pkc->local_id ) /* use the local_id of the main key??? */
printf("%lu", pkc->local_id );
if( pk->local_id ) /* use the local_id of the main key??? */
printf("%lu", pk->local_id );
putchar(':');
putchar(':');
putchar('\n');
}
else
printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ),
pubkey_letter( pkc2->pubkey_algo ),
printf("sub %4u%c/%08lX %s\n", nbits_from_pk( pk2 ),
pubkey_letter( pk2->pubkey_algo ),
(ulong)keyid2[1],
datestr_from_pkc( pkc2 ) );
datestr_from_pk( pk2 ) );
}
else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
u32 keyid2[2];
PKT_secret_cert *skc2 = node->pkt->pkt.secret_cert;
PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
if( !any ) {
putchar('\n');
if( opt.fingerprint )
fingerprint( pkc, skc ); /* of the main key */
fingerprint( pk, sk ); /* of the main key */
any = 1;
}
keyid_from_skc( skc2, keyid2 );
keyid_from_sk( sk2, keyid2 );
if( opt.with_colons )
printf("ssb::%u:%d:%08lX%08lX:%s:%u:::\n",
nbits_from_skc( skc2 ),
skc2->pubkey_algo,
nbits_from_sk( sk2 ),
sk2->pubkey_algo,
(ulong)keyid2[0],(ulong)keyid2[1],
datestr_from_skc( skc2 ),
(unsigned)skc2->valid_days
datestr_from_sk( sk2 ),
(unsigned)sk2->valid_days
/* fixme: add LID */
);
else
printf("ssb %4u%c/%08lX %s\n", nbits_from_skc( skc2 ),
pubkey_letter( skc2->pubkey_algo ),
printf("ssb %4u%c/%08lX %s\n", nbits_from_sk( sk2 ),
pubkey_letter( sk2->pubkey_algo ),
(ulong)keyid2[1],
datestr_from_skc( skc2 ) );
datestr_from_sk( sk2 ) );
}
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
@ -264,7 +264,7 @@ list_one( const char *name, int secret )
else
putchar('\n');
if( opt.fingerprint )
fingerprint( pkc, skc );
fingerprint( pk, sk );
any=1;
}
@ -334,13 +334,13 @@ list_one( const char *name, int secret )
}
static void
fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
{
byte *array, *p;
size_t i, n;
p = array = pkc? fingerprint_from_pkc( pkc, &n )
: fingerprint_from_skc( skc, &n );
p = array = pk? fingerprint_from_pk( pk, &n )
: fingerprint_from_sk( sk, &n );
if( opt.with_colons ) {
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )

8
g10/main.h
View File

@ -32,7 +32,7 @@
typedef struct {
int header_okay;
PKC_LIST pkc_list;
PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
@ -61,7 +61,7 @@ int encrypt_filter( void *opaque, int control,
/*-- sign.c --*/
int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md );
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int encrypt, STRLIST remusr, const char *outfile );
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
@ -95,9 +95,11 @@ KBNODE make_comment_node( const char *s );
KBNODE make_mpi_comment_node( const char *s, MPI a );
/*-- import.c --*/
int import_pubkeys( const char *filename );
int import_keys( const char *filename );
/*-- export.c --*/
int export_pubkeys( STRLIST users );
int export_seckeys( STRLIST users );
/* dearmor.c --*/
int dearmor_file( const char *fname );
int enarmor_file( const char *fname );

106
g10/mainproc.c
View File

@ -44,8 +44,8 @@
*/
typedef struct {
PKT_public_cert *last_pubkey;
PKT_secret_cert *last_seckey;
PKT_public_key *last_pubkey;
PKT_secret_key *last_seckey;
PKT_user_id *last_user_id;
md_filter_context_t mfx;
int sigs_only; /* process only signatures and reject all other stuff */
@ -353,8 +353,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
|| sig->sig_class == 0x18
|| sig->sig_class == 0x20
|| sig->sig_class == 0x30 ) { /* classes 0x10..0x17,0x20,0x30 */
if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
|| c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
|| c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
return check_key_signature( c->list, node, is_selfsig );
}
else {
@ -388,13 +388,13 @@ print_userid( PACKET *pkt )
static void
print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
print_fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
{
byte *array, *p;
size_t i, n;
p = array = skc? fingerprint_from_skc( skc, &n )
: fingerprint_from_pkc( pkc, &n );
p = array = sk? fingerprint_from_sk( sk, &n )
: fingerprint_from_pk( pk, &n );
if( opt.with_colons ) {
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )
@ -435,25 +435,25 @@ list_node( CTX c, KBNODE node )
if( !node )
;
else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) )
|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
PKT_public_cert *pkc = node->pkt->pkt.public_cert;
else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
PKT_public_key *pk = node->pkt->pkt.public_key;
if( opt.with_colons ) {
u32 keyid[2];
keyid_from_pkc( pkc, keyid );
keyid_from_pk( pk, keyid );
if( mainkey ) {
c->local_id = pkc->local_id;
c->trustletter = query_trust_info( pkc );
c->local_id = pk->local_id;
c->trustletter = query_trust_info( pk );
}
printf("%s:%c:%u:%d:%08lX%08lX:%s:%u:",
mainkey? "pub":"sub",
c->trustletter,
nbits_from_pkc( pkc ),
pkc->pubkey_algo,
nbits_from_pk( pk ),
pk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_pkc( pkc ),
(unsigned)pkc->valid_days );
datestr_from_pk( pk ),
(unsigned)pk->valid_days );
if( c->local_id )
printf("%lu", c->local_id );
putchar(':');
@ -463,10 +463,10 @@ list_node( CTX c, KBNODE node )
else
printf("%s %4u%c/%08lX %s ",
mainkey? "pub":"sub",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid_from_pkc( pkc, NULL ),
datestr_from_pkc( pkc ) );
nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ),
(ulong)keyid_from_pk( pk, NULL ),
datestr_from_pk( pk ) );
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
@ -492,10 +492,10 @@ list_node( CTX c, KBNODE node )
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
print_fingerprint( pkc, NULL );
print_fingerprint( pk, NULL );
any=1;
}
else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
if( !any ) {
putchar('\n');
any = 1;
@ -507,29 +507,29 @@ list_node( CTX c, KBNODE node )
if( !any )
putchar('\n');
}
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) )
|| node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
PKT_secret_cert *skc = node->pkt->pkt.secret_cert;
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *sk = node->pkt->pkt.secret_key;
if( opt.with_colons ) {
u32 keyid[2];
keyid_from_skc( skc, keyid );
keyid_from_sk( sk, keyid );
printf("%s::%u:%d:%08lX%08lX:%s:%u:::",
mainkey? "sec":"ssb",
nbits_from_skc( skc ),
skc->pubkey_algo,
nbits_from_sk( sk ),
sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
datestr_from_skc( skc ),
(unsigned)skc->valid_days
datestr_from_sk( sk ),
(unsigned)sk->valid_days
/* fixme: add LID */ );
}
else
printf("%s %4u%c/%08lX %s ",
mainkey? "sec":"ssb",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
(ulong)keyid_from_skc( skc, NULL ),
datestr_from_skc( skc ) );
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
(ulong)keyid_from_sk( sk, NULL ),
datestr_from_sk( sk ) );
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
@ -555,10 +555,10 @@ list_node( CTX c, KBNODE node )
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
print_fingerprint( NULL, skc );
print_fingerprint( NULL, sk );
any=1;
}
else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
if( !any ) {
putchar('\n');
any = 1;
@ -597,12 +597,12 @@ list_node( CTX c, KBNODE node )
else { /* check whether this is a self signature */
u32 keyid[2];
if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
|| c->list->pkt->pkttype == PKT_SECRET_CERT ) {
if( c->list->pkt->pkttype == PKT_PUBLIC_CERT )
keyid_from_pkc( c->list->pkt->pkt.public_cert, keyid );
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
|| c->list->pkt->pkttype == PKT_SECRET_KEY ) {
if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
else
keyid_from_skc( c->list->pkt->pkt.secret_cert, keyid );
keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
is_selfsig = 1;
@ -709,8 +709,8 @@ do_proc_packets( CTX c, IOBUF a )
}
else if( c->sigs_only ) {
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
case PKT_USER_ID:
case PKT_SYMKEY_ENC:
case PKT_PUBKEY_ENC:
@ -726,8 +726,8 @@ do_proc_packets( CTX c, IOBUF a )
}
else if( c->encrypt_only ) {
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
case PKT_USER_ID:
rc = G10ERR_UNEXPECTED;
goto leave;
@ -743,14 +743,14 @@ do_proc_packets( CTX c, IOBUF a )
}
else {
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
release_list( c );
c->list = new_kbnode( pkt );
newpkt = 1;
break;
case PKT_PUBKEY_SUBCERT:
case PKT_SECKEY_SUBCERT:
case PKT_PUBLIC_SUBKEY:
case PKT_SECRET_SUBKEY:
newpkt = add_subkey( c, pkt );
break;
case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
@ -850,10 +850,10 @@ proc_tree( CTX c, KBNODE node )
c->local_id = 0;
c->trustletter = ' ';
if( node->pkt->pkttype == PKT_PUBLIC_CERT
|| node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
if( node->pkt->pkttype == PKT_PUBLIC_KEY
|| node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
list_node( c, node );
else if( node->pkt->pkttype == PKT_SECRET_CERT )
else if( node->pkt->pkttype == PKT_SECRET_KEY )
list_node( c, node );
else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
/* check all signatures */

54
g10/packet.h
View File

@ -33,16 +33,16 @@ typedef enum {
PKT_SIGNATURE =2, /* secret key encrypted packet */
PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/
PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/
PKT_SECRET_CERT =5, /* secret key certificate */
PKT_PUBLIC_CERT =6, /* public key certificate */
PKT_SECKEY_SUBCERT =7, /* secret subkey certificate (OpenPGP) */
PKT_SECRET_KEY =5, /* secret key */
PKT_PUBLIC_KEY =6, /* public key */
PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */
PKT_COMPRESSED =8, /* compressed data packet */
PKT_ENCRYPTED =9, /* conventional encrypted data */
PKT_MARKER =10, /* marker packet (OpenPGP) */
PKT_PLAINTEXT =11, /* plaintext data with filename and mode */
PKT_RING_TRUST =12, /* keyring trust packet */
PKT_USER_ID =13, /* user id packet */
PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */
PKT_COMMENT =61 /* new comment packet (private) */
} pkttype_t;
@ -104,17 +104,17 @@ typedef struct {
* public keys by comparing the first npkey elements of pkey againts skey.
*/
typedef struct {
u32 timestamp; /* certificate made */
u32 timestamp; /* key made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
ulong local_id; /* internal use, valid if > 0 */
MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_cert;
} PKT_public_key;
typedef struct {
u32 timestamp; /* certificate made */
u32 timestamp; /* key made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
@ -130,7 +130,7 @@ typedef struct {
} protect;
MPI skey[PUBKEY_MAX_NSKEY];
u16 csum; /* checksum */
} PKT_secret_cert;
} PKT_secret_key;
typedef struct {
@ -172,8 +172,8 @@ struct packet_struct {
PKT_pubkey_enc *pubkey_enc; /* PKT_PUBKEY_ENC */
PKT_onepass_sig *onepass_sig; /* PKT_ONEPASS_SIG */
PKT_signature *signature; /* PKT_SIGNATURE */
PKT_public_cert *public_cert; /* PKT_PUBLIC_CERT */
PKT_secret_cert *secret_cert; /* PKT_SECRET_CERT */
PKT_public_key *public_key; /* PKT_PUBLIC_[SUB)KEY */
PKT_secret_key *secret_key; /* PKT_SECRET_[SUB]KEY */
PKT_comment *comment; /* PKT_COMMENT */
PKT_user_id *user_id; /* PKT_USER_ID */
PKT_compressed *compressed; /* PKT_COMPRESSED */
@ -224,15 +224,17 @@ int list_packets( IOBUF a );
int set_packet_list_mode( int mode );
int search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos );
int parse_packet( IOBUF inp, PACKET *ret_pkt);
void parse_pubkey_warning( PACKET *pkt );
int copy_all_packets( IOBUF inp, IOBUF out );
int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff );
int skip_some_packets( IOBUF inp, unsigned n );
const byte *parse_sig_subpkt( const byte *buffer, int reqtype, size_t *ret_n );
const byte *parse_sig_subpkt( const byte *buffer,
sigsubpkttype_t reqtype, size_t *ret_n );
/*-- build-packet.c --*/
int build_packet( IOBUF inp, PACKET *pkt );
u32 calc_packet_length( PACKET *pkt );
void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc );
void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen );
void build_sig_subpkt_from_sig( PKT_signature *sig );
@ -242,17 +244,17 @@ void free_symkey_enc( PKT_symkey_enc *enc );
void free_pubkey_enc( PKT_pubkey_enc *enc );
void free_seckey_enc( PKT_signature *enc );
int digest_algo_from_sig( PKT_signature *sig );
void release_public_cert_parts( PKT_public_cert *cert );
void free_public_cert( PKT_public_cert *cert );
void release_secret_cert_parts( PKT_secret_cert *cert );
void free_secret_cert( PKT_secret_cert *cert );
void release_public_key_parts( PKT_public_key *pk );
void free_public_key( PKT_public_key *key );
void release_secret_key_parts( PKT_secret_key *sk );
void free_secret_key( PKT_secret_key *sk );
void free_user_id( PKT_user_id *uid );
void free_comment( PKT_comment *rem );
void free_packet( PACKET *pkt );
PKT_public_cert *copy_public_cert( PKT_public_cert *d, PKT_public_cert *s );
PKT_secret_cert *copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s );
int cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b );
int cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc );
PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
int cmp_public_keys( PKT_public_key *a, PKT_public_key *b );
int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
@ -260,9 +262,9 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
int signature_check( PKT_signature *sig, MD_HANDLE digest );
/*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_cert *cert );
int check_secret_key( PKT_secret_cert *cert );
int protect_secret_key( PKT_secret_cert *cert, DEK *dek );
int is_secret_key_protected( PKT_secret_key *sk );
int check_secret_key( PKT_secret_key *sk );
int protect_secret_key( PKT_secret_key *sk, DEK *dek );
/*-- pubkey-enc.c --*/
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
@ -283,9 +285,9 @@ int ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname );
int write_comment( IOBUF out, const char *s );
/*-- sign.c --*/
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
PKT_user_id *uid, PKT_public_cert *subpkc,
PKT_secret_cert *skc,
int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
PKT_user_id *uid, PKT_public_key *subpk,
PKT_secret_key *sk,
int sigclass, int digest_algo,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque );

504
g10/parse-packet.c
View File

@ -51,7 +51,7 @@ static int parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_signature *sig );
static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_onepass_sig *ops );
static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *packet );
static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
@ -176,6 +176,38 @@ skip_some_packets( IOBUF inp, unsigned n )
return rc;
}
void
parse_pubkey_warning( PACKET *pkt )
{
static byte unknown_pubkey_algos[256];
int unk=0, uns=0;
if( pkt->pkttype == PKT_PUBLIC_KEY
|| pkt->pkttype == PKT_PUBLIC_SUBKEY )
unk = pkt->pkt.public_key->pubkey_algo & 0xff;
else if( pkt->pkttype == PKT_SECRET_KEY
|| pkt->pkttype == PKT_SECRET_SUBKEY )
unk = pkt->pkt.secret_key->pubkey_algo & 0xff;
else if( pkt->pkttype == PKT_SIGNATURE )
uns = pkt->pkt.signature->pubkey_algo & 0xff;
if( unk ) {
if( !(unknown_pubkey_algos[unk]&1) ) {
log_info("can't handle key "
"with public key algorithm %d\n", unk );
unknown_pubkey_algos[unk] |= 1;
}
}
else if( uns ) {
if( !(unknown_pubkey_algos[unk]&2) ) {
log_info("can't handle signature "
"with public key algorithm %d\n", uns );
unknown_pubkey_algos[unk] |= 2;
}
}
}
/****************
* Parse packet. Set the variable skip points to to 1 if the packet
* should be skipped; this is the case if either there is a
@ -277,15 +309,15 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pkt->pkttype = pkttype;
rc = G10ERR_UNKNOWN_PACKET; /* default error */
switch( pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_PUBKEY_SUBCERT:
pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert );
rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
case PKT_PUBLIC_KEY:
case PKT_PUBLIC_SUBKEY:
pkt->pkt.public_key = m_alloc_clear(sizeof *pkt->pkt.public_key );
rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
case PKT_SECRET_CERT:
case PKT_SECKEY_SUBCERT:
pkt->pkt.secret_cert = m_alloc_clear(sizeof *pkt->pkt.secret_cert );
rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
case PKT_SECRET_KEY:
case PKT_SECRET_SUBKEY:
pkt->pkt.secret_key = m_alloc_clear(sizeof *pkt->pkt.secret_key );
rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
case PKT_SYMKEY_ENC:
rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
@ -310,7 +342,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
break;
case PKT_RING_TRUST:
parse_trust(inp, pkttype, pktlen);
rc = 0;
rc = G10ERR_UNKNOWN_PACKET;
break;
case PKT_PLAINTEXT:
rc = parse_plaintext(inp, pkttype, pktlen, pkt );
@ -810,18 +842,19 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
static int
parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *pkt )
{
int i, version, algorithm;
unsigned n;
unsigned long timestamp;
unsigned short valid_period;
int npkey, nskey;
int is_v4=0;
int rc=0;
version = iobuf_get_noeof(inp); pktlen--;
if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
/* early versions of G10 use old PGP comments packets;
* luckily all those comments are started by a hash */
if( list_mode ) {
@ -861,343 +894,174 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
if( list_mode )
printf(":%s key packet:\n"
"\tversion %d, algo %d, created %lu, valid for %hu days\n",
pkttype == PKT_PUBLIC_CERT? "public" :
pkttype == PKT_SECRET_CERT? "secret" :
pkttype == PKT_PUBKEY_SUBCERT? "public sub" :
pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??",
pkttype == PKT_PUBLIC_KEY? "public" :
pkttype == PKT_SECRET_KEY? "secret" :
pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
version, algorithm, timestamp, valid_period );
if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT ) {
pkt->pkt.secret_cert->timestamp = timestamp;
pkt->pkt.secret_cert->valid_days = valid_period;
pkt->pkt.secret_cert->hdrbytes = hdrlen;
pkt->pkt.secret_cert->version = version;
pkt->pkt.secret_cert->pubkey_algo = algorithm;
if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *sk = pkt->pkt.secret_key;
sk->timestamp = timestamp;
sk->valid_days = valid_period;
sk->hdrbytes = hdrlen;
sk->version = version;
sk->pubkey_algo = algorithm;
}
else {
pkt->pkt.public_cert->timestamp = timestamp;
pkt->pkt.public_cert->valid_days = valid_period;
pkt->pkt.public_cert->hdrbytes = hdrlen;
pkt->pkt.public_cert->version = version;
pkt->pkt.public_cert->pubkey_algo = algorithm;
PKT_public_key *pk = pkt->pkt.public_key;
pk->timestamp = timestamp;
pk->valid_days = valid_period;
pk->hdrbytes = hdrlen;
pk->version = version;
pk->pubkey_algo = algorithm;
}
nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm );
if( !npkey ) {
if( list_mode )
printf("\tunknown algorithm %d\n", algorithm );
rc = G10ERR_PUBKEY_ALGO;
goto leave;
}
if( is_ELGAMAL(algorithm) ) {
MPI elg_p, elg_g, elg_y;
n = pktlen; elg_p = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; elg_g = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; elg_y = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
printf( "\telg p: ");
mpi_print(stdout, elg_p, mpi_print_mode );
printf("\n\telg g: ");
mpi_print(stdout, elg_g, mpi_print_mode );
printf("\n\telg y: ");
mpi_print(stdout, elg_y, mpi_print_mode );
putchar('\n');
if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
PKT_secret_key *sk = pkt->pkt.secret_key;
byte temp[8];
for(i=0; i < npkey; i++ ) {
n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
printf( "\tskey[%d]: ", i);
mpi_print(stdout, sk->skey[i], mpi_print_mode );
putchar('\n');
}
}
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->pkey[0] = elg_p;
pkt->pkt.public_cert->pkey[1] = elg_g;
pkt->pkt.public_cert->pkey[2] = elg_y;
}
else {
PKT_secret_cert *cert = pkt->pkt.secret_cert;
byte temp[8];
pkt->pkt.secret_cert->skey[0] = elg_p;
pkt->pkt.secret_cert->skey[1] = elg_g;
pkt->pkt.secret_cert->skey[2] = elg_y;
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->protect.algo ) {
cert->is_protected = 1;
cert->protect.s2k.count = 0;
if( cert->protect.algo == 255 ) {
if( pktlen < 3 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
switch( cert->protect.s2k.mode ) {
case 1:
case 4:
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
memcpy(cert->protect.s2k.salt, temp, 8 );
break;
}
switch( cert->protect.s2k.mode ) {
case 0: if( list_mode ) printf( "\tsimple S2K" );
break;
case 1: if( list_mode ) printf( "\tsalted S2K" );
break;
case 4: if( list_mode ) printf( "\titer+salt S2K" );
break;
default:
if( list_mode )
printf( "\tunknown S2K %d\n",
cert->protect.s2k.mode );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
if( list_mode ) {
printf(", algo: %d, hash: %d",
cert->protect.algo,
cert->protect.s2k.hash_algo );
if( cert->protect.s2k.mode == 1
|| cert->protect.s2k.mode == 4 ) {
printf(", salt: ");
for(i=0; i < 8; i++ )
printf("%02x", cert->protect.s2k.salt[i]);
}
putchar('\n');
}
if( cert->protect.s2k.mode == 4 ) {
if( pktlen < 4 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->protect.s2k.count = read_32(inp);
pktlen -= 4;
}
}
else {
/* old version, we don't have a S2K, so we fake one */
cert->protect.s2k.mode = 0;
/* We need this kludge to cope with old GNUPG versions */
cert->protect.s2k.hash_algo =
cert->protect.algo == CIPHER_ALGO_BLOWFISH160?
DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
if( list_mode )
printf( "\tprotect algo: %d (hash algo: %d)\n",
cert->protect.algo, cert->protect.s2k.hash_algo );
}
if( pktlen < 8 ) {
sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( sk->protect.algo ) {
sk->is_protected = 1;
sk->protect.s2k.count = 0;
if( sk->protect.algo == 255 ) {
if( pktlen < 3 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
printf( "\tprotect IV: ");
for(i=0; i < 8; i++ )
printf(" %02x", temp[i] );
putchar('\n');
sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
switch( sk->protect.s2k.mode ) {
case 1:
case 4:
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
memcpy(sk->protect.s2k.salt, temp, 8 );
break;
}
memcpy(cert->protect.iv, temp, 8 );
}
else
cert->is_protected = 0;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect it. */
n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( cert->is_protected )
mpi_set_protect_flag(cert->skey[3]);
cert->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
printf("\t[secret value x is not shown]\n"
"\tchecksum: %04hx\n", cert->csum);
}
}
}
else if( algorithm == PUBKEY_ALGO_DSA ) {
MPI dsa_p, dsa_q, dsa_g, dsa_y;
n = pktlen; dsa_p = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; dsa_q = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; dsa_g = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; dsa_y = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
printf( "\tdsa p: ");
mpi_print(stdout, dsa_p, mpi_print_mode );
printf("\n\tdsa q: ");
mpi_print(stdout, dsa_q, mpi_print_mode );
printf("\n\tdsa g: ");
mpi_print(stdout, dsa_g, mpi_print_mode );
printf("\n\tdsa y: ");
mpi_print(stdout, dsa_y, mpi_print_mode );
putchar('\n');
}
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->pkey[0] = dsa_p;
pkt->pkt.public_cert->pkey[1] = dsa_q;
pkt->pkt.public_cert->pkey[2] = dsa_g;
pkt->pkt.public_cert->pkey[3] = dsa_y;
}
else {
PKT_secret_cert *cert = pkt->pkt.secret_cert;
byte temp[8];
pkt->pkt.secret_cert->skey[0] = dsa_p;
pkt->pkt.secret_cert->skey[1] = dsa_q;
pkt->pkt.secret_cert->skey[2] = dsa_g;
pkt->pkt.secret_cert->skey[3] = dsa_y;
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( cert->protect.algo ) {
cert->is_protected = 1;
cert->protect.s2k.count = 0;
if( cert->protect.algo == 255 ) {
if( pktlen < 3 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
switch( cert->protect.s2k.mode ) {
case 1:
case 4:
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
memcpy(cert->protect.s2k.salt, temp, 8 );
break;
}
switch( cert->protect.s2k.mode ) {
case 0: if( list_mode ) printf( "\tsimple S2K" );
break;
case 1: if( list_mode ) printf( "\tsalted S2K" );
break;
case 4: if( list_mode ) printf( "\titer+salt S2K" );
break;
default:
if( list_mode )
printf( "\tunknown S2K %d\n",
cert->protect.s2k.mode );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
if( list_mode ) {
printf(", algo: %d, hash: %d",
cert->protect.algo,
cert->protect.s2k.hash_algo );
if( cert->protect.s2k.mode == 1
|| cert->protect.s2k.mode == 4 ){
printf(", salt: ");
for(i=0; i < 8; i++ )
printf("%02x", cert->protect.s2k.salt[i]);
}
putchar('\n');
}
if( cert->protect.s2k.mode == 4 ) {
if( pktlen < 4 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
cert->protect.s2k.count = read_32(inp);
pktlen -= 4;
}
}
else {
switch( sk->protect.s2k.mode ) {
case 0: if( list_mode ) printf( "\tsimple S2K" );
break;
case 1: if( list_mode ) printf( "\tsalted S2K" );
break;
case 4: if( list_mode ) printf( "\titer+salt S2K" );
break;
default:
if( list_mode )
printf( "\tprotect algo: %d\n", cert->protect.algo);
/* old version, we don't have a S2K, so we fake one */
cert->protect.s2k.mode = 0;
cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
}
if( pktlen < 8 ) {
printf( "\tunknown S2K %d\n",
sk->protect.s2k.mode );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
printf( "\tprotect IV: ");
for(i=0; i < 8; i++ )
printf(" %02x", temp[i] );
printf(", algo: %d, hash: %d",
sk->protect.algo,
sk->protect.s2k.hash_algo );
if( sk->protect.s2k.mode == 1
|| sk->protect.s2k.mode == 4 ) {
printf(", salt: ");
for(i=0; i < 8; i++ )
printf("%02x", sk->protect.s2k.salt[i]);
}
putchar('\n');
}
memcpy(cert->protect.iv, temp, 8 );
}
else
cert->is_protected = 0;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect it. */
n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( cert->is_protected )
mpi_set_protect_flag(cert->skey[4]);
cert->csum = read_16(inp); pktlen -= 2;
if( sk->protect.s2k.mode == 4 ) {
if( pktlen < 4 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
sk->protect.s2k.count = read_32(inp);
pktlen -= 4;
}
}
else { /* old version; no S2K, so we set mode to 0, hash MD5 */
sk->protect.s2k.mode = 0;
/* We need a kludge to cope with old GNUPG versions */
sk->protect.s2k.hash_algo =
( sk->protect.algo == CIPHER_ALGO_BLOWFISH160
&& algorithm == PUBKEY_ALGO_ELGAMAL_E ) ?
DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
if( list_mode )
printf( "\tprotect algo: %d (hash algo: %d)\n",
sk->protect.algo, sk->protect.s2k.hash_algo );
}
if( pktlen < 8 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
printf("\t[secret value x is not shown]\n"
"\tchecksum: %04hx\n", cert->csum);
printf( "\tprotect IV: ");
for(i=0; i < 8; i++ )
printf(" %02x", temp[i] );
putchar('\n');
}
memcpy(sk->protect.iv, temp, 8 );
}
else
sk->is_protected = 0;
/* It does not make sense to read it into secure memory.
* If the user is so careless, not to protect his secret key,
* we can assume, that he operates an open system :=(.
* So we put the key into secure memory when we unprotect it. */
for(i=npkey; i < nskey; i++ ) {
n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( sk->is_protected )
mpi_set_protect_flag(sk->skey[i]);
if( list_mode ) {
printf( "\tskey[%d]: ", i);
if( sk->is_protected )
printf( "[encrypted]\n");
else {
mpi_print(stdout, sk->skey[i], mpi_print_mode );
putchar('\n');
}
}
}
}
else if( is_RSA(algorithm) ) {
MPI rsa_pub_mod, rsa_pub_exp;
n = pktlen; rsa_pub_mod = mpi_read(inp, &n, 0); pktlen -=n;
n = pktlen; rsa_pub_exp = mpi_read(inp, &n, 0 ); pktlen -=n;
sk->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
printf( "\tpublic modulus n: ");
mpi_print(stdout, rsa_pub_mod, mpi_print_mode );
printf("\n\tpublic exponent e: ");
mpi_print(stdout, rsa_pub_exp, mpi_print_mode );
putchar('\n');
printf("\tchecksum: %04hx\n", sk->csum);
}
if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
pkt->pkt.public_cert->pkey[0] = rsa_pub_mod;
pkt->pkt.public_cert->pkey[1] = rsa_pub_exp;
}
else {
PKT_secret_cert *cert = pkt->pkt.secret_cert;
byte temp[8];
}
else {
PKT_public_key *pk = pkt->pkt.public_key;
pkt->pkt.secret_cert->skey[0] = rsa_pub_mod;
pkt->pkt.secret_cert->skey[1] = rsa_pub_exp;
cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
printf( "\tprotect algo: %d\n", cert->protect.algo);
if( cert->protect.algo ) {
cert->is_protected = 1;
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
printf( "\tprotect IV: ");
for(i=0; i < 8; i++ )
printf(" %02x", temp[i] );
putchar('\n');
}
memcpy(cert->protect.iv, temp, 8 );
/* old version, we don't have a S2K, so we fake one */
cert->protect.s2k.mode = 0;
cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
}
else
cert->is_protected = 0;
/* (See comments at the code for elg keys) */
n = pktlen; cert->skey[2] = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
n = pktlen; cert->skey[5] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( cert->is_protected ) {
mpi_set_protect_flag(cert->skey[2]);
mpi_set_protect_flag(cert->skey[3]);
mpi_set_protect_flag(cert->skey[4]);
mpi_set_protect_flag(cert->skey[5]);
}
cert->csum = read_16(inp); pktlen -= 2;
for(i=0; i < npkey; i++ ) {
n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
printf("\t[secret values d,p,q,u are not shown]\n"
"\tchecksum: %04hx\n", cert->csum);
printf( "\tpkey[%d]: ", i);
mpi_print(stdout, pk->pkey[i], mpi_print_mode );
putchar('\n');
}
}
}
else if( list_mode )
printf("\tunknown algorithm %d\n", algorithm );
leave:
skip_rest(inp, pktlen);

12
g10/passphrase.c
View File

@ -109,7 +109,7 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
}
if( keyid && !opt.batch && !next_pw ) {
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
size_t n;
char *p;
@ -120,14 +120,14 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
m_free(p);
tty_printf("\"\n");
if( !get_pubkey( pkc, keyid ) ) {
const char *s = pubkey_algo_to_string( pkc->pubkey_algo );
if( !get_pubkey( pk, keyid ) ) {
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
tty_printf( _("(%u-bit %s key, ID %08lX, created %s)\n"),
nbits_from_pkc( pkc ), s?s:"?", (ulong)keyid[1],
strtimestamp(pkc->timestamp) );
nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1],
strtimestamp(pk->timestamp) );
}
tty_printf("\n");
free_public_cert( pkc );
free_public_key( pk );
}
if( next_pw ) {
pw = next_pw;

122
g10/pkclist.c
View File

@ -45,7 +45,7 @@ query_ownertrust( ulong lid )
int rc;
size_t n;
u32 keyid[2];
PKT_public_cert *pkc ;
PKT_public_key *pk ;
int changed=0;
rc = keyid_from_trustdb( lid, keyid );
@ -54,8 +54,8 @@ query_ownertrust( ulong lid )
return 0;
}
pkc = m_alloc_clear( sizeof *pkc );
rc = get_pubkey( pkc, keyid );
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_error("keyid %08lX: pubkey not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
@ -64,8 +64,8 @@ query_ownertrust( ulong lid )
tty_printf(_("No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""), lid,
nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ),
(ulong)keyid[1], datestr_from_pkc( pkc ) );
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
m_free(p);
@ -110,7 +110,7 @@ query_ownertrust( ulong lid )
m_free(p); p = NULL;
}
m_free(p);
m_free(pkc);
m_free(pk);
return changed;
}
@ -120,7 +120,7 @@ query_ownertrust( ulong lid )
* Returns: -1 if no ownertrust were added.
*/
static int
add_ownertrust( PKT_public_cert *pkc )
add_ownertrust( PKT_public_key *pk )
{
int rc;
void *context = NULL;
@ -132,13 +132,13 @@ add_ownertrust( PKT_public_cert *pkc )
_("Could not find a valid trust path to the key. Let's see whether we\n"
"can assign some missing owner trust values.\n\n"));
rc = query_trust_record( pkc );
rc = query_trust_record( pk );
if( rc ) {
log_error("Ooops: not in trustdb\n");
return -1;
}
lid = pkc->local_id;
lid = pk->local_id;
while( !(rc=enum_trust_web( &context, &lid )) ) {
rc = get_ownertrust( lid, &trust );
if( rc )
@ -160,11 +160,11 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
}
/****************
* Check whether we can trust this pkc which has a trustlevel of TRUSTLEVEL
* Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
* Returns: true if we trust.
*/
static int
do_we_trust( PKT_public_cert *pkc, int trustlevel )
do_we_trust( PKT_public_key *pk, int trustlevel )
{
int rc;
@ -187,19 +187,19 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
switch( (trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
rc = insert_trust_record( pkc );
rc = insert_trust_record( pk );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
return 0; /* no */
}
rc = check_trust( pkc, &trustlevel );
rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
BUG();
return do_we_trust( pkc, trustlevel );
return do_we_trust( pk, trustlevel );
case TRUST_EXPIRED:
log_info("key has expired\n");
@ -209,14 +209,14 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
if( opt.batch || opt.answer_no )
log_info("no info to calculate a trust probability\n");
else {
rc = add_ownertrust( pkc );
rc = add_ownertrust( pk );
if( !rc ) {
rc = check_trust( pkc, &trustlevel );
rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after add_ownertrust failed: %s\n",
g10_errstr(rc) );
/* fixme: this is recursive; we should unroll it */
return do_we_trust( pkc, trustlevel );
return do_we_trust( pk, trustlevel );
}
}
return 0;
@ -256,9 +256,9 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
* key anyway.
*/
static int
do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
do_we_trust_pre( PKT_public_key *pk, int trustlevel )
{
int rc = do_we_trust( pkc, trustlevel );
int rc = do_we_trust( pk, trustlevel );
if( !opt.batch && !rc ) {
char *answer;
@ -283,22 +283,22 @@ do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
void
release_pkc_list( PKC_LIST pkc_list )
release_pk_list( PK_LIST pk_list )
{
PKC_LIST pkc_rover;
PK_LIST pk_rover;
for( ; pkc_list; pkc_list = pkc_rover ) {
pkc_rover = pkc_list->next;
free_public_cert( pkc_list->pkc );
m_free( pkc_list );
for( ; pk_list; pk_list = pk_rover ) {
pk_rover = pk_list->next;
free_public_key( pk_list->pk );
m_free( pk_list );
}
}
int
build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
{
PKC_LIST pkc_list = NULL;
PKT_public_cert *pkc=NULL;
PK_LIST pk_list = NULL;
PKT_public_key *pk=NULL;
int rc=0;
if( !remusr && !opt.batch ) { /* ask */
@ -314,86 +314,86 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
tty_kill_prompt();
if( !*answer )
break;
if( pkc )
free_public_cert( pkc );
pkc = m_alloc_clear( sizeof *pkc );
rc = get_pubkey_byname( pkc, answer );
if( pk )
free_public_key( pk );
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey_byname( pk, answer );
if( rc )
tty_printf("No such user ID.\n");
else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage)) ) {
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) {
int trustlevel;
rc = check_trust( pkc, &trustlevel );
rc = check_trust( pk, &trustlevel );
if( rc ) {
log_error("error checking pkc of '%s': %s\n",
log_error("error checking pk of '%s': %s\n",
answer, g10_errstr(rc) );
}
else if( do_we_trust_pre( pkc, trustlevel ) ) {
PKC_LIST r;
else if( do_we_trust_pre( pk, trustlevel ) ) {
PK_LIST r;
r = m_alloc( sizeof *r );
r->pkc = pkc; pkc = NULL;
r->next = pkc_list;
r->pk = pk; pk = NULL;
r->next = pk_list;
r->mark = 0;
pkc_list = r;
pk_list = r;
break;
}
}
}
m_free(answer);
if( pkc ) {
free_public_cert( pkc );
pkc = NULL;
if( pk ) {
free_public_key( pk );
pk = NULL;
}
}
else {
for(; remusr; remusr = remusr->next ) {
pkc = m_alloc_clear( sizeof *pkc );
if( (rc = get_pubkey_byname( pkc, remusr->d )) ) {
free_public_cert( pkc ); pkc = NULL;
pk = m_alloc_clear( sizeof *pk );
if( (rc = get_pubkey_byname( pk, remusr->d )) ) {
free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage )) ) {
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) {
int trustlevel;
rc = check_trust( pkc, &trustlevel );
rc = check_trust( pk, &trustlevel );
if( rc ) {
free_public_cert( pkc ); pkc = NULL;
log_error("error checking pkc of '%s': %s\n",
free_public_key( pk ); pk = NULL;
log_error("error checking pk of '%s': %s\n",
remusr->d, g10_errstr(rc) );
}
else if( do_we_trust_pre( pkc, trustlevel ) ) {
else if( do_we_trust_pre( pk, trustlevel ) ) {
/* note: do_we_trust may have changed the trustlevel */
PKC_LIST r;
PK_LIST r;
r = m_alloc( sizeof *r );
r->pkc = pkc; pkc = NULL;
r->next = pkc_list;
r->pk = pk; pk = NULL;
r->next = pk_list;
r->mark = 0;
pkc_list = r;
pk_list = r;
}
else { /* we don't trust this pkc */
free_public_cert( pkc ); pkc = NULL;
else { /* we don't trust this pk */
free_public_key( pk ); pk = NULL;
}
}
else {
free_public_cert( pkc ); pkc = NULL;
free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
}
}
}
if( !rc && !pkc_list ) {
if( !rc && !pk_list ) {
log_error("no valid addressees\n");
rc = G10ERR_NO_USER_ID;
}
if( rc )
release_pkc_list( pkc_list );
release_pk_list( pk_list );
else
*ret_pkc_list = pkc_list;
*ret_pk_list = pk_list;
return rc;
}

14
g10/pubkey-enc.c
View File

@ -44,7 +44,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
byte *frame = NULL;
unsigned n, nframe;
u16 csum, csum2;
PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
if( is_RSA(k->pubkey_algo) ) /* warn about that */
write_status(STATUS_RSA_OR_IDEA);
@ -52,14 +52,14 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
if( rc )
goto leave;
skc->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
if( (rc = get_seckey( skc, k->keyid )) )
sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
if( (rc = get_seckey( sk, k->keyid )) )
goto leave;
rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, skc->skey );
rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, sk->skey );
if( rc )
goto leave;
free_secret_cert( skc ); skc = NULL;
free_secret_key( sk ); sk = NULL;
frame = mpi_get_buffer( plain_dek, &nframe, NULL );
mpi_free( plain_dek ); plain_dek = NULL;
@ -128,8 +128,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
leave:
mpi_free(plain_dek);
m_free(frame);
if( skc )
free_secret_cert( skc );
if( sk )
free_secret_key( sk );
return rc;
}

37
g10/revoke.c
View File

@ -45,10 +45,10 @@ gen_revoke( const char *uname )
armor_filter_context_t afx;
compress_filter_context_t zfx;
PACKET pkt;
PKT_secret_cert *skc; /* used as pointer into a kbnode */
PKT_public_cert *pkc = NULL;
PKT_secret_key *sk; /* used as pointer into a kbnode */
PKT_public_key *pk = NULL;
PKT_signature *sig = NULL;
u32 skc_keyid[2];
u32 sk_keyid[2];
IOBUF out = NULL;
KBNODE keyblock = NULL;
KBNODE node;
@ -82,7 +82,7 @@ gen_revoke( const char *uname )
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_SECRET_CERT );
node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node ) { /* maybe better to use log_bug ? */
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
@ -91,27 +91,26 @@ gen_revoke( const char *uname )
/* fixme: should make a function out of this stuff,
* it's used all over the source */
skc = node->pkt->pkt.secret_cert;
keyid_from_skc( skc, skc_keyid );
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, sk_keyid );
tty_printf("\nsec %4u%c/%08lX %s ",
nbits_from_skc( skc ),
pubkey_letter( skc->pubkey_algo ),
skc_keyid[1], datestr_from_skc(skc) );
nbits_from_sk( sk ),
pubkey_letter( sk->pubkey_algo ),
sk_keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( skc_keyid, &n );
char *p = get_user_id( sk_keyid, &n );
tty_print_string( p, n );
m_free(p);
tty_printf("\n");
}
/* the the pkc */
pkc = m_alloc_clear( sizeof *pkc );
rc = get_pubkey( pkc, skc_keyid );
pk = m_alloc_clear( sizeof *pk );
rc = get_pubkey( pk, sk_keyid );
if( rc ) {
log_error("no corresponding public key: %s\n", g10_errstr(rc) );
goto leave;
}
if( cmp_public_secret_cert( pkc, skc ) ) {
if( cmp_public_secret_key( pk, sk ) ) {
log_error("public key does not match secret key!\n" );
rc = G10ERR_GENERAL;
goto leave;
@ -127,7 +126,7 @@ gen_revoke( const char *uname )
goto leave;
}
switch( is_secret_key_protected( skc ) ) {
switch( is_secret_key_protected( sk ) ) {
case -1:
log_error("unknown protection algorithm\n");
rc = G10ERR_PUBKEY_ALGO;
@ -136,7 +135,7 @@ gen_revoke( const char *uname )
tty_printf("Warning: This key is not protected!\n");
break;
default:
rc = check_secret_key( skc );
rc = check_secret_key( sk );
break;
}
if( rc )
@ -159,7 +158,7 @@ gen_revoke( const char *uname )
/* create it */
rc = make_keysig_packet( &sig, pkc, NULL, NULL, skc, 0x20, 0, NULL, NULL);
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, NULL, NULL);
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
goto leave;
@ -185,8 +184,8 @@ gen_revoke( const char *uname )
leave:
if( pkc )
free_public_cert( pkc );
if( pk )
free_public_key( pk );
if( sig )
free_seckey_enc( sig );
release_kbnode( keyblock );

95
g10/ringedit.c
View File

@ -69,7 +69,6 @@ typedef struct resource_table_struct RESTBL;
#define MAX_RESOURCES 10
static RESTBL resource_table[MAX_RESOURCES];
static int search( PACKET *pkt, KBPOS *kbpos, int secret );
@ -92,7 +91,6 @@ check_pos( KBPOS *kbpos )
}
/****************************************************************
****************** public functions ****************************
****************************************************************/
@ -168,7 +166,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
* Search a keyblock which starts with the given packet and puts all
* information into KBPOS, which can be used later to access this key block.
* This function looks into all registered keyblock sources.
* PACKET must be a packet with either a secret_cert or a public_cert
* PACKET must be a packet with either a secret_key or a public_key
*
* This function is intended to check whether a given certificate
* is already in a keyring or to prepare it for editing.
@ -210,20 +208,20 @@ int
find_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc;
rc = get_pubkey_byname( pkc, username );
rc = get_pubkey_byname( pk, username );
if( rc ) {
free_public_cert(pkc);
free_public_key(pk);
return rc;
}
init_packet( &pkt );
pkt.pkttype = PKT_PUBLIC_CERT;
pkt.pkt.public_cert = pkc;
pkt.pkttype = PKT_PUBLIC_KEY;
pkt.pkt.public_key = pk;
rc = search( &pkt, kbpos, 0 );
free_public_cert(pkc);
free_public_key(pk);
return rc;
}
@ -233,14 +231,14 @@ find_keyblock_byname( KBPOS *kbpos, const char *username )
* of the keyblock.
*/
int
find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc )
find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk )
{
PACKET pkt;
int rc;
init_packet( &pkt );
pkt.pkttype = PKT_PUBLIC_CERT;
pkt.pkt.public_cert = pkc;
pkt.pkttype = PKT_PUBLIC_KEY;
pkt.pkt.public_key = pk;
rc = search( &pkt, kbpos, 0 );
return rc;
}
@ -254,20 +252,20 @@ int
find_secret_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
int rc;
rc = get_seckey_byname( skc, username, 0 );
rc = get_seckey_byname( sk, username, 0 );
if( rc ) {
free_secret_cert(skc);
free_secret_key(sk);
return rc;
}
init_packet( &pkt );
pkt.pkttype = PKT_SECRET_CERT;
pkt.pkt.secret_cert = skc;
pkt.pkttype = PKT_SECRET_KEY;
pkt.pkt.secret_key = sk;
rc = search( &pkt, kbpos, 1 );
free_secret_cert(skc);
free_secret_key(sk);
return rc;
}
@ -449,30 +447,30 @@ update_keyblock( KBPOS *kbpos, KBNODE root )
****************************************************************/
static int
cmp_seckey( PKT_secret_cert *req_skc, PKT_secret_cert *skc )
cmp_seckey( PKT_secret_key *req_sk, PKT_secret_key *sk )
{
int n,i;
assert( req_skc->pubkey_algo == skc->pubkey_algo );
assert( req_sk->pubkey_algo == sk->pubkey_algo );
n = pubkey_get_nskey( req_skc->pubkey_algo );
n = pubkey_get_nskey( req_sk->pubkey_algo );
for(i=0; i < n; i++ ) {
if( mpi_cmp( req_skc->skey[i], skc->skey[i] ) )
if( mpi_cmp( req_sk->skey[i], sk->skey[i] ) )
return -1;
}
return 0;
}
static int
cmp_pubkey( PKT_public_cert *req_pkc, PKT_public_cert *pkc )
cmp_pubkey( PKT_public_key *req_pk, PKT_public_key *pk )
{
int n, i;
assert( req_pkc->pubkey_algo == pkc->pubkey_algo );
assert( req_pk->pubkey_algo == pk->pubkey_algo );
n = pubkey_get_npkey( req_pkc->pubkey_algo );
n = pubkey_get_npkey( req_pk->pubkey_algo );
for(i=0; i < n; i++ ) {
if( mpi_cmp( req_pkc->pkey[i], pkc->pkey[i] ) )
if( mpi_cmp( req_pk->pkey[i], pk->pkey[i] ) )
return -1;
}
return 0;
@ -489,8 +487,8 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
int save_mode;
ulong offset;
int pkttype = req->pkttype;
PKT_public_cert *req_pkc = req->pkt.public_cert;
PKT_secret_cert *req_skc = req->pkt.secret_cert;
PKT_public_key *req_pk = req->pkt.public_key;
PKT_secret_key *req_sk = req->pkt.secret_key;
init_packet(&pkt);
save_mode = set_packet_list_mode(0);
@ -512,22 +510,22 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
#endif
while( !(rc=search_packet(iobuf, &pkt, pkttype, &offset)) ) {
if( pkt.pkttype == PKT_SECRET_CERT ) {
PKT_secret_cert *skc = pkt.pkt.secret_cert;
if( pkt.pkttype == PKT_SECRET_KEY ) {
PKT_secret_key *sk = pkt.pkt.secret_key;
if( req_skc->timestamp == skc->timestamp
&& req_skc->valid_days == skc->valid_days
&& req_skc->pubkey_algo == skc->pubkey_algo
&& !cmp_seckey( req_skc, skc) )
if( req_sk->timestamp == sk->timestamp
&& req_sk->valid_days == sk->valid_days
&& req_sk->pubkey_algo == sk->pubkey_algo
&& !cmp_seckey( req_sk, sk) )
break; /* found */
}
else if( pkt.pkttype == PKT_PUBLIC_CERT ) {
PKT_public_cert *pkc = pkt.pkt.public_cert;
else if( pkt.pkttype == PKT_PUBLIC_KEY ) {
PKT_public_key *pk = pkt.pkt.public_key;
if( req_pkc->timestamp == pkc->timestamp
&& req_pkc->valid_days == pkc->valid_days
&& req_pkc->pubkey_algo == pkc->pubkey_algo
&& !cmp_pubkey( req_pkc, pkc ) )
if( req_pk->timestamp == pk->timestamp
&& req_pk->valid_days == pk->valid_days
&& req_pk->pubkey_algo == pk->pubkey_algo
&& !cmp_pubkey( req_pk, pk ) )
break; /* found */
}
else
@ -577,12 +575,13 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
kbpos->count=0;
while( (rc=parse_packet(a, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
if( rc != G10ERR_UNKNOWN_PACKET ) {
if( rc == G10ERR_PUBKEY_ALGO )
parse_pubkey_warning( pkt );
else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
}
log_info("read_keyblock: read error: %s\n", g10_errstr(rc) );
kbpos->count++;
free_packet( pkt );
init_packet( pkt );
@ -590,8 +589,8 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
}
/* make a linked list of all packets */
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
if( in_cert )
goto ready;
in_cert = 1;
@ -641,7 +640,9 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
init_packet(pkt);
while( (rc=parse_packet(kbpos->fp, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
if( rc != G10ERR_UNKNOWN_PACKET ) {
if( rc == G10ERR_PUBKEY_ALGO )
parse_pubkey_warning( pkt );
else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
@ -652,8 +653,8 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
}
/* make a linked list of all packets */
switch( pkt->pkttype ) {
case PKT_PUBLIC_CERT:
case PKT_SECRET_CERT:
case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY:
if( root ) { /* store this packet */
kbpos->pkt = pkt;
pkt = NULL;

120
g10/seckey-cert.c
View File

@ -35,76 +35,76 @@
static int
do_check( PKT_secret_cert *cert )
do_check( PKT_secret_key *sk )
{
byte *buffer;
u16 csum=0;
int i, res;
unsigned nbytes;
if( cert->is_protected ) { /* remove the protection */
if( sk->is_protected ) { /* remove the protection */
DEK *dek = NULL;
u32 keyid[2];
CIPHER_HANDLE cipher_hd=NULL;
PKT_secret_cert *save_cert;
PKT_secret_key *save_sk;
char save_iv[8];
if( cert->protect.algo == CIPHER_ALGO_NONE )
if( sk->protect.algo == CIPHER_ALGO_NONE )
BUG();
if( check_cipher_algo( cert->protect.algo ) )
if( check_cipher_algo( sk->protect.algo ) )
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
keyid_from_skc( cert, keyid );
dek = passphrase_to_dek( keyid, cert->protect.algo,
&cert->protect.s2k, 0 );
cipher_hd = cipher_open( cert->protect.algo,
keyid_from_sk( sk, keyid );
dek = passphrase_to_dek( keyid, sk->protect.algo,
&sk->protect.s2k, 0 );
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek);
save_cert = copy_secret_cert( NULL, cert );
memcpy(save_iv, cert->protect.iv, 8 );
cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
save_sk = copy_secret_key( NULL, sk );
memcpy(save_iv, sk->protect.iv, 8 );
cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
csum = 0;
for(i=pubkey_get_npkey(cert->pubkey_algo);
i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL );
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
assert( mpi_is_protected(cert->skey[i]) );
assert( mpi_is_protected(sk->skey[i]) );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
mpi_clear_protect_flag( cert->skey[i] );
csum += checksum_mpi( cert->skey[i] );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_clear_protect_flag( sk->skey[i] );
csum += checksum_mpi( sk->skey[i] );
m_free( buffer );
}
if( opt.emulate_bugs & 1 ) {
csum = cert->csum;
csum = sk->csum;
}
cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
if( csum != cert->csum ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
if( csum != sk->csum ) {
copy_secret_key( sk, save_sk );
free_secret_key( save_sk );
memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
/* the checksum may fail, so we also check the key itself */
res = pubkey_check_secret_key( cert->pubkey_algo, cert->skey );
res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey );
if( res ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
copy_secret_key( sk, save_sk );
free_secret_key( save_sk );
memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
free_secret_cert( save_cert );
cert->is_protected = 0;
free_secret_key( save_sk );
sk->is_protected = 0;
}
else { /* not protected, assume it is okay if the checksum is okay */
csum = 0;
for(i=pubkey_get_npkey(cert->pubkey_algo);
i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
csum += checksum_mpi( cert->skey[i] );
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
csum += checksum_mpi( sk->skey[i] );
}
if( csum != cert->csum )
if( csum != sk->csum )
return G10ERR_CHECKSUM;
}
@ -114,11 +114,11 @@ do_check( PKT_secret_cert *cert )
/****************
* Check the secret key certificate
* Check the secret key
* Ask up to 3 times for a correct passphrase
*/
int
check_secret_key( PKT_secret_cert *cert )
check_secret_key( PKT_secret_key *sk )
{
int rc = G10ERR_BAD_PASS;
int i;
@ -126,20 +126,20 @@ check_secret_key( PKT_secret_cert *cert )
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
rc = do_check( cert );
rc = do_check( sk );
#if 0 /* set to 1 to enable the workaround */
if( rc == G10ERR_BAD_PASS && cert->is_protected
&& cert->protect.algo == CIPHER_ALGO_BLOWFISH
&& cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
if( rc == G10ERR_BAD_PASS && sk->is_protected
&& sk->protect.algo == CIPHER_ALGO_BLOWFISH
&& sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
/* Workaround for a bug in 0.2.16 which still used
* a 160 bit key for BLOWFISH. */
log_info("trying workaround for 0.2.16 passphrase bug ...\n");
log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
rc = do_check( cert );
sk->protect.algo = CIPHER_ALGO_BLOWFISH160;
rc = do_check( sk );
if( rc )
rc = G10ERR_BAD_PASS;
cert->protect.algo = CIPHER_ALGO_BLOWFISH;
sk->protect.algo = CIPHER_ALGO_BLOWFISH;
}
#endif
if( get_passphrase_fd() != -1 )
@ -154,18 +154,18 @@ check_secret_key( PKT_secret_cert *cert )
* Returns: 0 not protected, -1 on error or the protection algorithm
*/
int
is_secret_key_protected( PKT_secret_cert *cert )
is_secret_key_protected( PKT_secret_key *sk )
{
return cert->is_protected? cert->protect.algo : 0;
return sk->is_protected? sk->protect.algo : 0;
}
/****************
* Protect the secret key certificate with the passphrase from DEK
* Protect the secret key with the passphrase from DEK
*/
int
protect_secret_key( PKT_secret_cert *cert, DEK *dek )
protect_secret_key( PKT_secret_key *sk, DEK *dek )
{
int i, rc = 0;
byte *buffer;
@ -175,33 +175,33 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
if( !dek )
return 0;
if( !cert->is_protected ) { /* okay, apply the protection */
if( !sk->is_protected ) { /* okay, apply the protection */
CIPHER_HANDLE cipher_hd=NULL;
if( check_cipher_algo( cert->protect.algo ) )
if( check_cipher_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
cipher_hd = cipher_open( cert->protect.algo,
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
/* NOTE: we always recalculate the checksum because there are some
* test releases which calculated it wrong */
csum = 0;
for(i=pubkey_get_npkey(cert->pubkey_algo);
i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
csum += checksum_mpi_counted_nbits( cert->skey[i] );
buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL );
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
csum += checksum_mpi_counted_nbits( sk->skey[i] );
buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
assert( !mpi_is_protected(cert->skey[i]) );
assert( !mpi_is_protected(sk->skey[i]) );
cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
mpi_set_protect_flag( cert->skey[i] );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_set_protect_flag( sk->skey[i] );
m_free( buffer );
}
cert->csum = csum;
cert->is_protected = 1;
sk->csum = csum;
sk->is_protected = 1;
cipher_close( cipher_hd );
}
}

60
g10/sig-check.c
View File

@ -39,7 +39,7 @@ struct cmp_help_context_s {
};
static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest );
@ -51,19 +51,19 @@ static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
{
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
if( is_RSA(sig->pubkey_algo) )
write_status(STATUS_RSA_OR_IDEA);
if( get_pubkey( pkc, sig->keyid ) )
if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else
rc = do_check( pkc, sig, digest );
rc = do_check( pk, sig, digest );
free_public_cert( pkc );
free_public_key( pk );
return rc;
}
@ -144,33 +144,33 @@ cmp_help( void *opaque, MPI result )
static int
do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
{
MPI result = NULL;
int rc=0;
struct cmp_help_context_s ctx;
u32 cur_time;
if( pkc->version == 4 && pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
return G10ERR_PUBKEY_ALGO;
}
if( pkc->timestamp > sig->timestamp )
if( pk->timestamp > sig->timestamp )
return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
cur_time = make_timestamp();
if( pkc->timestamp > cur_time ) {
if( pk->timestamp > cur_time ) {
log_info(_("public key created in future (time warp or clock problem)\n"));
return G10ERR_TIME_CONFLICT;
}
if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
pkc->valid_days) < cur_time ) {
if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
pk->valid_days) < cur_time ) {
log_info(_("warning: signature key expired %s\n"), strtimestamp(
add_days_to_timestamp(pkc->timestamp,
pkc->valid_days)));
add_days_to_timestamp(pk->timestamp,
pk->valid_days)));
write_status(STATUS_SIGEXPIRED);
}
@ -217,11 +217,11 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
}
md_final( digest );
result = encode_md_value( pkc->pubkey_algo, digest, sig->digest_algo,
mpi_get_nbits(pkc->pkey[0]));
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
mpi_get_nbits(pk->pkey[0]));
ctx.sig = sig;
ctx.md = digest;
rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey,
rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
cmp_help, &ctx );
mpi_free( result );
@ -249,14 +249,14 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
/****************
* check the signature pointed to by NODE. This is a key signature.
* If the function detects a self-signature, it uses the PKC from
* If the function detects a self-signature, it uses the PK from
* NODE and does not read any public key.
*/
int
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
MD_HANDLE md;
PKT_public_cert *pkc;
PKT_public_key *pk;
PKT_signature *sig;
int algo;
int rc;
@ -264,9 +264,9 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( is_selfsig )
*is_selfsig = 0;
assert( node->pkt->pkttype == PKT_SIGNATURE );
assert( root->pkt->pkttype == PKT_PUBLIC_CERT );
assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
pkc = root->pkt->pkt.public_cert;
pk = root->pkt->pkt.public_key;
sig = node->pkt->pkt.signature;
algo = sig->digest_algo;
if( (rc=check_digest_algo(algo)) )
@ -274,25 +274,25 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( sig->sig_class == 0x20 ) {
md = md_open( algo, 0 );
hash_public_cert( md, pkc );
rc = do_check( pkc, sig, md );
hash_public_key( md, pk );
rc = do_check( pk, sig, md );
md_close(md);
}
else if( sig->sig_class == 0x18 ) {
KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT );
KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
if( snode ) {
if( is_selfsig ) {
u32 keyid[2];
keyid_from_pkc( pkc, keyid );
keyid_from_pk( pk, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
md = md_open( algo, 0 );
hash_public_cert( md, pkc );
hash_public_cert( md, snode->pkt->pkt.public_cert );
rc = do_check( pkc, sig, md );
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md );
md_close(md);
}
else {
@ -306,15 +306,15 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( unode ) {
u32 keyid[2];
keyid_from_pkc( pkc, keyid );
keyid_from_pk( pk, keyid );
md = md_open( algo, 0 );
/*md_start_debug(md, "check");*/
hash_public_cert( md, pkc );
hash_public_key( md, pk );
hash_uid_node( unode, md, sig );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
if( is_selfsig )
*is_selfsig = 1;
rc = do_check( pkc, sig, md );
rc = do_check( pk, sig, md );
}
else
rc = signature_check( sig, md );

112
g10/sign.c
View File

@ -39,7 +39,7 @@
static int
do_sign( PKT_secret_cert *skc, PKT_signature *sig,
do_sign( PKT_secret_key *sk, PKT_signature *sig,
MD_HANDLE md, int digest_algo )
{
MPI frame;
@ -53,9 +53,9 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
frame = encode_md_value( skc->pubkey_algo, md,
digest_algo, mpi_get_nbits(skc->skey[0]));
rc = pubkey_sign( skc->pubkey_algo, sig->data, frame, skc->skey );
frame = encode_md_value( sk->pubkey_algo, md,
digest_algo, mpi_get_nbits(sk->skey[0]));
rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
mpi_free(frame);
if( rc )
log_error("pubkey_sign failed: %s\n", g10_errstr(rc) );
@ -63,7 +63,7 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string( sig->keyid );
log_info("%s signature from: %s\n",
pubkey_algo_to_string(skc->pubkey_algo), ustr );
pubkey_algo_to_string(sk->pubkey_algo), ustr );
m_free(ustr);
}
}
@ -73,12 +73,12 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
int
complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
{
int rc=0;
if( !(rc=check_secret_key( skc )) )
rc = do_sign( skc, sig, md, 0 );
if( !(rc=check_secret_key( sk )) )
rc = do_sign( sk, sig, md, 0 );
/* fixme: should we check whether the signature is okay?
* maybe by using an option */
@ -99,15 +99,15 @@ hash_for(int pubkey_algo )
}
static int
only_old_style( SKC_LIST skc_list )
only_old_style( SK_LIST sk_list )
{
SKC_LIST skc_rover = NULL;
SK_LIST sk_rover = NULL;
int old_style = 0;
/* if there are only old style capable key we use the old sytle */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc = skc_rover->skc;
if( skc->pubkey_algo == PUBKEY_ALGO_RSA && skc->version < 4 )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
old_style = 1;
else
return 0;
@ -142,9 +142,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
PKT_plaintext *pt = NULL;
u32 filesize;
int rc = 0;
PKC_LIST pkc_list = NULL;
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
PK_LIST pk_list = NULL;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int multifile = 0;
int old_style = opt.rfc1991;
@ -166,12 +166,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encrypt) )
log_bug("multiple files can only be detached signed");
if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
goto leave;
if( !old_style )
old_style = only_old_style( skc_list );
old_style = only_old_style( sk_list );
if( encrypt ) {
if( (rc=build_pkc_list( remusr, &pkc_list, 2 )) )
if( (rc=build_pk_list( remusr, &pk_list, 2 )) )
goto leave;
}
@ -204,9 +204,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
iobuf_push_filter( inp, text_filter, &tfx );
mfx.md = md_open(0, 0);
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc = skc_rover->skc;
md_enable(mfx.md, hash_for(skc->pubkey_algo));
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(mfx.md, hash_for(sk->pubkey_algo));
}
if( !multifile )
@ -218,7 +218,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
write_comment( out, "#created by GNUPG v" VERSION " ("
PRINTABLE_OS_NAME ")");
if( encrypt ) {
efx.pkc_list = pkc_list;
efx.pk_list = pk_list;
/* fixme: set efx.cfx.datalen if known */
iobuf_push_filter( out, encrypt_filter, &efx );
}
@ -231,17 +231,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( !detached && !old_style ) {
/* loop over the secret certificates and build headers */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc;
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_onepass_sig *ops;
skc = skc_rover->skc;
sk = sk_rover->sk;
ops = m_alloc_clear( sizeof *ops );
ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00;
ops->digest_algo = hash_for(skc->pubkey_algo);
ops->pubkey_algo = skc->pubkey_algo;
keyid_from_skc( skc, ops->keyid );
ops->last = !skc_rover->next;
ops->digest_algo = hash_for(sk->pubkey_algo);
ops->pubkey_algo = sk->pubkey_algo;
keyid_from_sk( sk, ops->keyid );
ops->last = !sk_rover->next;
init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG;
@ -324,20 +324,20 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
/* loop over the secret certificates */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc;
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
skc = skc_rover->skc;
sk = sk_rover->sk;
/* build the signature packet */
/* fixme: this code is partly duplicated in make_keysig_packet */
sig = m_alloc_clear( sizeof *sig );
sig->version = skc->version;
keyid_from_skc( skc, sig->keyid );
sig->digest_algo = hash_for(skc->pubkey_algo);
sig->pubkey_algo = skc->pubkey_algo;
sig->version = sk->version;
keyid_from_sk( sk, sig->keyid );
sig->digest_algo = hash_for(sk->pubkey_algo);
sig->pubkey_algo = sk->pubkey_algo;
sig->timestamp = make_timestamp();
sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
@ -380,7 +380,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
md_final( md );
rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
if( !rc ) { /* and write it */
@ -404,8 +404,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
release_skc_list( skc_list );
release_pkc_list( pkc_list );
release_sk_list( sk_list );
release_pk_list( pk_list );
return rc;
}
@ -458,18 +458,18 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
IOBUF inp = NULL, out = NULL;
PACKET pkt;
int rc = 0;
SKC_LIST skc_list = NULL;
SKC_LIST skc_rover = NULL;
SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
memset( &afx, 0, sizeof afx);
memset( &tfx, 0, sizeof tfx);
init_packet( &pkt );
if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
goto leave;
if( !old_style )
old_style = only_old_style( skc_list );
old_style = only_old_style( sk_list );
/* prepare iobufs */
if( !(inp = iobuf_open(fname)) ) {
@ -510,9 +510,9 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
textmd = md_open(0, 0);
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc = skc_rover->skc;
md_enable(textmd, hash_for(skc->pubkey_algo));
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(textmd, hash_for(sk->pubkey_algo));
}
iobuf_push_filter( inp, text_filter, &tfx );
@ -525,20 +525,20 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
iobuf_push_filter( out, armor_filter, &afx );
/* loop over the secret certificates */
for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
PKT_secret_cert *skc;
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
skc = skc_rover->skc;
sk = sk_rover->sk;
/* build the signature packet */
/* fixme: this code is duplicated above */
sig = m_alloc_clear( sizeof *sig );
sig->version = skc->version;
keyid_from_skc( skc, sig->keyid );
sig->digest_algo = hash_for(skc->pubkey_algo);
sig->pubkey_algo = skc->pubkey_algo;
sig->version = sk->version;
keyid_from_sk( sk, sig->keyid );
sig->digest_algo = hash_for(sk->pubkey_algo);
sig->pubkey_algo = sk->pubkey_algo;
sig->timestamp = make_timestamp();
sig->sig_class = 0x01;
@ -580,7 +580,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
md_final( md );
rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
if( !rc ) { /* and write it */
@ -604,7 +604,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
iobuf_close(out);
iobuf_close(inp);
md_close( textmd );
release_skc_list( skc_list );
release_sk_list( sk_list );
return rc;
}

74
g10/skclist.c
View File

@ -34,96 +34,96 @@
void
release_skc_list( SKC_LIST skc_list )
release_sk_list( SK_LIST sk_list )
{
SKC_LIST skc_rover;
SK_LIST sk_rover;
for( ; skc_list; skc_list = skc_rover ) {
skc_rover = skc_list->next;
free_secret_cert( skc_list->skc );
m_free( skc_list );
for( ; sk_list; sk_list = sk_rover ) {
sk_rover = sk_list->next;
free_secret_key( sk_list->sk );
m_free( sk_list );
}
}
int
build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock,
build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
unsigned usage )
{
SKC_LIST skc_list = NULL;
SK_LIST sk_list = NULL;
int rc;
if( !locusr ) { /* use the default one */
PKT_secret_cert *skc;
PKT_secret_key *sk;
skc = m_alloc_clear( sizeof *skc );
if( (rc = get_seckey_byname( skc, NULL, unlock )) ) {
free_secret_cert( skc ); skc = NULL;
sk = m_alloc_clear( sizeof *sk );
if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
free_secret_key( sk ); sk = NULL;
log_error("no default secret key: %s\n", g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
SKC_LIST r;
if( skc->version == 4 && (usage & 1)
&& skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r;
if( sk->version == 4 && (usage & 1)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_error("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
free_secret_cert( skc ); skc = NULL;
free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
r->skc = skc; skc = NULL;
r->next = skc_list;
r->sk = sk; sk = NULL;
r->next = sk_list;
r->mark = 0;
skc_list = r;
sk_list = r;
}
}
else {
free_secret_cert( skc ); skc = NULL;
free_secret_key( sk ); sk = NULL;
log_error("invalid default secret key: %s\n", g10_errstr(rc) );
}
}
else {
for(; locusr; locusr = locusr->next ) {
PKT_secret_cert *skc;
PKT_secret_key *sk;
skc = m_alloc_clear( sizeof *skc );
if( (rc = get_seckey_byname( skc, locusr->d, unlock )) ) {
free_secret_cert( skc ); skc = NULL;
sk = m_alloc_clear( sizeof *sk );
if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
}
else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
SKC_LIST r;
if( skc->version == 4 && (usage & 1)
&& skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r;
if( sk->version == 4 && (usage & 1)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("skipped '%s': this is a PGP generated "
"ElGamal key which is not secure for signatures!\n",
locusr->d );
free_secret_cert( skc ); skc = NULL;
free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
r->skc = skc; skc = NULL;
r->next = skc_list;
r->sk = sk; sk = NULL;
r->next = sk_list;
r->mark = 0;
skc_list = r;
sk_list = r;
}
}
else {
free_secret_cert( skc ); skc = NULL;
free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
}
}
}
if( !rc && !skc_list ) {
if( !rc && !sk_list ) {
log_error("no valid signators\n");
rc = G10ERR_NO_USER_ID;
}
if( rc )
release_skc_list( skc_list );
release_sk_list( sk_list );
else
*ret_skc_list = skc_list;
*ret_sk_list = sk_list;
return rc;
}

158
g10/trustdb.c
View File

@ -163,7 +163,7 @@ static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
static int read_record( ulong recnum, TRUSTREC *rec, int expected );
static int write_record( ulong recnum, TRUSTREC *rec );
static ulong new_recnum(void);
static int search_record( PKT_public_cert *pkc, TRUSTREC *rec );
static int search_record( PKT_public_key *pk, TRUSTREC *rec );
static int walk_sigrecs( SIGREC_CONTEXT *c, int create );
static LOCAL_ID_INFO *new_lid_table(void);
@ -636,13 +636,13 @@ new_recnum()
}
/****************
* Search the trustdb for a key which matches PKC and return the dir record
* The local_id of PKC is set to the correct value
* Search the trustdb for a key which matches PK and return the dir record
* The local_id of PK is set to the correct value
*
* Note: To increase performance, we could use a index search here.
*/
static int
search_record( PKT_public_cert *pkc, TRUSTREC *rec )
search_record( PKT_public_key *pk, TRUSTREC *rec )
{
ulong recnum;
u32 keyid[2];
@ -650,8 +650,8 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
size_t fingerlen;
int rc;
keyid_from_pkc( pkc, keyid );
fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 );
for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) {
@ -665,13 +665,13 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
log_error("%lu: ooops: invalid key record\n", recnum );
break;
}
if( keyrec.r.key.pubkey_algo == pkc->pubkey_algo
if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
&& !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
if( pkc->local_id && pkc->local_id != recnum )
if( pk->local_id && pk->local_id != recnum )
log_error("%s: found record, but local_id from mem does "
"not match recnum (%lu,%lu)\n", db_name,
(ulong)pkc->local_id, (ulong)recnum );
pkc->local_id = recnum;
(ulong)pk->local_id, (ulong)recnum );
pk->local_id = recnum;
return 0;
}
}
@ -689,25 +689,25 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
static int
set_signature_packets_local_id( PKT_signature *sig )
{
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
TRUSTREC rec;
int rc;
rc = get_pubkey( pkc, sig->keyid );
rc = get_pubkey( pk, sig->keyid );
if( rc)
goto leave;
if( !pkc->local_id ) {
rc = search_record( pkc, &rec );
if( !pk->local_id ) {
rc = search_record( pk, &rec );
if( rc == -1 )
rc = insert_trust_record( pkc );
rc = insert_trust_record( pk );
if( rc )
goto leave;
/* fixme: we should propagate the local_id to all copies of the PKC */
/* fixme: we should propagate the local_id to all copies of the PK */
}
sig->local_id = pkc->local_id;
sig->local_id = pk->local_id;
leave:
free_public_cert( pkc );
free_public_key( pk );
return rc;
}
@ -833,15 +833,15 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
* Verify that all our public keys are in the trustDB.
*/
static int
verify_own_certs()
verify_own_keys()
{
int rc;
void *enum_context = NULL;
PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
u32 keyid[2];
while( !(rc=enum_secret_keys( &enum_context, skc) ) ) {
while( !(rc=enum_secret_keys( &enum_context, sk) ) ) {
/* fixed: to be sure that it is a secret key of our own,
* we should check it, but this needs a passphrase
* for every key and this is boring for the user.
@ -850,20 +850,20 @@ verify_own_certs()
* startup
*/
keyid_from_skc( skc, keyid );
keyid_from_sk( sk, keyid );
if( DBG_TRUST )
log_debug("checking secret key %08lX\n", (ulong)keyid[1] );
/* see whether we can access the public key of this secret key */
memset( pkc, 0, sizeof *pkc );
rc = get_pubkey( pkc, keyid );
memset( pk, 0, sizeof *pk );
rc = get_pubkey( pk, keyid );
if( rc ) {
log_error(_("keyid %08lX: secret key without public key\n"),
(ulong)keyid[1] );
goto leave;
}
if( cmp_public_secret_cert( pkc, skc ) ) {
if( cmp_public_secret_key( pk, sk ) ) {
log_error(_("keyid %08lX: secret and public key don't match\n"),
(ulong)keyid[1] );
rc = G10ERR_GENERAL;
@ -871,9 +871,9 @@ verify_own_certs()
}
/* make sure that the pubkey is in the trustdb */
rc = query_trust_record( pkc );
rc = query_trust_record( pk );
if( rc == -1 ) { /* put it into the trustdb */
rc = insert_trust_record( pkc );
rc = insert_trust_record( pk );
if( rc ) {
log_error(_("keyid %08lX: can't put it into the trustdb\n"),
(ulong)keyid[1] );
@ -888,14 +888,14 @@ verify_own_certs()
if( DBG_TRUST )
log_debug("putting %08lX(%lu) into ultikey_table\n",
(ulong)keyid[1], pkc->local_id );
if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) )
(ulong)keyid[1], pk->local_id );
if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
log_error(_("keyid %08lX: already in ultikey_table\n"),
(ulong)keyid[1]);
release_secret_cert_parts( skc );
release_public_cert_parts( pkc );
release_secret_key_parts( sk );
release_public_key_parts( pk );
}
if( rc != -1 )
log_error(_("enum_secret_keys failed: %s\n"), g10_errstr(rc) );
@ -903,8 +903,8 @@ verify_own_certs()
rc = 0;
leave:
free_secret_cert( skc );
free_public_cert( pkc );
free_secret_key( sk );
free_public_key( pk );
return rc;
}
@ -1186,7 +1186,7 @@ build_sigrecs( ulong pubkeyid )
goto leave;
}
if( !selfsig ) {
log_error(_("build_sigrecs: self-certificate missing\n") );
log_error(_("build_sigrecs: self-signature missing\n") );
update_no_sigs( pubkeyid, 2 );
rc = G10ERR_BAD_CERT;
goto leave;
@ -1544,9 +1544,9 @@ init_trustdb( int level, const char *dbname )
* in ~/.gnupg/ here */
rc = verify_private_data();
if( !rc ) {
/* verify that our own certificates are in the trustDB
/* verify that our own keys are in the trustDB
* or move them to the trustdb. */
rc = verify_own_certs();
rc = verify_own_keys();
/* should we check whether there is no other ultimately trusted
* key in the database? */
@ -1566,19 +1566,19 @@ list_trustdb( const char *username )
TRUSTREC rec;
if( username ) {
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc;
if( (rc = get_pubkey_byname( pkc, username )) )
if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
else if( (rc=search_record( pkc, &rec )) && rc != -1 )
else if( (rc=search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 )
log_error("user '%s' not in trustdb\n", username);
else if( (rc = list_sigs( pkc->local_id )) )
else if( (rc = list_sigs( pk->local_id )) )
log_error("user '%s' list problem: %s\n", username, g10_errstr(rc));
free_public_cert( pkc );
free_public_key( pk );
}
else {
ulong recnum;
@ -1600,36 +1600,36 @@ list_trust_path( int max_depth, const char *username )
int wipe=0;
int i;
TRUSTREC rec;
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
if( max_depth < 0 ) {
wipe = 1;
max_depth = -max_depth;
}
if( (rc = get_pubkey_byname( pkc, username )) )
if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
else if( (rc=search_record( pkc, &rec )) && rc != -1 )
else if( (rc=search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 ) {
log_info("user '%s' not in trustdb - inserting\n", username);
rc = insert_trust_record( pkc );
rc = insert_trust_record( pk );
if( rc )
log_error("failed to put '%s' into trustdb: %s\n", username, g10_errstr(rc));
else {
assert( pkc->local_id );
assert( pk->local_id );
}
}
if( !rc ) {
TRUST_SEG_LIST tsl, tslist = NULL;
if( !qry_lid_table_flag( ultikey_table, pkc->local_id, NULL ) ) {
if( !qry_lid_table_flag( ultikey_table, pk->local_id, NULL ) ) {
tslist = m_alloc( sizeof *tslist );
tslist->nseg = 1;
tslist->dup = 0;
tslist->seg[0].lid = pkc->local_id;
tslist->seg[0].lid = pk->local_id;
tslist->seg[0].trust = 0;
tslist->next = NULL;
rc = 0;
@ -1638,7 +1638,7 @@ list_trust_path( int max_depth, const char *username )
LOCAL_ID_INFO *lids = new_lid_table();
TRUST_INFO stack[MAX_LIST_SIGS_DEPTH];
stack[0].lid = pkc->local_id;
stack[0].lid = pk->local_id;
stack[0].trust = 0;
rc = do_list_path( stack, 1, max_depth, lids, &tslist );
if( wipe ) { /* wipe out duplicates */
@ -1674,17 +1674,17 @@ list_trust_path( int max_depth, const char *username )
}
}
free_public_cert( pkc );
free_public_key( pk );
}
/****************
* Get the trustlevel for this PKC.
* Get the trustlevel for this PK.
* Note: This does not ask any questions
* Returns: 0 okay of an errorcode
*
* It operates this way:
* locate the pkc in the trustdb
* locate the pk in the trustdb
* found:
* Do we have a valid cache record for it?
* yes: return trustlevel from cache
@ -1700,7 +1700,7 @@ list_trust_path( int max_depth, const char *username )
* is not necessary to check this if we use a local pubring. Hmmmm.
*/
int
check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
{
TRUSTREC rec;
unsigned trustlevel = TRUST_UNKNOWN;
@ -1711,44 +1711,44 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
log_info("check_trust() called.\n");
/* get the pubkey record */
if( pkc->local_id ) {
if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
if( pk->local_id ) {
if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error(_("check_trust: read record failed\n"));
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
if( (rc=search_record( pk, &rec )) && rc != -1 ) {
log_error(_("check_trust: search_record failed: %s\n"),
g10_errstr(rc));
return rc;
}
else if( rc == -1 ) {
rc = insert_trust_record( pkc );
rc = insert_trust_record( pk );
if( rc ) {
log_error(_("failed to insert pubkey into trustdb: %s\n"),
g10_errstr(rc));
goto leave;
}
log_info(_("pubkey not in trustdb - inserted as %lu\n"),
pkc->local_id );
pk->local_id );
}
}
cur_time = make_timestamp();
if( pkc->timestamp > cur_time ) {
if( pk->timestamp > cur_time ) {
log_info(_("public key created in future (time warp or clock problem)\n"));
return G10ERR_TIME_CONFLICT;
}
if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
pkc->valid_days) < cur_time ) {
if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
pk->valid_days) < cur_time ) {
log_info(_("key expiration date is %s\n"), strtimestamp(
add_days_to_timestamp(pkc->timestamp,
pkc->valid_days)));
add_days_to_timestamp(pk->timestamp,
pk->valid_days)));
trustlevel = TRUST_EXPIRED;
}
else {
rc = do_check( pkc->local_id, &rec, &trustlevel );
rc = do_check( pk->local_id, &rec, &trustlevel );
if( rc ) {
log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc));
return rc;
@ -1765,12 +1765,12 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
int
query_trust_info( PKT_public_cert *pkc )
query_trust_info( PKT_public_key *pk )
{
unsigned trustlevel;
int c;
if( check_trust( pkc, &trustlevel ) )
if( check_trust( pk, &trustlevel ) )
return '?';
if( trustlevel & TRUST_FLAG_REVOKED )
return 'r';
@ -1875,25 +1875,25 @@ keyid_from_trustdb( ulong lid, u32 *keyid )
/****************
* This function simply looks for the key in the trustdb
* and sets PKC->local_id.
* and sets PK->local_id.
* Return: 0 = found
* -1 = not found
* other = error
*/
int
query_trust_record( PKT_public_cert *pkc )
query_trust_record( PKT_public_key *pk )
{
TRUSTREC rec;
int rc=0;
if( pkc->local_id ) {
if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
if( pk->local_id ) {
if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error("query_trust_record: read record failed\n");
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
if( (rc=search_record( pk, &rec )) && rc != -1 ) {
log_error("query_trust_record: search_record failed: %s\n",
g10_errstr(rc));
return rc;
@ -1908,7 +1908,7 @@ query_trust_record( PKT_public_cert *pkc )
* This function fails if this record already exists.
*/
int
insert_trust_record( PKT_public_cert *pkc )
insert_trust_record( PKT_public_key *pk )
{
TRUSTREC rec;
u32 keyid[2];
@ -1917,11 +1917,11 @@ insert_trust_record( PKT_public_cert *pkc )
size_t fingerlen;
if( pkc->local_id )
log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id );
if( pk->local_id )
log_bug("pk->local_id=%lu\n", (ulong)pk->local_id );
keyid_from_pkc( pkc, keyid );
fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
keyid_from_pk( pk, keyid );
fingerprint = fingerprint_from_pk( pk, &fingerlen );
/* FIXME: check that we do not have this record. */
@ -1945,7 +1945,7 @@ insert_trust_record( PKT_public_cert *pkc )
rec.r.key.owner = dnum;
rec.r.key.keyid[0] = keyid[0];
rec.r.key.keyid[1] = keyid[1];
rec.r.key.pubkey_algo = pkc->pubkey_algo;
rec.r.key.pubkey_algo = pk->pubkey_algo;
rec.r.key.fingerprint_len = fingerlen;
memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
rec.r.key.ownertrust = 0;
@ -1954,7 +1954,7 @@ insert_trust_record( PKT_public_cert *pkc )
return G10ERR_TRUSTDB;
}
pkc->local_id = dnum;
pk->local_id = dnum;
return 0;
}

8
g10/trustdb.h
View File

@ -39,13 +39,13 @@
void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username );
int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel );
int query_trust_info( PKT_public_cert *pkc );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk );
int enum_trust_web( void **context, ulong *lid );
int get_ownertrust( ulong lid, unsigned *r_otrust );
int keyid_from_trustdb( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_cert *pkc );
int insert_trust_record( PKT_public_cert *pkc );
int query_trust_record( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust );
int verify_private_data(void);
int sign_private_data(void);

2
po/POTFILES.in
View File

@ -13,4 +13,4 @@ cipher/random.c
g10/g10.c
g10/pkclist.c
g10/keygen.c
#---end--

206
po/it.po
View File

@ -4,8 +4,7 @@ msgstr ""
"Content-Type: text/plain; charset=iso-8859-1\n"
"Date: 1998-03-07 12:16:14+0100\n"
"From: Marco d'Itri <md@linux.it>\n"
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments "
"--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments --keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n"
#: util/secmem.c:180
@ -176,7 +175,7 @@ msgstr "modo batch: non fare domande"
#: g10/g10.c:102
msgid "assume yes on most questions"
msgstr "assumi \"sì\" a quasi tutte le domande"
msgstr "assumi \"s\354\" a quasi tutte le domande"
#: g10/g10.c:103
msgid "assume no on most questions"
@ -212,11 +211,11 @@ msgstr "non scrivere pacchetti di commento"
#: g10/g10.c:112
msgid "(default is 1)"
msgstr "(predefinito è 1)"
msgstr "(predefinito \350 1)"
#: g10/g10.c:113
msgid "(default is 3)"
msgstr "(predefinito è 3)"
msgstr "(predefinito \350 3)"
#: g10/g10.c:114
msgid "|file|load extension module"
@ -306,18 +305,18 @@ msgstr "comandi in conflitto\n"
#: g10/g10.c:358
msgid "selected cipher algorithm is invalid\n"
msgstr "l'algoritmo di cifratura selezionato non è valido\n"
msgstr "l'algoritmo di cifratura selezionato non \350 valido\n"
#: g10/g10.c:360
msgid "selected pubkey algorithm is invalid\n"
msgstr "l'algoritmo a chiave pubblica selezionato non è valido\n"
msgstr "l'algoritmo a chiave pubblica selezionato non \350 valido\n"
#: g10/g10.c:362
msgid "selected digest algorithm is invalid\n"
msgstr "l'algoritmo di digest selezionato non è valido\n"
msgstr "l'algoritmo di digest selezionato non \350 valido\n"
# , c-format
#: g10/g10.c:364
#, c-format
msgid "compress algorithm must be in range %d..%d\n"
msgstr "l'algoritmo di compressione deve essere tra %d e %d\n"
@ -329,23 +328,23 @@ msgstr "completes-needed deve essere maggiore di 0\n"
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed deve essere maggiore di 1\n"
# , c-format
#: g10/g10.c:465
#, c-format
msgid "note: no default option file '%s'\n"
msgstr "nota: nessun file con opzioni predefinite '%s'\n"
# , c-format
#: g10/g10.c:469
#, c-format
msgid "option file '%s': %s\n"
msgstr "file con opzioni predefinite '%s': %s\n"
# , c-format
#: g10/g10.c:476
#, c-format
msgid "reading options from '%s'\n"
msgstr "lettura delle opzioni da '%s'\n"
# , c-format
#: g10/g10.c:696
#, c-format
msgid "failed to initialize the TrustDB: %s\n"
msgstr "inizializzazione del TrustDB fallita: %s\n"
@ -365,6 +364,7 @@ msgstr "--encrypt [nomefile]"
msgid "--sign [filename]"
msgstr "--sign [nomefile]"
#. sign and encrypt the given file
#: g10/g10.c:744
msgid "--sign --encrypt [filename]"
msgstr "--sign --encrypt [nomefile]"
@ -381,6 +381,7 @@ msgstr "--decrypt [nomefile]"
msgid "--sign-key username"
msgstr ""
#. Edit a key signature
#: g10/g10.c:786
msgid "--edit-sig username"
msgstr ""
@ -393,14 +394,13 @@ msgstr ""
msgid "--delete-key username"
msgstr ""
#. Change the passphrase
#. no arg: use default, 1 arg use this one
#: g10/g10.c:805
msgid "--change-passphrase [username]"
msgstr ""
# , c-format
#. -kv userid keyring
#: g10/g10.c:829
#, c-format
msgid "can't open %s: %s\n"
msgstr "impossibile aprire '%s': %s\n"
@ -408,18 +408,18 @@ msgstr "impossibile aprire '%s': %s\n"
msgid "-k[v][v][v][c] [userid] [keyring]"
msgstr "-k[v][v][v][c] [userid] [portachiavi]"
# , c-format
#: g10/g10.c:892
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "rimozione dell'armatura fallita: %s\n"
# , c-format
#: g10/g10.c:900
#, c-format
msgid "enarmoring failed: %s\n"
msgstr "creazione dell'armatura fallita: %s\n"
# , c-format
#: g10/g10.c:956
#, c-format
msgid "invalid hash algorithm '%s'\n"
msgstr ""
@ -427,14 +427,14 @@ msgstr ""
msgid "[filename]"
msgstr "[nomefile]"
# , c-format
#: g10/g10.c:1008
#, c-format
msgid "can't open '%s'\n"
msgstr "impossibile aprire '%s'\n"
# #### Md ???
# , c-format
#: g10/pkclist.c:65
#, c-format
msgid ""
"No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""
@ -459,7 +459,7 @@ msgid ""
msgstr ""
"\"\n"
"\n"
"Per favore decidi quanto hai fiducia di questo utente perchè firmi\n"
"Per favore decidi quanto hai fiducia di questo utente perch\350 firmi\n"
"correttamente le chiavi di altri utenti (guardando il suo passaporto,\n"
"controllando le impronte digitali da diverse fonti ...)?\n"
"\n"
@ -480,11 +480,9 @@ msgid ""
"to any 3rd party. We need it to implement the web-of-trust; it has nothing\n"
"to do with the (implicitly created) web-of-certificates.\n"
msgstr ""
"È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n"
"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; "
"non\n"
"ha nulla a che fare con la ragnatela-di-certificati (creata "
"implicitamente).\n"
"\310 compito tuo assegnare qui un valore; questo valore non sar\340 mai esportato\n"
"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; non\n"
"ha nulla a che fare con la ragnatela-di-certificati (creata implicitamente).\n"
#: g10/pkclist.c:108
msgid "You will see a list of signators etc. here\n"
@ -515,8 +513,8 @@ msgid ""
"the next question with yes\n"
"\n"
msgstr ""
"NON è sicuro che la chiave appartenga al suo proprietario.\n"
"Se *veramente* sai cosa stai facendo, puoi rispondere sì alla\n"
"NON \350 sicuro che la chiave appartenga al suo proprietario.\n"
"Se *veramente* sai cosa stai facendo, puoi rispondere s\354 alla\n"
"prossima domanda.\n"
"\n"
@ -548,28 +546,28 @@ msgstr "scrittura della autofirma\n"
msgid "Please select what kind of key you want:\n"
msgstr "Per favore scegli che tipo di chiave vuoi:\n"
# , c-format
#: g10/keygen.c:384
#, c-format
msgid " (%d) DSA and ElGamal (default)\n"
msgstr " (%d) DSA e ElGamal (default)\n"
# , c-format
#: g10/keygen.c:385
#, c-format
msgid " (%d) ElGamal (sign and encrypt)\n"
msgstr " (%d) ElGamal (firma e crittografa)\n"
# , c-format
#: g10/keygen.c:386
#, c-format
msgid " (%d) ElGamal (encrypt only)\n"
msgstr " (%d) ElGamal (crittografa solo)\n"
# , c-format
#: g10/keygen.c:387
#, c-format
msgid " (%d) DSA (sign only)\n"
msgstr " (%d) DSA (firma solo)\n"
# , c-format
#: g10/keygen.c:388
#, c-format
msgid " (%d) ElGamal in a v3 packet\n"
msgstr " (%d) ElGamal in un pacchetto v3\n"
@ -581,8 +579,8 @@ msgstr "Cosa scegli? "
msgid "Invalid selection.\n"
msgstr "Scelta non valida.\n"
# , c-format
#: g10/keygen.c:430
#, c-format
msgid ""
"About to generate a new %s keypair.\n"
" minimum keysize is 768 bits\n"
@ -590,9 +588,9 @@ msgid ""
" highest suggested keysize is 2048 bits\n"
msgstr ""
"Sto per generare una nuova coppia di chiavi %s.\n"
" la dimensione minima è 768 bit\n"
" la dimensione predefinita è 1024 bit\n"
" la dimensione massima suggerita è 2048 bit\n"
" la dimensione minima \350 768 bit\n"
" la dimensione predefinita \350 1024 bit\n"
" la dimensione massima suggerita \350 2048 bit\n"
#: g10/keygen.c:436
msgid "What keysize do you want? (1024) "
@ -604,39 +602,31 @@ msgstr "DSA permette solo chiavi di dimensioni da 512 a 1024\n"
#: g10/keygen.c:443
msgid "keysize too small; 768 is smallest value allowed.\n"
msgstr "la chiave è troppo corta; 768 è il minimo valore permesso.\n"
msgstr "la chiave \350 troppo corta; 768 \350 il minimo valore permesso.\n"
#: g10/keygen.c:445
msgid ""
"Keysizes larger than 2048 are not suggested, because computations take "
"REALLY long!\n"
msgstr ""
"Chiavi più lunghe di 2048 non sono consigliate, perchè i calcoli sono "
"VERAMENTE lunghi!\n"
msgid "Keysizes larger than 2048 are not suggested, because computations take REALLY long!\n"
msgstr "Chiavi pi\371 lunghe di 2048 non sono consigliate, perch\350 i calcoli sono VERAMENTE lunghi!\n"
#: g10/keygen.c:447
msgid "Are you sure, that you want this keysize? "
msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
#: g10/keygen.c:451
msgid ""
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
"vulnerable to attacks!\n"
msgstr ""
"Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla "
"tua tastiera sono molto vulnerabili ad attacchi!\n"
msgid "Okay, but keep in mind that your monitor and keyboard radiation is also very vulnerable to attacks!\n"
msgstr "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla tua tastiera sono molto vulnerabili ad attacchi!\n"
#: g10/keygen.c:459
msgid "Do you really need such a large keysize? "
msgstr "Ti serve davvero una chiave così lunga? "
msgstr "Ti serve davvero una chiave cos\354 lunga? "
# , c-format
#: g10/keygen.c:470
#, c-format
msgid "Requested keysize is %u bits\n"
msgstr "Le dimensioni della chiave richieste sono %u bit\n"
# , c-format
#: g10/keygen.c:473 g10/keygen.c:477
#, c-format
msgid "rounded up to %u bits\n"
msgstr "arrotondate a %u bit\n"
@ -648,11 +638,12 @@ msgid ""
" <n>w = key expires in n weeks\n"
" <n>m = key expires in n months\n"
" <n>y = key expires in n years\n"
msgstr "Per favore specifica per quanto la chiave sarà valida.\n"
" 0 = la chiave non scadrà\n"
" <n>w = la chiave scadrà dopo n giorni\n"
" <n>m = la chiave scadrà dopo n mesi\n"
" <n>y = la chiave scadrà dopo n anni\n"
msgstr ""
"Per favore specifica per quanto la chiave sar\340 valida.\n"
" 0 = la chiave non scadr\340\n"
" <n>w = la chiave scadr\340 dopo n giorni\n"
" <n>m = la chiave scadr\340 dopo n mesi\n"
" <n>y = la chiave scadr\340 dopo n anni\n"
#: g10/keygen.c:504
msgid "Key is valid for? (0) "
@ -666,65 +657,64 @@ msgstr "valore non valido\n"
msgid "Key does not expire at all\n"
msgstr "La chiave non scade\n"
#: g10/keygen.c:522
#, c-format
# , c-format
#. print the date when the key expires
#: g10/keygen.c:523
msgid "Key expires at %s\n"
msgstr "La chiave scadrà il %s\n"
msgstr "La chiave scadr\340 il %s\n"
#: g10/keygen.c:527
#: g10/keygen.c:528
msgid "Is this correct (y/n)? "
msgstr "È giusto (y/n)? "
msgstr "\310 giusto (y/n)? "
#: g10/keygen.c:543
#: g10/keygen.c:557
msgid ""
"\n"
"You need a User-ID to identify your key; the software constructs the user "
"id\n"
"You need a User-ID to identify your key; the software constructs the user id\n"
"from Real Name, Comment and Email Address in this form:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
msgstr ""
"\n"
"Ti serve un User ID per identificare la tua chiave; il software costruisce "
"l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email "
"indicati in questa forma:\n"
"Ti serve un User ID per identificare la tua chiave; il software costruisce l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email indicati in questa forma:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n"
"\n"
#: g10/keygen.c:554
#: g10/keygen.c:568
msgid "Real name: "
msgstr "Nome e Cognome: "
#: g10/keygen.c:558
#: g10/keygen.c:572
msgid "Invalid character in name\n"
msgstr "Carattere non valido nel nome\n"
#: g10/keygen.c:560
#: g10/keygen.c:574
msgid "Name may not start with a digit\n"
msgstr "Il nome non può iniziare con una cifra\n"
msgstr "Il nome non pu\362 iniziare con una cifra\n"
#: g10/keygen.c:562
#: g10/keygen.c:576
msgid "Name must be at least 5 characters long\n"
msgstr "Il nome deve essere lungo almeno 5 caratteri\n"
#: g10/keygen.c:570
#: g10/keygen.c:584
msgid "Email address: "
msgstr "Indirizzo di Email: "
#: g10/keygen.c:582
#: g10/keygen.c:596
msgid "Not a valid email address\n"
msgstr "L'indirizzo di email non è valido\n"
msgstr "L'indirizzo di email non \350 valido\n"
#: g10/keygen.c:590
#: g10/keygen.c:604
msgid "Comment: "
msgstr "Commento: "
#: g10/keygen.c:596
#. no comment is okay
#: g10/keygen.c:610
msgid "Invalid character in comment\n"
msgstr "Carattere non valido nel commento\n"
#: g10/keygen.c:616
#, c-format
# , c-format
#: g10/keygen.c:630
msgid ""
"You selected this USER-ID:\n"
" \"%s\"\n"
@ -734,11 +724,11 @@ msgstr ""
" \"%s\"\n"
"\n"
#: g10/keygen.c:619
#: g10/keygen.c:633
msgid "Edit (N)ame, (C)omment, (E)mail or (O)kay? "
msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay? "
#: g10/keygen.c:658
#: g10/keygen.c:672
msgid ""
"You need a Passphrase to protect your secret key.\n"
"\n"
@ -746,73 +736,71 @@ msgstr ""
"Ti serve una passphrase per proteggere la tua chiave segreta.\n"
"\n"
#: g10/keygen.c:666
#: g10/keygen.c:680
msgid "passphrase not correctly repeated; try again.\n"
msgstr "passphrase non ripetuta correttamente; riprova.\n"
#: g10/keygen.c:672
#: g10/keygen.c:686
msgid ""
"You don't want a passphrase - this is probably a *bad* idea!\n"
"I will do it anyway. You can change your passphrase at any time,\n"
"using this program with the option \"--change-passphrase\"\n"
"\n"
msgstr ""
"Non hai specificato una passphrase - questa è probabilmente una *cattiva*\n"
"idea! Lo farò io comunque. Puoi cambiarla in ogni momento, usando questo\n"
"Non hai specificato una passphrase - questa \350 probabilmente una *cattiva*\n"
"idea! Lo far\362 io comunque. Puoi cambiarla in ogni momento, usando questo\n"
"programma con l'opzione \"--change-passphrase\"\n"
"\n"
#: g10/keygen.c:693
#: g10/keygen.c:707
msgid ""
"We need to generate a lot of random bytes. It is a good idea to perform\n"
"some other action (work in another window, move the mouse, utilize the\n"
"network and the disks) during the prime generation; this gives the random\n"
"number generator a better chance to gain enough entropy.\n"
msgstr ""
"Dobbiamo generare un mucchio di byte casuali. È una buona idea eseguire\n"
"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, "
"usare\n"
"la rete e i dischi) durante la generazione dei numeri primi; questo dà al\n"
"generatore di numeri casuali la possibilità di raccogliere abbastanza\n"
"Dobbiamo generare un mucchio di byte casuali. \310 una buona idea eseguire\n"
"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, usare\n"
"la rete e i dischi) durante la generazione dei numeri primi; questo d\340 al\n"
"generatore di numeri casuali la possibilit\340 di raccogliere abbastanza\n"
"entropia.\n"
#: g10/keygen.c:739 g10/keygen.c:887
#: g10/keygen.c:753 g10/keygen.c:901
msgid "Key generation can only be used in interactive mode\n"
msgstr "Una chiave può essere generata solo in modo interattivo\n"
msgstr "Una chiave pu\362 essere generata solo in modo interattivo\n"
#: g10/keygen.c:747
#: g10/keygen.c:761
msgid "DSA keypair will have 1024 bits.\n"
msgstr "La coppia DSA avrà 1024 bit.\n"
msgstr "La coppia DSA avr\340 1024 bit.\n"
#: g10/keygen.c:759
#, c-format
# , c-format
#: g10/keygen.c:773
msgid "writing public certificate to '%s'\n"
msgstr "scrittura del certificato pubblico in '%s'\n"
#: g10/keygen.c:760
#, c-format
# , c-format
#: g10/keygen.c:774
msgid "writing secret certificate to '%s'\n"
msgstr "scrittura del certificato privato in '%s'\n"
#: g10/keygen.c:838
#: g10/keygen.c:852
msgid "public and secret key created and signed.\n"
msgstr "chiavi pubbliche e segrete create e firmate.\n"
#: g10/keygen.c:840
#: g10/keygen.c:854
msgid ""
"Note that this key cannot be used for encryption. You may want to use\n"
"the command \"--add-key\" to generate a secondary key for this purpose.\n"
msgstr ""
"Nota che questa chiave non può essere usata per la crittografia. Forse\n"
"Nota che questa chiave non pu\362 essere usata per la crittografia. Forse\n"
"vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n"
"per questo scopo.\n"
#: g10/keygen.c:854 g10/keygen.c:1006
#, c-format
# , c-format
#: g10/keygen.c:868 g10/keygen.c:1020
msgid "Key generation failed: %s\n"
msgstr "Generazione della chiave fallita: %s\n"
#: g10/keygen.c:1001
#: g10/keygen.c:1015
msgid "public and secret subkey created.\n"
msgstr "sottochiavi pubbliche e segrete create.\n"

2
util/g10u.c
View File

@ -34,6 +34,6 @@ void *g10_calloc( size_t n ) { return m_alloc_clear( n ); }
void *g10_malloc_secure( size_t n ) { return m_alloc_secure( n ); }
void *g10_calloc_secure( size_t n ) { return m_alloc_secure_clear( n ); }
void *g10_realloc( void *a, size_t n ) { return m_realloc( a, n ); }
void g10_free( void *p ) { return m_free( p ); }
void g10_free( void *p ) { m_free( p ); }
char *g10_strdup( const char * a) { return m_strdup( a ); }

2
zlib/Makefile
View File

@ -92,7 +92,7 @@ POSUB = po
RANLIB = ranlib
USE_INCLUDED_LIBINTL = yes
USE_NLS = yes
VERSION = 0.3.0a
VERSION = 0.3.0b
ZLIBS =
l =