started with trust stuff

2025-07-02 22:46:30 +02:00 · 1998-01-12 10:18:17 +00:00 · 1998-01-12 10:18:17 +00:00 · ed36092588
commit ed36092588
parent 762d3d7197
54 changed files with 1861 additions and 700 deletions
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@ -31,6 +31,7 @@ g10_SOURCES = g10.c		\
 	      openfile.c	\
 	      keyid.c		\
 	      trustdb.c 	\
+	      trustdb.h 	\
 	      packet.h		\
 	      parse-packet.c	\
 	      passphrase.c	\
--- a/g10/Makefile.in
+++ b/g10/Makefile.in
@ -69,6 +69,7 @@ g10_SOURCES = g10.c		\
 	      openfile.c	\
 	      keyid.c		\
 	      trustdb.c 	\
+	      trustdb.h 	\
 	      packet.h		\
 	      parse-packet.c	\
 	      passphrase.c	\
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@ -196,7 +196,7 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
 * Make a hash value from the public key certificate
 */
 void
-hash_public_cert( MD_HANDLE *md, PKT_public_cert *pkc )
+hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
 {
    PACKET pkt;
    int rc = 0;
@ -210,7 +210,7 @@ hash_public_cert( MD_HANDLE *md, PKT_public_cert *pkc )
    if( (rc = build_packet( a, &pkt )) )
 	log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc));
    while( (c=iobuf_get(a)) != -1 )
-	md_putchar( md, c );
+	md_putc( md, c );

    iobuf_cancel(a);
 }
--- a/g10/elg.c
+++ b/g10/elg.c
@ -66,7 +66,7 @@ g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek )


 void
-g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md )
+g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md )
 {
    ELG_secret_key skey;
    MPI frame;
@ -74,9 +74,10 @@ g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md )

    assert( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL );

-    dp = md_final( md );
+    md_final( md );
+    dp = md_read( md, 0 );
    keyid_from_skc( skc, sig->keyid );
-    sig->d.elg.digest_algo = md->algo;
+    sig->d.elg.digest_algo = md_get_algo(md);
    sig->d.elg.digest_start[0] = dp[0];
    sig->d.elg.digest_start[1] = dp[1];
    sig->d.elg.a = mpi_alloc( mpi_get_nlimbs(skc->d.elg.p) );
--- a/g10/filter.h
+++ b/g10/filter.h
@ -23,9 +23,7 @@
 #include "cipher.h"

 typedef struct {
-    MD_HANDLE *md;	/* catch all */
-    MD5HANDLE md5;	/* if !NULL create md5	*/
-    RMDHANDLE rmd160;	/* if !NULL create rmd160  */
+    MD_HANDLE md;      /* catch all */
    size_t maxbuf_size;
 } md_filter_context_t;

--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@ -68,8 +68,7 @@ free_public_cert( PKT_public_cert *cert )
 	mpi_free( cert->d.rsa.rsa_n );
 	mpi_free( cert->d.rsa.rsa_e );
    }
-    md5_close( cert->mfx.md5 );
-    rmd160_close( cert->mfx.rmd160 );
+    md_close( cert->mfx.md );
    m_free(cert);
 }

@ -88,8 +87,7 @@ copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
 	d->d.rsa.rsa_n = mpi_copy( s->d.rsa.rsa_n );
 	d->d.rsa.rsa_e = mpi_copy( s->d.rsa.rsa_e );
    }
-    d->mfx.md5 = NULL;
-    d->mfx.rmd160 =NULL;
+    d->mfx.md = NULL;
    return d;
 }

--- a/g10/g10.c
+++ b/g10/g10.c
@ -34,6 +34,7 @@
 #include "mpi.h"
 #include "cipher.h"
 #include "filter.h"
+#include "trustdb.h"

 enum cmd_values { aNull = 0,
    aSym, aStore, aEncr, aPrimegen, aKeygen, aSign, aSignEncr,
@ -392,6 +393,13 @@ main( int argc, char **argv )
 	}
    }

+    if( cmd != aPrimegen && cmd != aPrintMDs ) {
+	rc = check_trustdb(0);
+	if( rc )
+	    log_error("failed to initialize the TrustDB: %s\n", g10_errstr(rc));
+    }
+
+
    switch( cmd ) {
      case aStore: /* only store the file */
 	if( argc > 1 )
@ -582,9 +590,7 @@ print_mds( const char *fname )
    FILE *fp;
    char buf[1024];
    size_t n;
-    MD5HANDLE md5;
-    RMDHANDLE rmd160;
-    SHA1HANDLE sha1;
+    MD_HANDLE md;

    if( !fname ) {
 	fp = stdin;
@ -597,31 +603,26 @@ print_mds( const char *fname )
 	return;
    }

-    md5    = md5_open(0);
-    rmd160 = rmd160_open(0);
-    sha1   = sha1_open(0);
+    md = md_open( DIGEST_ALGO_MD5, 0 );
+    md_enable( md, DIGEST_ALGO_RMD160 );
+    md_enable( md, DIGEST_ALGO_SHA1 );

-    while( (n=fread( buf, 1, DIM(buf), fp )) ) {
-	md5_write( md5, buf, n );
-	rmd160_write( rmd160, buf, n );
-	sha1_write( sha1, buf, n );
-    }
+    while( (n=fread( buf, 1, DIM(buf), fp )) )
+	md_write( md, buf, n );
    if( ferror(fp) )
 	log_error("%s: %s\n", fname, strerror(errno) );
    else {
 	byte *p;

-	md5_final(md5);
-	printf(  "%s:    MD5 =", fname ); print_hex(md5_read(md5), 16 );
-	printf("\n%s: RMD160 =", fname ); print_hex(rmd160_final(rmd160), 20 );
-	printf("\n%s:   SHA1 =", fname ); print_hex(sha1_final(sha1), 20 );
+	md_final(md);
+	printf(  "%s:    MD5 =", fname ); print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
+	printf("\n%s: RMD160 =", fname ); print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
+	printf("\n%s:   SHA1 =", fname ); print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
 	putchar('\n');
    }


-    md5_close(md5);
-    rmd160_close(rmd160);
-    sha1_close(sha1);
+    md_close(md);

    if( fp != stdin )
 	fclose(fp);
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -22,6 +22,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <errno.h>
 #include <assert.h>
 #include "util.h"
@ -408,7 +409,7 @@ generate_keypair()
    tty_printf( "\n"
 "You need a User-ID to identify your key; the software constructs the user id\n"
 "from Real Name, Comment and Email Address in this form:\n"
-"    \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n" );
+"    \"Heinrich Heine (Der Dichter) <heinrichh@uni-duesseldorf.de>\"\n\n" );
    uid = NULL;
    aname=acomment=amail=NULL;
    for(;;) {
@ -422,6 +423,8 @@ generate_keypair()
 		tty_kill_prompt();
 		if( strpbrk( aname, "<([])>" ) )
 		    tty_printf("Invalid character in name\n");
+		else if( isdigit(*aname) )
+		    tty_printf("Name may not start with a digit\n");
 		else if( strlen(aname) < 5 )
 		    tty_printf("Name must be at least 5 characters long\n");
 		else
@ -464,12 +467,15 @@ generate_keypair()
 	}

 	m_free(uid);
-	uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+10);
+	uid = p = m_alloc(strlen(aname)+strlen(amail)+strlen(acomment)+12+10);
 	p = stpcpy(p, aname );
 	if( *acomment )
 	    p = stpcpy(stpcpy(stpcpy(p," ("), acomment),")");
 	if( *amail )
 	    p = stpcpy(stpcpy(stpcpy(p," <"), amail),">");
+      #ifndef HAVE_DEV_RANDOM
+	strcpy(p, " (INSECURE!)" );
+      #endif

 	tty_printf("You selected this USER-ID:\n    \"%s\"\n\n", uid);
 	for(;;) {
--- a/g10/keyid.c
+++ b/g10/keyid.c
@ -48,14 +48,14 @@ pubkey_letter( int algo )

 /* this is special code for V3 which uses ElGamal and
 * calculates a fingerprint like V4, but with rmd160
- * and a version byte of 3. Returns an rmd160 handle, caller must
- * do rmd160_final()
+ * and a version byte of 3. Returns an md handle, caller must
+ * do md_close()
 */

-static RMDHANDLE
+static MD_HANDLE
 v3_elg_fingerprint_md( PKT_public_cert *pkc )
 {
-    RMDHANDLE md;
+    MD_HANDLE md;
    byte *buf1, *buf2, *buf3;
    byte *p1, *p2, *p3;
    unsigned n1, n2, n3;
@ -73,35 +73,36 @@ v3_elg_fingerprint_md( PKT_public_cert *pkc )

    /* calculate length of packet (1+4+2+1+2+n1+2+n2+2+n3) */
    n = 14 + n1 + n2 + n3;
-    md = rmd160_open(0);
+    md = md_open( DIGEST_ALGO_RMD160, 0);

-    rmd160_putchar( md, 0x99 );     /* ctb */
-    rmd160_putchar( md, n >> 8 );   /* 2 byte length header */
-    rmd160_putchar( md, n );
-    rmd160_putchar( md, 3 );	    /* version */
+    md_putc( md, 0x99 );     /* ctb */
+    md_putc( md, n >> 8 );   /* 2 byte length header */
+    md_putc( md, n );
+    md_putc( md, 3 );	     /* version */
    {	u32 a = pkc->timestamp;
-	rmd160_putchar( md, a >> 24 );
-	rmd160_putchar( md, a >> 16 );
-	rmd160_putchar( md, a >>  8 );
-	rmd160_putchar( md, a	    );
+	md_putc( md, a >> 24 );
+	md_putc( md, a >> 16 );
+	md_putc( md, a >>  8 );
+	md_putc( md, a	     );
    }
    {	u16 a = pkc->valid_days;
-	rmd160_putchar( md, a >> 8 );
-	rmd160_putchar( md, a	   );
+	md_putc( md, a >> 8 );
+	md_putc( md, a	    );
    }
-    rmd160_putchar( md, pkc->pubkey_algo );
-    rmd160_putchar( md, n1>>8); rmd160_putchar( md, n1 ); rmd160_write( md, p1, n1 );
-    rmd160_putchar( md, n2>>8); rmd160_putchar( md, n2 ); rmd160_write( md, p2, n2 );
-    rmd160_putchar( md, n3>>8); rmd160_putchar( md, n3 ); rmd160_write( md, p3, n3 );
+    md_putc( md, pkc->pubkey_algo );
+    md_putc( md, n1>>8); md_putc( md, n1 ); md_write( md, p1, n1 );
+    md_putc( md, n2>>8); md_putc( md, n2 ); md_write( md, p2, n2 );
+    md_putc( md, n3>>8); md_putc( md, n3 ); md_write( md, p3, n3 );
    m_free(buf1);
    m_free(buf2);
    m_free(buf3);
+    md_final( md );

    return md;
 }


-static RMDHANDLE
+static MD_HANDLE
 v3_elg_fingerprint_md_skc( PKT_secret_cert *skc )
 {
    PKT_public_cert pkc;
@ -133,13 +134,13 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )

    if( skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
 	const byte *dp;
-	RMDHANDLE md;
+	MD_HANDLE md;
 	md = v3_elg_fingerprint_md_skc(skc);
-	dp = rmd160_final( md );
+	dp = md_read( md, DIGEST_ALGO_RMD160 );
 	keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
 	keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
 	lowbits = keyid[1];
-	rmd160_close(md);
+	md_close(md);
    }
    else if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) {
 	lowbits = mpi_get_keyid( skc->d.rsa.rsa_n, keyid );
@ -166,13 +167,13 @@ keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )

    if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
 	const byte *dp;
-	RMDHANDLE md;
+	MD_HANDLE md;
 	md = v3_elg_fingerprint_md(pkc);
-	dp = rmd160_final( md );
+	dp = md_read( md, DIGEST_ALGO_RMD160 );
 	keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
 	keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
 	lowbits = keyid[1];
-	rmd160_close(md);
+	md_close(md);
    }
    else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
 	lowbits = mpi_get_keyid( pkc->d.rsa.rsa_n, keyid );
@ -310,33 +311,33 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
    unsigned n;

    if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
-	RMDHANDLE md;
+	MD_HANDLE md;
 	md = v3_elg_fingerprint_md(pkc);
-	dp = rmd160_final( md );
+	dp = md_read( md, DIGEST_ALGO_RMD160 );
 	array = m_alloc( 20 );
 	len = 20;
 	memcpy(array, dp, 20 );
-	rmd160_close(md);
+	md_close(md);
    }
    else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
-	MD5HANDLE md;
+	MD_HANDLE md;

-	md = md5_open(0);
+	md = md_open( DIGEST_ALGO_MD5, 0);
 	p = buf = mpi_get_buffer( pkc->d.rsa.rsa_n, &n, NULL );
 	for( ; !*p && n; p++, n-- )
 	    ;
-	md5_write( md, p, n );
+	md_write( md, p, n );
 	m_free(buf);
 	p = buf = mpi_get_buffer( pkc->d.rsa.rsa_e, &n, NULL );
 	for( ; !*p && n; p++, n-- )
 	    ;
-	md5_write( md, p, n );
+	md_write( md, p, n );
 	m_free(buf);
-	md5_final(md);
+	md_final(md);
 	array = m_alloc( 16 );
 	len = 16;
-	memcpy(array, md5_read(md), 16 );
-	md5_close(md);
+	memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 );
+	md_close(md);
    }
    else {
 	array = m_alloc(1);
--- a/g10/main.h
+++ b/g10/main.h
@ -64,18 +64,18 @@ MPI encode_session_key( DEK *dek, unsigned nbits );
 MPI encode_sha1_value( byte *md, unsigned len, unsigned nbits );
 MPI encode_rmd160_value( byte *md, unsigned len, unsigned nbits );
 MPI encode_md5_value( byte *md, unsigned len, unsigned nbits );
-MPI encode_md_value( MD_HANDLE *md, unsigned nbits );
+MPI encode_md_value( MD_HANDLE md, unsigned nbits );

 /*-- comment.c --*/
 KBNODE make_comment_node( const char *s );

 /*-- elg.c --*/
 void g10_elg_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
-void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md );
+void g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );

 /*-- rsa.c --*/
 void g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek );
-void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md );
+void g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md );


 #endif /*G10_MAIN_H*/
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -268,7 +268,7 @@ proc_plaintext( CTX c, PACKET *pkt )
     * And look at the sigclass to check wether we should use the
     * textmode filter (sigclass 0x01)
     */
-    c->mfx.md = md_open(DIGEST_ALGO_RMD160, 0);
+    c->mfx.md = md_open( DIGEST_ALGO_RMD160, 0);
    rc = handle_plaintext( pt, &c->mfx );
    if( rc )
 	log_error( "handle plaintext failed: %s\n", g10_errstr(rc));
@ -302,7 +302,7 @@ static int
 do_check_sig( CTX c, KBNODE node )
 {
    PKT_signature *sig;
-    MD_HANDLE *md;
+    MD_HANDLE md;
    int algo, rc;

    assert( node->pkt->pkttype == PKT_SIGNATURE );
@ -314,7 +314,7 @@ do_check_sig( CTX c, KBNODE node )
 	algo = sig->d.rsa.digest_algo;
    else
 	return G10ERR_PUBKEY_ALGO;
-    if( (rc=md_okay(algo)) )
+    if( (rc=check_digest_algo(algo)) )
 	return rc;

    if( sig->sig_class == 0x00 ) {
@ -328,10 +328,6 @@ do_check_sig( CTX c, KBNODE node )

 		if( c->cert->pkt->pkt.public_cert->mfx.md )
 		    md = md_copy( c->cert->pkt->pkt.public_cert->mfx.md );
-		else if( algo == DIGEST_ALGO_RMD160 )
-		    md = rmd160_copy2md( c->cert->pkt->pkt.public_cert->mfx.rmd160 );
-		else if( algo == DIGEST_ALGO_MD5 )
-		    md = md5_copy2md( c->cert->pkt->pkt.public_cert->mfx.md5 );
 		else
 		    log_bug(NULL);
 		md_write( md, n1->pkt->pkt.user_id->name, n1->pkt->pkt.user_id->len);
--- a/g10/mdfilter.c
+++ b/g10/mdfilter.c
@ -53,12 +53,8 @@ md_filter( void *opaque, int control,
 	    buf[i] = c;
 	}

-	if( i ) {
-	    if( mfx->md5 )
-		md5_write(mfx->md5, buf, i );
-	    if( mfx->rmd160 )
-		rmd160_write(mfx->rmd160, buf, i );
-	}
+	if( i )
+	    md_write(mfx->md, buf, i );
 	else
 	    rc = -1; /* eof */
 	*ret_len = i;
@ -72,12 +68,8 @@ md_filter( void *opaque, int control,
 void
 free_md_filter_context( md_filter_context_t *mfx )
 {
-    if( mfx->md5 )
-	md5_close(mfx->md5);
-    mfx->md5 = NULL;
-    if( mfx->rmd160 )
-	rmd160_close(mfx->rmd160);
-    mfx->rmd160 = NULL;
+    md_close(mfx->md);
+    mfx->md = NULL;
    mfx->maxbuf_size = 0;
 }

--- a/g10/packet.h
+++ b/g10/packet.h
@ -220,7 +220,7 @@ int parse_packet( IOBUF inp, PACKET *ret_pkt);
 /*-- build-packet.c --*/
 int build_packet( IOBUF inp, PACKET *pkt );
 u32 calc_packet_length( PACKET *pkt );
-void hash_public_cert( MD_HANDLE *md, PKT_public_cert *pkc );
+void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc );

 /*-- free-packet.c --*/
 void free_pubkey_enc( PKT_pubkey_enc *enc );
@ -235,7 +235,7 @@ PKT_secret_cert *copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s );


 /*-- sig-check.c --*/
-int signature_check( PKT_signature *sig, MD_HANDLE *digest );
+int signature_check( PKT_signature *sig, MD_HANDLE digest );

 /*-- seckey-cert.c --*/
 int is_secret_key_protected( PKT_secret_cert *cert );
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@ -438,11 +438,11 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
    int is_v4=0;

    if( pkttype == PKT_PUBLIC_CERT ) {
-	pkt->pkt.public_cert->mfx.md5 = md5_open(0);
-	pkt->pkt.public_cert->mfx.rmd160 = rmd160_open(0);
+	pkt->pkt.public_cert->mfx.md = md_open(DIGEST_ALGO_MD5, 0);
+	md_enable(pkt->pkt.public_cert->mfx.md, DIGEST_ALGO_RMD160);
+	md_enable(pkt->pkt.public_cert->mfx.md, DIGEST_ALGO_SHA1);
 	pkt->pkt.public_cert->mfx.maxbuf_size = 1;
-	md5_write(pkt->pkt.public_cert->mfx.md5, hdr, hdrlen);
-	rmd160_write(pkt->pkt.public_cert->mfx.rmd160, hdr, hdrlen);
+	md_write(pkt->pkt.public_cert->mfx.md, hdr, hdrlen);
 	iobuf_push_filter( inp, md_filter, &pkt->pkt.public_cert->mfx );
    }

--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -143,13 +143,14 @@ hash_passphrase( DEK *dek, char *pw )

    dek->keylen = 0;
    if( dek->algo == CIPHER_ALGO_BLOWFISH ) {
-	RMDHANDLE rmd;
+	MD_HANDLE md;

-	rmd = rmd160_open(1);
-	rmd160_write( rmd, pw, strlen(pw) );
+	md = md_open(DIGEST_ALGO_RMD160, 1);
+	md_write( md, pw, strlen(pw) );
+	md_final( md );
 	dek->keylen = 20;
-	memcpy( dek->key, rmd160_final(rmd), dek->keylen );
-	rmd160_close(rmd);
+	memcpy( dek->key, md_read(md,0), dek->keylen );
+	md_close(md);
    }
    else
 	rc = G10ERR_UNSUPPORTED;
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -31,6 +31,22 @@
 #include "keydb.h"
 #include "memory.h"
 #include "util.h"
+#include "trustdb.h"
+
+
+/****************
+ * Check wether we can trust this pkc which has a trustlevel of TRUSTLEVEL
+ * Returns: true if we trust.
+ */
+static int
+do_we_trust( PKT_public_cert *pkc, int trustlevel )
+{
+    /* Eventuell fragen falls der trustlevel nicht ausreichend ist */
+
+
+    return 1; /* yes */
+}
+


 void
@ -64,13 +80,27 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list )
 		free_public_cert( pkc ); pkc = NULL;
 		log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
 	    }
-	    else if( is_valid_pubkey_algo(pkc->pubkey_algo) ) {
-		PKC_LIST r;
-		r = m_alloc( sizeof *r );
-		r->pkc = pkc; pkc = NULL;
-		r->next = pkc_list;
-		r->mark = 0;
-		pkc_list = r;
+	    else if( !(rc=check_pubkey_algo(pkc->pubkey_algo)) ) {
+		int trustlevel;
+
+		rc = check_pkc_trust( pkc, &trustlevel );
+		if( rc ) {
+		    free_public_cert( pkc ); pkc = NULL;
+		    log_error("error checking pkc of '%s': %s\n",
+						      remusr->d, g10_errstr(rc) );
+		}
+		else if( do_we_trust( pkc, trustlevel ) ) {
+		    PKC_LIST r;
+
+		    r = m_alloc( sizeof *r );
+		    r->pkc = pkc; pkc = NULL;
+		    r->next = pkc_list;
+		    r->mark = 0;
+		    pkc_list = r;
+		}
+		else { /* we don't trust this pkc */
+		    free_public_cert( pkc ); pkc = NULL;
+		}
 	    }
 	    else {
 		free_public_cert( pkc ); pkc = NULL;
--- a/g10/plaintext.c
+++ b/g10/plaintext.c
@ -79,11 +79,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
 		goto leave;
 	    }
 	    if( mfx->md )
-		md_putchar(mfx->md, c );
-	    if( mfx->rmd160 )
-		rmd160_putchar(mfx->rmd160, c );
-	    if( mfx->md5 )
-		md5_putchar(mfx->md5, c );
+		md_putc(mfx->md, c );
 	    if( putc( c, fp ) == EOF ) {
 		log_error("Error writing to '%s': %s\n", fname, strerror(errno) );
 		rc = G10ERR_WRITE_FILE;
@ -93,10 +89,8 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx )
    }
    else {
 	while( (c = iobuf_get(pt->buf)) != -1 ) {
-	    if( mfx->rmd160 )
-		rmd160_putchar(mfx->rmd160, c );
-	    if( mfx->md5 )
-		md5_putchar(mfx->md5, c );
+	    if( mfx->md )
+		md_putc(mfx->md, c );
 	    if( putc( c, fp ) == EOF ) {
 		log_error("Error writing to '%s': %s\n",
 					    fname, strerror(errno) );
@ -162,11 +156,7 @@ ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname )

    while( (c = iobuf_get(fp)) != -1 ) {
 	if( mfx->md )
-	    md_putchar(mfx->md, c );
-	if( mfx->rmd160 )
-	    rmd160_putchar(mfx->rmd160, c );
-	if( mfx->md5 )
-	    md5_putchar(mfx->md5, c );
+	    md_putc(mfx->md, c );
    }
    iobuf_close(fp);

--- a/g10/rsa.c
+++ b/g10/rsa.c
@ -64,7 +64,7 @@ g10_rsa_encrypt( PKT_public_cert *pkc, PKT_pubkey_enc *enc, DEK *dek )


 void
-g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md )
+g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE md )
 {
 #ifdef HAVE_RSA_CIPHER
    RSA_secret_key skey;
@ -72,10 +72,11 @@ g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, MD_HANDLE *md )

    assert( sig->pubkey_algo == PUBKEY_ALGO_RSA );

-    dp = md_final( md );
+    md_final( md );
+    dp = md_read( md, 0 );

    keyid_from_skc( skc, sig->keyid );
-    sig->d.rsa.digest_algo = md->algo;
+    sig->d.rsa.digest_algo = md_get_algo( md );
    sig->d.rsa.digest_start[0] = dp[0];
    sig->d.rsa.digest_start[1] = dp[1];
    sig->d.rsa.rsa_integer =
--- a/g10/seskey.c
+++ b/g10/seskey.c
@ -226,16 +226,17 @@ encode_md5_value( byte *md, unsigned len, unsigned nbits )
 }

 MPI
-encode_md_value( MD_HANDLE *md, unsigned nbits )
+encode_md_value( MD_HANDLE md, unsigned nbits )
 {
-    byte *p = md_final( md );
-    if( md->algo == DIGEST_ALGO_MD5 )
-	return encode_md5_value( p, 16, nbits );
-    else if( md->algo == DIGEST_ALGO_RMD160 )
-	return encode_rmd160_value( p, 20, nbits );
-    else if( md->algo == DIGEST_ALGO_SHA1 )
-	return encode_sha1_value( p, 20, nbits );
-    else
+    switch( md_get_algo( md ) ) {
+      case DIGEST_ALGO_MD5:
+	return encode_md5_value( md_read(md, DIGEST_ALGO_MD5), 16, nbits );
+      case DIGEST_ALGO_RMD160:
+	return encode_rmd160_value( md_read(md, DIGEST_ALGO_RMD160), 20, nbits );
+      case DIGEST_ALGO_SHA1:
+	return encode_sha1_value( md_read(md, DIGEST_ALGO_SHA1), 20, nbits );
+      default:
 	log_bug(NULL);
+    }
 }

--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@ -38,7 +38,7 @@
 * is able to append some data, before getting the digest.
 */
 int
-signature_check( PKT_signature *sig, MD_HANDLE *digest )
+signature_check( PKT_signature *sig, MD_HANDLE digest )
 {
    PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
    MPI result = NULL;
@ -54,16 +54,17 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest )
    if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
 	ELG_public_key pkey;

-	if( (rc=md_okay(sig->d.elg.digest_algo)) )
+	if( (rc=check_digest_algo(sig->d.elg.digest_algo)) )
 	    goto leave;
 	/* complete the digest */
-	md_putchar( digest, sig->sig_class );
+	md_putc( digest, sig->sig_class );
 	{   u32 a = sig->timestamp;
-	    md_putchar( digest, (a >> 24) & 0xff );
-	    md_putchar( digest, (a >> 16) & 0xff );
-	    md_putchar( digest, (a >>  8) & 0xff );
-	    md_putchar( digest,  a	  & 0xff );
+	    md_putc( digest, (a >> 24) & 0xff );
+	    md_putc( digest, (a >> 16) & 0xff );
+	    md_putc( digest, (a >>  8) & 0xff );
+	    md_putc( digest,  a        & 0xff );
 	}
+	md_final( digest );
 	result = encode_md_value( digest, mpi_get_nbits(pkc->d.elg.p));
 	pkey.p = pkc->d.elg.p;
 	pkey.g = pkc->d.elg.g;
@ -134,14 +135,15 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest )
 	    }

 	    /* complete the digest */
-	    md_putchar( digest, sig->sig_class );
+	    md_putc( digest, sig->sig_class );
 	    {	u32 a = sig->timestamp;
-		md_putchar( digest, (a >> 24) & 0xff );
-		md_putchar( digest, (a >> 16) & 0xff );
-		md_putchar( digest, (a >>  8) & 0xff );
-		md_putchar( digest,  a	      & 0xff );
+		md_putc( digest, (a >> 24) & 0xff );
+		md_putc( digest, (a >> 16) & 0xff );
+		md_putc( digest, (a >>	8) & 0xff );
+		md_putc( digest,  a	   & 0xff );
 	    }
-	    dp = md_final( digest );
+	    md_final( digest );
+	    dp = md_read( digest, 0 );
 	    for(i=19; i >= 0; i--, dp++ )
 		if( mpi_getbyte( result, i ) != *dp ) {
 		    rc = G10ERR_BAD_SIGN;
@ -177,14 +179,15 @@ signature_check( PKT_signature *sig, MD_HANDLE *digest )
 	    }

 	    /* complete the digest */
-	    md_putchar( digest, sig->sig_class );
+	    md_putc( digest, sig->sig_class );
 	    {	u32 a = sig->timestamp;
-		md_putchar( digest, (a >> 24) & 0xff );
-		md_putchar( digest, (a >> 16) & 0xff );
-		md_putchar( digest, (a >>  8) & 0xff );
-		md_putchar( digest,  a	      & 0xff );
+		md_putc( digest, (a >> 24) & 0xff );
+		md_putc( digest, (a >> 16) & 0xff );
+		md_putc( digest, (a >>	8) & 0xff );
+		md_putc( digest,  a	   & 0xff );
 	    }
-	    dp = md_final( digest );
+	    md_final( digest );
+	    dp = md_read( digest, 0 );
 	    for(i=15; i >= 0; i--, dp++ )
 		if( mpi_getbyte( result, i ) != *dp ) {
 		    rc = G10ERR_BAD_SIGN;
@ -220,7 +223,7 @@ int
 check_key_signature( KBNODE root, KBNODE node )
 {
    KBNODE unode;
-    MD_HANDLE *md;
+    MD_HANDLE md;
    PKT_public_cert *pkc;
    PKT_signature *sig;
    int algo;
@ -239,7 +242,7 @@ check_key_signature( KBNODE root, KBNODE node )
 	algo = sig->d.rsa.digest_algo;
    else
 	return G10ERR_PUBKEY_ALGO;
-    if( (rc=md_okay(algo)) )
+    if( (rc=check_digest_algo(algo)) )
 	return rc;

    unode = find_kbparent( root, node );
--- a/g10/sign.c
+++ b/g10/sign.c
@ -41,7 +41,7 @@


 static int
-complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE *md )
+complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
 {
    int rc=0;

@ -119,7 +119,7 @@ sign_file( const char *filename, int detached, STRLIST locusr,
    /* prepare to calculate the MD over the input */
    if( opt.textmode && opt.armor )
 	iobuf_push_filter( inp, text_filter, &tfx );
-    mfx.rmd160 = rmd160_open(0);
+    mfx.md = md_open(DIGEST_ALGO_RMD160, 0);
    iobuf_push_filter( inp, md_filter, &mfx );

    if( opt.armor )
@ -194,7 +194,7 @@ sign_file( const char *filename, int detached, STRLIST locusr,
    for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
 	PKT_secret_cert *skc;
 	PKT_signature *sig;
-	RMDHANDLE rmd;
+	MD_HANDLE md;
 	byte *dp;

 	skc = skc_rover->skc;
@ -205,15 +205,16 @@ sign_file( const char *filename, int detached, STRLIST locusr,
 	sig->timestamp = make_timestamp();
 	sig->sig_class = opt.textmode? 0x01 : 0x00;

-	rmd = rmd160_copy( mfx.rmd160 );
-	rmd160_putchar( rmd, sig->sig_class );
+	md = md_copy( mfx.md );
+	md_putc( md, sig->sig_class );
 	{   u32 a = sig->timestamp;
-	    rmd160_putchar( rmd, (a >> 24) & 0xff );
-	    rmd160_putchar( rmd, (a >> 16) & 0xff );
-	    rmd160_putchar( rmd, (a >>	8) & 0xff );
-	    rmd160_putchar( rmd,  a	   & 0xff );
+	    md_putc( md, (a >> 24) & 0xff );
+	    md_putc( md, (a >> 16) & 0xff );
+	    md_putc( md, (a >>	8) & 0xff );
+	    md_putc( md,  a	   & 0xff );
 	}
-	dp = rmd160_final( rmd );
+	md_final( md );
+	dp = md_read( md, DIGEST_ALGO_RMD160 );

 	if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
 	    ELG_secret_key skey;
@ -268,7 +269,7 @@ sign_file( const char *filename, int detached, STRLIST locusr,
 	else
 	    log_bug(NULL);

-	rmd160_close( rmd );
+	md_close( md );

 	/* and write it */
 	init_packet(&pkt);
@ -289,7 +290,7 @@ sign_file( const char *filename, int detached, STRLIST locusr,
    else
 	iobuf_close(out);
    iobuf_close(inp);
-    rmd160_close( mfx.rmd160 );
+    md_close( mfx.md );
    release_skc_list( skc_list );
    release_pkc_list( pkc_list );
    return rc;
@ -621,7 +622,7 @@ sign_key( const char *username, STRLIST locusr )
  leave:
    release_kbnode( keyblock );
    release_skc_list( skc_list );
-    rmd160_close( mfx.rmd160 );
+    md_close( mfx.md );
    return rc;
 }

@ -830,7 +831,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
 {
    PKT_signature *sig;
    int rc=0;
-    MD_HANDLE *md;
+    MD_HANDLE md;

    assert( sigclass >= 0x10 && sigclass <= 0x13 );
    md = md_open( digest_algo, 0 );
@ -843,12 +844,12 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
    sig->timestamp = make_timestamp();
    sig->sig_class = sigclass;

-    md_putchar( md, sig->sig_class );
+    md_putc( md, sig->sig_class );
    {	u32 a = sig->timestamp;
-	md_putchar( md, (a >> 24) & 0xff );
-	md_putchar( md, (a >> 16) & 0xff );
-	md_putchar( md, (a >>  8) & 0xff );
-	md_putchar( md,  a	  & 0xff );
+	md_putc( md, (a >> 24) & 0xff );
+	md_putc( md, (a >> 16) & 0xff );
+	md_putc( md, (a >>  8) & 0xff );
+	md_putc( md,  a        & 0xff );
    }

    rc = complete_sig( sig, skc, md );
--- a/g10/skclist.c
+++ b/g10/skclist.c
@ -60,7 +60,7 @@ build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock )
 	    free_secret_cert( skc ); skc = NULL;
 	    log_error("no default secret key: %s\n", g10_errstr(rc) );
 	}
-	else if( is_valid_pubkey_algo(skc->pubkey_algo) ) {
+	else if( !(rc=check_pubkey_algo(skc->pubkey_algo)) ) {
 	    SKC_LIST r;
 	    r = m_alloc( sizeof *r );
 	    r->skc = skc; skc = NULL;
@ -82,7 +82,7 @@ build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock )
 		free_secret_cert( skc ); skc = NULL;
 		log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
 	    }
-	    else if ( is_valid_pubkey_algo(skc->pubkey_algo) ) {
+	    else if( !(rc=check_pubkey_algo(skc->pubkey_algo)) ) {
 		SKC_LIST r;
 		r = m_alloc( sizeof *r );
 		r->skc = skc; skc = NULL;
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -22,6 +22,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <errno.h>
 #include <assert.h>

@ -30,6 +31,215 @@
 #include "keydb.h"
 #include "memory.h"
 #include "util.h"
+#include "trustdb.h"
+#include "options.h"
+
+
+#define TRUST_RECORD_LEN 40
+
+struct trust_record {
+    byte rectype;
+    byte reserved;
+    union {
+	byte raw[TRUST_RECORD_LEN-2];
+	struct {	    /* version record: */
+	    byte magic[2];
+	    byte version;   /* should be 1 */
+	    byte reserved[3];
+	    u32  locked;    /* pid of process which holds a lock */
+	    u32  created;   /* timestamp of trustdb creation  */
+	    u32  modified;  /* timestamp of last modification */
+	    u32  validated; /* timestamp of last validation   */
+	    u32  local_id_counter;
+	    byte marginals_needed;
+	    byte completes_needed;
+	    byte max_cert_depth;
+	} version;
+	struct {	    /* public key record */
+	    u32 local_id;
+	    u32 keyid[2];
+	    byte algo;
+	    byte reserved;
+	    byte fingerprint[20];
+	    byte ownertrust;
+	} pubkey;
+	struct {	    /* cache record */
+	    u32 local_id;
+	    u32 keyid[2];
+	    byte valid;
+	    byte reserved;
+	    byte blockhash[20];
+	    byte n_untrusted;
+	    byte n_marginal;
+	    byte n_fully;
+	    byte trustlevel;
+	} cache;
+    } r;
+};



+static char *db_name;
+
+/**************************************************
+ ************** read and write helpers ************
+ **************************************************/
+
+static void
+fwrite_8(FILE *fp, byte a)
+{
+    if( putc( a & 0xff, fp ) == EOF )
+	log_fatal("error writing byte to trustdb: %s\n", strerror(errno) );
+}
+
+static void
+fwrite_16(FILE *fp, u16 a)
+{
+    putc( (a>>8) & 0x0ff , fp );
+    if( putc( a & 0xff, fp ) == EOF )
+	log_fatal("error writing u16 to trustdb: %s\n", strerror(errno) );
+}
+
+static int
+fwrite_32( FILE*fp, u32 a)
+{
+    putc( (a>>24) & 0xff, fp );
+    putc( (a>>16) & 0xff, fp );
+    putc( (a>> 8) & 0xff, fp );
+    if( putc( a & 0xff, fp ) == EOF )
+	log_fatal("error writing u32 to trustdb: %s\n", strerror(errno) );
+}
+
+static int
+fwrite_zeros( FILE *fp, size_t n)
+{
+    while( n-- )
+	if( putc( 0, fp ) == EOF )
+	    log_fatal("error writing zeros to trustdb: %s\n", strerror(errno) );
+}
+
+
+/**************************************************
+ ************** read and write stuff **************
+ **************************************************/
+
+
+/****************
+ * Create a new trustdb
+ */
+static void
+create_db( const char *fname )
+{
+    FILE *fp;
+    u32 along;
+    u16 ashort;
+
+    fp =fopen( fname, "w" );
+    if( !fp )
+	log_fatal("can't create %s: %s\n", fname, strerror(errno) );
+    fwrite_8( fp, 1 );
+    fwrite_8( fp, 'g' );
+    fwrite_8( fp, '1' );
+    fwrite_8( fp, '0' );
+    fwrite_8( fp, 1 );	/* version */
+    fwrite_zeros( fp, 3 ); /* reserved */
+    fwrite_32( fp, 0 ); /* not locked */
+    fwrite_32( fp, make_timestamp() ); /* created */
+    fwrite_32( fp, 0 ); /* not yet modified */
+    fwrite_32( fp, 0 ); /* not yet validated*/
+    fwrite_32( fp, 0 ); /* local-id-counter */
+    fwrite_8( fp, 3 );	/* marginals needed */
+    fwrite_8( fp, 1 );	/* completes needed */
+    fwrite_8( fp, 4 );	/* max_cet_depth */
+    fwrite_zeros( fp, 9 ); /* filler */
+    fclose(fp);
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+/***********************************************
+ *************	trust logic  *******************
+ ***********************************************/
+
+
+
+
+
+/*********************************************************
+ ****************  API Interface  ************************
+ *********************************************************/
+
+/****************
+ * Perform some checks over the trustdb
+ *  level 0: used on initial program startup
+ */
+int
+check_trustdb( int level )
+{
+    if( !level ) {
+	char *fname = make_filename("~/.g10", "trustDB", NULL );
+	if( access( fname, R_OK ) ) {
+	    if( errno != ENOENT ) {
+		log_error("can't access %s: %s\n", fname, strerror(errno) );
+		m_free(fname);
+		return G10ERR_TRUSTDB;
+	    }
+	    create_db( fname );
+	}
+	m_free(db_name);
+	db_name = fname;
+
+	/* we can verify a signature about our local data (secring and trustdb)
+	 * in ~/.g10/ here
+	 */
+    }
+    else
+	log_bug(NULL);
+
+    return 0;
+}
+
+
+/****************
+ * Get the trustlevel for this PKC.
+ * Note: This does not ask any questions
+ * Returns: 0 okay of an errorcode
+ *
+ * It operates this way:
+ *  locate the pkc in the trustdb
+ *	found:
+ *	    Do we have a valid cache record for it?
+ *		yes: return trustlevel from cache
+ *		no:  make a cache record
+ *	not found:
+ *	    Return with a trustlevel, saying that we do not have
+ *	    a trust record for it. The caller may use insert_trust_record()
+ *	    and then call this function here again.
+ *
+ * Problems: How do we get the complete keyblock to check that the
+ *	     cache record is actually valid?  Think we need a clever
+ *	     cache in getkey.c	to keep track of this stuff. Maybe it
+ *	     is not necessary to check this if we use a local pubring. Hmmmm.
+ */
+int
+check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel )
+{
+    int trustlevel = 0;
+
+    if( opt.verbose )
+	log_info("check_pkc_trust() called.\n");
+
+    *r_trustlevel = trustlevel;
+    return 0;
+}
+
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@ -0,0 +1,28 @@
+/* trustdb.h - Trust database
+ *	Copyright (c) 1997 by Werner Koch (dd9jn)
+ *
+ * This file is part of G10.
+ *
+ * G10 is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * G10 is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#ifndef G10_TRUSTDB_H
+#define G10_TRUSTDB_H
+
+/*-- trustdb.c --*/
+int check_trustdb( int level );
+int check_pkc_trust( PKT_public_cert *pkc, int *r_trustlevel );
+
+#endif /*G10_TRUSTDB_H*/