added some trust model stuff

1 files changed, 108 insertions, 13 deletions

diff --git a/g10/ringedit.c b/g10/ringedit.c
index 8b7431961..ad5706c1e 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -68,7 +68,12 @@ typedef struct resource_table_struct RESTBL;
 static RESTBL resource_table[MAX_RESOURCES];
 
 
+static int search( PACKET *pkt, KBPOS *kbpos, int secret );
+
+
 static int keyring_search( PACKET *pkt, KBPOS *kbpos, IOBUF iobuf );
+static int keyring_search2( PUBKEY_FIND_INFO info, KBPOS *kbpos,
+						   const char *fname);
 static int keyring_read( KBPOS *kbpos, KBNODE *ret_root );
 static int keyring_insert( KBPOS *kbpos, KBNODE root );
 static int keyring_delete( KBPOS *kbpos );
@@ -138,6 +143,37 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
     return -1; /* not found */
 }
 
+
+/****************
+ * Find a keyblock from the informations provided in INFO
+ * This can only be used fro public keys
+ */
+int
+find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos )
+{
+    int i, rc, last_rc=-1;
+
+    for(i=0; i < MAX_RESOURCES; i++ ) {
+	if( resource_table[i].used && !resource_table[i].secret ) {
+	    /* note: here we have to add different search functions,
+	     * depending on the type of the resource */
+	    rc = keyring_search2( info, kbpos, resource_table[i].fname );
+	    if( !rc ) {
+		kbpos->resno = i;
+		return 0;
+	    }
+	    if( rc != -1 ) {
+		log_error("error searching resource %d: %s\n",
+						  i, g10_errstr(rc));
+		last_rc = rc;
+	    }
+	}
+    }
+    return last_rc;
+}
+
+
+
 /****************
  * Search a keyblock which starts with the given packet and put all
  * informations into KBPOS, which can be used later to access this key block.
@@ -149,8 +185,8 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
  *
  * Returns: 0 if found, -1 if not found or an errorcode.
  */
-int
-search_keyblock( PACKET *pkt, KBPOS *kbpos, int secret )
+static int
+search( PACKET *pkt, KBPOS *kbpos, int secret )
 {
     int i, rc, last_rc=-1;
 
@@ -179,7 +215,7 @@ search_keyblock( PACKET *pkt, KBPOS *kbpos, int secret )
  * of the keyblock.
  */
 int
-search_keyblock_byname( KBPOS *kbpos, const char *username )
+find_keyblock_byname( KBPOS *kbpos, const char *username )
 {
     PACKET pkt;
     PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
@@ -194,7 +230,7 @@ search_keyblock_byname( KBPOS *kbpos, const char *username )
     init_packet( &pkt );
     pkt.pkttype = PKT_PUBLIC_CERT;
     pkt.pkt.public_cert = pkc;
-    rc = search_keyblock( &pkt, kbpos, 0 );
+    rc = search( &pkt, kbpos, 0 );
     free_public_cert(pkc);
     return rc;
 }
@@ -204,7 +240,7 @@ search_keyblock_byname( KBPOS *kbpos, const char *username )
  * of the keyblock. This function does not unprotect the secret key.
  */
 int
-search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
+find_secret_keyblock_byname( KBPOS *kbpos, const char *username )
 {
     PACKET pkt;
     PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
@@ -219,7 +255,7 @@ search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
     init_packet( &pkt );
     pkt.pkttype = PKT_SECRET_CERT;
     pkt.pkt.secret_cert = skc;
-    rc = search_keyblock( &pkt, kbpos, 1 );
+    rc = search( &pkt, kbpos, 1 );
     free_secret_cert(skc);
     return rc;
 }
@@ -229,13 +265,11 @@ search_secret_keyblock_byname( KBPOS *kbpos, const char *username )
  * Lock the keyblock; wait until it's available
  * This function may change the internal data in kbpos, in cases
  * when the to be locked keyblock has been modified.
- * fixme: remove this function and add an option to search_keyblock()?
+ * fixme: remove this function and add an option to search()?
  */
 int
 lock_keyblock( KBPOS *kbpos )
 {
-    int rc;
-
     if( !check_pos(kbpos) )
 	return G10ERR_GENERAL;
     return 0;
@@ -248,7 +282,7 @@ void
 unlock_keyblock( KBPOS *kbpos )
 {
     if( !check_pos(kbpos) )
-	log_bug(NULL);
+	BUG();
 }
 
 /****************
@@ -389,13 +423,75 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf )
 		break; /* found */
 	}
 	else
-	    log_bug(NULL);
+	    BUG();
+	free_packet(&pkt);
+    }
+    if( !rc )
+	kbpos->offset = offset;
+
+  leave:
+    free_packet(&pkt);
+    set_packet_list_mode(save_mode);
+    return rc;
+}
+
+/****************
+ * search one keyring, return 0 if found, -1 if not found or an errorcode.
+ * this version uses the finger print and other informations
+ */
+static int
+keyring_search2( PUBKEY_FIND_INFO info, KBPOS *kbpos, const char *fname )
+{
+    int rc;
+    PACKET pkt;
+    int save_mode;
+    ulong offset;
+    IOBUF iobuf;
+
+    init_packet(&pkt);
+    save_mode = set_packet_list_mode(0);
+
+  #if 0
+    if( iobuf_seek( iobuf, 0 ) ) {
+	log_error("can't rewind keyring file: %s\n", g10_errstr(rc));
+	rc = G10ERR_KEYRING_OPEN;
+	goto leave;
+    }
+  #else
+    iobuf = iobuf_open( fname );
+    if( !iobuf ) {
+	log_error("can't open '%s'\n", fname );
+	rc = G10ERR_OPEN_FILE;
+	goto leave;
+    }
+  #endif
+
+    while( !(rc=search_packet(iobuf, &pkt, PKT_PUBLIC_CERT, &offset)) ) {
+	PKT_public_cert *pkc = pkt.pkt.public_cert;
+	u32 keyid[2];
+
+	assert( pkt.pkttype == PKT_PUBLIC_CERT );
+	keyid_from_pkc( pkc, keyid );
+	if( keyid[0] == info->keyid[0] && keyid[1] == info->keyid[1]
+	    && pkc->pubkey_algo == info->pubkey_algo ) {
+	    /* fixme: shall we check nbits too? (good for rsa keys) */
+	    /* fixme: check userid???? */
+	    size_t len;
+	    byte *fp = fingerprint_from_pkc( pkc, &len );
+
+	    if( !memcmp( fp, info->fingerprint, len ) ) {
+		m_free(fp);
+		break; /* found */
+	    }
+	    m_free(fp);
+	}
 	free_packet(&pkt);
     }
     if( !rc )
 	kbpos->offset = offset;
 
   leave:
+    iobuf_close(iobuf);
     free_packet(&pkt);
     set_packet_list_mode(save_mode);
     return rc;
@@ -562,7 +658,6 @@ keyring_delete( KBPOS *kbpos )
 {
     RESTBL *rentry;
     IOBUF fp;
-    KBNODE kbctx, node;
     int rc;
     u32 len;
     int ctb;
@@ -588,7 +683,7 @@ keyring_delete( KBPOS *kbpos )
     /*log_debug("writing a dummy packet of length %lu\n", (ulong)len);*/
 
     if( len < 2 )
-	log_bug(NULL);
+	BUG();
 
     if( len < 256 ) {
 	ctb = 0x80;