diff options
author | Werner Koch <wk@gnupg.org> | 1998-06-29 14:30:57 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 1998-06-29 14:30:57 +0200 |
commit | 77a6af76d04a4762c841627ac95fdc521ca74b72 (patch) | |
tree | beec5dfedffa9c1a25b737911066fe93df4d923f /g10 | |
parent | bug fixes (diff) | |
download | gnupg2-77a6af76d04a4762c841627ac95fdc521ca74b72.tar.xz gnupg2-77a6af76d04a4762c841627ac95fdc521ca74b72.zip |
textual changes
Diffstat (limited to 'g10')
-rw-r--r-- | g10/ChangeLog | 19 | ||||
-rw-r--r-- | g10/OPTIONS | 2 | ||||
-rw-r--r-- | g10/armor.c | 6 | ||||
-rw-r--r-- | g10/build-packet.c | 104 | ||||
-rw-r--r-- | g10/encode.c | 32 | ||||
-rw-r--r-- | g10/export.c | 20 | ||||
-rw-r--r-- | g10/free-packet.c | 60 | ||||
-rw-r--r-- | g10/g10.c | 17 | ||||
-rw-r--r-- | g10/getkey.c | 284 | ||||
-rw-r--r-- | g10/import.c | 136 | ||||
-rw-r--r-- | g10/kbnode.c | 22 | ||||
-rw-r--r-- | g10/keydb.h | 52 | ||||
-rw-r--r-- | g10/keyedit.c | 188 | ||||
-rw-r--r-- | g10/keygen.c | 237 | ||||
-rw-r--r-- | g10/keyid.c | 108 | ||||
-rw-r--r-- | g10/keylist.c | 112 | ||||
-rw-r--r-- | g10/main.h | 8 | ||||
-rw-r--r-- | g10/mainproc.c | 106 | ||||
-rw-r--r-- | g10/packet.h | 54 | ||||
-rw-r--r-- | g10/parse-packet.c | 498 | ||||
-rw-r--r-- | g10/passphrase.c | 12 | ||||
-rw-r--r-- | g10/pkclist.c | 122 | ||||
-rw-r--r-- | g10/pubkey-enc.c | 14 | ||||
-rw-r--r-- | g10/revoke.c | 37 | ||||
-rw-r--r-- | g10/ringedit.c | 95 | ||||
-rw-r--r-- | g10/seckey-cert.c | 120 | ||||
-rw-r--r-- | g10/sig-check.c | 60 | ||||
-rw-r--r-- | g10/sign.c | 112 | ||||
-rw-r--r-- | g10/skclist.c | 74 | ||||
-rw-r--r-- | g10/trustdb.c | 158 | ||||
-rw-r--r-- | g10/trustdb.h | 8 |
31 files changed, 1434 insertions, 1443 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index e7e9ac753..ccee5b99f 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,22 @@ +Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de) + + * packet.h: changed all "_cert" to "_key", "subcert" to "subkey". + + * free-packet.c (free_packet): Removed memory leak for subkeys. + +Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (import_keys): Renamed from import_pubkeys. + (import_secret_one): New. + + * g10.c (aExportSecret): New. + + * export.c (export_seckeys): New. + + * parse-packet.c (parse_certificate): Cleaned up. + (parse_packet): Trust packets are now considered as unknown. + (parse_pubkey_warning): New. + Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de) * keygen.c (has_invalid_email_chars): New. diff --git a/g10/OPTIONS b/g10/OPTIONS index 2c2fce638..3abe296d8 100644 --- a/g10/OPTIONS +++ b/g10/OPTIONS @@ -41,6 +41,8 @@ store list-secret-keys # +export-secret-keys +# export secret keys (which may be usefuil in some cases) #----------------------------------------------- #--- options diff --git a/g10/armor.c b/g10/armor.c index 541ba3e76..82b240f75 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -88,6 +88,7 @@ static char *head_strings[] = { "BEGIN PGP SIGNATURE", "BEGIN PGP SIGNED MESSAGE", "BEGIN PGP ARMORED FILE", + "BEGIN PGP SECRET KEY BLOCK", NULL }; static char *tail_strings[] = { @@ -96,6 +97,7 @@ static char *tail_strings[] = { "END PGP SIGNATURE", "END dummy", "END PGP ARMORED FILE", + "END PGP SECRET KEY BLOCK", NULL }; @@ -153,8 +155,8 @@ is_armored( byte *buf ) pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf); switch( pkttype ) { case PKT_MARKER: - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: case PKT_PUBKEY_ENC: case PKT_SIGNATURE: case PKT_COMMENT: diff --git a/g10/build-packet.c b/g10/build-packet.c index 03e152e99..cb08275ec 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -36,8 +36,8 @@ static int do_comment( IOBUF out, int ctb, PKT_comment *rem ); static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid ); -static int do_public_cert( IOBUF out, int ctb, PKT_public_cert *pk ); -static int do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *pk ); +static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk ); +static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk ); static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc ); static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc ); static u32 calc_plaintext( PKT_plaintext *pt ); @@ -82,13 +82,13 @@ build_packet( IOBUF out, PACKET *pkt ) case PKT_COMMENT: rc = do_comment( out, ctb, pkt->pkt.comment ); break; - case PKT_PUBKEY_SUBCERT: - case PKT_PUBLIC_CERT: - rc = do_public_cert( out, ctb, pkt->pkt.public_cert ); + case PKT_PUBLIC_SUBKEY: + case PKT_PUBLIC_KEY: + rc = do_public_key( out, ctb, pkt->pkt.public_key ); break; - case PKT_SECKEY_SUBCERT: - case PKT_SECRET_CERT: - rc = do_secret_cert( out, ctb, pkt->pkt.secret_cert ); + case PKT_SECRET_SUBKEY: + case PKT_SECRET_KEY: + rc = do_secret_key( out, ctb, pkt->pkt.secret_key ); break; case PKT_SYMKEY_ENC: rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc ); @@ -135,8 +135,8 @@ calc_packet_length( PACKET *pkt ) break; case PKT_USER_ID: case PKT_COMMENT: - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: case PKT_SYMKEY_ENC: case PKT_PUBKEY_ENC: case PKT_ENCRYPTED: @@ -174,25 +174,25 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid ) } static int -do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc ) +do_public_key( IOBUF out, int ctb, PKT_public_key *pk ) { int rc = 0; int n, i; IOBUF a = iobuf_temp(); - if( !pkc->version ) + if( !pk->version ) iobuf_put( a, 3 ); else - iobuf_put( a, pkc->version ); - write_32(a, pkc->timestamp ); - if( pkc->version < 4 ) - write_16(a, pkc->valid_days ); - iobuf_put(a, pkc->pubkey_algo ); - n = pubkey_get_npkey( pkc->pubkey_algo ); + iobuf_put( a, pk->version ); + write_32(a, pk->timestamp ); + if( pk->version < 4 ) + write_16(a, pk->valid_days ); + iobuf_put(a, pk->pubkey_algo ); + n = pubkey_get_npkey( pk->pubkey_algo ); for(i=0; i < n; i++ ) - mpi_write(a, pkc->pkey[i] ); + mpi_write(a, pk->pkey[i] ); - write_header2(out, ctb, iobuf_get_temp_length(a), pkc->hdrbytes, 1 ); + write_header2(out, ctb, iobuf_get_temp_length(a), pk->hdrbytes, 1 ); if( iobuf_write_temp( out, a ) ) rc = G10ERR_WRITE_FILE; @@ -205,25 +205,25 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc ) * Make a hash value from the public key certificate */ void -hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ) +hash_public_key( MD_HANDLE md, PKT_public_key *pk ) { PACKET pkt; int rc = 0; int c; IOBUF a = iobuf_temp(); #if 0 - FILE *fp = fopen("dump.pkc", "a"); + FILE *fp = fopen("dump.pk", "a"); int i=0; - fprintf(fp, "\nHashing PKC (v%d):\n", pkc->version); + fprintf(fp, "\nHashing PK (v%d):\n", pk->version); #endif /* build the packet */ init_packet(&pkt); - pkt.pkttype = PKT_PUBLIC_CERT; - pkt.pkt.public_cert = pkc; + pkt.pkttype = PKT_PUBLIC_KEY; + pkt.pkt.public_key = pk; if( (rc = build_packet( a, &pkt )) ) - log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc)); + log_fatal("build public_key for hashing failed: %s\n", g10_errstr(rc)); while( (c=iobuf_get(a)) != -1 ) { #if 0 fprintf( fp," %02x", c ); @@ -243,51 +243,51 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ) static int -do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc ) +do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk ) { int rc = 0; int i, nskey, npkey; IOBUF a = iobuf_temp(); - if( !skc->version ) + if( !sk->version ) iobuf_put( a, 3 ); else - iobuf_put( a, skc->version ); - write_32(a, skc->timestamp ); - if( skc->version < 4 ) - write_16(a, skc->valid_days ); - iobuf_put(a, skc->pubkey_algo ); - nskey = pubkey_get_nskey( skc->pubkey_algo ); - npkey = pubkey_get_npkey( skc->pubkey_algo ); + iobuf_put( a, sk->version ); + write_32(a, sk->timestamp ); + if( sk->version < 4 ) + write_16(a, sk->valid_days ); + iobuf_put(a, sk->pubkey_algo ); + nskey = pubkey_get_nskey( sk->pubkey_algo ); + npkey = pubkey_get_npkey( sk->pubkey_algo ); assert( npkey < nskey ); for(i=0; i < npkey; i++ ) - mpi_write(a, skc->skey[i] ); - if( skc->is_protected ) { - if( is_RSA(skc->pubkey_algo) && skc->version < 4 ) { - iobuf_put(a, skc->protect.algo ); - iobuf_write(a, skc->protect.iv, 8 ); + mpi_write(a, sk->skey[i] ); + if( sk->is_protected ) { + if( is_RSA(sk->pubkey_algo) && sk->version < 4 ) { + iobuf_put(a, sk->protect.algo ); + iobuf_write(a, sk->protect.iv, 8 ); } else { iobuf_put(a, 0xff ); - iobuf_put(a, skc->protect.algo ); - iobuf_put(a, skc->protect.s2k.mode ); - iobuf_put(a, skc->protect.s2k.hash_algo ); - if( skc->protect.s2k.mode == 1 - || skc->protect.s2k.mode == 4 ) - iobuf_write(a, skc->protect.s2k.salt, 8 ); - if( skc->protect.s2k.mode == 4 ) - write_32(a, skc->protect.s2k.count ); - iobuf_write(a, skc->protect.iv, 8 ); + iobuf_put(a, sk->protect.algo ); + iobuf_put(a, sk->protect.s2k.mode ); + iobuf_put(a, sk->protect.s2k.hash_algo ); + if( sk->protect.s2k.mode == 1 + || sk->protect.s2k.mode == 4 ) + iobuf_write(a, sk->protect.s2k.salt, 8 ); + if( sk->protect.s2k.mode == 4 ) + write_32(a, sk->protect.s2k.count ); + iobuf_write(a, sk->protect.iv, 8 ); } } else iobuf_put(a, 0 ); for( ; i < nskey; i++ ) - mpi_write(a, skc->skey[i] ); - write_16(a, skc->csum ); + mpi_write(a, sk->skey[i] ); + write_16(a, sk->csum ); - write_header2(out, ctb, iobuf_get_temp_length(a), skc->hdrbytes, 1 ); + write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 ); if( iobuf_write_temp( out, a ) ) rc = G10ERR_WRITE_FILE; diff --git a/g10/encode.c b/g10/encode.c index 3d4ad9917..2cc2f10c3 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -37,7 +37,7 @@ static int encode_simple( const char *filename, int mode ); -static int write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out ); +static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ); @@ -185,13 +185,13 @@ encode_crypt( const char *filename, STRLIST remusr ) cipher_filter_context_t cfx; armor_filter_context_t afx; compress_filter_context_t zfx; - PKC_LIST pkc_list; + PK_LIST pk_list; memset( &cfx, 0, sizeof cfx); memset( &afx, 0, sizeof afx); memset( &zfx, 0, sizeof zfx); - if( (rc=build_pkc_list( remusr, &pkc_list, 2)) ) + if( (rc=build_pk_list( remusr, &pk_list, 2)) ) return rc; /* prepare iobufs */ @@ -222,7 +222,7 @@ encode_crypt( const char *filename, STRLIST remusr ) if( DBG_CIPHER ) log_hexdump("DEK is: ", cfx.dek->key, cfx.dek->keylen ); - rc = write_pubkey_enc_from_list( pkc_list, cfx.dek, out ); + rc = write_pubkey_enc_from_list( pk_list, cfx.dek, out ); if( rc ) goto leave; @@ -269,7 +269,7 @@ encode_crypt( const char *filename, STRLIST remusr ) pt->buf = NULL; free_packet(&pkt); m_free(cfx.dek); - release_pkc_list( pkc_list ); + release_pk_list( pk_list ); return rc; } @@ -297,7 +297,7 @@ encrypt_filter( void *opaque, int control, log_hexdump("DEK is: ", efx->cfx.dek->key, efx->cfx.dek->keylen ); - rc = write_pubkey_enc_from_list( efx->pkc_list, efx->cfx.dek, a ); + rc = write_pubkey_enc_from_list( efx->pk_list, efx->cfx.dek, a ); if( rc ) return rc; @@ -318,26 +318,26 @@ encrypt_filter( void *opaque, int control, /**************** - * Write pubkey-enc packets from the list of PKCs to OUT. + * Write pubkey-enc packets from the list of PKs to OUT. */ static int -write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out ) +write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ) { PACKET pkt; - PKT_public_cert *pkc; + PKT_public_key *pk; PKT_pubkey_enc *enc; int rc; - for( ; pkc_list; pkc_list = pkc_list->next ) { + for( ; pk_list; pk_list = pk_list->next ) { MPI frame; - pkc = pkc_list->pkc; + pk = pk_list->pk; enc = m_alloc_clear( sizeof *enc ); - enc->pubkey_algo = pkc->pubkey_algo; - keyid_from_pkc( pkc, enc->keyid ); - frame = encode_session_key( dek, pubkey_nbits( pkc->pubkey_algo, - pkc->pkey ) ); - rc = pubkey_encrypt( pkc->pubkey_algo, enc->data, frame, pkc->pkey ); + enc->pubkey_algo = pk->pubkey_algo; + keyid_from_pk( pk, enc->keyid ); + frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo, + pk->pkey ) ); + rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey ); mpi_free( frame ); if( rc ) log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) ); diff --git a/g10/export.c b/g10/export.c index c70af6cc8..68e83a268 100644 --- a/g10/export.c +++ b/g10/export.c @@ -33,6 +33,7 @@ #include "util.h" #include "main.h" +static int do_export( STRLIST users, int secret ); /**************** * Export the public keys (to standard out or --output). @@ -42,6 +43,18 @@ int export_pubkeys( STRLIST users ) { + return do_export( users, 0 ); +} + +int +export_seckeys( STRLIST users ) +{ + return do_export( users, 1 ); +} + +static int +do_export( STRLIST users, int secret ) +{ int rc = 0; armor_filter_context_t afx; compress_filter_context_t zfx; @@ -64,14 +77,14 @@ export_pubkeys( STRLIST users ) } if( opt.armor ) { - afx.what = 1; + afx.what = secret?5:1; iobuf_push_filter( out, armor_filter, &afx ); } if( opt.compress_keys && opt.compress ) iobuf_push_filter( out, compress_filter, &zfx ); if( all ) { - rc = enum_keyblocks( 0, &kbpos, &keyblock ); + rc = enum_keyblocks( secret?5:0, &kbpos, &keyblock ); if( rc ) { if( rc != -1 ) log_error("enum_keyblocks(open) failed: %s\n", g10_errstr(rc) ); @@ -94,7 +107,8 @@ export_pubkeys( STRLIST users ) } else { /* search the userid */ - rc = find_keyblock_byname( &kbpos, sl->d ); + rc = secret? find_secret_keyblock_byname( &kbpos, sl->d ) + : find_keyblock_byname( &kbpos, sl->d ); if( rc ) { log_error("%s: user not found: %s\n", sl->d, g10_errstr(rc) ); rc = 0; diff --git a/g10/free-packet.c b/g10/free-packet.c index 12382b4db..6b3b7686e 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -62,26 +62,26 @@ free_seckey_enc( PKT_signature *sig ) void -release_public_cert_parts( PKT_public_cert *cert ) +release_public_key_parts( PKT_public_key *pk ) { int n, i; - n = pubkey_get_npkey( cert->pubkey_algo ); + n = pubkey_get_npkey( pk->pubkey_algo ); for(i=0; i < n; i++ ) { - mpi_free( cert->pkey[i] ); - cert->pkey[i] = NULL; + mpi_free( pk->pkey[i] ); + pk->pkey[i] = NULL; } } void -free_public_cert( PKT_public_cert *cert ) +free_public_key( PKT_public_key *pk ) { - release_public_cert_parts( cert ); - m_free(cert); + release_public_key_parts( pk ); + m_free(pk); } -PKT_public_cert * -copy_public_cert( PKT_public_cert *d, PKT_public_cert *s ) +PKT_public_key * +copy_public_key( PKT_public_key *d, PKT_public_key *s ) { int n, i; @@ -95,26 +95,26 @@ copy_public_cert( PKT_public_cert *d, PKT_public_cert *s ) } void -release_secret_cert_parts( PKT_secret_cert *cert ) +release_secret_key_parts( PKT_secret_key *sk ) { int n, i; - n = pubkey_get_nskey( cert->pubkey_algo ); + n = pubkey_get_nskey( sk->pubkey_algo ); for(i=0; i < n; i++ ) { - mpi_free( cert->skey[i] ); - cert->skey[i] = NULL; + mpi_free( sk->skey[i] ); + sk->skey[i] = NULL; } } void -free_secret_cert( PKT_secret_cert *cert ) +free_secret_key( PKT_secret_key *sk ) { - release_secret_cert_parts( cert ); - m_free(cert); + release_secret_key_parts( sk ); + m_free(sk); } -PKT_secret_cert * -copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s ) +PKT_secret_key * +copy_secret_key( PKT_secret_key *d, PKT_secret_key *s ) { int n, i; @@ -208,11 +208,13 @@ free_packet( PACKET *pkt ) case PKT_SYMKEY_ENC: free_symkey_enc( pkt->pkt.symkey_enc ); break; - case PKT_PUBLIC_CERT: - free_public_cert( pkt->pkt.public_cert ); + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + free_public_key( pkt->pkt.public_key ); break; - case PKT_SECRET_CERT: - free_secret_cert( pkt->pkt.secret_cert ); + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + free_secret_key( pkt->pkt.secret_key ); break; case PKT_COMMENT: free_comment( pkt->pkt.comment ); @@ -240,7 +242,7 @@ free_packet( PACKET *pkt ) * Returns 0 if they match. */ int -cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b ) +cmp_public_keys( PKT_public_key *a, PKT_public_key *b ) { int n, i; @@ -264,20 +266,20 @@ cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b ) * Returns 0 if they match. */ int -cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc ) +cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk ) { int n, i; - if( pkc->timestamp != skc->timestamp ) + if( pk->timestamp != sk->timestamp ) return -1; - if( pkc->valid_days != skc->valid_days ) + if( pk->valid_days != sk->valid_days ) return -1; - if( pkc->pubkey_algo != skc->pubkey_algo ) + if( pk->pubkey_algo != sk->pubkey_algo ) return -1; - n = pubkey_get_npkey( pkc->pubkey_algo ); + n = pubkey_get_npkey( pk->pubkey_algo ); for(i=0; i < n; i++ ) { - if( mpi_cmp( pkc->pkey[i] , skc->skey[i] ) ) + if( mpi_cmp( pk->pkey[i] , sk->skey[i] ) ) return -1; } return 0; @@ -75,6 +75,7 @@ static ARGPARSE_OPTS opts[] = { { 542, "gen-revoke",0, N_("generate a revocation certificate")}, #endif { 537, "export" , 0, N_("export keys") }, + { 563, "export-secret-keys" , 0, "@" }, { 530, "import", 0 , N_("import/merge keys")}, { 521, "list-packets",0,N_("list only the sequence of packets")}, #ifdef IS_G10MAINT @@ -176,7 +177,8 @@ enum cmd_values { aNull = 0, aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey, aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys, aListSigs, aKeyadd, aListSecretKeys, - aExport, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs, + aExport, aExportSecret, + aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs, aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest, aNOP }; @@ -595,6 +597,7 @@ main( int argc, char **argv ) case 560: register_cipher_extension(pargs.r.ret_str); break; case 561: opt.rfc1991 = 1; break; case 562: opt.emulate_bugs |= 1; break; + case 563: set_cmd( &cmd, aExportSecret); break; default : errors++; pargs.err = configfp? 1:2; break; } } @@ -855,12 +858,12 @@ main( int argc, char **argv ) case aImport: if( !argc ) { - rc = import_pubkeys( NULL ); + rc = import_keys( NULL ); if( rc ) log_error("import failed: %s\n", g10_errstr(rc) ); } for( ; argc; argc--, argv++ ) { - rc = import_pubkeys( *argv ); + rc = import_keys( *argv ); if( rc ) log_error("import from '%s' failed: %s\n", *argv, g10_errstr(rc) ); @@ -875,6 +878,14 @@ main( int argc, char **argv ) free_strlist(sl); break; + case aExportSecret: + sl = NULL; + for( ; argc; argc--, argv++ ) + add_to_strlist( &sl, *argv ); + export_seckeys( sl ); + free_strlist(sl); + break; + #ifdef IS_G10 case aGenRevoke: if( argc != 1 ) diff --git a/g10/getkey.c b/g10/getkey.c index c8e8ea012..b88b926e0 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -32,7 +32,7 @@ #include "options.h" #include "main.h" -#define MAX_PKC_CACHE_ENTRIES 500 +#define MAX_PK_CACHE_ENTRIES 500 typedef struct keyid_list { @@ -47,11 +47,11 @@ typedef struct user_id_db { char name[1]; } *user_id_db_t; -typedef struct pkc_cache_entry { - struct pkc_cache_entry *next; +typedef struct pk_cache_entry { + struct pk_cache_entry *next; u32 keyid[2]; - PKT_public_cert *pkc; -} *pkc_cache_entry_t; + PKT_public_key *pk; +} *pk_cache_entry_t; typedef struct enum_seckey_context { int eof; @@ -65,14 +65,14 @@ static STRLIST secret_keyrings; static keyid_list_t unknown_keyids; static user_id_db_t user_id_db; -static pkc_cache_entry_t pkc_cache; -static int pkc_cache_entries; /* number of entries in pkc cache */ +static pk_cache_entry_t pk_cache; +static int pk_cache_entries; /* number of entries in pk cache */ -static int lookup( PKT_public_cert *pkc, +static int lookup( PKT_public_key *pk, int mode, u32 *keyid, const char *name, KBNODE *ret_keyblock ); -static int lookup_skc( PKT_secret_cert *skc, +static int lookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name ); /* note this function may be called before secure memory is @@ -170,42 +170,42 @@ add_secret_keyring( const char *name ) static void -cache_public_cert( PKT_public_cert *pkc ) +cache_public_key( PKT_public_key *pk ) { - pkc_cache_entry_t ce; + pk_cache_entry_t ce; u32 keyid[2]; - if( is_ELGAMAL(pkc->pubkey_algo) - || pkc->pubkey_algo == PUBKEY_ALGO_DSA - || is_RSA(pkc->pubkey_algo) ) { - keyid_from_pkc( pkc, keyid ); + if( is_ELGAMAL(pk->pubkey_algo) + || pk->pubkey_algo == PUBKEY_ALGO_DSA + || is_RSA(pk->pubkey_algo) ) { + keyid_from_pk( pk, keyid ); } else return; /* don't know how to get the keyid */ - for( ce = pkc_cache; ce; ce = ce->next ) + for( ce = pk_cache; ce; ce = ce->next ) if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) { if( DBG_CACHE ) - log_debug("cache_public_cert: already in cache\n"); + log_debug("cache_public_key: already in cache\n"); return; } - if( pkc_cache_entries > MAX_PKC_CACHE_ENTRIES ) { + if( pk_cache_entries > MAX_PK_CACHE_ENTRIES ) { /* FIMXE: use another algorithm to free some cache slots */ - if( pkc_cache_entries == MAX_PKC_CACHE_ENTRIES ) { - pkc_cache_entries++; - log_info("too many entries in pkc cache - disabled\n"); + if( pk_cache_entries == MAX_PK_CACHE_ENTRIES ) { + pk_cache_entries++; + log_info("too many entries in pk cache - disabled\n"); } - ce = pkc_cache; - free_public_cert( ce->pkc ); + ce = pk_cache; + free_public_key( ce->pk ); } else { - pkc_cache_entries++; + pk_cache_entries++; ce = m_alloc( sizeof *ce ); - ce->next = pkc_cache; - pkc_cache = ce; + ce->next = pk_cache; + pk_cache = ce; } - ce->pkc = copy_public_cert( NULL, pkc ); + ce->pk = copy_public_key( NULL, pk ); ce->keyid[0] = keyid[0]; ce->keyid[1] = keyid[1]; } @@ -238,17 +238,17 @@ cache_user_id( PKT_user_id *uid, u32 *keyid ) /**************** - * Get a public key and store it into the allocated pkc - * can be called with PKC set to NULL to just read it into some + * Get a public key and store it into the allocated pk + * can be called with PK set to NULL to just read it into some * internal structures. */ int -get_pubkey( PKT_public_cert *pkc, u32 *keyid ) +get_pubkey( PKT_public_key *pk, u32 *keyid ) { keyid_list_t kl; int internal = 0; int rc = 0; - pkc_cache_entry_t ce; + pk_cache_entry_t ce; /* let's see whether we checked the keyid already */ for( kl = unknown_keyids; kl; kl = kl->next ) @@ -256,21 +256,21 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid ) return G10ERR_NO_PUBKEY; /* already checked and not found */ /* Try to get it from our cache */ - for( ce = pkc_cache; ce; ce = ce->next ) + for( ce = pk_cache; ce; ce = ce->next ) if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) { - if( pkc ) - copy_public_cert( pkc, ce->pkc ); + if( pk ) + copy_public_key( pk, ce->pk ); return 0; } /* more init stuff */ - if( !pkc ) { - pkc = m_alloc_clear( sizeof *pkc ); + if( !pk ) { + pk = m_alloc_clear( sizeof *pk ); internal++; } /* do a lookup */ - rc = lookup( pkc, 11, keyid, NULL, NULL ); + rc = lookup( pk, 11, keyid, NULL, NULL ); if( !rc ) goto leave; @@ -284,9 +284,9 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid ) leave: if( !rc ) - cache_public_cert( pkc ); + cache_public_key( pk ); if( internal ) - m_free(pkc); + m_free(pk); return rc; } @@ -320,7 +320,7 @@ hextobyte( const byte *s ) /**************** * Try to get the pubkey by the userid. This function looks for the * first pubkey certificate which has the given name in a user_id. - * if pkc has the pubkey algo set, the function will only return + * if pk has the pubkey algo set, the function will only return * a pubkey with that algo. * * - If the username starts with 8,9,16 or 17 hex-digits (the first one @@ -344,7 +344,7 @@ hextobyte( const byte *s ) static int key_byname( int secret, - PKT_public_cert *pkc, PKT_secret_cert *skc, const char *name ) + PKT_public_key *pk, PKT_secret_key *sk, const char *name ) { int internal = 0; int rc = 0; @@ -439,35 +439,35 @@ key_byname( int secret, goto leave; if( secret ) { - if( !skc ) { - skc = m_alloc_clear( sizeof *skc ); + if( !sk ) { + sk = m_alloc_clear( sizeof *sk ); internal++; } - rc = mode < 16? lookup_skc( skc, mode, keyid, name ) - : lookup_skc( skc, mode, keyid, fprint ); + rc = mode < 16? lookup_sk( sk, mode, keyid, name ) + : lookup_sk( sk, mode, keyid, fprint ); } else { - if( !pkc ) { - pkc = m_alloc_clear( sizeof *pkc ); + if( !pk ) { + pk = m_alloc_clear( sizeof *pk ); internal++; } - rc = mode < 16? lookup( pkc, mode, keyid, name, NULL ) - : lookup( pkc, mode, keyid, fprint, NULL ); + rc = mode < 16? lookup( pk, mode, keyid, name, NULL ) + : lookup( pk, mode, keyid, fprint, NULL ); } leave: if( internal && secret ) - m_free( skc ); + m_free( sk ); else if( internal ) - m_free( pkc ); + m_free( pk ); return rc; } int -get_pubkey_byname( PKT_public_cert *pkc, const char *name ) +get_pubkey_byname( PKT_public_key *pk, const char *name ) { - return key_byname( 0, pkc, NULL, name ); + return key_byname( 0, pk, NULL, name ); } @@ -481,31 +481,31 @@ get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint, size_t fprint_len ) { int rc; - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); if( fprint_len == 20 || fprint_len == 16 ) - rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock ); + rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock ); else rc = G10ERR_GENERAL; /* Oops */ - free_public_cert( pkc ); + free_public_key( pk ); return rc; } /**************** - * Get a secret key and store it into skc + * Get a secret key and store it into sk */ int -get_seckey( PKT_secret_cert *skc, u32 *keyid ) +get_seckey( PKT_secret_key *sk, u32 *keyid ) { int rc; - rc = lookup_skc( skc, 11, keyid, NULL ); + rc = lookup_sk( sk, 11, keyid, NULL ); if( !rc ) { /* check the secret key (this may prompt for a passprase to * unlock the secret key */ - rc = check_secret_key( skc ); + rc = check_secret_key( sk ); } return rc; @@ -519,30 +519,30 @@ get_seckey( PKT_secret_cert *skc, u32 *keyid ) int seckey_available( u32 *keyid ) { - PKT_secret_cert *skc; + PKT_secret_key *sk; int rc; - skc = m_alloc_clear( sizeof *skc ); - rc = lookup_skc( skc, 11, keyid, NULL ); - free_secret_cert( skc ); + sk = m_alloc_clear( sizeof *sk ); + rc = lookup_sk( sk, 11, keyid, NULL ); + free_secret_key( sk ); return rc; } /**************** - * Get a secret key by name and store it into skc - * If NAME is NULL use the default certificate + * Get a secret key by name and store it into sk + * If NAME is NULL use the default key */ int -get_seckey_byname( PKT_secret_cert *skc, const char *name, int unprotect ) +get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect ) { int rc; - rc = name ? key_byname( 1, NULL, skc, name ) - : lookup_skc( skc, 15, NULL, NULL ); + rc = name ? key_byname( 1, NULL, sk, name ) + : lookup_sk( sk, 15, NULL, NULL ); if( !rc && unprotect ) - rc = check_secret_key( skc ); + rc = check_secret_key( sk ); return rc; } @@ -606,26 +606,26 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode ) static void add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) { - PKT_public_cert *pkc = knode->pkt->pkt.public_cert; + PKT_public_key *pk = knode->pkt->pkt.public_key; PKT_signature *sig; KBNODE k; u32 kid[2]; - assert( knode->pkt->pkttype == PKT_PUBLIC_CERT - || knode->pkt->pkttype == PKT_PUBKEY_SUBCERT ); + assert( knode->pkt->pkttype == PKT_PUBLIC_KEY + || knode->pkt->pkttype == PKT_PUBLIC_SUBKEY ); - if( pkc->version < 4 ) + if( pk->version < 4 ) return; /* this is only needed for version >=4 packets */ /* find the selfsignature */ - if( knode->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { - k = find_kbnode( keyblock, PKT_PUBLIC_CERT ); + if( knode->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { + k = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !k ) BUG(); /* keyblock without primary key!!! */ - keyid_from_pkc( knode->pkt->pkt.public_cert, kid ); + keyid_from_pk( knode->pkt->pkt.public_key, kid ); } else - keyid_from_pkc( pkc, kid ); + keyid_from_pk( pk, kid ); for(k=keyblock; k; k = k->next ) { if( k->pkt->pkttype == PKT_SIGNATURE && (sig=k->pkt->pkt.signature)->sig_class >= 0x10 @@ -641,8 +641,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) */ const byte *p; p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL ); - pkc->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0; - /* fixme: add usage etc. to pkc */ + pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0; + /* fixme: add usage etc. to pk */ break; } } @@ -660,13 +660,13 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode ) * 15 = Get the first key. * 16 = lookup by 16 byte fingerprint which is stored in NAME * 20 = lookup by 20 byte fingerprint which is stored in NAME - * Caller must provide an empty PKC, if the pubkey_algo is filled in, only + * Caller must provide an empty PK, if the pubkey_algo is filled in, only * a key of this algo will be returned. * If ret_keyblock is not NULL, the complete keyblock is returned also * and the caller must release it. */ static int -lookup( PKT_public_cert *pkc, int mode, u32 *keyid, +lookup( PKT_public_key *pk, int mode, u32 *keyid, const char *name, KBNODE *ret_keyblock ) { int rc; @@ -692,15 +692,15 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, k->pkt->pkt.user_id->len, name, mode)) { /* we found a matching name, look for the key */ for(kk=keyblock; kk; kk = kk->next ) - if( ( kk->pkt->pkttype == PKT_PUBLIC_CERT - || kk->pkt->pkttype == PKT_PUBKEY_SUBCERT ) - && ( !pkc->pubkey_algo - || pkc->pubkey_algo - == kk->pkt->pkt.public_cert->pubkey_algo)) + if( ( kk->pkt->pkttype == PKT_PUBLIC_KEY + || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + && ( !pk->pubkey_algo + || pk->pubkey_algo + == kk->pkt->pkt.public_key->pubkey_algo)) break; if( kk ) { u32 aki[2]; - keyid_from_pkc( kk->pkt->pkt.public_cert, aki ); + keyid_from_pk( kk->pkt->pkt.public_key, aki ); cache_user_id( k->pkt->pkt.user_id, aki ); k = kk; break; @@ -714,24 +714,24 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, if( DBG_CACHE && (mode== 10 || mode==11) ) { log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n", (ulong)keyid[0], (ulong)keyid[1], - pkc->pubkey_algo, mode ); + pk->pubkey_algo, mode ); } for(k=keyblock; k; k = k->next ) { - if( k->pkt->pkttype == PKT_PUBLIC_CERT - || k->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + if( k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { if( mode == 10 || mode == 11 ) { u32 aki[2]; - keyid_from_pkc( k->pkt->pkt.public_cert, aki ); + keyid_from_pk( k->pkt->pkt.public_key, aki ); if( DBG_CACHE ) { log_debug(" aki=%08lx%08lx algo=%d\n", (ulong)aki[0], (ulong)aki[1], - k->pkt->pkt.public_cert->pubkey_algo ); + k->pkt->pkt.public_key->pubkey_algo ); } if( aki[1] == keyid[1] && ( mode == 10 || aki[0] == keyid[0] ) - && ( !pkc->pubkey_algo - || pkc->pubkey_algo - == k->pkt->pkt.public_cert->pubkey_algo) ){ + && ( !pk->pubkey_algo + || pk->pubkey_algo + == k->pkt->pkt.public_key->pubkey_algo) ){ /* cache the userid */ for(kk=keyblock; kk; kk = kk->next ) if( kk->pkt->pkttype == PKT_USER_ID ) @@ -744,19 +744,19 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, } } else if( mode == 15 ) { /* get the first key */ - if( !pkc->pubkey_algo - || pkc->pubkey_algo - == k->pkt->pkt.public_cert->pubkey_algo ) + if( !pk->pubkey_algo + || pk->pubkey_algo + == k->pkt->pkt.public_key->pubkey_algo ) break; } else if( mode == 16 || mode == 20 ) { size_t an; - byte *afp = fingerprint_from_pkc( - k->pkt->pkt.public_cert, &an ); + byte *afp = fingerprint_from_pk( + k->pkt->pkt.public_key, &an ); if( an == mode && !memcmp( afp, name, an) - && ( !pkc->pubkey_algo - || pkc->pubkey_algo - == k->pkt->pkt.public_cert->pubkey_algo) ) { + && ( !pk->pubkey_algo + || pk->pubkey_algo + == k->pkt->pkt.public_key->pubkey_algo) ) { m_free(afp); break; } @@ -768,9 +768,9 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, } } if( k ) { /* found */ - assert( k->pkt->pkttype == PKT_PUBLIC_CERT - || k->pkt->pkttype == PKT_PUBKEY_SUBCERT ); - copy_public_cert( pkc, k->pkt->pkt.public_cert ); + assert( k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ); + copy_public_key( pk, k->pkt->pkt.public_key ); add_stuff_from_selfsig( keyblock, k ); if( ret_keyblock ) { *ret_keyblock = keyblock; @@ -797,7 +797,7 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, * Ditto for secret keys */ static int -lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name ) +lookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name ) { int rc; KBNODE keyblock = NULL; @@ -822,46 +822,46 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name ) k->pkt->pkt.user_id->len, name, mode)) { /* we found a matching name, look for the key */ for(kk=keyblock; kk; kk = kk->next ) - if( ( kk->pkt->pkttype == PKT_SECRET_CERT - || kk->pkt->pkttype == PKT_SECKEY_SUBCERT ) - && ( !skc->pubkey_algo - || skc->pubkey_algo - == kk->pkt->pkt.secret_cert->pubkey_algo)) + if( ( kk->pkt->pkttype == PKT_SECRET_KEY + || kk->pkt->pkttype == PKT_SECRET_SUBKEY ) + && ( !sk->pubkey_algo + || sk->pubkey_algo + == kk->pkt->pkt.secret_key->pubkey_algo)) break; if( kk ) { u32 aki[2]; - keyid_from_skc( kk->pkt->pkt.secret_cert, aki ); + keyid_from_sk( kk->pkt->pkt.secret_key, aki ); cache_user_id( k->pkt->pkt.user_id, aki ); k = kk; break; } else - log_error("No key for userid (in skc)\n"); + log_error("No key for userid (in sk)\n"); } } } else { /* keyid or fingerprint lookup */ if( DBG_CACHE && (mode== 10 || mode==11) ) { - log_debug("lookup_skc keyid=%08lx%08lx req_algo=%d mode=%d\n", + log_debug("lookup_sk keyid=%08lx%08lx req_algo=%d mode=%d\n", (ulong)keyid[0], (ulong)keyid[1], - skc->pubkey_algo, mode ); + sk->pubkey_algo, mode ); } for(k=keyblock; k; k = k->next ) { - if( k->pkt->pkttype == PKT_SECRET_CERT - || k->pkt->pkttype == PKT_SECKEY_SUBCERT ) { + if( k->pkt->pkttype == PKT_SECRET_KEY + || k->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( mode == 10 || mode == 11 ) { u32 aki[2]; - keyid_from_skc( k->pkt->pkt.secret_cert, aki ); + keyid_from_sk( k->pkt->pkt.secret_key, aki ); if( DBG_CACHE ) { log_debug(" aki=%08lx%08lx algo=%d\n", (ulong)aki[0], (ulong)aki[1], - k->pkt->pkt.secret_cert->pubkey_algo ); + k->pkt->pkt.secret_key->pubkey_algo ); } if( aki[1] == keyid[1] && ( mode == 10 || aki[0] == keyid[0] ) - && ( !skc->pubkey_algo - || skc->pubkey_algo - == k->pkt->pkt.secret_cert->pubkey_algo) ){ + && ( !sk->pubkey_algo + || sk->pubkey_algo + == k->pkt->pkt.secret_key->pubkey_algo) ){ /* cache the userid */ for(kk=keyblock; kk; kk = kk->next ) if( kk->pkt->pkttype == PKT_USER_ID ) @@ -874,19 +874,19 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name ) } } else if( mode == 15 ) { /* get the first key */ - if( !skc->pubkey_algo - || skc->pubkey_algo - == k->pkt->pkt.secret_cert->pubkey_algo ) + if( !sk->pubkey_algo + || sk->pubkey_algo + == k->pkt->pkt.secret_key->pubkey_algo ) break; } else if( mode == 16 || mode == 20 ) { size_t an; - byte *afp = fingerprint_from_skc( - k->pkt->pkt.secret_cert, &an ); + byte *afp = fingerprint_from_sk( + k->pkt->pkt.secret_key, &an ); if( an == mode && !memcmp( afp, name, an) - && ( !skc->pubkey_algo - || skc->pubkey_algo - == k->pkt->pkt.secret_cert->pubkey_algo) ) { + && ( !sk->pubkey_algo + || sk->pubkey_algo + == k->pkt->pkt.secret_key->pubkey_algo) ) { m_free(afp); break; } @@ -898,9 +898,9 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name ) } } if( k ) { /* found */ - assert( k->pkt->pkttype == PKT_SECRET_CERT - || k->pkt->pkttype == PKT_SECKEY_SUBCERT ); - copy_secret_cert( skc, k->pkt->pkt.secret_cert ); + assert( k->pkt->pkttype == PKT_SECRET_KEY + || k->pkt->pkttype == PKT_SECRET_SUBKEY ); + copy_secret_key( sk, k->pkt->pkt.secret_key ); break; /* enumeration */ } release_kbnode( keyblock ); @@ -924,16 +924,16 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name ) * Enumerate all secret keys. Caller must use these procedure: * 1) create a void pointer and initialize it to NULL * 2) pass this void pointer by reference to this function - * and provide space for the secret key (pass a buffer for skc) + * and provide space for the secret key (pass a buffer for sk) * 3) call this function as long as it does not return -1 * to indicate EOF. - * 4) Always call this function a last time with SKC set to NULL, + * 4) Always call this function a last time with SK set to NULL, * so that can free it's context. * * Return */ int -enum_secret_keys( void **context, PKT_secret_cert *skc ) +enum_secret_keys( void **context, PKT_secret_key *sk ) { int rc=0; PACKET pkt; @@ -946,7 +946,7 @@ enum_secret_keys( void **context, PKT_secret_cert *skc ) c->sl = secret_keyrings; } - if( !skc ) { /* free the context */ + if( !sk ) { /* free the context */ m_free( c ); *context = NULL; return 0; @@ -968,9 +968,9 @@ enum_secret_keys( void **context, PKT_secret_cert *skc ) while( (rc=parse_packet(c->iobuf, &pkt)) != -1 ) { if( rc ) ; /* e.g. unknown packet */ - else if( pkt.pkttype == PKT_SECRET_CERT - || pkt.pkttype == PKT_SECKEY_SUBCERT ) { - copy_secret_cert( skc, pkt.pkt.secret_cert ); + else if( pkt.pkttype == PKT_SECRET_KEY + || pkt.pkttype == PKT_SECRET_SUBKEY ) { + copy_secret_key( sk, pkt.pkt.secret_key ); set_packet_list_mode(save_mode); return 0; /* found */ } diff --git a/g10/import.c b/g10/import.c index 228c754eb..719a8e8e2 100644 --- a/g10/import.c +++ b/g10/import.c @@ -38,9 +38,10 @@ static int read_block( IOBUF a, compress_filter_context_t *cfx, PACKET **pending_pkt, KBNODE *ret_root ); static int import_one( const char *fname, KBNODE keyblock ); +static int import_secret_one( const char *fname, KBNODE keyblock ); static int import_revoke_cert( const char *fname, KBNODE node ); static int chk_self_sigs( const char *fname, KBNODE keyblock, - PKT_public_cert *pkc, u32 *keyid ); + PKT_public_key *pk, u32 *keyid ); static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ); static int merge_blocks( const char *fname, KBNODE keyblock_orig, KBNODE keyblock, u32 *keyid, @@ -83,7 +84,7 @@ static int merge_sigs( KBNODE dst, KBNODE src, int *n_sigs, * */ int -import_pubkeys( const char *fname ) +import_keys( const char *fname ) { armor_filter_context_t afx; compress_filter_context_t cfx; @@ -108,8 +109,10 @@ import_pubkeys( const char *fname ) iobuf_push_filter( inp, armor_filter, &afx ); while( !(rc = read_block( inp, &cfx, &pending_pkt, &keyblock) )) { - if( keyblock->pkt->pkttype == PKT_PUBLIC_CERT ) + if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY ) rc = import_one( fname, keyblock ); + else if( keyblock->pkt->pkttype == PKT_SECRET_KEY ) + rc = import_secret_one( fname, keyblock ); else if( keyblock->pkt->pkttype == PKT_SIGNATURE && keyblock->pkt->pkt.signature->sig_class == 0x20 ) rc = import_revoke_cert( fname, keyblock ); @@ -156,7 +159,9 @@ read_block( IOBUF a, compress_filter_context_t *cfx, init_packet(pkt); while( (rc=parse_packet(a, pkt)) != -1 ) { if( rc ) { /* ignore errors */ - if( rc != G10ERR_UNKNOWN_PACKET ) { + if( rc == G10ERR_PUBKEY_ALGO ) + parse_pubkey_warning( pkt ); + else if( rc != G10ERR_UNKNOWN_PACKET ) { log_error("read_block: read error: %s\n", g10_errstr(rc) ); rc = G10ERR_INV_KEYRING; goto ready; @@ -191,8 +196,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx, break; - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: if( in_cert ) { /* store this packet */ *pending_pkt = pkt; pkt = NULL; @@ -234,8 +239,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx, static int import_one( const char *fname, KBNODE keyblock ) { - PKT_public_cert *pkc; - PKT_public_cert *pkc_orig; + PKT_public_key *pk; + PKT_public_key *pk_orig; KBNODE node, uidnode; KBNODE keyblock_orig = NULL; KBPOS kbpos; @@ -243,21 +248,19 @@ import_one( const char *fname, KBNODE keyblock ) int rc = 0; /* get the key and print some info about it */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); - if( !node ) { - log_error("%s: Oops; public key not found anymore!\n", fname); - return G10ERR_GENERAL; /* really serious */ - } + node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); + if( !node ) + BUG(); - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, keyid ); + pk = node->pkt->pkt.public_key; + keyid_from_pk( pk, keyid ); uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); if( opt.verbose ) { log_info("%s: pub %4u%c/%08lX %s ", fname, - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid[1], datestr_from_pkc(pkc) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + (ulong)keyid[1], datestr_from_pk(pk) ); if( uidnode ) print_string( stderr, uidnode->pkt->pkt.user_id->name, uidnode->pkt->pkt.user_id->len, 0 ); @@ -269,7 +272,7 @@ import_one( const char *fname, KBNODE keyblock ) } clear_kbnode_flags( keyblock ); - rc = chk_self_sigs( fname, keyblock , pkc, keyid ); + rc = chk_self_sigs( fname, keyblock , pk, keyid ); if( rc ) return rc== -1? 0:rc; @@ -280,8 +283,8 @@ import_one( const char *fname, KBNODE keyblock ) } /* do we have this key already in one of our pubrings ? */ - pkc_orig = m_alloc_clear( sizeof *pkc_orig ); - rc = get_pubkey( pkc_orig, keyid ); + pk_orig = m_alloc_clear( sizeof *pk_orig ); + rc = get_pubkey( pk_orig, keyid ); if( rc && rc != G10ERR_NO_PUBKEY ) { log_error("%s: key %08lX, public key not found: %s\n", fname, (ulong)keyid[1], g10_errstr(rc)); @@ -310,7 +313,7 @@ import_one( const char *fname, KBNODE keyblock ) /* Compare the original against the new key; just to be sure nothing * weird is going on */ - if( cmp_public_certs( pkc_orig, pkc ) ) { + if( cmp_public_keys( pk_orig, pk ) ) { log_error("%s: key %08lX, doesn't match our copy\n", fname, (ulong)keyid[1]); rc = G10ERR_GENERAL; @@ -321,7 +324,7 @@ import_one( const char *fname, KBNODE keyblock ) * ask the user what to do. <--- fixme */ /* now read the original keyblock */ - rc = find_keyblock_bypkc( &kbpos, pkc_orig ); + rc = find_keyblock_bypk( &kbpos, pk_orig ); if( rc ) { log_error("%s: key %08lX, can't locate original keyblock: %s\n", fname, (ulong)keyid[1], g10_errstr(rc)); @@ -379,7 +382,80 @@ import_one( const char *fname, KBNODE keyblock ) leave: release_kbnode( keyblock_orig ); - free_public_cert( pkc_orig ); + free_public_key( pk_orig ); + return rc; +} + + +/**************** + * Ditto for secret keys. Handling is simpler than for public keys. + */ +static int +import_secret_one( const char *fname, KBNODE keyblock ) +{ + PKT_secret_key *sk; + KBNODE node, uidnode; + KBNODE keyblock_orig = NULL; + KBPOS kbpos; + u32 keyid[2]; + int rc = 0; + + /* get the key and print some info about it */ + node = find_kbnode( keyblock, PKT_SECRET_KEY ); + if( !node ) + BUG(); + + sk = node->pkt->pkt.secret_key; + keyid_from_sk( sk, keyid ); + uidnode = find_next_kbnode( keyblock, PKT_USER_ID ); + + if( opt.verbose ) { + log_info("%s: sec %4u%c/%08lX %s ", fname, + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + (ulong)keyid[1], datestr_from_sk(sk) ); + if( uidnode ) + print_string( stderr, uidnode->pkt->pkt.user_id->name, + uidnode->pkt->pkt.user_id->len, 0 ); + putc('\n', stderr); + } + if( !uidnode ) { + log_error("%s: No user id for key %08lX\n", fname, (ulong)keyid[1]); + return 0; + } + + clear_kbnode_flags( keyblock ); + + /* do we have this key already in one of our secrings ? */ + rc = seckey_available( keyid ); + if( rc == G10ERR_NO_SECKEY ) { /* simply insert this key */ + /* get default resource */ + if( get_keyblock_handle( NULL, 1, &kbpos ) ) { + log_error("no default secret keyring\n"); + return G10ERR_GENERAL; + } + if( opt.verbose > 1 ) + log_info("%s: writing to '%s'\n", + fname, keyblock_resource_name(&kbpos) ); + if( (rc=lock_keyblock( &kbpos )) ) + log_error("can't lock secret keyring '%s': %s\n", + keyblock_resource_name(&kbpos), g10_errstr(rc) ); + else if( (rc=insert_keyblock( &kbpos, keyblock )) ) + log_error("%s: can't write to '%s': %s\n", fname, + keyblock_resource_name(&kbpos), g10_errstr(rc) ); + unlock_keyblock( &kbpos ); + /* we are ready */ + log_info("%s: key %08lX imported\n", fname, (ulong)keyid[1]); + } + else if( !rc ) { /* we can't merge secret keys */ + log_error("%s: key %08lX already in secret keyring\n", + fname, (ulong)keyid[1]); + } + else + log_error("%s: key %08lX, secret key not found: %s\n", + fname, (ulong)keyid[1], g10_errstr(rc)); + + release_kbnode( keyblock_orig ); return rc; } @@ -390,7 +466,7 @@ import_one( const char *fname, KBNODE keyblock ) static int import_revoke_cert( const char *fname, KBNODE node ) { - PKT_public_cert *pkc=NULL; + PKT_public_key *pk=NULL; KBNODE onode, keyblock = NULL; KBPOS kbpos; u32 keyid[2]; @@ -403,8 +479,8 @@ import_revoke_cert( const char *fname, KBNODE node ) keyid[0] = node->pkt->pkt.signature->keyid[0]; keyid[1] = node->pkt->pkt.signature->keyid[1]; - pkc = m_alloc_clear( sizeof *pkc ); - rc = get_pubkey( pkc, keyid ); + pk = m_alloc_clear( sizeof *pk ); + rc = get_pubkey( pk, keyid ); if( rc == G10ERR_NO_PUBKEY ) { log_info("%s: key %08lX, no public key - " "can't apply revocation certificate\n", @@ -419,7 +495,7 @@ import_revoke_cert( const char *fname, KBNODE node ) } /* read the original keyblock */ - rc = find_keyblock_bypkc( &kbpos, pkc ); + rc = find_keyblock_bypk( &kbpos, pk ); if( rc ) { log_error("%s: key %08lX, can't locate original keyblock: %s\n", fname, (ulong)keyid[1], g10_errstr(rc)); @@ -478,7 +554,7 @@ import_revoke_cert( const char *fname, KBNODE node ) leave: release_kbnode( keyblock ); - free_public_cert( pkc ); + free_public_key( pk ); return rc; } @@ -490,7 +566,7 @@ import_revoke_cert( const char *fname, KBNODE node ) */ static int chk_self_sigs( const char *fname, KBNODE keyblock, - PKT_public_cert *pkc, u32 *keyid ) + PKT_public_key *pk, u32 *keyid ) { KBNODE n, unode; PKT_signature *sig; diff --git a/g10/kbnode.c b/g10/kbnode.c index bdb58d191..4578f8271 100644 --- a/g10/kbnode.c +++ b/g10/kbnode.c @@ -150,13 +150,13 @@ find_next_kbnode( KBNODE node, int pkttype ) if( !pkttype ) return node; else if( pkttype == PKT_USER_ID - && ( node->pkt->pkttype == PKT_PUBLIC_CERT - || node->pkt->pkttype == PKT_SECRET_CERT ) ) + && ( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_SECRET_KEY ) ) return NULL; else if( pkttype == PKT_SIGNATURE && ( node->pkt->pkttype == PKT_USER_ID - || node->pkt->pkttype == PKT_PUBLIC_CERT - || node->pkt->pkttype == PKT_SECRET_CERT ) ) + || node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_SECRET_KEY ) ) return NULL; else if( node->pkt->pkttype == pkttype ) return node; @@ -248,14 +248,14 @@ dump_kbnode( KBNODE node ) const char *s; switch( node->pkt->pkttype ) { case 0: s="empty"; break; - case PKT_PUBLIC_CERT: s="public-key"; break; - case PKT_SECRET_CERT: s="secret-key"; break; - case PKT_SECKEY_SUBCERT: s= "secret-subkey"; break; + case PKT_PUBLIC_KEY: s="public-key"; break; + case PKT_SECRET_KEY: s="secret-key"; break; + case PKT_SECRET_SUBKEY: s= "secret-subkey"; break; case PKT_PUBKEY_ENC: s="public-enc"; break; case PKT_SIGNATURE: s="signature"; break; case PKT_ONEPASS_SIG: s="onepass-sig"; break; case PKT_USER_ID: s="user-id"; break; - case PKT_PUBKEY_SUBCERT: s="public-subkey"; break; + case PKT_PUBLIC_SUBKEY: s="public-subkey"; break; case PKT_COMMENT: s="comment"; break; case PKT_RING_TRUST: s="trust"; break; case PKT_PLAINTEXT: s="plaintext"; break; @@ -275,10 +275,10 @@ dump_kbnode( KBNODE node ) fprintf(stderr, " keyid=%08lX\n", (ulong)node->pkt->pkt.signature->keyid[1] ); } - else if( node->pkt->pkttype == PKT_PUBLIC_CERT - || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + else if( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { fprintf(stderr, " keyid=%08lX\n", (ulong) - keyid_from_pkc( node->pkt->pkt.public_cert, NULL )); + keyid_from_pk( node->pkt->pkt.public_key, NULL )); } else fputs("\n", stderr); diff --git a/g10/keydb.h b/g10/keydb.h index 07d9115b3..ddc9e5491 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -58,18 +58,18 @@ struct keyblock_pos_struct { typedef struct keyblock_pos_struct KBPOS; /* structure to hold a couple of public key certificates */ -typedef struct pkc_list *PKC_LIST; -struct pkc_list { - PKC_LIST next; - PKT_public_cert *pkc; +typedef struct pk_list *PK_LIST; +struct pk_list { + PK_LIST next; + PKT_public_key *pk; int mark; }; /* structure to hold a couple of secret key certificates */ -typedef struct skc_list *SKC_LIST; -struct skc_list { - SKC_LIST next; - PKT_secret_cert *skc; +typedef struct sk_list *SK_LIST; +struct sk_list { + SK_LIST next; + PKT_secret_key *sk; int mark; }; @@ -86,12 +86,12 @@ struct pubkey_find_info { /*-- pkclist.c --*/ -void release_pkc_list( PKC_LIST pkc_list ); -int build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage ); +void release_pk_list( PK_LIST pk_list ); +int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ); /*-- skclist.c --*/ -void release_skc_list( SKC_LIST skc_list ); -int build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, +void release_sk_list( SK_LIST sk_list ); +int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned usage ); /*-- passphrase.h --*/ @@ -106,29 +106,29 @@ void add_keyring( const char *name ); const char *get_keyring( int sequence ); const char *get_secret_keyring( int sequence ); void add_secret_keyring( const char *name ); -int get_pubkey( PKT_public_cert *pkc, u32 *keyid ); -int get_pubkey_byname( PKT_public_cert *pkc, const char *name ); -int get_seckey( PKT_secret_cert *skc, u32 *keyid ); +int get_pubkey( PKT_public_key *pk, u32 *keyid ); +int get_pubkey_byname( PKT_public_key *pk, const char *name ); +int get_seckey( PKT_secret_key *sk, u32 *keyid ); int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint, size_t fprint_len ); int seckey_available( u32 *keyid ); -int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock ); -int enum_secret_keys( void **context, PKT_secret_cert *skc ); +int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock ); +int enum_secret_keys( void **context, PKT_secret_key *sk ); char*get_user_id_string( u32 *keyid ); char*get_user_id( u32 *keyid, size_t *rn ); /*-- keyid.c --*/ int pubkey_letter( int algo ); -u32 keyid_from_skc( PKT_secret_cert *skc, u32 *keyid ); -u32 keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid ); +u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid ); +u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid ); u32 keyid_from_sig( PKT_signature *sig, u32 *keyid ); -unsigned nbits_from_pkc( PKT_public_cert *pkc ); -unsigned nbits_from_skc( PKT_secret_cert *skc ); -const char *datestr_from_pkc( PKT_public_cert *pkc ); -const char *datestr_from_skc( PKT_secret_cert *skc ); +unsigned nbits_from_pk( PKT_public_key *pk ); +unsigned nbits_from_sk( PKT_secret_key *sk ); +const char *datestr_from_pk( PKT_public_key *pk ); +const char *datestr_from_sk( PKT_secret_key *sk ); const char *datestr_from_sig( PKT_signature *sig ); -byte *fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len ); -byte *fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len ); +byte *fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len ); +byte *fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len ); /*-- kbnode.c --*/ KBNODE new_kbnode( PACKET *pkt ); @@ -150,7 +150,7 @@ const char *keyblock_resource_name( KBPOS *kbpos ); int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ); int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos ); int find_keyblock_byname( KBPOS *kbpos, const char *username ); -int find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc ); +int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk ); int find_secret_keyblock_byname( KBPOS *kbpos, const char *username ); int lock_keyblock( KBPOS *kbpos ); void unlock_keyblock( KBPOS *kbpos ); diff --git a/g10/keyedit.c b/g10/keyedit.c index 8f3f16511..3851b5c06 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -40,12 +40,12 @@ static void -show_fingerprint( PKT_public_cert *pkc ) +show_fingerprint( PKT_public_key *pk ) { byte *array, *p; size_t i, n; - p = array = fingerprint_from_pkc( pkc, &n ); + p = array = fingerprint_from_pk( pk, &n ); tty_printf(" Fingerprint:"); if( n == 20 ) { for(i=0; i < n ; i++, i++, p += 2 ) { @@ -70,20 +70,20 @@ show_fingerprint( PKT_public_cert *pkc ) * Ask whether the user is willing to sign the key. Return true if so. */ static int -sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid ) +sign_it_p( PKT_public_key *pk, PKT_user_id *uid ) { char *answer; int yes; tty_printf("\nAre you really sure that you want to sign this key:\n\n" "%4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid_from_pkc( pkc, NULL ), - datestr_from_pkc( pkc ) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + (ulong)keyid_from_pk( pk, NULL ), + datestr_from_pk( pk ) ); tty_print_string( uid->name, uid->len ); tty_printf("\n"); - show_fingerprint(pkc); + show_fingerprint(pk); tty_printf("\n"); answer = tty_get("Sign this key? "); tty_kill_prompt(); @@ -231,13 +231,13 @@ sign_key( const char *username, STRLIST locusr ) { md_filter_context_t mfx; int rc = 0; - SKC_LIST skc_list = NULL; - SKC_LIST skc_rover = NULL; + SK_LIST sk_list = NULL; + SK_LIST sk_rover = NULL; KBNODE keyblock = NULL; KBNODE kbctx, node; KBPOS kbpos; - PKT_public_cert *pkc; - u32 pkc_keyid[2]; + PKT_public_key *pk; + u32 pk_keyid[2]; char *answer; memset( &mfx, 0, sizeof mfx); @@ -250,7 +250,7 @@ sign_key( const char *username, STRLIST locusr ) } /* build a list of all signators */ - rc=build_skc_list( locusr, &skc_list, 0, 1 ); + rc=build_sk_list( locusr, &sk_list, 0, 1 ); if( rc ) goto leave; @@ -263,23 +263,23 @@ sign_key( const char *username, STRLIST locusr ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); + node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; public key not found anymore!\n"); rc = G10ERR_GENERAL; goto leave; } - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, pkc_keyid ); + pk = node->pkt->pkt.public_key; + keyid_from_pk( pk, pk_keyid ); log_info("Checking signatures of this public key certificate:\n"); tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - pkc_keyid[1], datestr_from_pkc(pkc) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + pk_keyid[1], datestr_from_pk(pk) ); { size_t n; - char *p = get_user_id( pkc_keyid, &n ); + char *p = get_user_id( pk_keyid, &n ); tty_print_string( p, n > 40? 40 : n ); m_free(p); tty_printf("\n"); @@ -292,35 +292,35 @@ sign_key( const char *username, STRLIST locusr ) answer = tty_get("To you want to remove some of the invalid sigs? "); tty_kill_prompt(); if( answer_is_yes(answer) ) - remove_keysigs( keyblock, pkc_keyid, 0 ); + remove_keysigs( keyblock, pk_keyid, 0 ); m_free(answer); } } /* check whether we it is possible to sign this key */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { u32 akeyid[2]; - keyid_from_skc( skc_rover->skc, akeyid ); + keyid_from_sk( sk_rover->sk, akeyid ); for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { if( node->pkt->pkttype == PKT_USER_ID ) - skc_rover->mark = 1; + sk_rover->mark = 1; else if( node->pkt->pkttype == PKT_SIGNATURE && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { if( akeyid[0] == node->pkt->pkt.signature->keyid[0] && akeyid[1] == node->pkt->pkt.signature->keyid[1] ) { log_info("Already signed by keyid %08lX\n", (ulong)akeyid[1] ); - skc_rover->mark = 0; + sk_rover->mark = 0; } } } } - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - if( skc_rover->mark ) + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + if( sk_rover->mark ) break; } - if( !skc_rover ) { + if( !sk_rover ) { log_info("Nothing to sign\n"); goto leave; } @@ -334,19 +334,19 @@ sign_key( const char *username, STRLIST locusr ) * no, present each user-id in turn and ask which one should be signed * (only one) - if there is already a single-user-sig, do nothing. * (this is propably already out in the world) */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - if( !skc_rover->mark ) + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + if( !sk_rover->mark ) continue; for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { if( node->pkt->pkttype == PKT_USER_ID ) { - if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) { + if( sign_it_p( pk, node->pkt->pkt.user_id ) ) { PACKET *pkt; PKT_signature *sig; - rc = make_keysig_packet( &sig, pkc, + rc = make_keysig_packet( &sig, pk, node->pkt->pkt.user_id, NULL, - skc_rover->skc, + sk_rover->sk, 0x10, 0, NULL, NULL ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc)); @@ -370,7 +370,7 @@ sign_key( const char *username, STRLIST locusr ) leave: release_kbnode( keyblock ); - release_skc_list( skc_list ); + release_sk_list( sk_list ); md_close( mfx.md ); return rc; } @@ -384,8 +384,8 @@ edit_keysigs( const char *username ) KBNODE keyblock = NULL; KBNODE node; KBPOS kbpos; - PKT_public_cert *pkc; - u32 pkc_keyid[2]; + PKT_public_key *pk; + u32 pk_keyid[2]; /* search the userid */ rc = find_keyblock_byname( &kbpos, username ); @@ -402,23 +402,23 @@ edit_keysigs( const char *username ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); + node = find_kbnode( keyblock, PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; public key not found anymore!\n"); rc = G10ERR_GENERAL; goto leave; } - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, pkc_keyid ); + pk = node->pkt->pkt.public_key; + keyid_from_pk( pk, pk_keyid ); log_info("Checking signatures of this public key certificate:\n"); tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - pkc_keyid[1], datestr_from_pkc(pkc) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + pk_keyid[1], datestr_from_pk(pk) ); { size_t n; - char *p = get_user_id( pkc_keyid, &n ); + char *p = get_user_id( pk_keyid, &n ); tty_print_string( p, n > 40? 40 : n ); m_free(p); tty_printf("\n"); @@ -426,7 +426,7 @@ edit_keysigs( const char *username ) clear_kbnode_flags( keyblock ); check_all_keysigs( keyblock ); - if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) { + if( remove_keysigs( keyblock, pk_keyid, 1 ) ) { rc = update_keyblock( &kbpos, keyblock ); if( rc ) { log_error("update_keyblock failed: %s\n", g10_errstr(rc) ); @@ -450,8 +450,8 @@ delete_key( const char *username, int secret ) KBNODE keyblock = NULL; KBNODE node; KBPOS kbpos; - PKT_public_cert *pkc = NULL; - PKT_secret_cert *skc = NULL; + PKT_public_key *pk = NULL; + PKT_secret_key *sk = NULL; u32 keyid[2]; int okay=0; @@ -471,7 +471,7 @@ delete_key( const char *username, int secret ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT ); + node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; key not found anymore!\n"); rc = G10ERR_GENERAL; @@ -479,12 +479,12 @@ delete_key( const char *username, int secret ) } if( secret ) { - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, keyid ); + sk = node->pkt->pkt.secret_key; + keyid_from_sk( sk, keyid ); } else { - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, keyid ); + pk = node->pkt->pkt.public_key; + keyid_from_pk( pk, keyid ); rc = seckey_available( keyid ); if( !rc ) { log_error(_( @@ -513,14 +513,14 @@ delete_key( const char *username, int secret ) if( secret ) tty_printf("sec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - keyid[1], datestr_from_skc(skc) ); + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + keyid[1], datestr_from_sk(sk) ); else tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - keyid[1], datestr_from_pkc(pkc) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + keyid[1], datestr_from_pk(pk) ); p = get_user_id( keyid, &n ); tty_print_string( p, n ); m_free(p); @@ -564,7 +564,7 @@ change_passphrase( const char *username ) KBNODE keyblock = NULL; KBNODE node; KBPOS kbpos; - PKT_secret_cert *skc; + PKT_secret_key *sk; u32 keyid[2]; char *answer; int changed=0; @@ -585,19 +585,19 @@ change_passphrase( const char *username ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_SECRET_CERT ); + node = find_kbnode( keyblock, PKT_SECRET_KEY ); if( !node ) { log_error("Oops; secret key not found anymore!\n"); rc = G10ERR_GENERAL; goto leave; } - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, keyid ); + sk = node->pkt->pkt.secret_key; + keyid_from_sk( sk, keyid ); tty_printf("sec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - keyid[1], datestr_from_skc(skc) ); + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + keyid[1], datestr_from_sk(sk) ); { size_t n; char *p = get_user_id( keyid, &n ); @@ -606,18 +606,18 @@ change_passphrase( const char *username ) tty_printf("\n"); } for(node=keyblock; node; node = node->next ) { - if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { - PKT_secret_cert *subskc = node->pkt->pkt.secret_cert; - keyid_from_skc( subskc, keyid ); + if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *subsk = node->pkt->pkt.secret_key; + keyid_from_sk( subsk, keyid ); tty_printf("sub %4u%c/%08lX %s\n", - nbits_from_skc( subskc ), - pubkey_letter( subskc->pubkey_algo ), - keyid[1], datestr_from_skc(subskc) ); + nbits_from_sk( subsk ), + pubkey_letter( subsk->pubkey_algo ), + keyid[1], datestr_from_sk(subsk) ); } } clear_kbnode_flags( keyblock ); - switch( is_secret_key_protected( skc ) ) { + switch( is_secret_key_protected( sk ) ) { case -1: rc = G10ERR_PUBKEY_ALGO; break; @@ -626,7 +626,7 @@ change_passphrase( const char *username ) break; default: tty_printf("Key is protected.\n"); - rc = check_secret_key( skc ); + rc = check_secret_key( sk ); if( !rc ) passphrase = get_last_passphrase(); break; @@ -634,10 +634,10 @@ change_passphrase( const char *username ) /* unprotect all subkeys (use the supplied passphrase or ask)*/ for(node=keyblock; node; node = node->next ) { - if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { - PKT_secret_cert *subskc = node->pkt->pkt.secret_cert; + if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *subsk = node->pkt->pkt.secret_key; set_next_passphrase( passphrase ); - rc = check_secret_key( subskc ); + rc = check_secret_key( subsk ); if( rc ) break; } @@ -671,15 +671,15 @@ change_passphrase( const char *username ) break; } else { /* okay */ - skc->protect.algo = dek->algo; - skc->protect.s2k = *s2k; - rc = protect_secret_key( skc, dek ); + sk->protect.algo = dek->algo; + sk->protect.s2k = *s2k; + rc = protect_secret_key( sk, dek ); for(node=keyblock; !rc && node; node = node->next ) { - if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { - PKT_secret_cert *subskc = node->pkt->pkt.secret_cert; - subskc->protect.algo = dek->algo; - subskc->protect.s2k = *s2k; - rc = protect_secret_key( subskc, dek ); + if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *subsk = node->pkt->pkt.secret_key; + subsk->protect.algo = dek->algo; + subsk->protect.s2k = *s2k; + rc = protect_secret_key( subsk, dek ); } } if( rc ) @@ -717,9 +717,9 @@ change_passphrase( const char *username ) * If digest_algo is 0 the function selects an appropriate one. */ int -make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, - PKT_user_id *uid, PKT_public_cert *subpkc, - PKT_secret_cert *skc, +make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, + PKT_user_id *uid, PKT_public_key *subpk, + PKT_secret_key *sk, int sigclass, int digest_algo, int (*mksubpkt)(PKT_signature *, void *), void *opaque ) @@ -731,7 +731,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x20 || sigclass == 0x18 ); if( !digest_algo ) { - switch( skc->pubkey_algo ) { + switch( sk->pubkey_algo ) { case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; case PUBKEY_ALGO_RSA_S: case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break; @@ -741,12 +741,12 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, md = md_open( digest_algo, 0 ); /* hash the public key certificate and the user id */ - hash_public_cert( md, pkc ); + hash_public_key( md, pk ); if( sigclass == 0x18 ) { /* subkey binding */ - hash_public_cert( md, subpkc ); + hash_public_key( md, subpk ); } else if( sigclass != 0x20 ) { - if( skc->version >=4 ) { + if( sk->version >=4 ) { byte buf[5]; buf[0] = 0xb4; /* indicates a userid packet */ buf[1] = uid->len >> 24; /* always use 4 length bytes */ @@ -759,9 +759,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, } /* and make the signature packet */ sig = m_alloc_clear( sizeof *sig ); - sig->version = skc->version; - keyid_from_skc( skc, sig->keyid ); - sig->pubkey_algo = skc->pubkey_algo; + sig->version = sk->version; + keyid_from_sk( sk, sig->keyid ); + sig->pubkey_algo = sk->pubkey_algo; sig->digest_algo = digest_algo; sig->timestamp = make_timestamp(); sig->sig_class = sigclass; @@ -807,7 +807,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, } md_final(md); - rc = complete_sig( sig, skc, md ); + rc = complete_sig( sig, sk, md ); } md_close( md ); diff --git a/g10/keygen.c b/g10/keygen.c index a16846dd8..d9f8579e4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -53,12 +53,12 @@ write_uid( KBNODE root, const char *s ) static int add_key_expire( PKT_signature *sig, void *opaque ) { - PKT_secret_cert *skc = opaque; + PKT_secret_key *sk = opaque; byte buf[8]; u32 u; - if( skc->valid_days ) { - u = skc->valid_days * 86400L; + if( sk->valid_days ) { + u = sk->valid_days * 86400L; buf[0] = (u >> 24) & 0xff; buf[1] = (u >> 16) & 0xff; buf[2] = (u >> 8) & 0xff; @@ -109,14 +109,14 @@ add_prefs( PKT_signature *sig, void *opaque ) static int -write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) +write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk ) { PACKET *pkt; PKT_signature *sig; PKT_user_id *uid; int rc=0; KBNODE node; - PKT_public_cert *pkc; + PKT_public_key *pk; if( opt.verbose ) log_info(_("writing self signature\n")); @@ -126,15 +126,15 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) if( !node ) BUG(); /* no user id packet in tree */ uid = node->pkt->pkt.user_id; - /* get the pkc packet from the pub_tree */ - node = find_kbnode( pub_root, PKT_PUBLIC_CERT ); + /* get the pk packet from the pub_tree */ + node = find_kbnode( pub_root, PKT_PUBLIC_KEY ); if( !node ) BUG(); - pkc = node->pkt->pkt.public_cert; + pk = node->pkt->pkt.public_key; /* and make the signature */ - rc = make_keysig_packet( &sig, pkc, uid, NULL, skc, 0x13, 0, - add_prefs, skc ); + rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0, + add_prefs, sk ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); return rc; @@ -148,34 +148,34 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) } static int -write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) +write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk ) { PACKET *pkt; PKT_signature *sig; int rc=0; KBNODE node; - PKT_public_cert *pkc, *subpkc; + PKT_public_key *pk, *subpk; if( opt.verbose ) log_info(_("writing key binding signature\n")); - /* get the pkc packet from the pub_tree */ - node = find_kbnode( pub_root, PKT_PUBLIC_CERT ); + /* get the pk packet from the pub_tree */ + node = find_kbnode( pub_root, PKT_PUBLIC_KEY ); if( !node ) BUG(); - pkc = node->pkt->pkt.public_cert; + pk = node->pkt->pkt.public_key; /* find the last subkey */ - subpkc = NULL; + subpk = NULL; for(node=pub_root; node; node = node->next ) { - if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) - subpkc = node->pkt->pkt.public_cert; + if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) + subpk = node->pkt->pkt.public_key; } - if( !subpkc ) + if( !subpk ) BUG(); /* and make the signature */ - rc = make_keysig_packet( &sig, pkc, NULL, subpkc, skc, 0x18, 0, - add_key_expire, skc ); + rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0, + add_key_expire, sk ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); return rc; @@ -191,14 +191,14 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) static int gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days, + STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days, int version ) { int rc; int i; PACKET *pkt; - PKT_secret_cert *skc; - PKT_public_cert *pkc; + PKT_secret_key *sk; + PKT_public_key *pk; MPI skey[4]; MPI *factors; @@ -209,48 +209,48 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, return rc; } - skc = m_alloc_clear( sizeof *skc ); - pkc = m_alloc_clear( sizeof *pkc ); - skc->timestamp = pkc->timestamp = make_timestamp(); - skc->version = pkc->version = version; - skc->valid_days = pkc->valid_days = valid_days; - skc->pubkey_algo = pkc->pubkey_algo = algo; - pkc->pkey[0] = mpi_copy( skey[0] ); - pkc->pkey[1] = mpi_copy( skey[1] ); - pkc->pkey[2] = mpi_copy( skey[2] ); - skc->skey[0] = skey[0]; - skc->skey[1] = skey[1]; - skc->skey[2] = skey[2]; - skc->skey[3] = skey[3]; - skc->is_protected = 0; - skc->protect.algo = 0; - - skc->csum = checksum_mpi_counted_nbits( skc->skey[3] ); - if( ret_skc ) /* not a subkey: return an unprotected version of the skc */ - *ret_skc = copy_secret_cert( NULL, skc ); + sk = m_alloc_clear( sizeof *sk ); + pk = m_alloc_clear( sizeof *pk ); + sk->timestamp = pk->timestamp = make_timestamp(); + sk->version = pk->version = version; + sk->valid_days = pk->valid_days = valid_days; + sk->pubkey_algo = pk->pubkey_algo = algo; + pk->pkey[0] = mpi_copy( skey[0] ); + pk->pkey[1] = mpi_copy( skey[1] ); + pk->pkey[2] = mpi_copy( skey[2] ); + sk->skey[0] = skey[0]; + sk->skey[1] = skey[1]; + sk->skey[2] = skey[2]; + sk->skey[3] = skey[3]; + sk->is_protected = 0; + sk->protect.algo = 0; + + sk->csum = checksum_mpi_counted_nbits( sk->skey[3] ); + if( ret_sk ) /* not a subkey: return an unprotected version of the sk */ + *ret_sk = copy_secret_key( NULL, sk ); if( dek ) { - skc->protect.algo = dek->algo; - skc->protect.s2k = *s2k; - rc = protect_secret_key( skc, dek ); + sk->protect.algo = dek->algo; + sk->protect.s2k = *s2k; + rc = protect_secret_key( sk, dek ); if( rc ) { log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); - free_public_cert(pkc); - free_secret_cert(skc); + free_public_key(pk); + free_secret_key(sk); return rc; } } pkt = m_alloc_clear(sizeof *pkt); - pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT; - pkt->pkt.public_cert = pkc; + pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; + pkt->pkt.public_key = pk; add_kbnode(pub_root, new_kbnode( pkt )); /* don't know whether it makes sense to have the factors, so for now * we store them in the secret keyring (but they are not secret) */ pkt = m_alloc_clear(sizeof *pkt); - pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT; - pkt->pkt.secret_cert = skc; + pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY; + pkt->pkt.secret_key = sk; add_kbnode(sec_root, new_kbnode( pkt )); for(i=0; factors[i]; i++ ) add_kbnode( sec_root, @@ -265,13 +265,13 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, */ static int gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, - STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days ) + STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days ) { int rc; int i; PACKET *pkt; - PKT_secret_cert *skc; - PKT_public_cert *pkc; + PKT_secret_key *sk; + PKT_public_key *pk; MPI skey[5]; MPI *factors; @@ -284,43 +284,43 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, return rc; } - skc = m_alloc_clear( sizeof *skc ); - pkc = m_alloc_clear( sizeof *pkc ); - skc->timestamp = pkc->timestamp = make_timestamp(); - skc->version = pkc->version = 4; - skc->valid_days = pkc->valid_days = valid_days; - skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA; - pkc->pkey[0] = mpi_copy( skey[0] ); - pkc->pkey[1] = mpi_copy( skey[1] ); - pkc->pkey[2] = mpi_copy( skey[2] ); - pkc->pkey[3] = mpi_copy( skey[3] ); - skc->skey[0] = skey[0]; - skc->skey[1] = skey[1]; - skc->skey[2] = skey[2]; - skc->skey[3] = skey[3]; - skc->skey[4] = skey[4]; - skc->is_protected = 0; - skc->protect.algo = 0; - - skc->csum = checksum_mpi_counted_nbits( skc->skey[4] ); - if( ret_skc ) /* not a subkey: return an unprotected version of the skc */ - *ret_skc = copy_secret_cert( NULL, skc ); + sk = m_alloc_clear( sizeof *sk ); + pk = m_alloc_clear( sizeof *pk ); + sk->timestamp = pk->timestamp = make_timestamp(); + sk->version = pk->version = 4; + sk->valid_days = pk->valid_days = valid_days; + sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA; + pk->pkey[0] = mpi_copy( skey[0] ); + pk->pkey[1] = mpi_copy( skey[1] ); + pk->pkey[2] = mpi_copy( skey[2] ); + pk->pkey[3] = mpi_copy( skey[3] ); + sk->skey[0] = skey[0]; + sk->skey[1] = skey[1]; + sk->skey[2] = skey[2]; + sk->skey[3] = skey[3]; + sk->skey[4] = skey[4]; + sk->is_protected = 0; + sk->protect.algo = 0; + + sk->csum = checksum_mpi_counted_nbits( sk->skey[4] ); + if( ret_sk ) /* not a subkey: return an unprotected version of the sk */ + *ret_sk = copy_secret_key( NULL, sk ); if( dek ) { - skc->protect.algo = dek->algo; - skc->protect.s2k = *s2k; - rc = protect_secret_key( skc, dek ); + sk->protect.algo = dek->algo; + sk->protect.s2k = *s2k; + rc = protect_secret_key( sk, dek ); if( rc ) { log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); - free_public_cert(pkc); - free_secret_cert(skc); + free_public_key(pk); + free_secret_key(sk); return rc; } } pkt = m_alloc_clear(sizeof *pkt); - pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT; - pkt->pkt.public_cert = pkc; + pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; + pkt->pkt.public_key = pk; add_kbnode(pub_root, new_kbnode( pkt )); /* don't know whether it makes sense to have the factors, so for now @@ -330,8 +330,8 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, * are known. */ pkt = m_alloc_clear(sizeof *pkt); - pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT; - pkt->pkt.secret_cert = skc; + pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY; + pkt->pkt.secret_key = sk; add_kbnode(sec_root, new_kbnode( pkt )); for(i=1; factors[i]; i++ ) /* the first one is q */ add_kbnode( sec_root, @@ -698,7 +698,7 @@ ask_passphrase( STRING2KEY **ret_s2k ) static int do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, - DEK *dek, STRING2KEY *s2k, PKT_secret_cert **skc, int valid_days, + DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, int valid_days, int v4_packet ) { int rc=0; @@ -711,9 +711,9 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, - skc, valid_days, v4_packet? 4:3 ); + sk, valid_days, v4_packet? 4:3 ); else if( algo == PUBKEY_ALGO_DSA ) - rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, skc, valid_days); + rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, valid_days); else BUG(); if( !rc ) { @@ -740,7 +740,7 @@ generate_keypair() char *uid = NULL; KBNODE pub_root = NULL; KBNODE sec_root = NULL; - PKT_secret_cert *skc = NULL; + PKT_secret_key *sk = NULL; DEK *dek; STRING2KEY *s2k; int rc; @@ -777,33 +777,33 @@ generate_keypair() /* we create the packets as a tree of kbnodes. Because the structure * we create is known in advance we simply generate a linked list * The first packet is a dummy comment packet which we flag - * as deleted. The very first packet must always be a CERT packet. + * as deleted. The very first packet must always be a KEY packet. */ pub_root = make_comment_node("#"); delete_kbnode(pub_root); sec_root = make_comment_node("#"); delete_kbnode(sec_root); if( both ) rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root, - dek, s2k, &skc, ndays, 1); + dek, s2k, &sk, ndays, 1); else rc = do_create( algo, nbits, pub_root, sec_root, - dek, s2k, &skc, ndays, v4); + dek, s2k, &sk, ndays, v4); if( !rc ) write_uid(pub_root, uid ); if( !rc ) write_uid(sec_root, uid ); if( !rc ) - rc = write_selfsig(pub_root, pub_root, skc); + rc = write_selfsig(pub_root, pub_root, sk); if( !rc ) - rc = write_selfsig(sec_root, pub_root, skc); + rc = write_selfsig(sec_root, pub_root, sk); if( both ) { rc = do_create( algo, nbits, pub_root, sec_root, dek, s2k, NULL, ndays, 1 ); if( !rc ) - rc = write_keybinding(pub_root, pub_root, skc); + rc = write_keybinding(pub_root, pub_root, sk); if( !rc ) - rc = write_keybinding(sec_root, pub_root, skc); + rc = write_keybinding(sec_root, pub_root, sk); } @@ -814,7 +814,6 @@ generate_keypair() int rc2 = -1; /* we can now write the certificates */ - if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) { if( add_keyblock_resource( pub_fname, 1, 0 ) ) { log_error("can add keyblock file '%s'\n", pub_fname ); @@ -868,8 +867,8 @@ generate_keypair() tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) ); release_kbnode( pub_root ); release_kbnode( sec_root ); - if( skc ) /* the unprotected secret certificate */ - free_secret_cert(skc); + if( sk ) /* the unprotected secret key */ + free_secret_key(sk); m_free(uid); m_free(dek); m_free(s2k); @@ -889,7 +888,7 @@ generate_subkeypair( const char *username ) KBNODE pub_keyblock = NULL; KBNODE sec_keyblock = NULL; KBNODE node; - PKT_secret_cert *skc = NULL; /* this is the primary skc */ + PKT_secret_key *sk = NULL; /* this is the primary sk */ u32 keyid[2]; int v4, algo, ndays; unsigned nbits; @@ -926,21 +925,21 @@ generate_subkeypair( const char *username ) } /* break out the primary key */ - node = find_kbnode( sec_keyblock, PKT_SECRET_CERT ); + node = find_kbnode( sec_keyblock, PKT_SECRET_KEY ); if( !node ) { log_error("Oops; secret key not found anymore!\n"); rc = G10ERR_GENERAL; goto leave; } - /* make a copy of the skc to keep the protected one in the keyblock */ - skc = copy_secret_cert( NULL, node->pkt->pkt.secret_cert ); - keyid_from_skc( skc, keyid ); + /* make a copy of the sk to keep the protected one in the keyblock */ + sk = copy_secret_key( NULL, node->pkt->pkt.secret_key ); + keyid_from_sk( sk, keyid ); /* display primary and all secondary keys */ tty_printf("sec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - keyid[1], datestr_from_skc(skc) ); + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + keyid[1], datestr_from_sk(sk) ); { size_t n; char *p = get_user_id( keyid, &n ); @@ -949,13 +948,13 @@ generate_subkeypair( const char *username ) tty_printf("\n"); } for(node=sec_keyblock; node; node = node->next ) { - if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { - PKT_secret_cert *subskc = node->pkt->pkt.secret_cert; - keyid_from_skc( subskc, keyid ); + if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *subsk = node->pkt->pkt.secret_key; + keyid_from_sk( subsk, keyid ); tty_printf("sub %4u%c/%08lX %s\n", - nbits_from_skc( subskc ), - pubkey_letter( subskc->pubkey_algo ), - keyid[1], datestr_from_skc(subskc) ); + nbits_from_sk( subsk ), + pubkey_letter( subsk->pubkey_algo ), + keyid[1], datestr_from_sk(subsk) ); } } tty_printf("\n"); @@ -963,7 +962,7 @@ generate_subkeypair( const char *username ) /* unprotect to get the passphrase */ - switch( is_secret_key_protected( skc ) ) { + switch( is_secret_key_protected( sk ) ) { case -1: rc = G10ERR_PUBKEY_ALGO; break; @@ -972,7 +971,7 @@ generate_subkeypair( const char *username ) break; default: tty_printf("Key is protected.\n"); - rc = check_secret_key( skc ); + rc = check_secret_key( sk ); if( !rc ) passphrase = get_last_passphrase(); break; @@ -997,9 +996,9 @@ generate_subkeypair( const char *username ) rc = do_create( algo, nbits, pub_keyblock, sec_keyblock, dek, s2k, NULL, ndays, v4 ); if( !rc ) - rc = write_keybinding(pub_keyblock, pub_keyblock, skc); + rc = write_keybinding(pub_keyblock, pub_keyblock, sk); if( !rc ) - rc = write_keybinding(sec_keyblock, pub_keyblock, skc); + rc = write_keybinding(sec_keyblock, pub_keyblock, sk); /* write back */ if( !rc ) { rc = update_keyblock( &pub_kbpos, pub_keyblock ); @@ -1021,8 +1020,8 @@ generate_subkeypair( const char *username ) m_free( passphrase ); m_free( dek ); m_free( s2k ); - if( skc ) /* release the copy of the (now unprotected) secret key */ - free_secret_cert(skc); + if( sk ) /* release the copy of the (now unprotected) secret key */ + free_secret_key(sk); release_kbnode( sec_keyblock ); release_kbnode( pub_keyblock ); set_next_passphrase( NULL ); diff --git a/g10/keyid.c b/g10/keyid.c index dc24904c7..499c8928d 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -49,7 +49,7 @@ pubkey_letter( int algo ) static MD_HANDLE -do_fingerprint_md( PKT_public_cert *pkc ) +do_fingerprint_md( PKT_public_key *pk ) { MD_HANDLE md; unsigned n; @@ -57,36 +57,36 @@ do_fingerprint_md( PKT_public_cert *pkc ) unsigned nn[PUBKEY_MAX_NPKEY]; byte *pp[PUBKEY_MAX_NPKEY]; int i; - int npkey = pubkey_get_npkey( pkc->pubkey_algo ); + int npkey = pubkey_get_npkey( pk->pubkey_algo ); - md = md_open( pkc->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0); - n = pkc->version < 4 ? 8 : 6; + md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0); + n = pk->version < 4 ? 8 : 6; for(i=0; i < npkey; i++ ) { - nb[i] = mpi_get_nbits(pkc->pkey[i]); - pp[i] = mpi_get_buffer( pkc->pkey[i], nn+i, NULL ); + nb[i] = mpi_get_nbits(pk->pkey[i]); + pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL ); n += 2 + nn[i]; } md_putc( md, 0x99 ); /* ctb */ md_putc( md, n >> 8 ); /* 2 byte length header */ md_putc( md, n ); - if( pkc->version < 4 ) + if( pk->version < 4 ) md_putc( md, 3 ); else md_putc( md, 4 ); - { u32 a = pkc->timestamp; + { u32 a = pk->timestamp; md_putc( md, a >> 24 ); md_putc( md, a >> 16 ); md_putc( md, a >> 8 ); md_putc( md, a ); } - if( pkc->version < 4 ) { - u16 a = pkc->valid_days; + if( pk->version < 4 ) { + u16 a = pk->valid_days; md_putc( md, a >> 8 ); md_putc( md, a ); } - md_putc( md, pkc->pubkey_algo ); + md_putc( md, pk->pubkey_algo ); for(i=0; i < npkey; i++ ) { md_putc( md, nb[i]>>8); md_putc( md, nb[i] ); @@ -99,29 +99,29 @@ do_fingerprint_md( PKT_public_cert *pkc ) } static MD_HANDLE -do_fingerprint_md_skc( PKT_secret_cert *skc ) +do_fingerprint_md_sk( PKT_secret_key *sk ) { - PKT_public_cert pkc; - int npkey = pubkey_get_npkey( skc->pubkey_algo ); /* npkey is correct! */ + PKT_public_key pk; + int npkey = pubkey_get_npkey( sk->pubkey_algo ); /* npkey is correct! */ int i; - pkc.pubkey_algo = skc->pubkey_algo; - pkc.version = skc->version; - pkc.timestamp = skc->timestamp; - pkc.valid_days = skc->valid_days; - pkc.pubkey_algo = skc->pubkey_algo; + pk.pubkey_algo = sk->pubkey_algo; + pk.version = sk->version; + pk.timestamp = sk->timestamp; + pk.valid_days = sk->valid_days; + pk.pubkey_algo = sk->pubkey_algo; for( i=0; i < npkey; i++ ) - pkc.pkey[i] = skc->skey[i]; - return do_fingerprint_md( &pkc ); + pk.pkey[i] = sk->skey[i]; + return do_fingerprint_md( &pk ); } /**************** - * Get the keyid from the secret key certificate and put it into keyid + * Get the keyid from the secret key and put it into keyid * if this is not NULL. Return the 32 low bits of the keyid. */ u32 -keyid_from_skc( PKT_secret_cert *skc, u32 *keyid ) +keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) { u32 lowbits; u32 dummy_keyid[2]; @@ -129,13 +129,13 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid ) if( !keyid ) keyid = dummy_keyid; - if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) { - lowbits = mpi_get_keyid( skc->skey[0], keyid ); /* take n */ + if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) { + lowbits = mpi_get_keyid( sk->skey[0], keyid ); /* take n */ } else { const byte *dp; MD_HANDLE md; - md = do_fingerprint_md_skc(skc); + md = do_fingerprint_md_sk(sk); dp = md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; @@ -148,11 +148,11 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid ) /**************** - * Get the keyid from the public key certificate and put it into keyid + * Get the keyid from the public key and put it into keyid * if this is not NULL. Return the 32 low bits of the keyid. */ u32 -keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid ) +keyid_from_pk( PKT_public_key *pk, u32 *keyid ) { u32 lowbits; u32 dummy_keyid[2]; @@ -160,13 +160,13 @@ keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid ) if( !keyid ) keyid = dummy_keyid; - if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) { - lowbits = mpi_get_keyid( pkc->pkey[0], keyid ); /* from n */ + if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { + lowbits = mpi_get_keyid( pk->pkey[0], keyid ); /* from n */ } else { const byte *dp; MD_HANDLE md; - md = do_fingerprint_md(pkc); + md = do_fingerprint_md(pk); dp = md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; @@ -189,34 +189,34 @@ keyid_from_sig( PKT_signature *sig, u32 *keyid ) } /**************** - * return the number of bits used in the pkc + * return the number of bits used in the pk */ unsigned -nbits_from_pkc( PKT_public_cert *pkc ) +nbits_from_pk( PKT_public_key *pk ) { - return pubkey_nbits( pkc->pubkey_algo, pkc->pkey ); + return pubkey_nbits( pk->pubkey_algo, pk->pkey ); } /**************** - * return the number of bits used in the skc + * return the number of bits used in the sk */ unsigned -nbits_from_skc( PKT_secret_cert *skc ) +nbits_from_sk( PKT_secret_key *sk ) { - return pubkey_nbits( skc->pubkey_algo, skc->skey ); + return pubkey_nbits( sk->pubkey_algo, sk->skey ); } /**************** - * return a string with the creation date of the pkc + * return a string with the creation date of the pk * Note: this is alloced in a static buffer. * Format is: yyyy-mm-dd */ const char * -datestr_from_pkc( PKT_public_cert *pkc ) +datestr_from_pk( PKT_public_key *pk ) { static char buffer[11+5]; struct tm *tp; - time_t atime = pkc->timestamp; + time_t atime = pk->timestamp; tp = gmtime( &atime ); sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); @@ -224,11 +224,11 @@ datestr_from_pkc( PKT_public_cert *pkc ) } const char * -datestr_from_skc( PKT_secret_cert *skc ) +datestr_from_sk( PKT_secret_key *sk ) { static char buffer[11+5]; struct tm *tp; - time_t atime = skc->timestamp; + time_t atime = sk->timestamp; tp = gmtime( &atime ); sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday ); @@ -249,30 +249,28 @@ datestr_from_sig( PKT_signature *sig ) /**************** . - * Return a byte array with the fingerprint for the given PKC/SKC + * Return a byte array with the fingerprint for the given PK/SK * The length of the array is returned in ret_len. Caller must free * the array. */ - - byte * -fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len ) +fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len ) { byte *p, *buf, *array; const char *dp; size_t len; unsigned n; - if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) { + if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { /* RSA in version 3 packets is special */ MD_HANDLE md; md = md_open( DIGEST_ALGO_MD5, 0); - p = buf = mpi_get_buffer( pkc->pkey[0], &n, NULL ); + p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL ); md_write( md, p, n ); m_free(buf); - p = buf = mpi_get_buffer( pkc->pkey[1], &n, NULL ); + p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL ); md_write( md, p, n ); m_free(buf); md_final(md); @@ -283,7 +281,7 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len ) } else { MD_HANDLE md; - md = do_fingerprint_md(pkc); + md = do_fingerprint_md(pk); dp = md_read( md, 0 ); len = md_digest_length( md_get_algo( md ) ); array = m_alloc( len ); @@ -296,22 +294,22 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len ) } byte * -fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len ) +fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len ) { byte *p, *buf, *array; const char *dp; size_t len; unsigned n; - if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) { + if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) { /* RSA in version 3 packets is special */ MD_HANDLE md; md = md_open( DIGEST_ALGO_MD5, 0); - p = buf = mpi_get_buffer( skc->skey[1], &n, NULL ); + p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); md_write( md, p, n ); m_free(buf); - p = buf = mpi_get_buffer( skc->skey[0], &n, NULL ); + p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); md_write( md, p, n ); m_free(buf); md_final(md); @@ -322,7 +320,7 @@ fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len ) } else { MD_HANDLE md; - md = do_fingerprint_md_skc(skc); + md = do_fingerprint_md_sk(sk); dp = md_read( md, 0 ); len = md_digest_length( md_get_algo( md ) ); array = m_alloc( len ); diff --git a/g10/keylist.c b/g10/keylist.c index b6e219723..f06b4989f 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -37,7 +37,7 @@ static void list_all(int); static void list_one(const char *name, int secret); -static void fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ); +static void fingerprint( PKT_public_key *pk, PKT_secret_key *sk ); /**************** @@ -99,8 +99,8 @@ list_one( const char *name, int secret ) KBNODE kbctx; KBNODE node; KBPOS kbpos; - PKT_public_cert *pkc; - PKT_secret_cert *skc; + PKT_public_key *pk; + PKT_secret_key *sk; u32 keyid[2]; int any=0; int trustletter = 0; @@ -122,54 +122,54 @@ list_one( const char *name, int secret ) /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, secret? PKT_SECRET_CERT : PKT_PUBLIC_CERT ); + node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY ); if( !node ) { log_error("Oops; key lost!\n"); goto leave; } if( secret ) { - pkc = NULL; - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, keyid ); + pk = NULL; + sk = node->pkt->pkt.secret_key; + keyid_from_sk( sk, keyid ); if( opt.with_colons ) printf("sec::%u:%d:%08lX%08lX:%s:%u:::", - nbits_from_skc( skc ), - skc->pubkey_algo, + nbits_from_sk( sk ), + sk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_skc( skc ), - (unsigned)skc->valid_days + datestr_from_sk( sk ), + (unsigned)sk->valid_days /* fixme: add LID here */ ); else - printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), + printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), (ulong)keyid[1], - datestr_from_skc( skc ) ); + datestr_from_sk( sk ) ); } else { - pkc = node->pkt->pkt.public_cert; - skc = NULL; - keyid_from_pkc( pkc, keyid ); + pk = node->pkt->pkt.public_key; + sk = NULL; + keyid_from_pk( pk, keyid ); if( opt.with_colons ) { - trustletter = query_trust_info( pkc ); + trustletter = query_trust_info( pk ); printf("pub:%c:%u:%d:%08lX%08lX:%s:%u:", trustletter, - nbits_from_pkc( pkc ), - pkc->pubkey_algo, + nbits_from_pk( pk ), + pk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_pkc( pkc ), - (unsigned)pkc->valid_days ); - if( pkc->local_id ) - printf("%lu", pkc->local_id ); + datestr_from_pk( pk ), + (unsigned)pk->valid_days ); + if( pk->local_id ) + printf("%lu", pk->local_id ); putchar(':'); /* fixme: add ownertrust here */ putchar(':'); } else - printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), + printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), (ulong)keyid[1], - datestr_from_pkc( pkc ) ); + datestr_from_pk( pk ) ); } for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { @@ -187,70 +187,70 @@ list_one( const char *name, int secret ) putchar('\n'); if( !any ) { if( opt.fingerprint ) - fingerprint( pkc, skc ); + fingerprint( pk, sk ); any = 1; } } - else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { u32 keyid2[2]; - PKT_public_cert *pkc2 = node->pkt->pkt.public_cert; + PKT_public_key *pk2 = node->pkt->pkt.public_key; if( !any ) { putchar('\n'); if( opt.fingerprint ) - fingerprint( pkc, skc ); /* of the main key */ + fingerprint( pk, sk ); /* of the main key */ any = 1; } - keyid_from_pkc( pkc2, keyid2 ); + keyid_from_pk( pk2, keyid2 ); if( opt.with_colons ) { printf("sub:%c:%u:%d:%08lX%08lX:%s:%u:", trustletter, - nbits_from_pkc( pkc2 ), - pkc2->pubkey_algo, + nbits_from_pk( pk2 ), + pk2->pubkey_algo, (ulong)keyid2[0],(ulong)keyid2[1], - datestr_from_pkc( pkc2 ), - (unsigned)pkc2->valid_days + datestr_from_pk( pk2 ), + (unsigned)pk2->valid_days /* fixme: add LID and ownertrust here */ ); - if( pkc->local_id ) /* use the local_id of the main key??? */ - printf("%lu", pkc->local_id ); + if( pk->local_id ) /* use the local_id of the main key??? */ + printf("%lu", pk->local_id ); putchar(':'); putchar(':'); putchar('\n'); } else - printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ), - pubkey_letter( pkc2->pubkey_algo ), + printf("sub %4u%c/%08lX %s\n", nbits_from_pk( pk2 ), + pubkey_letter( pk2->pubkey_algo ), (ulong)keyid2[1], - datestr_from_pkc( pkc2 ) ); + datestr_from_pk( pk2 ) ); } - else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { + else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { u32 keyid2[2]; - PKT_secret_cert *skc2 = node->pkt->pkt.secret_cert; + PKT_secret_key *sk2 = node->pkt->pkt.secret_key; if( !any ) { putchar('\n'); if( opt.fingerprint ) - fingerprint( pkc, skc ); /* of the main key */ + fingerprint( pk, sk ); /* of the main key */ any = 1; } - keyid_from_skc( skc2, keyid2 ); + keyid_from_sk( sk2, keyid2 ); if( opt.with_colons ) printf("ssb::%u:%d:%08lX%08lX:%s:%u:::\n", - nbits_from_skc( skc2 ), - skc2->pubkey_algo, + nbits_from_sk( sk2 ), + sk2->pubkey_algo, (ulong)keyid2[0],(ulong)keyid2[1], - datestr_from_skc( skc2 ), - (unsigned)skc2->valid_days + datestr_from_sk( sk2 ), + (unsigned)sk2->valid_days /* fixme: add LID */ ); else - printf("ssb %4u%c/%08lX %s\n", nbits_from_skc( skc2 ), - pubkey_letter( skc2->pubkey_algo ), + printf("ssb %4u%c/%08lX %s\n", nbits_from_sk( sk2 ), + pubkey_letter( sk2->pubkey_algo ), (ulong)keyid2[1], - datestr_from_skc( skc2 ) ); + datestr_from_sk( sk2 ) ); } else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) { PKT_signature *sig = node->pkt->pkt.signature; @@ -264,7 +264,7 @@ list_one( const char *name, int secret ) else putchar('\n'); if( opt.fingerprint ) - fingerprint( pkc, skc ); + fingerprint( pk, sk ); any=1; } @@ -334,13 +334,13 @@ list_one( const char *name, int secret ) } static void -fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ) +fingerprint( PKT_public_key *pk, PKT_secret_key *sk ) { byte *array, *p; size_t i, n; - p = array = pkc? fingerprint_from_pkc( pkc, &n ) - : fingerprint_from_skc( skc, &n ); + p = array = pk? fingerprint_from_pk( pk, &n ) + : fingerprint_from_sk( sk, &n ); if( opt.with_colons ) { printf("fpr:::::::::"); for(i=0; i < n ; i++, p++ ) diff --git a/g10/main.h b/g10/main.h index c50a07147..03150d37f 100644 --- a/g10/main.h +++ b/g10/main.h @@ -32,7 +32,7 @@ typedef struct { int header_okay; - PKC_LIST pkc_list; + PK_LIST pk_list; cipher_filter_context_t cfx; } encrypt_filter_context_t; @@ -61,7 +61,7 @@ int encrypt_filter( void *opaque, int control, /*-- sign.c --*/ -int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ); +int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ); int sign_file( STRLIST filenames, int detached, STRLIST locusr, int encrypt, STRLIST remusr, const char *outfile ); int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ); @@ -95,9 +95,11 @@ KBNODE make_comment_node( const char *s ); KBNODE make_mpi_comment_node( const char *s, MPI a ); /*-- import.c --*/ -int import_pubkeys( const char *filename ); +int import_keys( const char *filename ); /*-- export.c --*/ int export_pubkeys( STRLIST users ); +int export_seckeys( STRLIST users ); + /* dearmor.c --*/ int dearmor_file( const char *fname ); int enarmor_file( const char *fname ); diff --git a/g10/mainproc.c b/g10/mainproc.c index a69217a3a..f01380e00 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -44,8 +44,8 @@ */ typedef struct { - PKT_public_cert *last_pubkey; - PKT_secret_cert *last_seckey; + PKT_public_key *last_pubkey; + PKT_secret_key *last_seckey; PKT_user_id *last_user_id; md_filter_context_t mfx; int sigs_only; /* process only signatures and reject all other stuff */ @@ -353,8 +353,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig ) || sig->sig_class == 0x18 || sig->sig_class == 0x20 || sig->sig_class == 0x30 ) { /* classes 0x10..0x17,0x20,0x30 */ - if( c->list->pkt->pkttype == PKT_PUBLIC_CERT - || c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + if( c->list->pkt->pkttype == PKT_PUBLIC_KEY + || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { return check_key_signature( c->list, node, is_selfsig ); } else { @@ -388,13 +388,13 @@ print_userid( PACKET *pkt ) static void -print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc ) +print_fingerprint( PKT_public_key *pk, PKT_secret_key *sk ) { byte *array, *p; size_t i, n; - p = array = skc? fingerprint_from_skc( skc, &n ) - : fingerprint_from_pkc( pkc, &n ); + p = array = sk? fingerprint_from_sk( sk, &n ) + : fingerprint_from_pk( pk, &n ); if( opt.with_colons ) { printf("fpr:::::::::"); for(i=0; i < n ; i++, p++ ) @@ -435,25 +435,25 @@ list_node( CTX c, KBNODE node ) if( !node ) ; - else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) ) - || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { - PKT_public_cert *pkc = node->pkt->pkt.public_cert; + else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) ) + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { + PKT_public_key *pk = node->pkt->pkt.public_key; if( opt.with_colons ) { u32 keyid[2]; - keyid_from_pkc( pkc, keyid ); + keyid_from_pk( pk, keyid ); if( mainkey ) { - c->local_id = pkc->local_id; - c->trustletter = query_trust_info( pkc ); + c->local_id = pk->local_id; + c->trustletter = query_trust_info( pk ); } printf("%s:%c:%u:%d:%08lX%08lX:%s:%u:", mainkey? "pub":"sub", c->trustletter, - nbits_from_pkc( pkc ), - pkc->pubkey_algo, + nbits_from_pk( pk ), + pk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_pkc( pkc ), - (unsigned)pkc->valid_days ); + datestr_from_pk( pk ), + (unsigned)pk->valid_days ); if( c->local_id ) printf("%lu", c->local_id ); putchar(':'); @@ -463,10 +463,10 @@ list_node( CTX c, KBNODE node ) else printf("%s %4u%c/%08lX %s ", mainkey? "pub":"sub", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid_from_pkc( pkc, NULL ), - datestr_from_pkc( pkc ) ); + nbits_from_pk( pk ), + pubkey_letter( pk->pubkey_algo ), + (ulong)keyid_from_pk( pk, NULL ), + datestr_from_pk( pk ) ); if( mainkey ) { /* and now list all userids with their signatures */ for( node = node->next; node; node = node->next ) { @@ -492,10 +492,10 @@ list_node( CTX c, KBNODE node ) putchar(':'); putchar('\n'); if( opt.fingerprint && !any ) - print_fingerprint( pkc, NULL ); + print_fingerprint( pk, NULL ); any=1; } - else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) { + else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { if( !any ) { putchar('\n'); any = 1; @@ -507,29 +507,29 @@ list_node( CTX c, KBNODE node ) if( !any ) putchar('\n'); } - else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) ) - || node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { - PKT_secret_cert *skc = node->pkt->pkt.secret_cert; + else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) ) + || node->pkt->pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *sk = node->pkt->pkt.secret_key; if( opt.with_colons ) { u32 keyid[2]; - keyid_from_skc( skc, keyid ); + keyid_from_sk( sk, keyid ); printf("%s::%u:%d:%08lX%08lX:%s:%u:::", mainkey? "sec":"ssb", - nbits_from_skc( skc ), - skc->pubkey_algo, + nbits_from_sk( sk ), + sk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], - datestr_from_skc( skc ), - (unsigned)skc->valid_days + datestr_from_sk( sk ), + (unsigned)sk->valid_days /* fixme: add LID */ ); } else printf("%s %4u%c/%08lX %s ", mainkey? "sec":"ssb", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - (ulong)keyid_from_skc( skc, NULL ), - datestr_from_skc( skc ) ); + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + (ulong)keyid_from_sk( sk, NULL ), + datestr_from_sk( sk ) ); if( mainkey ) { /* and now list all userids with their signatures */ for( node = node->next; node; node = node->next ) { @@ -555,10 +555,10 @@ list_node( CTX c, KBNODE node ) putchar(':'); putchar('\n'); if( opt.fingerprint && !any ) - print_fingerprint( NULL, skc ); + print_fingerprint( NULL, sk ); any=1; } - else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) { + else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { if( !any ) { putchar('\n'); any = 1; @@ -597,12 +597,12 @@ list_node( CTX c, KBNODE node ) else { /* check whether this is a self signature */ u32 keyid[2]; - if( c->list->pkt->pkttype == PKT_PUBLIC_CERT - || c->list->pkt->pkttype == PKT_SECRET_CERT ) { - if( c->list->pkt->pkttype == PKT_PUBLIC_CERT ) - keyid_from_pkc( c->list->pkt->pkt.public_cert, keyid ); + if( c->list->pkt->pkttype == PKT_PUBLIC_KEY + || c->list->pkt->pkttype == PKT_SECRET_KEY ) { + if( c->list->pkt->pkttype == PKT_PUBLIC_KEY ) + keyid_from_pk( c->list->pkt->pkt.public_key, keyid ); else - keyid_from_skc( c->list->pkt->pkt.secret_cert, keyid ); + keyid_from_sk( c->list->pkt->pkt.secret_key, keyid ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) is_selfsig = 1; @@ -709,8 +709,8 @@ do_proc_packets( CTX c, IOBUF a ) } else if( c->sigs_only ) { switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: case PKT_USER_ID: case PKT_SYMKEY_ENC: case PKT_PUBKEY_ENC: @@ -726,8 +726,8 @@ do_proc_packets( CTX c, IOBUF a ) } else if( c->encrypt_only ) { switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: case PKT_USER_ID: rc = G10ERR_UNEXPECTED; goto leave; @@ -743,14 +743,14 @@ do_proc_packets( CTX c, IOBUF a ) } else { switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: release_list( c ); c->list = new_kbnode( pkt ); newpkt = 1; break; - case PKT_PUBKEY_SUBCERT: - case PKT_SECKEY_SUBCERT: + case PKT_PUBLIC_SUBKEY: + case PKT_SECRET_SUBKEY: newpkt = add_subkey( c, pkt ); break; case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break; @@ -850,10 +850,10 @@ proc_tree( CTX c, KBNODE node ) c->local_id = 0; c->trustletter = ' '; - if( node->pkt->pkttype == PKT_PUBLIC_CERT - || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) + if( node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) list_node( c, node ); - else if( node->pkt->pkttype == PKT_SECRET_CERT ) + else if( node->pkt->pkttype == PKT_SECRET_KEY ) list_node( c, node ); else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) { /* check all signatures */ diff --git a/g10/packet.h b/g10/packet.h index c928cf46d..b3a9d7507 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -33,16 +33,16 @@ typedef enum { PKT_SIGNATURE =2, /* secret key encrypted packet */ PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/ PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/ - PKT_SECRET_CERT =5, /* secret key certificate */ - PKT_PUBLIC_CERT =6, /* public key certificate */ - PKT_SECKEY_SUBCERT =7, /* secret subkey certificate (OpenPGP) */ + PKT_SECRET_KEY =5, /* secret key */ + PKT_PUBLIC_KEY =6, /* public key */ + PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */ PKT_COMPRESSED =8, /* compressed data packet */ PKT_ENCRYPTED =9, /* conventional encrypted data */ PKT_MARKER =10, /* marker packet (OpenPGP) */ PKT_PLAINTEXT =11, /* plaintext data with filename and mode */ PKT_RING_TRUST =12, /* keyring trust packet */ PKT_USER_ID =13, /* user id packet */ - PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */ + PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ PKT_COMMENT =61 /* new comment packet (private) */ } pkttype_t; @@ -104,17 +104,17 @@ typedef struct { * public keys by comparing the first npkey elements of pkey againts skey. */ typedef struct { - u32 timestamp; /* certificate made */ + u32 timestamp; /* key made */ u16 valid_days; /* valid for this number of days */ byte hdrbytes; /* number of header bytes */ byte version; byte pubkey_algo; /* algorithm used for public key scheme */ ulong local_id; /* internal use, valid if > 0 */ MPI pkey[PUBKEY_MAX_NPKEY]; -} PKT_public_cert; +} PKT_public_key; typedef struct { - u32 timestamp; /* certificate made */ + u32 timestamp; /* key made */ u16 valid_days; /* valid for this number of days */ byte hdrbytes; /* number of header bytes */ byte version; @@ -130,7 +130,7 @@ typedef struct { } protect; MPI skey[PUBKEY_MAX_NSKEY]; u16 csum; /* checksum */ -} PKT_secret_cert; +} PKT_secret_key; typedef struct { @@ -172,8 +172,8 @@ struct packet_struct { PKT_pubkey_enc *pubkey_enc; /* PKT_PUBKEY_ENC */ PKT_onepass_sig *onepass_sig; /* PKT_ONEPASS_SIG */ PKT_signature *signature; /* PKT_SIGNATURE */ - PKT_public_cert *public_cert; /* PKT_PUBLIC_CERT */ - PKT_secret_cert *secret_cert; /* PKT_SECRET_CERT */ + PKT_public_key *public_key; /* PKT_PUBLIC_[SUB)KEY */ + PKT_secret_key *secret_key; /* PKT_SECRET_[SUB]KEY */ PKT_comment *comment; /* PKT_COMMENT */ PKT_user_id *user_id; /* PKT_USER_ID */ PKT_compressed *compressed; /* PKT_COMPRESSED */ @@ -224,15 +224,17 @@ int list_packets( IOBUF a ); int set_packet_list_mode( int mode ); int search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos ); int parse_packet( IOBUF inp, PACKET *ret_pkt); +void parse_pubkey_warning( PACKET *pkt ); int copy_all_packets( IOBUF inp, IOBUF out ); int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff ); int skip_some_packets( IOBUF inp, unsigned n ); -const byte *parse_sig_subpkt( const byte *buffer, int reqtype, size_t *ret_n ); +const byte *parse_sig_subpkt( const byte *buffer, + sigsubpkttype_t reqtype, size_t *ret_n ); /*-- build-packet.c --*/ int build_packet( IOBUF inp, PACKET *pkt ); u32 calc_packet_length( PACKET *pkt ); -void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ); +void hash_public_key( MD_HANDLE md, PKT_public_key *pk ); void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, const byte *buffer, size_t buflen ); void build_sig_subpkt_from_sig( PKT_signature *sig ); @@ -242,17 +244,17 @@ void free_symkey_enc( PKT_symkey_enc *enc ); void free_pubkey_enc( PKT_pubkey_enc *enc ); void free_seckey_enc( PKT_signature *enc ); int digest_algo_from_sig( PKT_signature *sig ); -void release_public_cert_parts( PKT_public_cert *cert ); -void free_public_cert( PKT_public_cert *cert ); -void release_secret_cert_parts( PKT_secret_cert *cert ); -void free_secret_cert( PKT_secret_cert *cert ); +void release_public_key_parts( PKT_public_key *pk ); +void free_public_key( PKT_public_key *key ); +void release_secret_key_parts( PKT_secret_key *sk ); +void free_secret_key( PKT_secret_key *sk ); void free_user_id( PKT_user_id *uid ); void free_comment( PKT_comment *rem ); void free_packet( PACKET *pkt ); -PKT_public_cert *copy_public_cert( PKT_public_cert *d, PKT_public_cert *s ); -PKT_secret_cert *copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s ); -int cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b ); -int cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc ); +PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s ); +PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s ); +int cmp_public_keys( PKT_public_key *a, PKT_public_key *b ); +int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk ); int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ); @@ -260,9 +262,9 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b ); int signature_check( PKT_signature *sig, MD_HANDLE digest ); /*-- seckey-cert.c --*/ -int is_secret_key_protected( PKT_secret_cert *cert ); -int check_secret_key( PKT_secret_cert *cert ); -int protect_secret_key( PKT_secret_cert *cert, DEK *dek ); +int is_secret_key_protected( PKT_secret_key *sk ); +int check_secret_key( PKT_secret_key *sk ); +int protect_secret_key( PKT_secret_key *sk, DEK *dek ); /*-- pubkey-enc.c --*/ int get_session_key( PKT_pubkey_enc *k, DEK *dek ); @@ -283,9 +285,9 @@ int ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname ); int write_comment( IOBUF out, const char *s ); /*-- sign.c --*/ -int make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, - PKT_user_id *uid, PKT_public_cert *subpkc, - PKT_secret_cert *skc, +int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, + PKT_user_id *uid, PKT_public_key *subpk, + PKT_secret_key *sk, int sigclass, int digest_algo, int (*mksubpkt)(PKT_signature *, void *), void *opaque ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index bf26b7a39..153c4bcfa 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -51,7 +51,7 @@ static int parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, PKT_signature *sig ); static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen, PKT_onepass_sig *ops ); -static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, +static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen, byte *hdr, int hdrlen, PACKET *packet ); static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ); @@ -176,6 +176,38 @@ skip_some_packets( IOBUF inp, unsigned n ) return rc; } + +void +parse_pubkey_warning( PACKET *pkt ) +{ + static byte unknown_pubkey_algos[256]; + int unk=0, uns=0; + + if( pkt->pkttype == PKT_PUBLIC_KEY + || pkt->pkttype == PKT_PUBLIC_SUBKEY ) + unk = pkt->pkt.public_key->pubkey_algo & 0xff; + else if( pkt->pkttype == PKT_SECRET_KEY + || pkt->pkttype == PKT_SECRET_SUBKEY ) + unk = pkt->pkt.secret_key->pubkey_algo & 0xff; + else if( pkt->pkttype == PKT_SIGNATURE ) + uns = pkt->pkt.signature->pubkey_algo & 0xff; + + if( unk ) { + if( !(unknown_pubkey_algos[unk]&1) ) { + log_info("can't handle key " + "with public key algorithm %d\n", unk ); + unknown_pubkey_algos[unk] |= 1; + } + } + else if( uns ) { + if( !(unknown_pubkey_algos[unk]&2) ) { + log_info("can't handle signature " + "with public key algorithm %d\n", uns ); + unknown_pubkey_algos[unk] |= 2; + } + } +} + /**************** * Parse packet. Set the variable skip points to to 1 if the packet * should be skipped; this is the case if either there is a @@ -277,15 +309,15 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, pkt->pkttype = pkttype; rc = G10ERR_UNKNOWN_PACKET; /* default error */ switch( pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_PUBKEY_SUBCERT: - pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert ); - rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt ); + case PKT_PUBLIC_KEY: + case PKT_PUBLIC_SUBKEY: + pkt->pkt.public_key = m_alloc_clear(sizeof *pkt->pkt.public_key ); + rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt ); break; - case PKT_SECRET_CERT: - case PKT_SECKEY_SUBCERT: - pkt->pkt.secret_cert = m_alloc_clear(sizeof *pkt->pkt.secret_cert ); - rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt ); + case PKT_SECRET_KEY: + case PKT_SECRET_SUBKEY: + pkt->pkt.secret_key = m_alloc_clear(sizeof *pkt->pkt.secret_key ); + rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt ); break; case PKT_SYMKEY_ENC: rc = parse_symkeyenc( inp, pkttype, pktlen, pkt ); @@ -310,7 +342,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, break; case PKT_RING_TRUST: parse_trust(inp, pkttype, pktlen); - rc = 0; + rc = G10ERR_UNKNOWN_PACKET; break; case PKT_PLAINTEXT: rc = parse_plaintext(inp, pkttype, pktlen, pkt ); @@ -810,18 +842,19 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen, static int -parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, +parse_key( IOBUF inp, int pkttype, unsigned long pktlen, byte *hdr, int hdrlen, PACKET *pkt ) { int i, version, algorithm; unsigned n; unsigned long timestamp; unsigned short valid_period; + int npkey, nskey; int is_v4=0; int rc=0; version = iobuf_get_noeof(inp); pktlen--; - if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) { + if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) { /* early versions of G10 use old PGP comments packets; * luckily all those comments are started by a hash */ if( list_mode ) { @@ -861,343 +894,174 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen, if( list_mode ) printf(":%s key packet:\n" "\tversion %d, algo %d, created %lu, valid for %hu days\n", - pkttype == PKT_PUBLIC_CERT? "public" : - pkttype == PKT_SECRET_CERT? "secret" : - pkttype == PKT_PUBKEY_SUBCERT? "public sub" : - pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??", + pkttype == PKT_PUBLIC_KEY? "public" : + pkttype == PKT_SECRET_KEY? "secret" : + pkttype == PKT_PUBLIC_SUBKEY? "public sub" : + pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??", version, algorithm, timestamp, valid_period ); - if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT ) { - pkt->pkt.secret_cert->timestamp = timestamp; - pkt->pkt.secret_cert->valid_days = valid_period; - pkt->pkt.secret_cert->hdrbytes = hdrlen; - pkt->pkt.secret_cert->version = version; - pkt->pkt.secret_cert->pubkey_algo = algorithm; + + if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *sk = pkt->pkt.secret_key; + + sk->timestamp = timestamp; + sk->valid_days = valid_period; + sk->hdrbytes = hdrlen; + sk->version = version; + sk->pubkey_algo = algorithm; } else { - pkt->pkt.public_cert->timestamp = timestamp; - pkt->pkt.public_cert->valid_days = valid_period; - pkt->pkt.public_cert->hdrbytes = hdrlen; - pkt->pkt.public_cert->version = version; - pkt->pkt.public_cert->pubkey_algo = algorithm; - } + PKT_public_key *pk = pkt->pkt.public_key; - if( is_ELGAMAL(algorithm) ) { - MPI elg_p, elg_g, elg_y; - n = pktlen; elg_p = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; elg_g = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; elg_y = mpi_read(inp, &n, 0 ); pktlen -=n; - if( list_mode ) { - printf( "\telg p: "); - mpi_print(stdout, elg_p, mpi_print_mode ); - printf("\n\telg g: "); - mpi_print(stdout, elg_g, mpi_print_mode ); - printf("\n\telg y: "); - mpi_print(stdout, elg_y, mpi_print_mode ); - putchar('\n'); - } - if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { - pkt->pkt.public_cert->pkey[0] = elg_p; - pkt->pkt.public_cert->pkey[1] = elg_g; - pkt->pkt.public_cert->pkey[2] = elg_y; - } - else { - PKT_secret_cert *cert = pkt->pkt.secret_cert; - byte temp[8]; - - pkt->pkt.secret_cert->skey[0] = elg_p; - pkt->pkt.secret_cert->skey[1] = elg_g; - pkt->pkt.secret_cert->skey[2] = elg_y; - cert->protect.algo = iobuf_get_noeof(inp); pktlen--; - if( cert->protect.algo ) { - cert->is_protected = 1; - cert->protect.s2k.count = 0; - if( cert->protect.algo == 255 ) { - if( pktlen < 3 ) { - rc = G10ERR_INVALID_PACKET; - goto leave; - } - cert->protect.algo = iobuf_get_noeof(inp); pktlen--; - cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; - cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; - switch( cert->protect.s2k.mode ) { - case 1: - case 4: - for(i=0; i < 8 && pktlen; i++, pktlen-- ) - temp[i] = iobuf_get_noeof(inp); - memcpy(cert->protect.s2k.salt, temp, 8 ); - break; - } - switch( cert->protect.s2k.mode ) { - case 0: if( list_mode ) printf( "\tsimple S2K" ); - break; - case 1: if( list_mode ) printf( "\tsalted S2K" ); - break; - case 4: if( list_mode ) printf( "\titer+salt S2K" ); - break; - default: - if( list_mode ) - printf( "\tunknown S2K %d\n", - cert->protect.s2k.mode ); - rc = G10ERR_INVALID_PACKET; - goto leave; - } + pk->timestamp = timestamp; + pk->valid_days = valid_period; + pk->hdrbytes = hdrlen; + pk->version = version; + pk->pubkey_algo = algorithm; + } + nskey = pubkey_get_nskey( algorithm ); + npkey = pubkey_get_npkey( algorithm ); + if( !npkey ) { + if( list_mode ) + printf("\tunknown algorithm %d\n", algorithm ); + rc = G10ERR_PUBKEY_ALGO; + goto leave; + } - if( list_mode ) { - printf(", algo: %d, hash: %d", - cert->protect.algo, - cert->protect.s2k.hash_algo ); - if( cert->protect.s2k.mode == 1 - || cert->protect.s2k.mode == 4 ) { - printf(", salt: "); - for(i=0; i < 8; i++ ) - printf("%02x", cert->protect.s2k.salt[i]); - } - putchar('\n'); - } - if( cert->protect.s2k.mode == 4 ) { - if( pktlen < 4 ) { - rc = G10ERR_INVALID_PACKET; - goto leave; - } - cert->protect.s2k.count = read_32(inp); - pktlen -= 4; - } + if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) { + PKT_secret_key *sk = pkt->pkt.secret_key; + byte temp[8]; + for(i=0; i < npkey; i++ ) { + n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + if( list_mode ) { + printf( "\tskey[%d]: ", i); + mpi_print(stdout, sk->skey[i], mpi_print_mode ); + putchar('\n'); + } + } + sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + if( sk->protect.algo ) { + sk->is_protected = 1; + sk->protect.s2k.count = 0; + if( sk->protect.algo == 255 ) { + if( pktlen < 3 ) { + rc = G10ERR_INVALID_PACKET; + goto leave; } - else { - /* old version, we don't have a S2K, so we fake one */ - cert->protect.s2k.mode = 0; - /* We need this kludge to cope with old GNUPG versions */ - cert->protect.s2k.hash_algo = - cert->protect.algo == CIPHER_ALGO_BLOWFISH160? - DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5; - if( list_mode ) - printf( "\tprotect algo: %d (hash algo: %d)\n", - cert->protect.algo, cert->protect.s2k.hash_algo ); + sk->protect.algo = iobuf_get_noeof(inp); pktlen--; + sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; + sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; + switch( sk->protect.s2k.mode ) { + case 1: + case 4: + for(i=0; i < 8 && pktlen; i++, pktlen-- ) + temp[i] = iobuf_get_noeof(inp); + memcpy(sk->protect.s2k.salt, temp, 8 ); + break; } - if( pktlen < 8 ) { + switch( sk->protect.s2k.mode ) { + case 0: if( list_mode ) printf( "\tsimple S2K" ); + break; + case 1: if( list_mode ) printf( "\tsalted S2K" ); + break; + case 4: if( list_mode ) printf( "\titer+salt S2K" ); + break; + default: + if( list_mode ) + printf( "\tunknown S2K %d\n", + sk->protect.s2k.mode ); rc = G10ERR_INVALID_PACKET; goto leave; } - for(i=0; i < 8 && pktlen; i++, pktlen-- ) - temp[i] = iobuf_get_noeof(inp); + if( list_mode ) { - printf( "\tprotect IV: "); - for(i=0; i < 8; i++ ) - printf(" %02x", temp[i] ); + printf(", algo: %d, hash: %d", + sk->protect.algo, + sk->protect.s2k.hash_algo ); + if( sk->protect.s2k.mode == 1 + || sk->protect.s2k.mode == 4 ) { + printf(", salt: "); + for(i=0; i < 8; i++ ) + printf("%02x", sk->protect.s2k.salt[i]); + } putchar('\n'); } - memcpy(cert->protect.iv, temp, 8 ); - } - else - cert->is_protected = 0; - /* It does not make sense to read it into secure memory. - * If the user is so careless, not to protect his secret key, - * we can assume, that he operates an open system :=(. - * So we put the key into secure memory when we unprotect it. */ - n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n; - if( cert->is_protected ) - mpi_set_protect_flag(cert->skey[3]); - - cert->csum = read_16(inp); pktlen -= 2; - if( list_mode ) { - printf("\t[secret value x is not shown]\n" - "\tchecksum: %04hx\n", cert->csum); - } - } - } - else if( algorithm == PUBKEY_ALGO_DSA ) { - MPI dsa_p, dsa_q, dsa_g, dsa_y; - n = pktlen; dsa_p = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; dsa_q = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; dsa_g = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; dsa_y = mpi_read(inp, &n, 0 ); pktlen -=n; - if( list_mode ) { - printf( "\tdsa p: "); - mpi_print(stdout, dsa_p, mpi_print_mode ); - printf("\n\tdsa q: "); - mpi_print(stdout, dsa_q, mpi_print_mode ); - printf("\n\tdsa g: "); - mpi_print(stdout, dsa_g, mpi_print_mode ); - printf("\n\tdsa y: "); - mpi_print(stdout, dsa_y, mpi_print_mode ); - putchar('\n'); - } - if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { - pkt->pkt.public_cert->pkey[0] = dsa_p; - pkt->pkt.public_cert->pkey[1] = dsa_q; - pkt->pkt.public_cert->pkey[2] = dsa_g; - pkt->pkt.public_cert->pkey[3] = dsa_y; - } - else { - PKT_secret_cert *cert = pkt->pkt.secret_cert; - byte temp[8]; - - pkt->pkt.secret_cert->skey[0] = dsa_p; - pkt->pkt.secret_cert->skey[1] = dsa_q; - pkt->pkt.secret_cert->skey[2] = dsa_g; - pkt->pkt.secret_cert->skey[3] = dsa_y; - cert->protect.algo = iobuf_get_noeof(inp); pktlen--; - if( cert->protect.algo ) { - cert->is_protected = 1; - cert->protect.s2k.count = 0; - if( cert->protect.algo == 255 ) { - if( pktlen < 3 ) { - rc = G10ERR_INVALID_PACKET; - goto leave; - } - cert->protect.algo = iobuf_get_noeof(inp); pktlen--; - cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--; - cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--; - switch( cert->protect.s2k.mode ) { - case 1: - case 4: - for(i=0; i < 8 && pktlen; i++, pktlen-- ) - temp[i] = iobuf_get_noeof(inp); - memcpy(cert->protect.s2k.salt, temp, 8 ); - break; - } - switch( cert->protect.s2k.mode ) { - case 0: if( list_mode ) printf( "\tsimple S2K" ); - break; - case 1: if( list_mode ) printf( "\tsalted S2K" ); - break; - case 4: if( list_mode ) printf( "\titer+salt S2K" ); - break; - default: - if( list_mode ) - printf( "\tunknown S2K %d\n", - cert->protect.s2k.mode ); + + if( sk->protect.s2k.mode == 4 ) { + if( pktlen < 4 ) { rc = G10ERR_INVALID_PACKET; goto leave; } - - if( list_mode ) { - printf(", algo: %d, hash: %d", - cert->protect.algo, - cert->protect.s2k.hash_algo ); - if( cert->protect.s2k.mode == 1 - || cert->protect.s2k.mode == 4 ){ - printf(", salt: "); - for(i=0; i < 8; i++ ) - printf("%02x", cert->protect.s2k.salt[i]); - } - putchar('\n'); - } - - if( cert->protect.s2k.mode == 4 ) { - if( pktlen < 4 ) { - rc = G10ERR_INVALID_PACKET; - goto leave; - } - cert->protect.s2k.count = read_32(inp); - pktlen -= 4; - } - + sk->protect.s2k.count = read_32(inp); + pktlen -= 4; } + + } + else { /* old version; no S2K, so we set mode to 0, hash MD5 */ + sk->protect.s2k.mode = 0; + /* We need a kludge to cope with old GNUPG versions */ + sk->protect.s2k.hash_algo = + ( sk->protect.algo == CIPHER_ALGO_BLOWFISH160 + && algorithm == PUBKEY_ALGO_ELGAMAL_E ) ? + DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5; + if( list_mode ) + printf( "\tprotect algo: %d (hash algo: %d)\n", + sk->protect.algo, sk->protect.s2k.hash_algo ); + } + if( pktlen < 8 ) { + rc = G10ERR_INVALID_PACKET; + goto leave; + } + for(i=0; i < 8 && pktlen; i++, pktlen-- ) + temp[i] = iobuf_get_noeof(inp); + if( list_mode ) { + printf( "\tprotect IV: "); + for(i=0; i < 8; i++ ) + printf(" %02x", temp[i] ); + putchar('\n'); + } + memcpy(sk->protect.iv, temp, 8 ); + } + else + sk->is_protected = 0; + /* It does not make sense to read it into secure memory. + * If the user is so careless, not to protect his secret key, + * we can assume, that he operates an open system :=(. + * So we put the key into secure memory when we unprotect it. */ + + for(i=npkey; i < nskey; i++ ) { + n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; + if( sk->is_protected ) + mpi_set_protect_flag(sk->skey[i]); + if( list_mode ) { + printf( "\tskey[%d]: ", i); + if( sk->is_protected ) + printf( "[encrypted]\n"); else { - if( list_mode ) - printf( "\tprotect algo: %d\n", cert->protect.algo); - /* old version, we don't have a S2K, so we fake one */ - cert->protect.s2k.mode = 0; - cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5; - } - if( pktlen < 8 ) { - rc = G10ERR_INVALID_PACKET; - goto leave; - } - for(i=0; i < 8 && pktlen; i++, pktlen-- ) - temp[i] = iobuf_get_noeof(inp); - if( list_mode ) { - printf( "\tprotect IV: "); - for(i=0; i < 8; i++ ) - printf(" %02x", temp[i] ); + mpi_print(stdout, sk->skey[i], mpi_print_mode ); putchar('\n'); } - memcpy(cert->protect.iv, temp, 8 ); - } - else - cert->is_protected = 0; - /* It does not make sense to read it into secure memory. - * If the user is so careless, not to protect his secret key, - * we can assume, that he operates an open system :=(. - * So we put the key into secure memory when we unprotect it. */ - n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n; - if( cert->is_protected ) - mpi_set_protect_flag(cert->skey[4]); - - cert->csum = read_16(inp); pktlen -= 2; - if( list_mode ) { - printf("\t[secret value x is not shown]\n" - "\tchecksum: %04hx\n", cert->csum); } } - } - else if( is_RSA(algorithm) ) { - MPI rsa_pub_mod, rsa_pub_exp; - n = pktlen; rsa_pub_mod = mpi_read(inp, &n, 0); pktlen -=n; - n = pktlen; rsa_pub_exp = mpi_read(inp, &n, 0 ); pktlen -=n; + sk->csum = read_16(inp); pktlen -= 2; if( list_mode ) { - printf( "\tpublic modulus n: "); - mpi_print(stdout, rsa_pub_mod, mpi_print_mode ); - printf("\n\tpublic exponent e: "); - mpi_print(stdout, rsa_pub_exp, mpi_print_mode ); - putchar('\n'); + printf("\tchecksum: %04hx\n", sk->csum); } - if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) { - pkt->pkt.public_cert->pkey[0] = rsa_pub_mod; - pkt->pkt.public_cert->pkey[1] = rsa_pub_exp; - } - else { - PKT_secret_cert *cert = pkt->pkt.secret_cert; - byte temp[8]; - - pkt->pkt.secret_cert->skey[0] = rsa_pub_mod; - pkt->pkt.secret_cert->skey[1] = rsa_pub_exp; - cert->protect.algo = iobuf_get_noeof(inp); pktlen--; - if( list_mode ) - printf( "\tprotect algo: %d\n", cert->protect.algo); - if( cert->protect.algo ) { - cert->is_protected = 1; - for(i=0; i < 8 && pktlen; i++, pktlen-- ) - temp[i] = iobuf_get_noeof(inp); - if( list_mode ) { - printf( "\tprotect IV: "); - for(i=0; i < 8; i++ ) - printf(" %02x", temp[i] ); - putchar('\n'); - } - memcpy(cert->protect.iv, temp, 8 ); - /* old version, we don't have a S2K, so we fake one */ - cert->protect.s2k.mode = 0; - cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5; - } - else - cert->is_protected = 0; - /* (See comments at the code for elg keys) */ - n = pktlen; cert->skey[2] = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n; - n = pktlen; cert->skey[5] = mpi_read(inp, &n, 0 ); pktlen -=n; - if( cert->is_protected ) { - mpi_set_protect_flag(cert->skey[2]); - mpi_set_protect_flag(cert->skey[3]); - mpi_set_protect_flag(cert->skey[4]); - mpi_set_protect_flag(cert->skey[5]); - } + } + else { + PKT_public_key *pk = pkt->pkt.public_key; - cert->csum = read_16(inp); pktlen -= 2; + for(i=0; i < npkey; i++ ) { + n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n; if( list_mode ) { - printf("\t[secret values d,p,q,u are not shown]\n" - "\tchecksum: %04hx\n", cert->csum); + printf( "\tpkey[%d]: ", i); + mpi_print(stdout, pk->pkey[i], mpi_print_mode ); + putchar('\n'); } } } - else if( list_mode ) - printf("\tunknown algorithm %d\n", algorithm ); - leave: skip_rest(inp, pktlen); diff --git a/g10/passphrase.c b/g10/passphrase.c index 8005ffd9f..ad8ca7681 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -109,7 +109,7 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) } if( keyid && !opt.batch && !next_pw ) { - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); size_t n; char *p; @@ -120,14 +120,14 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode ) m_free(p); tty_printf("\"\n"); - if( !get_pubkey( pkc, keyid ) ) { - const char *s = pubkey_algo_to_string( pkc->pubkey_algo ); + if( !get_pubkey( pk, keyid ) ) { + const char *s = pubkey_algo_to_string( pk->pubkey_algo ); tty_printf( _("(%u-bit %s key, ID %08lX, created %s)\n"), - nbits_from_pkc( pkc ), s?s:"?", (ulong)keyid[1], - strtimestamp(pkc->timestamp) ); + nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1], + strtimestamp(pk->timestamp) ); } tty_printf("\n"); - free_public_cert( pkc ); + free_public_key( pk ); } if( next_pw ) { pw = next_pw; diff --git a/g10/pkclist.c b/g10/pkclist.c index bbab2235b..3babb2997 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -45,7 +45,7 @@ query_ownertrust( ulong lid ) int rc; size_t n; u32 keyid[2]; - PKT_public_cert *pkc ; + PKT_public_key *pk ; int changed=0; rc = keyid_from_trustdb( lid, keyid ); @@ -54,8 +54,8 @@ query_ownertrust( ulong lid ) return 0; } - pkc = m_alloc_clear( sizeof *pkc ); - rc = get_pubkey( pkc, keyid ); + pk = m_alloc_clear( sizeof *pk ); + rc = get_pubkey( pk, keyid ); if( rc ) { log_error("keyid %08lX: pubkey not found: %s\n", (ulong)keyid[1], g10_errstr(rc) ); @@ -64,8 +64,8 @@ query_ownertrust( ulong lid ) tty_printf(_("No ownertrust defined for %lu:\n" "%4u%c/%08lX %s \""), lid, - nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid[1], datestr_from_pkc( pkc ) ); + nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ), + (ulong)keyid[1], datestr_from_pk( pk ) ); p = get_user_id( keyid, &n ); tty_print_string( p, n ), m_free(p); @@ -110,7 +110,7 @@ query_ownertrust( ulong lid ) m_free(p); p = NULL; } m_free(p); - m_free(pkc); + m_free(pk); return changed; } @@ -120,7 +120,7 @@ query_ownertrust( ulong lid ) * Returns: -1 if no ownertrust were added. */ static int -add_ownertrust( PKT_public_cert *pkc ) +add_ownertrust( PKT_public_key *pk ) { int rc; void *context = NULL; @@ -132,13 +132,13 @@ add_ownertrust( PKT_public_cert *pkc ) _("Could not find a valid trust path to the key. Let's see whether we\n" "can assign some missing owner trust values.\n\n")); - rc = query_trust_record( pkc ); + rc = query_trust_record( pk ); if( rc ) { log_error("Ooops: not in trustdb\n"); return -1; } - lid = pkc->local_id; + lid = pk->local_id; while( !(rc=enum_trust_web( &context, &lid )) ) { rc = get_ownertrust( lid, &trust ); if( rc ) @@ -160,11 +160,11 @@ _("Could not find a valid trust path to the key. Let's see whether we\n" } /**************** - * Check whether we can trust this pkc which has a trustlevel of TRUSTLEVEL + * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL * Returns: true if we trust. */ static int -do_we_trust( PKT_public_cert *pkc, int trustlevel ) +do_we_trust( PKT_public_key *pk, int trustlevel ) { int rc; @@ -187,19 +187,19 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) switch( (trustlevel & TRUST_MASK) ) { case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */ - rc = insert_trust_record( pkc ); + rc = insert_trust_record( pk ); if( rc ) { log_error("failed to insert it into the trustdb: %s\n", g10_errstr(rc) ); return 0; /* no */ } - rc = check_trust( pkc, &trustlevel ); + rc = check_trust( pk, &trustlevel ); if( rc ) log_fatal("trust check after insert failed: %s\n", g10_errstr(rc) ); if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED ) BUG(); - return do_we_trust( pkc, trustlevel ); + return do_we_trust( pk, trustlevel ); case TRUST_EXPIRED: log_info("key has expired\n"); @@ -209,14 +209,14 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) if( opt.batch || opt.answer_no ) log_info("no info to calculate a trust probability\n"); else { - rc = add_ownertrust( pkc ); + rc = add_ownertrust( pk ); if( !rc ) { - rc = check_trust( pkc, &trustlevel ); + rc = check_trust( pk, &trustlevel ); if( rc ) log_fatal("trust check after add_ownertrust failed: %s\n", g10_errstr(rc) ); /* fixme: this is recursive; we should unroll it */ - return do_we_trust( pkc, trustlevel ); + return do_we_trust( pk, trustlevel ); } } return 0; @@ -256,9 +256,9 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel ) * key anyway. */ static int -do_we_trust_pre( PKT_public_cert *pkc, int trustlevel ) +do_we_trust_pre( PKT_public_key *pk, int trustlevel ) { - int rc = do_we_trust( pkc, trustlevel ); + int rc = do_we_trust( pk, trustlevel ); if( !opt.batch && !rc ) { char *answer; @@ -283,22 +283,22 @@ do_we_trust_pre( PKT_public_cert *pkc, int trustlevel ) void -release_pkc_list( PKC_LIST pkc_list ) +release_pk_list( PK_LIST pk_list ) { - PKC_LIST pkc_rover; + PK_LIST pk_rover; - for( ; pkc_list; pkc_list = pkc_rover ) { - pkc_rover = pkc_list->next; - free_public_cert( pkc_list->pkc ); - m_free( pkc_list ); + for( ; pk_list; pk_list = pk_rover ) { + pk_rover = pk_list->next; + free_public_key( pk_list->pk ); + m_free( pk_list ); } } int -build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage ) +build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage ) { - PKC_LIST pkc_list = NULL; - PKT_public_cert *pkc=NULL; + PK_LIST pk_list = NULL; + PKT_public_key *pk=NULL; int rc=0; if( !remusr && !opt.batch ) { /* ask */ @@ -314,86 +314,86 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage ) tty_kill_prompt(); if( !*answer ) break; - if( pkc ) - free_public_cert( pkc ); - pkc = m_alloc_clear( sizeof *pkc ); - rc = get_pubkey_byname( pkc, answer ); + if( pk ) + free_public_key( pk ); + pk = m_alloc_clear( sizeof *pk ); + rc = get_pubkey_byname( pk, answer ); if( rc ) tty_printf("No such user ID.\n"); - else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage)) ) { + else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) { int trustlevel; - rc = check_trust( pkc, &trustlevel ); + rc = check_trust( pk, &trustlevel ); if( rc ) { - log_error("error checking pkc of '%s': %s\n", + log_error("error checking pk of '%s': %s\n", answer, g10_errstr(rc) ); } - else if( do_we_trust_pre( pkc, trustlevel ) ) { - PKC_LIST r; + else if( do_we_trust_pre( pk, trustlevel ) ) { + PK_LIST r; r = m_alloc( sizeof *r ); - r->pkc = pkc; pkc = NULL; - r->next = pkc_list; + r->pk = pk; pk = NULL; + r->next = pk_list; r->mark = 0; - pkc_list = r; + pk_list = r; break; } } } m_free(answer); - if( pkc ) { - free_public_cert( pkc ); - pkc = NULL; + if( pk ) { + free_public_key( pk ); + pk = NULL; } } else { for(; remusr; remusr = remusr->next ) { - pkc = m_alloc_clear( sizeof *pkc ); - if( (rc = get_pubkey_byname( pkc, remusr->d )) ) { - free_public_cert( pkc ); pkc = NULL; + pk = m_alloc_clear( sizeof *pk ); + if( (rc = get_pubkey_byname( pk, remusr->d )) ) { + free_public_key( pk ); pk = NULL; log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage )) ) { + else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) { int trustlevel; - rc = check_trust( pkc, &trustlevel ); + rc = check_trust( pk, &trustlevel ); if( rc ) { - free_public_cert( pkc ); pkc = NULL; - log_error("error checking pkc of '%s': %s\n", + free_public_key( pk ); pk = NULL; + log_error("error checking pk of '%s': %s\n", remusr->d, g10_errstr(rc) ); } - else if( do_we_trust_pre( pkc, trustlevel ) ) { + else if( do_we_trust_pre( pk, trustlevel ) ) { /* note: do_we_trust may have changed the trustlevel */ - PKC_LIST r; + PK_LIST r; r = m_alloc( sizeof *r ); - r->pkc = pkc; pkc = NULL; - r->next = pkc_list; + r->pk = pk; pk = NULL; + r->next = pk_list; r->mark = 0; - pkc_list = r; + pk_list = r; } - else { /* we don't trust this pkc */ - free_public_cert( pkc ); pkc = NULL; + else { /* we don't trust this pk */ + free_public_key( pk ); pk = NULL; } } else { - free_public_cert( pkc ); pkc = NULL; + free_public_key( pk ); pk = NULL; log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); } } } - if( !rc && !pkc_list ) { + if( !rc && !pk_list ) { log_error("no valid addressees\n"); rc = G10ERR_NO_USER_ID; } if( rc ) - release_pkc_list( pkc_list ); + release_pk_list( pk_list ); else - *ret_pkc_list = pkc_list; + *ret_pk_list = pk_list; return rc; } diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index ade155545..90cd26036 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -44,7 +44,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) byte *frame = NULL; unsigned n, nframe; u16 csum, csum2; - PKT_secret_cert *skc = m_alloc_clear( sizeof *skc ); + PKT_secret_key *sk = m_alloc_clear( sizeof *sk ); if( is_RSA(k->pubkey_algo) ) /* warn about that */ write_status(STATUS_RSA_OR_IDEA); @@ -52,14 +52,14 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) if( rc ) goto leave; - skc->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/ - if( (rc = get_seckey( skc, k->keyid )) ) + sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/ + if( (rc = get_seckey( sk, k->keyid )) ) goto leave; - rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, skc->skey ); + rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, sk->skey ); if( rc ) goto leave; - free_secret_cert( skc ); skc = NULL; + free_secret_key( sk ); sk = NULL; frame = mpi_get_buffer( plain_dek, &nframe, NULL ); mpi_free( plain_dek ); plain_dek = NULL; @@ -128,8 +128,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) leave: mpi_free(plain_dek); m_free(frame); - if( skc ) - free_secret_cert( skc ); + if( sk ) + free_secret_key( sk ); return rc; } diff --git a/g10/revoke.c b/g10/revoke.c index 4819d91c2..948da6361 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -45,10 +45,10 @@ gen_revoke( const char *uname ) armor_filter_context_t afx; compress_filter_context_t zfx; PACKET pkt; - PKT_secret_cert *skc; /* used as pointer into a kbnode */ - PKT_public_cert *pkc = NULL; + PKT_secret_key *sk; /* used as pointer into a kbnode */ + PKT_public_key *pk = NULL; PKT_signature *sig = NULL; - u32 skc_keyid[2]; + u32 sk_keyid[2]; IOBUF out = NULL; KBNODE keyblock = NULL; KBNODE node; @@ -82,7 +82,7 @@ gen_revoke( const char *uname ) } /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_SECRET_CERT ); + node = find_kbnode( keyblock, PKT_SECRET_KEY ); if( !node ) { /* maybe better to use log_bug ? */ log_error("Oops; secret key not found anymore!\n"); rc = G10ERR_GENERAL; @@ -91,27 +91,26 @@ gen_revoke( const char *uname ) /* fixme: should make a function out of this stuff, * it's used all over the source */ - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, skc_keyid ); + sk = node->pkt->pkt.secret_key; + keyid_from_sk( sk, sk_keyid ); tty_printf("\nsec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - skc_keyid[1], datestr_from_skc(skc) ); + nbits_from_sk( sk ), + pubkey_letter( sk->pubkey_algo ), + sk_keyid[1], datestr_from_sk(sk) ); { size_t n; - char *p = get_user_id( skc_keyid, &n ); + char *p = get_user_id( sk_keyid, &n ); tty_print_string( p, n ); m_free(p); tty_printf("\n"); } - /* the the pkc */ - pkc = m_alloc_clear( sizeof *pkc ); - rc = get_pubkey( pkc, skc_keyid ); + pk = m_alloc_clear( sizeof *pk ); + rc = get_pubkey( pk, sk_keyid ); if( rc ) { log_error("no corresponding public key: %s\n", g10_errstr(rc) ); goto leave; } - if( cmp_public_secret_cert( pkc, skc ) ) { + if( cmp_public_secret_key( pk, sk ) ) { log_error("public key does not match secret key!\n" ); rc = G10ERR_GENERAL; goto leave; @@ -127,7 +126,7 @@ gen_revoke( const char *uname ) goto leave; } - switch( is_secret_key_protected( skc ) ) { + switch( is_secret_key_protected( sk ) ) { case -1: log_error("unknown protection algorithm\n"); rc = G10ERR_PUBKEY_ALGO; @@ -136,7 +135,7 @@ gen_revoke( const char *uname ) tty_printf("Warning: This key is not protected!\n"); break; default: - rc = check_secret_key( skc ); + rc = check_secret_key( sk ); break; } if( rc ) @@ -159,7 +158,7 @@ gen_revoke( const char *uname ) /* create it */ - rc = make_keysig_packet( &sig, pkc, NULL, NULL, skc, 0x20, 0, NULL, NULL); + rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, NULL, NULL); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc)); goto leave; @@ -185,8 +184,8 @@ gen_revoke( const char *uname ) leave: - if( pkc ) - free_public_cert( pkc ); + if( pk ) + free_public_key( pk ); if( sig ) free_seckey_enc( sig ); release_kbnode( keyblock ); diff --git a/g10/ringedit.c b/g10/ringedit.c index a281d8bab..42509759e 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -69,7 +69,6 @@ typedef struct resource_table_struct RESTBL; #define MAX_RESOURCES 10 static RESTBL resource_table[MAX_RESOURCES]; - static int search( PACKET *pkt, KBPOS *kbpos, int secret ); @@ -92,7 +91,6 @@ check_pos( KBPOS *kbpos ) } - /**************************************************************** ****************** public functions **************************** ****************************************************************/ @@ -168,7 +166,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos ) * Search a keyblock which starts with the given packet and puts all * information into KBPOS, which can be used later to access this key block. * This function looks into all registered keyblock sources. - * PACKET must be a packet with either a secret_cert or a public_cert + * PACKET must be a packet with either a secret_key or a public_key * * This function is intended to check whether a given certificate * is already in a keyring or to prepare it for editing. @@ -210,20 +208,20 @@ int find_keyblock_byname( KBPOS *kbpos, const char *username ) { PACKET pkt; - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc; - rc = get_pubkey_byname( pkc, username ); + rc = get_pubkey_byname( pk, username ); if( rc ) { - free_public_cert(pkc); + free_public_key(pk); return rc; } init_packet( &pkt ); - pkt.pkttype = PKT_PUBLIC_CERT; - pkt.pkt.public_cert = pkc; + pkt.pkttype = PKT_PUBLIC_KEY; + pkt.pkt.public_key = pk; rc = search( &pkt, kbpos, 0 ); - free_public_cert(pkc); + free_public_key(pk); return rc; } @@ -233,14 +231,14 @@ find_keyblock_byname( KBPOS *kbpos, const char *username ) * of the keyblock. */ int -find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc ) +find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk ) { PACKET pkt; int rc; init_packet( &pkt ); - pkt.pkttype = PKT_PUBLIC_CERT; - pkt.pkt.public_cert = pkc; + pkt.pkttype = PKT_PUBLIC_KEY; + pkt.pkt.public_key = pk; rc = search( &pkt, kbpos, 0 ); return rc; } @@ -254,20 +252,20 @@ int find_secret_keyblock_byname( KBPOS *kbpos, const char *username ) { PACKET pkt; - PKT_secret_cert *skc = m_alloc_clear( sizeof *skc ); + PKT_secret_key *sk = m_alloc_clear( sizeof *sk ); int rc; - rc = get_seckey_byname( skc, username, 0 ); + rc = get_seckey_byname( sk, username, 0 ); if( rc ) { - free_secret_cert(skc); + free_secret_key(sk); return rc; } init_packet( &pkt ); - pkt.pkttype = PKT_SECRET_CERT; - pkt.pkt.secret_cert = skc; + pkt.pkttype = PKT_SECRET_KEY; + pkt.pkt.secret_key = sk; rc = search( &pkt, kbpos, 1 ); - free_secret_cert(skc); + free_secret_key(sk); return rc; } @@ -449,30 +447,30 @@ update_keyblock( KBPOS *kbpos, KBNODE root ) ****************************************************************/ static int -cmp_seckey( PKT_secret_cert *req_skc, PKT_secret_cert *skc ) +cmp_seckey( PKT_secret_key *req_sk, PKT_secret_key *sk ) { int n,i; - assert( req_skc->pubkey_algo == skc->pubkey_algo ); + assert( req_sk->pubkey_algo == sk->pubkey_algo ); - n = pubkey_get_nskey( req_skc->pubkey_algo ); + n = pubkey_get_nskey( req_sk->pubkey_algo ); for(i=0; i < n; i++ ) { - if( mpi_cmp( req_skc->skey[i], skc->skey[i] ) ) + if( mpi_cmp( req_sk->skey[i], sk->skey[i] ) ) return -1; } return 0; } static int -cmp_pubkey( PKT_public_cert *req_pkc, PKT_public_cert *pkc ) +cmp_pubkey( PKT_public_key *req_pk, PKT_public_key *pk ) { int n, i; - assert( req_pkc->pubkey_algo == pkc->pubkey_algo ); + assert( req_pk->pubkey_algo == pk->pubkey_algo ); - n = pubkey_get_npkey( req_pkc->pubkey_algo ); + n = pubkey_get_npkey( req_pk->pubkey_algo ); for(i=0; i < n; i++ ) { - if( mpi_cmp( req_pkc->pkey[i], pkc->pkey[i] ) ) + if( mpi_cmp( req_pk->pkey[i], pk->pkey[i] ) ) return -1; } return 0; @@ -489,8 +487,8 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname ) int save_mode; ulong offset; int pkttype = req->pkttype; - PKT_public_cert *req_pkc = req->pkt.public_cert; - PKT_secret_cert *req_skc = req->pkt.secret_cert; + PKT_public_key *req_pk = req->pkt.public_key; + PKT_secret_key *req_sk = req->pkt.secret_key; init_packet(&pkt); save_mode = set_packet_list_mode(0); @@ -512,22 +510,22 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname ) #endif while( !(rc=search_packet(iobuf, &pkt, pkttype, &offset)) ) { - if( pkt.pkttype == PKT_SECRET_CERT ) { - PKT_secret_cert *skc = pkt.pkt.secret_cert; + if( pkt.pkttype == PKT_SECRET_KEY ) { + PKT_secret_key *sk = pkt.pkt.secret_key; - if( req_skc->timestamp == skc->timestamp - && req_skc->valid_days == skc->valid_days - && req_skc->pubkey_algo == skc->pubkey_algo - && !cmp_seckey( req_skc, skc) ) + if( req_sk->timestamp == sk->timestamp + && req_sk->valid_days == sk->valid_days + && req_sk->pubkey_algo == sk->pubkey_algo + && !cmp_seckey( req_sk, sk) ) break; /* found */ } - else if( pkt.pkttype == PKT_PUBLIC_CERT ) { - PKT_public_cert *pkc = pkt.pkt.public_cert; + else if( pkt.pkttype == PKT_PUBLIC_KEY ) { + PKT_public_key *pk = pkt.pkt.public_key; - if( req_pkc->timestamp == pkc->timestamp - && req_pkc->valid_days == pkc->valid_days - && req_pkc->pubkey_algo == pkc->pubkey_algo - && !cmp_pubkey( req_pkc, pkc ) ) + if( req_pk->timestamp == pk->timestamp + && req_pk->valid_days == pk->valid_days + && req_pk->pubkey_algo == pk->pubkey_algo + && !cmp_pubkey( req_pk, pk ) ) break; /* found */ } else @@ -577,12 +575,13 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root ) kbpos->count=0; while( (rc=parse_packet(a, pkt)) != -1 ) { if( rc ) { /* ignore errors */ - if( rc != G10ERR_UNKNOWN_PACKET ) { + if( rc == G10ERR_PUBKEY_ALGO ) + parse_pubkey_warning( pkt ); + else if( rc != G10ERR_UNKNOWN_PACKET ) { log_error("read_keyblock: read error: %s\n", g10_errstr(rc) ); rc = G10ERR_INV_KEYRING; goto ready; } - log_info("read_keyblock: read error: %s\n", g10_errstr(rc) ); kbpos->count++; free_packet( pkt ); init_packet( pkt ); @@ -590,8 +589,8 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root ) } /* make a linked list of all packets */ switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: if( in_cert ) goto ready; in_cert = 1; @@ -641,7 +640,9 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs ) init_packet(pkt); while( (rc=parse_packet(kbpos->fp, pkt)) != -1 ) { if( rc ) { /* ignore errors */ - if( rc != G10ERR_UNKNOWN_PACKET ) { + if( rc == G10ERR_PUBKEY_ALGO ) + parse_pubkey_warning( pkt ); + else if( rc != G10ERR_UNKNOWN_PACKET ) { log_error("read_keyblock: read error: %s\n", g10_errstr(rc) ); rc = G10ERR_INV_KEYRING; goto ready; @@ -652,8 +653,8 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs ) } /* make a linked list of all packets */ switch( pkt->pkttype ) { - case PKT_PUBLIC_CERT: - case PKT_SECRET_CERT: + case PKT_PUBLIC_KEY: + case PKT_SECRET_KEY: if( root ) { /* store this packet */ kbpos->pkt = pkt; pkt = NULL; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 508187fb8..042b90fe8 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -35,76 +35,76 @@ static int -do_check( PKT_secret_cert *cert ) +do_check( PKT_secret_key *sk ) { byte *buffer; u16 csum=0; int i, res; unsigned nbytes; - if( cert->is_protected ) { /* remove the protection */ + if( sk->is_protected ) { /* remove the protection */ DEK *dek = NULL; u32 keyid[2]; CIPHER_HANDLE cipher_hd=NULL; - PKT_secret_cert *save_cert; + PKT_secret_key *save_sk; char save_iv[8]; - if( cert->protect.algo == CIPHER_ALGO_NONE ) + if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); - if( check_cipher_algo( cert->protect.algo ) ) + if( check_cipher_algo( sk->protect.algo ) ) return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ - keyid_from_skc( cert, keyid ); - dek = passphrase_to_dek( keyid, cert->protect.algo, - &cert->protect.s2k, 0 ); - cipher_hd = cipher_open( cert->protect.algo, + keyid_from_sk( sk, keyid ); + dek = passphrase_to_dek( keyid, sk->protect.algo, + &sk->protect.s2k, 0 ); + cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1); cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); m_free(dek); - save_cert = copy_secret_cert( NULL, cert ); - memcpy(save_iv, cert->protect.iv, 8 ); - cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); + save_sk = copy_secret_key( NULL, sk ); + memcpy(save_iv, sk->protect.iv, 8 ); + cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL ); cipher_sync( cipher_hd ); - assert( mpi_is_protected(cert->skey[i]) ); + assert( mpi_is_protected(sk->skey[i]) ); cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); - mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); - mpi_clear_protect_flag( cert->skey[i] ); - csum += checksum_mpi( cert->skey[i] ); + mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); + mpi_clear_protect_flag( sk->skey[i] ); + csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); } if( opt.emulate_bugs & 1 ) { - csum = cert->csum; + csum = sk->csum; } cipher_close( cipher_hd ); /* now let's see whether we have used the right passphrase */ - if( csum != cert->csum ) { - copy_secret_cert( cert, save_cert ); - free_secret_cert( save_cert ); - memcpy( cert->protect.iv, save_iv, 8 ); + if( csum != sk->csum ) { + copy_secret_key( sk, save_sk ); + free_secret_key( save_sk ); + memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } /* the checksum may fail, so we also check the key itself */ - res = pubkey_check_secret_key( cert->pubkey_algo, cert->skey ); + res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey ); if( res ) { - copy_secret_cert( cert, save_cert ); - free_secret_cert( save_cert ); - memcpy( cert->protect.iv, save_iv, 8 ); + copy_secret_key( sk, save_sk ); + free_secret_key( save_sk ); + memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } - free_secret_cert( save_cert ); - cert->is_protected = 0; + free_secret_key( save_sk ); + sk->is_protected = 0; } else { /* not protected, assume it is okay if the checksum is okay */ csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - csum += checksum_mpi( cert->skey[i] ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + csum += checksum_mpi( sk->skey[i] ); } - if( csum != cert->csum ) + if( csum != sk->csum ) return G10ERR_CHECKSUM; } @@ -114,11 +114,11 @@ do_check( PKT_secret_cert *cert ) /**************** - * Check the secret key certificate + * Check the secret key * Ask up to 3 times for a correct passphrase */ int -check_secret_key( PKT_secret_cert *cert ) +check_secret_key( PKT_secret_key *sk ) { int rc = G10ERR_BAD_PASS; int i; @@ -126,20 +126,20 @@ check_secret_key( PKT_secret_cert *cert ) for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) { if( i ) log_error(_("Invalid passphrase; please try again ...\n")); - rc = do_check( cert ); + rc = do_check( sk ); #if 0 /* set to 1 to enable the workaround */ - if( rc == G10ERR_BAD_PASS && cert->is_protected - && cert->protect.algo == CIPHER_ALGO_BLOWFISH - && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) { + if( rc == G10ERR_BAD_PASS && sk->is_protected + && sk->protect.algo == CIPHER_ALGO_BLOWFISH + && sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) { /* Workaround for a bug in 0.2.16 which still used * a 160 bit key for BLOWFISH. */ log_info("trying workaround for 0.2.16 passphrase bug ...\n"); log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n"); - cert->protect.algo = CIPHER_ALGO_BLOWFISH160; - rc = do_check( cert ); + sk->protect.algo = CIPHER_ALGO_BLOWFISH160; + rc = do_check( sk ); if( rc ) rc = G10ERR_BAD_PASS; - cert->protect.algo = CIPHER_ALGO_BLOWFISH; + sk->protect.algo = CIPHER_ALGO_BLOWFISH; } #endif if( get_passphrase_fd() != -1 ) @@ -154,18 +154,18 @@ check_secret_key( PKT_secret_cert *cert ) * Returns: 0 not protected, -1 on error or the protection algorithm */ int -is_secret_key_protected( PKT_secret_cert *cert ) +is_secret_key_protected( PKT_secret_key *sk ) { - return cert->is_protected? cert->protect.algo : 0; + return sk->is_protected? sk->protect.algo : 0; } /**************** - * Protect the secret key certificate with the passphrase from DEK + * Protect the secret key with the passphrase from DEK */ int -protect_secret_key( PKT_secret_cert *cert, DEK *dek ) +protect_secret_key( PKT_secret_key *sk, DEK *dek ) { int i, rc = 0; byte *buffer; @@ -175,33 +175,33 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek ) if( !dek ) return 0; - if( !cert->is_protected ) { /* okay, apply the protection */ + if( !sk->is_protected ) { /* okay, apply the protection */ CIPHER_HANDLE cipher_hd=NULL; - if( check_cipher_algo( cert->protect.algo ) ) + if( check_cipher_algo( sk->protect.algo ) ) rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ else { - cipher_hd = cipher_open( cert->protect.algo, + cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1 ); cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); - cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); + cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); /* NOTE: we always recalculate the checksum because there are some * test releases which calculated it wrong */ csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - csum += checksum_mpi_counted_nbits( cert->skey[i] ); - buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + csum += checksum_mpi_counted_nbits( sk->skey[i] ); + buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL ); cipher_sync( cipher_hd ); - assert( !mpi_is_protected(cert->skey[i]) ); + assert( !mpi_is_protected(sk->skey[i]) ); cipher_encrypt( cipher_hd, buffer, buffer, nbytes ); - mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); - mpi_set_protect_flag( cert->skey[i] ); + mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); + mpi_set_protect_flag( sk->skey[i] ); m_free( buffer ); } - cert->csum = csum; - cert->is_protected = 1; + sk->csum = csum; + sk->is_protected = 1; cipher_close( cipher_hd ); } } diff --git a/g10/sig-check.c b/g10/sig-check.c index 200d67048..984671923 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -39,7 +39,7 @@ struct cmp_help_context_s { }; -static int do_check( PKT_public_cert *pkc, PKT_signature *sig, +static int do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ); @@ -51,19 +51,19 @@ static int do_check( PKT_public_cert *pkc, PKT_signature *sig, int signature_check( PKT_signature *sig, MD_HANDLE digest ) { - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc=0; if( is_RSA(sig->pubkey_algo) ) write_status(STATUS_RSA_OR_IDEA); - if( get_pubkey( pkc, sig->keyid ) ) + if( get_pubkey( pk, sig->keyid ) ) rc = G10ERR_NO_PUBKEY; else - rc = do_check( pkc, sig, digest ); + rc = do_check( pk, sig, digest ); - free_public_cert( pkc ); + free_public_key( pk ); return rc; } @@ -144,33 +144,33 @@ cmp_help( void *opaque, MPI result ) static int -do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest ) +do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest ) { MPI result = NULL; int rc=0; struct cmp_help_context_s ctx; u32 cur_time; - if( pkc->version == 4 && pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_info("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"); return G10ERR_PUBKEY_ALGO; } - if( pkc->timestamp > sig->timestamp ) + if( pk->timestamp > sig->timestamp ) return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */ cur_time = make_timestamp(); - if( pkc->timestamp > cur_time ) { + if( pk->timestamp > cur_time ) { log_info(_("public key created in future (time warp or clock problem)\n")); return G10ERR_TIME_CONFLICT; } - if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp, - pkc->valid_days) < cur_time ) { + if( pk->valid_days && add_days_to_timestamp(pk->timestamp, + pk->valid_days) < cur_time ) { log_info(_("warning: signature key expired %s\n"), strtimestamp( - add_days_to_timestamp(pkc->timestamp, - pkc->valid_days))); + add_days_to_timestamp(pk->timestamp, + pk->valid_days))); write_status(STATUS_SIGEXPIRED); } @@ -217,11 +217,11 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest ) } md_final( digest ); - result = encode_md_value( pkc->pubkey_algo, digest, sig->digest_algo, - mpi_get_nbits(pkc->pkey[0])); + result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo, + mpi_get_nbits(pk->pkey[0])); ctx.sig = sig; ctx.md = digest; - rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey, + rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey, cmp_help, &ctx ); mpi_free( result ); @@ -249,14 +249,14 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) /**************** * check the signature pointed to by NODE. This is a key signature. - * If the function detects a self-signature, it uses the PKC from + * If the function detects a self-signature, it uses the PK from * NODE and does not read any public key. */ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) { MD_HANDLE md; - PKT_public_cert *pkc; + PKT_public_key *pk; PKT_signature *sig; int algo; int rc; @@ -264,9 +264,9 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) if( is_selfsig ) *is_selfsig = 0; assert( node->pkt->pkttype == PKT_SIGNATURE ); - assert( root->pkt->pkttype == PKT_PUBLIC_CERT ); + assert( root->pkt->pkttype == PKT_PUBLIC_KEY ); - pkc = root->pkt->pkt.public_cert; + pk = root->pkt->pkt.public_key; sig = node->pkt->pkt.signature; algo = sig->digest_algo; if( (rc=check_digest_algo(algo)) ) @@ -274,25 +274,25 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) if( sig->sig_class == 0x20 ) { md = md_open( algo, 0 ); - hash_public_cert( md, pkc ); - rc = do_check( pkc, sig, md ); + hash_public_key( md, pk ); + rc = do_check( pk, sig, md ); md_close(md); } else if( sig->sig_class == 0x18 ) { - KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT ); + KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY ); if( snode ) { if( is_selfsig ) { u32 keyid[2]; - keyid_from_pkc( pkc, keyid ); + keyid_from_pk( pk, keyid ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) *is_selfsig = 1; } md = md_open( algo, 0 ); - hash_public_cert( md, pkc ); - hash_public_cert( md, snode->pkt->pkt.public_cert ); - rc = do_check( pkc, sig, md ); + hash_public_key( md, pk ); + hash_public_key( md, snode->pkt->pkt.public_key ); + rc = do_check( pk, sig, md ); md_close(md); } else { @@ -306,15 +306,15 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) if( unode ) { u32 keyid[2]; - keyid_from_pkc( pkc, keyid ); + keyid_from_pk( pk, keyid ); md = md_open( algo, 0 ); /*md_start_debug(md, "check");*/ - hash_public_cert( md, pkc ); + hash_public_key( md, pk ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { if( is_selfsig ) *is_selfsig = 1; - rc = do_check( pkc, sig, md ); + rc = do_check( pk, sig, md ); } else rc = signature_check( sig, md ); diff --git a/g10/sign.c b/g10/sign.c index 9245f67f7..116e74b73 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -39,7 +39,7 @@ static int -do_sign( PKT_secret_cert *skc, PKT_signature *sig, +do_sign( PKT_secret_key *sk, PKT_signature *sig, MD_HANDLE md, int digest_algo ) { MPI frame; @@ -53,9 +53,9 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig, sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; - frame = encode_md_value( skc->pubkey_algo, md, - digest_algo, mpi_get_nbits(skc->skey[0])); - rc = pubkey_sign( skc->pubkey_algo, sig->data, frame, skc->skey ); + frame = encode_md_value( sk->pubkey_algo, md, + digest_algo, mpi_get_nbits(sk->skey[0])); + rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); mpi_free(frame); if( rc ) log_error("pubkey_sign failed: %s\n", g10_errstr(rc) ); @@ -63,7 +63,7 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig, if( opt.verbose ) { char *ustr = get_user_id_string( sig->keyid ); log_info("%s signature from: %s\n", - pubkey_algo_to_string(skc->pubkey_algo), ustr ); + pubkey_algo_to_string(sk->pubkey_algo), ustr ); m_free(ustr); } } @@ -73,12 +73,12 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig, int -complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ) +complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md ) { int rc=0; - if( !(rc=check_secret_key( skc )) ) - rc = do_sign( skc, sig, md, 0 ); + if( !(rc=check_secret_key( sk )) ) + rc = do_sign( sk, sig, md, 0 ); /* fixme: should we check whether the signature is okay? * maybe by using an option */ @@ -99,15 +99,15 @@ hash_for(int pubkey_algo ) } static int -only_old_style( SKC_LIST skc_list ) +only_old_style( SK_LIST sk_list ) { - SKC_LIST skc_rover = NULL; + SK_LIST sk_rover = NULL; int old_style = 0; /* if there are only old style capable key we use the old sytle */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc = skc_rover->skc; - if( skc->pubkey_algo == PUBKEY_ALGO_RSA && skc->version < 4 ) + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk = sk_rover->sk; + if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 ) old_style = 1; else return 0; @@ -142,9 +142,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, PKT_plaintext *pt = NULL; u32 filesize; int rc = 0; - PKC_LIST pkc_list = NULL; - SKC_LIST skc_list = NULL; - SKC_LIST skc_rover = NULL; + PK_LIST pk_list = NULL; + SK_LIST sk_list = NULL; + SK_LIST sk_rover = NULL; int multifile = 0; int old_style = opt.rfc1991; @@ -166,12 +166,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( fname && filenames->next && (!detached || encrypt) ) log_bug("multiple files can only be detached signed"); - if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) goto leave; if( !old_style ) - old_style = only_old_style( skc_list ); + old_style = only_old_style( sk_list ); if( encrypt ) { - if( (rc=build_pkc_list( remusr, &pkc_list, 2 )) ) + if( (rc=build_pk_list( remusr, &pk_list, 2 )) ) goto leave; } @@ -204,9 +204,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, iobuf_push_filter( inp, text_filter, &tfx ); mfx.md = md_open(0, 0); - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc = skc_rover->skc; - md_enable(mfx.md, hash_for(skc->pubkey_algo)); + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk = sk_rover->sk; + md_enable(mfx.md, hash_for(sk->pubkey_algo)); } if( !multifile ) @@ -218,7 +218,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, write_comment( out, "#created by GNUPG v" VERSION " (" PRINTABLE_OS_NAME ")"); if( encrypt ) { - efx.pkc_list = pkc_list; + efx.pk_list = pk_list; /* fixme: set efx.cfx.datalen if known */ iobuf_push_filter( out, encrypt_filter, &efx ); } @@ -231,17 +231,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( !detached && !old_style ) { /* loop over the secret certificates and build headers */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc; + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk; PKT_onepass_sig *ops; - skc = skc_rover->skc; + sk = sk_rover->sk; ops = m_alloc_clear( sizeof *ops ); ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00; - ops->digest_algo = hash_for(skc->pubkey_algo); - ops->pubkey_algo = skc->pubkey_algo; - keyid_from_skc( skc, ops->keyid ); - ops->last = !skc_rover->next; + ops->digest_algo = hash_for(sk->pubkey_algo); + ops->pubkey_algo = sk->pubkey_algo; + keyid_from_sk( sk, ops->keyid ); + ops->last = !sk_rover->next; init_packet(&pkt); pkt.pkttype = PKT_ONEPASS_SIG; @@ -324,20 +324,20 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } /* loop over the secret certificates */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc; + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk; PKT_signature *sig; MD_HANDLE md; - skc = skc_rover->skc; + sk = sk_rover->sk; /* build the signature packet */ /* fixme: this code is partly duplicated in make_keysig_packet */ sig = m_alloc_clear( sizeof *sig ); - sig->version = skc->version; - keyid_from_skc( skc, sig->keyid ); - sig->digest_algo = hash_for(skc->pubkey_algo); - sig->pubkey_algo = skc->pubkey_algo; + sig->version = sk->version; + keyid_from_sk( sk, sig->keyid ); + sig->digest_algo = hash_for(sk->pubkey_algo); + sig->pubkey_algo = sk->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00; @@ -380,7 +380,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, } md_final( md ); - rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) ); + rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); md_close( md ); if( !rc ) { /* and write it */ @@ -404,8 +404,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, iobuf_close(out); iobuf_close(inp); md_close( mfx.md ); - release_skc_list( skc_list ); - release_pkc_list( pkc_list ); + release_sk_list( sk_list ); + release_pk_list( pk_list ); return rc; } @@ -458,18 +458,18 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) IOBUF inp = NULL, out = NULL; PACKET pkt; int rc = 0; - SKC_LIST skc_list = NULL; - SKC_LIST skc_rover = NULL; + SK_LIST sk_list = NULL; + SK_LIST sk_rover = NULL; int old_style = opt.rfc1991; memset( &afx, 0, sizeof afx); memset( &tfx, 0, sizeof tfx); init_packet( &pkt ); - if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) goto leave; if( !old_style ) - old_style = only_old_style( skc_list ); + old_style = only_old_style( sk_list ); /* prepare iobufs */ if( !(inp = iobuf_open(fname)) ) { @@ -510,9 +510,9 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) textmd = md_open(0, 0); - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc = skc_rover->skc; - md_enable(textmd, hash_for(skc->pubkey_algo)); + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk = sk_rover->sk; + md_enable(textmd, hash_for(sk->pubkey_algo)); } iobuf_push_filter( inp, text_filter, &tfx ); @@ -525,20 +525,20 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) iobuf_push_filter( out, armor_filter, &afx ); /* loop over the secret certificates */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - PKT_secret_cert *skc; + for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { + PKT_secret_key *sk; PKT_signature *sig; MD_HANDLE md; - skc = skc_rover->skc; + sk = sk_rover->sk; /* build the signature packet */ /* fixme: this code is duplicated above */ sig = m_alloc_clear( sizeof *sig ); - sig->version = skc->version; - keyid_from_skc( skc, sig->keyid ); - sig->digest_algo = hash_for(skc->pubkey_algo); - sig->pubkey_algo = skc->pubkey_algo; + sig->version = sk->version; + keyid_from_sk( sk, sig->keyid ); + sig->digest_algo = hash_for(sk->pubkey_algo); + sig->pubkey_algo = sk->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = 0x01; @@ -580,7 +580,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) } md_final( md ); - rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) ); + rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) ); md_close( md ); if( !rc ) { /* and write it */ @@ -604,7 +604,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) iobuf_close(out); iobuf_close(inp); md_close( textmd ); - release_skc_list( skc_list ); + release_sk_list( sk_list ); return rc; } diff --git a/g10/skclist.c b/g10/skclist.c index 53fd2e985..7082a2caa 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -34,96 +34,96 @@ void -release_skc_list( SKC_LIST skc_list ) +release_sk_list( SK_LIST sk_list ) { - SKC_LIST skc_rover; + SK_LIST sk_rover; - for( ; skc_list; skc_list = skc_rover ) { - skc_rover = skc_list->next; - free_secret_cert( skc_list->skc ); - m_free( skc_list ); + for( ; sk_list; sk_list = sk_rover ) { + sk_rover = sk_list->next; + free_secret_key( sk_list->sk ); + m_free( sk_list ); } } int -build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock, +build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned usage ) { - SKC_LIST skc_list = NULL; + SK_LIST sk_list = NULL; int rc; if( !locusr ) { /* use the default one */ - PKT_secret_cert *skc; + PKT_secret_key *sk; - skc = m_alloc_clear( sizeof *skc ); - if( (rc = get_seckey_byname( skc, NULL, unlock )) ) { - free_secret_cert( skc ); skc = NULL; + sk = m_alloc_clear( sizeof *sk ); + if( (rc = get_seckey_byname( sk, NULL, unlock )) ) { + free_secret_key( sk ); sk = NULL; log_error("no default secret key: %s\n", g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) { - SKC_LIST r; - if( skc->version == 4 && (usage & 1) - && skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { + SK_LIST r; + if( sk->version == 4 && (usage & 1) + && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_error("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"); - free_secret_cert( skc ); skc = NULL; + free_secret_key( sk ); sk = NULL; } else { r = m_alloc( sizeof *r ); - r->skc = skc; skc = NULL; - r->next = skc_list; + r->sk = sk; sk = NULL; + r->next = sk_list; r->mark = 0; - skc_list = r; + sk_list = r; } } else { - free_secret_cert( skc ); skc = NULL; + free_secret_key( sk ); sk = NULL; log_error("invalid default secret key: %s\n", g10_errstr(rc) ); } } else { for(; locusr; locusr = locusr->next ) { - PKT_secret_cert *skc; + PKT_secret_key *sk; - skc = m_alloc_clear( sizeof *skc ); - if( (rc = get_seckey_byname( skc, locusr->d, unlock )) ) { - free_secret_cert( skc ); skc = NULL; + sk = m_alloc_clear( sizeof *sk ); + if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) { + free_secret_key( sk ); sk = NULL; log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) { - SKC_LIST r; - if( skc->version == 4 && (usage & 1) - && skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { + SK_LIST r; + if( sk->version == 4 && (usage & 1) + && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { log_info("skipped '%s': this is a PGP generated " "ElGamal key which is not secure for signatures!\n", locusr->d ); - free_secret_cert( skc ); skc = NULL; + free_secret_key( sk ); sk = NULL; } else { r = m_alloc( sizeof *r ); - r->skc = skc; skc = NULL; - r->next = skc_list; + r->sk = sk; sk = NULL; + r->next = sk_list; r->mark = 0; - skc_list = r; + sk_list = r; } } else { - free_secret_cert( skc ); skc = NULL; + free_secret_key( sk ); sk = NULL; log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) ); } } } - if( !rc && !skc_list ) { + if( !rc && !sk_list ) { log_error("no valid signators\n"); rc = G10ERR_NO_USER_ID; } if( rc ) - release_skc_list( skc_list ); + release_sk_list( sk_list ); else - *ret_skc_list = skc_list; + *ret_sk_list = sk_list; return rc; } diff --git a/g10/trustdb.c b/g10/trustdb.c index 6ee436128..e9264c69e 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -163,7 +163,7 @@ static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ); static int read_record( ulong recnum, TRUSTREC *rec, int expected ); static int write_record( ulong recnum, TRUSTREC *rec ); static ulong new_recnum(void); -static int search_record( PKT_public_cert *pkc, TRUSTREC *rec ); +static int search_record( PKT_public_key *pk, TRUSTREC *rec ); static int walk_sigrecs( SIGREC_CONTEXT *c, int create ); static LOCAL_ID_INFO *new_lid_table(void); @@ -636,13 +636,13 @@ new_recnum() } /**************** - * Search the trustdb for a key which matches PKC and return the dir record - * The local_id of PKC is set to the correct value + * Search the trustdb for a key which matches PK and return the dir record + * The local_id of PK is set to the correct value * * Note: To increase performance, we could use a index search here. */ static int -search_record( PKT_public_cert *pkc, TRUSTREC *rec ) +search_record( PKT_public_key *pk, TRUSTREC *rec ) { ulong recnum; u32 keyid[2]; @@ -650,8 +650,8 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec ) size_t fingerlen; int rc; - keyid_from_pkc( pkc, keyid ); - fingerprint = fingerprint_from_pkc( pkc, &fingerlen ); + keyid_from_pk( pk, keyid ); + fingerprint = fingerprint_from_pk( pk, &fingerlen ); assert( fingerlen == 20 || fingerlen == 16 ); for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) { @@ -665,13 +665,13 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec ) log_error("%lu: ooops: invalid key record\n", recnum ); break; } - if( keyrec.r.key.pubkey_algo == pkc->pubkey_algo + if( keyrec.r.key.pubkey_algo == pk->pubkey_algo && !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){ - if( pkc->local_id && pkc->local_id != recnum ) + if( pk->local_id && pk->local_id != recnum ) log_error("%s: found record, but local_id from mem does " "not match recnum (%lu,%lu)\n", db_name, - (ulong)pkc->local_id, (ulong)recnum ); - pkc->local_id = recnum; + (ulong)pk->local_id, (ulong)recnum ); + pk->local_id = recnum; return 0; } } @@ -689,25 +689,25 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec ) static int set_signature_packets_local_id( PKT_signature *sig ) { - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); TRUSTREC rec; int rc; - rc = get_pubkey( pkc, sig->keyid ); + rc = get_pubkey( pk, sig->keyid ); if( rc) goto leave; - if( !pkc->local_id ) { - rc = search_record( pkc, &rec ); + if( !pk->local_id ) { + rc = search_record( pk, &rec ); if( rc == -1 ) - rc = insert_trust_record( pkc ); + rc = insert_trust_record( pk ); if( rc ) goto leave; - /* fixme: we should propagate the local_id to all copies of the PKC */ + /* fixme: we should propagate the local_id to all copies of the PK */ } - sig->local_id = pkc->local_id; + sig->local_id = pk->local_id; leave: - free_public_cert( pkc ); + free_public_key( pk ); return rc; } @@ -833,15 +833,15 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) * Verify that all our public keys are in the trustDB. */ static int -verify_own_certs() +verify_own_keys() { int rc; void *enum_context = NULL; - PKT_secret_cert *skc = m_alloc_clear( sizeof *skc ); - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_secret_key *sk = m_alloc_clear( sizeof *sk ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); u32 keyid[2]; - while( !(rc=enum_secret_keys( &enum_context, skc) ) ) { + while( !(rc=enum_secret_keys( &enum_context, sk) ) ) { /* fixed: to be sure that it is a secret key of our own, * we should check it, but this needs a passphrase * for every key and this is boring for the user. @@ -850,20 +850,20 @@ verify_own_certs() * startup */ - keyid_from_skc( skc, keyid ); + keyid_from_sk( sk, keyid ); if( DBG_TRUST ) log_debug("checking secret key %08lX\n", (ulong)keyid[1] ); /* see whether we can access the public key of this secret key */ - memset( pkc, 0, sizeof *pkc ); - rc = get_pubkey( pkc, keyid ); + memset( pk, 0, sizeof *pk ); + rc = get_pubkey( pk, keyid ); if( rc ) { log_error(_("keyid %08lX: secret key without public key\n"), (ulong)keyid[1] ); goto leave; } - if( cmp_public_secret_cert( pkc, skc ) ) { + if( cmp_public_secret_key( pk, sk ) ) { log_error(_("keyid %08lX: secret and public key don't match\n"), (ulong)keyid[1] ); rc = G10ERR_GENERAL; @@ -871,9 +871,9 @@ verify_own_certs() } /* make sure that the pubkey is in the trustdb */ - rc = query_trust_record( pkc ); + rc = query_trust_record( pk ); if( rc == -1 ) { /* put it into the trustdb */ - rc = insert_trust_record( pkc ); + rc = insert_trust_record( pk ); if( rc ) { log_error(_("keyid %08lX: can't put it into the trustdb\n"), (ulong)keyid[1] ); @@ -888,14 +888,14 @@ verify_own_certs() if( DBG_TRUST ) log_debug("putting %08lX(%lu) into ultikey_table\n", - (ulong)keyid[1], pkc->local_id ); - if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) ) + (ulong)keyid[1], pk->local_id ); + if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) ) log_error(_("keyid %08lX: already in ultikey_table\n"), (ulong)keyid[1]); - release_secret_cert_parts( skc ); - release_public_cert_parts( pkc ); + release_secret_key_parts( sk ); + release_public_key_parts( pk ); } if( rc != -1 ) log_error(_("enum_secret_keys failed: %s\n"), g10_errstr(rc) ); @@ -903,8 +903,8 @@ verify_own_certs() rc = 0; leave: - free_secret_cert( skc ); - free_public_cert( pkc ); + free_secret_key( sk ); + free_public_key( pk ); return rc; } @@ -1186,7 +1186,7 @@ build_sigrecs( ulong pubkeyid ) goto leave; } if( !selfsig ) { - log_error(_("build_sigrecs: self-certificate missing\n") ); + log_error(_("build_sigrecs: self-signature missing\n") ); update_no_sigs( pubkeyid, 2 ); rc = G10ERR_BAD_CERT; goto leave; @@ -1544,9 +1544,9 @@ init_trustdb( int level, const char *dbname ) * in ~/.gnupg/ here */ rc = verify_private_data(); if( !rc ) { - /* verify that our own certificates are in the trustDB + /* verify that our own keys are in the trustDB * or move them to the trustdb. */ - rc = verify_own_certs(); + rc = verify_own_keys(); /* should we check whether there is no other ultimately trusted * key in the database? */ @@ -1566,19 +1566,19 @@ list_trustdb( const char *username ) TRUSTREC rec; if( username ) { - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); int rc; - if( (rc = get_pubkey_byname( pkc, username )) ) + if( (rc = get_pubkey_byname( pk, username )) ) log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); - else if( (rc=search_record( pkc, &rec )) && rc != -1 ) + else if( (rc=search_record( pk, &rec )) && rc != -1 ) log_error("problem finding '%s' in trustdb: %s\n", username, g10_errstr(rc)); else if( rc == -1 ) log_error("user '%s' not in trustdb\n", username); - else if( (rc = list_sigs( pkc->local_id )) ) + else if( (rc = list_sigs( pk->local_id )) ) log_error("user '%s' list problem: %s\n", username, g10_errstr(rc)); - free_public_cert( pkc ); + free_public_key( pk ); } else { ulong recnum; @@ -1600,36 +1600,36 @@ list_trust_path( int max_depth, const char *username ) int wipe=0; int i; TRUSTREC rec; - PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc ); + PKT_public_key *pk = m_alloc_clear( sizeof *pk ); if( max_depth < 0 ) { wipe = 1; max_depth = -max_depth; } - if( (rc = get_pubkey_byname( pkc, username )) ) + if( (rc = get_pubkey_byname( pk, username )) ) log_error("user '%s' not found: %s\n", username, g10_errstr(rc) ); - else if( (rc=search_record( pkc, &rec )) && rc != -1 ) + else if( (rc=search_record( pk, &rec )) && rc != -1 ) log_error("problem finding '%s' in trustdb: %s\n", username, g10_errstr(rc)); else if( rc == -1 ) { log_info("user '%s' not in trustdb - inserting\n", username); - rc = insert_trust_record( pkc ); + rc = insert_trust_record( pk ); if( rc ) log_error("failed to put '%s' into trustdb: %s\n", username, g10_errstr(rc)); else { - assert( pkc->local_id ); + assert( pk->local_id ); } } if( !rc ) { TRUST_SEG_LIST tsl, tslist = NULL; - if( !qry_lid_table_flag( ultikey_table, pkc->local_id, NULL ) ) { + if( !qry_lid_table_flag( ultikey_table, pk->local_id, NULL ) ) { tslist = m_alloc( sizeof *tslist ); tslist->nseg = 1; tslist->dup = 0; - tslist->seg[0].lid = pkc->local_id; + tslist->seg[0].lid = pk->local_id; tslist->seg[0].trust = 0; tslist->next = NULL; rc = 0; @@ -1638,7 +1638,7 @@ list_trust_path( int max_depth, const char *username ) LOCAL_ID_INFO *lids = new_lid_table(); TRUST_INFO stack[MAX_LIST_SIGS_DEPTH]; - stack[0].lid = pkc->local_id; + stack[0].lid = pk->local_id; stack[0].trust = 0; rc = do_list_path( stack, 1, max_depth, lids, &tslist ); if( wipe ) { /* wipe out duplicates */ @@ -1674,17 +1674,17 @@ list_trust_path( int max_depth, const char *username ) } } - free_public_cert( pkc ); + free_public_key( pk ); } /**************** - * Get the trustlevel for this PKC. + * Get the trustlevel for this PK. * Note: This does not ask any questions * Returns: 0 okay of an errorcode * * It operates this way: - * locate the pkc in the trustdb + * locate the pk in the trustdb * found: * Do we have a valid cache record for it? * yes: return trustlevel from cache @@ -1700,7 +1700,7 @@ list_trust_path( int max_depth, const char *username ) * is not necessary to check this if we use a local pubring. Hmmmm. */ int -check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) +check_trust( PKT_public_key *pk, unsigned *r_trustlevel ) { TRUSTREC rec; unsigned trustlevel = TRUST_UNKNOWN; @@ -1711,44 +1711,44 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) log_info("check_trust() called.\n"); /* get the pubkey record */ - if( pkc->local_id ) { - if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) { + if( pk->local_id ) { + if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { log_error(_("check_trust: read record failed\n")); return G10ERR_TRUSTDB; } } else { /* no local_id: scan the trustdb */ - if( (rc=search_record( pkc, &rec )) && rc != -1 ) { + if( (rc=search_record( pk, &rec )) && rc != -1 ) { log_error(_("check_trust: search_record failed: %s\n"), g10_errstr(rc)); return rc; } else if( rc == -1 ) { - rc = insert_trust_record( pkc ); + rc = insert_trust_record( pk ); if( rc ) { log_error(_("failed to insert pubkey into trustdb: %s\n"), g10_errstr(rc)); goto leave; } log_info(_("pubkey not in trustdb - inserted as %lu\n"), - pkc->local_id ); + pk->local_id ); } } cur_time = make_timestamp(); - if( pkc->timestamp > cur_time ) { + if( pk->timestamp > cur_time ) { log_info(_("public key created in future (time warp or clock problem)\n")); return G10ERR_TIME_CONFLICT; } - if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp, - pkc->valid_days) < cur_time ) { + if( pk->valid_days && add_days_to_timestamp(pk->timestamp, + pk->valid_days) < cur_time ) { log_info(_("key expiration date is %s\n"), strtimestamp( - add_days_to_timestamp(pkc->timestamp, - pkc->valid_days))); + add_days_to_timestamp(pk->timestamp, + pk->valid_days))); trustlevel = TRUST_EXPIRED; } else { - rc = do_check( pkc->local_id, &rec, &trustlevel ); + rc = do_check( pk->local_id, &rec, &trustlevel ); if( rc ) { log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc)); return rc; @@ -1765,12 +1765,12 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ) int -query_trust_info( PKT_public_cert *pkc ) +query_trust_info( PKT_public_key *pk ) { unsigned trustlevel; int c; - if( check_trust( pkc, &trustlevel ) ) + if( check_trust( pk, &trustlevel ) ) return '?'; if( trustlevel & TRUST_FLAG_REVOKED ) return 'r'; @@ -1875,25 +1875,25 @@ keyid_from_trustdb( ulong lid, u32 *keyid ) /**************** * This function simply looks for the key in the trustdb - * and sets PKC->local_id. + * and sets PK->local_id. * Return: 0 = found * -1 = not found * other = error */ int -query_trust_record( PKT_public_cert *pkc ) +query_trust_record( PKT_public_key *pk ) { TRUSTREC rec; int rc=0; - if( pkc->local_id ) { - if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) { + if( pk->local_id ) { + if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) { log_error("query_trust_record: read record failed\n"); return G10ERR_TRUSTDB; } } else { /* no local_id: scan the trustdb */ - if( (rc=search_record( pkc, &rec )) && rc != -1 ) { + if( (rc=search_record( pk, &rec )) && rc != -1 ) { log_error("query_trust_record: search_record failed: %s\n", g10_errstr(rc)); return rc; @@ -1908,7 +1908,7 @@ query_trust_record( PKT_public_cert *pkc ) * This function fails if this record already exists. */ int -insert_trust_record( PKT_public_cert *pkc ) +insert_trust_record( PKT_public_key *pk ) { TRUSTREC rec; u32 keyid[2]; @@ -1917,11 +1917,11 @@ insert_trust_record( PKT_public_cert *pkc ) size_t fingerlen; - if( pkc->local_id ) - log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id ); + if( pk->local_id ) + log_bug("pk->local_id=%lu\n", (ulong)pk->local_id ); - keyid_from_pkc( pkc, keyid ); - fingerprint = fingerprint_from_pkc( pkc, &fingerlen ); + keyid_from_pk( pk, keyid ); + fingerprint = fingerprint_from_pk( pk, &fingerlen ); /* FIXME: check that we do not have this record. */ @@ -1945,7 +1945,7 @@ insert_trust_record( PKT_public_cert *pkc ) rec.r.key.owner = dnum; rec.r.key.keyid[0] = keyid[0]; rec.r.key.keyid[1] = keyid[1]; - rec.r.key.pubkey_algo = pkc->pubkey_algo; + rec.r.key.pubkey_algo = pk->pubkey_algo; rec.r.key.fingerprint_len = fingerlen; memcpy(rec.r.key.fingerprint, fingerprint, fingerlen ); rec.r.key.ownertrust = 0; @@ -1954,7 +1954,7 @@ insert_trust_record( PKT_public_cert *pkc ) return G10ERR_TRUSTDB; } - pkc->local_id = dnum; + pk->local_id = dnum; return 0; } diff --git a/g10/trustdb.h b/g10/trustdb.h index a9b1e587e..e4d74e411 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -39,13 +39,13 @@ void list_trustdb(const char *username); void list_trust_path( int max_depth, const char *username ); int init_trustdb( int level, const char *dbname ); -int check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel ); -int query_trust_info( PKT_public_cert *pkc ); +int check_trust( PKT_public_key *pk, unsigned *r_trustlevel ); +int query_trust_info( PKT_public_key *pk ); int enum_trust_web( void **context, ulong *lid ); int get_ownertrust( ulong lid, unsigned *r_otrust ); int keyid_from_trustdb( ulong lid, u32 *keyid ); -int query_trust_record( PKT_public_cert *pkc ); -int insert_trust_record( PKT_public_cert *pkc ); +int query_trust_record( PKT_public_key *pk ); +int insert_trust_record( PKT_public_key *pk ); int update_ownertrust( ulong lid, unsigned new_trust ); int verify_private_data(void); int sign_private_data(void); |