summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>1998-06-29 14:30:57 +0200
committerWerner Koch <wk@gnupg.org>1998-06-29 14:30:57 +0200
commit77a6af76d04a4762c841627ac95fdc521ca74b72 (patch)
treebeec5dfedffa9c1a25b737911066fe93df4d923f /g10
parentbug fixes (diff)
downloadgnupg2-77a6af76d04a4762c841627ac95fdc521ca74b72.tar.xz
gnupg2-77a6af76d04a4762c841627ac95fdc521ca74b72.zip
textual changes
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog19
-rw-r--r--g10/OPTIONS2
-rw-r--r--g10/armor.c6
-rw-r--r--g10/build-packet.c104
-rw-r--r--g10/encode.c32
-rw-r--r--g10/export.c20
-rw-r--r--g10/free-packet.c60
-rw-r--r--g10/g10.c17
-rw-r--r--g10/getkey.c284
-rw-r--r--g10/import.c136
-rw-r--r--g10/kbnode.c22
-rw-r--r--g10/keydb.h52
-rw-r--r--g10/keyedit.c188
-rw-r--r--g10/keygen.c237
-rw-r--r--g10/keyid.c108
-rw-r--r--g10/keylist.c112
-rw-r--r--g10/main.h8
-rw-r--r--g10/mainproc.c106
-rw-r--r--g10/packet.h54
-rw-r--r--g10/parse-packet.c498
-rw-r--r--g10/passphrase.c12
-rw-r--r--g10/pkclist.c122
-rw-r--r--g10/pubkey-enc.c14
-rw-r--r--g10/revoke.c37
-rw-r--r--g10/ringedit.c95
-rw-r--r--g10/seckey-cert.c120
-rw-r--r--g10/sig-check.c60
-rw-r--r--g10/sign.c112
-rw-r--r--g10/skclist.c74
-rw-r--r--g10/trustdb.c158
-rw-r--r--g10/trustdb.h8
31 files changed, 1434 insertions, 1443 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index e7e9ac753..ccee5b99f 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,22 @@
+Mon Jun 29 12:54:45 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * packet.h: changed all "_cert" to "_key", "subcert" to "subkey".
+
+ * free-packet.c (free_packet): Removed memory leak for subkeys.
+
+Sun Jun 28 18:32:27 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * import.c (import_keys): Renamed from import_pubkeys.
+ (import_secret_one): New.
+
+ * g10.c (aExportSecret): New.
+
+ * export.c (export_seckeys): New.
+
+ * parse-packet.c (parse_certificate): Cleaned up.
+ (parse_packet): Trust packets are now considered as unknown.
+ (parse_pubkey_warning): New.
+
Fri Jun 26 10:37:35 1998 Werner Koch (wk@isil.d.shuttle.de)
* keygen.c (has_invalid_email_chars): New.
diff --git a/g10/OPTIONS b/g10/OPTIONS
index 2c2fce638..3abe296d8 100644
--- a/g10/OPTIONS
+++ b/g10/OPTIONS
@@ -41,6 +41,8 @@ store
list-secret-keys
#
+export-secret-keys
+# export secret keys (which may be usefuil in some cases)
#-----------------------------------------------
#--- options
diff --git a/g10/armor.c b/g10/armor.c
index 541ba3e76..82b240f75 100644
--- a/g10/armor.c
+++ b/g10/armor.c
@@ -88,6 +88,7 @@ static char *head_strings[] = {
"BEGIN PGP SIGNATURE",
"BEGIN PGP SIGNED MESSAGE",
"BEGIN PGP ARMORED FILE",
+ "BEGIN PGP SECRET KEY BLOCK",
NULL
};
static char *tail_strings[] = {
@@ -96,6 +97,7 @@ static char *tail_strings[] = {
"END PGP SIGNATURE",
"END dummy",
"END PGP ARMORED FILE",
+ "END PGP SECRET KEY BLOCK",
NULL
};
@@ -153,8 +155,8 @@ is_armored( byte *buf )
pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
switch( pkttype ) {
case PKT_MARKER:
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
case PKT_PUBKEY_ENC:
case PKT_SIGNATURE:
case PKT_COMMENT:
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 03e152e99..cb08275ec 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -36,8 +36,8 @@
static int do_comment( IOBUF out, int ctb, PKT_comment *rem );
static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
-static int do_public_cert( IOBUF out, int ctb, PKT_public_cert *pk );
-static int do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *pk );
+static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
+static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
static u32 calc_plaintext( PKT_plaintext *pt );
@@ -82,13 +82,13 @@ build_packet( IOBUF out, PACKET *pkt )
case PKT_COMMENT:
rc = do_comment( out, ctb, pkt->pkt.comment );
break;
- case PKT_PUBKEY_SUBCERT:
- case PKT_PUBLIC_CERT:
- rc = do_public_cert( out, ctb, pkt->pkt.public_cert );
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_PUBLIC_KEY:
+ rc = do_public_key( out, ctb, pkt->pkt.public_key );
break;
- case PKT_SECKEY_SUBCERT:
- case PKT_SECRET_CERT:
- rc = do_secret_cert( out, ctb, pkt->pkt.secret_cert );
+ case PKT_SECRET_SUBKEY:
+ case PKT_SECRET_KEY:
+ rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
break;
case PKT_SYMKEY_ENC:
rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
@@ -135,8 +135,8 @@ calc_packet_length( PACKET *pkt )
break;
case PKT_USER_ID:
case PKT_COMMENT:
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
case PKT_SYMKEY_ENC:
case PKT_PUBKEY_ENC:
case PKT_ENCRYPTED:
@@ -174,25 +174,25 @@ do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
}
static int
-do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
+do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
{
int rc = 0;
int n, i;
IOBUF a = iobuf_temp();
- if( !pkc->version )
+ if( !pk->version )
iobuf_put( a, 3 );
else
- iobuf_put( a, pkc->version );
- write_32(a, pkc->timestamp );
- if( pkc->version < 4 )
- write_16(a, pkc->valid_days );
- iobuf_put(a, pkc->pubkey_algo );
- n = pubkey_get_npkey( pkc->pubkey_algo );
+ iobuf_put( a, pk->version );
+ write_32(a, pk->timestamp );
+ if( pk->version < 4 )
+ write_16(a, pk->valid_days );
+ iobuf_put(a, pk->pubkey_algo );
+ n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ )
- mpi_write(a, pkc->pkey[i] );
+ mpi_write(a, pk->pkey[i] );
- write_header2(out, ctb, iobuf_get_temp_length(a), pkc->hdrbytes, 1 );
+ write_header2(out, ctb, iobuf_get_temp_length(a), pk->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@@ -205,25 +205,25 @@ do_public_cert( IOBUF out, int ctb, PKT_public_cert *pkc )
* Make a hash value from the public key certificate
*/
void
-hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
+hash_public_key( MD_HANDLE md, PKT_public_key *pk )
{
PACKET pkt;
int rc = 0;
int c;
IOBUF a = iobuf_temp();
#if 0
- FILE *fp = fopen("dump.pkc", "a");
+ FILE *fp = fopen("dump.pk", "a");
int i=0;
- fprintf(fp, "\nHashing PKC (v%d):\n", pkc->version);
+ fprintf(fp, "\nHashing PK (v%d):\n", pk->version);
#endif
/* build the packet */
init_packet(&pkt);
- pkt.pkttype = PKT_PUBLIC_CERT;
- pkt.pkt.public_cert = pkc;
+ pkt.pkttype = PKT_PUBLIC_KEY;
+ pkt.pkt.public_key = pk;
if( (rc = build_packet( a, &pkt )) )
- log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc));
+ log_fatal("build public_key for hashing failed: %s\n", g10_errstr(rc));
while( (c=iobuf_get(a)) != -1 ) {
#if 0
fprintf( fp," %02x", c );
@@ -243,51 +243,51 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc )
static int
-do_secret_cert( IOBUF out, int ctb, PKT_secret_cert *skc )
+do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
{
int rc = 0;
int i, nskey, npkey;
IOBUF a = iobuf_temp();
- if( !skc->version )
+ if( !sk->version )
iobuf_put( a, 3 );
else
- iobuf_put( a, skc->version );
- write_32(a, skc->timestamp );
- if( skc->version < 4 )
- write_16(a, skc->valid_days );
- iobuf_put(a, skc->pubkey_algo );
- nskey = pubkey_get_nskey( skc->pubkey_algo );
- npkey = pubkey_get_npkey( skc->pubkey_algo );
+ iobuf_put( a, sk->version );
+ write_32(a, sk->timestamp );
+ if( sk->version < 4 )
+ write_16(a, sk->valid_days );
+ iobuf_put(a, sk->pubkey_algo );
+ nskey = pubkey_get_nskey( sk->pubkey_algo );
+ npkey = pubkey_get_npkey( sk->pubkey_algo );
assert( npkey < nskey );
for(i=0; i < npkey; i++ )
- mpi_write(a, skc->skey[i] );
- if( skc->is_protected ) {
- if( is_RSA(skc->pubkey_algo) && skc->version < 4 ) {
- iobuf_put(a, skc->protect.algo );
- iobuf_write(a, skc->protect.iv, 8 );
+ mpi_write(a, sk->skey[i] );
+ if( sk->is_protected ) {
+ if( is_RSA(sk->pubkey_algo) && sk->version < 4 ) {
+ iobuf_put(a, sk->protect.algo );
+ iobuf_write(a, sk->protect.iv, 8 );
}
else {
iobuf_put(a, 0xff );
- iobuf_put(a, skc->protect.algo );
- iobuf_put(a, skc->protect.s2k.mode );
- iobuf_put(a, skc->protect.s2k.hash_algo );
- if( skc->protect.s2k.mode == 1
- || skc->protect.s2k.mode == 4 )
- iobuf_write(a, skc->protect.s2k.salt, 8 );
- if( skc->protect.s2k.mode == 4 )
- write_32(a, skc->protect.s2k.count );
- iobuf_write(a, skc->protect.iv, 8 );
+ iobuf_put(a, sk->protect.algo );
+ iobuf_put(a, sk->protect.s2k.mode );
+ iobuf_put(a, sk->protect.s2k.hash_algo );
+ if( sk->protect.s2k.mode == 1
+ || sk->protect.s2k.mode == 4 )
+ iobuf_write(a, sk->protect.s2k.salt, 8 );
+ if( sk->protect.s2k.mode == 4 )
+ write_32(a, sk->protect.s2k.count );
+ iobuf_write(a, sk->protect.iv, 8 );
}
}
else
iobuf_put(a, 0 );
for( ; i < nskey; i++ )
- mpi_write(a, skc->skey[i] );
- write_16(a, skc->csum );
+ mpi_write(a, sk->skey[i] );
+ write_16(a, sk->csum );
- write_header2(out, ctb, iobuf_get_temp_length(a), skc->hdrbytes, 1 );
+ write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes, 1 );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
diff --git a/g10/encode.c b/g10/encode.c
index 3d4ad9917..2cc2f10c3 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -37,7 +37,7 @@
static int encode_simple( const char *filename, int mode );
-static int write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out );
+static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@@ -185,13 +185,13 @@ encode_crypt( const char *filename, STRLIST remusr )
cipher_filter_context_t cfx;
armor_filter_context_t afx;
compress_filter_context_t zfx;
- PKC_LIST pkc_list;
+ PK_LIST pk_list;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
- if( (rc=build_pkc_list( remusr, &pkc_list, 2)) )
+ if( (rc=build_pk_list( remusr, &pk_list, 2)) )
return rc;
/* prepare iobufs */
@@ -222,7 +222,7 @@ encode_crypt( const char *filename, STRLIST remusr )
if( DBG_CIPHER )
log_hexdump("DEK is: ", cfx.dek->key, cfx.dek->keylen );
- rc = write_pubkey_enc_from_list( pkc_list, cfx.dek, out );
+ rc = write_pubkey_enc_from_list( pk_list, cfx.dek, out );
if( rc )
goto leave;
@@ -269,7 +269,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->buf = NULL;
free_packet(&pkt);
m_free(cfx.dek);
- release_pkc_list( pkc_list );
+ release_pk_list( pk_list );
return rc;
}
@@ -297,7 +297,7 @@ encrypt_filter( void *opaque, int control,
log_hexdump("DEK is: ",
efx->cfx.dek->key, efx->cfx.dek->keylen );
- rc = write_pubkey_enc_from_list( efx->pkc_list, efx->cfx.dek, a );
+ rc = write_pubkey_enc_from_list( efx->pk_list, efx->cfx.dek, a );
if( rc )
return rc;
@@ -318,26 +318,26 @@ encrypt_filter( void *opaque, int control,
/****************
- * Write pubkey-enc packets from the list of PKCs to OUT.
+ * Write pubkey-enc packets from the list of PKs to OUT.
*/
static int
-write_pubkey_enc_from_list( PKC_LIST pkc_list, DEK *dek, IOBUF out )
+write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
{
PACKET pkt;
- PKT_public_cert *pkc;
+ PKT_public_key *pk;
PKT_pubkey_enc *enc;
int rc;
- for( ; pkc_list; pkc_list = pkc_list->next ) {
+ for( ; pk_list; pk_list = pk_list->next ) {
MPI frame;
- pkc = pkc_list->pkc;
+ pk = pk_list->pk;
enc = m_alloc_clear( sizeof *enc );
- enc->pubkey_algo = pkc->pubkey_algo;
- keyid_from_pkc( pkc, enc->keyid );
- frame = encode_session_key( dek, pubkey_nbits( pkc->pubkey_algo,
- pkc->pkey ) );
- rc = pubkey_encrypt( pkc->pubkey_algo, enc->data, frame, pkc->pkey );
+ enc->pubkey_algo = pk->pubkey_algo;
+ keyid_from_pk( pk, enc->keyid );
+ frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo,
+ pk->pkey ) );
+ rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey );
mpi_free( frame );
if( rc )
log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) );
diff --git a/g10/export.c b/g10/export.c
index c70af6cc8..68e83a268 100644
--- a/g10/export.c
+++ b/g10/export.c
@@ -33,6 +33,7 @@
#include "util.h"
#include "main.h"
+static int do_export( STRLIST users, int secret );
/****************
* Export the public keys (to standard out or --output).
@@ -42,6 +43,18 @@
int
export_pubkeys( STRLIST users )
{
+ return do_export( users, 0 );
+}
+
+int
+export_seckeys( STRLIST users )
+{
+ return do_export( users, 1 );
+}
+
+static int
+do_export( STRLIST users, int secret )
+{
int rc = 0;
armor_filter_context_t afx;
compress_filter_context_t zfx;
@@ -64,14 +77,14 @@ export_pubkeys( STRLIST users )
}
if( opt.armor ) {
- afx.what = 1;
+ afx.what = secret?5:1;
iobuf_push_filter( out, armor_filter, &afx );
}
if( opt.compress_keys && opt.compress )
iobuf_push_filter( out, compress_filter, &zfx );
if( all ) {
- rc = enum_keyblocks( 0, &kbpos, &keyblock );
+ rc = enum_keyblocks( secret?5:0, &kbpos, &keyblock );
if( rc ) {
if( rc != -1 )
log_error("enum_keyblocks(open) failed: %s\n", g10_errstr(rc) );
@@ -94,7 +107,8 @@ export_pubkeys( STRLIST users )
}
else {
/* search the userid */
- rc = find_keyblock_byname( &kbpos, sl->d );
+ rc = secret? find_secret_keyblock_byname( &kbpos, sl->d )
+ : find_keyblock_byname( &kbpos, sl->d );
if( rc ) {
log_error("%s: user not found: %s\n", sl->d, g10_errstr(rc) );
rc = 0;
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 12382b4db..6b3b7686e 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -62,26 +62,26 @@ free_seckey_enc( PKT_signature *sig )
void
-release_public_cert_parts( PKT_public_cert *cert )
+release_public_key_parts( PKT_public_key *pk )
{
int n, i;
- n = pubkey_get_npkey( cert->pubkey_algo );
+ n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ ) {
- mpi_free( cert->pkey[i] );
- cert->pkey[i] = NULL;
+ mpi_free( pk->pkey[i] );
+ pk->pkey[i] = NULL;
}
}
void
-free_public_cert( PKT_public_cert *cert )
+free_public_key( PKT_public_key *pk )
{
- release_public_cert_parts( cert );
- m_free(cert);
+ release_public_key_parts( pk );
+ m_free(pk);
}
-PKT_public_cert *
-copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
+PKT_public_key *
+copy_public_key( PKT_public_key *d, PKT_public_key *s )
{
int n, i;
@@ -95,26 +95,26 @@ copy_public_cert( PKT_public_cert *d, PKT_public_cert *s )
}
void
-release_secret_cert_parts( PKT_secret_cert *cert )
+release_secret_key_parts( PKT_secret_key *sk )
{
int n, i;
- n = pubkey_get_nskey( cert->pubkey_algo );
+ n = pubkey_get_nskey( sk->pubkey_algo );
for(i=0; i < n; i++ ) {
- mpi_free( cert->skey[i] );
- cert->skey[i] = NULL;
+ mpi_free( sk->skey[i] );
+ sk->skey[i] = NULL;
}
}
void
-free_secret_cert( PKT_secret_cert *cert )
+free_secret_key( PKT_secret_key *sk )
{
- release_secret_cert_parts( cert );
- m_free(cert);
+ release_secret_key_parts( sk );
+ m_free(sk);
}
-PKT_secret_cert *
-copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s )
+PKT_secret_key *
+copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
{
int n, i;
@@ -208,11 +208,13 @@ free_packet( PACKET *pkt )
case PKT_SYMKEY_ENC:
free_symkey_enc( pkt->pkt.symkey_enc );
break;
- case PKT_PUBLIC_CERT:
- free_public_cert( pkt->pkt.public_cert );
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ free_public_key( pkt->pkt.public_key );
break;
- case PKT_SECRET_CERT:
- free_secret_cert( pkt->pkt.secret_cert );
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ free_secret_key( pkt->pkt.secret_key );
break;
case PKT_COMMENT:
free_comment( pkt->pkt.comment );
@@ -240,7 +242,7 @@ free_packet( PACKET *pkt )
* Returns 0 if they match.
*/
int
-cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
+cmp_public_keys( PKT_public_key *a, PKT_public_key *b )
{
int n, i;
@@ -264,20 +266,20 @@ cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b )
* Returns 0 if they match.
*/
int
-cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc )
+cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk )
{
int n, i;
- if( pkc->timestamp != skc->timestamp )
+ if( pk->timestamp != sk->timestamp )
return -1;
- if( pkc->valid_days != skc->valid_days )
+ if( pk->valid_days != sk->valid_days )
return -1;
- if( pkc->pubkey_algo != skc->pubkey_algo )
+ if( pk->pubkey_algo != sk->pubkey_algo )
return -1;
- n = pubkey_get_npkey( pkc->pubkey_algo );
+ n = pubkey_get_npkey( pk->pubkey_algo );
for(i=0; i < n; i++ ) {
- if( mpi_cmp( pkc->pkey[i] , skc->skey[i] ) )
+ if( mpi_cmp( pk->pkey[i] , sk->skey[i] ) )
return -1;
}
return 0;
diff --git a/g10/g10.c b/g10/g10.c
index 828fef2ff..4b1e696e2 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -75,6 +75,7 @@ static ARGPARSE_OPTS opts[] = {
{ 542, "gen-revoke",0, N_("generate a revocation certificate")},
#endif
{ 537, "export" , 0, N_("export keys") },
+ { 563, "export-secret-keys" , 0, "@" },
{ 530, "import", 0 , N_("import/merge keys")},
{ 521, "list-packets",0,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT
@@ -176,7 +177,8 @@ enum cmd_values { aNull = 0,
aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey,
aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys,
aListSigs, aKeyadd, aListSecretKeys,
- aExport, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
+ aExport, aExportSecret,
+ aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest,
aNOP };
@@ -595,6 +597,7 @@ main( int argc, char **argv )
case 560: register_cipher_extension(pargs.r.ret_str); break;
case 561: opt.rfc1991 = 1; break;
case 562: opt.emulate_bugs |= 1; break;
+ case 563: set_cmd( &cmd, aExportSecret); break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
@@ -855,12 +858,12 @@ main( int argc, char **argv )
case aImport:
if( !argc ) {
- rc = import_pubkeys( NULL );
+ rc = import_keys( NULL );
if( rc )
log_error("import failed: %s\n", g10_errstr(rc) );
}
for( ; argc; argc--, argv++ ) {
- rc = import_pubkeys( *argv );
+ rc = import_keys( *argv );
if( rc )
log_error("import from '%s' failed: %s\n",
*argv, g10_errstr(rc) );
@@ -875,6 +878,14 @@ main( int argc, char **argv )
free_strlist(sl);
break;
+ case aExportSecret:
+ sl = NULL;
+ for( ; argc; argc--, argv++ )
+ add_to_strlist( &sl, *argv );
+ export_seckeys( sl );
+ free_strlist(sl);
+ break;
+
#ifdef IS_G10
case aGenRevoke:
if( argc != 1 )
diff --git a/g10/getkey.c b/g10/getkey.c
index c8e8ea012..b88b926e0 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -32,7 +32,7 @@
#include "options.h"
#include "main.h"
-#define MAX_PKC_CACHE_ENTRIES 500
+#define MAX_PK_CACHE_ENTRIES 500
typedef struct keyid_list {
@@ -47,11 +47,11 @@ typedef struct user_id_db {
char name[1];
} *user_id_db_t;
-typedef struct pkc_cache_entry {
- struct pkc_cache_entry *next;
+typedef struct pk_cache_entry {
+ struct pk_cache_entry *next;
u32 keyid[2];
- PKT_public_cert *pkc;
-} *pkc_cache_entry_t;
+ PKT_public_key *pk;
+} *pk_cache_entry_t;
typedef struct enum_seckey_context {
int eof;
@@ -65,14 +65,14 @@ static STRLIST secret_keyrings;
static keyid_list_t unknown_keyids;
static user_id_db_t user_id_db;
-static pkc_cache_entry_t pkc_cache;
-static int pkc_cache_entries; /* number of entries in pkc cache */
+static pk_cache_entry_t pk_cache;
+static int pk_cache_entries; /* number of entries in pk cache */
-static int lookup( PKT_public_cert *pkc,
+static int lookup( PKT_public_key *pk,
int mode, u32 *keyid, const char *name,
KBNODE *ret_keyblock );
-static int lookup_skc( PKT_secret_cert *skc,
+static int lookup_sk( PKT_secret_key *sk,
int mode, u32 *keyid, const char *name );
/* note this function may be called before secure memory is
@@ -170,42 +170,42 @@ add_secret_keyring( const char *name )
static void
-cache_public_cert( PKT_public_cert *pkc )
+cache_public_key( PKT_public_key *pk )
{
- pkc_cache_entry_t ce;
+ pk_cache_entry_t ce;
u32 keyid[2];
- if( is_ELGAMAL(pkc->pubkey_algo)
- || pkc->pubkey_algo == PUBKEY_ALGO_DSA
- || is_RSA(pkc->pubkey_algo) ) {
- keyid_from_pkc( pkc, keyid );
+ if( is_ELGAMAL(pk->pubkey_algo)
+ || pk->pubkey_algo == PUBKEY_ALGO_DSA
+ || is_RSA(pk->pubkey_algo) ) {
+ keyid_from_pk( pk, keyid );
}
else
return; /* don't know how to get the keyid */
- for( ce = pkc_cache; ce; ce = ce->next )
+ for( ce = pk_cache; ce; ce = ce->next )
if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
if( DBG_CACHE )
- log_debug("cache_public_cert: already in cache\n");
+ log_debug("cache_public_key: already in cache\n");
return;
}
- if( pkc_cache_entries > MAX_PKC_CACHE_ENTRIES ) {
+ if( pk_cache_entries > MAX_PK_CACHE_ENTRIES ) {
/* FIMXE: use another algorithm to free some cache slots */
- if( pkc_cache_entries == MAX_PKC_CACHE_ENTRIES ) {
- pkc_cache_entries++;
- log_info("too many entries in pkc cache - disabled\n");
+ if( pk_cache_entries == MAX_PK_CACHE_ENTRIES ) {
+ pk_cache_entries++;
+ log_info("too many entries in pk cache - disabled\n");
}
- ce = pkc_cache;
- free_public_cert( ce->pkc );
+ ce = pk_cache;
+ free_public_key( ce->pk );
}
else {
- pkc_cache_entries++;
+ pk_cache_entries++;
ce = m_alloc( sizeof *ce );
- ce->next = pkc_cache;
- pkc_cache = ce;
+ ce->next = pk_cache;
+ pk_cache = ce;
}
- ce->pkc = copy_public_cert( NULL, pkc );
+ ce->pk = copy_public_key( NULL, pk );
ce->keyid[0] = keyid[0];
ce->keyid[1] = keyid[1];
}
@@ -238,17 +238,17 @@ cache_user_id( PKT_user_id *uid, u32 *keyid )
/****************
- * Get a public key and store it into the allocated pkc
- * can be called with PKC set to NULL to just read it into some
+ * Get a public key and store it into the allocated pk
+ * can be called with PK set to NULL to just read it into some
* internal structures.
*/
int
-get_pubkey( PKT_public_cert *pkc, u32 *keyid )
+get_pubkey( PKT_public_key *pk, u32 *keyid )
{
keyid_list_t kl;
int internal = 0;
int rc = 0;
- pkc_cache_entry_t ce;
+ pk_cache_entry_t ce;
/* let's see whether we checked the keyid already */
for( kl = unknown_keyids; kl; kl = kl->next )
@@ -256,21 +256,21 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
return G10ERR_NO_PUBKEY; /* already checked and not found */
/* Try to get it from our cache */
- for( ce = pkc_cache; ce; ce = ce->next )
+ for( ce = pk_cache; ce; ce = ce->next )
if( ce->keyid[0] == keyid[0] && ce->keyid[1] == keyid[1] ) {
- if( pkc )
- copy_public_cert( pkc, ce->pkc );
+ if( pk )
+ copy_public_key( pk, ce->pk );
return 0;
}
/* more init stuff */
- if( !pkc ) {
- pkc = m_alloc_clear( sizeof *pkc );
+ if( !pk ) {
+ pk = m_alloc_clear( sizeof *pk );
internal++;
}
/* do a lookup */
- rc = lookup( pkc, 11, keyid, NULL, NULL );
+ rc = lookup( pk, 11, keyid, NULL, NULL );
if( !rc )
goto leave;
@@ -284,9 +284,9 @@ get_pubkey( PKT_public_cert *pkc, u32 *keyid )
leave:
if( !rc )
- cache_public_cert( pkc );
+ cache_public_key( pk );
if( internal )
- m_free(pkc);
+ m_free(pk);
return rc;
}
@@ -320,7 +320,7 @@ hextobyte( const byte *s )
/****************
* Try to get the pubkey by the userid. This function looks for the
* first pubkey certificate which has the given name in a user_id.
- * if pkc has the pubkey algo set, the function will only return
+ * if pk has the pubkey algo set, the function will only return
* a pubkey with that algo.
*
* - If the username starts with 8,9,16 or 17 hex-digits (the first one
@@ -344,7 +344,7 @@ hextobyte( const byte *s )
static int
key_byname( int secret,
- PKT_public_cert *pkc, PKT_secret_cert *skc, const char *name )
+ PKT_public_key *pk, PKT_secret_key *sk, const char *name )
{
int internal = 0;
int rc = 0;
@@ -439,35 +439,35 @@ key_byname( int secret,
goto leave;
if( secret ) {
- if( !skc ) {
- skc = m_alloc_clear( sizeof *skc );
+ if( !sk ) {
+ sk = m_alloc_clear( sizeof *sk );
internal++;
}
- rc = mode < 16? lookup_skc( skc, mode, keyid, name )
- : lookup_skc( skc, mode, keyid, fprint );
+ rc = mode < 16? lookup_sk( sk, mode, keyid, name )
+ : lookup_sk( sk, mode, keyid, fprint );
}
else {
- if( !pkc ) {
- pkc = m_alloc_clear( sizeof *pkc );
+ if( !pk ) {
+ pk = m_alloc_clear( sizeof *pk );
internal++;
}
- rc = mode < 16? lookup( pkc, mode, keyid, name, NULL )
- : lookup( pkc, mode, keyid, fprint, NULL );
+ rc = mode < 16? lookup( pk, mode, keyid, name, NULL )
+ : lookup( pk, mode, keyid, fprint, NULL );
}
leave:
if( internal && secret )
- m_free( skc );
+ m_free( sk );
else if( internal )
- m_free( pkc );
+ m_free( pk );
return rc;
}
int
-get_pubkey_byname( PKT_public_cert *pkc, const char *name )
+get_pubkey_byname( PKT_public_key *pk, const char *name )
{
- return key_byname( 0, pkc, NULL, name );
+ return key_byname( 0, pk, NULL, name );
}
@@ -481,31 +481,31 @@ get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len )
{
int rc;
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
if( fprint_len == 20 || fprint_len == 16 )
- rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock );
+ rc = lookup( pk, fprint_len, NULL, fprint, ret_keyblock );
else
rc = G10ERR_GENERAL; /* Oops */
- free_public_cert( pkc );
+ free_public_key( pk );
return rc;
}
/****************
- * Get a secret key and store it into skc
+ * Get a secret key and store it into sk
*/
int
-get_seckey( PKT_secret_cert *skc, u32 *keyid )
+get_seckey( PKT_secret_key *sk, u32 *keyid )
{
int rc;
- rc = lookup_skc( skc, 11, keyid, NULL );
+ rc = lookup_sk( sk, 11, keyid, NULL );
if( !rc ) {
/* check the secret key (this may prompt for a passprase to
* unlock the secret key
*/
- rc = check_secret_key( skc );
+ rc = check_secret_key( sk );
}
return rc;
@@ -519,30 +519,30 @@ get_seckey( PKT_secret_cert *skc, u32 *keyid )
int
seckey_available( u32 *keyid )
{
- PKT_secret_cert *skc;
+ PKT_secret_key *sk;
int rc;
- skc = m_alloc_clear( sizeof *skc );
- rc = lookup_skc( skc, 11, keyid, NULL );
- free_secret_cert( skc );
+ sk = m_alloc_clear( sizeof *sk );
+ rc = lookup_sk( sk, 11, keyid, NULL );
+ free_secret_key( sk );
return rc;
}
/****************
- * Get a secret key by name and store it into skc
- * If NAME is NULL use the default certificate
+ * Get a secret key by name and store it into sk
+ * If NAME is NULL use the default key
*/
int
-get_seckey_byname( PKT_secret_cert *skc, const char *name, int unprotect )
+get_seckey_byname( PKT_secret_key *sk, const char *name, int unprotect )
{
int rc;
- rc = name ? key_byname( 1, NULL, skc, name )
- : lookup_skc( skc, 15, NULL, NULL );
+ rc = name ? key_byname( 1, NULL, sk, name )
+ : lookup_sk( sk, 15, NULL, NULL );
if( !rc && unprotect )
- rc = check_secret_key( skc );
+ rc = check_secret_key( sk );
return rc;
}
@@ -606,26 +606,26 @@ compare_name( const char *uid, size_t uidlen, const char *name, int mode )
static void
add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
{
- PKT_public_cert *pkc = knode->pkt->pkt.public_cert;
+ PKT_public_key *pk = knode->pkt->pkt.public_key;
PKT_signature *sig;
KBNODE k;
u32 kid[2];
- assert( knode->pkt->pkttype == PKT_PUBLIC_CERT
- || knode->pkt->pkttype == PKT_PUBKEY_SUBCERT );
+ assert( knode->pkt->pkttype == PKT_PUBLIC_KEY
+ || knode->pkt->pkttype == PKT_PUBLIC_SUBKEY );
- if( pkc->version < 4 )
+ if( pk->version < 4 )
return; /* this is only needed for version >=4 packets */
/* find the selfsignature */
- if( knode->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
- k = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+ if( knode->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ k = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !k )
BUG(); /* keyblock without primary key!!! */
- keyid_from_pkc( knode->pkt->pkt.public_cert, kid );
+ keyid_from_pk( knode->pkt->pkt.public_key, kid );
}
else
- keyid_from_pkc( pkc, kid );
+ keyid_from_pk( pk, kid );
for(k=keyblock; k; k = k->next ) {
if( k->pkt->pkttype == PKT_SIGNATURE
&& (sig=k->pkt->pkt.signature)->sig_class >= 0x10
@@ -641,8 +641,8 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
*/
const byte *p;
p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_KEY_EXPIRE, NULL );
- pkc->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
- /* fixme: add usage etc. to pkc */
+ pk->valid_days = p? ((buffer_to_u32(p)+86399L)/86400L):0;
+ /* fixme: add usage etc. to pk */
break;
}
}
@@ -660,13 +660,13 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
* 15 = Get the first key.
* 16 = lookup by 16 byte fingerprint which is stored in NAME
* 20 = lookup by 20 byte fingerprint which is stored in NAME
- * Caller must provide an empty PKC, if the pubkey_algo is filled in, only
+ * Caller must provide an empty PK, if the pubkey_algo is filled in, only
* a key of this algo will be returned.
* If ret_keyblock is not NULL, the complete keyblock is returned also
* and the caller must release it.
*/
static int
-lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
+lookup( PKT_public_key *pk, int mode, u32 *keyid,
const char *name, KBNODE *ret_keyblock )
{
int rc;
@@ -692,15 +692,15 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
k->pkt->pkt.user_id->len, name, mode)) {
/* we found a matching name, look for the key */
for(kk=keyblock; kk; kk = kk->next )
- if( ( kk->pkt->pkttype == PKT_PUBLIC_CERT
- || kk->pkt->pkttype == PKT_PUBKEY_SUBCERT )
- && ( !pkc->pubkey_algo
- || pkc->pubkey_algo
- == kk->pkt->pkt.public_cert->pubkey_algo))
+ if( ( kk->pkt->pkttype == PKT_PUBLIC_KEY
+ || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ && ( !pk->pubkey_algo
+ || pk->pubkey_algo
+ == kk->pkt->pkt.public_key->pubkey_algo))
break;
if( kk ) {
u32 aki[2];
- keyid_from_pkc( kk->pkt->pkt.public_cert, aki );
+ keyid_from_pk( kk->pkt->pkt.public_key, aki );
cache_user_id( k->pkt->pkt.user_id, aki );
k = kk;
break;
@@ -714,24 +714,24 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
- pkc->pubkey_algo, mode );
+ pk->pubkey_algo, mode );
}
for(k=keyblock; k; k = k->next ) {
- if( k->pkt->pkttype == PKT_PUBLIC_CERT
- || k->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+ if( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
if( mode == 10 || mode == 11 ) {
u32 aki[2];
- keyid_from_pkc( k->pkt->pkt.public_cert, aki );
+ keyid_from_pk( k->pkt->pkt.public_key, aki );
if( DBG_CACHE ) {
log_debug(" aki=%08lx%08lx algo=%d\n",
(ulong)aki[0], (ulong)aki[1],
- k->pkt->pkt.public_cert->pubkey_algo );
+ k->pkt->pkt.public_key->pubkey_algo );
}
if( aki[1] == keyid[1]
&& ( mode == 10 || aki[0] == keyid[0] )
- && ( !pkc->pubkey_algo
- || pkc->pubkey_algo
- == k->pkt->pkt.public_cert->pubkey_algo) ){
+ && ( !pk->pubkey_algo
+ || pk->pubkey_algo
+ == k->pkt->pkt.public_key->pubkey_algo) ){
/* cache the userid */
for(kk=keyblock; kk; kk = kk->next )
if( kk->pkt->pkttype == PKT_USER_ID )
@@ -744,19 +744,19 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
}
}
else if( mode == 15 ) { /* get the first key */
- if( !pkc->pubkey_algo
- || pkc->pubkey_algo
- == k->pkt->pkt.public_cert->pubkey_algo )
+ if( !pk->pubkey_algo
+ || pk->pubkey_algo
+ == k->pkt->pkt.public_key->pubkey_algo )
break;
}
else if( mode == 16 || mode == 20 ) {
size_t an;
- byte *afp = fingerprint_from_pkc(
- k->pkt->pkt.public_cert, &an );
+ byte *afp = fingerprint_from_pk(
+ k->pkt->pkt.public_key, &an );
if( an == mode && !memcmp( afp, name, an)
- && ( !pkc->pubkey_algo
- || pkc->pubkey_algo
- == k->pkt->pkt.public_cert->pubkey_algo) ) {
+ && ( !pk->pubkey_algo
+ || pk->pubkey_algo
+ == k->pkt->pkt.public_key->pubkey_algo) ) {
m_free(afp);
break;
}
@@ -768,9 +768,9 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
}
}
if( k ) { /* found */
- assert( k->pkt->pkttype == PKT_PUBLIC_CERT
- || k->pkt->pkttype == PKT_PUBKEY_SUBCERT );
- copy_public_cert( pkc, k->pkt->pkt.public_cert );
+ assert( k->pkt->pkttype == PKT_PUBLIC_KEY
+ || k->pkt->pkttype == PKT_PUBLIC_SUBKEY );
+ copy_public_key( pk, k->pkt->pkt.public_key );
add_stuff_from_selfsig( keyblock, k );
if( ret_keyblock ) {
*ret_keyblock = keyblock;
@@ -797,7 +797,7 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid,
* Ditto for secret keys
*/
static int
-lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
+lookup_sk( PKT_secret_key *sk, int mode, u32 *keyid, const char *name )
{
int rc;
KBNODE keyblock = NULL;
@@ -822,46 +822,46 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
k->pkt->pkt.user_id->len, name, mode)) {
/* we found a matching name, look for the key */
for(kk=keyblock; kk; kk = kk->next )
- if( ( kk->pkt->pkttype == PKT_SECRET_CERT
- || kk->pkt->pkttype == PKT_SECKEY_SUBCERT )
- && ( !skc->pubkey_algo
- || skc->pubkey_algo
- == kk->pkt->pkt.secret_cert->pubkey_algo))
+ if( ( kk->pkt->pkttype == PKT_SECRET_KEY
+ || kk->pkt->pkttype == PKT_SECRET_SUBKEY )
+ && ( !sk->pubkey_algo
+ || sk->pubkey_algo
+ == kk->pkt->pkt.secret_key->pubkey_algo))
break;
if( kk ) {
u32 aki[2];
- keyid_from_skc( kk->pkt->pkt.secret_cert, aki );
+ keyid_from_sk( kk->pkt->pkt.secret_key, aki );
cache_user_id( k->pkt->pkt.user_id, aki );
k = kk;
break;
}
else
- log_error("No key for userid (in skc)\n");
+ log_error("No key for userid (in sk)\n");
}
}
}
else { /* keyid or fingerprint lookup */
if( DBG_CACHE && (mode== 10 || mode==11) ) {
- log_debug("lookup_skc keyid=%08lx%08lx req_algo=%d mode=%d\n",
+ log_debug("lookup_sk keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
- skc->pubkey_algo, mode );
+ sk->pubkey_algo, mode );
}
for(k=keyblock; k; k = k->next ) {
- if( k->pkt->pkttype == PKT_SECRET_CERT
- || k->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+ if( k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY ) {
if( mode == 10 || mode == 11 ) {
u32 aki[2];
- keyid_from_skc( k->pkt->pkt.secret_cert, aki );
+ keyid_from_sk( k->pkt->pkt.secret_key, aki );
if( DBG_CACHE ) {
log_debug(" aki=%08lx%08lx algo=%d\n",
(ulong)aki[0], (ulong)aki[1],
- k->pkt->pkt.secret_cert->pubkey_algo );
+ k->pkt->pkt.secret_key->pubkey_algo );
}
if( aki[1] == keyid[1]
&& ( mode == 10 || aki[0] == keyid[0] )
- && ( !skc->pubkey_algo
- || skc->pubkey_algo
- == k->pkt->pkt.secret_cert->pubkey_algo) ){
+ && ( !sk->pubkey_algo
+ || sk->pubkey_algo
+ == k->pkt->pkt.secret_key->pubkey_algo) ){
/* cache the userid */
for(kk=keyblock; kk; kk = kk->next )
if( kk->pkt->pkttype == PKT_USER_ID )
@@ -874,19 +874,19 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
}
}
else if( mode == 15 ) { /* get the first key */
- if( !skc->pubkey_algo
- || skc->pubkey_algo
- == k->pkt->pkt.secret_cert->pubkey_algo )
+ if( !sk->pubkey_algo
+ || sk->pubkey_algo
+ == k->pkt->pkt.secret_key->pubkey_algo )
break;
}
else if( mode == 16 || mode == 20 ) {
size_t an;
- byte *afp = fingerprint_from_skc(
- k->pkt->pkt.secret_cert, &an );
+ byte *afp = fingerprint_from_sk(
+ k->pkt->pkt.secret_key, &an );
if( an == mode && !memcmp( afp, name, an)
- && ( !skc->pubkey_algo
- || skc->pubkey_algo
- == k->pkt->pkt.secret_cert->pubkey_algo) ) {
+ && ( !sk->pubkey_algo
+ || sk->pubkey_algo
+ == k->pkt->pkt.secret_key->pubkey_algo) ) {
m_free(afp);
break;
}
@@ -898,9 +898,9 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
}
}
if( k ) { /* found */
- assert( k->pkt->pkttype == PKT_SECRET_CERT
- || k->pkt->pkttype == PKT_SECKEY_SUBCERT );
- copy_secret_cert( skc, k->pkt->pkt.secret_cert );
+ assert( k->pkt->pkttype == PKT_SECRET_KEY
+ || k->pkt->pkttype == PKT_SECRET_SUBKEY );
+ copy_secret_key( sk, k->pkt->pkt.secret_key );
break; /* enumeration */
}
release_kbnode( keyblock );
@@ -924,16 +924,16 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
* Enumerate all secret keys. Caller must use these procedure:
* 1) create a void pointer and initialize it to NULL
* 2) pass this void pointer by reference to this function
- * and provide space for the secret key (pass a buffer for skc)
+ * and provide space for the secret key (pass a buffer for sk)
* 3) call this function as long as it does not return -1
* to indicate EOF.
- * 4) Always call this function a last time with SKC set to NULL,
+ * 4) Always call this function a last time with SK set to NULL,
* so that can free it's context.
*
* Return
*/
int
-enum_secret_keys( void **context, PKT_secret_cert *skc )
+enum_secret_keys( void **context, PKT_secret_key *sk )
{
int rc=0;
PACKET pkt;
@@ -946,7 +946,7 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
c->sl = secret_keyrings;
}
- if( !skc ) { /* free the context */
+ if( !sk ) { /* free the context */
m_free( c );
*context = NULL;
return 0;
@@ -968,9 +968,9 @@ enum_secret_keys( void **context, PKT_secret_cert *skc )
while( (rc=parse_packet(c->iobuf, &pkt)) != -1 ) {
if( rc )
; /* e.g. unknown packet */
- else if( pkt.pkttype == PKT_SECRET_CERT
- || pkt.pkttype == PKT_SECKEY_SUBCERT ) {
- copy_secret_cert( skc, pkt.pkt.secret_cert );
+ else if( pkt.pkttype == PKT_SECRET_KEY
+ || pkt.pkttype == PKT_SECRET_SUBKEY ) {
+ copy_secret_key( sk, pkt.pkt.secret_key );
set_packet_list_mode(save_mode);
return 0; /* found */
}
diff --git a/g10/import.c b/g10/import.c
index 228c754eb..719a8e8e2 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -38,9 +38,10 @@
static int read_block( IOBUF a, compress_filter_context_t *cfx,
PACKET **pending_pkt, KBNODE *ret_root );
static int import_one( const char *fname, KBNODE keyblock );
+static int import_secret_one( const char *fname, KBNODE keyblock );
static int import_revoke_cert( const char *fname, KBNODE node );
static int chk_self_sigs( const char *fname, KBNODE keyblock,
- PKT_public_cert *pkc, u32 *keyid );
+ PKT_public_key *pk, u32 *keyid );
static int delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid );
static int merge_blocks( const char *fname, KBNODE keyblock_orig,
KBNODE keyblock, u32 *keyid,
@@ -83,7 +84,7 @@ static int merge_sigs( KBNODE dst, KBNODE src, int *n_sigs,
*
*/
int
-import_pubkeys( const char *fname )
+import_keys( const char *fname )
{
armor_filter_context_t afx;
compress_filter_context_t cfx;
@@ -108,8 +109,10 @@ import_pubkeys( const char *fname )
iobuf_push_filter( inp, armor_filter, &afx );
while( !(rc = read_block( inp, &cfx, &pending_pkt, &keyblock) )) {
- if( keyblock->pkt->pkttype == PKT_PUBLIC_CERT )
+ if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
rc = import_one( fname, keyblock );
+ else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
+ rc = import_secret_one( fname, keyblock );
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
rc = import_revoke_cert( fname, keyblock );
@@ -156,7 +159,9 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
init_packet(pkt);
while( (rc=parse_packet(a, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
- if( rc != G10ERR_UNKNOWN_PACKET ) {
+ if( rc == G10ERR_PUBKEY_ALGO )
+ parse_pubkey_warning( pkt );
+ else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_block: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
@@ -191,8 +196,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
break;
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
if( in_cert ) { /* store this packet */
*pending_pkt = pkt;
pkt = NULL;
@@ -234,8 +239,8 @@ read_block( IOBUF a, compress_filter_context_t *cfx,
static int
import_one( const char *fname, KBNODE keyblock )
{
- PKT_public_cert *pkc;
- PKT_public_cert *pkc_orig;
+ PKT_public_key *pk;
+ PKT_public_key *pk_orig;
KBNODE node, uidnode;
KBNODE keyblock_orig = NULL;
KBPOS kbpos;
@@ -243,21 +248,19 @@ import_one( const char *fname, KBNODE keyblock )
int rc = 0;
/* get the key and print some info about it */
- node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
- if( !node ) {
- log_error("%s: Oops; public key not found anymore!\n", fname);
- return G10ERR_GENERAL; /* really serious */
- }
+ node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
+ if( !node )
+ BUG();
- pkc = node->pkt->pkt.public_cert;
- keyid_from_pkc( pkc, keyid );
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, keyid );
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
if( opt.verbose ) {
log_info("%s: pub %4u%c/%08lX %s ", fname,
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- (ulong)keyid[1], datestr_from_pkc(pkc) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ (ulong)keyid[1], datestr_from_pk(pk) );
if( uidnode )
print_string( stderr, uidnode->pkt->pkt.user_id->name,
uidnode->pkt->pkt.user_id->len, 0 );
@@ -269,7 +272,7 @@ import_one( const char *fname, KBNODE keyblock )
}
clear_kbnode_flags( keyblock );
- rc = chk_self_sigs( fname, keyblock , pkc, keyid );
+ rc = chk_self_sigs( fname, keyblock , pk, keyid );
if( rc )
return rc== -1? 0:rc;
@@ -280,8 +283,8 @@ import_one( const char *fname, KBNODE keyblock )
}
/* do we have this key already in one of our pubrings ? */
- pkc_orig = m_alloc_clear( sizeof *pkc_orig );
- rc = get_pubkey( pkc_orig, keyid );
+ pk_orig = m_alloc_clear( sizeof *pk_orig );
+ rc = get_pubkey( pk_orig, keyid );
if( rc && rc != G10ERR_NO_PUBKEY ) {
log_error("%s: key %08lX, public key not found: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@@ -310,7 +313,7 @@ import_one( const char *fname, KBNODE keyblock )
/* Compare the original against the new key; just to be sure nothing
* weird is going on */
- if( cmp_public_certs( pkc_orig, pkc ) ) {
+ if( cmp_public_keys( pk_orig, pk ) ) {
log_error("%s: key %08lX, doesn't match our copy\n",
fname, (ulong)keyid[1]);
rc = G10ERR_GENERAL;
@@ -321,7 +324,7 @@ import_one( const char *fname, KBNODE keyblock )
* ask the user what to do. <--- fixme */
/* now read the original keyblock */
- rc = find_keyblock_bypkc( &kbpos, pkc_orig );
+ rc = find_keyblock_bypk( &kbpos, pk_orig );
if( rc ) {
log_error("%s: key %08lX, can't locate original keyblock: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@@ -379,7 +382,80 @@ import_one( const char *fname, KBNODE keyblock )
leave:
release_kbnode( keyblock_orig );
- free_public_cert( pkc_orig );
+ free_public_key( pk_orig );
+ return rc;
+}
+
+
+/****************
+ * Ditto for secret keys. Handling is simpler than for public keys.
+ */
+static int
+import_secret_one( const char *fname, KBNODE keyblock )
+{
+ PKT_secret_key *sk;
+ KBNODE node, uidnode;
+ KBNODE keyblock_orig = NULL;
+ KBPOS kbpos;
+ u32 keyid[2];
+ int rc = 0;
+
+ /* get the key and print some info about it */
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
+ if( !node )
+ BUG();
+
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
+ uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
+
+ if( opt.verbose ) {
+ log_info("%s: sec %4u%c/%08lX %s ", fname,
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ (ulong)keyid[1], datestr_from_sk(sk) );
+ if( uidnode )
+ print_string( stderr, uidnode->pkt->pkt.user_id->name,
+ uidnode->pkt->pkt.user_id->len, 0 );
+ putc('\n', stderr);
+ }
+ if( !uidnode ) {
+ log_error("%s: No user id for key %08lX\n", fname, (ulong)keyid[1]);
+ return 0;
+ }
+
+ clear_kbnode_flags( keyblock );
+
+ /* do we have this key already in one of our secrings ? */
+ rc = seckey_available( keyid );
+ if( rc == G10ERR_NO_SECKEY ) { /* simply insert this key */
+ /* get default resource */
+ if( get_keyblock_handle( NULL, 1, &kbpos ) ) {
+ log_error("no default secret keyring\n");
+ return G10ERR_GENERAL;
+ }
+ if( opt.verbose > 1 )
+ log_info("%s: writing to '%s'\n",
+ fname, keyblock_resource_name(&kbpos) );
+ if( (rc=lock_keyblock( &kbpos )) )
+ log_error("can't lock secret keyring '%s': %s\n",
+ keyblock_resource_name(&kbpos), g10_errstr(rc) );
+ else if( (rc=insert_keyblock( &kbpos, keyblock )) )
+ log_error("%s: can't write to '%s': %s\n", fname,
+ keyblock_resource_name(&kbpos), g10_errstr(rc) );
+ unlock_keyblock( &kbpos );
+ /* we are ready */
+ log_info("%s: key %08lX imported\n", fname, (ulong)keyid[1]);
+ }
+ else if( !rc ) { /* we can't merge secret keys */
+ log_error("%s: key %08lX already in secret keyring\n",
+ fname, (ulong)keyid[1]);
+ }
+ else
+ log_error("%s: key %08lX, secret key not found: %s\n",
+ fname, (ulong)keyid[1], g10_errstr(rc));
+
+ release_kbnode( keyblock_orig );
return rc;
}
@@ -390,7 +466,7 @@ import_one( const char *fname, KBNODE keyblock )
static int
import_revoke_cert( const char *fname, KBNODE node )
{
- PKT_public_cert *pkc=NULL;
+ PKT_public_key *pk=NULL;
KBNODE onode, keyblock = NULL;
KBPOS kbpos;
u32 keyid[2];
@@ -403,8 +479,8 @@ import_revoke_cert( const char *fname, KBNODE node )
keyid[0] = node->pkt->pkt.signature->keyid[0];
keyid[1] = node->pkt->pkt.signature->keyid[1];
- pkc = m_alloc_clear( sizeof *pkc );
- rc = get_pubkey( pkc, keyid );
+ pk = m_alloc_clear( sizeof *pk );
+ rc = get_pubkey( pk, keyid );
if( rc == G10ERR_NO_PUBKEY ) {
log_info("%s: key %08lX, no public key - "
"can't apply revocation certificate\n",
@@ -419,7 +495,7 @@ import_revoke_cert( const char *fname, KBNODE node )
}
/* read the original keyblock */
- rc = find_keyblock_bypkc( &kbpos, pkc );
+ rc = find_keyblock_bypk( &kbpos, pk );
if( rc ) {
log_error("%s: key %08lX, can't locate original keyblock: %s\n",
fname, (ulong)keyid[1], g10_errstr(rc));
@@ -478,7 +554,7 @@ import_revoke_cert( const char *fname, KBNODE node )
leave:
release_kbnode( keyblock );
- free_public_cert( pkc );
+ free_public_key( pk );
return rc;
}
@@ -490,7 +566,7 @@ import_revoke_cert( const char *fname, KBNODE node )
*/
static int
chk_self_sigs( const char *fname, KBNODE keyblock,
- PKT_public_cert *pkc, u32 *keyid )
+ PKT_public_key *pk, u32 *keyid )
{
KBNODE n, unode;
PKT_signature *sig;
diff --git a/g10/kbnode.c b/g10/kbnode.c
index bdb58d191..4578f8271 100644
--- a/g10/kbnode.c
+++ b/g10/kbnode.c
@@ -150,13 +150,13 @@ find_next_kbnode( KBNODE node, int pkttype )
if( !pkttype )
return node;
else if( pkttype == PKT_USER_ID
- && ( node->pkt->pkttype == PKT_PUBLIC_CERT
- || node->pkt->pkttype == PKT_SECRET_CERT ) )
+ && ( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY ) )
return NULL;
else if( pkttype == PKT_SIGNATURE
&& ( node->pkt->pkttype == PKT_USER_ID
- || node->pkt->pkttype == PKT_PUBLIC_CERT
- || node->pkt->pkttype == PKT_SECRET_CERT ) )
+ || node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_SECRET_KEY ) )
return NULL;
else if( node->pkt->pkttype == pkttype )
return node;
@@ -248,14 +248,14 @@ dump_kbnode( KBNODE node )
const char *s;
switch( node->pkt->pkttype ) {
case 0: s="empty"; break;
- case PKT_PUBLIC_CERT: s="public-key"; break;
- case PKT_SECRET_CERT: s="secret-key"; break;
- case PKT_SECKEY_SUBCERT: s= "secret-subkey"; break;
+ case PKT_PUBLIC_KEY: s="public-key"; break;
+ case PKT_SECRET_KEY: s="secret-key"; break;
+ case PKT_SECRET_SUBKEY: s= "secret-subkey"; break;
case PKT_PUBKEY_ENC: s="public-enc"; break;
case PKT_SIGNATURE: s="signature"; break;
case PKT_ONEPASS_SIG: s="onepass-sig"; break;
case PKT_USER_ID: s="user-id"; break;
- case PKT_PUBKEY_SUBCERT: s="public-subkey"; break;
+ case PKT_PUBLIC_SUBKEY: s="public-subkey"; break;
case PKT_COMMENT: s="comment"; break;
case PKT_RING_TRUST: s="trust"; break;
case PKT_PLAINTEXT: s="plaintext"; break;
@@ -275,10 +275,10 @@ dump_kbnode( KBNODE node )
fprintf(stderr, " keyid=%08lX\n",
(ulong)node->pkt->pkt.signature->keyid[1] );
}
- else if( node->pkt->pkttype == PKT_PUBLIC_CERT
- || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+ else if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
fprintf(stderr, " keyid=%08lX\n", (ulong)
- keyid_from_pkc( node->pkt->pkt.public_cert, NULL ));
+ keyid_from_pk( node->pkt->pkt.public_key, NULL ));
}
else
fputs("\n", stderr);
diff --git a/g10/keydb.h b/g10/keydb.h
index 07d9115b3..ddc9e5491 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -58,18 +58,18 @@ struct keyblock_pos_struct {
typedef struct keyblock_pos_struct KBPOS;
/* structure to hold a couple of public key certificates */
-typedef struct pkc_list *PKC_LIST;
-struct pkc_list {
- PKC_LIST next;
- PKT_public_cert *pkc;
+typedef struct pk_list *PK_LIST;
+struct pk_list {
+ PK_LIST next;
+ PKT_public_key *pk;
int mark;
};
/* structure to hold a couple of secret key certificates */
-typedef struct skc_list *SKC_LIST;
-struct skc_list {
- SKC_LIST next;
- PKT_secret_cert *skc;
+typedef struct sk_list *SK_LIST;
+struct sk_list {
+ SK_LIST next;
+ PKT_secret_key *sk;
int mark;
};
@@ -86,12 +86,12 @@ struct pubkey_find_info {
/*-- pkclist.c --*/
-void release_pkc_list( PKC_LIST pkc_list );
-int build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage );
+void release_pk_list( PK_LIST pk_list );
+int build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage );
/*-- skclist.c --*/
-void release_skc_list( SKC_LIST skc_list );
-int build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list,
+void release_sk_list( SK_LIST sk_list );
+int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
int unlock, unsigned usage );
/*-- passphrase.h --*/
@@ -106,29 +106,29 @@ void add_keyring( const char *name );
const char *get_keyring( int sequence );
const char *get_secret_keyring( int sequence );
void add_secret_keyring( const char *name );
-int get_pubkey( PKT_public_cert *pkc, u32 *keyid );
-int get_pubkey_byname( PKT_public_cert *pkc, const char *name );
-int get_seckey( PKT_secret_cert *skc, u32 *keyid );
+int get_pubkey( PKT_public_key *pk, u32 *keyid );
+int get_pubkey_byname( PKT_public_key *pk, const char *name );
+int get_seckey( PKT_secret_key *sk, u32 *keyid );
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
size_t fprint_len );
int seckey_available( u32 *keyid );
-int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock );
-int enum_secret_keys( void **context, PKT_secret_cert *skc );
+int get_seckey_byname( PKT_secret_key *sk, const char *name, int unlock );
+int enum_secret_keys( void **context, PKT_secret_key *sk );
char*get_user_id_string( u32 *keyid );
char*get_user_id( u32 *keyid, size_t *rn );
/*-- keyid.c --*/
int pubkey_letter( int algo );
-u32 keyid_from_skc( PKT_secret_cert *skc, u32 *keyid );
-u32 keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid );
+u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid );
+u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid );
u32 keyid_from_sig( PKT_signature *sig, u32 *keyid );
-unsigned nbits_from_pkc( PKT_public_cert *pkc );
-unsigned nbits_from_skc( PKT_secret_cert *skc );
-const char *datestr_from_pkc( PKT_public_cert *pkc );
-const char *datestr_from_skc( PKT_secret_cert *skc );
+unsigned nbits_from_pk( PKT_public_key *pk );
+unsigned nbits_from_sk( PKT_secret_key *sk );
+const char *datestr_from_pk( PKT_public_key *pk );
+const char *datestr_from_sk( PKT_secret_key *sk );
const char *datestr_from_sig( PKT_signature *sig );
-byte *fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len );
-byte *fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len );
+byte *fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len );
+byte *fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len );
/*-- kbnode.c --*/
KBNODE new_kbnode( PACKET *pkt );
@@ -150,7 +150,7 @@ const char *keyblock_resource_name( KBPOS *kbpos );
int get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos );
int find_keyblock( PUBKEY_FIND_INFO info, KBPOS *kbpos );
int find_keyblock_byname( KBPOS *kbpos, const char *username );
-int find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc );
+int find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk );
int find_secret_keyblock_byname( KBPOS *kbpos, const char *username );
int lock_keyblock( KBPOS *kbpos );
void unlock_keyblock( KBPOS *kbpos );
diff --git a/g10/keyedit.c b/g10/keyedit.c
index 8f3f16511..3851b5c06 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -40,12 +40,12 @@
static void
-show_fingerprint( PKT_public_cert *pkc )
+show_fingerprint( PKT_public_key *pk )
{
byte *array, *p;
size_t i, n;
- p = array = fingerprint_from_pkc( pkc, &n );
+ p = array = fingerprint_from_pk( pk, &n );
tty_printf(" Fingerprint:");
if( n == 20 ) {
for(i=0; i < n ; i++, i++, p += 2 ) {
@@ -70,20 +70,20 @@ show_fingerprint( PKT_public_cert *pkc )
* Ask whether the user is willing to sign the key. Return true if so.
*/
static int
-sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid )
+sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
{
char *answer;
int yes;
tty_printf("\nAre you really sure that you want to sign this key:\n\n"
"%4u%c/%08lX %s ",
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- (ulong)keyid_from_pkc( pkc, NULL ),
- datestr_from_pkc( pkc ) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ (ulong)keyid_from_pk( pk, NULL ),
+ datestr_from_pk( pk ) );
tty_print_string( uid->name, uid->len );
tty_printf("\n");
- show_fingerprint(pkc);
+ show_fingerprint(pk);
tty_printf("\n");
answer = tty_get("Sign this key? ");
tty_kill_prompt();
@@ -231,13 +231,13 @@ sign_key( const char *username, STRLIST locusr )
{
md_filter_context_t mfx;
int rc = 0;
- SKC_LIST skc_list = NULL;
- SKC_LIST skc_rover = NULL;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
KBNODE keyblock = NULL;
KBNODE kbctx, node;
KBPOS kbpos;
- PKT_public_cert *pkc;
- u32 pkc_keyid[2];
+ PKT_public_key *pk;
+ u32 pk_keyid[2];
char *answer;
memset( &mfx, 0, sizeof mfx);
@@ -250,7 +250,7 @@ sign_key( const char *username, STRLIST locusr )
}
/* build a list of all signators */
- rc=build_skc_list( locusr, &skc_list, 0, 1 );
+ rc=build_sk_list( locusr, &sk_list, 0, 1 );
if( rc )
goto leave;
@@ -263,23 +263,23 @@ sign_key( const char *username, STRLIST locusr )
}
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+ node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
- pkc = node->pkt->pkt.public_cert;
- keyid_from_pkc( pkc, pkc_keyid );
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- pkc_keyid[1], datestr_from_pkc(pkc) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ pk_keyid[1], datestr_from_pk(pk) );
{
size_t n;
- char *p = get_user_id( pkc_keyid, &n );
+ char *p = get_user_id( pk_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
@@ -292,35 +292,35 @@ sign_key( const char *username, STRLIST locusr )
answer = tty_get("To you want to remove some of the invalid sigs? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
- remove_keysigs( keyblock, pkc_keyid, 0 );
+ remove_keysigs( keyblock, pk_keyid, 0 );
m_free(answer);
}
}
/* check whether we it is possible to sign this key */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
u32 akeyid[2];
- keyid_from_skc( skc_rover->skc, akeyid );
+ keyid_from_sk( sk_rover->sk, akeyid );
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID )
- skc_rover->mark = 1;
+ sk_rover->mark = 1;
else if( node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
&& akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
log_info("Already signed by keyid %08lX\n",
(ulong)akeyid[1] );
- skc_rover->mark = 0;
+ sk_rover->mark = 0;
}
}
}
}
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- if( skc_rover->mark )
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ if( sk_rover->mark )
break;
}
- if( !skc_rover ) {
+ if( !sk_rover ) {
log_info("Nothing to sign\n");
goto leave;
}
@@ -334,19 +334,19 @@ sign_key( const char *username, STRLIST locusr )
* no, present each user-id in turn and ask which one should be signed
* (only one) - if there is already a single-user-sig, do nothing.
* (this is propably already out in the world) */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- if( !skc_rover->mark )
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ if( !sk_rover->mark )
continue;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
if( node->pkt->pkttype == PKT_USER_ID ) {
- if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) {
+ if( sign_it_p( pk, node->pkt->pkt.user_id ) ) {
PACKET *pkt;
PKT_signature *sig;
- rc = make_keysig_packet( &sig, pkc,
+ rc = make_keysig_packet( &sig, pk,
node->pkt->pkt.user_id,
NULL,
- skc_rover->skc,
+ sk_rover->sk,
0x10, 0, NULL, NULL );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
@@ -370,7 +370,7 @@ sign_key( const char *username, STRLIST locusr )
leave:
release_kbnode( keyblock );
- release_skc_list( skc_list );
+ release_sk_list( sk_list );
md_close( mfx.md );
return rc;
}
@@ -384,8 +384,8 @@ edit_keysigs( const char *username )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
- PKT_public_cert *pkc;
- u32 pkc_keyid[2];
+ PKT_public_key *pk;
+ u32 pk_keyid[2];
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
@@ -402,23 +402,23 @@ edit_keysigs( const char *username )
}
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
+ node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
- pkc = node->pkt->pkt.public_cert;
- keyid_from_pkc( pkc, pkc_keyid );
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n");
tty_printf("pub %4u%c/%08lX %s ",
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- pkc_keyid[1], datestr_from_pkc(pkc) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ pk_keyid[1], datestr_from_pk(pk) );
{
size_t n;
- char *p = get_user_id( pkc_keyid, &n );
+ char *p = get_user_id( pk_keyid, &n );
tty_print_string( p, n > 40? 40 : n );
m_free(p);
tty_printf("\n");
@@ -426,7 +426,7 @@ edit_keysigs( const char *username )
clear_kbnode_flags( keyblock );
check_all_keysigs( keyblock );
- if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) {
+ if( remove_keysigs( keyblock, pk_keyid, 1 ) ) {
rc = update_keyblock( &kbpos, keyblock );
if( rc ) {
log_error("update_keyblock failed: %s\n", g10_errstr(rc) );
@@ -450,8 +450,8 @@ delete_key( const char *username, int secret )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
- PKT_public_cert *pkc = NULL;
- PKT_secret_cert *skc = NULL;
+ PKT_public_key *pk = NULL;
+ PKT_secret_key *sk = NULL;
u32 keyid[2];
int okay=0;
@@ -471,7 +471,7 @@ delete_key( const char *username, int secret )
}
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT );
+ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY:PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; key not found anymore!\n");
rc = G10ERR_GENERAL;
@@ -479,12 +479,12 @@ delete_key( const char *username, int secret )
}
if( secret ) {
- skc = node->pkt->pkt.secret_cert;
- keyid_from_skc( skc, keyid );
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
}
else {
- pkc = node->pkt->pkt.public_cert;
- keyid_from_pkc( pkc, keyid );
+ pk = node->pkt->pkt.public_key;
+ keyid_from_pk( pk, keyid );
rc = seckey_available( keyid );
if( !rc ) {
log_error(_(
@@ -513,14 +513,14 @@ delete_key( const char *username, int secret )
if( secret )
tty_printf("sec %4u%c/%08lX %s ",
- nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
- keyid[1], datestr_from_skc(skc) );
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keyid[1], datestr_from_sk(sk) );
else
tty_printf("pub %4u%c/%08lX %s ",
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- keyid[1], datestr_from_pkc(pkc) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ keyid[1], datestr_from_pk(pk) );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
m_free(p);
@@ -564,7 +564,7 @@ change_passphrase( const char *username )
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
- PKT_secret_cert *skc;
+ PKT_secret_key *sk;
u32 keyid[2];
char *answer;
int changed=0;
@@ -585,19 +585,19 @@ change_passphrase( const char *username )
}
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, PKT_SECRET_CERT );
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node ) {
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
- skc = node->pkt->pkt.secret_cert;
- keyid_from_skc( skc, keyid );
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
tty_printf("sec %4u%c/%08lX %s ",
- nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
- keyid[1], datestr_from_skc(skc) );
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( keyid, &n );
@@ -606,18 +606,18 @@ change_passphrase( const char *username )
tty_printf("\n");
}
for(node=keyblock; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
- PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
- keyid_from_skc( subskc, keyid );
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
+ keyid_from_sk( subsk, keyid );
tty_printf("sub %4u%c/%08lX %s\n",
- nbits_from_skc( subskc ),
- pubkey_letter( subskc->pubkey_algo ),
- keyid[1], datestr_from_skc(subskc) );
+ nbits_from_sk( subsk ),
+ pubkey_letter( subsk->pubkey_algo ),
+ keyid[1], datestr_from_sk(subsk) );
}
}
clear_kbnode_flags( keyblock );
- switch( is_secret_key_protected( skc ) ) {
+ switch( is_secret_key_protected( sk ) ) {
case -1:
rc = G10ERR_PUBKEY_ALGO;
break;
@@ -626,7 +626,7 @@ change_passphrase( const char *username )
break;
default:
tty_printf("Key is protected.\n");
- rc = check_secret_key( skc );
+ rc = check_secret_key( sk );
if( !rc )
passphrase = get_last_passphrase();
break;
@@ -634,10 +634,10 @@ change_passphrase( const char *username )
/* unprotect all subkeys (use the supplied passphrase or ask)*/
for(node=keyblock; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
- PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
set_next_passphrase( passphrase );
- rc = check_secret_key( subskc );
+ rc = check_secret_key( subsk );
if( rc )
break;
}
@@ -671,15 +671,15 @@ change_passphrase( const char *username )
break;
}
else { /* okay */
- skc->protect.algo = dek->algo;
- skc->protect.s2k = *s2k;
- rc = protect_secret_key( skc, dek );
+ sk->protect.algo = dek->algo;
+ sk->protect.s2k = *s2k;
+ rc = protect_secret_key( sk, dek );
for(node=keyblock; !rc && node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
- PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
- subskc->protect.algo = dek->algo;
- subskc->protect.s2k = *s2k;
- rc = protect_secret_key( subskc, dek );
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
+ subsk->protect.algo = dek->algo;
+ subsk->protect.s2k = *s2k;
+ rc = protect_secret_key( subsk, dek );
}
}
if( rc )
@@ -717,9 +717,9 @@ change_passphrase( const char *username )
* If digest_algo is 0 the function selects an appropriate one.
*/
int
-make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
- PKT_user_id *uid, PKT_public_cert *subpkc,
- PKT_secret_cert *skc,
+make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+ PKT_user_id *uid, PKT_public_key *subpk,
+ PKT_secret_key *sk,
int sigclass, int digest_algo,
int (*mksubpkt)(PKT_signature *, void *), void *opaque
)
@@ -731,7 +731,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
assert( (sigclass >= 0x10 && sigclass <= 0x13)
|| sigclass == 0x20 || sigclass == 0x18 );
if( !digest_algo ) {
- switch( skc->pubkey_algo ) {
+ switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;
case PUBKEY_ALGO_RSA_S:
case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break;
@@ -741,12 +741,12 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
md = md_open( digest_algo, 0 );
/* hash the public key certificate and the user id */
- hash_public_cert( md, pkc );
+ hash_public_key( md, pk );
if( sigclass == 0x18 ) { /* subkey binding */
- hash_public_cert( md, subpkc );
+ hash_public_key( md, subpk );
}
else if( sigclass != 0x20 ) {
- if( skc->version >=4 ) {
+ if( sk->version >=4 ) {
byte buf[5];
buf[0] = 0xb4; /* indicates a userid packet */
buf[1] = uid->len >> 24; /* always use 4 length bytes */
@@ -759,9 +759,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
}
/* and make the signature packet */
sig = m_alloc_clear( sizeof *sig );
- sig->version = skc->version;
- keyid_from_skc( skc, sig->keyid );
- sig->pubkey_algo = skc->pubkey_algo;
+ sig->version = sk->version;
+ keyid_from_sk( sk, sig->keyid );
+ sig->pubkey_algo = sk->pubkey_algo;
sig->digest_algo = digest_algo;
sig->timestamp = make_timestamp();
sig->sig_class = sigclass;
@@ -807,7 +807,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
}
md_final(md);
- rc = complete_sig( sig, skc, md );
+ rc = complete_sig( sig, sk, md );
}
md_close( md );
diff --git a/g10/keygen.c b/g10/keygen.c
index a16846dd8..d9f8579e4 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -53,12 +53,12 @@ write_uid( KBNODE root, const char *s )
static int
add_key_expire( PKT_signature *sig, void *opaque )
{
- PKT_secret_cert *skc = opaque;
+ PKT_secret_key *sk = opaque;
byte buf[8];
u32 u;
- if( skc->valid_days ) {
- u = skc->valid_days * 86400L;
+ if( sk->valid_days ) {
+ u = sk->valid_days * 86400L;
buf[0] = (u >> 24) & 0xff;
buf[1] = (u >> 16) & 0xff;
buf[2] = (u >> 8) & 0xff;
@@ -109,14 +109,14 @@ add_prefs( PKT_signature *sig, void *opaque )
static int
-write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
+write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
{
PACKET *pkt;
PKT_signature *sig;
PKT_user_id *uid;
int rc=0;
KBNODE node;
- PKT_public_cert *pkc;
+ PKT_public_key *pk;
if( opt.verbose )
log_info(_("writing self signature\n"));
@@ -126,15 +126,15 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
if( !node )
BUG(); /* no user id packet in tree */
uid = node->pkt->pkt.user_id;
- /* get the pkc packet from the pub_tree */
- node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
+ /* get the pk packet from the pub_tree */
+ node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
if( !node )
BUG();
- pkc = node->pkt->pkt.public_cert;
+ pk = node->pkt->pkt.public_key;
/* and make the signature */
- rc = make_keysig_packet( &sig, pkc, uid, NULL, skc, 0x13, 0,
- add_prefs, skc );
+ rc = make_keysig_packet( &sig, pk, uid, NULL, sk, 0x13, 0,
+ add_prefs, sk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@@ -148,34 +148,34 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
}
static int
-write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
+write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_key *sk )
{
PACKET *pkt;
PKT_signature *sig;
int rc=0;
KBNODE node;
- PKT_public_cert *pkc, *subpkc;
+ PKT_public_key *pk, *subpk;
if( opt.verbose )
log_info(_("writing key binding signature\n"));
- /* get the pkc packet from the pub_tree */
- node = find_kbnode( pub_root, PKT_PUBLIC_CERT );
+ /* get the pk packet from the pub_tree */
+ node = find_kbnode( pub_root, PKT_PUBLIC_KEY );
if( !node )
BUG();
- pkc = node->pkt->pkt.public_cert;
+ pk = node->pkt->pkt.public_key;
/* find the last subkey */
- subpkc = NULL;
+ subpk = NULL;
for(node=pub_root; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
- subpkc = node->pkt->pkt.public_cert;
+ if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ subpk = node->pkt->pkt.public_key;
}
- if( !subpkc )
+ if( !subpk )
BUG();
/* and make the signature */
- rc = make_keysig_packet( &sig, pkc, NULL, subpkc, skc, 0x18, 0,
- add_key_expire, skc );
+ rc = make_keysig_packet( &sig, pk, NULL, subpk, sk, 0x18, 0,
+ add_key_expire, sk );
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) );
return rc;
@@ -191,14 +191,14 @@ write_keybinding( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc )
static int
gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
- STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days,
+ STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days,
int version )
{
int rc;
int i;
PACKET *pkt;
- PKT_secret_cert *skc;
- PKT_public_cert *pkc;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
MPI skey[4];
MPI *factors;
@@ -209,48 +209,48 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc;
}
- skc = m_alloc_clear( sizeof *skc );
- pkc = m_alloc_clear( sizeof *pkc );
- skc->timestamp = pkc->timestamp = make_timestamp();
- skc->version = pkc->version = version;
- skc->valid_days = pkc->valid_days = valid_days;
- skc->pubkey_algo = pkc->pubkey_algo = algo;
- pkc->pkey[0] = mpi_copy( skey[0] );
- pkc->pkey[1] = mpi_copy( skey[1] );
- pkc->pkey[2] = mpi_copy( skey[2] );
- skc->skey[0] = skey[0];
- skc->skey[1] = skey[1];
- skc->skey[2] = skey[2];
- skc->skey[3] = skey[3];
- skc->is_protected = 0;
- skc->protect.algo = 0;
-
- skc->csum = checksum_mpi_counted_nbits( skc->skey[3] );
- if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
- *ret_skc = copy_secret_cert( NULL, skc );
+ sk = m_alloc_clear( sizeof *sk );
+ pk = m_alloc_clear( sizeof *pk );
+ sk->timestamp = pk->timestamp = make_timestamp();
+ sk->version = pk->version = version;
+ sk->valid_days = pk->valid_days = valid_days;
+ sk->pubkey_algo = pk->pubkey_algo = algo;
+ pk->pkey[0] = mpi_copy( skey[0] );
+ pk->pkey[1] = mpi_copy( skey[1] );
+ pk->pkey[2] = mpi_copy( skey[2] );
+ sk->skey[0] = skey[0];
+ sk->skey[1] = skey[1];
+ sk->skey[2] = skey[2];
+ sk->skey[3] = skey[3];
+ sk->is_protected = 0;
+ sk->protect.algo = 0;
+
+ sk->csum = checksum_mpi_counted_nbits( sk->skey[3] );
+ if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
+ *ret_sk = copy_secret_key( NULL, sk );
if( dek ) {
- skc->protect.algo = dek->algo;
- skc->protect.s2k = *s2k;
- rc = protect_secret_key( skc, dek );
+ sk->protect.algo = dek->algo;
+ sk->protect.s2k = *s2k;
+ rc = protect_secret_key( sk, dek );
if( rc ) {
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
- free_public_cert(pkc);
- free_secret_cert(skc);
+ free_public_key(pk);
+ free_secret_key(sk);
return rc;
}
}
pkt = m_alloc_clear(sizeof *pkt);
- pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
- pkt->pkt.public_cert = pkc;
+ pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
+ pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
/* don't know whether it makes sense to have the factors, so for now
* we store them in the secret keyring (but they are not secret) */
pkt = m_alloc_clear(sizeof *pkt);
- pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
- pkt->pkt.secret_cert = skc;
+ pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
+ pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
for(i=0; factors[i]; i++ )
add_kbnode( sec_root,
@@ -265,13 +265,13 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
*/
static int
gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
- STRING2KEY *s2k, PKT_secret_cert **ret_skc, u16 valid_days )
+ STRING2KEY *s2k, PKT_secret_key **ret_sk, u16 valid_days )
{
int rc;
int i;
PACKET *pkt;
- PKT_secret_cert *skc;
- PKT_public_cert *pkc;
+ PKT_secret_key *sk;
+ PKT_public_key *pk;
MPI skey[5];
MPI *factors;
@@ -284,43 +284,43 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
return rc;
}
- skc = m_alloc_clear( sizeof *skc );
- pkc = m_alloc_clear( sizeof *pkc );
- skc->timestamp = pkc->timestamp = make_timestamp();
- skc->version = pkc->version = 4;
- skc->valid_days = pkc->valid_days = valid_days;
- skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA;
- pkc->pkey[0] = mpi_copy( skey[0] );
- pkc->pkey[1] = mpi_copy( skey[1] );
- pkc->pkey[2] = mpi_copy( skey[2] );
- pkc->pkey[3] = mpi_copy( skey[3] );
- skc->skey[0] = skey[0];
- skc->skey[1] = skey[1];
- skc->skey[2] = skey[2];
- skc->skey[3] = skey[3];
- skc->skey[4] = skey[4];
- skc->is_protected = 0;
- skc->protect.algo = 0;
-
- skc->csum = checksum_mpi_counted_nbits( skc->skey[4] );
- if( ret_skc ) /* not a subkey: return an unprotected version of the skc */
- *ret_skc = copy_secret_cert( NULL, skc );
+ sk = m_alloc_clear( sizeof *sk );
+ pk = m_alloc_clear( sizeof *pk );
+ sk->timestamp = pk->timestamp = make_timestamp();
+ sk->version = pk->version = 4;
+ sk->valid_days = pk->valid_days = valid_days;
+ sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA;
+ pk->pkey[0] = mpi_copy( skey[0] );
+ pk->pkey[1] = mpi_copy( skey[1] );
+ pk->pkey[2] = mpi_copy( skey[2] );
+ pk->pkey[3] = mpi_copy( skey[3] );
+ sk->skey[0] = skey[0];
+ sk->skey[1] = skey[1];
+ sk->skey[2] = skey[2];
+ sk->skey[3] = skey[3];
+ sk->skey[4] = skey[4];
+ sk->is_protected = 0;
+ sk->protect.algo = 0;
+
+ sk->csum = checksum_mpi_counted_nbits( sk->skey[4] );
+ if( ret_sk ) /* not a subkey: return an unprotected version of the sk */
+ *ret_sk = copy_secret_key( NULL, sk );
if( dek ) {
- skc->protect.algo = dek->algo;
- skc->protect.s2k = *s2k;
- rc = protect_secret_key( skc, dek );
+ sk->protect.algo = dek->algo;
+ sk->protect.s2k = *s2k;
+ rc = protect_secret_key( sk, dek );
if( rc ) {
log_error("protect_secret_key failed: %s\n", g10_errstr(rc) );
- free_public_cert(pkc);
- free_secret_cert(skc);
+ free_public_key(pk);
+ free_secret_key(sk);
return rc;
}
}
pkt = m_alloc_clear(sizeof *pkt);
- pkt->pkttype = ret_skc ? PKT_PUBLIC_CERT : PKT_PUBKEY_SUBCERT;
- pkt->pkt.public_cert = pkc;
+ pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY;
+ pkt->pkt.public_key = pk;
add_kbnode(pub_root, new_kbnode( pkt ));
/* don't know whether it makes sense to have the factors, so for now
@@ -330,8 +330,8 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
* are known.
*/
pkt = m_alloc_clear(sizeof *pkt);
- pkt->pkttype = ret_skc ? PKT_SECRET_CERT : PKT_SECKEY_SUBCERT;
- pkt->pkt.secret_cert = skc;
+ pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY;
+ pkt->pkt.secret_key = sk;
add_kbnode(sec_root, new_kbnode( pkt ));
for(i=1; factors[i]; i++ ) /* the first one is q */
add_kbnode( sec_root,
@@ -698,7 +698,7 @@ ask_passphrase( STRING2KEY **ret_s2k )
static int
do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
- DEK *dek, STRING2KEY *s2k, PKT_secret_cert **skc, int valid_days,
+ DEK *dek, STRING2KEY *s2k, PKT_secret_key **sk, int valid_days,
int v4_packet )
{
int rc=0;
@@ -711,9 +711,9 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E )
rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k,
- skc, valid_days, v4_packet? 4:3 );
+ sk, valid_days, v4_packet? 4:3 );
else if( algo == PUBKEY_ALGO_DSA )
- rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, skc, valid_days);
+ rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, valid_days);
else
BUG();
if( !rc ) {
@@ -740,7 +740,7 @@ generate_keypair()
char *uid = NULL;
KBNODE pub_root = NULL;
KBNODE sec_root = NULL;
- PKT_secret_cert *skc = NULL;
+ PKT_secret_key *sk = NULL;
DEK *dek;
STRING2KEY *s2k;
int rc;
@@ -777,33 +777,33 @@ generate_keypair()
/* we create the packets as a tree of kbnodes. Because the structure
* we create is known in advance we simply generate a linked list
* The first packet is a dummy comment packet which we flag
- * as deleted. The very first packet must always be a CERT packet.
+ * as deleted. The very first packet must always be a KEY packet.
*/
pub_root = make_comment_node("#"); delete_kbnode(pub_root);
sec_root = make_comment_node("#"); delete_kbnode(sec_root);
if( both )
rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root,
- dek, s2k, &skc, ndays, 1);
+ dek, s2k, &sk, ndays, 1);
else
rc = do_create( algo, nbits, pub_root, sec_root,
- dek, s2k, &skc, ndays, v4);
+ dek, s2k, &sk, ndays, v4);
if( !rc )
write_uid(pub_root, uid );
if( !rc )
write_uid(sec_root, uid );
if( !rc )
- rc = write_selfsig(pub_root, pub_root, skc);
+ rc = write_selfsig(pub_root, pub_root, sk);
if( !rc )
- rc = write_selfsig(sec_root, pub_root, skc);
+ rc = write_selfsig(sec_root, pub_root, sk);
if( both ) {
rc = do_create( algo, nbits, pub_root, sec_root,
dek, s2k, NULL, ndays, 1 );
if( !rc )
- rc = write_keybinding(pub_root, pub_root, skc);
+ rc = write_keybinding(pub_root, pub_root, sk);
if( !rc )
- rc = write_keybinding(sec_root, pub_root, skc);
+ rc = write_keybinding(sec_root, pub_root, sk);
}
@@ -814,7 +814,6 @@ generate_keypair()
int rc2 = -1;
/* we can now write the certificates */
-
if( get_keyblock_handle( pub_fname, 0, &pub_kbpos ) ) {
if( add_keyblock_resource( pub_fname, 1, 0 ) ) {
log_error("can add keyblock file '%s'\n", pub_fname );
@@ -868,8 +867,8 @@ generate_keypair()
tty_printf(_("Key generation failed: %s\n"), g10_errstr(rc) );
release_kbnode( pub_root );
release_kbnode( sec_root );
- if( skc ) /* the unprotected secret certificate */
- free_secret_cert(skc);
+ if( sk ) /* the unprotected secret key */
+ free_secret_key(sk);
m_free(uid);
m_free(dek);
m_free(s2k);
@@ -889,7 +888,7 @@ generate_subkeypair( const char *username )
KBNODE pub_keyblock = NULL;
KBNODE sec_keyblock = NULL;
KBNODE node;
- PKT_secret_cert *skc = NULL; /* this is the primary skc */
+ PKT_secret_key *sk = NULL; /* this is the primary sk */
u32 keyid[2];
int v4, algo, ndays;
unsigned nbits;
@@ -926,21 +925,21 @@ generate_subkeypair( const char *username )
}
/* break out the primary key */
- node = find_kbnode( sec_keyblock, PKT_SECRET_CERT );
+ node = find_kbnode( sec_keyblock, PKT_SECRET_KEY );
if( !node ) {
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
- /* make a copy of the skc to keep the protected one in the keyblock */
- skc = copy_secret_cert( NULL, node->pkt->pkt.secret_cert );
- keyid_from_skc( skc, keyid );
+ /* make a copy of the sk to keep the protected one in the keyblock */
+ sk = copy_secret_key( NULL, node->pkt->pkt.secret_key );
+ keyid_from_sk( sk, keyid );
/* display primary and all secondary keys */
tty_printf("sec %4u%c/%08lX %s ",
- nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
- keyid[1], datestr_from_skc(skc) );
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ keyid[1], datestr_from_sk(sk) );
{
size_t n;
char *p = get_user_id( keyid, &n );
@@ -949,13 +948,13 @@ generate_subkeypair( const char *username )
tty_printf("\n");
}
for(node=sec_keyblock; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
- PKT_secret_cert *subskc = node->pkt->pkt.secret_cert;
- keyid_from_skc( subskc, keyid );
+ if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *subsk = node->pkt->pkt.secret_key;
+ keyid_from_sk( subsk, keyid );
tty_printf("sub %4u%c/%08lX %s\n",
- nbits_from_skc( subskc ),
- pubkey_letter( subskc->pubkey_algo ),
- keyid[1], datestr_from_skc(subskc) );
+ nbits_from_sk( subsk ),
+ pubkey_letter( subsk->pubkey_algo ),
+ keyid[1], datestr_from_sk(subsk) );
}
}
tty_printf("\n");
@@ -963,7 +962,7 @@ generate_subkeypair( const char *username )
/* unprotect to get the passphrase */
- switch( is_secret_key_protected( skc ) ) {
+ switch( is_secret_key_protected( sk ) ) {
case -1:
rc = G10ERR_PUBKEY_ALGO;
break;
@@ -972,7 +971,7 @@ generate_subkeypair( const char *username )
break;
default:
tty_printf("Key is protected.\n");
- rc = check_secret_key( skc );
+ rc = check_secret_key( sk );
if( !rc )
passphrase = get_last_passphrase();
break;
@@ -997,9 +996,9 @@ generate_subkeypair( const char *username )
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,
dek, s2k, NULL, ndays, v4 );
if( !rc )
- rc = write_keybinding(pub_keyblock, pub_keyblock, skc);
+ rc = write_keybinding(pub_keyblock, pub_keyblock, sk);
if( !rc )
- rc = write_keybinding(sec_keyblock, pub_keyblock, skc);
+ rc = write_keybinding(sec_keyblock, pub_keyblock, sk);
/* write back */
if( !rc ) {
rc = update_keyblock( &pub_kbpos, pub_keyblock );
@@ -1021,8 +1020,8 @@ generate_subkeypair( const char *username )
m_free( passphrase );
m_free( dek );
m_free( s2k );
- if( skc ) /* release the copy of the (now unprotected) secret key */
- free_secret_cert(skc);
+ if( sk ) /* release the copy of the (now unprotected) secret key */
+ free_secret_key(sk);
release_kbnode( sec_keyblock );
release_kbnode( pub_keyblock );
set_next_passphrase( NULL );
diff --git a/g10/keyid.c b/g10/keyid.c
index dc24904c7..499c8928d 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -49,7 +49,7 @@ pubkey_letter( int algo )
static MD_HANDLE
-do_fingerprint_md( PKT_public_cert *pkc )
+do_fingerprint_md( PKT_public_key *pk )
{
MD_HANDLE md;
unsigned n;
@@ -57,36 +57,36 @@ do_fingerprint_md( PKT_public_cert *pkc )
unsigned nn[PUBKEY_MAX_NPKEY];
byte *pp[PUBKEY_MAX_NPKEY];
int i;
- int npkey = pubkey_get_npkey( pkc->pubkey_algo );
+ int npkey = pubkey_get_npkey( pk->pubkey_algo );
- md = md_open( pkc->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
- n = pkc->version < 4 ? 8 : 6;
+ md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
+ n = pk->version < 4 ? 8 : 6;
for(i=0; i < npkey; i++ ) {
- nb[i] = mpi_get_nbits(pkc->pkey[i]);
- pp[i] = mpi_get_buffer( pkc->pkey[i], nn+i, NULL );
+ nb[i] = mpi_get_nbits(pk->pkey[i]);
+ pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL );
n += 2 + nn[i];
}
md_putc( md, 0x99 ); /* ctb */
md_putc( md, n >> 8 ); /* 2 byte length header */
md_putc( md, n );
- if( pkc->version < 4 )
+ if( pk->version < 4 )
md_putc( md, 3 );
else
md_putc( md, 4 );
- { u32 a = pkc->timestamp;
+ { u32 a = pk->timestamp;
md_putc( md, a >> 24 );
md_putc( md, a >> 16 );
md_putc( md, a >> 8 );
md_putc( md, a );
}
- if( pkc->version < 4 ) {
- u16 a = pkc->valid_days;
+ if( pk->version < 4 ) {
+ u16 a = pk->valid_days;
md_putc( md, a >> 8 );
md_putc( md, a );
}
- md_putc( md, pkc->pubkey_algo );
+ md_putc( md, pk->pubkey_algo );
for(i=0; i < npkey; i++ ) {
md_putc( md, nb[i]>>8);
md_putc( md, nb[i] );
@@ -99,29 +99,29 @@ do_fingerprint_md( PKT_public_cert *pkc )
}
static MD_HANDLE
-do_fingerprint_md_skc( PKT_secret_cert *skc )
+do_fingerprint_md_sk( PKT_secret_key *sk )
{
- PKT_public_cert pkc;
- int npkey = pubkey_get_npkey( skc->pubkey_algo ); /* npkey is correct! */
+ PKT_public_key pk;
+ int npkey = pubkey_get_npkey( sk->pubkey_algo ); /* npkey is correct! */
int i;
- pkc.pubkey_algo = skc->pubkey_algo;
- pkc.version = skc->version;
- pkc.timestamp = skc->timestamp;
- pkc.valid_days = skc->valid_days;
- pkc.pubkey_algo = skc->pubkey_algo;
+ pk.pubkey_algo = sk->pubkey_algo;
+ pk.version = sk->version;
+ pk.timestamp = sk->timestamp;
+ pk.valid_days = sk->valid_days;
+ pk.pubkey_algo = sk->pubkey_algo;
for( i=0; i < npkey; i++ )
- pkc.pkey[i] = skc->skey[i];
- return do_fingerprint_md( &pkc );
+ pk.pkey[i] = sk->skey[i];
+ return do_fingerprint_md( &pk );
}
/****************
- * Get the keyid from the secret key certificate and put it into keyid
+ * Get the keyid from the secret key and put it into keyid
* if this is not NULL. Return the 32 low bits of the keyid.
*/
u32
-keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
+keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
{
u32 lowbits;
u32 dummy_keyid[2];
@@ -129,13 +129,13 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
- if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
- lowbits = mpi_get_keyid( skc->skey[0], keyid ); /* take n */
+ if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
+ lowbits = mpi_get_keyid( sk->skey[0], keyid ); /* take n */
}
else {
const byte *dp;
MD_HANDLE md;
- md = do_fingerprint_md_skc(skc);
+ md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@@ -148,11 +148,11 @@ keyid_from_skc( PKT_secret_cert *skc, u32 *keyid )
/****************
- * Get the keyid from the public key certificate and put it into keyid
+ * Get the keyid from the public key and put it into keyid
* if this is not NULL. Return the 32 low bits of the keyid.
*/
u32
-keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
+keyid_from_pk( PKT_public_key *pk, u32 *keyid )
{
u32 lowbits;
u32 dummy_keyid[2];
@@ -160,13 +160,13 @@ keyid_from_pkc( PKT_public_cert *pkc, u32 *keyid )
if( !keyid )
keyid = dummy_keyid;
- if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
- lowbits = mpi_get_keyid( pkc->pkey[0], keyid ); /* from n */
+ if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
+ lowbits = mpi_get_keyid( pk->pkey[0], keyid ); /* from n */
}
else {
const byte *dp;
MD_HANDLE md;
- md = do_fingerprint_md(pkc);
+ md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
@@ -189,34 +189,34 @@ keyid_from_sig( PKT_signature *sig, u32 *keyid )
}
/****************
- * return the number of bits used in the pkc
+ * return the number of bits used in the pk
*/
unsigned
-nbits_from_pkc( PKT_public_cert *pkc )
+nbits_from_pk( PKT_public_key *pk )
{
- return pubkey_nbits( pkc->pubkey_algo, pkc->pkey );
+ return pubkey_nbits( pk->pubkey_algo, pk->pkey );
}
/****************
- * return the number of bits used in the skc
+ * return the number of bits used in the sk
*/
unsigned
-nbits_from_skc( PKT_secret_cert *skc )
+nbits_from_sk( PKT_secret_key *sk )
{
- return pubkey_nbits( skc->pubkey_algo, skc->skey );
+ return pubkey_nbits( sk->pubkey_algo, sk->skey );
}
/****************
- * return a string with the creation date of the pkc
+ * return a string with the creation date of the pk
* Note: this is alloced in a static buffer.
* Format is: yyyy-mm-dd
*/
const char *
-datestr_from_pkc( PKT_public_cert *pkc )
+datestr_from_pk( PKT_public_key *pk )
{
static char buffer[11+5];
struct tm *tp;
- time_t atime = pkc->timestamp;
+ time_t atime = pk->timestamp;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@@ -224,11 +224,11 @@ datestr_from_pkc( PKT_public_cert *pkc )
}
const char *
-datestr_from_skc( PKT_secret_cert *skc )
+datestr_from_sk( PKT_secret_key *sk )
{
static char buffer[11+5];
struct tm *tp;
- time_t atime = skc->timestamp;
+ time_t atime = sk->timestamp;
tp = gmtime( &atime );
sprintf(buffer,"%04d-%02d-%02d", 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
@@ -249,30 +249,28 @@ datestr_from_sig( PKT_signature *sig )
/**************** .
- * Return a byte array with the fingerprint for the given PKC/SKC
+ * Return a byte array with the fingerprint for the given PK/SK
* The length of the array is returned in ret_len. Caller must free
* the array.
*/
-
-
byte *
-fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
+fingerprint_from_pk( PKT_public_key *pk, size_t *ret_len )
{
byte *p, *buf, *array;
const char *dp;
size_t len;
unsigned n;
- if( pkc->version < 4 && is_RSA(pkc->pubkey_algo) ) {
+ if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
md = md_open( DIGEST_ALGO_MD5, 0);
- p = buf = mpi_get_buffer( pkc->pkey[0], &n, NULL );
+ p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL );
md_write( md, p, n );
m_free(buf);
- p = buf = mpi_get_buffer( pkc->pkey[1], &n, NULL );
+ p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL );
md_write( md, p, n );
m_free(buf);
md_final(md);
@@ -283,7 +281,7 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
}
else {
MD_HANDLE md;
- md = do_fingerprint_md(pkc);
+ md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
array = m_alloc( len );
@@ -296,22 +294,22 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
}
byte *
-fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
+fingerprint_from_sk( PKT_secret_key *sk, size_t *ret_len )
{
byte *p, *buf, *array;
const char *dp;
size_t len;
unsigned n;
- if( skc->version < 4 && is_RSA(skc->pubkey_algo) ) {
+ if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
md = md_open( DIGEST_ALGO_MD5, 0);
- p = buf = mpi_get_buffer( skc->skey[1], &n, NULL );
+ p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
md_write( md, p, n );
m_free(buf);
- p = buf = mpi_get_buffer( skc->skey[0], &n, NULL );
+ p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
md_write( md, p, n );
m_free(buf);
md_final(md);
@@ -322,7 +320,7 @@ fingerprint_from_skc( PKT_secret_cert *skc, size_t *ret_len )
}
else {
MD_HANDLE md;
- md = do_fingerprint_md_skc(skc);
+ md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
array = m_alloc( len );
diff --git a/g10/keylist.c b/g10/keylist.c
index b6e219723..f06b4989f 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -37,7 +37,7 @@
static void list_all(int);
static void list_one(const char *name, int secret);
-static void fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc );
+static void fingerprint( PKT_public_key *pk, PKT_secret_key *sk );
/****************
@@ -99,8 +99,8 @@ list_one( const char *name, int secret )
KBNODE kbctx;
KBNODE node;
KBPOS kbpos;
- PKT_public_cert *pkc;
- PKT_secret_cert *skc;
+ PKT_public_key *pk;
+ PKT_secret_key *sk;
u32 keyid[2];
int any=0;
int trustletter = 0;
@@ -122,54 +122,54 @@ list_one( const char *name, int secret )
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, secret? PKT_SECRET_CERT : PKT_PUBLIC_CERT );
+ node = find_kbnode( keyblock, secret? PKT_SECRET_KEY : PKT_PUBLIC_KEY );
if( !node ) {
log_error("Oops; key lost!\n");
goto leave;
}
if( secret ) {
- pkc = NULL;
- skc = node->pkt->pkt.secret_cert;
- keyid_from_skc( skc, keyid );
+ pk = NULL;
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, keyid );
if( opt.with_colons )
printf("sec::%u:%d:%08lX%08lX:%s:%u:::",
- nbits_from_skc( skc ),
- skc->pubkey_algo,
+ nbits_from_sk( sk ),
+ sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
- datestr_from_skc( skc ),
- (unsigned)skc->valid_days
+ datestr_from_sk( sk ),
+ (unsigned)sk->valid_days
/* fixme: add LID here */ );
else
- printf("sec %4u%c/%08lX %s ", nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
+ printf("sec %4u%c/%08lX %s ", nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
(ulong)keyid[1],
- datestr_from_skc( skc ) );
+ datestr_from_sk( sk ) );
}
else {
- pkc = node->pkt->pkt.public_cert;
- skc = NULL;
- keyid_from_pkc( pkc, keyid );
+ pk = node->pkt->pkt.public_key;
+ sk = NULL;
+ keyid_from_pk( pk, keyid );
if( opt.with_colons ) {
- trustletter = query_trust_info( pkc );
+ trustletter = query_trust_info( pk );
printf("pub:%c:%u:%d:%08lX%08lX:%s:%u:",
trustletter,
- nbits_from_pkc( pkc ),
- pkc->pubkey_algo,
+ nbits_from_pk( pk ),
+ pk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
- datestr_from_pkc( pkc ),
- (unsigned)pkc->valid_days );
- if( pkc->local_id )
- printf("%lu", pkc->local_id );
+ datestr_from_pk( pk ),
+ (unsigned)pk->valid_days );
+ if( pk->local_id )
+ printf("%lu", pk->local_id );
putchar(':');
/* fixme: add ownertrust here */
putchar(':');
}
else
- printf("pub %4u%c/%08lX %s ", nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
+ printf("pub %4u%c/%08lX %s ", nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1],
- datestr_from_pkc( pkc ) );
+ datestr_from_pk( pk ) );
}
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
@@ -187,70 +187,70 @@ list_one( const char *name, int secret )
putchar('\n');
if( !any ) {
if( opt.fingerprint )
- fingerprint( pkc, skc );
+ fingerprint( pk, sk );
any = 1;
}
}
- else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
u32 keyid2[2];
- PKT_public_cert *pkc2 = node->pkt->pkt.public_cert;
+ PKT_public_key *pk2 = node->pkt->pkt.public_key;
if( !any ) {
putchar('\n');
if( opt.fingerprint )
- fingerprint( pkc, skc ); /* of the main key */
+ fingerprint( pk, sk ); /* of the main key */
any = 1;
}
- keyid_from_pkc( pkc2, keyid2 );
+ keyid_from_pk( pk2, keyid2 );
if( opt.with_colons ) {
printf("sub:%c:%u:%d:%08lX%08lX:%s:%u:",
trustletter,
- nbits_from_pkc( pkc2 ),
- pkc2->pubkey_algo,
+ nbits_from_pk( pk2 ),
+ pk2->pubkey_algo,
(ulong)keyid2[0],(ulong)keyid2[1],
- datestr_from_pkc( pkc2 ),
- (unsigned)pkc2->valid_days
+ datestr_from_pk( pk2 ),
+ (unsigned)pk2->valid_days
/* fixme: add LID and ownertrust here */
);
- if( pkc->local_id ) /* use the local_id of the main key??? */
- printf("%lu", pkc->local_id );
+ if( pk->local_id ) /* use the local_id of the main key??? */
+ printf("%lu", pk->local_id );
putchar(':');
putchar(':');
putchar('\n');
}
else
- printf("sub %4u%c/%08lX %s\n", nbits_from_pkc( pkc2 ),
- pubkey_letter( pkc2->pubkey_algo ),
+ printf("sub %4u%c/%08lX %s\n", nbits_from_pk( pk2 ),
+ pubkey_letter( pk2->pubkey_algo ),
(ulong)keyid2[1],
- datestr_from_pkc( pkc2 ) );
+ datestr_from_pk( pk2 ) );
}
- else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
u32 keyid2[2];
- PKT_secret_cert *skc2 = node->pkt->pkt.secret_cert;
+ PKT_secret_key *sk2 = node->pkt->pkt.secret_key;
if( !any ) {
putchar('\n');
if( opt.fingerprint )
- fingerprint( pkc, skc ); /* of the main key */
+ fingerprint( pk, sk ); /* of the main key */
any = 1;
}
- keyid_from_skc( skc2, keyid2 );
+ keyid_from_sk( sk2, keyid2 );
if( opt.with_colons )
printf("ssb::%u:%d:%08lX%08lX:%s:%u:::\n",
- nbits_from_skc( skc2 ),
- skc2->pubkey_algo,
+ nbits_from_sk( sk2 ),
+ sk2->pubkey_algo,
(ulong)keyid2[0],(ulong)keyid2[1],
- datestr_from_skc( skc2 ),
- (unsigned)skc2->valid_days
+ datestr_from_sk( sk2 ),
+ (unsigned)sk2->valid_days
/* fixme: add LID */
);
else
- printf("ssb %4u%c/%08lX %s\n", nbits_from_skc( skc2 ),
- pubkey_letter( skc2->pubkey_algo ),
+ printf("ssb %4u%c/%08lX %s\n", nbits_from_sk( sk2 ),
+ pubkey_letter( sk2->pubkey_algo ),
(ulong)keyid2[1],
- datestr_from_skc( skc2 ) );
+ datestr_from_sk( sk2 ) );
}
else if( opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
@@ -264,7 +264,7 @@ list_one( const char *name, int secret )
else
putchar('\n');
if( opt.fingerprint )
- fingerprint( pkc, skc );
+ fingerprint( pk, sk );
any=1;
}
@@ -334,13 +334,13 @@ list_one( const char *name, int secret )
}
static void
-fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
+fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
{
byte *array, *p;
size_t i, n;
- p = array = pkc? fingerprint_from_pkc( pkc, &n )
- : fingerprint_from_skc( skc, &n );
+ p = array = pk? fingerprint_from_pk( pk, &n )
+ : fingerprint_from_sk( sk, &n );
if( opt.with_colons ) {
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )
diff --git a/g10/main.h b/g10/main.h
index c50a07147..03150d37f 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -32,7 +32,7 @@
typedef struct {
int header_okay;
- PKC_LIST pkc_list;
+ PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
@@ -61,7 +61,7 @@ int encrypt_filter( void *opaque, int control,
/*-- sign.c --*/
-int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md );
+int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int encrypt, STRLIST remusr, const char *outfile );
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
@@ -95,9 +95,11 @@ KBNODE make_comment_node( const char *s );
KBNODE make_mpi_comment_node( const char *s, MPI a );
/*-- import.c --*/
-int import_pubkeys( const char *filename );
+int import_keys( const char *filename );
/*-- export.c --*/
int export_pubkeys( STRLIST users );
+int export_seckeys( STRLIST users );
+
/* dearmor.c --*/
int dearmor_file( const char *fname );
int enarmor_file( const char *fname );
diff --git a/g10/mainproc.c b/g10/mainproc.c
index a69217a3a..f01380e00 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -44,8 +44,8 @@
*/
typedef struct {
- PKT_public_cert *last_pubkey;
- PKT_secret_cert *last_seckey;
+ PKT_public_key *last_pubkey;
+ PKT_secret_key *last_seckey;
PKT_user_id *last_user_id;
md_filter_context_t mfx;
int sigs_only; /* process only signatures and reject all other stuff */
@@ -353,8 +353,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
|| sig->sig_class == 0x18
|| sig->sig_class == 0x20
|| sig->sig_class == 0x30 ) { /* classes 0x10..0x17,0x20,0x30 */
- if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
- || c->list->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
+ || c->list->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
return check_key_signature( c->list, node, is_selfsig );
}
else {
@@ -388,13 +388,13 @@ print_userid( PACKET *pkt )
static void
-print_fingerprint( PKT_public_cert *pkc, PKT_secret_cert *skc )
+print_fingerprint( PKT_public_key *pk, PKT_secret_key *sk )
{
byte *array, *p;
size_t i, n;
- p = array = skc? fingerprint_from_skc( skc, &n )
- : fingerprint_from_pkc( pkc, &n );
+ p = array = sk? fingerprint_from_sk( sk, &n )
+ : fingerprint_from_pk( pk, &n );
if( opt.with_colons ) {
printf("fpr:::::::::");
for(i=0; i < n ; i++, p++ )
@@ -435,25 +435,25 @@ list_node( CTX c, KBNODE node )
if( !node )
;
- else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_CERT) )
- || node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
- PKT_public_cert *pkc = node->pkt->pkt.public_cert;
+ else if( (mainkey = (node->pkt->pkttype == PKT_PUBLIC_KEY) )
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
+ PKT_public_key *pk = node->pkt->pkt.public_key;
if( opt.with_colons ) {
u32 keyid[2];
- keyid_from_pkc( pkc, keyid );
+ keyid_from_pk( pk, keyid );
if( mainkey ) {
- c->local_id = pkc->local_id;
- c->trustletter = query_trust_info( pkc );
+ c->local_id = pk->local_id;
+ c->trustletter = query_trust_info( pk );
}
printf("%s:%c:%u:%d:%08lX%08lX:%s:%u:",
mainkey? "pub":"sub",
c->trustletter,
- nbits_from_pkc( pkc ),
- pkc->pubkey_algo,
+ nbits_from_pk( pk ),
+ pk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
- datestr_from_pkc( pkc ),
- (unsigned)pkc->valid_days );
+ datestr_from_pk( pk ),
+ (unsigned)pk->valid_days );
if( c->local_id )
printf("%lu", c->local_id );
putchar(':');
@@ -463,10 +463,10 @@ list_node( CTX c, KBNODE node )
else
printf("%s %4u%c/%08lX %s ",
mainkey? "pub":"sub",
- nbits_from_pkc( pkc ),
- pubkey_letter( pkc->pubkey_algo ),
- (ulong)keyid_from_pkc( pkc, NULL ),
- datestr_from_pkc( pkc ) );
+ nbits_from_pk( pk ),
+ pubkey_letter( pk->pubkey_algo ),
+ (ulong)keyid_from_pk( pk, NULL ),
+ datestr_from_pk( pk ) );
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
@@ -492,10 +492,10 @@ list_node( CTX c, KBNODE node )
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
- print_fingerprint( pkc, NULL );
+ print_fingerprint( pk, NULL );
any=1;
}
- else if( node->pkt->pkttype == PKT_PUBKEY_SUBCERT ) {
+ else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
if( !any ) {
putchar('\n');
any = 1;
@@ -507,29 +507,29 @@ list_node( CTX c, KBNODE node )
if( !any )
putchar('\n');
}
- else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_CERT) )
- || node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
- PKT_secret_cert *skc = node->pkt->pkt.secret_cert;
+ else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
+ || node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = node->pkt->pkt.secret_key;
if( opt.with_colons ) {
u32 keyid[2];
- keyid_from_skc( skc, keyid );
+ keyid_from_sk( sk, keyid );
printf("%s::%u:%d:%08lX%08lX:%s:%u:::",
mainkey? "sec":"ssb",
- nbits_from_skc( skc ),
- skc->pubkey_algo,
+ nbits_from_sk( sk ),
+ sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
- datestr_from_skc( skc ),
- (unsigned)skc->valid_days
+ datestr_from_sk( sk ),
+ (unsigned)sk->valid_days
/* fixme: add LID */ );
}
else
printf("%s %4u%c/%08lX %s ",
mainkey? "sec":"ssb",
- nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
- (ulong)keyid_from_skc( skc, NULL ),
- datestr_from_skc( skc ) );
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ (ulong)keyid_from_sk( sk, NULL ),
+ datestr_from_sk( sk ) );
if( mainkey ) {
/* and now list all userids with their signatures */
for( node = node->next; node; node = node->next ) {
@@ -555,10 +555,10 @@ list_node( CTX c, KBNODE node )
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
- print_fingerprint( NULL, skc );
+ print_fingerprint( NULL, sk );
any=1;
}
- else if( node->pkt->pkttype == PKT_SECKEY_SUBCERT ) {
+ else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
if( !any ) {
putchar('\n');
any = 1;
@@ -597,12 +597,12 @@ list_node( CTX c, KBNODE node )
else { /* check whether this is a self signature */
u32 keyid[2];
- if( c->list->pkt->pkttype == PKT_PUBLIC_CERT
- || c->list->pkt->pkttype == PKT_SECRET_CERT ) {
- if( c->list->pkt->pkttype == PKT_PUBLIC_CERT )
- keyid_from_pkc( c->list->pkt->pkt.public_cert, keyid );
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY
+ || c->list->pkt->pkttype == PKT_SECRET_KEY ) {
+ if( c->list->pkt->pkttype == PKT_PUBLIC_KEY )
+ keyid_from_pk( c->list->pkt->pkt.public_key, keyid );
else
- keyid_from_skc( c->list->pkt->pkt.secret_cert, keyid );
+ keyid_from_sk( c->list->pkt->pkt.secret_key, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
is_selfsig = 1;
@@ -709,8 +709,8 @@ do_proc_packets( CTX c, IOBUF a )
}
else if( c->sigs_only ) {
switch( pkt->pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
case PKT_USER_ID:
case PKT_SYMKEY_ENC:
case PKT_PUBKEY_ENC:
@@ -726,8 +726,8 @@ do_proc_packets( CTX c, IOBUF a )
}
else if( c->encrypt_only ) {
switch( pkt->pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
case PKT_USER_ID:
rc = G10ERR_UNEXPECTED;
goto leave;
@@ -743,14 +743,14 @@ do_proc_packets( CTX c, IOBUF a )
}
else {
switch( pkt->pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
release_list( c );
c->list = new_kbnode( pkt );
newpkt = 1;
break;
- case PKT_PUBKEY_SUBCERT:
- case PKT_SECKEY_SUBCERT:
+ case PKT_PUBLIC_SUBKEY:
+ case PKT_SECRET_SUBKEY:
newpkt = add_subkey( c, pkt );
break;
case PKT_USER_ID: newpkt = add_user_id( c, pkt ); break;
@@ -850,10 +850,10 @@ proc_tree( CTX c, KBNODE node )
c->local_id = 0;
c->trustletter = ' ';
- if( node->pkt->pkttype == PKT_PUBLIC_CERT
- || node->pkt->pkttype == PKT_PUBKEY_SUBCERT )
+ if( node->pkt->pkttype == PKT_PUBLIC_KEY
+ || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
list_node( c, node );
- else if( node->pkt->pkttype == PKT_SECRET_CERT )
+ else if( node->pkt->pkttype == PKT_SECRET_KEY )
list_node( c, node );
else if( node->pkt->pkttype == PKT_ONEPASS_SIG ) {
/* check all signatures */
diff --git a/g10/packet.h b/g10/packet.h
index c928cf46d..b3a9d7507 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -33,16 +33,16 @@ typedef enum {
PKT_SIGNATURE =2, /* secret key encrypted packet */
PKT_SYMKEY_ENC =3, /* session key packet (OpenPGP)*/
PKT_ONEPASS_SIG =4, /* one pass sig packet (OpenPGP)*/
- PKT_SECRET_CERT =5, /* secret key certificate */
- PKT_PUBLIC_CERT =6, /* public key certificate */
- PKT_SECKEY_SUBCERT =7, /* secret subkey certificate (OpenPGP) */
+ PKT_SECRET_KEY =5, /* secret key */
+ PKT_PUBLIC_KEY =6, /* public key */
+ PKT_SECRET_SUBKEY =7, /* secret subkey (OpenPGP) */
PKT_COMPRESSED =8, /* compressed data packet */
PKT_ENCRYPTED =9, /* conventional encrypted data */
PKT_MARKER =10, /* marker packet (OpenPGP) */
PKT_PLAINTEXT =11, /* plaintext data with filename and mode */
PKT_RING_TRUST =12, /* keyring trust packet */
PKT_USER_ID =13, /* user id packet */
- PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
+ PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */
PKT_COMMENT =61 /* new comment packet (private) */
} pkttype_t;
@@ -104,17 +104,17 @@ typedef struct {
* public keys by comparing the first npkey elements of pkey againts skey.
*/
typedef struct {
- u32 timestamp; /* certificate made */
+ u32 timestamp; /* key made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
byte pubkey_algo; /* algorithm used for public key scheme */
ulong local_id; /* internal use, valid if > 0 */
MPI pkey[PUBKEY_MAX_NPKEY];
-} PKT_public_cert;
+} PKT_public_key;
typedef struct {
- u32 timestamp; /* certificate made */
+ u32 timestamp; /* key made */
u16 valid_days; /* valid for this number of days */
byte hdrbytes; /* number of header bytes */
byte version;
@@ -130,7 +130,7 @@ typedef struct {
} protect;
MPI skey[PUBKEY_MAX_NSKEY];
u16 csum; /* checksum */
-} PKT_secret_cert;
+} PKT_secret_key;
typedef struct {
@@ -172,8 +172,8 @@ struct packet_struct {
PKT_pubkey_enc *pubkey_enc; /* PKT_PUBKEY_ENC */
PKT_onepass_sig *onepass_sig; /* PKT_ONEPASS_SIG */
PKT_signature *signature; /* PKT_SIGNATURE */
- PKT_public_cert *public_cert; /* PKT_PUBLIC_CERT */
- PKT_secret_cert *secret_cert; /* PKT_SECRET_CERT */
+ PKT_public_key *public_key; /* PKT_PUBLIC_[SUB)KEY */
+ PKT_secret_key *secret_key; /* PKT_SECRET_[SUB]KEY */
PKT_comment *comment; /* PKT_COMMENT */
PKT_user_id *user_id; /* PKT_USER_ID */
PKT_compressed *compressed; /* PKT_COMPRESSED */
@@ -224,15 +224,17 @@ int list_packets( IOBUF a );
int set_packet_list_mode( int mode );
int search_packet( IOBUF inp, PACKET *pkt, int pkttype, ulong *retpos );
int parse_packet( IOBUF inp, PACKET *ret_pkt);
+void parse_pubkey_warning( PACKET *pkt );
int copy_all_packets( IOBUF inp, IOBUF out );
int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff );
int skip_some_packets( IOBUF inp, unsigned n );
-const byte *parse_sig_subpkt( const byte *buffer, int reqtype, size_t *ret_n );
+const byte *parse_sig_subpkt( const byte *buffer,
+ sigsubpkttype_t reqtype, size_t *ret_n );
/*-- build-packet.c --*/
int build_packet( IOBUF inp, PACKET *pkt );
u32 calc_packet_length( PACKET *pkt );
-void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc );
+void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen );
void build_sig_subpkt_from_sig( PKT_signature *sig );
@@ -242,17 +244,17 @@ void free_symkey_enc( PKT_symkey_enc *enc );
void free_pubkey_enc( PKT_pubkey_enc *enc );
void free_seckey_enc( PKT_signature *enc );
int digest_algo_from_sig( PKT_signature *sig );
-void release_public_cert_parts( PKT_public_cert *cert );
-void free_public_cert( PKT_public_cert *cert );
-void release_secret_cert_parts( PKT_secret_cert *cert );
-void free_secret_cert( PKT_secret_cert *cert );
+void release_public_key_parts( PKT_public_key *pk );
+void free_public_key( PKT_public_key *key );
+void release_secret_key_parts( PKT_secret_key *sk );
+void free_secret_key( PKT_secret_key *sk );
void free_user_id( PKT_user_id *uid );
void free_comment( PKT_comment *rem );
void free_packet( PACKET *pkt );
-PKT_public_cert *copy_public_cert( PKT_public_cert *d, PKT_public_cert *s );
-PKT_secret_cert *copy_secret_cert( PKT_secret_cert *d, PKT_secret_cert *s );
-int cmp_public_certs( PKT_public_cert *a, PKT_public_cert *b );
-int cmp_public_secret_cert( PKT_public_cert *pkc, PKT_secret_cert *skc );
+PKT_public_key *copy_public_key( PKT_public_key *d, PKT_public_key *s );
+PKT_secret_key *copy_secret_key( PKT_secret_key *d, PKT_secret_key *s );
+int cmp_public_keys( PKT_public_key *a, PKT_public_key *b );
+int cmp_public_secret_key( PKT_public_key *pk, PKT_secret_key *sk );
int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
@@ -260,9 +262,9 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
int signature_check( PKT_signature *sig, MD_HANDLE digest );
/*-- seckey-cert.c --*/
-int is_secret_key_protected( PKT_secret_cert *cert );
-int check_secret_key( PKT_secret_cert *cert );
-int protect_secret_key( PKT_secret_cert *cert, DEK *dek );
+int is_secret_key_protected( PKT_secret_key *sk );
+int check_secret_key( PKT_secret_key *sk );
+int protect_secret_key( PKT_secret_key *sk, DEK *dek );
/*-- pubkey-enc.c --*/
int get_session_key( PKT_pubkey_enc *k, DEK *dek );
@@ -283,9 +285,9 @@ int ask_for_detached_datafile( md_filter_context_t *mfx, const char *inname );
int write_comment( IOBUF out, const char *s );
/*-- sign.c --*/
-int make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc,
- PKT_user_id *uid, PKT_public_cert *subpkc,
- PKT_secret_cert *skc,
+int make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
+ PKT_user_id *uid, PKT_public_key *subpk,
+ PKT_secret_key *sk,
int sigclass, int digest_algo,
int (*mksubpkt)(PKT_signature *, void *),
void *opaque );
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index bf26b7a39..153c4bcfa 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -51,7 +51,7 @@ static int parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_signature *sig );
static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_onepass_sig *ops );
-static int parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
+static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *packet );
static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
@@ -176,6 +176,38 @@ skip_some_packets( IOBUF inp, unsigned n )
return rc;
}
+
+void
+parse_pubkey_warning( PACKET *pkt )
+{
+ static byte unknown_pubkey_algos[256];
+ int unk=0, uns=0;
+
+ if( pkt->pkttype == PKT_PUBLIC_KEY
+ || pkt->pkttype == PKT_PUBLIC_SUBKEY )
+ unk = pkt->pkt.public_key->pubkey_algo & 0xff;
+ else if( pkt->pkttype == PKT_SECRET_KEY
+ || pkt->pkttype == PKT_SECRET_SUBKEY )
+ unk = pkt->pkt.secret_key->pubkey_algo & 0xff;
+ else if( pkt->pkttype == PKT_SIGNATURE )
+ uns = pkt->pkt.signature->pubkey_algo & 0xff;
+
+ if( unk ) {
+ if( !(unknown_pubkey_algos[unk]&1) ) {
+ log_info("can't handle key "
+ "with public key algorithm %d\n", unk );
+ unknown_pubkey_algos[unk] |= 1;
+ }
+ }
+ else if( uns ) {
+ if( !(unknown_pubkey_algos[unk]&2) ) {
+ log_info("can't handle signature "
+ "with public key algorithm %d\n", uns );
+ unknown_pubkey_algos[unk] |= 2;
+ }
+ }
+}
+
/****************
* Parse packet. Set the variable skip points to to 1 if the packet
* should be skipped; this is the case if either there is a
@@ -277,15 +309,15 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pkt->pkttype = pkttype;
rc = G10ERR_UNKNOWN_PACKET; /* default error */
switch( pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_PUBKEY_SUBCERT:
- pkt->pkt.public_cert = m_alloc_clear(sizeof *pkt->pkt.public_cert );
- rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+ case PKT_PUBLIC_KEY:
+ case PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = m_alloc_clear(sizeof *pkt->pkt.public_key );
+ rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
- case PKT_SECRET_CERT:
- case PKT_SECKEY_SUBCERT:
- pkt->pkt.secret_cert = m_alloc_clear(sizeof *pkt->pkt.secret_cert );
- rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
+ case PKT_SECRET_KEY:
+ case PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = m_alloc_clear(sizeof *pkt->pkt.secret_key );
+ rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
case PKT_SYMKEY_ENC:
rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
@@ -310,7 +342,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
break;
case PKT_RING_TRUST:
parse_trust(inp, pkttype, pktlen);
- rc = 0;
+ rc = G10ERR_UNKNOWN_PACKET;
break;
case PKT_PLAINTEXT:
rc = parse_plaintext(inp, pkttype, pktlen, pkt );
@@ -810,18 +842,19 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
static int
-parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
+parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
byte *hdr, int hdrlen, PACKET *pkt )
{
int i, version, algorithm;
unsigned n;
unsigned long timestamp;
unsigned short valid_period;
+ int npkey, nskey;
int is_v4=0;
int rc=0;
version = iobuf_get_noeof(inp); pktlen--;
- if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
+ if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
/* early versions of G10 use old PGP comments packets;
* luckily all those comments are started by a hash */
if( list_mode ) {
@@ -861,343 +894,174 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
if( list_mode )
printf(":%s key packet:\n"
"\tversion %d, algo %d, created %lu, valid for %hu days\n",
- pkttype == PKT_PUBLIC_CERT? "public" :
- pkttype == PKT_SECRET_CERT? "secret" :
- pkttype == PKT_PUBKEY_SUBCERT? "public sub" :
- pkttype == PKT_SECKEY_SUBCERT? "secret sub" : "??",
+ pkttype == PKT_PUBLIC_KEY? "public" :
+ pkttype == PKT_SECRET_KEY? "secret" :
+ pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
+ pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
version, algorithm, timestamp, valid_period );
- if( pkttype == PKT_SECRET_CERT || pkttype == PKT_SECKEY_SUBCERT ) {
- pkt->pkt.secret_cert->timestamp = timestamp;
- pkt->pkt.secret_cert->valid_days = valid_period;
- pkt->pkt.secret_cert->hdrbytes = hdrlen;
- pkt->pkt.secret_cert->version = version;
- pkt->pkt.secret_cert->pubkey_algo = algorithm;
+
+ if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = pkt->pkt.secret_key;
+
+ sk->timestamp = timestamp;
+ sk->valid_days = valid_period;
+ sk->hdrbytes = hdrlen;
+ sk->version = version;
+ sk->pubkey_algo = algorithm;
}
else {
- pkt->pkt.public_cert->timestamp = timestamp;
- pkt->pkt.public_cert->valid_days = valid_period;
- pkt->pkt.public_cert->hdrbytes = hdrlen;
- pkt->pkt.public_cert->version = version;
- pkt->pkt.public_cert->pubkey_algo = algorithm;
- }
+ PKT_public_key *pk = pkt->pkt.public_key;
- if( is_ELGAMAL(algorithm) ) {
- MPI elg_p, elg_g, elg_y;
- n = pktlen; elg_p = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; elg_g = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; elg_y = mpi_read(inp, &n, 0 ); pktlen -=n;
- if( list_mode ) {
- printf( "\telg p: ");
- mpi_print(stdout, elg_p, mpi_print_mode );
- printf("\n\telg g: ");
- mpi_print(stdout, elg_g, mpi_print_mode );
- printf("\n\telg y: ");
- mpi_print(stdout, elg_y, mpi_print_mode );
- putchar('\n');
- }
- if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
- pkt->pkt.public_cert->pkey[0] = elg_p;
- pkt->pkt.public_cert->pkey[1] = elg_g;
- pkt->pkt.public_cert->pkey[2] = elg_y;
- }
- else {
- PKT_secret_cert *cert = pkt->pkt.secret_cert;
- byte temp[8];
-
- pkt->pkt.secret_cert->skey[0] = elg_p;
- pkt->pkt.secret_cert->skey[1] = elg_g;
- pkt->pkt.secret_cert->skey[2] = elg_y;
- cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
- if( cert->protect.algo ) {
- cert->is_protected = 1;
- cert->protect.s2k.count = 0;
- if( cert->protect.algo == 255 ) {
- if( pktlen < 3 ) {
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
- cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
- cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
- cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
- switch( cert->protect.s2k.mode ) {
- case 1:
- case 4:
- for(i=0; i < 8 && pktlen; i++, pktlen-- )
- temp[i] = iobuf_get_noeof(inp);
- memcpy(cert->protect.s2k.salt, temp, 8 );
- break;
- }
- switch( cert->protect.s2k.mode ) {
- case 0: if( list_mode ) printf( "\tsimple S2K" );
- break;
- case 1: if( list_mode ) printf( "\tsalted S2K" );
- break;
- case 4: if( list_mode ) printf( "\titer+salt S2K" );
- break;
- default:
- if( list_mode )
- printf( "\tunknown S2K %d\n",
- cert->protect.s2k.mode );
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
+ pk->timestamp = timestamp;
+ pk->valid_days = valid_period;
+ pk->hdrbytes = hdrlen;
+ pk->version = version;
+ pk->pubkey_algo = algorithm;
+ }
+ nskey = pubkey_get_nskey( algorithm );
+ npkey = pubkey_get_npkey( algorithm );
+ if( !npkey ) {
+ if( list_mode )
+ printf("\tunknown algorithm %d\n", algorithm );
+ rc = G10ERR_PUBKEY_ALGO;
+ goto leave;
+ }
- if( list_mode ) {
- printf(", algo: %d, hash: %d",
- cert->protect.algo,
- cert->protect.s2k.hash_algo );
- if( cert->protect.s2k.mode == 1
- || cert->protect.s2k.mode == 4 ) {
- printf(", salt: ");
- for(i=0; i < 8; i++ )
- printf("%02x", cert->protect.s2k.salt[i]);
- }
- putchar('\n');
- }
- if( cert->protect.s2k.mode == 4 ) {
- if( pktlen < 4 ) {
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
- cert->protect.s2k.count = read_32(inp);
- pktlen -= 4;
- }
+ if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
+ PKT_secret_key *sk = pkt->pkt.secret_key;
+ byte temp[8];
+ for(i=0; i < npkey; i++ ) {
+ n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
+ if( list_mode ) {
+ printf( "\tskey[%d]: ", i);
+ mpi_print(stdout, sk->skey[i], mpi_print_mode );
+ putchar('\n');
+ }
+ }
+ sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
+ if( sk->protect.algo ) {
+ sk->is_protected = 1;
+ sk->protect.s2k.count = 0;
+ if( sk->protect.algo == 255 ) {
+ if( pktlen < 3 ) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
}
- else {
- /* old version, we don't have a S2K, so we fake one */
- cert->protect.s2k.mode = 0;
- /* We need this kludge to cope with old GNUPG versions */
- cert->protect.s2k.hash_algo =
- cert->protect.algo == CIPHER_ALGO_BLOWFISH160?
- DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
- if( list_mode )
- printf( "\tprotect algo: %d (hash algo: %d)\n",
- cert->protect.algo, cert->protect.s2k.hash_algo );
+ sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
+ sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
+ sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
+ switch( sk->protect.s2k.mode ) {
+ case 1:
+ case 4:
+ for(i=0; i < 8 && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ memcpy(sk->protect.s2k.salt, temp, 8 );
+ break;
}
- if( pktlen < 8 ) {
+ switch( sk->protect.s2k.mode ) {
+ case 0: if( list_mode ) printf( "\tsimple S2K" );
+ break;
+ case 1: if( list_mode ) printf( "\tsalted S2K" );
+ break;
+ case 4: if( list_mode ) printf( "\titer+salt S2K" );
+ break;
+ default:
+ if( list_mode )
+ printf( "\tunknown S2K %d\n",
+ sk->protect.s2k.mode );
rc = G10ERR_INVALID_PACKET;
goto leave;
}
- for(i=0; i < 8 && pktlen; i++, pktlen-- )
- temp[i] = iobuf_get_noeof(inp);
+
if( list_mode ) {
- printf( "\tprotect IV: ");
- for(i=0; i < 8; i++ )
- printf(" %02x", temp[i] );
+ printf(", algo: %d, hash: %d",
+ sk->protect.algo,
+ sk->protect.s2k.hash_algo );
+ if( sk->protect.s2k.mode == 1
+ || sk->protect.s2k.mode == 4 ) {
+ printf(", salt: ");
+ for(i=0; i < 8; i++ )
+ printf("%02x", sk->protect.s2k.salt[i]);
+ }
putchar('\n');
}
- memcpy(cert->protect.iv, temp, 8 );
- }
- else
- cert->is_protected = 0;
- /* It does not make sense to read it into secure memory.
- * If the user is so careless, not to protect his secret key,
- * we can assume, that he operates an open system :=(.
- * So we put the key into secure memory when we unprotect it. */
- n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
- if( cert->is_protected )
- mpi_set_protect_flag(cert->skey[3]);
-
- cert->csum = read_16(inp); pktlen -= 2;
- if( list_mode ) {
- printf("\t[secret value x is not shown]\n"
- "\tchecksum: %04hx\n", cert->csum);
- }
- }
- }
- else if( algorithm == PUBKEY_ALGO_DSA ) {
- MPI dsa_p, dsa_q, dsa_g, dsa_y;
- n = pktlen; dsa_p = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; dsa_q = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; dsa_g = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; dsa_y = mpi_read(inp, &n, 0 ); pktlen -=n;
- if( list_mode ) {
- printf( "\tdsa p: ");
- mpi_print(stdout, dsa_p, mpi_print_mode );
- printf("\n\tdsa q: ");
- mpi_print(stdout, dsa_q, mpi_print_mode );
- printf("\n\tdsa g: ");
- mpi_print(stdout, dsa_g, mpi_print_mode );
- printf("\n\tdsa y: ");
- mpi_print(stdout, dsa_y, mpi_print_mode );
- putchar('\n');
- }
- if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
- pkt->pkt.public_cert->pkey[0] = dsa_p;
- pkt->pkt.public_cert->pkey[1] = dsa_q;
- pkt->pkt.public_cert->pkey[2] = dsa_g;
- pkt->pkt.public_cert->pkey[3] = dsa_y;
- }
- else {
- PKT_secret_cert *cert = pkt->pkt.secret_cert;
- byte temp[8];
-
- pkt->pkt.secret_cert->skey[0] = dsa_p;
- pkt->pkt.secret_cert->skey[1] = dsa_q;
- pkt->pkt.secret_cert->skey[2] = dsa_g;
- pkt->pkt.secret_cert->skey[3] = dsa_y;
- cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
- if( cert->protect.algo ) {
- cert->is_protected = 1;
- cert->protect.s2k.count = 0;
- if( cert->protect.algo == 255 ) {
- if( pktlen < 3 ) {
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
- cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
- cert->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
- cert->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
- switch( cert->protect.s2k.mode ) {
- case 1:
- case 4:
- for(i=0; i < 8 && pktlen; i++, pktlen-- )
- temp[i] = iobuf_get_noeof(inp);
- memcpy(cert->protect.s2k.salt, temp, 8 );
- break;
- }
- switch( cert->protect.s2k.mode ) {
- case 0: if( list_mode ) printf( "\tsimple S2K" );
- break;
- case 1: if( list_mode ) printf( "\tsalted S2K" );
- break;
- case 4: if( list_mode ) printf( "\titer+salt S2K" );
- break;
- default:
- if( list_mode )
- printf( "\tunknown S2K %d\n",
- cert->protect.s2k.mode );
+
+ if( sk->protect.s2k.mode == 4 ) {
+ if( pktlen < 4 ) {
rc = G10ERR_INVALID_PACKET;
goto leave;
}
-
- if( list_mode ) {
- printf(", algo: %d, hash: %d",
- cert->protect.algo,
- cert->protect.s2k.hash_algo );
- if( cert->protect.s2k.mode == 1
- || cert->protect.s2k.mode == 4 ){
- printf(", salt: ");
- for(i=0; i < 8; i++ )
- printf("%02x", cert->protect.s2k.salt[i]);
- }
- putchar('\n');
- }
-
- if( cert->protect.s2k.mode == 4 ) {
- if( pktlen < 4 ) {
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
- cert->protect.s2k.count = read_32(inp);
- pktlen -= 4;
- }
-
+ sk->protect.s2k.count = read_32(inp);
+ pktlen -= 4;
}
+
+ }
+ else { /* old version; no S2K, so we set mode to 0, hash MD5 */
+ sk->protect.s2k.mode = 0;
+ /* We need a kludge to cope with old GNUPG versions */
+ sk->protect.s2k.hash_algo =
+ ( sk->protect.algo == CIPHER_ALGO_BLOWFISH160
+ && algorithm == PUBKEY_ALGO_ELGAMAL_E ) ?
+ DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
+ if( list_mode )
+ printf( "\tprotect algo: %d (hash algo: %d)\n",
+ sk->protect.algo, sk->protect.s2k.hash_algo );
+ }
+ if( pktlen < 8 ) {
+ rc = G10ERR_INVALID_PACKET;
+ goto leave;
+ }
+ for(i=0; i < 8 && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ if( list_mode ) {
+ printf( "\tprotect IV: ");
+ for(i=0; i < 8; i++ )
+ printf(" %02x", temp[i] );
+ putchar('\n');
+ }
+ memcpy(sk->protect.iv, temp, 8 );
+ }
+ else
+ sk->is_protected = 0;
+ /* It does not make sense to read it into secure memory.
+ * If the user is so careless, not to protect his secret key,
+ * we can assume, that he operates an open system :=(.
+ * So we put the key into secure memory when we unprotect it. */
+
+ for(i=npkey; i < nskey; i++ ) {
+ n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
+ if( sk->is_protected )
+ mpi_set_protect_flag(sk->skey[i]);
+ if( list_mode ) {
+ printf( "\tskey[%d]: ", i);
+ if( sk->is_protected )
+ printf( "[encrypted]\n");
else {
- if( list_mode )
- printf( "\tprotect algo: %d\n", cert->protect.algo);
- /* old version, we don't have a S2K, so we fake one */
- cert->protect.s2k.mode = 0;
- cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
- }
- if( pktlen < 8 ) {
- rc = G10ERR_INVALID_PACKET;
- goto leave;
- }
- for(i=0; i < 8 && pktlen; i++, pktlen-- )
- temp[i] = iobuf_get_noeof(inp);
- if( list_mode ) {
- printf( "\tprotect IV: ");
- for(i=0; i < 8; i++ )
- printf(" %02x", temp[i] );
+ mpi_print(stdout, sk->skey[i], mpi_print_mode );
putchar('\n');
}
- memcpy(cert->protect.iv, temp, 8 );
- }
- else
- cert->is_protected = 0;
- /* It does not make sense to read it into secure memory.
- * If the user is so careless, not to protect his secret key,
- * we can assume, that he operates an open system :=(.
- * So we put the key into secure memory when we unprotect it. */
- n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
- if( cert->is_protected )
- mpi_set_protect_flag(cert->skey[4]);
-
- cert->csum = read_16(inp); pktlen -= 2;
- if( list_mode ) {
- printf("\t[secret value x is not shown]\n"
- "\tchecksum: %04hx\n", cert->csum);
}
}
- }
- else if( is_RSA(algorithm) ) {
- MPI rsa_pub_mod, rsa_pub_exp;
- n = pktlen; rsa_pub_mod = mpi_read(inp, &n, 0); pktlen -=n;
- n = pktlen; rsa_pub_exp = mpi_read(inp, &n, 0 ); pktlen -=n;
+ sk->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
- printf( "\tpublic modulus n: ");
- mpi_print(stdout, rsa_pub_mod, mpi_print_mode );
- printf("\n\tpublic exponent e: ");
- mpi_print(stdout, rsa_pub_exp, mpi_print_mode );
- putchar('\n');
+ printf("\tchecksum: %04hx\n", sk->csum);
}
- if( pkttype == PKT_PUBLIC_CERT || pkttype == PKT_PUBKEY_SUBCERT ) {
- pkt->pkt.public_cert->pkey[0] = rsa_pub_mod;
- pkt->pkt.public_cert->pkey[1] = rsa_pub_exp;
- }
- else {
- PKT_secret_cert *cert = pkt->pkt.secret_cert;
- byte temp[8];
-
- pkt->pkt.secret_cert->skey[0] = rsa_pub_mod;
- pkt->pkt.secret_cert->skey[1] = rsa_pub_exp;
- cert->protect.algo = iobuf_get_noeof(inp); pktlen--;
- if( list_mode )
- printf( "\tprotect algo: %d\n", cert->protect.algo);
- if( cert->protect.algo ) {
- cert->is_protected = 1;
- for(i=0; i < 8 && pktlen; i++, pktlen-- )
- temp[i] = iobuf_get_noeof(inp);
- if( list_mode ) {
- printf( "\tprotect IV: ");
- for(i=0; i < 8; i++ )
- printf(" %02x", temp[i] );
- putchar('\n');
- }
- memcpy(cert->protect.iv, temp, 8 );
- /* old version, we don't have a S2K, so we fake one */
- cert->protect.s2k.mode = 0;
- cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
- }
- else
- cert->is_protected = 0;
- /* (See comments at the code for elg keys) */
- n = pktlen; cert->skey[2] = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; cert->skey[3] = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; cert->skey[4] = mpi_read(inp, &n, 0 ); pktlen -=n;
- n = pktlen; cert->skey[5] = mpi_read(inp, &n, 0 ); pktlen -=n;
- if( cert->is_protected ) {
- mpi_set_protect_flag(cert->skey[2]);
- mpi_set_protect_flag(cert->skey[3]);
- mpi_set_protect_flag(cert->skey[4]);
- mpi_set_protect_flag(cert->skey[5]);
- }
+ }
+ else {
+ PKT_public_key *pk = pkt->pkt.public_key;
- cert->csum = read_16(inp); pktlen -= 2;
+ for(i=0; i < npkey; i++ ) {
+ n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
if( list_mode ) {
- printf("\t[secret values d,p,q,u are not shown]\n"
- "\tchecksum: %04hx\n", cert->csum);
+ printf( "\tpkey[%d]: ", i);
+ mpi_print(stdout, pk->pkey[i], mpi_print_mode );
+ putchar('\n');
}
}
}
- else if( list_mode )
- printf("\tunknown algorithm %d\n", algorithm );
-
leave:
skip_rest(inp, pktlen);
diff --git a/g10/passphrase.c b/g10/passphrase.c
index 8005ffd9f..ad8ca7681 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -109,7 +109,7 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
}
if( keyid && !opt.batch && !next_pw ) {
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
size_t n;
char *p;
@@ -120,14 +120,14 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
m_free(p);
tty_printf("\"\n");
- if( !get_pubkey( pkc, keyid ) ) {
- const char *s = pubkey_algo_to_string( pkc->pubkey_algo );
+ if( !get_pubkey( pk, keyid ) ) {
+ const char *s = pubkey_algo_to_string( pk->pubkey_algo );
tty_printf( _("(%u-bit %s key, ID %08lX, created %s)\n"),
- nbits_from_pkc( pkc ), s?s:"?", (ulong)keyid[1],
- strtimestamp(pkc->timestamp) );
+ nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1],
+ strtimestamp(pk->timestamp) );
}
tty_printf("\n");
- free_public_cert( pkc );
+ free_public_key( pk );
}
if( next_pw ) {
pw = next_pw;
diff --git a/g10/pkclist.c b/g10/pkclist.c
index bbab2235b..3babb2997 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -45,7 +45,7 @@ query_ownertrust( ulong lid )
int rc;
size_t n;
u32 keyid[2];
- PKT_public_cert *pkc ;
+ PKT_public_key *pk ;
int changed=0;
rc = keyid_from_trustdb( lid, keyid );
@@ -54,8 +54,8 @@ query_ownertrust( ulong lid )
return 0;
}
- pkc = m_alloc_clear( sizeof *pkc );
- rc = get_pubkey( pkc, keyid );
+ pk = m_alloc_clear( sizeof *pk );
+ rc = get_pubkey( pk, keyid );
if( rc ) {
log_error("keyid %08lX: pubkey not found: %s\n",
(ulong)keyid[1], g10_errstr(rc) );
@@ -64,8 +64,8 @@ query_ownertrust( ulong lid )
tty_printf(_("No ownertrust defined for %lu:\n"
"%4u%c/%08lX %s \""), lid,
- nbits_from_pkc( pkc ), pubkey_letter( pkc->pubkey_algo ),
- (ulong)keyid[1], datestr_from_pkc( pkc ) );
+ nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
+ (ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
m_free(p);
@@ -110,7 +110,7 @@ query_ownertrust( ulong lid )
m_free(p); p = NULL;
}
m_free(p);
- m_free(pkc);
+ m_free(pk);
return changed;
}
@@ -120,7 +120,7 @@ query_ownertrust( ulong lid )
* Returns: -1 if no ownertrust were added.
*/
static int
-add_ownertrust( PKT_public_cert *pkc )
+add_ownertrust( PKT_public_key *pk )
{
int rc;
void *context = NULL;
@@ -132,13 +132,13 @@ add_ownertrust( PKT_public_cert *pkc )
_("Could not find a valid trust path to the key. Let's see whether we\n"
"can assign some missing owner trust values.\n\n"));
- rc = query_trust_record( pkc );
+ rc = query_trust_record( pk );
if( rc ) {
log_error("Ooops: not in trustdb\n");
return -1;
}
- lid = pkc->local_id;
+ lid = pk->local_id;
while( !(rc=enum_trust_web( &context, &lid )) ) {
rc = get_ownertrust( lid, &trust );
if( rc )
@@ -160,11 +160,11 @@ _("Could not find a valid trust path to the key. Let's see whether we\n"
}
/****************
- * Check whether we can trust this pkc which has a trustlevel of TRUSTLEVEL
+ * Check whether we can trust this pk which has a trustlevel of TRUSTLEVEL
* Returns: true if we trust.
*/
static int
-do_we_trust( PKT_public_cert *pkc, int trustlevel )
+do_we_trust( PKT_public_key *pk, int trustlevel )
{
int rc;
@@ -187,19 +187,19 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
switch( (trustlevel & TRUST_MASK) ) {
case TRUST_UNKNOWN: /* No pubkey in trustDB: Insert and check again */
- rc = insert_trust_record( pkc );
+ rc = insert_trust_record( pk );
if( rc ) {
log_error("failed to insert it into the trustdb: %s\n",
g10_errstr(rc) );
return 0; /* no */
}
- rc = check_trust( pkc, &trustlevel );
+ rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after insert failed: %s\n",
g10_errstr(rc) );
if( trustlevel == TRUST_UNKNOWN || trustlevel == TRUST_EXPIRED )
BUG();
- return do_we_trust( pkc, trustlevel );
+ return do_we_trust( pk, trustlevel );
case TRUST_EXPIRED:
log_info("key has expired\n");
@@ -209,14 +209,14 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
if( opt.batch || opt.answer_no )
log_info("no info to calculate a trust probability\n");
else {
- rc = add_ownertrust( pkc );
+ rc = add_ownertrust( pk );
if( !rc ) {
- rc = check_trust( pkc, &trustlevel );
+ rc = check_trust( pk, &trustlevel );
if( rc )
log_fatal("trust check after add_ownertrust failed: %s\n",
g10_errstr(rc) );
/* fixme: this is recursive; we should unroll it */
- return do_we_trust( pkc, trustlevel );
+ return do_we_trust( pk, trustlevel );
}
}
return 0;
@@ -256,9 +256,9 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
* key anyway.
*/
static int
-do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
+do_we_trust_pre( PKT_public_key *pk, int trustlevel )
{
- int rc = do_we_trust( pkc, trustlevel );
+ int rc = do_we_trust( pk, trustlevel );
if( !opt.batch && !rc ) {
char *answer;
@@ -283,22 +283,22 @@ do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
void
-release_pkc_list( PKC_LIST pkc_list )
+release_pk_list( PK_LIST pk_list )
{
- PKC_LIST pkc_rover;
+ PK_LIST pk_rover;
- for( ; pkc_list; pkc_list = pkc_rover ) {
- pkc_rover = pkc_list->next;
- free_public_cert( pkc_list->pkc );
- m_free( pkc_list );
+ for( ; pk_list; pk_list = pk_rover ) {
+ pk_rover = pk_list->next;
+ free_public_key( pk_list->pk );
+ m_free( pk_list );
}
}
int
-build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
+build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
{
- PKC_LIST pkc_list = NULL;
- PKT_public_cert *pkc=NULL;
+ PK_LIST pk_list = NULL;
+ PKT_public_key *pk=NULL;
int rc=0;
if( !remusr && !opt.batch ) { /* ask */
@@ -314,86 +314,86 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list, unsigned usage )
tty_kill_prompt();
if( !*answer )
break;
- if( pkc )
- free_public_cert( pkc );
- pkc = m_alloc_clear( sizeof *pkc );
- rc = get_pubkey_byname( pkc, answer );
+ if( pk )
+ free_public_key( pk );
+ pk = m_alloc_clear( sizeof *pk );
+ rc = get_pubkey_byname( pk, answer );
if( rc )
tty_printf("No such user ID.\n");
- else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage)) ) {
+ else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) {
int trustlevel;
- rc = check_trust( pkc, &trustlevel );
+ rc = check_trust( pk, &trustlevel );
if( rc ) {
- log_error("error checking pkc of '%s': %s\n",
+ log_error("error checking pk of '%s': %s\n",
answer, g10_errstr(rc) );
}
- else if( do_we_trust_pre( pkc, trustlevel ) ) {
- PKC_LIST r;
+ else if( do_we_trust_pre( pk, trustlevel ) ) {
+ PK_LIST r;
r = m_alloc( sizeof *r );
- r->pkc = pkc; pkc = NULL;
- r->next = pkc_list;
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
r->mark = 0;
- pkc_list = r;
+ pk_list = r;
break;
}
}
}
m_free(answer);
- if( pkc ) {
- free_public_cert( pkc );
- pkc = NULL;
+ if( pk ) {
+ free_public_key( pk );
+ pk = NULL;
}
}
else {
for(; remusr; remusr = remusr->next ) {
- pkc = m_alloc_clear( sizeof *pkc );
- if( (rc = get_pubkey_byname( pkc, remusr->d )) ) {
- free_public_cert( pkc ); pkc = NULL;
+ pk = m_alloc_clear( sizeof *pk );
+ if( (rc = get_pubkey_byname( pk, remusr->d )) ) {
+ free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
}
- else if( !(rc=check_pubkey_algo2(pkc->pubkey_algo, usage )) ) {
+ else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) {
int trustlevel;
- rc = check_trust( pkc, &trustlevel );
+ rc = check_trust( pk, &trustlevel );
if( rc ) {
- free_public_cert( pkc ); pkc = NULL;
- log_error("error checking pkc of '%s': %s\n",
+ free_public_key( pk ); pk = NULL;
+ log_error("error checking pk of '%s': %s\n",
remusr->d, g10_errstr(rc) );
}
- else if( do_we_trust_pre( pkc, trustlevel ) ) {
+ else if( do_we_trust_pre( pk, trustlevel ) ) {
/* note: do_we_trust may have changed the trustlevel */
- PKC_LIST r;
+ PK_LIST r;
r = m_alloc( sizeof *r );
- r->pkc = pkc; pkc = NULL;
- r->next = pkc_list;
+ r->pk = pk; pk = NULL;
+ r->next = pk_list;
r->mark = 0;
- pkc_list = r;
+ pk_list = r;
}
- else { /* we don't trust this pkc */
- free_public_cert( pkc ); pkc = NULL;
+ else { /* we don't trust this pk */
+ free_public_key( pk ); pk = NULL;
}
}
else {
- free_public_cert( pkc ); pkc = NULL;
+ free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) );
}
}
}
- if( !rc && !pkc_list ) {
+ if( !rc && !pk_list ) {
log_error("no valid addressees\n");
rc = G10ERR_NO_USER_ID;
}
if( rc )
- release_pkc_list( pkc_list );
+ release_pk_list( pk_list );
else
- *ret_pkc_list = pkc_list;
+ *ret_pk_list = pk_list;
return rc;
}
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index ade155545..90cd26036 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -44,7 +44,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
byte *frame = NULL;
unsigned n, nframe;
u16 csum, csum2;
- PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
+ PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
if( is_RSA(k->pubkey_algo) ) /* warn about that */
write_status(STATUS_RSA_OR_IDEA);
@@ -52,14 +52,14 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
if( rc )
goto leave;
- skc->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
- if( (rc = get_seckey( skc, k->keyid )) )
+ sk->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
+ if( (rc = get_seckey( sk, k->keyid )) )
goto leave;
- rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, skc->skey );
+ rc = pubkey_decrypt(k->pubkey_algo, &plain_dek, k->data, sk->skey );
if( rc )
goto leave;
- free_secret_cert( skc ); skc = NULL;
+ free_secret_key( sk ); sk = NULL;
frame = mpi_get_buffer( plain_dek, &nframe, NULL );
mpi_free( plain_dek ); plain_dek = NULL;
@@ -128,8 +128,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
leave:
mpi_free(plain_dek);
m_free(frame);
- if( skc )
- free_secret_cert( skc );
+ if( sk )
+ free_secret_key( sk );
return rc;
}
diff --git a/g10/revoke.c b/g10/revoke.c
index 4819d91c2..948da6361 100644
--- a/g10/revoke.c
+++ b/g10/revoke.c
@@ -45,10 +45,10 @@ gen_revoke( const char *uname )
armor_filter_context_t afx;
compress_filter_context_t zfx;
PACKET pkt;
- PKT_secret_cert *skc; /* used as pointer into a kbnode */
- PKT_public_cert *pkc = NULL;
+ PKT_secret_key *sk; /* used as pointer into a kbnode */
+ PKT_public_key *pk = NULL;
PKT_signature *sig = NULL;
- u32 skc_keyid[2];
+ u32 sk_keyid[2];
IOBUF out = NULL;
KBNODE keyblock = NULL;
KBNODE node;
@@ -82,7 +82,7 @@ gen_revoke( const char *uname )
}
/* get the keyid from the keyblock */
- node = find_kbnode( keyblock, PKT_SECRET_CERT );
+ node = find_kbnode( keyblock, PKT_SECRET_KEY );
if( !node ) { /* maybe better to use log_bug ? */
log_error("Oops; secret key not found anymore!\n");
rc = G10ERR_GENERAL;
@@ -91,27 +91,26 @@ gen_revoke( const char *uname )
/* fixme: should make a function out of this stuff,
* it's used all over the source */
- skc = node->pkt->pkt.secret_cert;
- keyid_from_skc( skc, skc_keyid );
+ sk = node->pkt->pkt.secret_key;
+ keyid_from_sk( sk, sk_keyid );
tty_printf("\nsec %4u%c/%08lX %s ",
- nbits_from_skc( skc ),
- pubkey_letter( skc->pubkey_algo ),
- skc_keyid[1], datestr_from_skc(skc) );
+ nbits_from_sk( sk ),
+ pubkey_letter( sk->pubkey_algo ),
+ sk_keyid[1], datestr_from_sk(sk) );
{
size_t n;
- char *p = get_user_id( skc_keyid, &n );
+ char *p = get_user_id( sk_keyid, &n );
tty_print_string( p, n );
m_free(p);
tty_printf("\n");
}
- /* the the pkc */
- pkc = m_alloc_clear( sizeof *pkc );
- rc = get_pubkey( pkc, skc_keyid );
+ pk = m_alloc_clear( sizeof *pk );
+ rc = get_pubkey( pk, sk_keyid );
if( rc ) {
log_error("no corresponding public key: %s\n", g10_errstr(rc) );
goto leave;
}
- if( cmp_public_secret_cert( pkc, skc ) ) {
+ if( cmp_public_secret_key( pk, sk ) ) {
log_error("public key does not match secret key!\n" );
rc = G10ERR_GENERAL;
goto leave;
@@ -127,7 +126,7 @@ gen_revoke( const char *uname )
goto leave;
}
- switch( is_secret_key_protected( skc ) ) {
+ switch( is_secret_key_protected( sk ) ) {
case -1:
log_error("unknown protection algorithm\n");
rc = G10ERR_PUBKEY_ALGO;
@@ -136,7 +135,7 @@ gen_revoke( const char *uname )
tty_printf("Warning: This key is not protected!\n");
break;
default:
- rc = check_secret_key( skc );
+ rc = check_secret_key( sk );
break;
}
if( rc )
@@ -159,7 +158,7 @@ gen_revoke( const char *uname )
/* create it */
- rc = make_keysig_packet( &sig, pkc, NULL, NULL, skc, 0x20, 0, NULL, NULL);
+ rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x20, 0, NULL, NULL);
if( rc ) {
log_error("make_keysig_packet failed: %s\n", g10_errstr(rc));
goto leave;
@@ -185,8 +184,8 @@ gen_revoke( const char *uname )
leave:
- if( pkc )
- free_public_cert( pkc );
+ if( pk )
+ free_public_key( pk );
if( sig )
free_seckey_enc( sig );
release_kbnode( keyblock );
diff --git a/g10/ringedit.c b/g10/ringedit.c
index a281d8bab..42509759e 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -69,7 +69,6 @@ typedef struct resource_table_struct RESTBL;
#define MAX_RESOURCES 10
static RESTBL resource_table[MAX_RESOURCES];
-
static int search( PACKET *pkt, KBPOS *kbpos, int secret );
@@ -92,7 +91,6 @@ check_pos( KBPOS *kbpos )
}
-
/****************************************************************
****************** public functions ****************************
****************************************************************/
@@ -168,7 +166,7 @@ get_keyblock_handle( const char *filename, int secret, KBPOS *kbpos )
* Search a keyblock which starts with the given packet and puts all
* information into KBPOS, which can be used later to access this key block.
* This function looks into all registered keyblock sources.
- * PACKET must be a packet with either a secret_cert or a public_cert
+ * PACKET must be a packet with either a secret_key or a public_key
*
* This function is intended to check whether a given certificate
* is already in a keyring or to prepare it for editing.
@@ -210,20 +208,20 @@ int
find_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc;
- rc = get_pubkey_byname( pkc, username );
+ rc = get_pubkey_byname( pk, username );
if( rc ) {
- free_public_cert(pkc);
+ free_public_key(pk);
return rc;
}
init_packet( &pkt );
- pkt.pkttype = PKT_PUBLIC_CERT;
- pkt.pkt.public_cert = pkc;
+ pkt.pkttype = PKT_PUBLIC_KEY;
+ pkt.pkt.public_key = pk;
rc = search( &pkt, kbpos, 0 );
- free_public_cert(pkc);
+ free_public_key(pk);
return rc;
}
@@ -233,14 +231,14 @@ find_keyblock_byname( KBPOS *kbpos, const char *username )
* of the keyblock.
*/
int
-find_keyblock_bypkc( KBPOS *kbpos, PKT_public_cert *pkc )
+find_keyblock_bypk( KBPOS *kbpos, PKT_public_key *pk )
{
PACKET pkt;
int rc;
init_packet( &pkt );
- pkt.pkttype = PKT_PUBLIC_CERT;
- pkt.pkt.public_cert = pkc;
+ pkt.pkttype = PKT_PUBLIC_KEY;
+ pkt.pkt.public_key = pk;
rc = search( &pkt, kbpos, 0 );
return rc;
}
@@ -254,20 +252,20 @@ int
find_secret_keyblock_byname( KBPOS *kbpos, const char *username )
{
PACKET pkt;
- PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
+ PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
int rc;
- rc = get_seckey_byname( skc, username, 0 );
+ rc = get_seckey_byname( sk, username, 0 );
if( rc ) {
- free_secret_cert(skc);
+ free_secret_key(sk);
return rc;
}
init_packet( &pkt );
- pkt.pkttype = PKT_SECRET_CERT;
- pkt.pkt.secret_cert = skc;
+ pkt.pkttype = PKT_SECRET_KEY;
+ pkt.pkt.secret_key = sk;
rc = search( &pkt, kbpos, 1 );
- free_secret_cert(skc);
+ free_secret_key(sk);
return rc;
}
@@ -449,30 +447,30 @@ update_keyblock( KBPOS *kbpos, KBNODE root )
****************************************************************/
static int
-cmp_seckey( PKT_secret_cert *req_skc, PKT_secret_cert *skc )
+cmp_seckey( PKT_secret_key *req_sk, PKT_secret_key *sk )
{
int n,i;
- assert( req_skc->pubkey_algo == skc->pubkey_algo );
+ assert( req_sk->pubkey_algo == sk->pubkey_algo );
- n = pubkey_get_nskey( req_skc->pubkey_algo );
+ n = pubkey_get_nskey( req_sk->pubkey_algo );
for(i=0; i < n; i++ ) {
- if( mpi_cmp( req_skc->skey[i], skc->skey[i] ) )
+ if( mpi_cmp( req_sk->skey[i], sk->skey[i] ) )
return -1;
}
return 0;
}
static int
-cmp_pubkey( PKT_public_cert *req_pkc, PKT_public_cert *pkc )
+cmp_pubkey( PKT_public_key *req_pk, PKT_public_key *pk )
{
int n, i;
- assert( req_pkc->pubkey_algo == pkc->pubkey_algo );
+ assert( req_pk->pubkey_algo == pk->pubkey_algo );
- n = pubkey_get_npkey( req_pkc->pubkey_algo );
+ n = pubkey_get_npkey( req_pk->pubkey_algo );
for(i=0; i < n; i++ ) {
- if( mpi_cmp( req_pkc->pkey[i], pkc->pkey[i] ) )
+ if( mpi_cmp( req_pk->pkey[i], pk->pkey[i] ) )
return -1;
}
return 0;
@@ -489,8 +487,8 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
int save_mode;
ulong offset;
int pkttype = req->pkttype;
- PKT_public_cert *req_pkc = req->pkt.public_cert;
- PKT_secret_cert *req_skc = req->pkt.secret_cert;
+ PKT_public_key *req_pk = req->pkt.public_key;
+ PKT_secret_key *req_sk = req->pkt.secret_key;
init_packet(&pkt);
save_mode = set_packet_list_mode(0);
@@ -512,22 +510,22 @@ keyring_search( PACKET *req, KBPOS *kbpos, IOBUF iobuf, const char *fname )
#endif
while( !(rc=search_packet(iobuf, &pkt, pkttype, &offset)) ) {
- if( pkt.pkttype == PKT_SECRET_CERT ) {
- PKT_secret_cert *skc = pkt.pkt.secret_cert;
+ if( pkt.pkttype == PKT_SECRET_KEY ) {
+ PKT_secret_key *sk = pkt.pkt.secret_key;
- if( req_skc->timestamp == skc->timestamp
- && req_skc->valid_days == skc->valid_days
- && req_skc->pubkey_algo == skc->pubkey_algo
- && !cmp_seckey( req_skc, skc) )
+ if( req_sk->timestamp == sk->timestamp
+ && req_sk->valid_days == sk->valid_days
+ && req_sk->pubkey_algo == sk->pubkey_algo
+ && !cmp_seckey( req_sk, sk) )
break; /* found */
}
- else if( pkt.pkttype == PKT_PUBLIC_CERT ) {
- PKT_public_cert *pkc = pkt.pkt.public_cert;
+ else if( pkt.pkttype == PKT_PUBLIC_KEY ) {
+ PKT_public_key *pk = pkt.pkt.public_key;
- if( req_pkc->timestamp == pkc->timestamp
- && req_pkc->valid_days == pkc->valid_days
- && req_pkc->pubkey_algo == pkc->pubkey_algo
- && !cmp_pubkey( req_pkc, pkc ) )
+ if( req_pk->timestamp == pk->timestamp
+ && req_pk->valid_days == pk->valid_days
+ && req_pk->pubkey_algo == pk->pubkey_algo
+ && !cmp_pubkey( req_pk, pk ) )
break; /* found */
}
else
@@ -577,12 +575,13 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
kbpos->count=0;
while( (rc=parse_packet(a, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
- if( rc != G10ERR_UNKNOWN_PACKET ) {
+ if( rc == G10ERR_PUBKEY_ALGO )
+ parse_pubkey_warning( pkt );
+ else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
}
- log_info("read_keyblock: read error: %s\n", g10_errstr(rc) );
kbpos->count++;
free_packet( pkt );
init_packet( pkt );
@@ -590,8 +589,8 @@ keyring_read( KBPOS *kbpos, KBNODE *ret_root )
}
/* make a linked list of all packets */
switch( pkt->pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
if( in_cert )
goto ready;
in_cert = 1;
@@ -641,7 +640,9 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
init_packet(pkt);
while( (rc=parse_packet(kbpos->fp, pkt)) != -1 ) {
if( rc ) { /* ignore errors */
- if( rc != G10ERR_UNKNOWN_PACKET ) {
+ if( rc == G10ERR_PUBKEY_ALGO )
+ parse_pubkey_warning( pkt );
+ else if( rc != G10ERR_UNKNOWN_PACKET ) {
log_error("read_keyblock: read error: %s\n", g10_errstr(rc) );
rc = G10ERR_INV_KEYRING;
goto ready;
@@ -652,8 +653,8 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
}
/* make a linked list of all packets */
switch( pkt->pkttype ) {
- case PKT_PUBLIC_CERT:
- case PKT_SECRET_CERT:
+ case PKT_PUBLIC_KEY:
+ case PKT_SECRET_KEY:
if( root ) { /* store this packet */
kbpos->pkt = pkt;
pkt = NULL;
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 508187fb8..042b90fe8 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -35,76 +35,76 @@
static int
-do_check( PKT_secret_cert *cert )
+do_check( PKT_secret_key *sk )
{
byte *buffer;
u16 csum=0;
int i, res;
unsigned nbytes;
- if( cert->is_protected ) { /* remove the protection */
+ if( sk->is_protected ) { /* remove the protection */
DEK *dek = NULL;
u32 keyid[2];
CIPHER_HANDLE cipher_hd=NULL;
- PKT_secret_cert *save_cert;
+ PKT_secret_key *save_sk;
char save_iv[8];
- if( cert->protect.algo == CIPHER_ALGO_NONE )
+ if( sk->protect.algo == CIPHER_ALGO_NONE )
BUG();
- if( check_cipher_algo( cert->protect.algo ) )
+ if( check_cipher_algo( sk->protect.algo ) )
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
- keyid_from_skc( cert, keyid );
- dek = passphrase_to_dek( keyid, cert->protect.algo,
- &cert->protect.s2k, 0 );
- cipher_hd = cipher_open( cert->protect.algo,
+ keyid_from_sk( sk, keyid );
+ dek = passphrase_to_dek( keyid, sk->protect.algo,
+ &sk->protect.s2k, 0 );
+ cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek);
- save_cert = copy_secret_cert( NULL, cert );
- memcpy(save_iv, cert->protect.iv, 8 );
- cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
+ save_sk = copy_secret_key( NULL, sk );
+ memcpy(save_iv, sk->protect.iv, 8 );
+ cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
csum = 0;
- for(i=pubkey_get_npkey(cert->pubkey_algo);
- i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
- buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL );
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
- assert( mpi_is_protected(cert->skey[i]) );
+ assert( mpi_is_protected(sk->skey[i]) );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
- mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
- mpi_clear_protect_flag( cert->skey[i] );
- csum += checksum_mpi( cert->skey[i] );
+ mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
+ mpi_clear_protect_flag( sk->skey[i] );
+ csum += checksum_mpi( sk->skey[i] );
m_free( buffer );
}
if( opt.emulate_bugs & 1 ) {
- csum = cert->csum;
+ csum = sk->csum;
}
cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
- if( csum != cert->csum ) {
- copy_secret_cert( cert, save_cert );
- free_secret_cert( save_cert );
- memcpy( cert->protect.iv, save_iv, 8 );
+ if( csum != sk->csum ) {
+ copy_secret_key( sk, save_sk );
+ free_secret_key( save_sk );
+ memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
/* the checksum may fail, so we also check the key itself */
- res = pubkey_check_secret_key( cert->pubkey_algo, cert->skey );
+ res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey );
if( res ) {
- copy_secret_cert( cert, save_cert );
- free_secret_cert( save_cert );
- memcpy( cert->protect.iv, save_iv, 8 );
+ copy_secret_key( sk, save_sk );
+ free_secret_key( save_sk );
+ memcpy( sk->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
- free_secret_cert( save_cert );
- cert->is_protected = 0;
+ free_secret_key( save_sk );
+ sk->is_protected = 0;
}
else { /* not protected, assume it is okay if the checksum is okay */
csum = 0;
- for(i=pubkey_get_npkey(cert->pubkey_algo);
- i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
- csum += checksum_mpi( cert->skey[i] );
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ csum += checksum_mpi( sk->skey[i] );
}
- if( csum != cert->csum )
+ if( csum != sk->csum )
return G10ERR_CHECKSUM;
}
@@ -114,11 +114,11 @@ do_check( PKT_secret_cert *cert )
/****************
- * Check the secret key certificate
+ * Check the secret key
* Ask up to 3 times for a correct passphrase
*/
int
-check_secret_key( PKT_secret_cert *cert )
+check_secret_key( PKT_secret_key *sk )
{
int rc = G10ERR_BAD_PASS;
int i;
@@ -126,20 +126,20 @@ check_secret_key( PKT_secret_cert *cert )
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
- rc = do_check( cert );
+ rc = do_check( sk );
#if 0 /* set to 1 to enable the workaround */
- if( rc == G10ERR_BAD_PASS && cert->is_protected
- && cert->protect.algo == CIPHER_ALGO_BLOWFISH
- && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
+ if( rc == G10ERR_BAD_PASS && sk->is_protected
+ && sk->protect.algo == CIPHER_ALGO_BLOWFISH
+ && sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
/* Workaround for a bug in 0.2.16 which still used
* a 160 bit key for BLOWFISH. */
log_info("trying workaround for 0.2.16 passphrase bug ...\n");
log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
- cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
- rc = do_check( cert );
+ sk->protect.algo = CIPHER_ALGO_BLOWFISH160;
+ rc = do_check( sk );
if( rc )
rc = G10ERR_BAD_PASS;
- cert->protect.algo = CIPHER_ALGO_BLOWFISH;
+ sk->protect.algo = CIPHER_ALGO_BLOWFISH;
}
#endif
if( get_passphrase_fd() != -1 )
@@ -154,18 +154,18 @@ check_secret_key( PKT_secret_cert *cert )
* Returns: 0 not protected, -1 on error or the protection algorithm
*/
int
-is_secret_key_protected( PKT_secret_cert *cert )
+is_secret_key_protected( PKT_secret_key *sk )
{
- return cert->is_protected? cert->protect.algo : 0;
+ return sk->is_protected? sk->protect.algo : 0;
}
/****************
- * Protect the secret key certificate with the passphrase from DEK
+ * Protect the secret key with the passphrase from DEK
*/
int
-protect_secret_key( PKT_secret_cert *cert, DEK *dek )
+protect_secret_key( PKT_secret_key *sk, DEK *dek )
{
int i, rc = 0;
byte *buffer;
@@ -175,33 +175,33 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
if( !dek )
return 0;
- if( !cert->is_protected ) { /* okay, apply the protection */
+ if( !sk->is_protected ) { /* okay, apply the protection */
CIPHER_HANDLE cipher_hd=NULL;
- if( check_cipher_algo( cert->protect.algo ) )
+ if( check_cipher_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
- cipher_hd = cipher_open( cert->protect.algo,
+ cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
- cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
+ cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 );
/* NOTE: we always recalculate the checksum because there are some
* test releases which calculated it wrong */
csum = 0;
- for(i=pubkey_get_npkey(cert->pubkey_algo);
- i < pubkey_get_nskey(cert->pubkey_algo); i++ ) {
- csum += checksum_mpi_counted_nbits( cert->skey[i] );
- buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL );
+ for(i=pubkey_get_npkey(sk->pubkey_algo);
+ i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ csum += checksum_mpi_counted_nbits( sk->skey[i] );
+ buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
- assert( !mpi_is_protected(cert->skey[i]) );
+ assert( !mpi_is_protected(sk->skey[i]) );
cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
- mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 );
- mpi_set_protect_flag( cert->skey[i] );
+ mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
+ mpi_set_protect_flag( sk->skey[i] );
m_free( buffer );
}
- cert->csum = csum;
- cert->is_protected = 1;
+ sk->csum = csum;
+ sk->is_protected = 1;
cipher_close( cipher_hd );
}
}
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 200d67048..984671923 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -39,7 +39,7 @@ struct cmp_help_context_s {
};
-static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
+static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest );
@@ -51,19 +51,19 @@ static int do_check( PKT_public_cert *pkc, PKT_signature *sig,
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
{
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
if( is_RSA(sig->pubkey_algo) )
write_status(STATUS_RSA_OR_IDEA);
- if( get_pubkey( pkc, sig->keyid ) )
+ if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else
- rc = do_check( pkc, sig, digest );
+ rc = do_check( pk, sig, digest );
- free_public_cert( pkc );
+ free_public_key( pk );
return rc;
}
@@ -144,33 +144,33 @@ cmp_help( void *opaque, MPI result )
static int
-do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
+do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
{
MPI result = NULL;
int rc=0;
struct cmp_help_context_s ctx;
u32 cur_time;
- if( pkc->version == 4 && pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+ if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
return G10ERR_PUBKEY_ALGO;
}
- if( pkc->timestamp > sig->timestamp )
+ if( pk->timestamp > sig->timestamp )
return G10ERR_TIME_CONFLICT; /* pubkey newer that signature */
cur_time = make_timestamp();
- if( pkc->timestamp > cur_time ) {
+ if( pk->timestamp > cur_time ) {
log_info(_("public key created in future (time warp or clock problem)\n"));
return G10ERR_TIME_CONFLICT;
}
- if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
- pkc->valid_days) < cur_time ) {
+ if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
+ pk->valid_days) < cur_time ) {
log_info(_("warning: signature key expired %s\n"), strtimestamp(
- add_days_to_timestamp(pkc->timestamp,
- pkc->valid_days)));
+ add_days_to_timestamp(pk->timestamp,
+ pk->valid_days)));
write_status(STATUS_SIGEXPIRED);
}
@@ -217,11 +217,11 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
}
md_final( digest );
- result = encode_md_value( pkc->pubkey_algo, digest, sig->digest_algo,
- mpi_get_nbits(pkc->pkey[0]));
+ result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
+ mpi_get_nbits(pk->pkey[0]));
ctx.sig = sig;
ctx.md = digest;
- rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey,
+ rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey,
cmp_help, &ctx );
mpi_free( result );
@@ -249,14 +249,14 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
/****************
* check the signature pointed to by NODE. This is a key signature.
- * If the function detects a self-signature, it uses the PKC from
+ * If the function detects a self-signature, it uses the PK from
* NODE and does not read any public key.
*/
int
check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
{
MD_HANDLE md;
- PKT_public_cert *pkc;
+ PKT_public_key *pk;
PKT_signature *sig;
int algo;
int rc;
@@ -264,9 +264,9 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( is_selfsig )
*is_selfsig = 0;
assert( node->pkt->pkttype == PKT_SIGNATURE );
- assert( root->pkt->pkttype == PKT_PUBLIC_CERT );
+ assert( root->pkt->pkttype == PKT_PUBLIC_KEY );
- pkc = root->pkt->pkt.public_cert;
+ pk = root->pkt->pkt.public_key;
sig = node->pkt->pkt.signature;
algo = sig->digest_algo;
if( (rc=check_digest_algo(algo)) )
@@ -274,25 +274,25 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( sig->sig_class == 0x20 ) {
md = md_open( algo, 0 );
- hash_public_cert( md, pkc );
- rc = do_check( pkc, sig, md );
+ hash_public_key( md, pk );
+ rc = do_check( pk, sig, md );
md_close(md);
}
else if( sig->sig_class == 0x18 ) {
- KBNODE snode = find_prev_kbnode( root, node, PKT_PUBKEY_SUBCERT );
+ KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
if( snode ) {
if( is_selfsig ) {
u32 keyid[2];
- keyid_from_pkc( pkc, keyid );
+ keyid_from_pk( pk, keyid );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
md = md_open( algo, 0 );
- hash_public_cert( md, pkc );
- hash_public_cert( md, snode->pkt->pkt.public_cert );
- rc = do_check( pkc, sig, md );
+ hash_public_key( md, pk );
+ hash_public_key( md, snode->pkt->pkt.public_key );
+ rc = do_check( pk, sig, md );
md_close(md);
}
else {
@@ -306,15 +306,15 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
if( unode ) {
u32 keyid[2];
- keyid_from_pkc( pkc, keyid );
+ keyid_from_pk( pk, keyid );
md = md_open( algo, 0 );
/*md_start_debug(md, "check");*/
- hash_public_cert( md, pkc );
+ hash_public_key( md, pk );
hash_uid_node( unode, md, sig );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
if( is_selfsig )
*is_selfsig = 1;
- rc = do_check( pkc, sig, md );
+ rc = do_check( pk, sig, md );
}
else
rc = signature_check( sig, md );
diff --git a/g10/sign.c b/g10/sign.c
index 9245f67f7..116e74b73 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -39,7 +39,7 @@
static int
-do_sign( PKT_secret_cert *skc, PKT_signature *sig,
+do_sign( PKT_secret_key *sk, PKT_signature *sig,
MD_HANDLE md, int digest_algo )
{
MPI frame;
@@ -53,9 +53,9 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
- frame = encode_md_value( skc->pubkey_algo, md,
- digest_algo, mpi_get_nbits(skc->skey[0]));
- rc = pubkey_sign( skc->pubkey_algo, sig->data, frame, skc->skey );
+ frame = encode_md_value( sk->pubkey_algo, md,
+ digest_algo, mpi_get_nbits(sk->skey[0]));
+ rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
mpi_free(frame);
if( rc )
log_error("pubkey_sign failed: %s\n", g10_errstr(rc) );
@@ -63,7 +63,7 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string( sig->keyid );
log_info("%s signature from: %s\n",
- pubkey_algo_to_string(skc->pubkey_algo), ustr );
+ pubkey_algo_to_string(sk->pubkey_algo), ustr );
m_free(ustr);
}
}
@@ -73,12 +73,12 @@ do_sign( PKT_secret_cert *skc, PKT_signature *sig,
int
-complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md )
+complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
{
int rc=0;
- if( !(rc=check_secret_key( skc )) )
- rc = do_sign( skc, sig, md, 0 );
+ if( !(rc=check_secret_key( sk )) )
+ rc = do_sign( sk, sig, md, 0 );
/* fixme: should we check whether the signature is okay?
* maybe by using an option */
@@ -99,15 +99,15 @@ hash_for(int pubkey_algo )
}
static int
-only_old_style( SKC_LIST skc_list )
+only_old_style( SK_LIST sk_list )
{
- SKC_LIST skc_rover = NULL;
+ SK_LIST sk_rover = NULL;
int old_style = 0;
/* if there are only old style capable key we use the old sytle */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc = skc_rover->skc;
- if( skc->pubkey_algo == PUBKEY_ALGO_RSA && skc->version < 4 )
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 )
old_style = 1;
else
return 0;
@@ -142,9 +142,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
PKT_plaintext *pt = NULL;
u32 filesize;
int rc = 0;
- PKC_LIST pkc_list = NULL;
- SKC_LIST skc_list = NULL;
- SKC_LIST skc_rover = NULL;
+ PK_LIST pk_list = NULL;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
int multifile = 0;
int old_style = opt.rfc1991;
@@ -166,12 +166,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encrypt) )
log_bug("multiple files can only be detached signed");
- if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
+ if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
goto leave;
if( !old_style )
- old_style = only_old_style( skc_list );
+ old_style = only_old_style( sk_list );
if( encrypt ) {
- if( (rc=build_pkc_list( remusr, &pkc_list, 2 )) )
+ if( (rc=build_pk_list( remusr, &pk_list, 2 )) )
goto leave;
}
@@ -204,9 +204,9 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
iobuf_push_filter( inp, text_filter, &tfx );
mfx.md = md_open(0, 0);
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc = skc_rover->skc;
- md_enable(mfx.md, hash_for(skc->pubkey_algo));
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ md_enable(mfx.md, hash_for(sk->pubkey_algo));
}
if( !multifile )
@@ -218,7 +218,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
write_comment( out, "#created by GNUPG v" VERSION " ("
PRINTABLE_OS_NAME ")");
if( encrypt ) {
- efx.pkc_list = pkc_list;
+ efx.pk_list = pk_list;
/* fixme: set efx.cfx.datalen if known */
iobuf_push_filter( out, encrypt_filter, &efx );
}
@@ -231,17 +231,17 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( !detached && !old_style ) {
/* loop over the secret certificates and build headers */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc;
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk;
PKT_onepass_sig *ops;
- skc = skc_rover->skc;
+ sk = sk_rover->sk;
ops = m_alloc_clear( sizeof *ops );
ops->sig_class = opt.textmode && !outfile ? 0x01 : 0x00;
- ops->digest_algo = hash_for(skc->pubkey_algo);
- ops->pubkey_algo = skc->pubkey_algo;
- keyid_from_skc( skc, ops->keyid );
- ops->last = !skc_rover->next;
+ ops->digest_algo = hash_for(sk->pubkey_algo);
+ ops->pubkey_algo = sk->pubkey_algo;
+ keyid_from_sk( sk, ops->keyid );
+ ops->last = !sk_rover->next;
init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG;
@@ -324,20 +324,20 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
/* loop over the secret certificates */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc;
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
- skc = skc_rover->skc;
+ sk = sk_rover->sk;
/* build the signature packet */
/* fixme: this code is partly duplicated in make_keysig_packet */
sig = m_alloc_clear( sizeof *sig );
- sig->version = skc->version;
- keyid_from_skc( skc, sig->keyid );
- sig->digest_algo = hash_for(skc->pubkey_algo);
- sig->pubkey_algo = skc->pubkey_algo;
+ sig->version = sk->version;
+ keyid_from_sk( sk, sig->keyid );
+ sig->digest_algo = hash_for(sk->pubkey_algo);
+ sig->pubkey_algo = sk->pubkey_algo;
sig->timestamp = make_timestamp();
sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
@@ -380,7 +380,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
}
md_final( md );
- rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
+ rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
if( !rc ) { /* and write it */
@@ -404,8 +404,8 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
- release_skc_list( skc_list );
- release_pkc_list( pkc_list );
+ release_sk_list( sk_list );
+ release_pk_list( pk_list );
return rc;
}
@@ -458,18 +458,18 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
IOBUF inp = NULL, out = NULL;
PACKET pkt;
int rc = 0;
- SKC_LIST skc_list = NULL;
- SKC_LIST skc_rover = NULL;
+ SK_LIST sk_list = NULL;
+ SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991;
memset( &afx, 0, sizeof afx);
memset( &tfx, 0, sizeof tfx);
init_packet( &pkt );
- if( (rc=build_skc_list( locusr, &skc_list, 1, 1 )) )
+ if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) )
goto leave;
if( !old_style )
- old_style = only_old_style( skc_list );
+ old_style = only_old_style( sk_list );
/* prepare iobufs */
if( !(inp = iobuf_open(fname)) ) {
@@ -510,9 +510,9 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
textmd = md_open(0, 0);
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc = skc_rover->skc;
- md_enable(textmd, hash_for(skc->pubkey_algo));
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk = sk_rover->sk;
+ md_enable(textmd, hash_for(sk->pubkey_algo));
}
iobuf_push_filter( inp, text_filter, &tfx );
@@ -525,20 +525,20 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
iobuf_push_filter( out, armor_filter, &afx );
/* loop over the secret certificates */
- for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) {
- PKT_secret_cert *skc;
+ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
+ PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
- skc = skc_rover->skc;
+ sk = sk_rover->sk;
/* build the signature packet */
/* fixme: this code is duplicated above */
sig = m_alloc_clear( sizeof *sig );
- sig->version = skc->version;
- keyid_from_skc( skc, sig->keyid );
- sig->digest_algo = hash_for(skc->pubkey_algo);
- sig->pubkey_algo = skc->pubkey_algo;
+ sig->version = sk->version;
+ keyid_from_sk( sk, sig->keyid );
+ sig->digest_algo = hash_for(sk->pubkey_algo);
+ sig->pubkey_algo = sk->pubkey_algo;
sig->timestamp = make_timestamp();
sig->sig_class = 0x01;
@@ -580,7 +580,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
md_final( md );
- rc = do_sign( skc, sig, md, hash_for(sig->pubkey_algo) );
+ rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
if( !rc ) { /* and write it */
@@ -604,7 +604,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
iobuf_close(out);
iobuf_close(inp);
md_close( textmd );
- release_skc_list( skc_list );
+ release_sk_list( sk_list );
return rc;
}
diff --git a/g10/skclist.c b/g10/skclist.c
index 53fd2e985..7082a2caa 100644
--- a/g10/skclist.c
+++ b/g10/skclist.c
@@ -34,96 +34,96 @@
void
-release_skc_list( SKC_LIST skc_list )
+release_sk_list( SK_LIST sk_list )
{
- SKC_LIST skc_rover;
+ SK_LIST sk_rover;
- for( ; skc_list; skc_list = skc_rover ) {
- skc_rover = skc_list->next;
- free_secret_cert( skc_list->skc );
- m_free( skc_list );
+ for( ; sk_list; sk_list = sk_rover ) {
+ sk_rover = sk_list->next;
+ free_secret_key( sk_list->sk );
+ m_free( sk_list );
}
}
int
-build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list, int unlock,
+build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
unsigned usage )
{
- SKC_LIST skc_list = NULL;
+ SK_LIST sk_list = NULL;
int rc;
if( !locusr ) { /* use the default one */
- PKT_secret_cert *skc;
+ PKT_secret_key *sk;
- skc = m_alloc_clear( sizeof *skc );
- if( (rc = get_seckey_byname( skc, NULL, unlock )) ) {
- free_secret_cert( skc ); skc = NULL;
+ sk = m_alloc_clear( sizeof *sk );
+ if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
+ free_secret_key( sk ); sk = NULL;
log_error("no default secret key: %s\n", g10_errstr(rc) );
}
- else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
- SKC_LIST r;
- if( skc->version == 4 && (usage & 1)
- && skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+ else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
+ SK_LIST r;
+ if( sk->version == 4 && (usage & 1)
+ && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_error("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
- free_secret_cert( skc ); skc = NULL;
+ free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
- r->skc = skc; skc = NULL;
- r->next = skc_list;
+ r->sk = sk; sk = NULL;
+ r->next = sk_list;
r->mark = 0;
- skc_list = r;
+ sk_list = r;
}
}
else {
- free_secret_cert( skc ); skc = NULL;
+ free_secret_key( sk ); sk = NULL;
log_error("invalid default secret key: %s\n", g10_errstr(rc) );
}
}
else {
for(; locusr; locusr = locusr->next ) {
- PKT_secret_cert *skc;
+ PKT_secret_key *sk;
- skc = m_alloc_clear( sizeof *skc );
- if( (rc = get_seckey_byname( skc, locusr->d, unlock )) ) {
- free_secret_cert( skc ); skc = NULL;
+ sk = m_alloc_clear( sizeof *sk );
+ if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
+ free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
}
- else if( !(rc=check_pubkey_algo2(skc->pubkey_algo, usage)) ) {
- SKC_LIST r;
- if( skc->version == 4 && (usage & 1)
- && skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
+ else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
+ SK_LIST r;
+ if( sk->version == 4 && (usage & 1)
+ && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("skipped '%s': this is a PGP generated "
"ElGamal key which is not secure for signatures!\n",
locusr->d );
- free_secret_cert( skc ); skc = NULL;
+ free_secret_key( sk ); sk = NULL;
}
else {
r = m_alloc( sizeof *r );
- r->skc = skc; skc = NULL;
- r->next = skc_list;
+ r->sk = sk; sk = NULL;
+ r->next = sk_list;
r->mark = 0;
- skc_list = r;
+ sk_list = r;
}
}
else {
- free_secret_cert( skc ); skc = NULL;
+ free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
}
}
}
- if( !rc && !skc_list ) {
+ if( !rc && !sk_list ) {
log_error("no valid signators\n");
rc = G10ERR_NO_USER_ID;
}
if( rc )
- release_skc_list( skc_list );
+ release_sk_list( sk_list );
else
- *ret_skc_list = skc_list;
+ *ret_sk_list = sk_list;
return rc;
}
diff --git a/g10/trustdb.c b/g10/trustdb.c
index 6ee436128..e9264c69e 100644
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@@ -163,7 +163,7 @@ static void dump_record( ulong rnum, TRUSTREC *rec, FILE *fp );
static int read_record( ulong recnum, TRUSTREC *rec, int expected );
static int write_record( ulong recnum, TRUSTREC *rec );
static ulong new_recnum(void);
-static int search_record( PKT_public_cert *pkc, TRUSTREC *rec );
+static int search_record( PKT_public_key *pk, TRUSTREC *rec );
static int walk_sigrecs( SIGREC_CONTEXT *c, int create );
static LOCAL_ID_INFO *new_lid_table(void);
@@ -636,13 +636,13 @@ new_recnum()
}
/****************
- * Search the trustdb for a key which matches PKC and return the dir record
- * The local_id of PKC is set to the correct value
+ * Search the trustdb for a key which matches PK and return the dir record
+ * The local_id of PK is set to the correct value
*
* Note: To increase performance, we could use a index search here.
*/
static int
-search_record( PKT_public_cert *pkc, TRUSTREC *rec )
+search_record( PKT_public_key *pk, TRUSTREC *rec )
{
ulong recnum;
u32 keyid[2];
@@ -650,8 +650,8 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
size_t fingerlen;
int rc;
- keyid_from_pkc( pkc, keyid );
- fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
+ keyid_from_pk( pk, keyid );
+ fingerprint = fingerprint_from_pk( pk, &fingerlen );
assert( fingerlen == 20 || fingerlen == 16 );
for(recnum=1; !(rc=read_record( recnum, rec, 0)); recnum++ ) {
@@ -665,13 +665,13 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
log_error("%lu: ooops: invalid key record\n", recnum );
break;
}
- if( keyrec.r.key.pubkey_algo == pkc->pubkey_algo
+ if( keyrec.r.key.pubkey_algo == pk->pubkey_algo
&& !memcmp(keyrec.r.key.fingerprint, fingerprint, fingerlen) ){
- if( pkc->local_id && pkc->local_id != recnum )
+ if( pk->local_id && pk->local_id != recnum )
log_error("%s: found record, but local_id from mem does "
"not match recnum (%lu,%lu)\n", db_name,
- (ulong)pkc->local_id, (ulong)recnum );
- pkc->local_id = recnum;
+ (ulong)pk->local_id, (ulong)recnum );
+ pk->local_id = recnum;
return 0;
}
}
@@ -689,25 +689,25 @@ search_record( PKT_public_cert *pkc, TRUSTREC *rec )
static int
set_signature_packets_local_id( PKT_signature *sig )
{
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
TRUSTREC rec;
int rc;
- rc = get_pubkey( pkc, sig->keyid );
+ rc = get_pubkey( pk, sig->keyid );
if( rc)
goto leave;
- if( !pkc->local_id ) {
- rc = search_record( pkc, &rec );
+ if( !pk->local_id ) {
+ rc = search_record( pk, &rec );
if( rc == -1 )
- rc = insert_trust_record( pkc );
+ rc = insert_trust_record( pk );
if( rc )
goto leave;
- /* fixme: we should propagate the local_id to all copies of the PKC */
+ /* fixme: we should propagate the local_id to all copies of the PK */
}
- sig->local_id = pkc->local_id;
+ sig->local_id = pk->local_id;
leave:
- free_public_cert( pkc );
+ free_public_key( pk );
return rc;
}
@@ -833,15 +833,15 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
* Verify that all our public keys are in the trustDB.
*/
static int
-verify_own_certs()
+verify_own_keys()
{
int rc;
void *enum_context = NULL;
- PKT_secret_cert *skc = m_alloc_clear( sizeof *skc );
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
u32 keyid[2];
- while( !(rc=enum_secret_keys( &enum_context, skc) ) ) {
+ while( !(rc=enum_secret_keys( &enum_context, sk) ) ) {
/* fixed: to be sure that it is a secret key of our own,
* we should check it, but this needs a passphrase
* for every key and this is boring for the user.
@@ -850,20 +850,20 @@ verify_own_certs()
* startup
*/
- keyid_from_skc( skc, keyid );
+ keyid_from_sk( sk, keyid );
if( DBG_TRUST )
log_debug("checking secret key %08lX\n", (ulong)keyid[1] );
/* see whether we can access the public key of this secret key */
- memset( pkc, 0, sizeof *pkc );
- rc = get_pubkey( pkc, keyid );
+ memset( pk, 0, sizeof *pk );
+ rc = get_pubkey( pk, keyid );
if( rc ) {
log_error(_("keyid %08lX: secret key without public key\n"),
(ulong)keyid[1] );
goto leave;
}
- if( cmp_public_secret_cert( pkc, skc ) ) {
+ if( cmp_public_secret_key( pk, sk ) ) {
log_error(_("keyid %08lX: secret and public key don't match\n"),
(ulong)keyid[1] );
rc = G10ERR_GENERAL;
@@ -871,9 +871,9 @@ verify_own_certs()
}
/* make sure that the pubkey is in the trustdb */
- rc = query_trust_record( pkc );
+ rc = query_trust_record( pk );
if( rc == -1 ) { /* put it into the trustdb */
- rc = insert_trust_record( pkc );
+ rc = insert_trust_record( pk );
if( rc ) {
log_error(_("keyid %08lX: can't put it into the trustdb\n"),
(ulong)keyid[1] );
@@ -888,14 +888,14 @@ verify_own_certs()
if( DBG_TRUST )
log_debug("putting %08lX(%lu) into ultikey_table\n",
- (ulong)keyid[1], pkc->local_id );
- if( ins_lid_table_item( ultikey_table, pkc->local_id, 0 ) )
+ (ulong)keyid[1], pk->local_id );
+ if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
log_error(_("keyid %08lX: already in ultikey_table\n"),
(ulong)keyid[1]);
- release_secret_cert_parts( skc );
- release_public_cert_parts( pkc );
+ release_secret_key_parts( sk );
+ release_public_key_parts( pk );
}
if( rc != -1 )
log_error(_("enum_secret_keys failed: %s\n"), g10_errstr(rc) );
@@ -903,8 +903,8 @@ verify_own_certs()
rc = 0;
leave:
- free_secret_cert( skc );
- free_public_cert( pkc );
+ free_secret_key( sk );
+ free_public_key( pk );
return rc;
}
@@ -1186,7 +1186,7 @@ build_sigrecs( ulong pubkeyid )
goto leave;
}
if( !selfsig ) {
- log_error(_("build_sigrecs: self-certificate missing\n") );
+ log_error(_("build_sigrecs: self-signature missing\n") );
update_no_sigs( pubkeyid, 2 );
rc = G10ERR_BAD_CERT;
goto leave;
@@ -1544,9 +1544,9 @@ init_trustdb( int level, const char *dbname )
* in ~/.gnupg/ here */
rc = verify_private_data();
if( !rc ) {
- /* verify that our own certificates are in the trustDB
+ /* verify that our own keys are in the trustDB
* or move them to the trustdb. */
- rc = verify_own_certs();
+ rc = verify_own_keys();
/* should we check whether there is no other ultimately trusted
* key in the database? */
@@ -1566,19 +1566,19 @@ list_trustdb( const char *username )
TRUSTREC rec;
if( username ) {
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc;
- if( (rc = get_pubkey_byname( pkc, username )) )
+ if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
- else if( (rc=search_record( pkc, &rec )) && rc != -1 )
+ else if( (rc=search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 )
log_error("user '%s' not in trustdb\n", username);
- else if( (rc = list_sigs( pkc->local_id )) )
+ else if( (rc = list_sigs( pk->local_id )) )
log_error("user '%s' list problem: %s\n", username, g10_errstr(rc));
- free_public_cert( pkc );
+ free_public_key( pk );
}
else {
ulong recnum;
@@ -1600,36 +1600,36 @@ list_trust_path( int max_depth, const char *username )
int wipe=0;
int i;
TRUSTREC rec;
- PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
+ PKT_public_key *pk = m_alloc_clear( sizeof *pk );
if( max_depth < 0 ) {
wipe = 1;
max_depth = -max_depth;
}
- if( (rc = get_pubkey_byname( pkc, username )) )
+ if( (rc = get_pubkey_byname( pk, username )) )
log_error("user '%s' not found: %s\n", username, g10_errstr(rc) );
- else if( (rc=search_record( pkc, &rec )) && rc != -1 )
+ else if( (rc=search_record( pk, &rec )) && rc != -1 )
log_error("problem finding '%s' in trustdb: %s\n",
username, g10_errstr(rc));
else if( rc == -1 ) {
log_info("user '%s' not in trustdb - inserting\n", username);
- rc = insert_trust_record( pkc );
+ rc = insert_trust_record( pk );
if( rc )
log_error("failed to put '%s' into trustdb: %s\n", username, g10_errstr(rc));
else {
- assert( pkc->local_id );
+ assert( pk->local_id );
}
}
if( !rc ) {
TRUST_SEG_LIST tsl, tslist = NULL;
- if( !qry_lid_table_flag( ultikey_table, pkc->local_id, NULL ) ) {
+ if( !qry_lid_table_flag( ultikey_table, pk->local_id, NULL ) ) {
tslist = m_alloc( sizeof *tslist );
tslist->nseg = 1;
tslist->dup = 0;
- tslist->seg[0].lid = pkc->local_id;
+ tslist->seg[0].lid = pk->local_id;
tslist->seg[0].trust = 0;
tslist->next = NULL;
rc = 0;
@@ -1638,7 +1638,7 @@ list_trust_path( int max_depth, const char *username )
LOCAL_ID_INFO *lids = new_lid_table();
TRUST_INFO stack[MAX_LIST_SIGS_DEPTH];
- stack[0].lid = pkc->local_id;
+ stack[0].lid = pk->local_id;
stack[0].trust = 0;
rc = do_list_path( stack, 1, max_depth, lids, &tslist );
if( wipe ) { /* wipe out duplicates */
@@ -1674,17 +1674,17 @@ list_trust_path( int max_depth, const char *username )
}
}
- free_public_cert( pkc );
+ free_public_key( pk );
}
/****************
- * Get the trustlevel for this PKC.
+ * Get the trustlevel for this PK.
* Note: This does not ask any questions
* Returns: 0 okay of an errorcode
*
* It operates this way:
- * locate the pkc in the trustdb
+ * locate the pk in the trustdb
* found:
* Do we have a valid cache record for it?
* yes: return trustlevel from cache
@@ -1700,7 +1700,7 @@ list_trust_path( int max_depth, const char *username )
* is not necessary to check this if we use a local pubring. Hmmmm.
*/
int
-check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
+check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
{
TRUSTREC rec;
unsigned trustlevel = TRUST_UNKNOWN;
@@ -1711,44 +1711,44 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
log_info("check_trust() called.\n");
/* get the pubkey record */
- if( pkc->local_id ) {
- if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
+ if( pk->local_id ) {
+ if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error(_("check_trust: read record failed\n"));
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
- if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
+ if( (rc=search_record( pk, &rec )) && rc != -1 ) {
log_error(_("check_trust: search_record failed: %s\n"),
g10_errstr(rc));
return rc;
}
else if( rc == -1 ) {
- rc = insert_trust_record( pkc );
+ rc = insert_trust_record( pk );
if( rc ) {
log_error(_("failed to insert pubkey into trustdb: %s\n"),
g10_errstr(rc));
goto leave;
}
log_info(_("pubkey not in trustdb - inserted as %lu\n"),
- pkc->local_id );
+ pk->local_id );
}
}
cur_time = make_timestamp();
- if( pkc->timestamp > cur_time ) {
+ if( pk->timestamp > cur_time ) {
log_info(_("public key created in future (time warp or clock problem)\n"));
return G10ERR_TIME_CONFLICT;
}
- if( pkc->valid_days && add_days_to_timestamp(pkc->timestamp,
- pkc->valid_days) < cur_time ) {
+ if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
+ pk->valid_days) < cur_time ) {
log_info(_("key expiration date is %s\n"), strtimestamp(
- add_days_to_timestamp(pkc->timestamp,
- pkc->valid_days)));
+ add_days_to_timestamp(pk->timestamp,
+ pk->valid_days)));
trustlevel = TRUST_EXPIRED;
}
else {
- rc = do_check( pkc->local_id, &rec, &trustlevel );
+ rc = do_check( pk->local_id, &rec, &trustlevel );
if( rc ) {
log_error(_("check_trust: do_check failed: %s\n"), g10_errstr(rc));
return rc;
@@ -1765,12 +1765,12 @@ check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel )
int
-query_trust_info( PKT_public_cert *pkc )
+query_trust_info( PKT_public_key *pk )
{
unsigned trustlevel;
int c;
- if( check_trust( pkc, &trustlevel ) )
+ if( check_trust( pk, &trustlevel ) )
return '?';
if( trustlevel & TRUST_FLAG_REVOKED )
return 'r';
@@ -1875,25 +1875,25 @@ keyid_from_trustdb( ulong lid, u32 *keyid )
/****************
* This function simply looks for the key in the trustdb
- * and sets PKC->local_id.
+ * and sets PK->local_id.
* Return: 0 = found
* -1 = not found
* other = error
*/
int
-query_trust_record( PKT_public_cert *pkc )
+query_trust_record( PKT_public_key *pk )
{
TRUSTREC rec;
int rc=0;
- if( pkc->local_id ) {
- if( read_record( pkc->local_id, &rec, RECTYPE_DIR ) ) {
+ if( pk->local_id ) {
+ if( read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error("query_trust_record: read record failed\n");
return G10ERR_TRUSTDB;
}
}
else { /* no local_id: scan the trustdb */
- if( (rc=search_record( pkc, &rec )) && rc != -1 ) {
+ if( (rc=search_record( pk, &rec )) && rc != -1 ) {
log_error("query_trust_record: search_record failed: %s\n",
g10_errstr(rc));
return rc;
@@ -1908,7 +1908,7 @@ query_trust_record( PKT_public_cert *pkc )
* This function fails if this record already exists.
*/
int
-insert_trust_record( PKT_public_cert *pkc )
+insert_trust_record( PKT_public_key *pk )
{
TRUSTREC rec;
u32 keyid[2];
@@ -1917,11 +1917,11 @@ insert_trust_record( PKT_public_cert *pkc )
size_t fingerlen;
- if( pkc->local_id )
- log_bug("pkc->local_id=%lu\n", (ulong)pkc->local_id );
+ if( pk->local_id )
+ log_bug("pk->local_id=%lu\n", (ulong)pk->local_id );
- keyid_from_pkc( pkc, keyid );
- fingerprint = fingerprint_from_pkc( pkc, &fingerlen );
+ keyid_from_pk( pk, keyid );
+ fingerprint = fingerprint_from_pk( pk, &fingerlen );
/* FIXME: check that we do not have this record. */
@@ -1945,7 +1945,7 @@ insert_trust_record( PKT_public_cert *pkc )
rec.r.key.owner = dnum;
rec.r.key.keyid[0] = keyid[0];
rec.r.key.keyid[1] = keyid[1];
- rec.r.key.pubkey_algo = pkc->pubkey_algo;
+ rec.r.key.pubkey_algo = pk->pubkey_algo;
rec.r.key.fingerprint_len = fingerlen;
memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
rec.r.key.ownertrust = 0;
@@ -1954,7 +1954,7 @@ insert_trust_record( PKT_public_cert *pkc )
return G10ERR_TRUSTDB;
}
- pkc->local_id = dnum;
+ pk->local_id = dnum;
return 0;
}
diff --git a/g10/trustdb.h b/g10/trustdb.h
index a9b1e587e..e4d74e411 100644
--- a/g10/trustdb.h
+++ b/g10/trustdb.h
@@ -39,13 +39,13 @@
void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username );
int init_trustdb( int level, const char *dbname );
-int check_trust( PKT_public_cert *pkc, unsigned *r_trustlevel );
-int query_trust_info( PKT_public_cert *pkc );
+int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
+int query_trust_info( PKT_public_key *pk );
int enum_trust_web( void **context, ulong *lid );
int get_ownertrust( ulong lid, unsigned *r_otrust );
int keyid_from_trustdb( ulong lid, u32 *keyid );
-int query_trust_record( PKT_public_cert *pkc );
-int insert_trust_record( PKT_public_cert *pkc );
+int query_trust_record( PKT_public_key *pk );
+int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust );
int verify_private_data(void);
int sign_private_data(void);