61
61
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
62
unsigned char **fpr,size_t *fpr_len,unsigned int options );
62
unsigned char **fpr,size_t *fpr_len,unsigned int options,
63
import_filter_t filter, void *filter_arg );
63
64
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
64
65
static void revocation_present(KBNODE keyblock);
65
66
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
66
67
unsigned char **fpr,size_t *fpr_len,
67
unsigned int options,int from_sk);
68
unsigned int options,int from_sk,
69
import_filter_t filter, void *filter_arg);
68
70
static int import_secret_one( const char *fname, KBNODE keyblock,
69
struct stats_s *stats, unsigned int options);
71
struct stats_s *stats, unsigned int options,
72
import_filter_t filter, void *filter_arg);
70
73
static int import_revoke_cert( const char *fname, KBNODE node,
71
74
struct stats_s *stats);
72
75
static int chk_self_sigs( const char *fname, KBNODE keyblock,
164
167
import_keys_internal( IOBUF inp, char **fnames, int nnames,
165
168
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
166
unsigned int options )
169
unsigned int options,
170
import_filter_t filter, void *filter_arg)
169
173
struct stats_s *stats = stats_handle;
172
176
stats = import_new_stats_handle ();
175
rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
179
rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
178
183
int once = (!fnames && !nnames);
192
197
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
195
rc = import( inp2, fname, stats, fpr, fpr_len, options );
200
rc = import (inp2, fname, stats, fpr, fpr_len, options,
196
202
iobuf_close(inp2);
197
203
/* Must invalidate that ugly cache to actually close it. */
198
204
iobuf_ioctl (NULL, 2, 0, (char*)fname);
223
229
import_keys( char **fnames, int nnames,
224
230
void *stats_handle, unsigned int options )
226
import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
232
import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
233
options, NULL, NULL);
230
237
import_keys_stream( IOBUF inp, void *stats_handle,
231
unsigned char **fpr, size_t *fpr_len,unsigned int options )
238
unsigned char **fpr, size_t *fpr_len,unsigned int options,
239
import_filter_t filter, void *filter_arg)
233
return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
241
return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
242
options, filter, filter_arg);
237
import( IOBUF inp, const char* fname,struct stats_s *stats,
238
unsigned char **fpr,size_t *fpr_len,unsigned int options )
247
import (IOBUF inp, const char* fname,struct stats_s *stats,
248
unsigned char **fpr, size_t *fpr_len, unsigned int options,
249
import_filter_t filter, void *filter_arg)
240
251
PACKET *pending_pkt = NULL;
241
KBNODE keyblock = NULL; /* Need to initialize because gcc can't
242
grasp the return semantics of
252
KBNODE keyblock = NULL;
246
255
getkey_disable_caches();
257
266
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
258
267
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
259
rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
260
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
261
rc = import_secret_one( fname, keyblock, stats, options );
268
rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
270
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
271
rc = import_secret_one (fname, keyblock, stats, options,
262
273
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
263
274
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
264
275
rc = import_revoke_cert( fname, keyblock, stats );
746
757
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
747
758
unsigned char **fpr,size_t *fpr_len,unsigned int options,
759
int from_sk, import_filter_t filter, void *filter_arg)
750
761
PKT_public_key *pk;
751
762
PKT_public_key *pk_orig;
787
798
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
802
if (filter && filter (keyblock, filter_arg))
804
log_error (_("key %s: %s\n"), keystr_from_pk(pk),
805
_("rejected by import filter"));
791
809
if (opt.interactive) {
792
810
if(is_status_enabled())
793
811
print_import_check (pk, uidnode->pkt->pkt.user_id);
926
944
fingerprint_from_pk (pk_orig, afp, &an);
927
while (an < MAX_FINGERPRINT_LEN)
945
while (an < MAX_FINGERPRINT_LEN)
929
947
rc = keydb_search_fpr (hd, afp);
948
966
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
949
967
if (n_sigs_cleaned)
950
968
commit_kbnode (&keyblock_orig);
952
970
/* and try to merge the block */
953
971
clear_kbnode_flags( keyblock_orig );
954
972
clear_kbnode_flags( keyblock );
1018
1036
stats->n_sigs_cleaned +=n_sigs_cleaned;
1019
1037
stats->n_uids_cleaned +=n_uids_cleaned;
1021
if (is_status_enabled ())
1039
if (is_status_enabled ())
1022
1040
print_import_ok (pk, NULL,
1023
1041
((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1028
if (is_status_enabled ())
1046
if (is_status_enabled ())
1029
1047
print_import_ok (pk, NULL, 0);
1031
1049
if( !opt.quiet )
1165
1183
* with the trust calculation.
1168
import_secret_one( const char *fname, KBNODE keyblock,
1169
struct stats_s *stats, unsigned int options)
1186
import_secret_one (const char *fname, KBNODE keyblock,
1187
struct stats_s *stats, unsigned int options,
1188
import_filter_t filter, void *filter_arg)
1171
1190
PKT_secret_key *sk;
1172
1191
KBNODE node, uidnode;
1176
/* get the key and print some info about it */
1195
/* Get the key and print some info about it. */
1177
1196
node = find_kbnode( keyblock, PKT_SECRET_KEY );
1182
1201
keyid_from_sk( sk, keyid );
1183
1202
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
1204
if (filter && filter (keyblock, filter_arg)) {
1205
log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
1206
_("rejected by import filter"));
1185
1210
if( opt.verbose )
1187
1212
log_info( "sec %4u%c/%s %s ",
1244
1269
if( !opt.quiet )
1245
1270
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
1246
1271
stats->secret_imported++;
1247
if (is_status_enabled ())
1272
if (is_status_enabled ())
1248
1273
print_import_ok (NULL, sk, 1|16);
1250
1275
if(options&IMPORT_SK2PK)
1254
1279
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
1255
1280
if(pub_keyblock)
1257
import_one(fname,pub_keyblock,stats,
1258
NULL,NULL,opt.import_options,1);
1282
import_one (fname, pub_keyblock, stats,
1283
NULL, NULL, opt.import_options, 1,
1259
1285
release_kbnode(pub_keyblock);
1275
1301
log_error( _("key %s: already in secret keyring\n"),
1276
1302
keystr_from_sk(sk));
1277
1303
stats->secret_dups++;
1278
if (is_status_enabled ())
1304
if (is_status_enabled ())
1279
1305
print_import_ok (NULL, sk, 16);
1281
1307
/* TODO: if we ever do merge secret keys, make sure to handle
1332
1358
byte afp[MAX_FINGERPRINT_LEN];
1335
1361
fingerprint_from_pk (pk, afp, &an);
1336
while (an < MAX_FINGERPRINT_LEN)
1362
while (an < MAX_FINGERPRINT_LEN)
1338
1364
rc = keydb_search_fpr (hd, afp);
1430
1456
u32 bsdate=0,rsdate=0;
1431
1457
KBNODE bsnode = NULL, rsnode = NULL;
1436
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1462
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1438
1464
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1459
1485
import a fully-cached key which speeds things up. */
1460
1486
if (!opt.no_sig_cache)
1461
1487
check_key_signature (keyblock, n, NULL);
1463
1489
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1465
1491
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1469
1495
keystr(keyid));
1470
1496
return -1; /* The complete keyblock is invalid. */
1473
1499
/* If it hasn't been marked valid yet, keep trying. */
1474
if (!(unode->flag&1))
1500
if (!(unode->flag&1))
1476
1502
rc = check_key_signature (keyblock, n, NULL);
1479
1505
if ( opt.verbose )
1481
char *p = utf8_to_native
1507
char *p = utf8_to_native
1482
1508
(unode->pkt->pkt.user_id->name,
1483
1509
strlen (unode->pkt->pkt.user_id->name),0);
1484
1510
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
1538
1564
/* It's valid, so is it newer? */
1539
if (sig->timestamp >= bsdate)
1565
if (sig->timestamp >= bsdate)
1541
1567
knode->flag |= 1; /* The subkey is valid. */
1544
1570
/* Delete the last binding sig since this
1545
1571
one is newer */
1547
1573
if (opt.verbose)
1548
1574
log_info (_("key %s: removed multiple subkey"
1549
1575
" binding\n"),keystr(keyid));
1553
1579
bsdate = sig->timestamp;
2339
2365
PACKET *pkt = xmalloc_clear (sizeof *pkt);
2340
2366
PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
2343
2369
if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
2344
2370
pkt->pkttype = PKT_SECRET_KEY;
2346
2372
pkt->pkttype = PKT_SECRET_SUBKEY;
2348
2374
pkt->pkt.secret_key = sk;
2350
2376
copy_public_parts_to_secret_key ( pk, sk );
2351
2377
sk->version = pk->version;
2352
2378
sk->timestamp = pk->timestamp;
2354
2380
n = pubkey_get_npkey (pk->pubkey_algo);
2356
2382
n = 1; /* Unknown number of parameters, however the data
2357
2383
is stored in the first mpi. */
2358
2384
for (i=0; i < n; i++ )
2359
2385
sk->skey[i] = mpi_copy (pk->pkey[i]);
2361
2387
sk->is_protected = 1;
2362
2388
sk->protect.s2k.mode = 1001;
2364
2390
secnode = new_kbnode (pkt);
2368
2394
secnode = clone_kbnode (pubnode);
2371
2397
if(!sec_keyblock)
2372
2398
sec_keyblock = secnode;
2381
2407
/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
2382
2408
stub keys with the serial number SNNUM of the card if one of the
2383
2409
fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
2384
a duplicate (may happen in case of backed uped keys).
2410
a duplicate (may happen in case of backed uped keys).
2386
2412
Returns: True if anything changed.
2389
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2415
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2390
2416
const unsigned char *fpr1,
2391
2417
const unsigned char *fpr2,
2392
2418
const unsigned char *fpr3,
2406
2432
&& node->pkt->pkttype != PKT_SECRET_SUBKEY)
2408
2434
sk = node->pkt->pkt.secret_key;
2410
2436
fingerprint_from_sk (sk, array, &n);
2412
2438
continue; /* Can't be a card key. */
2456
2482
exists, add appropriate subkey stubs and update the secring.
2457
2483
Return 0 if the key could be created. */
2459
auto_create_card_key_stub ( const char *serialnostr,
2485
auto_create_card_key_stub ( const char *serialnostr,
2460
2486
const unsigned char *fpr1,
2461
2487
const unsigned char *fpr2,
2462
2488
const unsigned char *fpr3)
2469
2495
/* We only want to do this for an OpenPGP card. */
2470
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2496
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2471
2497
|| strlen (serialnostr) != 32 )
2472
2498
return G10ERR_GENERAL;