~ubuntu-branches/ubuntu/quantal/gnupg2/quantal-proposed

Viewing changes to g10/import.c

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2011-05-25 14:27:35 UTC
mfrom: (1.1.15 upstream) (7.1.7 sid)
Revision ID: james.westby@ubuntu.com-20110525142735-jccyw0fopnyv728q

Tags: 2.0.17-2ubuntu1

* Merge from debian unstable. Remaining changes:
  - Add udev rules to give gpg access to some smartcard readers;
    Debian #543217.
    . debian/gnupg2.dev: udev rules to set ACLs on SCM smartcard readers.
    . debian/rules: Call dh_installudev.
  - debian/control: Rename Vcs-* to XS-Debian-Vcs-*.

files added:
.pc/debian-changes-2.0.17-2

.pc/debian-changes-2.0.17-2/config.guess

.pc/debian-changes-2.0.17-2/config.sub

.pc/debian-changes-2.0.17-2/version

.pc/debian-changes-2.0.17-2ubuntu1

.pc/debian-changes-2.0.17-2ubuntu1/config.guess

.pc/debian-changes-2.0.17-2ubuntu1/config.sub

debian/patches/debian-changes-2.0.17-2

debian/patches/debian-changes-2.0.17-2ubuntu1

tests/openpgp/gpg-agent.conf.tmpl

tools/gpgtar-create.c

tools/gpgtar-extract.c

tools/gpgtar-list.c

tools/gpgtar.c

tools/gpgtar.h

files removed:
.pc/01-gnupg2-rename.diff/doc

.pc/01-gnupg2-rename.diff/doc/gnupg.texi

.pc/02-encode-s2k.diff

.pc/02-encode-s2k.diff/agent

.pc/02-encode-s2k.diff/agent/protect.c

.pc/03-gpgsm-realloc.diff

.pc/03-gpgsm-realloc.diff/kbx

.pc/03-gpgsm-realloc.diff/kbx/keybox-blob.c

.pc/debian-changes-2.0.14-2

.pc/debian-changes-2.0.14-2/config.guess

.pc/debian-changes-2.0.14-2/config.sub

.pc/debian-changes-2.0.14-2/version

debian/gnupg2.info

debian/patches/02-encode-s2k.diff

debian/patches/03-gpgsm-realloc.diff

debian/patches/debian-changes-2.0.14-2

doc/faq.html

doc/faq.raw

files modified:
.pc/01-gnupg2-rename.diff/configure.ac

.pc/applied-patches

ChangeLog

Makefile.am

Makefile.in

NEWS

README

VERSION

agent/ChangeLog

agent/Makefile.am

agent/Makefile.in

agent/agent.h

agent/call-pinentry.c

agent/call-scd.c

agent/command.c

agent/findkey.c

agent/gpg-agent.c

agent/preset-passphrase.c

agent/protect.c

autogen.sh

common/ChangeLog

common/Makefile.am

common/Makefile.in

common/asshelp.c

common/estream.c

common/estream.h

common/exechelp.c

common/get-passphrase.c

common/iobuf.c

common/pka.c

common/session-env.c

common/status-codes.h

common/status.c

common/status.h

common/util.h

config.guess

config.h.in

config.sub

configure

configure.ac

debian/changelog

debian/compat

debian/control

debian/gnupg2.docs

debian/gnupg2.install

debian/patches/01-gnupg2-rename.diff

debian/patches/series

debian/rules

doc/ChangeLog

doc/DETAILS

doc/FAQ

doc/Makefile.am

doc/Makefile.in

doc/TRANSLATE

doc/contrib.texi

doc/debugging.texi

doc/gnupg-card-architecture.eps

doc/gnupg-card-architecture.pdf

doc/gnupg.info

doc/gnupg.info-1

doc/gnupg.info-2

doc/gnupg.texi

doc/gnupg7.texi

doc/gpg-agent.texi

doc/gpg.texi

doc/gpgsm.texi

doc/instguide.texi

doc/stamp-vti

doc/tools.texi

doc/version.texi

g10/ChangeLog

g10/Makefile.in

g10/armor.c

g10/call-agent.c

g10/card-util.c

g10/gpg.c

g10/gpg.h

g10/import.c

g10/keyedit.c

g10/keygen.c

g10/main.h

g10/mainproc.c

g10/options.h

g10/options.skel

g10/parse-packet.c

g10/passphrase.c

g10/pkclist.c

g10/plaintext.c

g10/seckey-cert.c

g10/server.c

g10/sign.c

gl/Makefile.in

include/Makefile.in

jnlib/Makefile.in

jnlib/argparse.c

kbx/ChangeLog

kbx/Makefile.in

keyserver/Makefile.in

m4/Makefile.in

po/ChangeLog

po/POTFILES.in

po/be.gmo

po/be.po

po/ca.gmo

po/ca.po

po/cs.gmo

po/cs.po

po/da.gmo

po/da.po

po/de.gmo

po/de.po

po/el.gmo

po/el.po

po/en@boldquot.gmo

po/en@boldquot.po

po/en@quot.gmo

po/en@quot.po

po/eo.gmo

po/eo.po

po/es.gmo

po/es.po

po/et.gmo

po/et.po

po/fi.gmo

po/fi.po

po/fr.gmo

po/fr.po

po/gl.gmo

po/gl.po

po/gnupg2.pot

po/hu.gmo

po/hu.po

po/id.gmo

po/id.po

po/it.gmo

po/it.po

po/ja.gmo

po/ja.po

po/nb.gmo

po/nb.po

po/pl.gmo

po/pl.po

po/pt.gmo

po/pt.po

po/pt_BR.gmo

po/pt_BR.po

po/ro.gmo

po/ro.po

po/ru.gmo

po/ru.po

po/sk.gmo

po/sk.po

po/sv.gmo

po/sv.po

po/tr.gmo

po/tr.po

po/zh_CN.gmo

po/zh_CN.po

po/zh_TW.gmo

po/zh_TW.po

scd/ChangeLog

scd/Makefile.am

scd/Makefile.in

scd/apdu.c

scd/apdu.h

scd/app-common.h

scd/ccid-driver.c

scd/ccid-driver.h

scd/command.c

scd/scdaemon.c

scripts/ChangeLog

scripts/config.guess

scripts/config.sub

sm/ChangeLog

sm/Makefile.am

sm/Makefile.in

sm/call-agent.c

sm/call-dirmngr.c

sm/certchain.c

sm/gpgsm.c

sm/import.c

sm/server.c

tests/Makefile.am

tests/Makefile.in

tests/inittests

tests/openpgp/ChangeLog

tests/openpgp/Makefile.am

tests/openpgp/Makefile.in

tests/openpgp/armor.test

tests/openpgp/defs.inc

tests/openpgp/genkey1024.test

tests/pkits/Makefile.in

tools/ChangeLog

tools/Makefile.am

tools/Makefile.in

tools/gpg-connect-agent.c

tools/gpgconf-comp.c

tools/gpgconf.c

tools/make-dns-cert.c

tools/symcryptrun.c

version

Show diffs side-by-side

added added

removed removed

g10/import.c

175

rc = import( inp, "[stream]", stats, fpr, fpr_len, options);

176

}

177

else {

178

if( !fnames && !nnames )

179

nnames = 1; /* Ohh what a ugly hack to jump into the loop */

178

int once = (!fnames && !nnames);

180

179

181

for(i=0; i < nnames; i++ ) {

180

for(i=0; once || i < nnames; once=0, i++ ) {

182

181

const char *fname = fnames? fnames[i] : NULL;

183

182

IOBUF inp2 = iobuf_open(fname);

184

183

if( !fname )

201

200

log_error("import from `%s' failed: %s\n", fname,

202

201

g10_errstr(rc) );

203

202

}

204

if( !fname )

205

break;

206

203

}

207

204

}

208

205

if (!stats_handle) {

520

517

}

521

518

522

519

520

/* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus

521

direct key signatures. A side effect of this was that a later

522

import of the same good direct key signatures was not possible

523

because the cmp_signature check in merge_blocks considered them

524

equal. Although direct key signatures are now checked during

525

import, there might still be bogus signatures sitting in a keyring.

526

We need to detect and delete them before doing a merge. This

527

fucntion returns the number of removed sigs. */

528

static int

529

fix_bad_direct_key_sigs (KBNODE keyblock, u32 *keyid)

530

{

531

gpg_error_t err;

532

KBNODE node;

533

int count = 0;

534

535

for (node = keyblock->next; node; node=node->next)

536

{

537

if (node->pkt->pkttype == PKT_USER_ID)

538

break;

539

if (node->pkt->pkttype == PKT_SIGNATURE

540

&& IS_KEY_SIG (node->pkt->pkt.signature))

541

{

542

err = check_key_signature (keyblock, node, NULL);

543

if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )

544

{

545

/* If we don't know the error, we can't decide; this is

546

not a problem because cmp_signature can't compare the

547

signature either. */

548

log_info ("key %s: invalid direct key signature removed\n",

549

keystr (keyid));

550

delete_kbnode (node);

551

count++;

552

}

553

}

554

}

555

556

return count;

557

}

558

559

523

560

static void

524

561

print_import_ok (PKT_public_key *pk, PKT_secret_key *sk, unsigned int reason)

525

562

{

886

923

goto leave;

887

924

}

888

925

926

/* Make sure the original direct key sigs are all sane. */

927

n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);

928

if (n_sigs_cleaned)

929

commit_kbnode (&keyblock_orig);

930

889

931

/* and try to merge the block */

890

932

clear_kbnode_flags( keyblock_orig );

891

933

clear_kbnode_flags( keyblock );

892

n_uids = n_sigs = n_subk = n_sigs_cleaned = n_uids_cleaned = 0;

934

n_uids = n_sigs = n_subk = n_uids_cleaned = 0;

893

935

rc = merge_blocks( fname, keyblock_orig, keyblock,

894

936

keyid, &n_uids, &n_sigs, &n_subk );

895

937

if( rc )

1348

1390

}

1349

1391

1350

1392

1351

/****************

1352

* loop over the keyblock and check all self signatures.

1393

1394

* Loop over the keyblock and check all self signatures.

1353

1395

* Mark all user-ids with a self-signature by setting flag bit 0.

1354

1396

* Mark all user-ids with an invalid self-signature by setting bit 1.

1355

1397

* This works also for subkeys, here the subkey is marked. Invalid or

1361

1403

chk_self_sigs( const char *fname, KBNODE keyblock,

1362

1404

PKT_public_key *pk, u32 *keyid, int *non_self )

1363

1405

{

1364

KBNODE n,knode=NULL;

1365

PKT_signature *sig;

1366

int rc;

1367

u32 bsdate=0,rsdate=0;

1368

KBNODE bsnode=NULL,rsnode=NULL;

1369

1370

(void)fname;

1371

(void)pk;

1372

1373

for( n=keyblock; (n = find_next_kbnode(n, 0)); ) {

1374

if(n->pkt->pkttype==PKT_PUBLIC_SUBKEY)

1406

KBNODE n, knode = NULL;

1407

PKT_signature *sig;

1408

int rc;

1409

u32 bsdate=0,rsdate=0;

1410

KBNODE bsnode = NULL, rsnode = NULL;

1411

1412

(void)fname;

1413

(void)pk;

1414

1415

for (n=keyblock; (n = find_next_kbnode (n, 0)); )

1416

{

1417

if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)

1375

1418

{

1376

knode=n;

1377

bsdate=0;

1378

rsdate=0;

1379

bsnode=NULL;

1380

rsnode=NULL;

1419

knode = n;

1420

bsdate = 0;

1421

rsdate = 0;

1422

bsnode = NULL;

1423

rsnode = NULL;

1381

1424

continue;

1382

1425

}

1383

else if( n->pkt->pkttype != PKT_SIGNATURE )

1384

continue;

1385

sig = n->pkt->pkt.signature;

1386

if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {

1387

1388

/* This just caches the sigs for later use. That way we

1389

import a fully-cached key which speeds things up. */

1390

if(!opt.no_sig_cache)

1391

check_key_signature(keyblock,n,NULL);

1392

1393

if( IS_UID_SIG(sig) || IS_UID_REV(sig) )

1394

{

1395

KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );

1396

if( !unode )

1397

{

1398

log_error( _("key %s: no user ID for signature\n"),

1399

keystr(keyid));

1400

return -1; /* the complete keyblock is invalid */

1401

}

1402

1403

/* If it hasn't been marked valid yet, keep trying */

1404

if(!(unode->flag&1)) {

1405

rc = check_key_signature( keyblock, n, NULL);

1406

if( rc )

1407

{

1408

if( opt.verbose )

1409

{

1410

char *p=utf8_to_native(unode->pkt->pkt.user_id->name,

1411

strlen(unode->pkt->pkt.user_id->name),0);

1412

log_info( rc == G10ERR_PUBKEY_ALGO ?

1413

_("key %s: unsupported public key "

1414

"algorithm on user ID \"%s\"\n"):

1415

_("key %s: invalid self-signature "

1416

"on user ID \"%s\"\n"),

1417

keystr(keyid),p);

1418

xfree(p);

1419

}

1420

}

1421

else

1422

unode->flag |= 1; /* mark that signature checked */

1423

}

1424

}

1425

else if( sig->sig_class == 0x18 ) {

1426

/* Note that this works based solely on the timestamps

1427

like the rest of gpg. If the standard gets

1428

revocation targets, this may need to be revised. */

1429

1430

if( !knode )

1431

{

1432

if(opt.verbose)

1433

log_info( _("key %s: no subkey for key binding\n"),

1434

keystr(keyid));

1435

n->flag |= 4; /* delete this */

1436

}

1437

else

1438

{

1439

rc = check_key_signature( keyblock, n, NULL);

1440

if( rc )

1441

{

1442

if(opt.verbose)

1443

log_info(rc == G10ERR_PUBKEY_ALGO ?

1444

_("key %s: unsupported public key"

1445

" algorithm\n"):

1446

_("key %s: invalid subkey binding\n"),

1447

keystr(keyid));

1448

n->flag|=4;

1449

}

1450

else

1451

{

1452

/* It's valid, so is it newer? */

1453

if(sig->timestamp>=bsdate) {

1454

knode->flag |= 1; /* the subkey is valid */

1455

if(bsnode)

1456

{

1457

bsnode->flag|=4; /* Delete the last binding

1458

sig since this one is

1459

newer */

1460

if(opt.verbose)

1461

log_info(_("key %s: removed multiple subkey"

1462

" binding\n"),keystr(keyid));

1463

}

1464

1465

bsnode=n;

1466

bsdate=sig->timestamp;

1467

}

1468

else

1469

n->flag|=4; /* older */

1470

}

1471

}

1472

}

1473

else if( sig->sig_class == 0x28 ) {

1474

/* We don't actually mark the subkey as revoked right

1475

now, so just check that the revocation sig is the

1476

most recent valid one. Note that we don't care if

1477

the binding sig is newer than the revocation sig.

1478

See the comment in getkey.c:merge_selfsigs_subkey for

1479

more */

1480

if( !knode )

1481

{

1482

if(opt.verbose)

1483

log_info( _("key %s: no subkey for key revocation\n"),

1484

keystr(keyid));

1485

n->flag |= 4; /* delete this */

1486

}

1487

else

1488

{

1489

rc = check_key_signature( keyblock, n, NULL);

1490

if( rc )

1491

{

1492

if(opt.verbose)

1493

log_info(rc == G10ERR_PUBKEY_ALGO ?

1494

_("key %s: unsupported public"

1495

" key algorithm\n"):

1496

_("key %s: invalid subkey revocation\n"),

1497

keystr(keyid));

1498

n->flag|=4;

1499

}

1500

else

1501

{

1502

/* It's valid, so is it newer? */

1503

if(sig->timestamp>=rsdate)

1504

{

1505

if(rsnode)

1506

{

1507

rsnode->flag|=4; /* Delete the last revocation

1508

sig since this one is

1509

newer */

1510

if(opt.verbose)

1511

log_info(_("key %s: removed multiple subkey"

1512

" revocation\n"),keystr(keyid));

1513

}

1514

1515

rsnode=n;

1516

rsdate=sig->timestamp;

1517

}

1518

else

1519

n->flag|=4; /* older */

1520

}

1521

}

1522

}

1523

}

1524

else

1525

*non_self=1;

1426

1427

if ( n->pkt->pkttype != PKT_SIGNATURE )

1428

continue;

1429

1430

sig = n->pkt->pkt.signature;

1431

if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )

1432

{

1433

*non_self = 1;

1434

continue;

1435

}

1436

1437

/* This just caches the sigs for later use. That way we

1438

import a fully-cached key which speeds things up. */

1439

if (!opt.no_sig_cache)

1440

check_key_signature (keyblock, n, NULL);

1441

1442

if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )

1443

{

1444

KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );

1445

if ( !unode )

1446

{

1447

log_error( _("key %s: no user ID for signature\n"),

1448

keystr(keyid));

1449

return -1; /* The complete keyblock is invalid. */

1450

}

1451

1452

/* If it hasn't been marked valid yet, keep trying. */

1453

if (!(unode->flag&1))

1454

{

1455

rc = check_key_signature (keyblock, n, NULL);

1456

if ( rc )

1457

{

1458

if ( opt.verbose )

1459

{

1460

char *p = utf8_to_native

1461

(unode->pkt->pkt.user_id->name,

1462

strlen (unode->pkt->pkt.user_id->name),0);

1463

log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?

1464

_("key %s: unsupported public key "

1465

"algorithm on user ID \"%s\"\n"):

1466

_("key %s: invalid self-signature "

1467

"on user ID \"%s\"\n"),

1468

keystr (keyid),p);

1469

xfree (p);

1470

}

1471

}

1472

else

1473

unode->flag |= 1; /* Mark that signature checked. */

1474

}

1475

}

1476

else if (IS_KEY_SIG (sig))

1477

{

1478

rc = check_key_signature (keyblock, n, NULL);

1479

if ( rc )

1480

{

1481

if (opt.verbose)

1482

log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?

1483

_("key %s: unsupported public key algorithm\n"):

1484

_("key %s: invalid direct key signature\n"),

1485

keystr (keyid));

1486

n->flag |= 4;

1487

}

1488

}

1489

else if ( IS_SUBKEY_SIG (sig) )

1490

{

1491

/* Note that this works based solely on the timestamps like

1492

the rest of gpg. If the standard gets revocation

1493

targets, this may need to be revised. */

1494

1495

if ( !knode )

1496

{

1497

if (opt.verbose)

1498

log_info (_("key %s: no subkey for key binding\n"),

1499

keystr (keyid));

1500

n->flag |= 4; /* delete this */

1501

}

1502

else

1503

{

1504

rc = check_key_signature (keyblock, n, NULL);

1505

if ( rc )

1506

{

1507

if (opt.verbose)

1508

log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?

1509

_("key %s: unsupported public key"

1510

" algorithm\n"):

1511

_("key %s: invalid subkey binding\n"),

1512

keystr (keyid));

1513

n->flag |= 4;

1514

}

1515

else

1516

{

1517

/* It's valid, so is it newer? */

1518

if (sig->timestamp >= bsdate)

1519

{

1520

knode->flag |= 1; /* The subkey is valid. */

1521

if (bsnode)

1522

{

1523

/* Delete the last binding sig since this

1524

one is newer */

1525

bsnode->flag |= 4;

1526

if (opt.verbose)

1527

log_info (_("key %s: removed multiple subkey"

1528

" binding\n"),keystr(keyid));

1529

}

1530

1531

bsnode = n;

1532

bsdate = sig->timestamp;

1533

}

1534

else

1535

n->flag |= 4; /* older */

1536

}

1537

}

1538

}

1539

else if ( IS_SUBKEY_REV (sig) )

1540

{

1541

/* We don't actually mark the subkey as revoked right now,

1542

so just check that the revocation sig is the most recent

1543

valid one. Note that we don't care if the binding sig is

1544

newer than the revocation sig. See the comment in

1545

getkey.c:merge_selfsigs_subkey for more. */

1546

if ( !knode )

1547

{

1548

if (opt.verbose)

1549

log_info (_("key %s: no subkey for key revocation\n"),

1550

keystr(keyid));

1551

n->flag |= 4; /* delete this */

1552

}

1553

else

1554

{

1555

rc = check_key_signature (keyblock, n, NULL);

1556

if ( rc )

1557

{

1558

if(opt.verbose)

1559

log_info (gpg_err_code (rc) == G10ERR_PUBKEY_ALGO ?

1560

_("key %s: unsupported public"

1561

" key algorithm\n"):

1562

_("key %s: invalid subkey revocation\n"),

1563

keystr(keyid));

1564

n->flag |= 4;

1565

}

1566

else

1567

{

1568

/* It's valid, so is it newer? */

1569

if (sig->timestamp >= rsdate)

1570

{

1571

if (rsnode)

1572

{

1573

/* Delete the last revocation sig since

1574

this one is newer. */

1575

rsnode->flag |= 4;

1576

if (opt.verbose)

1577

log_info (_("key %s: removed multiple subkey"

1578

" revocation\n"),keystr(keyid));

1579

}

1580

1581

rsnode = n;

1582

rsdate = sig->timestamp;

1583

}

1584

else

1585

n->flag |= 4; /* older */

1586

}

1587

}

1588

}

1526

1589

}

1527

1590

1528

return 0;

1591

return 0;

1529

1592

}

1530

1593

1531

1594

/****************

Older »