61
61
static int import( IOBUF inp, const char* fname,struct stats_s *stats,
62
unsigned char **fpr,size_t *fpr_len,unsigned int options );
62
unsigned char **fpr,size_t *fpr_len,unsigned int options,
63
import_filter_t filter, void *filter_arg );
63
64
static int read_block( IOBUF a, PACKET **pending_pkt, KBNODE *ret_root );
64
65
static void revocation_present(KBNODE keyblock);
65
66
static int import_one(const char *fname, KBNODE keyblock,struct stats_s *stats,
66
67
unsigned char **fpr,size_t *fpr_len,
67
unsigned int options,int from_sk);
68
unsigned int options,int from_sk,
69
import_filter_t filter, void *filter_arg);
68
70
static int import_secret_one( const char *fname, KBNODE keyblock,
69
struct stats_s *stats, unsigned int options);
71
struct stats_s *stats, unsigned int options,
72
import_filter_t filter, void *filter_arg);
70
73
static int import_revoke_cert( const char *fname, KBNODE node,
71
74
struct stats_s *stats);
72
75
static int chk_self_sigs( const char *fname, KBNODE keyblock,
164
167
import_keys_internal( IOBUF inp, char **fnames, int nnames,
165
168
void *stats_handle, unsigned char **fpr, size_t *fpr_len,
166
unsigned int options )
169
unsigned int options,
170
import_filter_t filter, void *filter_arg)
169
173
struct stats_s *stats = stats_handle;
172
176
stats = import_new_stats_handle ();
175
rc = import( inp, "[stream]", stats, fpr, fpr_len, options);
179
rc = import (inp, "[stream]", stats, fpr, fpr_len, options,
178
183
int once = (!fnames && !nnames);
192
197
log_error(_("can't open `%s': %s\n"), fname, strerror(errno) );
195
rc = import( inp2, fname, stats, fpr, fpr_len, options );
200
rc = import (inp2, fname, stats, fpr, fpr_len, options,
196
202
iobuf_close(inp2);
197
203
/* Must invalidate that ugly cache to actually close it. */
198
204
iobuf_ioctl (NULL, 2, 0, (char*)fname);
223
229
import_keys( char **fnames, int nnames,
224
230
void *stats_handle, unsigned int options )
226
import_keys_internal(NULL,fnames,nnames,stats_handle,NULL,NULL,options);
232
import_keys_internal (NULL, fnames, nnames, stats_handle, NULL, NULL,
233
options, NULL, NULL);
230
237
import_keys_stream( IOBUF inp, void *stats_handle,
231
unsigned char **fpr, size_t *fpr_len,unsigned int options )
238
unsigned char **fpr, size_t *fpr_len,unsigned int options,
239
import_filter_t filter, void *filter_arg)
233
return import_keys_internal(inp,NULL,0,stats_handle,fpr,fpr_len,options);
241
return import_keys_internal (inp, NULL, 0, stats_handle, fpr, fpr_len,
242
options, filter, filter_arg);
237
import( IOBUF inp, const char* fname,struct stats_s *stats,
238
unsigned char **fpr,size_t *fpr_len,unsigned int options )
247
import (IOBUF inp, const char* fname,struct stats_s *stats,
248
unsigned char **fpr, size_t *fpr_len, unsigned int options,
249
import_filter_t filter, void *filter_arg)
240
251
PACKET *pending_pkt = NULL;
241
KBNODE keyblock = NULL; /* Need to initialize because gcc can't
242
grasp the return semantics of
252
KBNODE keyblock = NULL;
246
255
getkey_disable_caches();
257
266
while( !(rc = read_block( inp, &pending_pkt, &keyblock) )) {
258
267
if( keyblock->pkt->pkttype == PKT_PUBLIC_KEY )
259
rc = import_one( fname, keyblock, stats, fpr, fpr_len, options, 0);
260
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
261
rc = import_secret_one( fname, keyblock, stats, options );
268
rc = import_one (fname, keyblock, stats, fpr, fpr_len, options, 0,
270
else if( keyblock->pkt->pkttype == PKT_SECRET_KEY )
271
rc = import_secret_one (fname, keyblock, stats, options,
262
273
else if( keyblock->pkt->pkttype == PKT_SIGNATURE
263
274
&& keyblock->pkt->pkt.signature->sig_class == 0x20 )
264
275
rc = import_revoke_cert( fname, keyblock, stats );
746
757
import_one( const char *fname, KBNODE keyblock, struct stats_s *stats,
747
758
unsigned char **fpr,size_t *fpr_len,unsigned int options,
759
int from_sk, import_filter_t filter, void *filter_arg)
750
761
PKT_public_key *pk;
751
762
PKT_public_key *pk_orig;
787
798
log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
802
if (filter && filter (pk, NULL, filter_arg))
804
log_error (_("key %s: %s\n"), keystr_from_pk(pk),
805
_("rejected by import filter"));
791
809
if (opt.interactive) {
792
810
if(is_status_enabled())
793
811
print_import_check (pk, uidnode->pkt->pkt.user_id);
926
944
fingerprint_from_pk (pk_orig, afp, &an);
927
while (an < MAX_FINGERPRINT_LEN)
945
while (an < MAX_FINGERPRINT_LEN)
929
947
rc = keydb_search_fpr (hd, afp);
948
966
n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
949
967
if (n_sigs_cleaned)
950
968
commit_kbnode (&keyblock_orig);
952
970
/* and try to merge the block */
953
971
clear_kbnode_flags( keyblock_orig );
954
972
clear_kbnode_flags( keyblock );
1018
1036
stats->n_sigs_cleaned +=n_sigs_cleaned;
1019
1037
stats->n_uids_cleaned +=n_uids_cleaned;
1021
if (is_status_enabled ())
1039
if (is_status_enabled ())
1022
1040
print_import_ok (pk, NULL,
1023
1041
((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1028
if (is_status_enabled ())
1046
if (is_status_enabled ())
1029
1047
print_import_ok (pk, NULL, 0);
1031
1049
if( !opt.quiet )
1165
1183
* with the trust calculation.
1168
import_secret_one( const char *fname, KBNODE keyblock,
1169
struct stats_s *stats, unsigned int options)
1186
import_secret_one (const char *fname, KBNODE keyblock,
1187
struct stats_s *stats, unsigned int options,
1188
import_filter_t filter, void *filter_arg)
1171
1190
PKT_secret_key *sk;
1172
1191
KBNODE node, uidnode;
1176
/* get the key and print some info about it */
1195
/* Get the key and print some info about it. */
1177
1196
node = find_kbnode( keyblock, PKT_SECRET_KEY );
1182
1201
keyid_from_sk( sk, keyid );
1183
1202
uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
1204
if (filter && filter (NULL, sk, filter_arg)) {
1205
log_error (_("secret key %s: %s\n"), keystr_from_sk(sk),
1206
_("rejected by import filter"));
1185
1210
if( opt.verbose )
1187
1212
log_info( "sec %4u%c/%s %s ",
1250
1275
if( !opt.quiet )
1251
1276
log_info( _("key %s: secret key imported\n"), keystr_from_sk(sk));
1252
1277
stats->secret_imported++;
1253
if (is_status_enabled ())
1278
if (is_status_enabled ())
1254
1279
print_import_ok (NULL, sk, 1|16);
1256
1281
if(options&IMPORT_SK2PK)
1260
1285
KBNODE pub_keyblock=sec_to_pub_keyblock(keyblock);
1261
1286
if(pub_keyblock)
1263
import_one(fname,pub_keyblock,stats,
1264
NULL,NULL,opt.import_options,1);
1288
import_one (fname, pub_keyblock, stats,
1289
NULL, NULL, opt.import_options, 1,
1265
1291
release_kbnode(pub_keyblock);
1281
1307
log_error( _("key %s: already in secret keyring\n"),
1282
1308
keystr_from_sk(sk));
1283
1309
stats->secret_dups++;
1284
if (is_status_enabled ())
1310
if (is_status_enabled ())
1285
1311
print_import_ok (NULL, sk, 16);
1287
1313
/* TODO: if we ever do merge secret keys, make sure to handle
1338
1364
byte afp[MAX_FINGERPRINT_LEN];
1341
1367
fingerprint_from_pk (pk, afp, &an);
1342
while (an < MAX_FINGERPRINT_LEN)
1368
while (an < MAX_FINGERPRINT_LEN)
1344
1370
rc = keydb_search_fpr (hd, afp);
1436
1462
u32 bsdate=0,rsdate=0;
1437
1463
KBNODE bsnode = NULL, rsnode = NULL;
1442
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1468
for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1444
1470
if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1465
1491
import a fully-cached key which speeds things up. */
1466
1492
if (!opt.no_sig_cache)
1467
1493
check_key_signature (keyblock, n, NULL);
1469
1495
if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1471
1497
KBNODE unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1475
1501
keystr(keyid));
1476
1502
return -1; /* The complete keyblock is invalid. */
1479
1505
/* If it hasn't been marked valid yet, keep trying. */
1480
if (!(unode->flag&1))
1506
if (!(unode->flag&1))
1482
1508
rc = check_key_signature (keyblock, n, NULL);
1485
1511
if ( opt.verbose )
1487
char *p = utf8_to_native
1513
char *p = utf8_to_native
1488
1514
(unode->pkt->pkt.user_id->name,
1489
1515
strlen (unode->pkt->pkt.user_id->name),0);
1490
1516
log_info (gpg_err_code(rc) == G10ERR_PUBKEY_ALGO ?
1544
1570
/* It's valid, so is it newer? */
1545
if (sig->timestamp >= bsdate)
1571
if (sig->timestamp >= bsdate)
1547
1573
knode->flag |= 1; /* The subkey is valid. */
1550
1576
/* Delete the last binding sig since this
1551
1577
one is newer */
1553
1579
if (opt.verbose)
1554
1580
log_info (_("key %s: removed multiple subkey"
1555
1581
" binding\n"),keystr(keyid));
1559
1585
bsdate = sig->timestamp;
2345
2371
PACKET *pkt = xmalloc_clear (sizeof *pkt);
2346
2372
PKT_secret_key *sk = xmalloc_clear (sizeof *sk);
2349
2375
if (pubnode->pkt->pkttype == PKT_PUBLIC_KEY)
2350
2376
pkt->pkttype = PKT_SECRET_KEY;
2352
2378
pkt->pkttype = PKT_SECRET_SUBKEY;
2354
2380
pkt->pkt.secret_key = sk;
2356
2382
copy_public_parts_to_secret_key ( pk, sk );
2357
2383
sk->version = pk->version;
2358
2384
sk->timestamp = pk->timestamp;
2360
2386
n = pubkey_get_npkey (pk->pubkey_algo);
2362
2388
n = 1; /* Unknown number of parameters, however the data
2363
2389
is stored in the first mpi. */
2364
2390
for (i=0; i < n; i++ )
2365
2391
sk->skey[i] = mpi_copy (pk->pkey[i]);
2367
2393
sk->is_protected = 1;
2368
2394
sk->protect.s2k.mode = 1001;
2370
2396
secnode = new_kbnode (pkt);
2374
2400
secnode = clone_kbnode (pubnode);
2377
2403
if(!sec_keyblock)
2378
2404
sec_keyblock = secnode;
2387
2413
/* Walk over the secret keyring SEC_KEYBLOCK and update any simple
2388
2414
stub keys with the serial number SNNUM of the card if one of the
2389
2415
fingerprints FPR1, FPR2 or FPR3 match. Print a note if the key is
2390
a duplicate (may happen in case of backed uped keys).
2416
a duplicate (may happen in case of backed uped keys).
2392
2418
Returns: True if anything changed.
2395
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2421
update_sec_keyblock_with_cardinfo (KBNODE sec_keyblock,
2396
2422
const unsigned char *fpr1,
2397
2423
const unsigned char *fpr2,
2398
2424
const unsigned char *fpr3,
2412
2438
&& node->pkt->pkttype != PKT_SECRET_SUBKEY)
2414
2440
sk = node->pkt->pkt.secret_key;
2416
2442
fingerprint_from_sk (sk, array, &n);
2418
2444
continue; /* Can't be a card key. */
2462
2488
exists, add appropriate subkey stubs and update the secring.
2463
2489
Return 0 if the key could be created. */
2465
auto_create_card_key_stub ( const char *serialnostr,
2491
auto_create_card_key_stub ( const char *serialnostr,
2466
2492
const unsigned char *fpr1,
2467
2493
const unsigned char *fpr2,
2468
2494
const unsigned char *fpr3)
2475
2501
/* We only want to do this for an OpenPGP card. */
2476
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2502
if (!serialnostr || strncmp (serialnostr, "D27600012401", 12)
2477
2503
|| strlen (serialnostr) != 32 )
2478
2504
return G10ERR_GENERAL;