Line data Source code
1 : /* import.c - import a key into our key storage.
2 : * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc.
3 : * Copyright (C) 2014, 2016 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <errno.h>
26 :
27 : #include "gpg.h"
28 : #include "options.h"
29 : #include "packet.h"
30 : #include "status.h"
31 : #include "keydb.h"
32 : #include "util.h"
33 : #include "trustdb.h"
34 : #include "main.h"
35 : #include "i18n.h"
36 : #include "ttyio.h"
37 : #include "status.h"
38 : #include "recsel.h"
39 : #include "keyserver-internal.h"
40 : #include "call-agent.h"
41 : #include "../common/membuf.h"
42 : #include "../common/init.h"
43 : #include "../common/mbox-util.h"
44 :
45 :
46 : struct import_stats_s
47 : {
48 : ulong count;
49 : ulong no_user_id;
50 : ulong imported;
51 : ulong n_uids;
52 : ulong n_sigs;
53 : ulong n_subk;
54 : ulong unchanged;
55 : ulong n_revoc;
56 : ulong secret_read;
57 : ulong secret_imported;
58 : ulong secret_dups;
59 : ulong skipped_new_keys;
60 : ulong not_imported;
61 : ulong n_sigs_cleaned;
62 : ulong n_uids_cleaned;
63 : ulong v3keys; /* Number of V3 keys seen. */
64 : };
65 :
66 :
67 : /* Node flag to indicate that a user ID or a subkey has a
68 : * valid self-signature. */
69 : #define NODE_GOOD_SELFSIG 1
70 : /* Node flag to indicate that a user ID or subkey has
71 : * an invalid self-signature. */
72 : #define NODE_BAD_SELFSIG 2
73 : /* Node flag to indicate that the node shall be deleted. */
74 : #define NODE_DELETION_MARK 4
75 : /* A node flag used to temporary mark a node. */
76 : #define NODE_FLAG_A 8
77 :
78 :
79 : /* Global variables to store selector created from
80 : * --import-filter keep-uid=EXPR.
81 : * --import-filter drop-sig=EXPR.
82 : *
83 : * FIXME: We should put this into the CTRL object but that requires a
84 : * lot more changes right now.
85 : */
86 : static recsel_expr_t import_keep_uid;
87 : static recsel_expr_t import_drop_sig;
88 :
89 :
90 :
91 : static int import (ctrl_t ctrl,
92 : IOBUF inp, const char* fname, struct import_stats_s *stats,
93 : unsigned char **fpr, size_t *fpr_len, unsigned int options,
94 : import_screener_t screener, void *screener_arg);
95 : static int read_block (IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root,
96 : int *r_v3keys);
97 : static void revocation_present (ctrl_t ctrl, kbnode_t keyblock);
98 : static int import_one (ctrl_t ctrl,
99 : kbnode_t keyblock,
100 : struct import_stats_s *stats,
101 : unsigned char **fpr, size_t *fpr_len,
102 : unsigned int options, int from_sk, int silent,
103 : import_screener_t screener, void *screener_arg);
104 : static int import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
105 : struct import_stats_s *stats, int batch,
106 : unsigned int options, int for_migration,
107 : import_screener_t screener, void *screener_arg);
108 : static int import_revoke_cert (kbnode_t node, struct import_stats_s *stats);
109 : static int chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self);
110 : static int delete_inv_parts (kbnode_t keyblock,
111 : u32 *keyid, unsigned int options);
112 : static int merge_blocks (kbnode_t keyblock_orig,
113 : kbnode_t keyblock, u32 *keyid,
114 : int *n_uids, int *n_sigs, int *n_subk );
115 : static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs);
116 : static int append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs);
117 : static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs);
118 : static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs);
119 :
120 :
121 : �
122 : static void
123 0 : cleanup_import_globals (void)
124 : {
125 0 : recsel_release (import_keep_uid);
126 0 : import_keep_uid = NULL;
127 0 : recsel_release (import_drop_sig);
128 0 : import_drop_sig = NULL;
129 0 : }
130 :
131 :
132 : int
133 0 : parse_import_options(char *str,unsigned int *options,int noisy)
134 : {
135 0 : struct parse_options import_opts[]=
136 : {
137 : {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
138 : N_("import signatures that are marked as local-only")},
139 :
140 : {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
141 : N_("repair damage from the pks keyserver during import")},
142 :
143 : {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
144 : N_("do not clear the ownertrust values during import")},
145 :
146 : {"fast-import",IMPORT_FAST,NULL,
147 : N_("do not update the trustdb after import")},
148 :
149 : {"import-show",IMPORT_SHOW,NULL,
150 : N_("show key during import")},
151 :
152 : {"merge-only",IMPORT_MERGE_ONLY,NULL,
153 : N_("only accept updates to existing keys")},
154 :
155 : {"import-clean",IMPORT_CLEAN,NULL,
156 : N_("remove unusable parts from key after import")},
157 :
158 : {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
159 : N_("remove as much as possible from key after import")},
160 :
161 : {"import-export", IMPORT_EXPORT, NULL,
162 : N_("run import filters and export key immediately")},
163 :
164 : /* Aliases for backward compatibility */
165 : {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
166 : {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
167 : /* dummy */
168 : {"import-unusable-sigs",0,NULL,NULL},
169 : {"import-clean-sigs",0,NULL,NULL},
170 : {"import-clean-uids",0,NULL,NULL},
171 : {"convert-sk-to-pk",0, NULL,NULL}, /* Not anymore needed due to
172 : the new design. */
173 : {NULL,0,NULL,NULL}
174 : };
175 :
176 0 : return parse_options(str,options,import_opts,noisy);
177 : }
178 :
179 :
180 : /* Parse and set an import filter from string. STRING has the format
181 : * "NAME=EXPR" with NAME being the name of the filter. Spaces before
182 : * and after NAME are not allowed. If this function is all called
183 : * several times all expressions for the same NAME are concatenated.
184 : * Supported filter names are:
185 : *
186 : * - keep-uid :: If the expression evaluates to true for a certain
187 : * user ID packet, that packet and all it dependencies
188 : * will be imported. The expression may use these
189 : * variables:
190 : *
191 : * - uid :: The entire user ID.
192 : * - mbox :: The mail box part of the user ID.
193 : * - primary :: Evaluate to true for the primary user ID.
194 : */
195 : gpg_error_t
196 0 : parse_and_set_import_filter (const char *string)
197 : {
198 : gpg_error_t err;
199 :
200 : /* Auto register the cleanup function. */
201 0 : register_mem_cleanup_func (cleanup_import_globals);
202 :
203 0 : if (!strncmp (string, "keep-uid=", 9))
204 0 : err = recsel_parse_expr (&import_keep_uid, string+9);
205 0 : else if (!strncmp (string, "drop-sig=", 9))
206 0 : err = recsel_parse_expr (&import_drop_sig, string+9);
207 : else
208 0 : err = gpg_error (GPG_ERR_INV_NAME);
209 :
210 0 : return err;
211 : }
212 :
213 :
214 :
215 : import_stats_t
216 27 : import_new_stats_handle (void)
217 : {
218 27 : return xmalloc_clear ( sizeof (struct import_stats_s) );
219 : }
220 :
221 :
222 : void
223 27 : import_release_stats_handle (import_stats_t p)
224 : {
225 27 : xfree (p);
226 27 : }
227 :
228 :
229 : /* Read a key from a file. Only the first key in the file is
230 : * considered and stored at R_KEYBLOCK. FNAME is the name of the
231 : * file.
232 : */
233 : gpg_error_t
234 6 : read_key_from_file (ctrl_t ctrl, const char *fname, kbnode_t *r_keyblock)
235 : {
236 : gpg_error_t err;
237 : iobuf_t inp;
238 6 : PACKET *pending_pkt = NULL;
239 6 : kbnode_t keyblock = NULL;
240 : u32 keyid[2];
241 : int v3keys; /* Dummy */
242 : int non_self; /* Dummy */
243 :
244 : (void)ctrl;
245 :
246 6 : *r_keyblock = NULL;
247 :
248 6 : inp = iobuf_open (fname);
249 6 : if (!inp)
250 0 : err = gpg_error_from_syserror ();
251 6 : else if (is_secured_file (iobuf_get_fd (inp)))
252 : {
253 0 : iobuf_close (inp);
254 0 : inp = NULL;
255 0 : err = gpg_error (GPG_ERR_EPERM);
256 : }
257 : else
258 6 : err = 0;
259 6 : if (err)
260 : {
261 0 : log_error (_("can't open '%s': %s\n"),
262 0 : iobuf_is_pipe_filename (fname)? "[stdin]": fname,
263 : gpg_strerror (err));
264 0 : if (gpg_err_code (err) == GPG_ERR_ENOENT)
265 0 : err = gpg_error (GPG_ERR_NO_PUBKEY);
266 0 : goto leave;
267 : }
268 :
269 : /* Push the armor filter. */
270 : {
271 : armor_filter_context_t *afx;
272 6 : afx = new_armor_context ();
273 6 : afx->only_keyblocks = 1;
274 6 : push_armor_filter (afx, inp);
275 6 : release_armor_context (afx);
276 : }
277 :
278 : /* Read the first non-v3 keyblock. */
279 12 : while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
280 : {
281 6 : if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
282 6 : break;
283 0 : log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
284 0 : release_kbnode (keyblock);
285 0 : keyblock = NULL;
286 : }
287 6 : if (err)
288 : {
289 0 : if (gpg_err_code (err) != GPG_ERR_INV_KEYRING)
290 0 : log_error (_("error reading '%s': %s\n"),
291 0 : iobuf_is_pipe_filename (fname)? "[stdin]": fname,
292 : gpg_strerror (err));
293 0 : goto leave;
294 : }
295 :
296 6 : keyid_from_pk (keyblock->pkt->pkt.public_key, keyid);
297 :
298 6 : if (!find_next_kbnode (keyblock, PKT_USER_ID))
299 : {
300 0 : err = gpg_error (GPG_ERR_NO_USER_ID);
301 0 : goto leave;
302 : }
303 :
304 6 : collapse_uids (&keyblock);
305 :
306 6 : clear_kbnode_flags (keyblock);
307 6 : if (chk_self_sigs (keyblock, keyid, &non_self))
308 : {
309 0 : err = gpg_error (GPG_ERR_INV_KEYRING);
310 0 : goto leave;
311 : }
312 :
313 6 : if (!delete_inv_parts (keyblock, keyid, 0) )
314 : {
315 0 : err = gpg_error (GPG_ERR_NO_USER_ID);
316 0 : goto leave;
317 : }
318 :
319 6 : *r_keyblock = keyblock;
320 6 : keyblock = NULL;
321 :
322 : leave:
323 6 : if (inp)
324 : {
325 6 : iobuf_close (inp);
326 : /* Must invalidate that ugly cache to actually close the file. */
327 6 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
328 : }
329 6 : release_kbnode (keyblock);
330 : /* FIXME: Do we need to free PENDING_PKT ? */
331 6 : return err;
332 : }
333 :
334 :
335 :
336 : /*
337 : * Import the public keys from the given filename. Input may be armored.
338 : * This function rejects all keys which are not validly self signed on at
339 : * least one userid. Only user ids which are self signed will be imported.
340 : * Other signatures are not checked.
341 : *
342 : * Actually this function does a merge. It works like this:
343 : *
344 : * - get the keyblock
345 : * - check self-signatures and remove all userids and their signatures
346 : * without/invalid self-signatures.
347 : * - reject the keyblock, if we have no valid userid.
348 : * - See whether we have this key already in one of our pubrings.
349 : * If not, simply add it to the default keyring.
350 : * - Compare the key and the self-signatures of the new and the one in
351 : * our keyring. If they are different something weird is going on;
352 : * ask what to do.
353 : * - See whether we have only non-self-signature on one user id; if not
354 : * ask the user what to do.
355 : * - compare the signatures: If we already have this signature, check
356 : * that they compare okay; if not, issue a warning and ask the user.
357 : * (consider looking at the timestamp and use the newest?)
358 : * - Simply add the signature. Can't verify here because we may not have
359 : * the signature's public key yet; verification is done when putting it
360 : * into the trustdb, which is done automagically as soon as this pubkey
361 : * is used.
362 : * - Proceed with next signature.
363 : *
364 : * Key revocation certificates have special handling.
365 : */
366 : static int
367 24 : import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
368 : import_stats_t stats_handle,
369 : unsigned char **fpr, size_t *fpr_len,
370 : unsigned int options,
371 : import_screener_t screener, void *screener_arg)
372 : {
373 : int i;
374 24 : int rc = 0;
375 24 : struct import_stats_s *stats = stats_handle;
376 :
377 24 : if (!stats)
378 24 : stats = import_new_stats_handle ();
379 :
380 24 : if (inp)
381 : {
382 0 : rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options,
383 : screener, screener_arg);
384 : }
385 : else
386 : {
387 24 : if (!fnames && !nnames)
388 1 : nnames = 1; /* Ohh what a ugly hack to jump into the loop */
389 :
390 50 : for (i=0; i < nnames; i++)
391 : {
392 26 : const char *fname = fnames? fnames[i] : NULL;
393 26 : IOBUF inp2 = iobuf_open(fname);
394 :
395 26 : if (!fname)
396 1 : fname = "[stdin]";
397 26 : if (inp2 && is_secured_file (iobuf_get_fd (inp2)))
398 : {
399 0 : iobuf_close (inp2);
400 0 : inp2 = NULL;
401 0 : gpg_err_set_errno (EPERM);
402 : }
403 26 : if (!inp2)
404 0 : log_error (_("can't open '%s': %s\n"), fname, strerror (errno));
405 : else
406 : {
407 26 : rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options,
408 : screener, screener_arg);
409 26 : iobuf_close (inp2);
410 : /* Must invalidate that ugly cache to actually close it. */
411 26 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
412 26 : if (rc)
413 0 : log_error ("import from '%s' failed: %s\n",
414 : fname, gpg_strerror (rc) );
415 : }
416 26 : if (!fname)
417 0 : break;
418 : }
419 : }
420 :
421 24 : if (!stats_handle)
422 : {
423 24 : import_print_stats (stats);
424 24 : import_release_stats_handle (stats);
425 : }
426 :
427 : /* If no fast import and the trustdb is dirty (i.e. we added a key
428 : or userID that had something other than a selfsig, a signature
429 : that was other than a selfsig, or any revocation), then
430 : update/check the trustdb if the user specified by setting
431 : interactive or by not setting no-auto-check-trustdb */
432 :
433 24 : if (!(options & IMPORT_FAST))
434 24 : check_or_update_trustdb (ctrl);
435 :
436 24 : return rc;
437 : }
438 :
439 :
440 : void
441 24 : import_keys (ctrl_t ctrl, char **fnames, int nnames,
442 : import_stats_t stats_handle, unsigned int options )
443 : {
444 24 : import_keys_internal (ctrl, NULL, fnames, nnames, stats_handle,
445 : NULL, NULL, options, NULL, NULL);
446 24 : }
447 :
448 : int
449 0 : import_keys_stream (ctrl_t ctrl, IOBUF inp, import_stats_t stats_handle,
450 : unsigned char **fpr, size_t *fpr_len, unsigned int options)
451 : {
452 0 : return import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
453 : fpr, fpr_len, options, NULL, NULL);
454 : }
455 :
456 :
457 : /* Variant of import_keys_stream reading from an estream_t. */
458 : int
459 0 : import_keys_es_stream (ctrl_t ctrl, estream_t fp,
460 : import_stats_t stats_handle,
461 : unsigned char **fpr, size_t *fpr_len,
462 : unsigned int options,
463 : import_screener_t screener, void *screener_arg)
464 : {
465 : int rc;
466 : iobuf_t inp;
467 :
468 0 : inp = iobuf_esopen (fp, "r", 1);
469 0 : if (!inp)
470 : {
471 0 : rc = gpg_error_from_syserror ();
472 0 : log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc));
473 0 : return rc;
474 : }
475 :
476 0 : rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
477 : fpr, fpr_len, options,
478 : screener, screener_arg);
479 :
480 0 : iobuf_close (inp);
481 0 : return rc;
482 : }
483 :
484 :
485 : static int
486 26 : import (ctrl_t ctrl, IOBUF inp, const char* fname,struct import_stats_s *stats,
487 : unsigned char **fpr,size_t *fpr_len, unsigned int options,
488 : import_screener_t screener, void *screener_arg)
489 : {
490 26 : PACKET *pending_pkt = NULL;
491 26 : kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
492 : grasp the return semantics of
493 : read_block. */
494 26 : int rc = 0;
495 : int v3keys;
496 :
497 26 : getkey_disable_caches ();
498 :
499 26 : if (!opt.no_armor) /* Armored reading is not disabled. */
500 : {
501 : armor_filter_context_t *afx;
502 :
503 26 : afx = new_armor_context ();
504 26 : afx->only_keyblocks = 1;
505 26 : push_armor_filter (afx, inp);
506 26 : release_armor_context (afx);
507 : }
508 :
509 146 : while (!(rc = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
510 : {
511 94 : stats->v3keys += v3keys;
512 94 : if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
513 86 : rc = import_one (ctrl, keyblock,
514 : stats, fpr, fpr_len, options, 0, 0,
515 : screener, screener_arg);
516 8 : else if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
517 8 : rc = import_secret_one (ctrl, keyblock, stats,
518 : opt.batch, options, 0,
519 : screener, screener_arg);
520 0 : else if (keyblock->pkt->pkttype == PKT_SIGNATURE
521 0 : && keyblock->pkt->pkt.signature->sig_class == 0x20 )
522 0 : rc = import_revoke_cert (keyblock, stats);
523 : else
524 : {
525 0 : log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
526 : }
527 94 : release_kbnode (keyblock);
528 :
529 : /* fixme: we should increment the not imported counter but
530 : this does only make sense if we keep on going despite of
531 : errors. For now we do this only if the imported key is too
532 : large. */
533 94 : if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
534 0 : && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
535 : {
536 0 : stats->not_imported++;
537 : }
538 94 : else if (rc)
539 0 : break;
540 :
541 94 : if (!(++stats->count % 100) && !opt.quiet)
542 0 : log_info (_("%lu keys processed so far\n"), stats->count );
543 : }
544 26 : stats->v3keys += v3keys;
545 26 : if (rc == -1)
546 26 : rc = 0;
547 0 : else if (rc && gpg_err_code (rc) != GPG_ERR_INV_KEYRING)
548 0 : log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc));
549 :
550 26 : return rc;
551 : }
552 :
553 :
554 : /* Helper to migrate secring.gpg to GnuPG 2.1. */
555 : gpg_error_t
556 3 : import_old_secring (ctrl_t ctrl, const char *fname)
557 : {
558 : gpg_error_t err;
559 : iobuf_t inp;
560 3 : PACKET *pending_pkt = NULL;
561 3 : kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
562 : grasp the return semantics of
563 : read_block. */
564 : struct import_stats_s *stats;
565 : int v3keys;
566 :
567 3 : inp = iobuf_open (fname);
568 3 : if (inp && is_secured_file (iobuf_get_fd (inp)))
569 : {
570 0 : iobuf_close (inp);
571 0 : inp = NULL;
572 0 : gpg_err_set_errno (EPERM);
573 : }
574 3 : if (!inp)
575 : {
576 0 : err = gpg_error_from_syserror ();
577 0 : log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
578 0 : return err;
579 : }
580 :
581 3 : getkey_disable_caches();
582 3 : stats = import_new_stats_handle ();
583 3 : while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
584 : {
585 9 : if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
586 9 : err = import_secret_one (ctrl, keyblock, stats, 1, 0, 1,
587 : NULL, NULL);
588 9 : release_kbnode (keyblock);
589 9 : if (err)
590 0 : break;
591 : }
592 3 : import_release_stats_handle (stats);
593 3 : if (err == -1)
594 3 : err = 0;
595 0 : else if (err && gpg_err_code (err) != GPG_ERR_INV_KEYRING)
596 0 : log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
597 0 : else if (err)
598 0 : log_error ("import from '%s' failed: %s\n", fname, gpg_strerror (err));
599 :
600 3 : iobuf_close (inp);
601 3 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
602 :
603 3 : return err;
604 : }
605 :
606 :
607 : void
608 24 : import_print_stats (import_stats_t stats)
609 : {
610 24 : if (!opt.quiet)
611 : {
612 23 : log_info(_("Total number processed: %lu\n"),
613 23 : stats->count + stats->v3keys);
614 23 : if (stats->v3keys)
615 0 : log_info(_(" skipped PGP-2 keys: %lu\n"), stats->v3keys);
616 23 : if (stats->skipped_new_keys )
617 0 : log_info(_(" skipped new keys: %lu\n"),
618 : stats->skipped_new_keys );
619 23 : if (stats->no_user_id )
620 0 : log_info(_(" w/o user IDs: %lu\n"), stats->no_user_id );
621 23 : if (stats->imported)
622 : {
623 18 : log_info(_(" imported: %lu"), stats->imported );
624 18 : log_printf ("\n");
625 : }
626 23 : if (stats->unchanged )
627 4 : log_info(_(" unchanged: %lu\n"), stats->unchanged );
628 23 : if (stats->n_uids )
629 0 : log_info(_(" new user IDs: %lu\n"), stats->n_uids );
630 23 : if (stats->n_subk )
631 0 : log_info(_(" new subkeys: %lu\n"), stats->n_subk );
632 23 : if (stats->n_sigs )
633 2 : log_info(_(" new signatures: %lu\n"), stats->n_sigs );
634 23 : if (stats->n_revoc )
635 0 : log_info(_(" new key revocations: %lu\n"), stats->n_revoc );
636 23 : if (stats->secret_read )
637 8 : log_info(_(" secret keys read: %lu\n"), stats->secret_read );
638 23 : if (stats->secret_imported )
639 7 : log_info(_(" secret keys imported: %lu\n"), stats->secret_imported );
640 23 : if (stats->secret_dups )
641 1 : log_info(_(" secret keys unchanged: %lu\n"), stats->secret_dups );
642 23 : if (stats->not_imported )
643 0 : log_info(_(" not imported: %lu\n"), stats->not_imported );
644 23 : if (stats->n_sigs_cleaned)
645 0 : log_info(_(" signatures cleaned: %lu\n"),stats->n_sigs_cleaned);
646 23 : if (stats->n_uids_cleaned)
647 0 : log_info(_(" user IDs cleaned: %lu\n"),stats->n_uids_cleaned);
648 : }
649 :
650 24 : if (is_status_enabled ())
651 : {
652 : char buf[15*20];
653 :
654 2 : snprintf (buf, sizeof buf,
655 : "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
656 1 : stats->count + stats->v3keys,
657 : stats->no_user_id,
658 : stats->imported,
659 : stats->unchanged,
660 : stats->n_uids,
661 : stats->n_subk,
662 : stats->n_sigs,
663 : stats->n_revoc,
664 : stats->secret_read,
665 : stats->secret_imported,
666 : stats->secret_dups,
667 : stats->skipped_new_keys,
668 : stats->not_imported,
669 : stats->v3keys );
670 1 : write_status_text (STATUS_IMPORT_RES, buf);
671 : }
672 24 : }
673 :
674 :
675 : /* Return true if PKTTYPE is valid in a keyblock. */
676 : static int
677 699 : valid_keyblock_packet (int pkttype)
678 : {
679 699 : switch (pkttype)
680 : {
681 : case PKT_PUBLIC_KEY:
682 : case PKT_PUBLIC_SUBKEY:
683 : case PKT_SECRET_KEY:
684 : case PKT_SECRET_SUBKEY:
685 : case PKT_SIGNATURE:
686 : case PKT_USER_ID:
687 : case PKT_ATTRIBUTE:
688 : case PKT_RING_TRUST:
689 699 : return 1;
690 : default:
691 0 : return 0;
692 : }
693 : }
694 :
695 :
696 : /****************
697 : * Read the next keyblock from stream A.
698 : * PENDING_PKT should be initialzed to NULL
699 : * and not changed by the caller.
700 : * Return: 0 = okay, -1 no more blocks or another errorcode.
701 : * The int at at R_V3KEY counts the number of unsupported v3
702 : * keyblocks.
703 : */
704 : static int
705 138 : read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
706 : {
707 : int rc;
708 : PACKET *pkt;
709 138 : kbnode_t root = NULL;
710 : int in_cert, in_v3key;
711 :
712 138 : *r_v3keys = 0;
713 :
714 138 : if (*pending_pkt)
715 : {
716 74 : root = new_kbnode( *pending_pkt );
717 74 : *pending_pkt = NULL;
718 74 : in_cert = 1;
719 : }
720 : else
721 64 : in_cert = 0;
722 :
723 138 : pkt = xmalloc (sizeof *pkt);
724 138 : init_packet (pkt);
725 138 : in_v3key = 0;
726 998 : while ((rc=parse_packet(a, pkt)) != -1)
727 : {
728 796 : if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
729 0 : && (pkt->pkttype == PKT_PUBLIC_KEY
730 0 : || pkt->pkttype == PKT_SECRET_KEY)))
731 : {
732 0 : in_v3key = 1;
733 0 : ++*r_v3keys;
734 0 : free_packet (pkt);
735 0 : init_packet (pkt);
736 0 : continue;
737 : }
738 796 : else if (rc ) /* (ignore errors) */
739 : {
740 0 : if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET)
741 : ; /* Do not show a diagnostic. */
742 : else
743 : {
744 0 : log_error("read_block: read error: %s\n", gpg_strerror (rc) );
745 0 : rc = GPG_ERR_INV_KEYRING;
746 0 : goto ready;
747 : }
748 0 : free_packet( pkt );
749 0 : init_packet(pkt);
750 0 : continue;
751 : }
752 :
753 796 : if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY
754 0 : || pkt->pkttype == PKT_SECRET_KEY))
755 : {
756 0 : free_packet( pkt );
757 0 : init_packet(pkt);
758 0 : continue;
759 : }
760 796 : in_v3key = 0;
761 :
762 796 : if (!root && pkt->pkttype == PKT_SIGNATURE
763 0 : && pkt->pkt.signature->sig_class == 0x20 )
764 : {
765 : /* This is a revocation certificate which is handled in a
766 : * special way. */
767 0 : root = new_kbnode( pkt );
768 0 : pkt = NULL;
769 0 : goto ready;
770 : }
771 :
772 : /* Make a linked list of all packets. */
773 796 : switch (pkt->pkttype)
774 : {
775 : case PKT_COMPRESSED:
776 0 : if (check_compress_algo (pkt->pkt.compressed->algorithm))
777 : {
778 0 : rc = GPG_ERR_COMPR_ALGO;
779 0 : goto ready;
780 : }
781 : else
782 : {
783 0 : compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
784 0 : pkt->pkt.compressed->buf = NULL;
785 0 : push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
786 : }
787 0 : free_packet( pkt );
788 0 : init_packet(pkt);
789 0 : break;
790 :
791 : case PKT_RING_TRUST:
792 : /* Skip those packets. */
793 23 : free_packet( pkt );
794 23 : init_packet(pkt);
795 23 : break;
796 :
797 : case PKT_PUBLIC_KEY:
798 : case PKT_SECRET_KEY:
799 109 : if (in_cert ) /* Store this packet. */
800 : {
801 74 : *pending_pkt = pkt;
802 74 : pkt = NULL;
803 74 : goto ready;
804 : }
805 35 : in_cert = 1;
806 : default:
807 699 : if (in_cert && valid_keyblock_packet (pkt->pkttype))
808 : {
809 699 : if (!root )
810 35 : root = new_kbnode (pkt);
811 : else
812 664 : add_kbnode (root, new_kbnode (pkt));
813 699 : pkt = xmalloc (sizeof *pkt);
814 : }
815 699 : init_packet(pkt);
816 699 : break;
817 : }
818 : }
819 :
820 : ready:
821 138 : if (rc == -1 && root )
822 35 : rc = 0;
823 :
824 138 : if (rc )
825 29 : release_kbnode( root );
826 : else
827 109 : *ret_root = root;
828 138 : free_packet( pkt );
829 138 : xfree( pkt );
830 138 : return rc;
831 : }
832 :
833 :
834 : /* Walk through the subkeys on a pk to find if we have the PKS
835 : disease: multiple subkeys with their binding sigs stripped, and the
836 : sig for the first subkey placed after the last subkey. That is,
837 : instead of "pk uid sig sub1 bind1 sub2 bind2 sub3 bind3" we have
838 : "pk uid sig sub1 sub2 sub3 bind1". We can't do anything about sub2
839 : and sub3, as they are already lost, but we can try and rescue sub1
840 : by reordering the keyblock so that it reads "pk uid sig sub1 bind1
841 : sub2 sub3". Returns TRUE if the keyblock was modified. */
842 : static int
843 0 : fix_pks_corruption (kbnode_t keyblock)
844 : {
845 0 : int changed = 0;
846 0 : int keycount = 0;
847 : kbnode_t node;
848 0 : kbnode_t last = NULL;
849 0 : kbnode_t sknode=NULL;
850 :
851 : /* First determine if we have the problem at all. Look for 2 or
852 : more subkeys in a row, followed by a single binding sig. */
853 0 : for (node=keyblock; node; last=node, node=node->next)
854 : {
855 0 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
856 : {
857 0 : keycount++;
858 0 : if(!sknode)
859 0 : sknode=node;
860 : }
861 0 : else if (node->pkt->pkttype == PKT_SIGNATURE
862 0 : && node->pkt->pkt.signature->sig_class == 0x18
863 0 : && keycount >= 2
864 0 : && !node->next)
865 : {
866 : /* We might have the problem, as this key has two subkeys in
867 : a row without any intervening packets. */
868 :
869 : /* Sanity check */
870 0 : if (!last)
871 0 : break;
872 :
873 : /* Temporarily attach node to sknode. */
874 0 : node->next = sknode->next;
875 0 : sknode->next = node;
876 0 : last->next = NULL;
877 :
878 : /* Note we aren't checking whether this binding sig is a
879 : selfsig. This is not necessary here as the subkey and
880 : binding sig will be rejected later if that is the
881 : case. */
882 0 : if (check_key_signature (keyblock,node,NULL))
883 : {
884 : /* Not a match, so undo the changes. */
885 0 : sknode->next = node->next;
886 0 : last->next = node;
887 0 : node->next = NULL;
888 0 : break;
889 : }
890 : else
891 : {
892 : /* Mark it good so we don't need to check it again */
893 0 : sknode->flag |= NODE_GOOD_SELFSIG;
894 0 : changed = 1;
895 0 : break;
896 : }
897 : }
898 : else
899 0 : keycount = 0;
900 : }
901 :
902 0 : return changed;
903 : }
904 :
905 :
906 : /* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus
907 : direct key signatures. A side effect of this was that a later
908 : import of the same good direct key signatures was not possible
909 : because the cmp_signature check in merge_blocks considered them
910 : equal. Although direct key signatures are now checked during
911 : import, there might still be bogus signatures sitting in a keyring.
912 : We need to detect and delete them before doing a merge. This
913 : function returns the number of removed sigs. */
914 : static int
915 40 : fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid)
916 : {
917 : gpg_error_t err;
918 : kbnode_t node;
919 40 : int count = 0;
920 :
921 40 : for (node = keyblock->next; node; node=node->next)
922 : {
923 40 : if (node->pkt->pkttype == PKT_USER_ID)
924 40 : break;
925 0 : if (node->pkt->pkttype == PKT_SIGNATURE
926 0 : && IS_KEY_SIG (node->pkt->pkt.signature))
927 : {
928 0 : err = check_key_signature (keyblock, node, NULL);
929 0 : if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )
930 : {
931 : /* If we don't know the error, we can't decide; this is
932 : not a problem because cmp_signature can't compare the
933 : signature either. */
934 0 : log_info ("key %s: invalid direct key signature removed\n",
935 : keystr (keyid));
936 0 : delete_kbnode (node);
937 0 : count++;
938 : }
939 : }
940 : }
941 :
942 40 : return count;
943 : }
944 :
945 :
946 : static void
947 2 : print_import_ok (PKT_public_key *pk, unsigned int reason)
948 : {
949 : byte array[MAX_FINGERPRINT_LEN], *s;
950 : char buf[MAX_FINGERPRINT_LEN*2+30], *p;
951 : size_t i, n;
952 :
953 2 : snprintf (buf, sizeof buf, "%u ", reason);
954 2 : p = buf + strlen (buf);
955 :
956 2 : fingerprint_from_pk (pk, array, &n);
957 2 : s = array;
958 42 : for (i=0; i < n ; i++, s++, p += 2)
959 40 : sprintf (p, "%02X", *s);
960 :
961 2 : write_status_text (STATUS_IMPORT_OK, buf);
962 2 : }
963 :
964 :
965 : static void
966 0 : print_import_check (PKT_public_key * pk, PKT_user_id * id)
967 : {
968 : char * buf;
969 : byte fpr[24];
970 : u32 keyid[2];
971 : size_t i, n;
972 0 : size_t pos = 0;
973 :
974 0 : buf = xmalloc (17+41+id->len+32);
975 0 : keyid_from_pk (pk, keyid);
976 0 : sprintf (buf, "%08X%08X ", keyid[0], keyid[1]);
977 0 : pos = 17;
978 0 : fingerprint_from_pk (pk, fpr, &n);
979 0 : for (i = 0; i < n; i++, pos += 2)
980 0 : sprintf (buf+pos, "%02X", fpr[i]);
981 0 : strcat (buf, " ");
982 0 : strcat (buf, id->name);
983 0 : write_status_text (STATUS_IMPORT_CHECK, buf);
984 0 : xfree (buf);
985 0 : }
986 :
987 :
988 : static void
989 0 : check_prefs_warning(PKT_public_key *pk)
990 : {
991 0 : log_info(_("WARNING: key %s contains preferences for unavailable\n"
992 : "algorithms on these user IDs:\n"), keystr_from_pk(pk));
993 0 : }
994 :
995 :
996 : static void
997 26 : check_prefs (ctrl_t ctrl, kbnode_t keyblock)
998 : {
999 : kbnode_t node;
1000 : PKT_public_key *pk;
1001 26 : int problem=0;
1002 :
1003 26 : merge_keys_and_selfsig(keyblock);
1004 26 : pk=keyblock->pkt->pkt.public_key;
1005 :
1006 167 : for(node=keyblock;node;node=node->next)
1007 : {
1008 141 : if(node->pkt->pkttype==PKT_USER_ID
1009 30 : && node->pkt->pkt.user_id->created
1010 28 : && node->pkt->pkt.user_id->prefs)
1011 : {
1012 28 : PKT_user_id *uid = node->pkt->pkt.user_id;
1013 28 : prefitem_t *prefs = uid->prefs;
1014 28 : char *user = utf8_to_native(uid->name,strlen(uid->name),0);
1015 :
1016 271 : for(;prefs->type;prefs++)
1017 : {
1018 : char num[10]; /* prefs->value is a byte, so we're over
1019 : safe here */
1020 :
1021 243 : sprintf(num,"%u",prefs->value);
1022 :
1023 243 : if(prefs->type==PREFTYPE_SYM)
1024 : {
1025 107 : if (openpgp_cipher_test_algo (prefs->value))
1026 : {
1027 0 : const char *algo =
1028 0 : (openpgp_cipher_test_algo (prefs->value)
1029 : ? num
1030 0 : : openpgp_cipher_algo_name (prefs->value));
1031 0 : if(!problem)
1032 0 : check_prefs_warning(pk);
1033 0 : log_info(_(" \"%s\": preference for cipher"
1034 : " algorithm %s\n"), user, algo);
1035 0 : problem=1;
1036 : }
1037 : }
1038 136 : else if(prefs->type==PREFTYPE_HASH)
1039 : {
1040 77 : if(openpgp_md_test_algo(prefs->value))
1041 : {
1042 0 : const char *algo =
1043 0 : (gcry_md_test_algo (prefs->value)
1044 : ? num
1045 0 : : gcry_md_algo_name (prefs->value));
1046 0 : if(!problem)
1047 0 : check_prefs_warning(pk);
1048 0 : log_info(_(" \"%s\": preference for digest"
1049 : " algorithm %s\n"), user, algo);
1050 0 : problem=1;
1051 : }
1052 : }
1053 59 : else if(prefs->type==PREFTYPE_ZIP)
1054 : {
1055 59 : if(check_compress_algo (prefs->value))
1056 : {
1057 0 : const char *algo=compress_algo_to_string(prefs->value);
1058 0 : if(!problem)
1059 0 : check_prefs_warning(pk);
1060 0 : log_info(_(" \"%s\": preference for compression"
1061 : " algorithm %s\n"),user,algo?algo:num);
1062 0 : problem=1;
1063 : }
1064 : }
1065 : }
1066 :
1067 28 : xfree(user);
1068 : }
1069 : }
1070 :
1071 26 : if(problem)
1072 : {
1073 0 : log_info(_("it is strongly suggested that you update"
1074 : " your preferences and\n"));
1075 0 : log_info(_("re-distribute this key to avoid potential algorithm"
1076 : " mismatch problems\n"));
1077 :
1078 0 : if(!opt.batch)
1079 : {
1080 0 : strlist_t sl = NULL;
1081 0 : strlist_t locusr = NULL;
1082 0 : size_t fprlen=0;
1083 : byte fpr[MAX_FINGERPRINT_LEN], *p;
1084 : char username[(MAX_FINGERPRINT_LEN*2)+1];
1085 : unsigned int i;
1086 :
1087 0 : p = fingerprint_from_pk (pk,fpr,&fprlen);
1088 0 : for(i=0;i<fprlen;i++,p++)
1089 0 : sprintf(username+2*i,"%02X",*p);
1090 0 : add_to_strlist(&locusr,username);
1091 :
1092 0 : append_to_strlist(&sl,"updpref");
1093 0 : append_to_strlist(&sl,"save");
1094 :
1095 0 : keyedit_menu (ctrl, username, locusr, sl, 1, 1 );
1096 0 : free_strlist(sl);
1097 0 : free_strlist(locusr);
1098 : }
1099 0 : else if(!opt.quiet)
1100 0 : log_info(_("you can update your preferences with:"
1101 : " gpg --edit-key %s updpref save\n"),keystr_from_pk(pk));
1102 : }
1103 26 : }
1104 :
1105 :
1106 : /* Helper for apply_*_filter in im,port.c and export.c. */
1107 : const char *
1108 0 : impex_filter_getval (void *cookie, const char *propname)
1109 : {
1110 : /* FIXME: Malloc our static buffers and access them via the cookie. */
1111 0 : kbnode_t node = cookie;
1112 : static char numbuf[20];
1113 : const char *result;
1114 :
1115 0 : if (node->pkt->pkttype == PKT_USER_ID)
1116 : {
1117 0 : if (!strcmp (propname, "uid"))
1118 0 : result = node->pkt->pkt.user_id->name;
1119 0 : else if (!strcmp (propname, "mbox"))
1120 : {
1121 0 : if (!node->pkt->pkt.user_id->mbox)
1122 : {
1123 0 : node->pkt->pkt.user_id->mbox
1124 0 : = mailbox_from_userid (node->pkt->pkt.user_id->name);
1125 : }
1126 0 : result = node->pkt->pkt.user_id->mbox;
1127 : }
1128 0 : else if (!strcmp (propname, "primary"))
1129 0 : result = node->pkt->pkt.user_id->is_primary? "1":"0";
1130 : else
1131 0 : result = NULL;
1132 : }
1133 0 : else if (node->pkt->pkttype == PKT_SIGNATURE
1134 0 : || node->pkt->pkttype == PKT_ATTRIBUTE)
1135 0 : {
1136 0 : PKT_signature *sig = node->pkt->pkt.signature;
1137 :
1138 0 : if (!strcmp (propname, "sig_created"))
1139 : {
1140 0 : snprintf (numbuf, sizeof numbuf, "%lu", (ulong)sig->timestamp);
1141 0 : result = numbuf;
1142 : }
1143 0 : else if (!strcmp (propname, "sig_created_d"))
1144 : {
1145 0 : result = datestr_from_sig (sig);
1146 : }
1147 0 : else if (!strcmp (propname, "sig_algo"))
1148 : {
1149 0 : snprintf (numbuf, sizeof numbuf, "%d", sig->pubkey_algo);
1150 0 : result = numbuf;
1151 : }
1152 0 : else if (!strcmp (propname, "sig_digest_algo"))
1153 : {
1154 0 : snprintf (numbuf, sizeof numbuf, "%d", sig->digest_algo);
1155 0 : result = numbuf;
1156 : }
1157 : else
1158 0 : result = NULL;
1159 : }
1160 0 : else if (node->pkt->pkttype == PKT_PUBLIC_KEY
1161 0 : || node->pkt->pkttype == PKT_SECRET_KEY
1162 0 : || node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1163 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1164 0 : {
1165 0 : PKT_public_key *pk = node->pkt->pkt.public_key;
1166 :
1167 0 : if (!strcmp (propname, "secret"))
1168 : {
1169 0 : result = (node->pkt->pkttype == PKT_SECRET_KEY
1170 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)? "1":"0";
1171 : }
1172 0 : else if (!strcmp (propname, "key_algo"))
1173 : {
1174 0 : snprintf (numbuf, sizeof numbuf, "%d", pk->pubkey_algo);
1175 0 : result = numbuf;
1176 : }
1177 0 : if (!strcmp (propname, "key_created"))
1178 : {
1179 0 : snprintf (numbuf, sizeof numbuf, "%lu", (ulong)pk->timestamp);
1180 0 : result = numbuf;
1181 : }
1182 0 : else if (!strcmp (propname, "key_created_d"))
1183 : {
1184 0 : result = datestr_from_pk (pk);
1185 : }
1186 : else
1187 0 : result = NULL;
1188 : }
1189 : else
1190 0 : result = NULL;
1191 :
1192 0 : return result;
1193 : }
1194 :
1195 :
1196 : /*
1197 : * Apply the keep-uid filter to the keyblock. The deleted nodes are
1198 : * marked and thus the caller should call commit_kbnode afterwards.
1199 : * KEYBLOCK must not have any blocks marked as deleted.
1200 : */
1201 : static void
1202 0 : apply_keep_uid_filter (kbnode_t keyblock, recsel_expr_t selector)
1203 : {
1204 : kbnode_t node;
1205 :
1206 0 : for (node = keyblock->next; node; node = node->next )
1207 : {
1208 0 : if (node->pkt->pkttype == PKT_USER_ID)
1209 : {
1210 0 : if (!recsel_select (selector, impex_filter_getval, node))
1211 : {
1212 :
1213 : /* log_debug ("keep-uid: deleting '%s'\n", */
1214 : /* node->pkt->pkt.user_id->name); */
1215 : /* The UID packet and all following packets up to the
1216 : * next UID or a subkey. */
1217 0 : delete_kbnode (node);
1218 0 : for (; node->next
1219 0 : && node->next->pkt->pkttype != PKT_USER_ID
1220 0 : && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
1221 0 : && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ;
1222 0 : node = node->next)
1223 0 : delete_kbnode (node->next);
1224 : }
1225 : /* else */
1226 : /* log_debug ("keep-uid: keeping '%s'\n", */
1227 : /* node->pkt->pkt.user_id->name); */
1228 : }
1229 : }
1230 0 : }
1231 :
1232 :
1233 : /*
1234 : * Apply the drop-sig filter to the keyblock. The deleted nodes are
1235 : * marked and thus the caller should call commit_kbnode afterwards.
1236 : * KEYBLOCK must not have any blocks marked as deleted.
1237 : */
1238 : static void
1239 0 : apply_drop_sig_filter (kbnode_t keyblock, recsel_expr_t selector)
1240 : {
1241 : kbnode_t node;
1242 0 : int active = 0;
1243 : u32 main_keyid[2];
1244 : PKT_signature *sig;
1245 :
1246 0 : keyid_from_pk (keyblock->pkt->pkt.public_key, main_keyid);
1247 :
1248 : /* Loop over all signatures for user id and attribute packets which
1249 : * are not self signatures. */
1250 0 : for (node = keyblock->next; node; node = node->next )
1251 : {
1252 0 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
1253 0 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
1254 : break; /* ready. */
1255 0 : if (node->pkt->pkttype == PKT_USER_ID)
1256 0 : active = 1;
1257 0 : if (!active)
1258 0 : continue;
1259 0 : if (node->pkt->pkttype != PKT_SIGNATURE
1260 0 : && node->pkt->pkttype != PKT_ATTRIBUTE)
1261 0 : continue;
1262 :
1263 0 : sig = node->pkt->pkt.signature;
1264 0 : if (main_keyid[0] == sig->keyid[0] || main_keyid[1] == sig->keyid[1])
1265 0 : continue; /* Skip self-signatures. */
1266 :
1267 0 : if (IS_UID_SIG(sig) || IS_UID_REV(sig))
1268 : {
1269 0 : if (recsel_select (selector, impex_filter_getval, node))
1270 0 : delete_kbnode (node);
1271 : }
1272 : }
1273 0 : }
1274 :
1275 :
1276 : /*
1277 : * Try to import one keyblock. Return an error only in serious cases,
1278 : * but never for an invalid keyblock. It uses log_error to increase
1279 : * the internal errorcount, so that invalid input can be detected by
1280 : * programs which called gpg. If SILENT is no messages are printed -
1281 : * even most error messages are suppressed.
1282 : */
1283 : static int
1284 103 : import_one (ctrl_t ctrl,
1285 : kbnode_t keyblock, struct import_stats_s *stats,
1286 : unsigned char **fpr, size_t *fpr_len, unsigned int options,
1287 : int from_sk, int silent,
1288 : import_screener_t screener, void *screener_arg)
1289 : {
1290 : PKT_public_key *pk;
1291 103 : PKT_public_key *pk_orig = NULL;
1292 : kbnode_t node, uidnode;
1293 103 : kbnode_t keyblock_orig = NULL;
1294 : byte fpr2[MAX_FINGERPRINT_LEN];
1295 : size_t fpr2len;
1296 : u32 keyid[2];
1297 103 : int rc = 0;
1298 103 : int new_key = 0;
1299 103 : int mod_key = 0;
1300 103 : int same_key = 0;
1301 103 : int non_self = 0;
1302 : size_t an;
1303 : char pkstrbuf[PUBKEY_STRING_SIZE];
1304 103 : int merge_keys_done = 0;
1305 :
1306 : /* Get the key and print some info about it. */
1307 103 : node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
1308 103 : if (!node )
1309 0 : BUG();
1310 :
1311 103 : pk = node->pkt->pkt.public_key;
1312 :
1313 103 : fingerprint_from_pk (pk, fpr2, &fpr2len);
1314 103 : for (an = fpr2len; an < MAX_FINGERPRINT_LEN; an++)
1315 0 : fpr2[an] = 0;
1316 103 : keyid_from_pk( pk, keyid );
1317 103 : uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
1318 :
1319 103 : if (opt.verbose && !opt.interactive && !silent)
1320 : {
1321 0 : log_info( "pub %s/%s %s ",
1322 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
1323 : keystr_from_pk(pk), datestr_from_pk(pk) );
1324 0 : if (uidnode)
1325 0 : print_utf8_buffer (log_get_stream (),
1326 0 : uidnode->pkt->pkt.user_id->name,
1327 0 : uidnode->pkt->pkt.user_id->len );
1328 0 : log_printf ("\n");
1329 : }
1330 :
1331 :
1332 103 : if (!uidnode )
1333 : {
1334 0 : if (!silent)
1335 0 : log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
1336 0 : return 0;
1337 : }
1338 :
1339 103 : if (screener && screener (keyblock, screener_arg))
1340 : {
1341 0 : log_error (_("key %s: %s\n"), keystr_from_pk (pk),
1342 : _("rejected by import screener"));
1343 0 : return 0;
1344 : }
1345 :
1346 103 : if (opt.interactive && !silent)
1347 : {
1348 0 : if (is_status_enabled())
1349 0 : print_import_check (pk, uidnode->pkt->pkt.user_id);
1350 0 : merge_keys_and_selfsig (keyblock);
1351 0 : tty_printf ("\n");
1352 0 : show_basic_key_info (keyblock);
1353 0 : tty_printf ("\n");
1354 0 : if (!cpr_get_answer_is_yes ("import.okay",
1355 : "Do you want to import this key? (y/N) "))
1356 0 : return 0;
1357 : }
1358 :
1359 103 : collapse_uids(&keyblock);
1360 :
1361 : /* Clean the key that we're about to import, to cut down on things
1362 : that we have to clean later. This has no practical impact on the
1363 : end result, but does result in less logging which might confuse
1364 : the user. */
1365 103 : if (options&IMPORT_CLEAN)
1366 0 : clean_key (keyblock,opt.verbose,options&IMPORT_MINIMAL,NULL,NULL);
1367 :
1368 103 : clear_kbnode_flags( keyblock );
1369 :
1370 103 : if ((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
1371 0 : && opt.verbose)
1372 0 : log_info (_("key %s: PKS subkey corruption repaired\n"),
1373 : keystr_from_pk(pk));
1374 :
1375 103 : if (chk_self_sigs (keyblock, keyid, &non_self))
1376 0 : return 0; /* Invalid keyblock - error already printed. */
1377 :
1378 : /* If we allow such a thing, mark unsigned uids as valid */
1379 103 : if (opt.allow_non_selfsigned_uid)
1380 : {
1381 16 : for (node=keyblock; node; node = node->next )
1382 12 : if (node->pkt->pkttype == PKT_USER_ID
1383 4 : && !(node->flag & NODE_GOOD_SELFSIG)
1384 4 : && !(node->flag & NODE_BAD_SELFSIG) )
1385 : {
1386 4 : char *user=utf8_to_native(node->pkt->pkt.user_id->name,
1387 4 : node->pkt->pkt.user_id->len,0);
1388 : /* Fake a good signature status for the user id. */
1389 4 : node->flag |= NODE_GOOD_SELFSIG;
1390 4 : log_info( _("key %s: accepted non self-signed user ID \"%s\"\n"),
1391 : keystr_from_pk(pk),user);
1392 4 : xfree(user);
1393 : }
1394 : }
1395 :
1396 103 : if (!delete_inv_parts (keyblock, keyid, options ) )
1397 : {
1398 0 : if (!silent)
1399 : {
1400 0 : log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
1401 0 : if (!opt.quiet )
1402 0 : log_info(_("this may be caused by a missing self-signature\n"));
1403 : }
1404 0 : stats->no_user_id++;
1405 0 : return 0;
1406 : }
1407 :
1408 : /* Get rid of deleted nodes. */
1409 103 : commit_kbnode (&keyblock);
1410 :
1411 : /* Apply import filter. */
1412 103 : if (import_keep_uid)
1413 : {
1414 0 : apply_keep_uid_filter (keyblock, import_keep_uid);
1415 0 : commit_kbnode (&keyblock);
1416 : }
1417 103 : if (import_drop_sig)
1418 : {
1419 0 : apply_drop_sig_filter (keyblock, import_drop_sig);
1420 0 : commit_kbnode (&keyblock);
1421 : }
1422 :
1423 :
1424 : /* Show the key in the form it is merged or inserted. We skip this
1425 : * if "import-export" is also active without --armor or the output
1426 : * file has explicily been given. */
1427 103 : if ((options & IMPORT_SHOW)
1428 0 : && !((options & IMPORT_EXPORT) && !opt.armor && !opt.outfile))
1429 : {
1430 0 : merge_keys_and_selfsig (keyblock);
1431 0 : merge_keys_done = 1;
1432 : /* Note that we do not want to show the validity because the key
1433 : * has not yet imported. */
1434 0 : list_keyblock_direct (ctrl, keyblock, 0, 0, 1, 1);
1435 0 : es_fflush (es_stdout);
1436 : }
1437 :
1438 : /* Write the keyblock to the output and do not actually import. */
1439 103 : if ((options & IMPORT_EXPORT))
1440 : {
1441 0 : if (!merge_keys_done)
1442 : {
1443 0 : merge_keys_and_selfsig (keyblock);
1444 0 : merge_keys_done = 1;
1445 : }
1446 0 : rc = write_keyblock_to_output (keyblock, opt.armor, opt.export_options);
1447 0 : goto leave;
1448 : }
1449 :
1450 103 : if (opt.dry_run)
1451 0 : goto leave;
1452 :
1453 : /* Do we have this key already in one of our pubrings ? */
1454 103 : pk_orig = xmalloc_clear( sizeof *pk_orig );
1455 103 : rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len);
1456 103 : if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
1457 0 : && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY )
1458 : {
1459 0 : if (!silent)
1460 0 : log_error (_("key %s: public key not found: %s\n"),
1461 : keystr(keyid), gpg_strerror (rc));
1462 : }
1463 103 : else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
1464 : {
1465 0 : if (opt.verbose && !silent )
1466 0 : log_info( _("key %s: new key - skipped\n"), keystr(keyid));
1467 0 : rc = 0;
1468 0 : stats->skipped_new_keys++;
1469 : }
1470 103 : else if (rc ) /* Insert this key. */
1471 : {
1472 : KEYDB_HANDLE hd;
1473 :
1474 63 : hd = keydb_new ();
1475 63 : if (!hd)
1476 0 : return gpg_error_from_syserror ();
1477 :
1478 63 : rc = keydb_locate_writable (hd);
1479 63 : if (rc)
1480 : {
1481 0 : log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc));
1482 0 : keydb_release (hd);
1483 0 : return GPG_ERR_GENERAL;
1484 : }
1485 63 : if (opt.verbose > 1 )
1486 0 : log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) );
1487 :
1488 63 : rc = keydb_insert_keyblock (hd, keyblock );
1489 63 : if (rc)
1490 0 : log_error (_("error writing keyring '%s': %s\n"),
1491 : keydb_get_resource_name (hd), gpg_strerror (rc));
1492 63 : else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
1493 : {
1494 : /* This should not be possible since we delete the
1495 : ownertrust when a key is deleted, but it can happen if
1496 : the keyring and trustdb are out of sync. It can also
1497 : be made to happen with the trusted-key command and by
1498 : importing and locally exported key. */
1499 :
1500 63 : clear_ownertrusts (pk);
1501 63 : if (non_self)
1502 3 : revalidation_mark ();
1503 : }
1504 63 : keydb_release (hd);
1505 :
1506 : /* We are ready. */
1507 63 : if (!opt.quiet && !silent)
1508 : {
1509 62 : char *p = get_user_id_byfpr_native (fpr2);
1510 62 : log_info (_("key %s: public key \"%s\" imported\n"),
1511 : keystr(keyid), p);
1512 62 : xfree(p);
1513 : }
1514 63 : if (is_status_enabled())
1515 : {
1516 1 : char *us = get_long_user_id_string( keyid );
1517 1 : write_status_text( STATUS_IMPORTED, us );
1518 1 : xfree(us);
1519 1 : print_import_ok (pk, 1);
1520 : }
1521 63 : stats->imported++;
1522 63 : new_key = 1;
1523 : }
1524 : else /* merge */
1525 : {
1526 : KEYDB_HANDLE hd;
1527 : int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned;
1528 :
1529 : /* Compare the original against the new key; just to be sure nothing
1530 : * weird is going on */
1531 40 : if (cmp_public_keys( pk_orig, pk ) )
1532 : {
1533 0 : if (!silent)
1534 0 : log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
1535 0 : goto leave;
1536 : }
1537 :
1538 : /* Now read the original keyblock again so that we can use
1539 : that handle for updating the keyblock. */
1540 40 : hd = keydb_new ();
1541 40 : if (!hd)
1542 : {
1543 0 : rc = gpg_error_from_syserror ();
1544 0 : goto leave;
1545 : }
1546 40 : keydb_disable_caching (hd);
1547 40 : rc = keydb_search_fpr (hd, fpr2);
1548 40 : if (rc )
1549 : {
1550 0 : log_error (_("key %s: can't locate original keyblock: %s\n"),
1551 : keystr(keyid), gpg_strerror (rc));
1552 0 : keydb_release (hd);
1553 0 : goto leave;
1554 : }
1555 40 : rc = keydb_get_keyblock (hd, &keyblock_orig);
1556 40 : if (rc)
1557 : {
1558 0 : log_error (_("key %s: can't read original keyblock: %s\n"),
1559 : keystr(keyid), gpg_strerror (rc));
1560 0 : keydb_release (hd);
1561 0 : goto leave;
1562 : }
1563 :
1564 : /* Make sure the original direct key sigs are all sane. */
1565 40 : n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
1566 40 : if (n_sigs_cleaned)
1567 0 : commit_kbnode (&keyblock_orig);
1568 :
1569 : /* and try to merge the block */
1570 40 : clear_kbnode_flags( keyblock_orig );
1571 40 : clear_kbnode_flags( keyblock );
1572 40 : n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
1573 40 : rc = merge_blocks (keyblock_orig, keyblock,
1574 : keyid, &n_uids, &n_sigs, &n_subk );
1575 40 : if (rc )
1576 : {
1577 0 : keydb_release (hd);
1578 0 : goto leave;
1579 : }
1580 :
1581 40 : if ((options & IMPORT_CLEAN))
1582 0 : clean_key (keyblock_orig,opt.verbose,options&IMPORT_MINIMAL,
1583 : &n_uids_cleaned,&n_sigs_cleaned);
1584 :
1585 40 : if (n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned)
1586 : {
1587 2 : mod_key = 1;
1588 : /* KEYBLOCK_ORIG has been updated; write */
1589 2 : rc = keydb_update_keyblock (hd, keyblock_orig);
1590 2 : if (rc)
1591 0 : log_error (_("error writing keyring '%s': %s\n"),
1592 : keydb_get_resource_name (hd), gpg_strerror (rc) );
1593 2 : else if (non_self)
1594 0 : revalidation_mark ();
1595 :
1596 : /* We are ready. */
1597 2 : if (!opt.quiet && !silent)
1598 : {
1599 2 : char *p = get_user_id_byfpr_native (fpr2);
1600 2 : if (n_uids == 1 )
1601 0 : log_info( _("key %s: \"%s\" 1 new user ID\n"),
1602 : keystr(keyid),p);
1603 2 : else if (n_uids )
1604 0 : log_info( _("key %s: \"%s\" %d new user IDs\n"),
1605 : keystr(keyid),p,n_uids);
1606 2 : if (n_sigs == 1 )
1607 2 : log_info( _("key %s: \"%s\" 1 new signature\n"),
1608 : keystr(keyid), p);
1609 0 : else if (n_sigs )
1610 0 : log_info( _("key %s: \"%s\" %d new signatures\n"),
1611 : keystr(keyid), p, n_sigs );
1612 2 : if (n_subk == 1 )
1613 0 : log_info( _("key %s: \"%s\" 1 new subkey\n"),
1614 : keystr(keyid), p);
1615 2 : else if (n_subk )
1616 0 : log_info( _("key %s: \"%s\" %d new subkeys\n"),
1617 : keystr(keyid), p, n_subk );
1618 2 : if (n_sigs_cleaned==1)
1619 0 : log_info(_("key %s: \"%s\" %d signature cleaned\n"),
1620 : keystr(keyid),p,n_sigs_cleaned);
1621 2 : else if (n_sigs_cleaned)
1622 0 : log_info(_("key %s: \"%s\" %d signatures cleaned\n"),
1623 : keystr(keyid),p,n_sigs_cleaned);
1624 2 : if (n_uids_cleaned==1)
1625 0 : log_info(_("key %s: \"%s\" %d user ID cleaned\n"),
1626 : keystr(keyid),p,n_uids_cleaned);
1627 2 : else if (n_uids_cleaned)
1628 0 : log_info(_("key %s: \"%s\" %d user IDs cleaned\n"),
1629 : keystr(keyid),p,n_uids_cleaned);
1630 2 : xfree(p);
1631 : }
1632 :
1633 2 : stats->n_uids +=n_uids;
1634 2 : stats->n_sigs +=n_sigs;
1635 2 : stats->n_subk +=n_subk;
1636 2 : stats->n_sigs_cleaned +=n_sigs_cleaned;
1637 2 : stats->n_uids_cleaned +=n_uids_cleaned;
1638 :
1639 4 : if (is_status_enabled () && !silent)
1640 0 : print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1641 : }
1642 : else
1643 : {
1644 38 : same_key = 1;
1645 38 : if (is_status_enabled ())
1646 0 : print_import_ok (pk, 0);
1647 :
1648 38 : if (!opt.quiet && !silent)
1649 : {
1650 29 : char *p = get_user_id_byfpr_native (fpr2);
1651 29 : log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
1652 29 : xfree(p);
1653 : }
1654 :
1655 38 : stats->unchanged++;
1656 : }
1657 :
1658 40 : keydb_release (hd); hd = NULL;
1659 : }
1660 :
1661 : leave:
1662 103 : if (mod_key || new_key || same_key)
1663 : {
1664 : /* A little explanation for this: we fill in the fingerprint
1665 : when importing keys as it can be useful to know the
1666 : fingerprint in certain keyserver-related cases (a keyserver
1667 : asked for a particular name, but the key doesn't have that
1668 : name). However, in cases where we're importing more than
1669 : one key at a time, we cannot know which key to fingerprint.
1670 : In these cases, rather than guessing, we do not
1671 : fingerprinting at all, and we must hope the user ID on the
1672 : keys are useful. Note that we need to do this for new
1673 : keys, merged keys and even for unchanged keys. This is
1674 : required because for example the --auto-key-locate feature
1675 : may import an already imported key and needs to know the
1676 : fingerprint of the key in all cases. */
1677 103 : if (fpr)
1678 : {
1679 0 : xfree (*fpr);
1680 : /* Note that we need to compare against 0 here because
1681 : COUNT gets only incremented after returning from this
1682 : function. */
1683 0 : if (!stats->count)
1684 0 : *fpr = fingerprint_from_pk (pk, NULL, fpr_len);
1685 : else
1686 0 : *fpr = NULL;
1687 : }
1688 : }
1689 :
1690 : /* Now that the key is definitely incorporated into the keydb, we
1691 : need to check if a designated revocation is present or if the
1692 : prefs are not rational so we can warn the user. */
1693 :
1694 103 : if (mod_key)
1695 : {
1696 2 : revocation_present (ctrl, keyblock_orig);
1697 2 : if (!from_sk && have_secret_key_with_kid (keyid))
1698 0 : check_prefs (ctrl, keyblock_orig);
1699 : }
1700 101 : else if (new_key)
1701 : {
1702 63 : revocation_present (ctrl, keyblock);
1703 63 : if (!from_sk && have_secret_key_with_kid (keyid))
1704 9 : check_prefs (ctrl, keyblock);
1705 : }
1706 :
1707 103 : release_kbnode( keyblock_orig );
1708 103 : free_public_key( pk_orig );
1709 :
1710 103 : return rc;
1711 : }
1712 :
1713 :
1714 : /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The
1715 : function prints diagnostics and returns an error code. If BATCH is
1716 : true the secret keys are stored by gpg-agent in the transfer format
1717 : (i.e. no re-protection and aksing for passphrases). */
1718 : gpg_error_t
1719 17 : transfer_secret_keys (ctrl_t ctrl, struct import_stats_s *stats,
1720 : kbnode_t sec_keyblock, int batch, int force)
1721 : {
1722 17 : gpg_error_t err = 0;
1723 17 : void *kek = NULL;
1724 : size_t keklen;
1725 17 : kbnode_t ctx = NULL;
1726 : kbnode_t node;
1727 : PKT_public_key *main_pk, *pk;
1728 : struct seckey_info *ski;
1729 : int nskey;
1730 : membuf_t mbuf;
1731 : int i, j;
1732 : void *format_args[2*PUBKEY_MAX_NSKEY];
1733 : gcry_sexp_t skey, prot, tmpsexp;
1734 17 : gcry_sexp_t curve = NULL;
1735 17 : unsigned char *transferkey = NULL;
1736 : size_t transferkeylen;
1737 17 : gcry_cipher_hd_t cipherhd = NULL;
1738 17 : unsigned char *wrappedkey = NULL;
1739 : size_t wrappedkeylen;
1740 17 : char *cache_nonce = NULL;
1741 17 : int stub_key_skipped = 0;
1742 :
1743 : /* Get the current KEK. */
1744 17 : err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
1745 17 : if (err)
1746 : {
1747 0 : log_error ("error getting the KEK: %s\n", gpg_strerror (err));
1748 0 : goto leave;
1749 : }
1750 :
1751 : /* Prepare a cipher context. */
1752 17 : err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
1753 : GCRY_CIPHER_MODE_AESWRAP, 0);
1754 17 : if (!err)
1755 17 : err = gcry_cipher_setkey (cipherhd, kek, keklen);
1756 17 : if (err)
1757 0 : goto leave;
1758 17 : xfree (kek);
1759 17 : kek = NULL;
1760 :
1761 17 : main_pk = NULL;
1762 112 : while ((node = walk_kbnode (sec_keyblock, &ctx, 0)))
1763 : {
1764 78 : if (node->pkt->pkttype != PKT_SECRET_KEY
1765 61 : && node->pkt->pkttype != PKT_SECRET_SUBKEY)
1766 47 : continue;
1767 31 : pk = node->pkt->pkt.public_key;
1768 31 : if (!main_pk)
1769 17 : main_pk = pk;
1770 :
1771 : /* Make sure the keyids are available. */
1772 31 : keyid_from_pk (pk, NULL);
1773 31 : if (node->pkt->pkttype == PKT_SECRET_KEY)
1774 : {
1775 17 : pk->main_keyid[0] = pk->keyid[0];
1776 17 : pk->main_keyid[1] = pk->keyid[1];
1777 : }
1778 : else
1779 : {
1780 14 : pk->main_keyid[0] = main_pk->keyid[0];
1781 14 : pk->main_keyid[1] = main_pk->keyid[1];
1782 : }
1783 :
1784 :
1785 31 : ski = pk->seckey_info;
1786 31 : if (!ski)
1787 0 : BUG ();
1788 :
1789 31 : if (stats)
1790 : {
1791 31 : stats->count++;
1792 31 : stats->secret_read++;
1793 : }
1794 :
1795 : /* We ignore stub keys. The way we handle them in other parts
1796 : of the code is by asking the agent whether any secret key is
1797 : available for a given keyblock and then concluding that we
1798 : have a secret key; all secret (sub)keys of the keyblock the
1799 : agent does not know of are then stub keys. This works also
1800 : for card stub keys. The learn command or the card-status
1801 : command may be used to check with the agent whether a card
1802 : has been inserted and a stub key is in turn generated by the
1803 : agent. */
1804 31 : if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
1805 : {
1806 0 : stub_key_skipped = 1;
1807 0 : continue;
1808 : }
1809 :
1810 : /* Convert our internal secret key object into an S-expression. */
1811 31 : nskey = pubkey_get_nskey (pk->pubkey_algo);
1812 31 : if (!nskey || nskey > PUBKEY_MAX_NSKEY)
1813 : {
1814 0 : err = gpg_error (GPG_ERR_BAD_SECKEY);
1815 0 : log_error ("internal error: %s\n", gpg_strerror (err));
1816 0 : goto leave;
1817 : }
1818 :
1819 31 : init_membuf (&mbuf, 50);
1820 31 : put_membuf_str (&mbuf, "(skey");
1821 31 : if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1822 25 : || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1823 25 : || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1824 12 : {
1825 : /* The ECC case. */
1826 12 : char *curvestr = openpgp_oid_to_str (pk->pkey[0]);
1827 12 : if (!curvestr)
1828 0 : err = gpg_error_from_syserror ();
1829 : else
1830 : {
1831 12 : const char *curvename = openpgp_oid_to_curve (curvestr, 1);
1832 12 : gcry_sexp_release (curve);
1833 12 : err = gcry_sexp_build (&curve, NULL, "(curve %s)",
1834 : curvename?curvename:curvestr);
1835 12 : xfree (curvestr);
1836 12 : if (!err)
1837 : {
1838 12 : j = 0;
1839 : /* Append the public key element Q. */
1840 12 : put_membuf_str (&mbuf, " _ %m");
1841 12 : format_args[j++] = pk->pkey + 1;
1842 :
1843 : /* Append the secret key element D. For ECDH we
1844 : skip PKEY[2] because this holds the KEK which is
1845 : not needed by gpg-agent. */
1846 12 : i = pk->pubkey_algo == PUBKEY_ALGO_ECDH? 3 : 2;
1847 12 : if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1848 12 : put_membuf_str (&mbuf, " e %m");
1849 : else
1850 0 : put_membuf_str (&mbuf, " _ %m");
1851 12 : format_args[j++] = pk->pkey + i;
1852 : }
1853 : }
1854 : }
1855 : else
1856 : {
1857 : /* Standard case for the old (non-ECC) algorithms. */
1858 112 : for (i=j=0; i < nskey; i++)
1859 : {
1860 93 : if (!pk->pkey[i])
1861 9 : continue; /* Protected keys only have NPKEY+1 elements. */
1862 :
1863 84 : if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1864 17 : put_membuf_str (&mbuf, " e %m");
1865 : else
1866 67 : put_membuf_str (&mbuf, " _ %m");
1867 84 : format_args[j++] = pk->pkey + i;
1868 : }
1869 : }
1870 31 : put_membuf_str (&mbuf, ")");
1871 31 : put_membuf (&mbuf, "", 1);
1872 31 : if (err)
1873 0 : xfree (get_membuf (&mbuf, NULL));
1874 : else
1875 : {
1876 31 : char *format = get_membuf (&mbuf, NULL);
1877 31 : if (!format)
1878 0 : err = gpg_error_from_syserror ();
1879 : else
1880 31 : err = gcry_sexp_build_array (&skey, NULL, format, format_args);
1881 31 : xfree (format);
1882 : }
1883 31 : if (err)
1884 : {
1885 0 : log_error ("error building skey array: %s\n", gpg_strerror (err));
1886 0 : goto leave;
1887 : }
1888 :
1889 31 : if (ski->is_protected)
1890 : {
1891 : char countbuf[35];
1892 :
1893 : /* Note that the IVLEN may be zero if we are working on a
1894 : dummy key. We can't express that in an S-expression and
1895 : thus we send dummy data for the IV. */
1896 29 : snprintf (countbuf, sizeof countbuf, "%lu",
1897 29 : (unsigned long)ski->s2k.count);
1898 174 : err = gcry_sexp_build
1899 : (&prot, NULL,
1900 : " (protection %s %s %b %d %s %b %s)\n",
1901 29 : ski->sha1chk? "sha1":"sum",
1902 29 : openpgp_cipher_algo_name (ski->algo),
1903 58 : ski->ivlen? (int)ski->ivlen:1,
1904 29 : ski->ivlen? ski->iv: (const unsigned char*)"X",
1905 : ski->s2k.mode,
1906 29 : openpgp_md_algo_name (ski->s2k.hash_algo),
1907 29 : (int)sizeof (ski->s2k.salt), ski->s2k.salt,
1908 : countbuf);
1909 : }
1910 : else
1911 2 : err = gcry_sexp_build (&prot, NULL, " (protection none)\n");
1912 :
1913 31 : tmpsexp = NULL;
1914 31 : xfree (transferkey);
1915 31 : transferkey = NULL;
1916 31 : if (!err)
1917 124 : err = gcry_sexp_build (&tmpsexp, NULL,
1918 : "(openpgp-private-key\n"
1919 : " (version %d)\n"
1920 : " (algo %s)\n"
1921 : " %S%S\n"
1922 : " (csum %d)\n"
1923 : " %S)\n",
1924 31 : pk->version,
1925 31 : openpgp_pk_algo_name (pk->pubkey_algo),
1926 : curve, skey,
1927 31 : (int)(unsigned long)ski->csum, prot);
1928 31 : gcry_sexp_release (skey);
1929 31 : gcry_sexp_release (prot);
1930 31 : if (!err)
1931 31 : err = make_canon_sexp_pad (tmpsexp, 1, &transferkey, &transferkeylen);
1932 31 : gcry_sexp_release (tmpsexp);
1933 31 : if (err)
1934 : {
1935 0 : log_error ("error building transfer key: %s\n", gpg_strerror (err));
1936 0 : goto leave;
1937 : }
1938 :
1939 : /* Wrap the key. */
1940 31 : wrappedkeylen = transferkeylen + 8;
1941 31 : xfree (wrappedkey);
1942 31 : wrappedkey = xtrymalloc (wrappedkeylen);
1943 31 : if (!wrappedkey)
1944 0 : err = gpg_error_from_syserror ();
1945 : else
1946 31 : err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen,
1947 : transferkey, transferkeylen);
1948 31 : if (err)
1949 0 : goto leave;
1950 31 : xfree (transferkey);
1951 31 : transferkey = NULL;
1952 :
1953 : /* Send the wrapped key to the agent. */
1954 : {
1955 31 : char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1);
1956 31 : err = agent_import_key (ctrl, desc, &cache_nonce,
1957 : wrappedkey, wrappedkeylen, batch, force);
1958 31 : xfree (desc);
1959 : }
1960 31 : if (!err)
1961 : {
1962 29 : if (opt.verbose)
1963 0 : log_info (_("key %s: secret key imported\n"),
1964 : keystr_from_pk_with_sub (main_pk, pk));
1965 29 : if (stats)
1966 29 : stats->secret_imported++;
1967 : }
1968 2 : else if ( gpg_err_code (err) == GPG_ERR_EEXIST )
1969 : {
1970 2 : if (opt.verbose)
1971 0 : log_info (_("key %s: secret key already exists\n"),
1972 : keystr_from_pk_with_sub (main_pk, pk));
1973 2 : err = 0;
1974 2 : if (stats)
1975 2 : stats->secret_dups++;
1976 : }
1977 : else
1978 : {
1979 0 : log_error (_("key %s: error sending to agent: %s\n"),
1980 : keystr_from_pk_with_sub (main_pk, pk),
1981 : gpg_strerror (err));
1982 0 : if (gpg_err_code (err) == GPG_ERR_CANCELED
1983 0 : || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1984 : break; /* Don't try the other subkeys. */
1985 : }
1986 : }
1987 :
1988 17 : if (!err && stub_key_skipped)
1989 : /* We need to notify user how to migrate stub keys. */
1990 0 : err = gpg_error (GPG_ERR_NOT_PROCESSED);
1991 :
1992 : leave:
1993 17 : gcry_sexp_release (curve);
1994 17 : xfree (cache_nonce);
1995 17 : xfree (wrappedkey);
1996 17 : xfree (transferkey);
1997 17 : gcry_cipher_close (cipherhd);
1998 17 : xfree (kek);
1999 17 : return err;
2000 : }
2001 :
2002 :
2003 : /* Walk a secret keyblock and produce a public keyblock out of it.
2004 : Returns a new node or NULL on error. */
2005 : static kbnode_t
2006 17 : sec_to_pub_keyblock (kbnode_t sec_keyblock)
2007 : {
2008 17 : kbnode_t pub_keyblock = NULL;
2009 17 : kbnode_t ctx = NULL;
2010 : kbnode_t secnode, pubnode;
2011 :
2012 112 : while ((secnode = walk_kbnode (sec_keyblock, &ctx, 0)))
2013 : {
2014 78 : if (secnode->pkt->pkttype == PKT_SECRET_KEY
2015 61 : || secnode->pkt->pkttype == PKT_SECRET_SUBKEY)
2016 31 : {
2017 : /* Make a public key. */
2018 : PACKET *pkt;
2019 : PKT_public_key *pk;
2020 :
2021 31 : pkt = xtrycalloc (1, sizeof *pkt);
2022 31 : pk = pkt? copy_public_key (NULL, secnode->pkt->pkt.public_key): NULL;
2023 31 : if (!pk)
2024 : {
2025 0 : xfree (pkt);
2026 0 : release_kbnode (pub_keyblock);
2027 0 : return NULL;
2028 : }
2029 31 : if (secnode->pkt->pkttype == PKT_SECRET_KEY)
2030 17 : pkt->pkttype = PKT_PUBLIC_KEY;
2031 : else
2032 14 : pkt->pkttype = PKT_PUBLIC_SUBKEY;
2033 31 : pkt->pkt.public_key = pk;
2034 :
2035 31 : pubnode = new_kbnode (pkt);
2036 : }
2037 : else
2038 : {
2039 47 : pubnode = clone_kbnode (secnode);
2040 : }
2041 :
2042 78 : if (!pub_keyblock)
2043 17 : pub_keyblock = pubnode;
2044 : else
2045 61 : add_kbnode (pub_keyblock, pubnode);
2046 : }
2047 :
2048 17 : return pub_keyblock;
2049 : }
2050 :
2051 : /****************
2052 : * Ditto for secret keys. Handling is simpler than for public keys.
2053 : * We allow secret key importing only when allow is true, this is so
2054 : * that a secret key can not be imported accidentally and thereby tampering
2055 : * with the trust calculation.
2056 : */
2057 : static int
2058 17 : import_secret_one (ctrl_t ctrl, kbnode_t keyblock,
2059 : struct import_stats_s *stats, int batch, unsigned int options,
2060 : int for_migration,
2061 : import_screener_t screener, void *screener_arg)
2062 : {
2063 : PKT_public_key *pk;
2064 : struct seckey_info *ski;
2065 : kbnode_t node, uidnode;
2066 : u32 keyid[2];
2067 17 : int rc = 0;
2068 : int nr_prev;
2069 : kbnode_t pub_keyblock;
2070 : char pkstrbuf[PUBKEY_STRING_SIZE];
2071 :
2072 : /* Get the key and print some info about it */
2073 17 : node = find_kbnode (keyblock, PKT_SECRET_KEY);
2074 17 : if (!node)
2075 0 : BUG ();
2076 :
2077 17 : pk = node->pkt->pkt.public_key;
2078 :
2079 17 : keyid_from_pk (pk, keyid);
2080 17 : uidnode = find_next_kbnode (keyblock, PKT_USER_ID);
2081 :
2082 17 : if (screener && screener (keyblock, screener_arg))
2083 : {
2084 0 : log_error (_("secret key %s: %s\n"), keystr_from_pk (pk),
2085 : _("rejected by import screener"));
2086 0 : return 0;
2087 : }
2088 :
2089 17 : if (opt.verbose && !for_migration)
2090 : {
2091 0 : log_info ("sec %s/%s %s ",
2092 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
2093 : keystr_from_pk (pk), datestr_from_pk (pk));
2094 0 : if (uidnode)
2095 0 : print_utf8_buffer (log_get_stream (), uidnode->pkt->pkt.user_id->name,
2096 0 : uidnode->pkt->pkt.user_id->len);
2097 0 : log_printf ("\n");
2098 : }
2099 17 : stats->secret_read++;
2100 :
2101 17 : if ((options & IMPORT_NO_SECKEY))
2102 : {
2103 0 : if (!for_migration)
2104 0 : log_error (_("importing secret keys not allowed\n"));
2105 0 : return 0;
2106 : }
2107 :
2108 17 : if (!uidnode)
2109 : {
2110 0 : if (!for_migration)
2111 0 : log_error( _("key %s: no user ID\n"), keystr_from_pk (pk));
2112 0 : return 0;
2113 : }
2114 :
2115 17 : ski = pk->seckey_info;
2116 17 : if (!ski)
2117 : {
2118 : /* Actually an internal error. */
2119 0 : log_error ("key %s: secret key info missing\n", keystr_from_pk (pk));
2120 0 : return 0;
2121 : }
2122 :
2123 : /* A quick check to not import keys with an invalid protection
2124 : cipher algorithm (only checks the primary key, though). */
2125 17 : if (ski->algo > 110)
2126 : {
2127 0 : if (!for_migration)
2128 0 : log_error (_("key %s: secret key with invalid cipher %d"
2129 0 : " - skipped\n"), keystr_from_pk (pk), ski->algo);
2130 0 : return 0;
2131 : }
2132 :
2133 : #ifdef ENABLE_SELINUX_HACKS
2134 : if (1)
2135 : {
2136 : /* We don't allow importing secret keys because that may be used
2137 : to put a secret key into the keyring and the user might later
2138 : be tricked into signing stuff with that key. */
2139 : log_error (_("importing secret keys not allowed\n"));
2140 : return 0;
2141 : }
2142 : #endif
2143 :
2144 17 : clear_kbnode_flags (keyblock);
2145 :
2146 17 : nr_prev = stats->skipped_new_keys;
2147 :
2148 : /* Make a public key out of the key. */
2149 17 : pub_keyblock = sec_to_pub_keyblock (keyblock);
2150 17 : if (!pub_keyblock)
2151 0 : log_error ("key %s: failed to create public key from secret key\n",
2152 : keystr_from_pk (pk));
2153 : else
2154 : {
2155 : /* Note that this outputs an IMPORT_OK status message for the
2156 : public key block, and below we will output another one for
2157 : the secret keys. FIXME? */
2158 17 : import_one (ctrl, pub_keyblock, stats,
2159 : NULL, NULL, options, 1, for_migration,
2160 : screener, screener_arg);
2161 :
2162 : /* Fixme: We should check for an invalid keyblock and
2163 : cancel the secret key import in this case. */
2164 17 : release_kbnode (pub_keyblock);
2165 :
2166 : /* At least we cancel the secret key import when the public key
2167 : import was skipped due to MERGE_ONLY option and a new
2168 : key. */
2169 17 : if (stats->skipped_new_keys <= nr_prev)
2170 : {
2171 : /* Read the keyblock again to get the effects of a merge. */
2172 : /* Fixme: we should do this based on the fingerprint or
2173 : even better let import_one return the merged
2174 : keyblock. */
2175 17 : node = get_pubkeyblock (keyid);
2176 17 : if (!node)
2177 0 : log_error ("key %s: failed to re-lookup public key\n",
2178 : keystr_from_pk (pk));
2179 : else
2180 : {
2181 : gpg_error_t err;
2182 :
2183 : /* transfer_secret_keys collects subkey stats. */
2184 17 : struct import_stats_s subkey_stats = {0};
2185 :
2186 17 : err = transfer_secret_keys (ctrl, &subkey_stats, keyblock,
2187 : batch, 0);
2188 17 : if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
2189 : {
2190 : /* TRANSLATORS: For smartcard, each private key on
2191 : host has a reference (stub) to a smartcard and
2192 : actual private key data is stored on the card. A
2193 : single smartcard can have up to three private key
2194 : data. Importing private key stub is always
2195 : skipped in 2.1, and it returns
2196 : GPG_ERR_NOT_PROCESSED. Instead, user should be
2197 : suggested to run 'gpg --card-status', then,
2198 : references to a card will be automatically
2199 : created again. */
2200 0 : log_info (_("To migrate '%s', with each smartcard, "
2201 : "run: %s\n"), "secring.gpg", "gpg --card-status");
2202 0 : err = 0;
2203 : }
2204 17 : if (!err)
2205 : {
2206 17 : int status = 16;
2207 17 : if (!opt.quiet)
2208 17 : log_info (_("key %s: secret key imported\n"),
2209 : keystr_from_pk (pk));
2210 17 : if (subkey_stats.secret_imported)
2211 : {
2212 16 : status |= 1;
2213 16 : stats->secret_imported += 1;
2214 : }
2215 17 : if (subkey_stats.secret_dups)
2216 1 : stats->secret_dups += 1;
2217 :
2218 17 : if (is_status_enabled ())
2219 1 : print_import_ok (pk, status);
2220 17 : check_prefs (ctrl, node);
2221 : }
2222 17 : release_kbnode (node);
2223 : }
2224 : }
2225 : }
2226 :
2227 17 : return rc;
2228 : }
2229 :
2230 :
2231 : /****************
2232 : * Import a revocation certificate; this is a single signature packet.
2233 : */
2234 : static int
2235 0 : import_revoke_cert (kbnode_t node, struct import_stats_s *stats)
2236 : {
2237 0 : PKT_public_key *pk = NULL;
2238 : kbnode_t onode;
2239 0 : kbnode_t keyblock = NULL;
2240 0 : KEYDB_HANDLE hd = NULL;
2241 : u32 keyid[2];
2242 0 : int rc = 0;
2243 :
2244 0 : log_assert (!node->next );
2245 0 : log_assert (node->pkt->pkttype == PKT_SIGNATURE );
2246 0 : log_assert (node->pkt->pkt.signature->sig_class == 0x20 );
2247 :
2248 0 : keyid[0] = node->pkt->pkt.signature->keyid[0];
2249 0 : keyid[1] = node->pkt->pkt.signature->keyid[1];
2250 :
2251 0 : pk = xmalloc_clear( sizeof *pk );
2252 0 : rc = get_pubkey( pk, keyid );
2253 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY )
2254 : {
2255 0 : log_error(_("key %s: no public key -"
2256 : " can't apply revocation certificate\n"), keystr(keyid));
2257 0 : rc = 0;
2258 0 : goto leave;
2259 : }
2260 0 : else if (rc )
2261 : {
2262 0 : log_error(_("key %s: public key not found: %s\n"),
2263 : keystr(keyid), gpg_strerror (rc));
2264 0 : goto leave;
2265 : }
2266 :
2267 : /* Read the original keyblock. */
2268 0 : hd = keydb_new ();
2269 0 : if (!hd)
2270 : {
2271 0 : rc = gpg_error_from_syserror ();
2272 0 : goto leave;
2273 : }
2274 :
2275 : {
2276 : byte afp[MAX_FINGERPRINT_LEN];
2277 : size_t an;
2278 :
2279 0 : fingerprint_from_pk (pk, afp, &an);
2280 0 : while (an < MAX_FINGERPRINT_LEN)
2281 0 : afp[an++] = 0;
2282 0 : rc = keydb_search_fpr (hd, afp);
2283 : }
2284 0 : if (rc)
2285 : {
2286 0 : log_error (_("key %s: can't locate original keyblock: %s\n"),
2287 : keystr(keyid), gpg_strerror (rc));
2288 0 : goto leave;
2289 : }
2290 0 : rc = keydb_get_keyblock (hd, &keyblock );
2291 0 : if (rc)
2292 : {
2293 0 : log_error (_("key %s: can't read original keyblock: %s\n"),
2294 : keystr(keyid), gpg_strerror (rc));
2295 0 : goto leave;
2296 : }
2297 :
2298 : /* it is okay, that node is not in keyblock because
2299 : * check_key_signature works fine for sig_class 0x20 in this
2300 : * special case. */
2301 0 : rc = check_key_signature( keyblock, node, NULL);
2302 0 : if (rc )
2303 : {
2304 0 : log_error( _("key %s: invalid revocation certificate"
2305 : ": %s - rejected\n"), keystr(keyid), gpg_strerror (rc));
2306 0 : goto leave;
2307 : }
2308 :
2309 : /* check whether we already have this */
2310 0 : for(onode=keyblock->next; onode; onode=onode->next ) {
2311 0 : if (onode->pkt->pkttype == PKT_USER_ID )
2312 0 : break;
2313 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
2314 0 : && !cmp_signatures(node->pkt->pkt.signature,
2315 0 : onode->pkt->pkt.signature))
2316 : {
2317 0 : rc = 0;
2318 0 : goto leave; /* yes, we already know about it */
2319 : }
2320 : }
2321 :
2322 : /* insert it */
2323 0 : insert_kbnode( keyblock, clone_kbnode(node), 0 );
2324 :
2325 : /* and write the keyblock back */
2326 0 : rc = keydb_update_keyblock (hd, keyblock );
2327 0 : if (rc)
2328 0 : log_error (_("error writing keyring '%s': %s\n"),
2329 : keydb_get_resource_name (hd), gpg_strerror (rc) );
2330 0 : keydb_release (hd);
2331 0 : hd = NULL;
2332 :
2333 : /* we are ready */
2334 0 : if (!opt.quiet )
2335 : {
2336 0 : char *p=get_user_id_native (keyid);
2337 0 : log_info( _("key %s: \"%s\" revocation certificate imported\n"),
2338 : keystr(keyid),p);
2339 0 : xfree(p);
2340 : }
2341 0 : stats->n_revoc++;
2342 :
2343 : /* If the key we just revoked was ultimately trusted, remove its
2344 : ultimate trust. This doesn't stop the user from putting the
2345 : ultimate trust back, but is a reasonable solution for now. */
2346 0 : if(get_ownertrust(pk)==TRUST_ULTIMATE)
2347 0 : clear_ownertrusts(pk);
2348 :
2349 0 : revalidation_mark ();
2350 :
2351 : leave:
2352 0 : keydb_release (hd);
2353 0 : release_kbnode( keyblock );
2354 0 : free_public_key( pk );
2355 0 : return rc;
2356 : }
2357 :
2358 :
2359 : /* Loop over the keyblock and check all self signatures. On return
2360 : * the following bis in the node flags are set:
2361 : *
2362 : * - NODE_GOOD_SELFSIG :: User ID or subkey has a self-signature
2363 : * - NODE_BAD_SELFSIG :: Used ID or subkey has an invalid self-signature
2364 : * - NODE_DELETION_MARK :: This node shall be deleted
2365 : *
2366 : * NON_SELF is set to true if there are any sigs other than self-sigs
2367 : * in this keyblock.
2368 : *
2369 : * Returns 0 on success or -1 (but not an error code) if the keyblock
2370 : * is invalid.
2371 : */
2372 : static int
2373 109 : chk_self_sigs (kbnode_t keyblock, u32 *keyid, int *non_self )
2374 : {
2375 109 : kbnode_t n, knode = NULL;
2376 : PKT_signature *sig;
2377 : int rc;
2378 109 : u32 bsdate=0, rsdate=0;
2379 109 : kbnode_t bsnode = NULL, rsnode = NULL;
2380 :
2381 824 : for (n=keyblock; (n = find_next_kbnode (n, 0)); )
2382 : {
2383 606 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2384 : {
2385 101 : knode = n;
2386 101 : bsdate = 0;
2387 101 : rsdate = 0;
2388 101 : bsnode = NULL;
2389 101 : rsnode = NULL;
2390 101 : continue;
2391 : }
2392 :
2393 505 : if ( n->pkt->pkttype != PKT_SIGNATURE )
2394 131 : continue;
2395 :
2396 374 : sig = n->pkt->pkt.signature;
2397 374 : if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
2398 : {
2399 136 : *non_self = 1;
2400 136 : continue;
2401 : }
2402 :
2403 : /* This just caches the sigs for later use. That way we
2404 : import a fully-cached key which speeds things up. */
2405 238 : if (!opt.no_sig_cache)
2406 238 : check_key_signature (keyblock, n, NULL);
2407 :
2408 238 : if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
2409 138 : {
2410 138 : kbnode_t unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
2411 138 : if ( !unode )
2412 : {
2413 0 : log_error( _("key %s: no user ID for signature\n"),
2414 : keystr(keyid));
2415 0 : return -1; /* The complete keyblock is invalid. */
2416 : }
2417 :
2418 : /* If it hasn't been marked valid yet, keep trying. */
2419 138 : if (!(unode->flag & NODE_GOOD_SELFSIG))
2420 : {
2421 127 : rc = check_key_signature (keyblock, n, NULL);
2422 127 : if ( rc )
2423 : {
2424 0 : if ( opt.verbose )
2425 : {
2426 0 : char *p = utf8_to_native
2427 0 : (unode->pkt->pkt.user_id->name,
2428 0 : strlen (unode->pkt->pkt.user_id->name),0);
2429 0 : log_info (gpg_err_code(rc) == GPG_ERR_PUBKEY_ALGO ?
2430 : _("key %s: unsupported public key "
2431 : "algorithm on user ID \"%s\"\n"):
2432 : _("key %s: invalid self-signature "
2433 : "on user ID \"%s\"\n"),
2434 : keystr (keyid),p);
2435 0 : xfree (p);
2436 : }
2437 : }
2438 : else
2439 127 : unode->flag |= NODE_GOOD_SELFSIG;
2440 : }
2441 : }
2442 100 : else if (IS_KEY_SIG (sig))
2443 : {
2444 2 : rc = check_key_signature (keyblock, n, NULL);
2445 2 : if ( rc )
2446 : {
2447 1 : if (opt.verbose)
2448 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2449 : _("key %s: unsupported public key algorithm\n"):
2450 : _("key %s: invalid direct key signature\n"),
2451 : keystr (keyid));
2452 1 : n->flag |= NODE_DELETION_MARK;
2453 : }
2454 : }
2455 98 : else if ( IS_SUBKEY_SIG (sig) )
2456 : {
2457 : /* Note that this works based solely on the timestamps like
2458 : the rest of gpg. If the standard gets revocation
2459 : targets, this may need to be revised. */
2460 :
2461 98 : if ( !knode )
2462 : {
2463 0 : if (opt.verbose)
2464 0 : log_info (_("key %s: no subkey for key binding\n"),
2465 : keystr (keyid));
2466 0 : n->flag |= NODE_DELETION_MARK;
2467 : }
2468 : else
2469 : {
2470 98 : rc = check_key_signature (keyblock, n, NULL);
2471 98 : if ( rc )
2472 : {
2473 0 : if (opt.verbose)
2474 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2475 : _("key %s: unsupported public key"
2476 : " algorithm\n"):
2477 : _("key %s: invalid subkey binding\n"),
2478 : keystr (keyid));
2479 0 : n->flag |= NODE_DELETION_MARK;
2480 : }
2481 : else
2482 : {
2483 : /* It's valid, so is it newer? */
2484 98 : if (sig->timestamp >= bsdate)
2485 : {
2486 98 : knode->flag |= NODE_GOOD_SELFSIG; /* Subkey is valid. */
2487 98 : if (bsnode)
2488 : {
2489 : /* Delete the last binding sig since this
2490 : one is newer */
2491 1 : bsnode->flag |= NODE_DELETION_MARK;
2492 1 : if (opt.verbose)
2493 0 : log_info (_("key %s: removed multiple subkey"
2494 : " binding\n"),keystr(keyid));
2495 : }
2496 :
2497 98 : bsnode = n;
2498 98 : bsdate = sig->timestamp;
2499 : }
2500 : else
2501 0 : n->flag |= NODE_DELETION_MARK; /* older */
2502 : }
2503 : }
2504 : }
2505 0 : else if ( IS_SUBKEY_REV (sig) )
2506 : {
2507 : /* We don't actually mark the subkey as revoked right now,
2508 : so just check that the revocation sig is the most recent
2509 : valid one. Note that we don't care if the binding sig is
2510 : newer than the revocation sig. See the comment in
2511 : getkey.c:merge_selfsigs_subkey for more. */
2512 0 : if ( !knode )
2513 : {
2514 0 : if (opt.verbose)
2515 0 : log_info (_("key %s: no subkey for key revocation\n"),
2516 : keystr(keyid));
2517 0 : n->flag |= NODE_DELETION_MARK;
2518 : }
2519 : else
2520 : {
2521 0 : rc = check_key_signature (keyblock, n, NULL);
2522 0 : if ( rc )
2523 : {
2524 0 : if(opt.verbose)
2525 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2526 : _("key %s: unsupported public"
2527 : " key algorithm\n"):
2528 : _("key %s: invalid subkey revocation\n"),
2529 : keystr(keyid));
2530 0 : n->flag |= NODE_DELETION_MARK;
2531 : }
2532 : else
2533 : {
2534 : /* It's valid, so is it newer? */
2535 0 : if (sig->timestamp >= rsdate)
2536 : {
2537 0 : if (rsnode)
2538 : {
2539 : /* Delete the last revocation sig since
2540 : this one is newer. */
2541 0 : rsnode->flag |= NODE_DELETION_MARK;
2542 0 : if (opt.verbose)
2543 0 : log_info (_("key %s: removed multiple subkey"
2544 : " revocation\n"),keystr(keyid));
2545 : }
2546 :
2547 0 : rsnode = n;
2548 0 : rsdate = sig->timestamp;
2549 : }
2550 : else
2551 0 : n->flag |= NODE_DELETION_MARK; /* older */
2552 : }
2553 : }
2554 : }
2555 : }
2556 :
2557 109 : return 0;
2558 : }
2559 :
2560 :
2561 : /* Delete all parts which are invalid and those signatures whose
2562 : * public key algorithm is not available in this implemenation; but
2563 : * consider RSA as valid, because parse/build_packets knows about it.
2564 : *
2565 : * Returns: True if at least one valid user-id is left over.
2566 : */
2567 : static int
2568 109 : delete_inv_parts (kbnode_t keyblock, u32 *keyid, unsigned int options)
2569 : {
2570 : kbnode_t node;
2571 109 : int nvalid=0, uid_seen=0, subkey_seen=0;
2572 :
2573 715 : for (node=keyblock->next; node; node = node->next )
2574 : {
2575 606 : if (node->pkt->pkttype == PKT_USER_ID)
2576 : {
2577 131 : uid_seen = 1;
2578 131 : if ((node->flag & NODE_BAD_SELFSIG)
2579 131 : || !(node->flag & NODE_GOOD_SELFSIG))
2580 : {
2581 0 : if (opt.verbose )
2582 : {
2583 0 : char *p=utf8_to_native(node->pkt->pkt.user_id->name,
2584 0 : node->pkt->pkt.user_id->len,0);
2585 0 : log_info( _("key %s: skipped user ID \"%s\"\n"),
2586 : keystr(keyid),p);
2587 0 : xfree(p);
2588 : }
2589 0 : delete_kbnode( node ); /* the user-id */
2590 : /* and all following packets up to the next user-id */
2591 0 : while (node->next
2592 0 : && node->next->pkt->pkttype != PKT_USER_ID
2593 0 : && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
2594 0 : && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
2595 0 : delete_kbnode( node->next );
2596 0 : node = node->next;
2597 : }
2598 : }
2599 : else
2600 131 : nvalid++;
2601 : }
2602 475 : else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2603 374 : || node->pkt->pkttype == PKT_SECRET_SUBKEY )
2604 : {
2605 206 : if ((node->flag & NODE_BAD_SELFSIG)
2606 101 : || !(node->flag & NODE_GOOD_SELFSIG))
2607 : {
2608 4 : if (opt.verbose )
2609 0 : log_info( _("key %s: skipped subkey\n"),keystr(keyid));
2610 :
2611 4 : delete_kbnode( node ); /* the subkey */
2612 : /* and all following signature packets */
2613 8 : while (node->next
2614 0 : && node->next->pkt->pkttype == PKT_SIGNATURE ) {
2615 0 : delete_kbnode( node->next );
2616 0 : node = node->next;
2617 : }
2618 : }
2619 : else
2620 97 : subkey_seen = 1;
2621 : }
2622 374 : else if (node->pkt->pkttype == PKT_SIGNATURE
2623 374 : && openpgp_pk_test_algo (node->pkt->pkt.signature->pubkey_algo)
2624 0 : && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
2625 : {
2626 0 : delete_kbnode( node ); /* build_packet() can't handle this */
2627 : }
2628 374 : else if (node->pkt->pkttype == PKT_SIGNATURE
2629 374 : && !node->pkt->pkt.signature->flags.exportable
2630 0 : && !(options&IMPORT_LOCAL_SIGS)
2631 0 : && !have_secret_key_with_kid (node->pkt->pkt.signature->keyid))
2632 : {
2633 : /* here we violate the rfc a bit by still allowing
2634 : * to import non-exportable signature when we have the
2635 : * the secret key used to create this signature - it
2636 : * seems that this makes sense */
2637 0 : if(opt.verbose)
2638 0 : log_info( _("key %s: non exportable signature"
2639 : " (class 0x%02X) - skipped\n"),
2640 0 : keystr(keyid), node->pkt->pkt.signature->sig_class );
2641 0 : delete_kbnode( node );
2642 : }
2643 374 : else if (node->pkt->pkttype == PKT_SIGNATURE
2644 374 : && node->pkt->pkt.signature->sig_class == 0x20)
2645 : {
2646 0 : if (uid_seen )
2647 : {
2648 0 : if(opt.verbose)
2649 0 : log_info( _("key %s: revocation certificate"
2650 : " at wrong place - skipped\n"),keystr(keyid));
2651 0 : delete_kbnode( node );
2652 : }
2653 : else
2654 : {
2655 : /* If the revocation cert is from a different key than
2656 : the one we're working on don't check it - it's
2657 : probably from a revocation key and won't be
2658 : verifiable with this key anyway. */
2659 :
2660 0 : if(node->pkt->pkt.signature->keyid[0]==keyid[0]
2661 0 : && node->pkt->pkt.signature->keyid[1]==keyid[1])
2662 : {
2663 0 : int rc = check_key_signature( keyblock, node, NULL);
2664 0 : if (rc )
2665 : {
2666 0 : if(opt.verbose)
2667 0 : log_info( _("key %s: invalid revocation"
2668 : " certificate: %s - skipped\n"),
2669 : keystr(keyid), gpg_strerror (rc));
2670 0 : delete_kbnode( node );
2671 : }
2672 : }
2673 : }
2674 : }
2675 374 : else if (node->pkt->pkttype == PKT_SIGNATURE
2676 374 : && (node->pkt->pkt.signature->sig_class == 0x18
2677 276 : || node->pkt->pkt.signature->sig_class == 0x28)
2678 98 : && !subkey_seen )
2679 : {
2680 0 : if(opt.verbose)
2681 0 : log_info( _("key %s: subkey signature"
2682 : " in wrong place - skipped\n"), keystr(keyid));
2683 0 : delete_kbnode( node );
2684 : }
2685 374 : else if (node->pkt->pkttype == PKT_SIGNATURE
2686 374 : && !IS_CERT(node->pkt->pkt.signature))
2687 : {
2688 0 : if(opt.verbose)
2689 0 : log_info(_("key %s: unexpected signature class (0x%02X) -"
2690 : " skipped\n"),keystr(keyid),
2691 0 : node->pkt->pkt.signature->sig_class);
2692 0 : delete_kbnode(node);
2693 : }
2694 374 : else if ((node->flag & NODE_DELETION_MARK))
2695 2 : delete_kbnode( node );
2696 : }
2697 :
2698 : /* note: because keyblock is the public key, it is never marked
2699 : * for deletion and so keyblock cannot change */
2700 109 : commit_kbnode( &keyblock );
2701 109 : return nvalid;
2702 : }
2703 :
2704 :
2705 : /****************
2706 : * It may happen that the imported keyblock has duplicated user IDs.
2707 : * We check this here and collapse those user IDs together with their
2708 : * sigs into one.
2709 : * Returns: True if the keyblock has changed.
2710 : */
2711 : int
2712 109 : collapse_uids( kbnode_t *keyblock )
2713 : {
2714 : kbnode_t uid1;
2715 109 : int any=0;
2716 :
2717 882 : for(uid1=*keyblock;uid1;uid1=uid1->next)
2718 : {
2719 : kbnode_t uid2;
2720 :
2721 773 : if(is_deleted_kbnode(uid1))
2722 58 : continue;
2723 :
2724 715 : if(uid1->pkt->pkttype!=PKT_USER_ID)
2725 584 : continue;
2726 :
2727 1085 : for(uid2=uid1->next;uid2;uid2=uid2->next)
2728 : {
2729 954 : if(is_deleted_kbnode(uid2))
2730 54 : continue;
2731 :
2732 900 : if(uid2->pkt->pkttype!=PKT_USER_ID)
2733 856 : continue;
2734 :
2735 44 : if(cmp_user_ids(uid1->pkt->pkt.user_id,
2736 44 : uid2->pkt->pkt.user_id)==0)
2737 : {
2738 : /* We have a duplicated uid */
2739 : kbnode_t sig1,last;
2740 :
2741 4 : any=1;
2742 :
2743 : /* Now take uid2's signatures, and attach them to
2744 : uid1 */
2745 56 : for(last=uid2;last->next;last=last->next)
2746 : {
2747 56 : if(is_deleted_kbnode(last))
2748 0 : continue;
2749 :
2750 56 : if(last->next->pkt->pkttype==PKT_USER_ID
2751 54 : || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
2752 52 : || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
2753 : break;
2754 : }
2755 :
2756 : /* Snip out uid2 */
2757 4 : (find_prev_kbnode(*keyblock,uid2,0))->next=last->next;
2758 :
2759 : /* Now put uid2 in place as part of uid1 */
2760 4 : last->next=uid1->next;
2761 4 : uid1->next=uid2;
2762 4 : delete_kbnode(uid2);
2763 :
2764 : /* Now dedupe uid1 */
2765 165 : for(sig1=uid1->next;sig1;sig1=sig1->next)
2766 : {
2767 : kbnode_t sig2;
2768 :
2769 165 : if(is_deleted_kbnode(sig1))
2770 58 : continue;
2771 :
2772 107 : if(sig1->pkt->pkttype==PKT_USER_ID
2773 104 : || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
2774 103 : || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
2775 : break;
2776 :
2777 103 : if(sig1->pkt->pkttype!=PKT_SIGNATURE)
2778 0 : continue;
2779 :
2780 4161 : for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
2781 : {
2782 4161 : if(is_deleted_kbnode(sig2))
2783 1454 : continue;
2784 :
2785 2707 : if(sig2->pkt->pkttype==PKT_USER_ID
2786 2648 : || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
2787 2604 : || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
2788 : break;
2789 :
2790 2604 : if(sig2->pkt->pkttype!=PKT_SIGNATURE)
2791 0 : continue;
2792 :
2793 2604 : if(cmp_signatures(sig1->pkt->pkt.signature,
2794 2604 : sig2->pkt->pkt.signature)==0)
2795 : {
2796 : /* We have a match, so delete the second
2797 : signature */
2798 54 : delete_kbnode(sig2);
2799 54 : sig2=last;
2800 : }
2801 : }
2802 : }
2803 : }
2804 : }
2805 : }
2806 :
2807 109 : commit_kbnode(keyblock);
2808 :
2809 109 : if(any && !opt.quiet)
2810 : {
2811 2 : const char *key="???";
2812 :
2813 2 : if ((uid1 = find_kbnode (*keyblock, PKT_PUBLIC_KEY)) )
2814 2 : key = keystr_from_pk (uid1->pkt->pkt.public_key);
2815 0 : else if ((uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY)) )
2816 0 : key = keystr_from_pk (uid1->pkt->pkt.public_key);
2817 :
2818 2 : log_info (_("key %s: duplicated user ID detected - merged\n"), key);
2819 : }
2820 :
2821 109 : return any;
2822 : }
2823 :
2824 :
2825 : /* Check for a 0x20 revocation from a revocation key that is not
2826 : present. This may be called without the benefit of merge_xxxx so
2827 : you can't rely on pk->revkey and friends. */
2828 : static void
2829 65 : revocation_present (ctrl_t ctrl, kbnode_t keyblock)
2830 : {
2831 : kbnode_t onode, inode;
2832 65 : PKT_public_key *pk = keyblock->pkt->pkt.public_key;
2833 :
2834 66 : for(onode=keyblock->next;onode;onode=onode->next)
2835 : {
2836 : /* If we reach user IDs, we're done. */
2837 66 : if(onode->pkt->pkttype==PKT_USER_ID)
2838 65 : break;
2839 :
2840 2 : if(onode->pkt->pkttype==PKT_SIGNATURE &&
2841 2 : onode->pkt->pkt.signature->sig_class==0x1F &&
2842 1 : onode->pkt->pkt.signature->revkey)
2843 : {
2844 : int idx;
2845 1 : PKT_signature *sig=onode->pkt->pkt.signature;
2846 :
2847 2 : for(idx=0;idx<sig->numrevkeys;idx++)
2848 : {
2849 : u32 keyid[2];
2850 :
2851 1 : keyid_from_fingerprint(sig->revkey[idx].fpr,
2852 : MAX_FINGERPRINT_LEN,keyid);
2853 :
2854 2 : for(inode=keyblock->next;inode;inode=inode->next)
2855 : {
2856 : /* If we reach user IDs, we're done. */
2857 2 : if(inode->pkt->pkttype==PKT_USER_ID)
2858 1 : break;
2859 :
2860 2 : if(inode->pkt->pkttype==PKT_SIGNATURE &&
2861 1 : inode->pkt->pkt.signature->sig_class==0x20 &&
2862 0 : inode->pkt->pkt.signature->keyid[0]==keyid[0] &&
2863 0 : inode->pkt->pkt.signature->keyid[1]==keyid[1])
2864 : {
2865 : /* Okay, we have a revocation key, and a
2866 : revocation issued by it. Do we have the key
2867 : itself? */
2868 : int rc;
2869 :
2870 0 : rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr,
2871 : MAX_FINGERPRINT_LEN);
2872 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2873 0 : || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2874 : {
2875 0 : char *tempkeystr=xstrdup(keystr_from_pk(pk));
2876 :
2877 : /* No, so try and get it */
2878 0 : if ((opt.keyserver_options.options
2879 0 : & KEYSERVER_AUTO_KEY_RETRIEVE)
2880 0 : && keyserver_any_configured (ctrl))
2881 : {
2882 0 : log_info(_("WARNING: key %s may be revoked:"
2883 : " fetching revocation key %s\n"),
2884 : tempkeystr,keystr(keyid));
2885 0 : keyserver_import_fprint (ctrl,
2886 0 : sig->revkey[idx].fpr,
2887 : MAX_FINGERPRINT_LEN,
2888 : opt.keyserver);
2889 :
2890 : /* Do we have it now? */
2891 0 : rc=get_pubkey_byfprint_fast (NULL,
2892 0 : sig->revkey[idx].fpr,
2893 : MAX_FINGERPRINT_LEN);
2894 : }
2895 :
2896 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2897 0 : || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2898 0 : log_info(_("WARNING: key %s may be revoked:"
2899 : " revocation key %s not present.\n"),
2900 : tempkeystr,keystr(keyid));
2901 :
2902 0 : xfree(tempkeystr);
2903 : }
2904 : }
2905 : }
2906 : }
2907 : }
2908 : }
2909 65 : }
2910 :
2911 :
2912 : /*
2913 : * compare and merge the blocks
2914 : *
2915 : * o compare the signatures: If we already have this signature, check
2916 : * that they compare okay; if not, issue a warning and ask the user.
2917 : * o Simply add the signature. Can't verify here because we may not have
2918 : * the signature's public key yet; verification is done when putting it
2919 : * into the trustdb, which is done automagically as soon as this pubkey
2920 : * is used.
2921 : * Note: We indicate newly inserted packets with NODE_FLAG_A.
2922 : */
2923 : static int
2924 40 : merge_blocks (kbnode_t keyblock_orig, kbnode_t keyblock,
2925 : u32 *keyid, int *n_uids, int *n_sigs, int *n_subk )
2926 : {
2927 : kbnode_t onode, node;
2928 : int rc, found;
2929 :
2930 : /* 1st: handle revocation certificates */
2931 41 : for (node=keyblock->next; node; node=node->next )
2932 : {
2933 41 : if (node->pkt->pkttype == PKT_USER_ID )
2934 40 : break;
2935 1 : else if (node->pkt->pkttype == PKT_SIGNATURE
2936 1 : && node->pkt->pkt.signature->sig_class == 0x20)
2937 : {
2938 : /* check whether we already have this */
2939 0 : found = 0;
2940 0 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2941 : {
2942 0 : if (onode->pkt->pkttype == PKT_USER_ID )
2943 0 : break;
2944 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
2945 0 : && onode->pkt->pkt.signature->sig_class == 0x20
2946 0 : && !cmp_signatures(onode->pkt->pkt.signature,
2947 0 : node->pkt->pkt.signature))
2948 : {
2949 0 : found = 1;
2950 0 : break;
2951 : }
2952 : }
2953 0 : if (!found)
2954 : {
2955 0 : kbnode_t n2 = clone_kbnode(node);
2956 0 : insert_kbnode( keyblock_orig, n2, 0 );
2957 0 : n2->flag |= NODE_FLAG_A;
2958 0 : ++*n_sigs;
2959 0 : if(!opt.quiet)
2960 : {
2961 0 : char *p=get_user_id_native (keyid);
2962 0 : log_info(_("key %s: \"%s\" revocation"
2963 : " certificate added\n"), keystr(keyid),p);
2964 0 : xfree(p);
2965 : }
2966 : }
2967 : }
2968 : }
2969 :
2970 : /* 2nd: merge in any direct key (0x1F) sigs */
2971 41 : for(node=keyblock->next; node; node=node->next)
2972 : {
2973 41 : if (node->pkt->pkttype == PKT_USER_ID )
2974 40 : break;
2975 1 : else if (node->pkt->pkttype == PKT_SIGNATURE
2976 1 : && node->pkt->pkt.signature->sig_class == 0x1F)
2977 : {
2978 : /* check whether we already have this */
2979 1 : found = 0;
2980 1 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2981 : {
2982 1 : if (onode->pkt->pkttype == PKT_USER_ID)
2983 1 : break;
2984 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
2985 0 : && onode->pkt->pkt.signature->sig_class == 0x1F
2986 0 : && !cmp_signatures(onode->pkt->pkt.signature,
2987 0 : node->pkt->pkt.signature))
2988 : {
2989 0 : found = 1;
2990 0 : break;
2991 : }
2992 : }
2993 1 : if (!found )
2994 : {
2995 1 : kbnode_t n2 = clone_kbnode(node);
2996 1 : insert_kbnode( keyblock_orig, n2, 0 );
2997 1 : n2->flag |= NODE_FLAG_A;
2998 1 : ++*n_sigs;
2999 1 : if(!opt.quiet)
3000 1 : log_info( _("key %s: direct key signature added\n"),
3001 : keystr(keyid));
3002 : }
3003 : }
3004 : }
3005 :
3006 : /* 3rd: try to merge new certificates in */
3007 213 : for (onode=keyblock_orig->next; onode; onode=onode->next)
3008 : {
3009 173 : if (!(onode->flag & NODE_FLAG_A) && onode->pkt->pkttype == PKT_USER_ID)
3010 : {
3011 : /* find the user id in the imported keyblock */
3012 71 : for (node=keyblock->next; node; node=node->next)
3013 71 : if (node->pkt->pkttype == PKT_USER_ID
3014 59 : && !cmp_user_ids( onode->pkt->pkt.user_id,
3015 59 : node->pkt->pkt.user_id ) )
3016 48 : break;
3017 48 : if (node ) /* found: merge */
3018 : {
3019 48 : rc = merge_sigs (onode, node, n_sigs);
3020 48 : if (rc )
3021 0 : return rc;
3022 : }
3023 : }
3024 : }
3025 :
3026 : /* 4th: add new user-ids */
3027 206 : for (node=keyblock->next; node; node=node->next)
3028 : {
3029 166 : if (node->pkt->pkttype == PKT_USER_ID)
3030 : {
3031 : /* do we have this in the original keyblock */
3032 73 : for (onode=keyblock_orig->next; onode; onode=onode->next )
3033 73 : if (onode->pkt->pkttype == PKT_USER_ID
3034 59 : && !cmp_user_ids( onode->pkt->pkt.user_id,
3035 59 : node->pkt->pkt.user_id ) )
3036 48 : break;
3037 48 : if (!onode ) /* this is a new user id: append */
3038 : {
3039 0 : rc = append_uid (keyblock_orig, node, n_sigs);
3040 0 : if (rc )
3041 0 : return rc;
3042 0 : ++*n_uids;
3043 : }
3044 : }
3045 : }
3046 :
3047 : /* 5th: add new subkeys */
3048 206 : for (node=keyblock->next; node; node=node->next)
3049 : {
3050 166 : onode = NULL;
3051 166 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
3052 : {
3053 : /* do we have this in the original keyblock? */
3054 122 : for(onode=keyblock_orig->next; onode; onode=onode->next)
3055 122 : if (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
3056 34 : && !cmp_public_keys( onode->pkt->pkt.public_key,
3057 34 : node->pkt->pkt.public_key))
3058 34 : break;
3059 34 : if (!onode ) /* This is a new subkey: append. */
3060 : {
3061 0 : rc = append_key (keyblock_orig, node, n_sigs);
3062 0 : if (rc)
3063 0 : return rc;
3064 0 : ++*n_subk;
3065 : }
3066 : }
3067 132 : else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
3068 : {
3069 : /* do we have this in the original keyblock? */
3070 0 : for (onode=keyblock_orig->next; onode; onode=onode->next )
3071 0 : if (onode->pkt->pkttype == PKT_SECRET_SUBKEY
3072 0 : && !cmp_public_keys (onode->pkt->pkt.public_key,
3073 0 : node->pkt->pkt.public_key) )
3074 0 : break;
3075 0 : if (!onode ) /* This is a new subkey: append. */
3076 : {
3077 0 : rc = append_key (keyblock_orig, node, n_sigs);
3078 0 : if (rc )
3079 0 : return rc;
3080 0 : ++*n_subk;
3081 : }
3082 : }
3083 : }
3084 :
3085 : /* 6th: merge subkey certificates */
3086 213 : for (onode=keyblock_orig->next; onode; onode=onode->next)
3087 : {
3088 173 : if (!(onode->flag & NODE_FLAG_A)
3089 171 : && (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
3090 135 : || onode->pkt->pkttype == PKT_SECRET_SUBKEY))
3091 : {
3092 : /* find the subkey in the imported keyblock */
3093 125 : for(node=keyblock->next; node; node=node->next)
3094 : {
3095 123 : if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3096 89 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
3097 34 : && !cmp_public_keys( onode->pkt->pkt.public_key,
3098 34 : node->pkt->pkt.public_key ) )
3099 34 : break;
3100 : }
3101 36 : if (node) /* Found: merge. */
3102 : {
3103 34 : rc = merge_keysigs( onode, node, n_sigs);
3104 34 : if (rc )
3105 0 : return rc;
3106 : }
3107 : }
3108 : }
3109 :
3110 40 : return 0;
3111 : }
3112 :
3113 :
3114 : /* Helper function for merge_blocks.
3115 : * Append the userid starting with NODE and all signatures to KEYBLOCK.
3116 : */
3117 : static int
3118 0 : append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs)
3119 : {
3120 : kbnode_t n;
3121 0 : kbnode_t n_where = NULL;
3122 :
3123 0 : log_assert (node->pkt->pkttype == PKT_USER_ID );
3124 :
3125 : /* find the position */
3126 0 : for (n = keyblock; n; n_where = n, n = n->next)
3127 : {
3128 0 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
3129 0 : || n->pkt->pkttype == PKT_SECRET_SUBKEY )
3130 : break;
3131 : }
3132 0 : if (!n)
3133 0 : n_where = NULL;
3134 :
3135 : /* and append/insert */
3136 0 : while (node)
3137 : {
3138 : /* we add a clone to the original keyblock, because this
3139 : * one is released first */
3140 0 : n = clone_kbnode(node);
3141 0 : if (n_where)
3142 : {
3143 0 : insert_kbnode( n_where, n, 0 );
3144 0 : n_where = n;
3145 : }
3146 : else
3147 0 : add_kbnode( keyblock, n );
3148 0 : n->flag |= NODE_FLAG_A;
3149 0 : node->flag |= NODE_FLAG_A;
3150 0 : if (n->pkt->pkttype == PKT_SIGNATURE )
3151 0 : ++*n_sigs;
3152 :
3153 0 : node = node->next;
3154 0 : if (node && node->pkt->pkttype != PKT_SIGNATURE )
3155 0 : break;
3156 : }
3157 :
3158 0 : return 0;
3159 : }
3160 :
3161 :
3162 : /* Helper function for merge_blocks
3163 : * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_USER_ID.
3164 : * (how should we handle comment packets here?)
3165 : */
3166 : static int
3167 48 : merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs)
3168 : {
3169 : kbnode_t n, n2;
3170 48 : int found = 0;
3171 :
3172 48 : log_assert (dst->pkt->pkttype == PKT_USER_ID);
3173 48 : log_assert (src->pkt->pkttype == PKT_USER_ID);
3174 :
3175 165 : for (n=src->next; n && n->pkt->pkttype != PKT_USER_ID; n = n->next)
3176 : {
3177 117 : if (n->pkt->pkttype != PKT_SIGNATURE )
3178 34 : continue;
3179 83 : if (n->pkt->pkt.signature->sig_class == 0x18
3180 49 : || n->pkt->pkt.signature->sig_class == 0x28 )
3181 34 : continue; /* skip signatures which are only valid on subkeys */
3182 :
3183 49 : found = 0;
3184 53 : for (n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
3185 52 : if (!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
3186 : {
3187 48 : found++;
3188 48 : break;
3189 : }
3190 49 : if (!found )
3191 : {
3192 : /* This signature is new or newer, append N to DST.
3193 : * We add a clone to the original keyblock, because this
3194 : * one is released first */
3195 1 : n2 = clone_kbnode(n);
3196 1 : insert_kbnode( dst, n2, PKT_SIGNATURE );
3197 1 : n2->flag |= NODE_FLAG_A;
3198 1 : n->flag |= NODE_FLAG_A;
3199 1 : ++*n_sigs;
3200 : }
3201 : }
3202 :
3203 48 : return 0;
3204 : }
3205 :
3206 :
3207 : /* Helper function for merge_blocks
3208 : * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY.
3209 : */
3210 : static int
3211 34 : merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs)
3212 : {
3213 : kbnode_t n, n2;
3214 34 : int found = 0;
3215 :
3216 34 : log_assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
3217 : || dst->pkt->pkttype == PKT_SECRET_SUBKEY);
3218 :
3219 68 : for (n=src->next; n ; n = n->next)
3220 : {
3221 34 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
3222 34 : || n->pkt->pkttype == PKT_PUBLIC_KEY )
3223 : break;
3224 34 : if (n->pkt->pkttype != PKT_SIGNATURE )
3225 0 : continue;
3226 :
3227 34 : found = 0;
3228 34 : for (n2=dst->next; n2; n2 = n2->next)
3229 : {
3230 34 : if (n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
3231 34 : || n2->pkt->pkttype == PKT_PUBLIC_KEY )
3232 : break;
3233 34 : if (n2->pkt->pkttype == PKT_SIGNATURE
3234 68 : && (n->pkt->pkt.signature->keyid[0]
3235 34 : == n2->pkt->pkt.signature->keyid[0])
3236 68 : && (n->pkt->pkt.signature->keyid[1]
3237 34 : == n2->pkt->pkt.signature->keyid[1])
3238 68 : && (n->pkt->pkt.signature->timestamp
3239 34 : <= n2->pkt->pkt.signature->timestamp)
3240 68 : && (n->pkt->pkt.signature->sig_class
3241 34 : == n2->pkt->pkt.signature->sig_class))
3242 : {
3243 34 : found++;
3244 34 : break;
3245 : }
3246 : }
3247 34 : if (!found )
3248 : {
3249 : /* This signature is new or newer, append N to DST.
3250 : * We add a clone to the original keyblock, because this
3251 : * one is released first */
3252 0 : n2 = clone_kbnode(n);
3253 0 : insert_kbnode( dst, n2, PKT_SIGNATURE );
3254 0 : n2->flag |= NODE_FLAG_A;
3255 0 : n->flag |= NODE_FLAG_A;
3256 0 : ++*n_sigs;
3257 : }
3258 : }
3259 :
3260 34 : return 0;
3261 : }
3262 :
3263 :
3264 : /* Helper function for merge_blocks.
3265 : * Append the subkey starting with NODE and all signatures to KEYBLOCK.
3266 : * Mark all new and copied packets by setting flag bit 0.
3267 : */
3268 : static int
3269 0 : append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs)
3270 : {
3271 : kbnode_t n;
3272 :
3273 0 : log_assert (node->pkt->pkttype == PKT_PUBLIC_SUBKEY
3274 : || node->pkt->pkttype == PKT_SECRET_SUBKEY);
3275 :
3276 0 : while (node)
3277 : {
3278 : /* we add a clone to the original keyblock, because this
3279 : * one is released first */
3280 0 : n = clone_kbnode(node);
3281 0 : add_kbnode( keyblock, n );
3282 0 : n->flag |= NODE_FLAG_A;
3283 0 : node->flag |= NODE_FLAG_A;
3284 0 : if (n->pkt->pkttype == PKT_SIGNATURE )
3285 0 : ++*n_sigs;
3286 :
3287 0 : node = node->next;
3288 0 : if (node && node->pkt->pkttype != PKT_SIGNATURE )
3289 0 : break;
3290 : }
3291 :
3292 0 : return 0;
3293 : }
|
