Line data Source code
1 : /* import.c - import a key into our key storage.
2 : * Copyright (C) 1998-2007, 2010-2011 Free Software Foundation, Inc.
3 : * Copyright (C) 2014 Werner Koch
4 : *
5 : * This file is part of GnuPG.
6 : *
7 : * GnuPG is free software; you can redistribute it and/or modify
8 : * it under the terms of the GNU General Public License as published by
9 : * the Free Software Foundation; either version 3 of the License, or
10 : * (at your option) any later version.
11 : *
12 : * GnuPG is distributed in the hope that it will be useful,
13 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : * GNU General Public License for more details.
16 : *
17 : * You should have received a copy of the GNU General Public License
18 : * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <config.h>
22 : #include <stdio.h>
23 : #include <stdlib.h>
24 : #include <string.h>
25 : #include <errno.h>
26 : #include <assert.h>
27 :
28 : #include "gpg.h"
29 : #include "options.h"
30 : #include "packet.h"
31 : #include "status.h"
32 : #include "keydb.h"
33 : #include "util.h"
34 : #include "trustdb.h"
35 : #include "main.h"
36 : #include "i18n.h"
37 : #include "ttyio.h"
38 : #include "status.h"
39 : #include "keyserver-internal.h"
40 : #include "call-agent.h"
41 : #include "../common/membuf.h"
42 :
43 : struct stats_s
44 : {
45 : ulong count;
46 : ulong no_user_id;
47 : ulong imported;
48 : ulong n_uids;
49 : ulong n_sigs;
50 : ulong n_subk;
51 : ulong unchanged;
52 : ulong n_revoc;
53 : ulong secret_read;
54 : ulong secret_imported;
55 : ulong secret_dups;
56 : ulong skipped_new_keys;
57 : ulong not_imported;
58 : ulong n_sigs_cleaned;
59 : ulong n_uids_cleaned;
60 : ulong v3keys; /* Number of V3 keys seen. */
61 : };
62 :
63 :
64 : static int import (ctrl_t ctrl,
65 : IOBUF inp, const char* fname, struct stats_s *stats,
66 : unsigned char **fpr, size_t *fpr_len, unsigned int options,
67 : import_screener_t screener, void *screener_arg);
68 : static int read_block (IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root,
69 : int *r_v3keys);
70 : static void revocation_present (ctrl_t ctrl, kbnode_t keyblock);
71 : static int import_one (ctrl_t ctrl,
72 : const char *fname, kbnode_t keyblock,struct stats_s *stats,
73 : unsigned char **fpr, size_t *fpr_len,
74 : unsigned int options, int from_sk, int silent,
75 : import_screener_t screener, void *screener_arg);
76 : static int import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
77 : struct stats_s *stats, int batch,
78 : unsigned int options, int for_migration,
79 : import_screener_t screener, void *screener_arg);
80 : static int import_revoke_cert( const char *fname, kbnode_t node,
81 : struct stats_s *stats);
82 : static int chk_self_sigs (const char *fname, kbnode_t keyblock,
83 : PKT_public_key *pk, u32 *keyid, int *non_self );
84 : static int delete_inv_parts (const char *fname, kbnode_t keyblock,
85 : u32 *keyid, unsigned int options );
86 : static int merge_blocks (const char *fname, kbnode_t keyblock_orig,
87 : kbnode_t keyblock, u32 *keyid,
88 : int *n_uids, int *n_sigs, int *n_subk );
89 : static int append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs,
90 : const char *fname, u32 *keyid );
91 : static int append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs,
92 : const char *fname, u32 *keyid );
93 : static int merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs,
94 : const char *fname, u32 *keyid );
95 : static int merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs,
96 : const char *fname, u32 *keyid );
97 :
98 : int
99 0 : parse_import_options(char *str,unsigned int *options,int noisy)
100 : {
101 0 : struct parse_options import_opts[]=
102 : {
103 : {"import-local-sigs",IMPORT_LOCAL_SIGS,NULL,
104 : N_("import signatures that are marked as local-only")},
105 :
106 : {"repair-pks-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,
107 : N_("repair damage from the pks keyserver during import")},
108 :
109 : {"keep-ownertrust", IMPORT_KEEP_OWNERTTRUST, NULL,
110 : N_("do not clear the ownertrust values during import")},
111 :
112 : {"fast-import",IMPORT_FAST,NULL,
113 : N_("do not update the trustdb after import")},
114 :
115 : {"merge-only",IMPORT_MERGE_ONLY,NULL,
116 : N_("only accept updates to existing keys")},
117 :
118 : {"import-clean",IMPORT_CLEAN,NULL,
119 : N_("remove unusable parts from key after import")},
120 :
121 : {"import-minimal",IMPORT_MINIMAL|IMPORT_CLEAN,NULL,
122 : N_("remove as much as possible from key after import")},
123 :
124 : /* Aliases for backward compatibility */
125 : {"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
126 : {"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
127 : /* dummy */
128 : {"import-unusable-sigs",0,NULL,NULL},
129 : {"import-clean-sigs",0,NULL,NULL},
130 : {"import-clean-uids",0,NULL,NULL},
131 : {"convert-sk-to-pk",0, NULL,NULL}, /* Not anymore needed due to
132 : the new design. */
133 : {NULL,0,NULL,NULL}
134 : };
135 :
136 0 : return parse_options(str,options,import_opts,noisy);
137 : }
138 :
139 :
140 : void *
141 19 : import_new_stats_handle (void)
142 : {
143 19 : return xmalloc_clear ( sizeof (struct stats_s) );
144 : }
145 :
146 :
147 : void
148 19 : import_release_stats_handle (void *p)
149 : {
150 19 : xfree (p);
151 19 : }
152 :
153 :
154 : /*
155 : * Import the public keys from the given filename. Input may be armored.
156 : * This function rejects all keys which are not validly self signed on at
157 : * least one userid. Only user ids which are self signed will be imported.
158 : * Other signatures are not checked.
159 : *
160 : * Actually this function does a merge. It works like this:
161 : *
162 : * - get the keyblock
163 : * - check self-signatures and remove all userids and their signatures
164 : * without/invalid self-signatures.
165 : * - reject the keyblock, if we have no valid userid.
166 : * - See whether we have this key already in one of our pubrings.
167 : * If not, simply add it to the default keyring.
168 : * - Compare the key and the self-signatures of the new and the one in
169 : * our keyring. If they are different something weird is going on;
170 : * ask what to do.
171 : * - See whether we have only non-self-signature on one user id; if not
172 : * ask the user what to do.
173 : * - compare the signatures: If we already have this signature, check
174 : * that they compare okay; if not, issue a warning and ask the user.
175 : * (consider looking at the timestamp and use the newest?)
176 : * - Simply add the signature. Can't verify here because we may not have
177 : * the signature's public key yet; verification is done when putting it
178 : * into the trustdb, which is done automagically as soon as this pubkey
179 : * is used.
180 : * - Proceed with next signature.
181 : *
182 : * Key revocation certificates have special handling.
183 : */
184 : static int
185 19 : import_keys_internal (ctrl_t ctrl, iobuf_t inp, char **fnames, int nnames,
186 : void *stats_handle, unsigned char **fpr, size_t *fpr_len,
187 : unsigned int options,
188 : import_screener_t screener, void *screener_arg)
189 : {
190 : int i;
191 19 : int rc = 0;
192 19 : struct stats_s *stats = stats_handle;
193 :
194 19 : if (!stats)
195 19 : stats = import_new_stats_handle ();
196 :
197 19 : if (inp)
198 : {
199 0 : rc = import (ctrl, inp, "[stream]", stats, fpr, fpr_len, options,
200 : screener, screener_arg);
201 : }
202 : else
203 : {
204 19 : if (!fnames && !nnames)
205 1 : nnames = 1; /* Ohh what a ugly hack to jump into the loop */
206 :
207 39 : for (i=0; i < nnames; i++)
208 : {
209 20 : const char *fname = fnames? fnames[i] : NULL;
210 20 : IOBUF inp2 = iobuf_open(fname);
211 :
212 20 : if (!fname)
213 1 : fname = "[stdin]";
214 20 : if (inp2 && is_secured_file (iobuf_get_fd (inp2)))
215 : {
216 0 : iobuf_close (inp2);
217 0 : inp2 = NULL;
218 0 : gpg_err_set_errno (EPERM);
219 : }
220 20 : if (!inp2)
221 0 : log_error (_("can't open '%s': %s\n"), fname, strerror (errno));
222 : else
223 : {
224 20 : rc = import (ctrl, inp2, fname, stats, fpr, fpr_len, options,
225 : screener, screener_arg);
226 20 : iobuf_close (inp2);
227 : /* Must invalidate that ugly cache to actually close it. */
228 20 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
229 20 : if (rc)
230 0 : log_error ("import from '%s' failed: %s\n",
231 : fname, gpg_strerror (rc) );
232 : }
233 20 : if (!fname)
234 0 : break;
235 : }
236 : }
237 :
238 19 : if (!stats_handle)
239 : {
240 19 : import_print_stats (stats);
241 19 : import_release_stats_handle (stats);
242 : }
243 :
244 : /* If no fast import and the trustdb is dirty (i.e. we added a key
245 : or userID that had something other than a selfsig, a signature
246 : that was other than a selfsig, or any revocation), then
247 : update/check the trustdb if the user specified by setting
248 : interactive or by not setting no-auto-check-trustdb */
249 :
250 19 : if (!(options & IMPORT_FAST))
251 19 : check_or_update_trustdb ();
252 :
253 19 : return rc;
254 : }
255 :
256 :
257 : void
258 19 : import_keys (ctrl_t ctrl, char **fnames, int nnames,
259 : void *stats_handle, unsigned int options )
260 : {
261 19 : import_keys_internal (ctrl, NULL, fnames, nnames, stats_handle,
262 : NULL, NULL, options, NULL, NULL);
263 19 : }
264 :
265 : int
266 0 : import_keys_stream (ctrl_t ctrl, IOBUF inp, void *stats_handle,
267 : unsigned char **fpr, size_t *fpr_len, unsigned int options)
268 : {
269 0 : return import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
270 : fpr, fpr_len, options, NULL, NULL);
271 : }
272 :
273 :
274 : /* Variant of import_keys_stream reading from an estream_t. */
275 : int
276 0 : import_keys_es_stream (ctrl_t ctrl, estream_t fp, void *stats_handle,
277 : unsigned char **fpr, size_t *fpr_len,
278 : unsigned int options,
279 : import_screener_t screener, void *screener_arg)
280 : {
281 : int rc;
282 : iobuf_t inp;
283 :
284 0 : inp = iobuf_esopen (fp, "r", 1);
285 0 : if (!inp)
286 : {
287 0 : rc = gpg_error_from_syserror ();
288 0 : log_error ("iobuf_esopen failed: %s\n", gpg_strerror (rc));
289 0 : return rc;
290 : }
291 :
292 0 : rc = import_keys_internal (ctrl, inp, NULL, 0, stats_handle,
293 : fpr, fpr_len, options,
294 : screener, screener_arg);
295 :
296 0 : iobuf_close (inp);
297 0 : return rc;
298 : }
299 :
300 :
301 : static int
302 20 : import (ctrl_t ctrl, IOBUF inp, const char* fname,struct stats_s *stats,
303 : unsigned char **fpr,size_t *fpr_len, unsigned int options,
304 : import_screener_t screener, void *screener_arg)
305 : {
306 20 : PACKET *pending_pkt = NULL;
307 20 : kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
308 : grasp the return semantics of
309 : read_block. */
310 20 : int rc = 0;
311 : int v3keys;
312 :
313 20 : getkey_disable_caches ();
314 :
315 20 : if (!opt.no_armor) /* Armored reading is not disabled. */
316 : {
317 : armor_filter_context_t *afx;
318 :
319 20 : afx = new_armor_context ();
320 20 : afx->only_keyblocks = 1;
321 20 : push_armor_filter (afx, inp);
322 20 : release_armor_context (afx);
323 : }
324 :
325 128 : while (!(rc = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
326 : {
327 88 : stats->v3keys += v3keys;
328 88 : if (keyblock->pkt->pkttype == PKT_PUBLIC_KEY)
329 81 : rc = import_one (ctrl, fname, keyblock,
330 : stats, fpr, fpr_len, options, 0, 0,
331 : screener, screener_arg);
332 7 : else if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
333 7 : rc = import_secret_one (ctrl, fname, keyblock, stats,
334 : opt.batch, options, 0,
335 : screener, screener_arg);
336 0 : else if (keyblock->pkt->pkttype == PKT_SIGNATURE
337 0 : && keyblock->pkt->pkt.signature->sig_class == 0x20 )
338 0 : rc = import_revoke_cert( fname, keyblock, stats );
339 : else
340 : {
341 0 : log_info (_("skipping block of type %d\n"), keyblock->pkt->pkttype);
342 : }
343 88 : release_kbnode (keyblock);
344 :
345 : /* fixme: we should increment the not imported counter but
346 : this does only make sense if we keep on going despite of
347 : errors. For now we do this only if the imported key is too
348 : large. */
349 88 : if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
350 0 : && gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
351 : {
352 0 : stats->not_imported++;
353 0 : rc = 0;
354 : }
355 88 : else if (rc)
356 0 : break;
357 :
358 88 : if (!(++stats->count % 100) && !opt.quiet)
359 0 : log_info (_("%lu keys processed so far\n"), stats->count );
360 : }
361 20 : stats->v3keys += v3keys;
362 20 : if (rc == -1)
363 20 : rc = 0;
364 0 : else if (rc && gpg_err_code (rc) != GPG_ERR_INV_KEYRING)
365 0 : log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (rc));
366 :
367 20 : return rc;
368 : }
369 :
370 :
371 : /* Helper to migrate secring.gpg to GnuPG 2.1. */
372 : gpg_error_t
373 0 : import_old_secring (ctrl_t ctrl, const char *fname)
374 : {
375 : gpg_error_t err;
376 : iobuf_t inp;
377 0 : PACKET *pending_pkt = NULL;
378 0 : kbnode_t keyblock = NULL; /* Need to initialize because gcc can't
379 : grasp the return semantics of
380 : read_block. */
381 : struct stats_s *stats;
382 : int v3keys;
383 :
384 0 : inp = iobuf_open (fname);
385 0 : if (inp && is_secured_file (iobuf_get_fd (inp)))
386 : {
387 0 : iobuf_close (inp);
388 0 : inp = NULL;
389 0 : gpg_err_set_errno (EPERM);
390 : }
391 0 : if (!inp)
392 : {
393 0 : err = gpg_error_from_syserror ();
394 0 : log_error (_("can't open '%s': %s\n"), fname, gpg_strerror (err));
395 0 : return err;
396 : }
397 :
398 0 : getkey_disable_caches();
399 0 : stats = import_new_stats_handle ();
400 0 : while (!(err = read_block (inp, &pending_pkt, &keyblock, &v3keys)))
401 : {
402 0 : if (keyblock->pkt->pkttype == PKT_SECRET_KEY)
403 0 : err = import_secret_one (ctrl, fname, keyblock, stats, 1, 0, 1,
404 : NULL, NULL);
405 0 : release_kbnode (keyblock);
406 0 : if (err)
407 0 : break;
408 : }
409 0 : import_release_stats_handle (stats);
410 0 : if (err == -1)
411 0 : err = 0;
412 0 : else if (err && gpg_err_code (err) != GPG_ERR_INV_KEYRING)
413 0 : log_error (_("error reading '%s': %s\n"), fname, gpg_strerror (err));
414 0 : else if (err)
415 0 : log_error ("import from '%s' failed: %s\n", fname, gpg_strerror (err));
416 :
417 0 : iobuf_close (inp);
418 0 : iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname);
419 :
420 0 : return err;
421 : }
422 :
423 :
424 : void
425 19 : import_print_stats (void *hd)
426 : {
427 19 : struct stats_s *stats = hd;
428 :
429 19 : if (!opt.quiet)
430 : {
431 19 : log_info(_("Total number processed: %lu\n"),
432 19 : stats->count + stats->v3keys);
433 19 : if (stats->v3keys)
434 0 : log_info(_(" skipped PGP-2 keys: %lu\n"), stats->v3keys);
435 19 : if (stats->skipped_new_keys )
436 0 : log_info(_(" skipped new keys: %lu\n"),
437 : stats->skipped_new_keys );
438 19 : if (stats->no_user_id )
439 0 : log_info(_(" w/o user IDs: %lu\n"), stats->no_user_id );
440 19 : if (stats->imported)
441 : {
442 14 : log_info(_(" imported: %lu"), stats->imported );
443 14 : log_printf ("\n");
444 : }
445 19 : if (stats->unchanged )
446 4 : log_info(_(" unchanged: %lu\n"), stats->unchanged );
447 19 : if (stats->n_uids )
448 0 : log_info(_(" new user IDs: %lu\n"), stats->n_uids );
449 19 : if (stats->n_subk )
450 0 : log_info(_(" new subkeys: %lu\n"), stats->n_subk );
451 19 : if (stats->n_sigs )
452 2 : log_info(_(" new signatures: %lu\n"), stats->n_sigs );
453 19 : if (stats->n_revoc )
454 0 : log_info(_(" new key revocations: %lu\n"), stats->n_revoc );
455 19 : if (stats->secret_read )
456 7 : log_info(_(" secret keys read: %lu\n"), stats->secret_read );
457 19 : if (stats->secret_imported )
458 6 : log_info(_(" secret keys imported: %lu\n"), stats->secret_imported );
459 19 : if (stats->secret_dups )
460 1 : log_info(_(" secret keys unchanged: %lu\n"), stats->secret_dups );
461 19 : if (stats->not_imported )
462 0 : log_info(_(" not imported: %lu\n"), stats->not_imported );
463 19 : if (stats->n_sigs_cleaned)
464 0 : log_info(_(" signatures cleaned: %lu\n"),stats->n_sigs_cleaned);
465 19 : if (stats->n_uids_cleaned)
466 0 : log_info(_(" user IDs cleaned: %lu\n"),stats->n_uids_cleaned);
467 : }
468 :
469 19 : if (is_status_enabled ())
470 : {
471 : char buf[15*20];
472 :
473 0 : snprintf (buf, sizeof buf,
474 : "%lu %lu %lu 0 %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu %lu",
475 0 : stats->count + stats->v3keys,
476 : stats->no_user_id,
477 : stats->imported,
478 : stats->unchanged,
479 : stats->n_uids,
480 : stats->n_subk,
481 : stats->n_sigs,
482 : stats->n_revoc,
483 : stats->secret_read,
484 : stats->secret_imported,
485 : stats->secret_dups,
486 : stats->skipped_new_keys,
487 : stats->not_imported,
488 : stats->v3keys );
489 0 : write_status_text (STATUS_IMPORT_RES, buf);
490 : }
491 19 : }
492 :
493 :
494 : /* Return true if PKTTYPE is valid in a keyblock. */
495 : static int
496 587 : valid_keyblock_packet (int pkttype)
497 : {
498 587 : switch (pkttype)
499 : {
500 : case PKT_PUBLIC_KEY:
501 : case PKT_PUBLIC_SUBKEY:
502 : case PKT_SECRET_KEY:
503 : case PKT_SECRET_SUBKEY:
504 : case PKT_SIGNATURE:
505 : case PKT_USER_ID:
506 : case PKT_ATTRIBUTE:
507 : case PKT_RING_TRUST:
508 587 : return 1;
509 : default:
510 0 : return 0;
511 : }
512 : }
513 :
514 :
515 : /****************
516 : * Read the next keyblock from stream A.
517 : * PENDING_PKT should be initialzed to NULL
518 : * and not changed by the caller.
519 : * Return: 0 = okay, -1 no more blocks or another errorcode.
520 : * The int at at R_V3KEY counts the number of unsupported v3
521 : * keyblocks.
522 : */
523 : static int
524 108 : read_block( IOBUF a, PACKET **pending_pkt, kbnode_t *ret_root, int *r_v3keys)
525 : {
526 : int rc;
527 : PACKET *pkt;
528 108 : kbnode_t root = NULL;
529 : int in_cert, in_v3key;
530 :
531 108 : *r_v3keys = 0;
532 :
533 108 : if (*pending_pkt)
534 : {
535 68 : root = new_kbnode( *pending_pkt );
536 68 : *pending_pkt = NULL;
537 68 : in_cert = 1;
538 : }
539 : else
540 40 : in_cert = 0;
541 :
542 108 : pkt = xmalloc (sizeof *pkt);
543 108 : init_packet (pkt);
544 108 : in_v3key = 0;
545 808 : while ((rc=parse_packet(a, pkt)) != -1)
546 : {
547 660 : if (rc && (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY
548 0 : && (pkt->pkttype == PKT_PUBLIC_KEY
549 0 : || pkt->pkttype == PKT_SECRET_KEY)))
550 : {
551 0 : in_v3key = 1;
552 0 : ++*r_v3keys;
553 0 : free_packet (pkt);
554 0 : init_packet (pkt);
555 0 : continue;
556 : }
557 660 : else if (rc ) /* (ignore errors) */
558 : {
559 0 : if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_PACKET)
560 : ; /* Do not show a diagnostic. */
561 : else
562 : {
563 0 : log_error("read_block: read error: %s\n", gpg_strerror (rc) );
564 0 : rc = GPG_ERR_INV_KEYRING;
565 0 : goto ready;
566 : }
567 0 : free_packet( pkt );
568 0 : init_packet(pkt);
569 0 : continue;
570 : }
571 :
572 660 : if (in_v3key && !(pkt->pkttype == PKT_PUBLIC_KEY
573 0 : || pkt->pkttype == PKT_SECRET_KEY))
574 : {
575 0 : free_packet( pkt );
576 0 : init_packet(pkt);
577 0 : continue;
578 : }
579 660 : in_v3key = 0;
580 :
581 660 : if (!root && pkt->pkttype == PKT_SIGNATURE
582 0 : && pkt->pkt.signature->sig_class == 0x20 )
583 : {
584 : /* This is a revocation certificate which is handled in a
585 : * special way. */
586 0 : root = new_kbnode( pkt );
587 0 : pkt = NULL;
588 0 : goto ready;
589 : }
590 :
591 : /* Make a linked list of all packets. */
592 660 : switch (pkt->pkttype)
593 : {
594 : case PKT_COMPRESSED:
595 0 : if (check_compress_algo (pkt->pkt.compressed->algorithm))
596 : {
597 0 : rc = GPG_ERR_COMPR_ALGO;
598 0 : goto ready;
599 : }
600 : else
601 : {
602 0 : compress_filter_context_t *cfx = xmalloc_clear( sizeof *cfx );
603 0 : pkt->pkt.compressed->buf = NULL;
604 0 : push_compress_filter2(a,cfx,pkt->pkt.compressed->algorithm,1);
605 : }
606 0 : free_packet( pkt );
607 0 : init_packet(pkt);
608 0 : break;
609 :
610 : case PKT_RING_TRUST:
611 : /* Skip those packets. */
612 5 : free_packet( pkt );
613 5 : init_packet(pkt);
614 5 : break;
615 :
616 : case PKT_PUBLIC_KEY:
617 : case PKT_SECRET_KEY:
618 88 : if (in_cert ) /* Store this packet. */
619 : {
620 68 : *pending_pkt = pkt;
621 68 : pkt = NULL;
622 68 : goto ready;
623 : }
624 20 : in_cert = 1;
625 : default:
626 587 : if (in_cert && valid_keyblock_packet (pkt->pkttype))
627 : {
628 587 : if (!root )
629 20 : root = new_kbnode (pkt);
630 : else
631 567 : add_kbnode (root, new_kbnode (pkt));
632 587 : pkt = xmalloc (sizeof *pkt);
633 : }
634 587 : init_packet(pkt);
635 587 : break;
636 : }
637 : }
638 :
639 : ready:
640 108 : if (rc == -1 && root )
641 20 : rc = 0;
642 :
643 108 : if (rc )
644 20 : release_kbnode( root );
645 : else
646 88 : *ret_root = root;
647 108 : free_packet( pkt );
648 108 : xfree( pkt );
649 108 : return rc;
650 : }
651 :
652 :
653 : /* Walk through the subkeys on a pk to find if we have the PKS
654 : disease: multiple subkeys with their binding sigs stripped, and the
655 : sig for the first subkey placed after the last subkey. That is,
656 : instead of "pk uid sig sub1 bind1 sub2 bind2 sub3 bind3" we have
657 : "pk uid sig sub1 sub2 sub3 bind1". We can't do anything about sub2
658 : and sub3, as they are already lost, but we can try and rescue sub1
659 : by reordering the keyblock so that it reads "pk uid sig sub1 bind1
660 : sub2 sub3". Returns TRUE if the keyblock was modified. */
661 : static int
662 0 : fix_pks_corruption (kbnode_t keyblock)
663 : {
664 0 : int changed = 0;
665 0 : int keycount = 0;
666 : kbnode_t node;
667 0 : kbnode_t last = NULL;
668 0 : kbnode_t sknode=NULL;
669 :
670 : /* First determine if we have the problem at all. Look for 2 or
671 : more subkeys in a row, followed by a single binding sig. */
672 0 : for (node=keyblock; node; last=node, node=node->next)
673 : {
674 0 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
675 : {
676 0 : keycount++;
677 0 : if(!sknode)
678 0 : sknode=node;
679 : }
680 0 : else if (node->pkt->pkttype == PKT_SIGNATURE
681 0 : && node->pkt->pkt.signature->sig_class == 0x18
682 0 : && keycount >= 2
683 0 : && !node->next)
684 : {
685 : /* We might have the problem, as this key has two subkeys in
686 : a row without any intervening packets. */
687 :
688 : /* Sanity check */
689 0 : if (!last)
690 0 : break;
691 :
692 : /* Temporarily attach node to sknode. */
693 0 : node->next = sknode->next;
694 0 : sknode->next = node;
695 0 : last->next = NULL;
696 :
697 : /* Note we aren't checking whether this binding sig is a
698 : selfsig. This is not necessary here as the subkey and
699 : binding sig will be rejected later if that is the
700 : case. */
701 0 : if (check_key_signature (keyblock,node,NULL))
702 : {
703 : /* Not a match, so undo the changes. */
704 0 : sknode->next = node->next;
705 0 : last->next = node;
706 0 : node->next = NULL;
707 0 : break;
708 : }
709 : else
710 : {
711 0 : sknode->flag |= 1; /* Mark it good so we don't need to
712 : check it again */
713 0 : changed = 1;
714 0 : break;
715 : }
716 : }
717 : else
718 0 : keycount = 0;
719 : }
720 :
721 0 : return changed;
722 : }
723 :
724 :
725 : /* Versions of GnuPG before 1.4.11 and 2.0.16 allowed to import bogus
726 : direct key signatures. A side effect of this was that a later
727 : import of the same good direct key signatures was not possible
728 : because the cmp_signature check in merge_blocks considered them
729 : equal. Although direct key signatures are now checked during
730 : import, there might still be bogus signatures sitting in a keyring.
731 : We need to detect and delete them before doing a merge. This
732 : function returns the number of removed sigs. */
733 : static int
734 31 : fix_bad_direct_key_sigs (kbnode_t keyblock, u32 *keyid)
735 : {
736 : gpg_error_t err;
737 : kbnode_t node;
738 31 : int count = 0;
739 :
740 31 : for (node = keyblock->next; node; node=node->next)
741 : {
742 31 : if (node->pkt->pkttype == PKT_USER_ID)
743 31 : break;
744 0 : if (node->pkt->pkttype == PKT_SIGNATURE
745 0 : && IS_KEY_SIG (node->pkt->pkt.signature))
746 : {
747 0 : err = check_key_signature (keyblock, node, NULL);
748 0 : if (err && gpg_err_code (err) != GPG_ERR_PUBKEY_ALGO )
749 : {
750 : /* If we don't know the error, we can't decide; this is
751 : not a problem because cmp_signature can't compare the
752 : signature either. */
753 0 : log_info ("key %s: invalid direct key signature removed\n",
754 : keystr (keyid));
755 0 : delete_kbnode (node);
756 0 : count++;
757 : }
758 : }
759 : }
760 :
761 31 : return count;
762 : }
763 :
764 :
765 : static void
766 0 : print_import_ok (PKT_public_key *pk, unsigned int reason)
767 : {
768 : byte array[MAX_FINGERPRINT_LEN], *s;
769 : char buf[MAX_FINGERPRINT_LEN*2+30], *p;
770 : size_t i, n;
771 :
772 0 : snprintf (buf, sizeof buf, "%u ", reason);
773 0 : p = buf + strlen (buf);
774 :
775 0 : fingerprint_from_pk (pk, array, &n);
776 0 : s = array;
777 0 : for (i=0; i < n ; i++, s++, p += 2)
778 0 : sprintf (p, "%02X", *s);
779 :
780 0 : write_status_text (STATUS_IMPORT_OK, buf);
781 0 : }
782 :
783 :
784 : static void
785 0 : print_import_check (PKT_public_key * pk, PKT_user_id * id)
786 : {
787 : char * buf;
788 : byte fpr[24];
789 : u32 keyid[2];
790 : size_t i, n;
791 0 : size_t pos = 0;
792 :
793 0 : buf = xmalloc (17+41+id->len+32);
794 0 : keyid_from_pk (pk, keyid);
795 0 : sprintf (buf, "%08X%08X ", keyid[0], keyid[1]);
796 0 : pos = 17;
797 0 : fingerprint_from_pk (pk, fpr, &n);
798 0 : for (i = 0; i < n; i++, pos += 2)
799 0 : sprintf (buf+pos, "%02X", fpr[i]);
800 0 : strcat (buf, " ");
801 0 : pos += 1;
802 0 : strcat (buf, id->name);
803 0 : write_status_text (STATUS_IMPORT_CHECK, buf);
804 0 : xfree (buf);
805 0 : }
806 :
807 :
808 : static void
809 0 : check_prefs_warning(PKT_public_key *pk)
810 : {
811 0 : log_info(_("WARNING: key %s contains preferences for unavailable\n"
812 : "algorithms on these user IDs:\n"), keystr_from_pk(pk));
813 0 : }
814 :
815 :
816 : static void
817 12 : check_prefs (ctrl_t ctrl, kbnode_t keyblock)
818 : {
819 : kbnode_t node;
820 : PKT_public_key *pk;
821 12 : int problem=0;
822 :
823 12 : merge_keys_and_selfsig(keyblock);
824 12 : pk=keyblock->pkt->pkt.public_key;
825 :
826 74 : for(node=keyblock;node;node=node->next)
827 : {
828 62 : if(node->pkt->pkttype==PKT_USER_ID
829 16 : && node->pkt->pkt.user_id->created
830 14 : && node->pkt->pkt.user_id->prefs)
831 : {
832 14 : PKT_user_id *uid = node->pkt->pkt.user_id;
833 14 : prefitem_t *prefs = uid->prefs;
834 14 : char *user = utf8_to_native(uid->name,strlen(uid->name),0);
835 :
836 118 : for(;prefs->type;prefs++)
837 : {
838 : char num[10]; /* prefs->value is a byte, so we're over
839 : safe here */
840 :
841 104 : sprintf(num,"%u",prefs->value);
842 :
843 104 : if(prefs->type==PREFTYPE_SYM)
844 : {
845 44 : if (openpgp_cipher_test_algo (prefs->value))
846 : {
847 0 : const char *algo =
848 0 : (openpgp_cipher_test_algo (prefs->value)
849 : ? num
850 0 : : openpgp_cipher_algo_name (prefs->value));
851 0 : if(!problem)
852 0 : check_prefs_warning(pk);
853 0 : log_info(_(" \"%s\": preference for cipher"
854 : " algorithm %s\n"), user, algo);
855 0 : problem=1;
856 : }
857 : }
858 60 : else if(prefs->type==PREFTYPE_HASH)
859 : {
860 34 : if(openpgp_md_test_algo(prefs->value))
861 : {
862 0 : const char *algo =
863 0 : (gcry_md_test_algo (prefs->value)
864 : ? num
865 0 : : gcry_md_algo_name (prefs->value));
866 0 : if(!problem)
867 0 : check_prefs_warning(pk);
868 0 : log_info(_(" \"%s\": preference for digest"
869 : " algorithm %s\n"), user, algo);
870 0 : problem=1;
871 : }
872 : }
873 26 : else if(prefs->type==PREFTYPE_ZIP)
874 : {
875 26 : if(check_compress_algo (prefs->value))
876 : {
877 0 : const char *algo=compress_algo_to_string(prefs->value);
878 0 : if(!problem)
879 0 : check_prefs_warning(pk);
880 0 : log_info(_(" \"%s\": preference for compression"
881 : " algorithm %s\n"),user,algo?algo:num);
882 0 : problem=1;
883 : }
884 : }
885 : }
886 :
887 14 : xfree(user);
888 : }
889 : }
890 :
891 12 : if(problem)
892 : {
893 0 : log_info(_("it is strongly suggested that you update"
894 : " your preferences and\n"));
895 0 : log_info(_("re-distribute this key to avoid potential algorithm"
896 : " mismatch problems\n"));
897 :
898 0 : if(!opt.batch)
899 : {
900 0 : strlist_t sl = NULL;
901 0 : strlist_t locusr = NULL;
902 0 : size_t fprlen=0;
903 : byte fpr[MAX_FINGERPRINT_LEN], *p;
904 : char username[(MAX_FINGERPRINT_LEN*2)+1];
905 : unsigned int i;
906 :
907 0 : p = fingerprint_from_pk (pk,fpr,&fprlen);
908 0 : for(i=0;i<fprlen;i++,p++)
909 0 : sprintf(username+2*i,"%02X",*p);
910 0 : add_to_strlist(&locusr,username);
911 :
912 0 : append_to_strlist(&sl,"updpref");
913 0 : append_to_strlist(&sl,"save");
914 :
915 0 : keyedit_menu (ctrl, username, locusr, sl, 1, 1 );
916 0 : free_strlist(sl);
917 0 : free_strlist(locusr);
918 : }
919 0 : else if(!opt.quiet)
920 0 : log_info(_("you can update your preferences with:"
921 : " gpg --edit-key %s updpref save\n"),keystr_from_pk(pk));
922 : }
923 12 : }
924 :
925 :
926 : /*
927 : * Try to import one keyblock. Return an error only in serious cases,
928 : * but never for an invalid keyblock. It uses log_error to increase
929 : * the internal errorcount, so that invalid input can be detected by
930 : * programs which called gpg. If SILENT is no messages are printed -
931 : * even most error messages are suppressed.
932 : */
933 : static int
934 88 : import_one (ctrl_t ctrl,
935 : const char *fname, kbnode_t keyblock, struct stats_s *stats,
936 : unsigned char **fpr, size_t *fpr_len, unsigned int options,
937 : int from_sk, int silent,
938 : import_screener_t screener, void *screener_arg)
939 : {
940 : PKT_public_key *pk;
941 : PKT_public_key *pk_orig;
942 : kbnode_t node, uidnode;
943 88 : kbnode_t keyblock_orig = NULL;
944 : byte fpr2[MAX_FINGERPRINT_LEN];
945 : size_t fpr2len;
946 : u32 keyid[2];
947 88 : int rc = 0;
948 88 : int new_key = 0;
949 88 : int mod_key = 0;
950 88 : int same_key = 0;
951 88 : int non_self = 0;
952 : size_t an;
953 : char pkstrbuf[PUBKEY_STRING_SIZE];
954 :
955 : /* Get the key and print some info about it. */
956 88 : node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
957 88 : if (!node )
958 0 : BUG();
959 :
960 88 : pk = node->pkt->pkt.public_key;
961 :
962 88 : fingerprint_from_pk (pk, fpr2, &fpr2len);
963 88 : for (an = fpr2len; an < MAX_FINGERPRINT_LEN; an++)
964 0 : fpr2[an] = 0;
965 88 : keyid_from_pk( pk, keyid );
966 88 : uidnode = find_next_kbnode( keyblock, PKT_USER_ID );
967 :
968 88 : if (opt.verbose && !opt.interactive && !silent)
969 : {
970 0 : log_info( "pub %s/%s %s ",
971 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
972 : keystr_from_pk(pk), datestr_from_pk(pk) );
973 0 : if (uidnode)
974 0 : print_utf8_buffer (log_get_stream (),
975 0 : uidnode->pkt->pkt.user_id->name,
976 0 : uidnode->pkt->pkt.user_id->len );
977 0 : log_printf ("\n");
978 : }
979 :
980 :
981 88 : if (!uidnode )
982 : {
983 0 : if (!silent)
984 0 : log_error( _("key %s: no user ID\n"), keystr_from_pk(pk));
985 0 : return 0;
986 : }
987 :
988 88 : if (screener && screener (keyblock, screener_arg))
989 : {
990 0 : log_error (_("key %s: %s\n"), keystr_from_pk (pk),
991 : _("rejected by import screener"));
992 0 : return 0;
993 : }
994 :
995 88 : if (opt.interactive && !silent)
996 : {
997 0 : if (is_status_enabled())
998 0 : print_import_check (pk, uidnode->pkt->pkt.user_id);
999 0 : merge_keys_and_selfsig (keyblock);
1000 0 : tty_printf ("\n");
1001 0 : show_basic_key_info (keyblock);
1002 0 : tty_printf ("\n");
1003 0 : if (!cpr_get_answer_is_yes ("import.okay",
1004 : "Do you want to import this key? (y/N) "))
1005 0 : return 0;
1006 : }
1007 :
1008 88 : collapse_uids(&keyblock);
1009 :
1010 : /* Clean the key that we're about to import, to cut down on things
1011 : that we have to clean later. This has no practical impact on the
1012 : end result, but does result in less logging which might confuse
1013 : the user. */
1014 88 : if (options&IMPORT_CLEAN)
1015 0 : clean_key (keyblock,opt.verbose,options&IMPORT_MINIMAL,NULL,NULL);
1016 :
1017 88 : clear_kbnode_flags( keyblock );
1018 :
1019 88 : if ((options&IMPORT_REPAIR_PKS_SUBKEY_BUG) && fix_pks_corruption(keyblock)
1020 0 : && opt.verbose)
1021 0 : log_info (_("key %s: PKS subkey corruption repaired\n"),
1022 : keystr_from_pk(pk));
1023 :
1024 88 : rc = chk_self_sigs( fname, keyblock , pk, keyid, &non_self );
1025 88 : if (rc )
1026 0 : return rc== -1? 0:rc;
1027 :
1028 : /* If we allow such a thing, mark unsigned uids as valid */
1029 88 : if (opt.allow_non_selfsigned_uid)
1030 : {
1031 16 : for (node=keyblock; node; node = node->next )
1032 12 : if (node->pkt->pkttype == PKT_USER_ID && !(node->flag & 1) )
1033 : {
1034 4 : char *user=utf8_to_native(node->pkt->pkt.user_id->name,
1035 4 : node->pkt->pkt.user_id->len,0);
1036 4 : node->flag |= 1;
1037 4 : log_info( _("key %s: accepted non self-signed user ID \"%s\"\n"),
1038 : keystr_from_pk(pk),user);
1039 4 : xfree(user);
1040 : }
1041 : }
1042 :
1043 88 : if (!delete_inv_parts( fname, keyblock, keyid, options ) )
1044 : {
1045 0 : if (!silent)
1046 : {
1047 0 : log_error( _("key %s: no valid user IDs\n"), keystr_from_pk(pk));
1048 0 : if (!opt.quiet )
1049 0 : log_info(_("this may be caused by a missing self-signature\n"));
1050 : }
1051 0 : stats->no_user_id++;
1052 0 : return 0;
1053 : }
1054 :
1055 : /* Do we have this key already in one of our pubrings ? */
1056 88 : pk_orig = xmalloc_clear( sizeof *pk_orig );
1057 88 : rc = get_pubkey_byfprint_fast (pk_orig, fpr2, fpr2len);
1058 88 : if (rc && gpg_err_code (rc) != GPG_ERR_NO_PUBKEY
1059 0 : && gpg_err_code (rc) != GPG_ERR_UNUSABLE_PUBKEY )
1060 : {
1061 0 : if (!silent)
1062 0 : log_error (_("key %s: public key not found: %s\n"),
1063 : keystr(keyid), gpg_strerror (rc));
1064 : }
1065 88 : else if ( rc && (opt.import_options&IMPORT_MERGE_ONLY) )
1066 : {
1067 0 : if (opt.verbose && !silent )
1068 0 : log_info( _("key %s: new key - skipped\n"), keystr(keyid));
1069 0 : rc = 0;
1070 0 : stats->skipped_new_keys++;
1071 : }
1072 88 : else if (rc ) /* Insert this key. */
1073 : {
1074 57 : KEYDB_HANDLE hd = keydb_new ();
1075 :
1076 57 : rc = keydb_locate_writable (hd);
1077 57 : if (rc)
1078 : {
1079 0 : log_error (_("no writable keyring found: %s\n"), gpg_strerror (rc));
1080 0 : keydb_release (hd);
1081 0 : return GPG_ERR_GENERAL;
1082 : }
1083 57 : if (opt.verbose > 1 )
1084 0 : log_info (_("writing to '%s'\n"), keydb_get_resource_name (hd) );
1085 :
1086 57 : rc = keydb_insert_keyblock (hd, keyblock );
1087 57 : if (rc)
1088 0 : log_error (_("error writing keyring '%s': %s\n"),
1089 : keydb_get_resource_name (hd), gpg_strerror (rc));
1090 57 : else if (!(opt.import_options & IMPORT_KEEP_OWNERTTRUST))
1091 : {
1092 : /* This should not be possible since we delete the
1093 : ownertrust when a key is deleted, but it can happen if
1094 : the keyring and trustdb are out of sync. It can also
1095 : be made to happen with the trusted-key command and by
1096 : importing and locally exported key. */
1097 :
1098 57 : clear_ownertrusts (pk);
1099 57 : if (non_self)
1100 3 : revalidation_mark ();
1101 : }
1102 57 : keydb_release (hd);
1103 :
1104 : /* We are ready. */
1105 57 : if (!opt.quiet && !silent)
1106 : {
1107 57 : char *p = get_user_id_byfpr_native (fpr2);
1108 57 : log_info (_("key %s: public key \"%s\" imported\n"),
1109 : keystr(keyid), p);
1110 57 : xfree(p);
1111 : }
1112 57 : if (is_status_enabled())
1113 : {
1114 0 : char *us = get_long_user_id_string( keyid );
1115 0 : write_status_text( STATUS_IMPORTED, us );
1116 0 : xfree(us);
1117 0 : print_import_ok (pk, 1);
1118 : }
1119 57 : stats->imported++;
1120 57 : new_key = 1;
1121 : }
1122 : else /* merge */
1123 : {
1124 : KEYDB_HANDLE hd;
1125 : int n_uids, n_sigs, n_subk, n_sigs_cleaned, n_uids_cleaned;
1126 :
1127 : /* Compare the original against the new key; just to be sure nothing
1128 : * weird is going on */
1129 31 : if (cmp_public_keys( pk_orig, pk ) )
1130 : {
1131 0 : if (!silent)
1132 0 : log_error( _("key %s: doesn't match our copy\n"),keystr(keyid));
1133 0 : goto leave;
1134 : }
1135 :
1136 : /* Now read the original keyblock again so that we can use
1137 : that handle for updating the keyblock. */
1138 31 : hd = keydb_new ();
1139 31 : keydb_disable_caching (hd);
1140 31 : rc = keydb_search_fpr (hd, fpr2);
1141 31 : if (rc )
1142 : {
1143 0 : log_error (_("key %s: can't locate original keyblock: %s\n"),
1144 : keystr(keyid), gpg_strerror (rc));
1145 0 : keydb_release (hd);
1146 0 : goto leave;
1147 : }
1148 31 : rc = keydb_get_keyblock (hd, &keyblock_orig);
1149 31 : if (rc)
1150 : {
1151 0 : log_error (_("key %s: can't read original keyblock: %s\n"),
1152 : keystr(keyid), gpg_strerror (rc));
1153 0 : keydb_release (hd);
1154 0 : goto leave;
1155 : }
1156 :
1157 : /* Make sure the original direct key sigs are all sane. */
1158 31 : n_sigs_cleaned = fix_bad_direct_key_sigs (keyblock_orig, keyid);
1159 31 : if (n_sigs_cleaned)
1160 0 : commit_kbnode (&keyblock_orig);
1161 :
1162 : /* and try to merge the block */
1163 31 : clear_kbnode_flags( keyblock_orig );
1164 31 : clear_kbnode_flags( keyblock );
1165 31 : n_uids = n_sigs = n_subk = n_uids_cleaned = 0;
1166 31 : rc = merge_blocks( fname, keyblock_orig, keyblock,
1167 : keyid, &n_uids, &n_sigs, &n_subk );
1168 31 : if (rc )
1169 : {
1170 0 : keydb_release (hd);
1171 0 : goto leave;
1172 : }
1173 :
1174 31 : if ((options & IMPORT_CLEAN))
1175 0 : clean_key (keyblock_orig,opt.verbose,options&IMPORT_MINIMAL,
1176 : &n_uids_cleaned,&n_sigs_cleaned);
1177 :
1178 31 : if (n_uids || n_sigs || n_subk || n_sigs_cleaned || n_uids_cleaned)
1179 : {
1180 2 : mod_key = 1;
1181 : /* KEYBLOCK_ORIG has been updated; write */
1182 2 : rc = keydb_update_keyblock (hd, keyblock_orig);
1183 2 : if (rc)
1184 0 : log_error (_("error writing keyring '%s': %s\n"),
1185 : keydb_get_resource_name (hd), gpg_strerror (rc) );
1186 2 : else if (non_self)
1187 0 : revalidation_mark ();
1188 :
1189 : /* We are ready. */
1190 2 : if (!opt.quiet && !silent)
1191 : {
1192 2 : char *p = get_user_id_byfpr_native (fpr2);
1193 2 : if (n_uids == 1 )
1194 0 : log_info( _("key %s: \"%s\" 1 new user ID\n"),
1195 : keystr(keyid),p);
1196 2 : else if (n_uids )
1197 0 : log_info( _("key %s: \"%s\" %d new user IDs\n"),
1198 : keystr(keyid),p,n_uids);
1199 2 : if (n_sigs == 1 )
1200 2 : log_info( _("key %s: \"%s\" 1 new signature\n"),
1201 : keystr(keyid), p);
1202 0 : else if (n_sigs )
1203 0 : log_info( _("key %s: \"%s\" %d new signatures\n"),
1204 : keystr(keyid), p, n_sigs );
1205 2 : if (n_subk == 1 )
1206 0 : log_info( _("key %s: \"%s\" 1 new subkey\n"),
1207 : keystr(keyid), p);
1208 2 : else if (n_subk )
1209 0 : log_info( _("key %s: \"%s\" %d new subkeys\n"),
1210 : keystr(keyid), p, n_subk );
1211 2 : if (n_sigs_cleaned==1)
1212 0 : log_info(_("key %s: \"%s\" %d signature cleaned\n"),
1213 : keystr(keyid),p,n_sigs_cleaned);
1214 2 : else if (n_sigs_cleaned)
1215 0 : log_info(_("key %s: \"%s\" %d signatures cleaned\n"),
1216 : keystr(keyid),p,n_sigs_cleaned);
1217 2 : if (n_uids_cleaned==1)
1218 0 : log_info(_("key %s: \"%s\" %d user ID cleaned\n"),
1219 : keystr(keyid),p,n_uids_cleaned);
1220 2 : else if (n_uids_cleaned)
1221 0 : log_info(_("key %s: \"%s\" %d user IDs cleaned\n"),
1222 : keystr(keyid),p,n_uids_cleaned);
1223 2 : xfree(p);
1224 : }
1225 :
1226 2 : stats->n_uids +=n_uids;
1227 2 : stats->n_sigs +=n_sigs;
1228 2 : stats->n_subk +=n_subk;
1229 2 : stats->n_sigs_cleaned +=n_sigs_cleaned;
1230 2 : stats->n_uids_cleaned +=n_uids_cleaned;
1231 :
1232 4 : if (is_status_enabled () && !silent)
1233 0 : print_import_ok (pk, ((n_uids?2:0)|(n_sigs?4:0)|(n_subk?8:0)));
1234 : }
1235 : else
1236 : {
1237 29 : same_key = 1;
1238 29 : if (is_status_enabled ())
1239 0 : print_import_ok (pk, 0);
1240 :
1241 29 : if (!opt.quiet && !silent)
1242 : {
1243 29 : char *p = get_user_id_byfpr_native (fpr2);
1244 29 : log_info( _("key %s: \"%s\" not changed\n"),keystr(keyid),p);
1245 29 : xfree(p);
1246 : }
1247 :
1248 29 : stats->unchanged++;
1249 : }
1250 :
1251 31 : keydb_release (hd); hd = NULL;
1252 : }
1253 :
1254 : leave:
1255 88 : if (mod_key || new_key || same_key)
1256 : {
1257 : /* A little explanation for this: we fill in the fingerprint
1258 : when importing keys as it can be useful to know the
1259 : fingerprint in certain keyserver-related cases (a keyserver
1260 : asked for a particular name, but the key doesn't have that
1261 : name). However, in cases where we're importing more than
1262 : one key at a time, we cannot know which key to fingerprint.
1263 : In these cases, rather than guessing, we do not
1264 : fingerprinting at all, and we must hope the user ID on the
1265 : keys are useful. Note that we need to do this for new
1266 : keys, merged keys and even for unchanged keys. This is
1267 : required because for example the --auto-key-locate feature
1268 : may import an already imported key and needs to know the
1269 : fingerprint of the key in all cases. */
1270 88 : if (fpr)
1271 : {
1272 0 : xfree (*fpr);
1273 : /* Note that we need to compare against 0 here because
1274 : COUNT gets only incremented after returning form this
1275 : function. */
1276 0 : if (!stats->count)
1277 0 : *fpr = fingerprint_from_pk (pk, NULL, fpr_len);
1278 : else
1279 0 : *fpr = NULL;
1280 : }
1281 : }
1282 :
1283 : /* Now that the key is definitely incorporated into the keydb, we
1284 : need to check if a designated revocation is present or if the
1285 : prefs are not rational so we can warn the user. */
1286 :
1287 88 : if (mod_key)
1288 : {
1289 2 : revocation_present (ctrl, keyblock_orig);
1290 2 : if (!from_sk && have_secret_key_with_kid (keyid))
1291 0 : check_prefs (ctrl, keyblock_orig);
1292 : }
1293 86 : else if (new_key)
1294 : {
1295 57 : revocation_present (ctrl, keyblock);
1296 57 : if (!from_sk && have_secret_key_with_kid (keyid))
1297 5 : check_prefs (ctrl, keyblock);
1298 : }
1299 :
1300 88 : release_kbnode( keyblock_orig );
1301 88 : free_public_key( pk_orig );
1302 :
1303 88 : return rc;
1304 : }
1305 :
1306 :
1307 : /* Transfer all the secret keys in SEC_KEYBLOCK to the gpg-agent. The
1308 : function prints diagnostics and returns an error code. If BATCH is
1309 : true the secret keys are stored by gpg-agent in the transfer format
1310 : (i.e. no re-protection and aksing for passphrases). */
1311 : static gpg_error_t
1312 7 : transfer_secret_keys (ctrl_t ctrl, struct stats_s *stats, kbnode_t sec_keyblock,
1313 : int batch)
1314 : {
1315 7 : gpg_error_t err = 0;
1316 7 : void *kek = NULL;
1317 : size_t keklen;
1318 7 : kbnode_t ctx = NULL;
1319 : kbnode_t node;
1320 : PKT_public_key *main_pk, *pk;
1321 : struct seckey_info *ski;
1322 : int nskey;
1323 : membuf_t mbuf;
1324 : int i, j;
1325 : void *format_args[2*PUBKEY_MAX_NSKEY];
1326 : gcry_sexp_t skey, prot, tmpsexp;
1327 7 : gcry_sexp_t curve = NULL;
1328 7 : unsigned char *transferkey = NULL;
1329 : size_t transferkeylen;
1330 7 : gcry_cipher_hd_t cipherhd = NULL;
1331 7 : unsigned char *wrappedkey = NULL;
1332 : size_t wrappedkeylen;
1333 7 : char *cache_nonce = NULL;
1334 7 : int stub_key_skipped = 0;
1335 :
1336 : /* Get the current KEK. */
1337 7 : err = agent_keywrap_key (ctrl, 0, &kek, &keklen);
1338 7 : if (err)
1339 : {
1340 0 : log_error ("error getting the KEK: %s\n", gpg_strerror (err));
1341 0 : goto leave;
1342 : }
1343 :
1344 : /* Prepare a cipher context. */
1345 7 : err = gcry_cipher_open (&cipherhd, GCRY_CIPHER_AES128,
1346 : GCRY_CIPHER_MODE_AESWRAP, 0);
1347 7 : if (!err)
1348 7 : err = gcry_cipher_setkey (cipherhd, kek, keklen);
1349 7 : if (err)
1350 0 : goto leave;
1351 7 : xfree (kek);
1352 7 : kek = NULL;
1353 :
1354 7 : main_pk = NULL;
1355 45 : while ((node = walk_kbnode (sec_keyblock, &ctx, 0)))
1356 : {
1357 31 : if (node->pkt->pkttype != PKT_SECRET_KEY
1358 24 : && node->pkt->pkttype != PKT_SECRET_SUBKEY)
1359 17 : continue;
1360 14 : pk = node->pkt->pkt.public_key;
1361 14 : if (!main_pk)
1362 7 : main_pk = pk;
1363 :
1364 : /* Make sure the keyids are available. */
1365 14 : keyid_from_pk (pk, NULL);
1366 14 : if (node->pkt->pkttype == PKT_SECRET_KEY)
1367 : {
1368 7 : pk->main_keyid[0] = pk->keyid[0];
1369 7 : pk->main_keyid[1] = pk->keyid[1];
1370 : }
1371 : else
1372 : {
1373 7 : pk->main_keyid[0] = main_pk->keyid[0];
1374 7 : pk->main_keyid[1] = main_pk->keyid[1];
1375 : }
1376 :
1377 :
1378 14 : ski = pk->seckey_info;
1379 14 : if (!ski)
1380 0 : BUG ();
1381 :
1382 14 : stats->count++;
1383 14 : stats->secret_read++;
1384 :
1385 : /* We ignore stub keys. The way we handle them in other parts
1386 : of the code is by asking the agent whether any secret key is
1387 : available for a given keyblock and then concluding that we
1388 : have a secret key; all secret (sub)keys of the keyblock the
1389 : agent does not know of are then stub keys. This works also
1390 : for card stub keys. The learn command or the card-status
1391 : command may be used to check with the agent whether a card
1392 : has been inserted and a stub key is in turn generated by the
1393 : agent. */
1394 14 : if (ski->s2k.mode == 1001 || ski->s2k.mode == 1002)
1395 : {
1396 0 : stub_key_skipped = 1;
1397 0 : continue;
1398 : }
1399 :
1400 : /* Convert our internal secret key object into an S-expression. */
1401 14 : nskey = pubkey_get_nskey (pk->pubkey_algo);
1402 14 : if (!nskey || nskey > PUBKEY_MAX_NSKEY)
1403 : {
1404 0 : err = gpg_error (GPG_ERR_BAD_SECKEY);
1405 0 : log_error ("internal error: %s\n", gpg_strerror (err));
1406 0 : goto leave;
1407 : }
1408 :
1409 14 : init_membuf (&mbuf, 50);
1410 14 : put_membuf_str (&mbuf, "(skey");
1411 14 : if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA
1412 8 : || pk->pubkey_algo == PUBKEY_ALGO_EDDSA
1413 8 : || pk->pubkey_algo == PUBKEY_ALGO_ECDH)
1414 12 : {
1415 : /* The ECC case. */
1416 12 : char *curvestr = openpgp_oid_to_str (pk->pkey[0]);
1417 12 : if (!curvestr)
1418 0 : err = gpg_error_from_syserror ();
1419 : else
1420 : {
1421 12 : const char *curvename = openpgp_oid_to_curve (curvestr, 1);
1422 12 : err = gcry_sexp_build (&curve, NULL, "(curve %s)",
1423 : curvename?curvename:curvestr);
1424 12 : xfree (curvestr);
1425 12 : if (!err)
1426 : {
1427 12 : j = 0;
1428 : /* Append the public key element Q. */
1429 12 : put_membuf_str (&mbuf, " _ %m");
1430 12 : format_args[j++] = pk->pkey + 1;
1431 :
1432 : /* Append the secret key element D. For ECDH we
1433 : skip PKEY[2] because this holds the KEK which is
1434 : not needed by gpg-agent. */
1435 12 : i = pk->pubkey_algo == PUBKEY_ALGO_ECDH? 3 : 2;
1436 12 : if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1437 12 : put_membuf_str (&mbuf, " e %m");
1438 : else
1439 0 : put_membuf_str (&mbuf, " _ %m");
1440 12 : format_args[j++] = pk->pkey + i;
1441 : }
1442 : }
1443 : }
1444 : else
1445 : {
1446 : /* Standard case for the old (non-ECC) algorithms. */
1447 11 : for (i=j=0; i < nskey; i++)
1448 : {
1449 9 : if (!pk->pkey[i])
1450 0 : continue; /* Protected keys only have NPKEY+1 elements. */
1451 :
1452 9 : if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_USER1))
1453 2 : put_membuf_str (&mbuf, " e %m");
1454 : else
1455 7 : put_membuf_str (&mbuf, " _ %m");
1456 9 : format_args[j++] = pk->pkey + i;
1457 : }
1458 : }
1459 14 : put_membuf_str (&mbuf, ")");
1460 14 : put_membuf (&mbuf, "", 1);
1461 14 : if (err)
1462 0 : xfree (get_membuf (&mbuf, NULL));
1463 : else
1464 : {
1465 14 : char *format = get_membuf (&mbuf, NULL);
1466 14 : if (!format)
1467 0 : err = gpg_error_from_syserror ();
1468 : else
1469 14 : err = gcry_sexp_build_array (&skey, NULL, format, format_args);
1470 14 : xfree (format);
1471 : }
1472 14 : if (err)
1473 : {
1474 0 : log_error ("error building skey array: %s\n", gpg_strerror (err));
1475 0 : goto leave;
1476 : }
1477 :
1478 14 : if (ski->is_protected)
1479 : {
1480 : char countbuf[35];
1481 :
1482 : /* Note that the IVLEN may be zero if we are working on a
1483 : dummy key. We can't express that in an S-expression and
1484 : thus we send dummy data for the IV. */
1485 14 : snprintf (countbuf, sizeof countbuf, "%lu",
1486 14 : (unsigned long)ski->s2k.count);
1487 84 : err = gcry_sexp_build
1488 : (&prot, NULL,
1489 : " (protection %s %s %b %d %s %b %s)\n",
1490 14 : ski->sha1chk? "sha1":"sum",
1491 14 : openpgp_cipher_algo_name (ski->algo),
1492 28 : ski->ivlen? (int)ski->ivlen:1,
1493 14 : ski->ivlen? ski->iv: (const unsigned char*)"X",
1494 : ski->s2k.mode,
1495 14 : openpgp_md_algo_name (ski->s2k.hash_algo),
1496 14 : (int)sizeof (ski->s2k.salt), ski->s2k.salt,
1497 : countbuf);
1498 : }
1499 : else
1500 0 : err = gcry_sexp_build (&prot, NULL, " (protection none)\n");
1501 :
1502 14 : tmpsexp = NULL;
1503 14 : xfree (transferkey);
1504 14 : transferkey = NULL;
1505 14 : if (!err)
1506 56 : err = gcry_sexp_build (&tmpsexp, NULL,
1507 : "(openpgp-private-key\n"
1508 : " (version %d)\n"
1509 : " (algo %s)\n"
1510 : " %S%S\n"
1511 : " (csum %d)\n"
1512 : " %S)\n",
1513 14 : pk->version,
1514 14 : openpgp_pk_algo_name (pk->pubkey_algo),
1515 : curve, skey,
1516 14 : (int)(unsigned long)ski->csum, prot);
1517 14 : gcry_sexp_release (skey);
1518 14 : gcry_sexp_release (prot);
1519 14 : if (!err)
1520 14 : err = make_canon_sexp_pad (tmpsexp, 1, &transferkey, &transferkeylen);
1521 14 : gcry_sexp_release (tmpsexp);
1522 14 : if (err)
1523 : {
1524 0 : log_error ("error building transfer key: %s\n", gpg_strerror (err));
1525 0 : goto leave;
1526 : }
1527 :
1528 : /* Wrap the key. */
1529 14 : wrappedkeylen = transferkeylen + 8;
1530 14 : xfree (wrappedkey);
1531 14 : wrappedkey = xtrymalloc (wrappedkeylen);
1532 14 : if (!wrappedkey)
1533 0 : err = gpg_error_from_syserror ();
1534 : else
1535 14 : err = gcry_cipher_encrypt (cipherhd, wrappedkey, wrappedkeylen,
1536 : transferkey, transferkeylen);
1537 14 : if (err)
1538 0 : goto leave;
1539 14 : xfree (transferkey);
1540 14 : transferkey = NULL;
1541 :
1542 : /* Send the wrapped key to the agent. */
1543 : {
1544 14 : char *desc = gpg_format_keydesc (pk, FORMAT_KEYDESC_IMPORT, 1);
1545 14 : err = agent_import_key (ctrl, desc, &cache_nonce,
1546 : wrappedkey, wrappedkeylen, batch);
1547 14 : xfree (desc);
1548 : }
1549 14 : if (!err)
1550 : {
1551 12 : if (opt.verbose)
1552 0 : log_info (_("key %s: secret key imported\n"),
1553 : keystr_from_pk_with_sub (main_pk, pk));
1554 12 : stats->secret_imported++;
1555 : }
1556 2 : else if ( gpg_err_code (err) == GPG_ERR_EEXIST )
1557 : {
1558 2 : if (opt.verbose)
1559 0 : log_info (_("key %s: secret key already exists\n"),
1560 : keystr_from_pk_with_sub (main_pk, pk));
1561 2 : err = 0;
1562 2 : stats->secret_dups++;
1563 : }
1564 : else
1565 : {
1566 0 : log_error (_("key %s: error sending to agent: %s\n"),
1567 : keystr_from_pk_with_sub (main_pk, pk),
1568 : gpg_strerror (err));
1569 0 : if (gpg_err_code (err) == GPG_ERR_CANCELED
1570 0 : || gpg_err_code (err) == GPG_ERR_FULLY_CANCELED)
1571 : break; /* Don't try the other subkeys. */
1572 : }
1573 : }
1574 :
1575 7 : if (!err && stub_key_skipped)
1576 : /* We need to notify user how to migrate stub keys. */
1577 0 : err = gpg_error (GPG_ERR_NOT_PROCESSED);
1578 :
1579 : leave:
1580 7 : gcry_sexp_release (curve);
1581 7 : xfree (cache_nonce);
1582 7 : xfree (wrappedkey);
1583 7 : xfree (transferkey);
1584 7 : gcry_cipher_close (cipherhd);
1585 7 : xfree (kek);
1586 7 : return err;
1587 : }
1588 :
1589 :
1590 : /* Walk a secret keyblock and produce a public keyblock out of it.
1591 : Returns a new node or NULL on error. */
1592 : static kbnode_t
1593 7 : sec_to_pub_keyblock (kbnode_t sec_keyblock)
1594 : {
1595 7 : kbnode_t pub_keyblock = NULL;
1596 7 : kbnode_t ctx = NULL;
1597 : kbnode_t secnode, pubnode;
1598 :
1599 45 : while ((secnode = walk_kbnode (sec_keyblock, &ctx, 0)))
1600 : {
1601 31 : if (secnode->pkt->pkttype == PKT_SECRET_KEY
1602 24 : || secnode->pkt->pkttype == PKT_SECRET_SUBKEY)
1603 14 : {
1604 : /* Make a public key. */
1605 : PACKET *pkt;
1606 : PKT_public_key *pk;
1607 :
1608 14 : pkt = xtrycalloc (1, sizeof *pkt);
1609 14 : pk = pkt? copy_public_key (NULL, secnode->pkt->pkt.public_key): NULL;
1610 14 : if (!pk)
1611 : {
1612 0 : xfree (pkt);
1613 0 : release_kbnode (pub_keyblock);
1614 0 : return NULL;
1615 : }
1616 14 : if (secnode->pkt->pkttype == PKT_SECRET_KEY)
1617 7 : pkt->pkttype = PKT_PUBLIC_KEY;
1618 : else
1619 7 : pkt->pkttype = PKT_PUBLIC_SUBKEY;
1620 14 : pkt->pkt.public_key = pk;
1621 :
1622 14 : pubnode = new_kbnode (pkt);
1623 : }
1624 : else
1625 : {
1626 17 : pubnode = clone_kbnode (secnode);
1627 : }
1628 :
1629 31 : if (!pub_keyblock)
1630 7 : pub_keyblock = pubnode;
1631 : else
1632 24 : add_kbnode (pub_keyblock, pubnode);
1633 : }
1634 :
1635 7 : return pub_keyblock;
1636 : }
1637 :
1638 : /****************
1639 : * Ditto for secret keys. Handling is simpler than for public keys.
1640 : * We allow secret key importing only when allow is true, this is so
1641 : * that a secret key can not be imported accidently and thereby tampering
1642 : * with the trust calculation.
1643 : */
1644 : static int
1645 7 : import_secret_one (ctrl_t ctrl, const char *fname, kbnode_t keyblock,
1646 : struct stats_s *stats, int batch, unsigned int options,
1647 : int for_migration,
1648 : import_screener_t screener, void *screener_arg)
1649 : {
1650 : PKT_public_key *pk;
1651 : struct seckey_info *ski;
1652 : kbnode_t node, uidnode;
1653 : u32 keyid[2];
1654 7 : int rc = 0;
1655 : int nr_prev;
1656 : kbnode_t pub_keyblock;
1657 : char pkstrbuf[PUBKEY_STRING_SIZE];
1658 :
1659 : /* Get the key and print some info about it */
1660 7 : node = find_kbnode (keyblock, PKT_SECRET_KEY);
1661 7 : if (!node)
1662 0 : BUG ();
1663 :
1664 7 : pk = node->pkt->pkt.public_key;
1665 :
1666 7 : keyid_from_pk (pk, keyid);
1667 7 : uidnode = find_next_kbnode (keyblock, PKT_USER_ID);
1668 :
1669 7 : if (screener && screener (keyblock, screener_arg))
1670 : {
1671 0 : log_error (_("secret key %s: %s\n"), keystr_from_pk (pk),
1672 : _("rejected by import screener"));
1673 0 : return 0;
1674 : }
1675 :
1676 7 : if (opt.verbose && !for_migration)
1677 : {
1678 0 : log_info ("sec %s/%s %s ",
1679 : pubkey_string (pk, pkstrbuf, sizeof pkstrbuf),
1680 : keystr_from_pk (pk), datestr_from_pk (pk));
1681 0 : if (uidnode)
1682 0 : print_utf8_buffer (log_get_stream (), uidnode->pkt->pkt.user_id->name,
1683 0 : uidnode->pkt->pkt.user_id->len);
1684 0 : log_printf ("\n");
1685 : }
1686 7 : stats->secret_read++;
1687 :
1688 7 : if ((options & IMPORT_NO_SECKEY))
1689 : {
1690 0 : if (!for_migration)
1691 0 : log_error (_("importing secret keys not allowed\n"));
1692 0 : return 0;
1693 : }
1694 :
1695 7 : if (!uidnode)
1696 : {
1697 0 : if (!for_migration)
1698 0 : log_error( _("key %s: no user ID\n"), keystr_from_pk (pk));
1699 0 : return 0;
1700 : }
1701 :
1702 7 : ski = pk->seckey_info;
1703 7 : if (!ski)
1704 : {
1705 : /* Actually an internal error. */
1706 0 : log_error ("key %s: secret key info missing\n", keystr_from_pk (pk));
1707 0 : return 0;
1708 : }
1709 :
1710 : /* A quick check to not import keys with an invalid protection
1711 : cipher algorithm (only checks the primary key, though). */
1712 7 : if (ski->algo > 110)
1713 : {
1714 0 : if (!for_migration)
1715 0 : log_error (_("key %s: secret key with invalid cipher %d"
1716 0 : " - skipped\n"), keystr_from_pk (pk), ski->algo);
1717 0 : return 0;
1718 : }
1719 :
1720 : #ifdef ENABLE_SELINUX_HACKS
1721 : if (1)
1722 : {
1723 : /* We don't allow to import secret keys because that may be used
1724 : to put a secret key into the keyring and the user might later
1725 : be tricked into signing stuff with that key. */
1726 : log_error (_("importing secret keys not allowed\n"));
1727 : return 0;
1728 : }
1729 : #endif
1730 :
1731 7 : clear_kbnode_flags (keyblock);
1732 :
1733 7 : nr_prev = stats->skipped_new_keys;
1734 :
1735 : /* Make a public key out of the key. */
1736 7 : pub_keyblock = sec_to_pub_keyblock (keyblock);
1737 7 : if (!pub_keyblock)
1738 0 : log_error ("key %s: failed to create public key from secret key\n",
1739 : keystr_from_pk (pk));
1740 : else
1741 : {
1742 : /* Note that this outputs an IMPORT_OK status message for the
1743 : public key block, and below we will output another one for
1744 : the secret keys. FIXME? */
1745 7 : import_one (ctrl, fname, pub_keyblock, stats,
1746 : NULL, NULL, options, 1, for_migration,
1747 : screener, screener_arg);
1748 :
1749 : /* Fixme: We should check for an invalid keyblock and
1750 : cancel the secret key import in this case. */
1751 7 : release_kbnode (pub_keyblock);
1752 :
1753 : /* At least we cancel the secret key import when the public key
1754 : import was skipped due to MERGE_ONLY option and a new
1755 : key. */
1756 7 : if (stats->skipped_new_keys <= nr_prev)
1757 : {
1758 : /* Read the keyblock again to get the effects of a merge. */
1759 : /* Fixme: we should do this based on the fingerprint or
1760 : even better let import_one return the merged
1761 : keyblock. */
1762 7 : node = get_pubkeyblock (keyid);
1763 7 : if (!node)
1764 0 : log_error ("key %s: failed to re-lookup public key\n",
1765 : keystr_from_pk (pk));
1766 : else
1767 : {
1768 : gpg_error_t err;
1769 :
1770 7 : nr_prev = stats->secret_imported;
1771 7 : err = transfer_secret_keys (ctrl, stats, keyblock, batch);
1772 7 : if (gpg_err_code (err) == GPG_ERR_NOT_PROCESSED)
1773 : {
1774 : /* TRANSLATORS: For smartcard, each private key on
1775 : host has a reference (stub) to a smartcard and
1776 : actual private key data is stored on the card. A
1777 : single smartcard can have up to three private key
1778 : data. Importing private key stub is always
1779 : skipped in 2.1, and it returns
1780 : GPG_ERR_NOT_PROCESSED. Instead, user should be
1781 : suggested to run 'gpg --card-status', then,
1782 : references to a card will be automatically
1783 : created again. */
1784 0 : log_info (_("To migrate '%s', with each smartcard, "
1785 : "run: %s\n"), "secring.gpg", "gpg --card-status");
1786 0 : err = 0;
1787 : }
1788 7 : if (!err)
1789 : {
1790 7 : int status = 16;
1791 7 : if (!opt.quiet)
1792 7 : log_info (_("key %s: secret key imported\n"),
1793 : keystr_from_pk (pk));
1794 7 : if (stats->secret_imported > nr_prev)
1795 6 : status |= 1;
1796 7 : if (is_status_enabled ())
1797 0 : print_import_ok (pk, status);
1798 7 : check_prefs (ctrl, node);
1799 : }
1800 7 : release_kbnode (node);
1801 : }
1802 : }
1803 : }
1804 :
1805 7 : return rc;
1806 : }
1807 :
1808 :
1809 : /****************
1810 : * Import a revocation certificate; this is a single signature packet.
1811 : */
1812 : static int
1813 0 : import_revoke_cert( const char *fname, kbnode_t node, struct stats_s *stats )
1814 : {
1815 0 : PKT_public_key *pk = NULL;
1816 : kbnode_t onode;
1817 0 : kbnode_t keyblock = NULL;
1818 0 : KEYDB_HANDLE hd = NULL;
1819 : u32 keyid[2];
1820 0 : int rc = 0;
1821 :
1822 : (void)fname;
1823 :
1824 0 : assert( !node->next );
1825 0 : assert( node->pkt->pkttype == PKT_SIGNATURE );
1826 0 : assert( node->pkt->pkt.signature->sig_class == 0x20 );
1827 :
1828 0 : keyid[0] = node->pkt->pkt.signature->keyid[0];
1829 0 : keyid[1] = node->pkt->pkt.signature->keyid[1];
1830 :
1831 0 : pk = xmalloc_clear( sizeof *pk );
1832 0 : rc = get_pubkey( pk, keyid );
1833 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY )
1834 : {
1835 0 : log_error(_("key %s: no public key -"
1836 : " can't apply revocation certificate\n"), keystr(keyid));
1837 0 : rc = 0;
1838 0 : goto leave;
1839 : }
1840 0 : else if (rc )
1841 : {
1842 0 : log_error(_("key %s: public key not found: %s\n"),
1843 : keystr(keyid), gpg_strerror (rc));
1844 0 : goto leave;
1845 : }
1846 :
1847 : /* Read the original keyblock. */
1848 0 : hd = keydb_new ();
1849 : {
1850 : byte afp[MAX_FINGERPRINT_LEN];
1851 : size_t an;
1852 :
1853 0 : fingerprint_from_pk (pk, afp, &an);
1854 0 : while (an < MAX_FINGERPRINT_LEN)
1855 0 : afp[an++] = 0;
1856 0 : rc = keydb_search_fpr (hd, afp);
1857 : }
1858 0 : if (rc)
1859 : {
1860 0 : log_error (_("key %s: can't locate original keyblock: %s\n"),
1861 : keystr(keyid), gpg_strerror (rc));
1862 0 : goto leave;
1863 : }
1864 0 : rc = keydb_get_keyblock (hd, &keyblock );
1865 0 : if (rc)
1866 : {
1867 0 : log_error (_("key %s: can't read original keyblock: %s\n"),
1868 : keystr(keyid), gpg_strerror (rc));
1869 0 : goto leave;
1870 : }
1871 :
1872 : /* it is okay, that node is not in keyblock because
1873 : * check_key_signature works fine for sig_class 0x20 in this
1874 : * special case. */
1875 0 : rc = check_key_signature( keyblock, node, NULL);
1876 0 : if (rc )
1877 : {
1878 0 : log_error( _("key %s: invalid revocation certificate"
1879 : ": %s - rejected\n"), keystr(keyid), gpg_strerror (rc));
1880 0 : goto leave;
1881 : }
1882 :
1883 : /* check whether we already have this */
1884 0 : for(onode=keyblock->next; onode; onode=onode->next ) {
1885 0 : if (onode->pkt->pkttype == PKT_USER_ID )
1886 0 : break;
1887 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
1888 0 : && !cmp_signatures(node->pkt->pkt.signature,
1889 0 : onode->pkt->pkt.signature))
1890 : {
1891 0 : rc = 0;
1892 0 : goto leave; /* yes, we already know about it */
1893 : }
1894 : }
1895 :
1896 : /* insert it */
1897 0 : insert_kbnode( keyblock, clone_kbnode(node), 0 );
1898 :
1899 : /* and write the keyblock back */
1900 0 : rc = keydb_update_keyblock (hd, keyblock );
1901 0 : if (rc)
1902 0 : log_error (_("error writing keyring '%s': %s\n"),
1903 : keydb_get_resource_name (hd), gpg_strerror (rc) );
1904 0 : keydb_release (hd);
1905 0 : hd = NULL;
1906 :
1907 : /* we are ready */
1908 0 : if (!opt.quiet )
1909 : {
1910 0 : char *p=get_user_id_native (keyid);
1911 0 : log_info( _("key %s: \"%s\" revocation certificate imported\n"),
1912 : keystr(keyid),p);
1913 0 : xfree(p);
1914 : }
1915 0 : stats->n_revoc++;
1916 :
1917 : /* If the key we just revoked was ultimately trusted, remove its
1918 : ultimate trust. This doesn't stop the user from putting the
1919 : ultimate trust back, but is a reasonable solution for now. */
1920 0 : if(get_ownertrust(pk)==TRUST_ULTIMATE)
1921 0 : clear_ownertrusts(pk);
1922 :
1923 0 : revalidation_mark ();
1924 :
1925 : leave:
1926 0 : keydb_release (hd);
1927 0 : release_kbnode( keyblock );
1928 0 : free_public_key( pk );
1929 0 : return rc;
1930 : }
1931 :
1932 :
1933 : /*
1934 : * Loop over the keyblock and check all self signatures.
1935 : * Mark all user-ids with a self-signature by setting flag bit 0.
1936 : * Mark all user-ids with an invalid self-signature by setting bit 1.
1937 : * This works also for subkeys, here the subkey is marked. Invalid or
1938 : * extra subkey sigs (binding or revocation) are marked for deletion.
1939 : * non_self is set to true if there are any sigs other than self-sigs
1940 : * in this keyblock.
1941 : */
1942 : static int
1943 88 : chk_self_sigs (const char *fname, kbnode_t keyblock,
1944 : PKT_public_key *pk, u32 *keyid, int *non_self )
1945 : {
1946 88 : kbnode_t n, knode = NULL;
1947 : PKT_signature *sig;
1948 : int rc;
1949 88 : u32 bsdate=0, rsdate=0;
1950 88 : kbnode_t bsnode = NULL, rsnode = NULL;
1951 :
1952 : (void)fname;
1953 : (void)pk;
1954 :
1955 685 : for (n=keyblock; (n = find_next_kbnode (n, 0)); )
1956 : {
1957 509 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY)
1958 : {
1959 77 : knode = n;
1960 77 : bsdate = 0;
1961 77 : rsdate = 0;
1962 77 : bsnode = NULL;
1963 77 : rsnode = NULL;
1964 77 : continue;
1965 : }
1966 :
1967 432 : if ( n->pkt->pkttype != PKT_SIGNATURE )
1968 108 : continue;
1969 :
1970 324 : sig = n->pkt->pkt.signature;
1971 324 : if ( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
1972 : {
1973 136 : *non_self = 1;
1974 136 : continue;
1975 : }
1976 :
1977 : /* This just caches the sigs for later use. That way we
1978 : import a fully-cached key which speeds things up. */
1979 188 : if (!opt.no_sig_cache)
1980 188 : check_key_signature (keyblock, n, NULL);
1981 :
1982 188 : if ( IS_UID_SIG(sig) || IS_UID_REV(sig) )
1983 112 : {
1984 112 : kbnode_t unode = find_prev_kbnode( keyblock, n, PKT_USER_ID );
1985 112 : if ( !unode )
1986 : {
1987 0 : log_error( _("key %s: no user ID for signature\n"),
1988 : keystr(keyid));
1989 0 : return -1; /* The complete keyblock is invalid. */
1990 : }
1991 :
1992 : /* If it hasn't been marked valid yet, keep trying. */
1993 112 : if (!(unode->flag&1))
1994 : {
1995 104 : rc = check_key_signature (keyblock, n, NULL);
1996 104 : if ( rc )
1997 : {
1998 0 : if ( opt.verbose )
1999 : {
2000 0 : char *p = utf8_to_native
2001 0 : (unode->pkt->pkt.user_id->name,
2002 0 : strlen (unode->pkt->pkt.user_id->name),0);
2003 0 : log_info (gpg_err_code(rc) == GPG_ERR_PUBKEY_ALGO ?
2004 : _("key %s: unsupported public key "
2005 : "algorithm on user ID \"%s\"\n"):
2006 : _("key %s: invalid self-signature "
2007 : "on user ID \"%s\"\n"),
2008 : keystr (keyid),p);
2009 0 : xfree (p);
2010 : }
2011 : }
2012 : else
2013 104 : unode->flag |= 1; /* Mark that signature checked. */
2014 : }
2015 : }
2016 76 : else if (IS_KEY_SIG (sig))
2017 : {
2018 2 : rc = check_key_signature (keyblock, n, NULL);
2019 2 : if ( rc )
2020 : {
2021 1 : if (opt.verbose)
2022 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2023 : _("key %s: unsupported public key algorithm\n"):
2024 : _("key %s: invalid direct key signature\n"),
2025 : keystr (keyid));
2026 1 : n->flag |= 4;
2027 : }
2028 : }
2029 74 : else if ( IS_SUBKEY_SIG (sig) )
2030 : {
2031 : /* Note that this works based solely on the timestamps like
2032 : the rest of gpg. If the standard gets revocation
2033 : targets, this may need to be revised. */
2034 :
2035 74 : if ( !knode )
2036 : {
2037 0 : if (opt.verbose)
2038 0 : log_info (_("key %s: no subkey for key binding\n"),
2039 : keystr (keyid));
2040 0 : n->flag |= 4; /* delete this */
2041 : }
2042 : else
2043 : {
2044 74 : rc = check_key_signature (keyblock, n, NULL);
2045 74 : if ( rc )
2046 : {
2047 0 : if (opt.verbose)
2048 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2049 : _("key %s: unsupported public key"
2050 : " algorithm\n"):
2051 : _("key %s: invalid subkey binding\n"),
2052 : keystr (keyid));
2053 0 : n->flag |= 4;
2054 : }
2055 : else
2056 : {
2057 : /* It's valid, so is it newer? */
2058 74 : if (sig->timestamp >= bsdate)
2059 : {
2060 74 : knode->flag |= 1; /* The subkey is valid. */
2061 74 : if (bsnode)
2062 : {
2063 : /* Delete the last binding sig since this
2064 : one is newer */
2065 1 : bsnode->flag |= 4;
2066 1 : if (opt.verbose)
2067 0 : log_info (_("key %s: removed multiple subkey"
2068 : " binding\n"),keystr(keyid));
2069 : }
2070 :
2071 74 : bsnode = n;
2072 74 : bsdate = sig->timestamp;
2073 : }
2074 : else
2075 0 : n->flag |= 4; /* older */
2076 : }
2077 : }
2078 : }
2079 0 : else if ( IS_SUBKEY_REV (sig) )
2080 : {
2081 : /* We don't actually mark the subkey as revoked right now,
2082 : so just check that the revocation sig is the most recent
2083 : valid one. Note that we don't care if the binding sig is
2084 : newer than the revocation sig. See the comment in
2085 : getkey.c:merge_selfsigs_subkey for more. */
2086 0 : if ( !knode )
2087 : {
2088 0 : if (opt.verbose)
2089 0 : log_info (_("key %s: no subkey for key revocation\n"),
2090 : keystr(keyid));
2091 0 : n->flag |= 4; /* delete this */
2092 : }
2093 : else
2094 : {
2095 0 : rc = check_key_signature (keyblock, n, NULL);
2096 0 : if ( rc )
2097 : {
2098 0 : if(opt.verbose)
2099 0 : log_info (gpg_err_code (rc) == GPG_ERR_PUBKEY_ALGO ?
2100 : _("key %s: unsupported public"
2101 : " key algorithm\n"):
2102 : _("key %s: invalid subkey revocation\n"),
2103 : keystr(keyid));
2104 0 : n->flag |= 4;
2105 : }
2106 : else
2107 : {
2108 : /* It's valid, so is it newer? */
2109 0 : if (sig->timestamp >= rsdate)
2110 : {
2111 0 : if (rsnode)
2112 : {
2113 : /* Delete the last revocation sig since
2114 : this one is newer. */
2115 0 : rsnode->flag |= 4;
2116 0 : if (opt.verbose)
2117 0 : log_info (_("key %s: removed multiple subkey"
2118 : " revocation\n"),keystr(keyid));
2119 : }
2120 :
2121 0 : rsnode = n;
2122 0 : rsdate = sig->timestamp;
2123 : }
2124 : else
2125 0 : n->flag |= 4; /* older */
2126 : }
2127 : }
2128 : }
2129 : }
2130 :
2131 88 : return 0;
2132 : }
2133 :
2134 :
2135 : /****************
2136 : * delete all parts which are invalid and those signatures whose
2137 : * public key algorithm is not available in this implemenation;
2138 : * but consider RSA as valid, because parse/build_packets knows
2139 : * about it.
2140 : * returns: true if at least one valid user-id is left over.
2141 : */
2142 : static int
2143 88 : delete_inv_parts( const char *fname, kbnode_t keyblock,
2144 : u32 *keyid, unsigned int options)
2145 : {
2146 : kbnode_t node;
2147 88 : int nvalid=0, uid_seen=0, subkey_seen=0;
2148 :
2149 : (void)fname;
2150 :
2151 597 : for (node=keyblock->next; node; node = node->next )
2152 : {
2153 509 : if (node->pkt->pkttype == PKT_USER_ID)
2154 : {
2155 108 : uid_seen = 1;
2156 108 : if ((node->flag & 2) || !(node->flag & 1) )
2157 : {
2158 0 : if (opt.verbose )
2159 : {
2160 0 : char *p=utf8_to_native(node->pkt->pkt.user_id->name,
2161 0 : node->pkt->pkt.user_id->len,0);
2162 0 : log_info( _("key %s: skipped user ID \"%s\"\n"),
2163 : keystr(keyid),p);
2164 0 : xfree(p);
2165 : }
2166 0 : delete_kbnode( node ); /* the user-id */
2167 : /* and all following packets up to the next user-id */
2168 0 : while (node->next
2169 0 : && node->next->pkt->pkttype != PKT_USER_ID
2170 0 : && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
2171 0 : && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
2172 0 : delete_kbnode( node->next );
2173 0 : node = node->next;
2174 : }
2175 : }
2176 : else
2177 108 : nvalid++;
2178 : }
2179 401 : else if ( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2180 324 : || node->pkt->pkttype == PKT_SECRET_SUBKEY )
2181 : {
2182 158 : if ((node->flag & 2) || !(node->flag & 1) )
2183 : {
2184 4 : if (opt.verbose )
2185 0 : log_info( _("key %s: skipped subkey\n"),keystr(keyid));
2186 :
2187 4 : delete_kbnode( node ); /* the subkey */
2188 : /* and all following signature packets */
2189 8 : while (node->next
2190 0 : && node->next->pkt->pkttype == PKT_SIGNATURE ) {
2191 0 : delete_kbnode( node->next );
2192 0 : node = node->next;
2193 : }
2194 : }
2195 : else
2196 73 : subkey_seen = 1;
2197 : }
2198 324 : else if (node->pkt->pkttype == PKT_SIGNATURE
2199 324 : && openpgp_pk_test_algo (node->pkt->pkt.signature->pubkey_algo)
2200 0 : && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA )
2201 : {
2202 0 : delete_kbnode( node ); /* build_packet() can't handle this */
2203 : }
2204 324 : else if (node->pkt->pkttype == PKT_SIGNATURE
2205 324 : && !node->pkt->pkt.signature->flags.exportable
2206 0 : && !(options&IMPORT_LOCAL_SIGS)
2207 0 : && !have_secret_key_with_kid (node->pkt->pkt.signature->keyid))
2208 : {
2209 : /* here we violate the rfc a bit by still allowing
2210 : * to import non-exportable signature when we have the
2211 : * the secret key used to create this signature - it
2212 : * seems that this makes sense */
2213 0 : if(opt.verbose)
2214 0 : log_info( _("key %s: non exportable signature"
2215 : " (class 0x%02X) - skipped\n"),
2216 0 : keystr(keyid), node->pkt->pkt.signature->sig_class );
2217 0 : delete_kbnode( node );
2218 : }
2219 324 : else if (node->pkt->pkttype == PKT_SIGNATURE
2220 324 : && node->pkt->pkt.signature->sig_class == 0x20)
2221 : {
2222 0 : if (uid_seen )
2223 : {
2224 0 : if(opt.verbose)
2225 0 : log_info( _("key %s: revocation certificate"
2226 : " at wrong place - skipped\n"),keystr(keyid));
2227 0 : delete_kbnode( node );
2228 : }
2229 : else
2230 : {
2231 : /* If the revocation cert is from a different key than
2232 : the one we're working on don't check it - it's
2233 : probably from a revocation key and won't be
2234 : verifiable with this key anyway. */
2235 :
2236 0 : if(node->pkt->pkt.signature->keyid[0]==keyid[0]
2237 0 : && node->pkt->pkt.signature->keyid[1]==keyid[1])
2238 : {
2239 0 : int rc = check_key_signature( keyblock, node, NULL);
2240 0 : if (rc )
2241 : {
2242 0 : if(opt.verbose)
2243 0 : log_info( _("key %s: invalid revocation"
2244 : " certificate: %s - skipped\n"),
2245 : keystr(keyid), gpg_strerror (rc));
2246 0 : delete_kbnode( node );
2247 : }
2248 : }
2249 : }
2250 : }
2251 324 : else if (node->pkt->pkttype == PKT_SIGNATURE
2252 324 : && (node->pkt->pkt.signature->sig_class == 0x18
2253 250 : || node->pkt->pkt.signature->sig_class == 0x28)
2254 74 : && !subkey_seen )
2255 : {
2256 0 : if(opt.verbose)
2257 0 : log_info( _("key %s: subkey signature"
2258 : " in wrong place - skipped\n"), keystr(keyid));
2259 0 : delete_kbnode( node );
2260 : }
2261 324 : else if (node->pkt->pkttype == PKT_SIGNATURE
2262 324 : && !IS_CERT(node->pkt->pkt.signature))
2263 : {
2264 0 : if(opt.verbose)
2265 0 : log_info(_("key %s: unexpected signature class (0x%02X) -"
2266 : " skipped\n"),keystr(keyid),
2267 0 : node->pkt->pkt.signature->sig_class);
2268 0 : delete_kbnode(node);
2269 : }
2270 324 : else if ((node->flag & 4) ) /* marked for deletion */
2271 2 : delete_kbnode( node );
2272 : }
2273 :
2274 : /* note: because keyblock is the public key, it is never marked
2275 : * for deletion and so keyblock cannot change */
2276 88 : commit_kbnode( &keyblock );
2277 88 : return nvalid;
2278 : }
2279 :
2280 :
2281 : /****************
2282 : * It may happen that the imported keyblock has duplicated user IDs.
2283 : * We check this here and collapse those user IDs together with their
2284 : * sigs into one.
2285 : * Returns: True if the keyblock has changed.
2286 : */
2287 : int
2288 88 : collapse_uids( kbnode_t *keyblock )
2289 : {
2290 : kbnode_t uid1;
2291 88 : int any=0;
2292 :
2293 743 : for(uid1=*keyblock;uid1;uid1=uid1->next)
2294 : {
2295 : kbnode_t uid2;
2296 :
2297 655 : if(is_deleted_kbnode(uid1))
2298 58 : continue;
2299 :
2300 597 : if(uid1->pkt->pkttype!=PKT_USER_ID)
2301 489 : continue;
2302 :
2303 978 : for(uid2=uid1->next;uid2;uid2=uid2->next)
2304 : {
2305 870 : if(is_deleted_kbnode(uid2))
2306 54 : continue;
2307 :
2308 816 : if(uid2->pkt->pkttype!=PKT_USER_ID)
2309 775 : continue;
2310 :
2311 41 : if(cmp_user_ids(uid1->pkt->pkt.user_id,
2312 41 : uid2->pkt->pkt.user_id)==0)
2313 : {
2314 : /* We have a duplicated uid */
2315 : kbnode_t sig1,last;
2316 :
2317 4 : any=1;
2318 :
2319 : /* Now take uid2's signatures, and attach them to
2320 : uid1 */
2321 56 : for(last=uid2;last->next;last=last->next)
2322 : {
2323 56 : if(is_deleted_kbnode(last))
2324 0 : continue;
2325 :
2326 56 : if(last->next->pkt->pkttype==PKT_USER_ID
2327 54 : || last->next->pkt->pkttype==PKT_PUBLIC_SUBKEY
2328 52 : || last->next->pkt->pkttype==PKT_SECRET_SUBKEY)
2329 : break;
2330 : }
2331 :
2332 : /* Snip out uid2 */
2333 4 : (find_prev_kbnode(*keyblock,uid2,0))->next=last->next;
2334 :
2335 : /* Now put uid2 in place as part of uid1 */
2336 4 : last->next=uid1->next;
2337 4 : uid1->next=uid2;
2338 4 : delete_kbnode(uid2);
2339 :
2340 : /* Now dedupe uid1 */
2341 165 : for(sig1=uid1->next;sig1;sig1=sig1->next)
2342 : {
2343 : kbnode_t sig2;
2344 :
2345 165 : if(is_deleted_kbnode(sig1))
2346 58 : continue;
2347 :
2348 107 : if(sig1->pkt->pkttype==PKT_USER_ID
2349 104 : || sig1->pkt->pkttype==PKT_PUBLIC_SUBKEY
2350 103 : || sig1->pkt->pkttype==PKT_SECRET_SUBKEY)
2351 : break;
2352 :
2353 103 : if(sig1->pkt->pkttype!=PKT_SIGNATURE)
2354 0 : continue;
2355 :
2356 4161 : for(sig2=sig1->next,last=sig1;sig2;last=sig2,sig2=sig2->next)
2357 : {
2358 4161 : if(is_deleted_kbnode(sig2))
2359 1454 : continue;
2360 :
2361 2707 : if(sig2->pkt->pkttype==PKT_USER_ID
2362 2648 : || sig2->pkt->pkttype==PKT_PUBLIC_SUBKEY
2363 2604 : || sig2->pkt->pkttype==PKT_SECRET_SUBKEY)
2364 : break;
2365 :
2366 2604 : if(sig2->pkt->pkttype!=PKT_SIGNATURE)
2367 0 : continue;
2368 :
2369 2604 : if(cmp_signatures(sig1->pkt->pkt.signature,
2370 2604 : sig2->pkt->pkt.signature)==0)
2371 : {
2372 : /* We have a match, so delete the second
2373 : signature */
2374 54 : delete_kbnode(sig2);
2375 54 : sig2=last;
2376 : }
2377 : }
2378 : }
2379 : }
2380 : }
2381 : }
2382 :
2383 88 : commit_kbnode(keyblock);
2384 :
2385 88 : if(any && !opt.quiet)
2386 : {
2387 2 : const char *key="???";
2388 :
2389 2 : if ((uid1 = find_kbnode (*keyblock, PKT_PUBLIC_KEY)) )
2390 2 : key = keystr_from_pk (uid1->pkt->pkt.public_key);
2391 0 : else if ((uid1 = find_kbnode( *keyblock, PKT_SECRET_KEY)) )
2392 0 : key = keystr_from_pk (uid1->pkt->pkt.public_key);
2393 :
2394 2 : log_info (_("key %s: duplicated user ID detected - merged\n"), key);
2395 : }
2396 :
2397 88 : return any;
2398 : }
2399 :
2400 :
2401 : /* Check for a 0x20 revocation from a revocation key that is not
2402 : present. This may be called without the benefit of merge_xxxx so
2403 : you can't rely on pk->revkey and friends. */
2404 : static void
2405 59 : revocation_present (ctrl_t ctrl, kbnode_t keyblock)
2406 : {
2407 : kbnode_t onode, inode;
2408 59 : PKT_public_key *pk = keyblock->pkt->pkt.public_key;
2409 :
2410 60 : for(onode=keyblock->next;onode;onode=onode->next)
2411 : {
2412 : /* If we reach user IDs, we're done. */
2413 60 : if(onode->pkt->pkttype==PKT_USER_ID)
2414 59 : break;
2415 :
2416 2 : if(onode->pkt->pkttype==PKT_SIGNATURE &&
2417 2 : onode->pkt->pkt.signature->sig_class==0x1F &&
2418 1 : onode->pkt->pkt.signature->revkey)
2419 : {
2420 : int idx;
2421 1 : PKT_signature *sig=onode->pkt->pkt.signature;
2422 :
2423 2 : for(idx=0;idx<sig->numrevkeys;idx++)
2424 : {
2425 : u32 keyid[2];
2426 :
2427 1 : keyid_from_fingerprint(sig->revkey[idx].fpr,
2428 : MAX_FINGERPRINT_LEN,keyid);
2429 :
2430 2 : for(inode=keyblock->next;inode;inode=inode->next)
2431 : {
2432 : /* If we reach user IDs, we're done. */
2433 2 : if(inode->pkt->pkttype==PKT_USER_ID)
2434 1 : break;
2435 :
2436 2 : if(inode->pkt->pkttype==PKT_SIGNATURE &&
2437 1 : inode->pkt->pkt.signature->sig_class==0x20 &&
2438 0 : inode->pkt->pkt.signature->keyid[0]==keyid[0] &&
2439 0 : inode->pkt->pkt.signature->keyid[1]==keyid[1])
2440 : {
2441 : /* Okay, we have a revocation key, and a
2442 : revocation issued by it. Do we have the key
2443 : itself? */
2444 : int rc;
2445 :
2446 0 : rc=get_pubkey_byfprint_fast (NULL,sig->revkey[idx].fpr,
2447 : MAX_FINGERPRINT_LEN);
2448 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2449 0 : || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2450 : {
2451 0 : char *tempkeystr=xstrdup(keystr_from_pk(pk));
2452 :
2453 : /* No, so try and get it */
2454 0 : if(opt.keyserver
2455 0 : && (opt.keyserver_options.options
2456 0 : & KEYSERVER_AUTO_KEY_RETRIEVE))
2457 : {
2458 0 : log_info(_("WARNING: key %s may be revoked:"
2459 : " fetching revocation key %s\n"),
2460 : tempkeystr,keystr(keyid));
2461 0 : keyserver_import_fprint (ctrl,
2462 0 : sig->revkey[idx].fpr,
2463 : MAX_FINGERPRINT_LEN,
2464 : opt.keyserver);
2465 :
2466 : /* Do we have it now? */
2467 0 : rc=get_pubkey_byfprint_fast (NULL,
2468 0 : sig->revkey[idx].fpr,
2469 : MAX_FINGERPRINT_LEN);
2470 : }
2471 :
2472 0 : if (gpg_err_code (rc) == GPG_ERR_NO_PUBKEY
2473 0 : || gpg_err_code (rc) == GPG_ERR_UNUSABLE_PUBKEY)
2474 0 : log_info(_("WARNING: key %s may be revoked:"
2475 : " revocation key %s not present.\n"),
2476 : tempkeystr,keystr(keyid));
2477 :
2478 0 : xfree(tempkeystr);
2479 : }
2480 : }
2481 : }
2482 : }
2483 : }
2484 : }
2485 59 : }
2486 :
2487 :
2488 : /*
2489 : * compare and merge the blocks
2490 : *
2491 : * o compare the signatures: If we already have this signature, check
2492 : * that they compare okay; if not, issue a warning and ask the user.
2493 : * o Simply add the signature. Can't verify here because we may not have
2494 : * the signature's public key yet; verification is done when putting it
2495 : * into the trustdb, which is done automagically as soon as this pubkey
2496 : * is used.
2497 : * Note: We indicate newly inserted packets with flag bit 0
2498 : */
2499 : static int
2500 31 : merge_blocks (const char *fname, kbnode_t keyblock_orig, kbnode_t keyblock,
2501 : u32 *keyid, int *n_uids, int *n_sigs, int *n_subk )
2502 : {
2503 : kbnode_t onode, node;
2504 : int rc, found;
2505 :
2506 : /* 1st: handle revocation certificates */
2507 32 : for (node=keyblock->next; node; node=node->next )
2508 : {
2509 32 : if (node->pkt->pkttype == PKT_USER_ID )
2510 31 : break;
2511 1 : else if (node->pkt->pkttype == PKT_SIGNATURE
2512 1 : && node->pkt->pkt.signature->sig_class == 0x20)
2513 : {
2514 : /* check whether we already have this */
2515 0 : found = 0;
2516 0 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2517 : {
2518 0 : if (onode->pkt->pkttype == PKT_USER_ID )
2519 0 : break;
2520 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
2521 0 : && onode->pkt->pkt.signature->sig_class == 0x20
2522 0 : && !cmp_signatures(onode->pkt->pkt.signature,
2523 0 : node->pkt->pkt.signature))
2524 : {
2525 0 : found = 1;
2526 0 : break;
2527 : }
2528 : }
2529 0 : if (!found)
2530 : {
2531 0 : kbnode_t n2 = clone_kbnode(node);
2532 0 : insert_kbnode( keyblock_orig, n2, 0 );
2533 0 : n2->flag |= 1;
2534 0 : ++*n_sigs;
2535 0 : if(!opt.quiet)
2536 : {
2537 0 : char *p=get_user_id_native (keyid);
2538 0 : log_info(_("key %s: \"%s\" revocation"
2539 : " certificate added\n"), keystr(keyid),p);
2540 0 : xfree(p);
2541 : }
2542 : }
2543 : }
2544 : }
2545 :
2546 : /* 2nd: merge in any direct key (0x1F) sigs */
2547 32 : for(node=keyblock->next; node; node=node->next)
2548 : {
2549 32 : if (node->pkt->pkttype == PKT_USER_ID )
2550 31 : break;
2551 1 : else if (node->pkt->pkttype == PKT_SIGNATURE
2552 1 : && node->pkt->pkt.signature->sig_class == 0x1F)
2553 : {
2554 : /* check whether we already have this */
2555 1 : found = 0;
2556 1 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2557 : {
2558 1 : if (onode->pkt->pkttype == PKT_USER_ID)
2559 1 : break;
2560 0 : else if (onode->pkt->pkttype == PKT_SIGNATURE
2561 0 : && onode->pkt->pkt.signature->sig_class == 0x1F
2562 0 : && !cmp_signatures(onode->pkt->pkt.signature,
2563 0 : node->pkt->pkt.signature))
2564 : {
2565 0 : found = 1;
2566 0 : break;
2567 : }
2568 : }
2569 1 : if (!found )
2570 : {
2571 1 : kbnode_t n2 = clone_kbnode(node);
2572 1 : insert_kbnode( keyblock_orig, n2, 0 );
2573 1 : n2->flag |= 1;
2574 1 : ++*n_sigs;
2575 1 : if(!opt.quiet)
2576 1 : log_info( _("key %s: direct key signature added\n"),
2577 : keystr(keyid));
2578 : }
2579 : }
2580 : }
2581 :
2582 : /* 3rd: try to merge new certificates in */
2583 171 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2584 : {
2585 140 : if (!(onode->flag & 1) && onode->pkt->pkttype == PKT_USER_ID)
2586 : {
2587 : /* find the user id in the imported keyblock */
2588 62 : for (node=keyblock->next; node; node=node->next)
2589 62 : if (node->pkt->pkttype == PKT_USER_ID
2590 50 : && !cmp_user_ids( onode->pkt->pkt.user_id,
2591 50 : node->pkt->pkt.user_id ) )
2592 39 : break;
2593 39 : if (node ) /* found: merge */
2594 : {
2595 39 : rc = merge_sigs( onode, node, n_sigs, fname, keyid );
2596 39 : if (rc )
2597 0 : return rc;
2598 : }
2599 : }
2600 : }
2601 :
2602 : /* 4th: add new user-ids */
2603 164 : for (node=keyblock->next; node; node=node->next)
2604 : {
2605 133 : if (node->pkt->pkttype == PKT_USER_ID)
2606 : {
2607 : /* do we have this in the original keyblock */
2608 64 : for (onode=keyblock_orig->next; onode; onode=onode->next )
2609 64 : if (onode->pkt->pkttype == PKT_USER_ID
2610 50 : && !cmp_user_ids( onode->pkt->pkt.user_id,
2611 50 : node->pkt->pkt.user_id ) )
2612 39 : break;
2613 39 : if (!onode ) /* this is a new user id: append */
2614 : {
2615 0 : rc = append_uid( keyblock_orig, node, n_sigs, fname, keyid);
2616 0 : if (rc )
2617 0 : return rc;
2618 0 : ++*n_uids;
2619 : }
2620 : }
2621 : }
2622 :
2623 : /* 5th: add new subkeys */
2624 164 : for (node=keyblock->next; node; node=node->next)
2625 : {
2626 133 : onode = NULL;
2627 133 : if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
2628 : {
2629 : /* do we have this in the original keyblock? */
2630 101 : for(onode=keyblock_orig->next; onode; onode=onode->next)
2631 101 : if (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
2632 28 : && !cmp_public_keys( onode->pkt->pkt.public_key,
2633 28 : node->pkt->pkt.public_key))
2634 28 : break;
2635 28 : if (!onode ) /* This is a new subkey: append. */
2636 : {
2637 0 : rc = append_key (keyblock_orig, node, n_sigs, fname, keyid);
2638 0 : if (rc)
2639 0 : return rc;
2640 0 : ++*n_subk;
2641 : }
2642 : }
2643 105 : else if (node->pkt->pkttype == PKT_SECRET_SUBKEY)
2644 : {
2645 : /* do we have this in the original keyblock? */
2646 0 : for (onode=keyblock_orig->next; onode; onode=onode->next )
2647 0 : if (onode->pkt->pkttype == PKT_SECRET_SUBKEY
2648 0 : && !cmp_public_keys (onode->pkt->pkt.public_key,
2649 0 : node->pkt->pkt.public_key) )
2650 0 : break;
2651 0 : if (!onode ) /* This is a new subkey: append. */
2652 : {
2653 0 : rc = append_key (keyblock_orig, node, n_sigs, fname, keyid);
2654 0 : if (rc )
2655 0 : return rc;
2656 0 : ++*n_subk;
2657 : }
2658 : }
2659 : }
2660 :
2661 : /* 6th: merge subkey certificates */
2662 171 : for (onode=keyblock_orig->next; onode; onode=onode->next)
2663 : {
2664 140 : if (!(onode->flag & 1)
2665 138 : && (onode->pkt->pkttype == PKT_PUBLIC_SUBKEY
2666 108 : || onode->pkt->pkttype == PKT_SECRET_SUBKEY))
2667 : {
2668 : /* find the subkey in the imported keyblock */
2669 104 : for(node=keyblock->next; node; node=node->next)
2670 : {
2671 102 : if ((node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2672 74 : || node->pkt->pkttype == PKT_SECRET_SUBKEY)
2673 28 : && !cmp_public_keys( onode->pkt->pkt.public_key,
2674 28 : node->pkt->pkt.public_key ) )
2675 28 : break;
2676 : }
2677 30 : if (node) /* Found: merge. */
2678 : {
2679 28 : rc = merge_keysigs( onode, node, n_sigs, fname, keyid );
2680 28 : if (rc )
2681 0 : return rc;
2682 : }
2683 : }
2684 : }
2685 :
2686 31 : return 0;
2687 : }
2688 :
2689 :
2690 : /*
2691 : * Append the userid starting with NODE and all signatures to KEYBLOCK.
2692 : */
2693 : static int
2694 0 : append_uid (kbnode_t keyblock, kbnode_t node, int *n_sigs,
2695 : const char *fname, u32 *keyid )
2696 : {
2697 : kbnode_t n;
2698 0 : kbnode_t n_where = NULL;
2699 :
2700 : (void)fname;
2701 : (void)keyid;
2702 :
2703 0 : assert(node->pkt->pkttype == PKT_USER_ID );
2704 :
2705 : /* find the position */
2706 0 : for (n = keyblock; n; n_where = n, n = n->next)
2707 : {
2708 0 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
2709 0 : || n->pkt->pkttype == PKT_SECRET_SUBKEY )
2710 : break;
2711 : }
2712 0 : if (!n)
2713 0 : n_where = NULL;
2714 :
2715 : /* and append/insert */
2716 0 : while (node)
2717 : {
2718 : /* we add a clone to the original keyblock, because this
2719 : * one is released first */
2720 0 : n = clone_kbnode(node);
2721 0 : if (n_where)
2722 : {
2723 0 : insert_kbnode( n_where, n, 0 );
2724 0 : n_where = n;
2725 : }
2726 : else
2727 0 : add_kbnode( keyblock, n );
2728 0 : n->flag |= 1;
2729 0 : node->flag |= 1;
2730 0 : if (n->pkt->pkttype == PKT_SIGNATURE )
2731 0 : ++*n_sigs;
2732 :
2733 0 : node = node->next;
2734 0 : if (node && node->pkt->pkttype != PKT_SIGNATURE )
2735 0 : break;
2736 : }
2737 :
2738 0 : return 0;
2739 : }
2740 :
2741 :
2742 : /*
2743 : * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_USER_ID.
2744 : * (how should we handle comment packets here?)
2745 : */
2746 : static int
2747 39 : merge_sigs (kbnode_t dst, kbnode_t src, int *n_sigs,
2748 : const char *fname, u32 *keyid)
2749 : {
2750 : kbnode_t n, n2;
2751 39 : int found = 0;
2752 :
2753 : (void)fname;
2754 : (void)keyid;
2755 :
2756 39 : assert(dst->pkt->pkttype == PKT_USER_ID );
2757 39 : assert(src->pkt->pkttype == PKT_USER_ID );
2758 :
2759 132 : for (n=src->next; n && n->pkt->pkttype != PKT_USER_ID; n = n->next)
2760 : {
2761 93 : if (n->pkt->pkttype != PKT_SIGNATURE )
2762 28 : continue;
2763 65 : if (n->pkt->pkt.signature->sig_class == 0x18
2764 37 : || n->pkt->pkt.signature->sig_class == 0x28 )
2765 28 : continue; /* skip signatures which are only valid on subkeys */
2766 :
2767 37 : found = 0;
2768 38 : for (n2=dst->next; n2 && n2->pkt->pkttype != PKT_USER_ID; n2 = n2->next)
2769 37 : if (!cmp_signatures(n->pkt->pkt.signature,n2->pkt->pkt.signature))
2770 : {
2771 36 : found++;
2772 36 : break;
2773 : }
2774 37 : if (!found )
2775 : {
2776 : /* This signature is new or newer, append N to DST.
2777 : * We add a clone to the original keyblock, because this
2778 : * one is released first */
2779 1 : n2 = clone_kbnode(n);
2780 1 : insert_kbnode( dst, n2, PKT_SIGNATURE );
2781 1 : n2->flag |= 1;
2782 1 : n->flag |= 1;
2783 1 : ++*n_sigs;
2784 : }
2785 : }
2786 :
2787 39 : return 0;
2788 : }
2789 :
2790 :
2791 : /*
2792 : * Merge the sigs from SRC onto DST. SRC and DST are both a PKT_xxx_SUBKEY.
2793 : */
2794 : static int
2795 28 : merge_keysigs (kbnode_t dst, kbnode_t src, int *n_sigs,
2796 : const char *fname, u32 *keyid)
2797 : {
2798 : kbnode_t n, n2;
2799 28 : int found = 0;
2800 :
2801 : (void)fname;
2802 : (void)keyid;
2803 :
2804 28 : assert (dst->pkt->pkttype == PKT_PUBLIC_SUBKEY
2805 : || dst->pkt->pkttype == PKT_SECRET_SUBKEY);
2806 :
2807 56 : for (n=src->next; n ; n = n->next)
2808 : {
2809 28 : if (n->pkt->pkttype == PKT_PUBLIC_SUBKEY
2810 28 : || n->pkt->pkttype == PKT_PUBLIC_KEY )
2811 : break;
2812 28 : if (n->pkt->pkttype != PKT_SIGNATURE )
2813 0 : continue;
2814 :
2815 28 : found = 0;
2816 28 : for (n2=dst->next; n2; n2 = n2->next)
2817 : {
2818 28 : if (n2->pkt->pkttype == PKT_PUBLIC_SUBKEY
2819 28 : || n2->pkt->pkttype == PKT_PUBLIC_KEY )
2820 : break;
2821 28 : if (n2->pkt->pkttype == PKT_SIGNATURE
2822 56 : && (n->pkt->pkt.signature->keyid[0]
2823 28 : == n2->pkt->pkt.signature->keyid[0])
2824 56 : && (n->pkt->pkt.signature->keyid[1]
2825 28 : == n2->pkt->pkt.signature->keyid[1])
2826 56 : && (n->pkt->pkt.signature->timestamp
2827 28 : <= n2->pkt->pkt.signature->timestamp)
2828 56 : && (n->pkt->pkt.signature->sig_class
2829 28 : == n2->pkt->pkt.signature->sig_class))
2830 : {
2831 28 : found++;
2832 28 : break;
2833 : }
2834 : }
2835 28 : if (!found )
2836 : {
2837 : /* This signature is new or newer, append N to DST.
2838 : * We add a clone to the original keyblock, because this
2839 : * one is released first */
2840 0 : n2 = clone_kbnode(n);
2841 0 : insert_kbnode( dst, n2, PKT_SIGNATURE );
2842 0 : n2->flag |= 1;
2843 0 : n->flag |= 1;
2844 0 : ++*n_sigs;
2845 : }
2846 : }
2847 :
2848 28 : return 0;
2849 : }
2850 :
2851 :
2852 : /*
2853 : * Append the subkey starting with NODE and all signatures to KEYBLOCK.
2854 : * Mark all new and copied packets by setting flag bit 0.
2855 : */
2856 : static int
2857 0 : append_key (kbnode_t keyblock, kbnode_t node, int *n_sigs,
2858 : const char *fname, u32 *keyid)
2859 : {
2860 : kbnode_t n;
2861 :
2862 : (void)fname;
2863 : (void)keyid;
2864 :
2865 0 : assert( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
2866 : || node->pkt->pkttype == PKT_SECRET_SUBKEY );
2867 :
2868 0 : while (node)
2869 : {
2870 : /* we add a clone to the original keyblock, because this
2871 : * one is released first */
2872 0 : n = clone_kbnode(node);
2873 0 : add_kbnode( keyblock, n );
2874 0 : n->flag |= 1;
2875 0 : node->flag |= 1;
2876 0 : if (n->pkt->pkttype == PKT_SIGNATURE )
2877 0 : ++*n_sigs;
2878 :
2879 0 : node = node->next;
2880 0 : if (node && node->pkt->pkttype != PKT_SIGNATURE )
2881 0 : break;
2882 : }
2883 :
2884 0 : return 0;
2885 : }
|
