An improved fork of NetBSD's OpenPGP implementation; maintained by the p≡p foundation.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1526 lines
41 KiB

14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
14 years ago
  1. /*-
  2. * Copyright (c) 2009 The NetBSD Foundation, Inc.
  3. * All rights reserved.
  4. *
  5. * This code is derived from software contributed to The NetBSD Foundation
  6. * by Alistair Crooks (agc@NetBSD.org)
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. * 1. Redistributions of source code must retain the above copyright
  12. * notice, this list of conditions and the following disclaimer.
  13. * 2. Redistributions in binary form must reproduce the above copyright
  14. * notice, this list of conditions and the following disclaimer in the
  15. * documentation and/or other materials provided with the distribution.
  16. *
  17. * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  18. * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  19. * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  20. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  21. * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  22. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  23. * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  24. * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  25. * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  26. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  27. * POSSIBILITY OF SUCH DAMAGE.
  28. */
  29. /*
  30. * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
  31. * All rights reserved.
  32. * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
  33. * their moral rights under the UK Copyright Design and Patents Act 1988 to
  34. * be recorded as the authors of this copyright work.
  35. *
  36. * Licensed under the Apache License, Version 2.0 (the "License"); you may not
  37. * use this file except in compliance with the License.
  38. *
  39. * You may obtain a copy of the License at
  40. * http://www.apache.org/licenses/LICENSE-2.0
  41. *
  42. * Unless required by applicable law or agreed to in writing, software
  43. * distributed under the License is distributed on an "AS IS" BASIS,
  44. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  45. *
  46. * See the License for the specific language governing permissions and
  47. * limitations under the License.
  48. */
  49. /** \file
  50. */
  51. #include "config.h"
  52. #ifdef HAVE_SYS_CDEFS_H
  53. #include <sys/cdefs.h>
  54. #endif
  55. #if defined(__NetBSD__)
  56. __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
  57. __RCSID("$NetBSD$");
  58. #endif
  59. #ifdef HAVE_FCNTL_H
  60. #include <fcntl.h>
  61. #endif
  62. #include <regex.h>
  63. #include <stdlib.h>
  64. #include <string.h>
  65. #ifdef HAVE_TERMIOS_H
  66. #include <termios.h>
  67. #endif
  68. #ifdef HAVE_UNISTD_H
  69. #include <unistd.h>
  70. #endif
  71. #include "types.h"
  72. #include "keyring.h"
  73. #include "packet-parse.h"
  74. #include "signature.h"
  75. #include "netpgpsdk.h"
  76. #include "readerwriter.h"
  77. #include "netpgpdefs.h"
  78. #include "packet.h"
  79. #include "crypto.h"
  80. #include "validate.h"
  81. #include "netpgpdefs.h"
  82. #include "netpgpdigest.h"
  83. /**
  84. \ingroup HighLevel_Keyring
  85. \brief Creates a new pgp_key_t struct
  86. \return A new pgp_key_t struct, initialised to zero.
  87. \note The returned pgp_key_t struct must be freed after use with pgp_keydata_free.
  88. */
  89. pgp_key_t *
  90. pgp_keydata_new(void)
  91. {
  92. return calloc(1, sizeof(pgp_key_t));
  93. }
  94. /**
  95. \ingroup HighLevel_Keyring
  96. \brief Frees key's allocated memory
  97. \param keydata Key to be freed.
  98. \note This does not free the keydata itself, but any other memory alloc-ed by it.
  99. */
  100. void
  101. pgp_key_free(pgp_key_t *key)
  102. {
  103. unsigned n;
  104. if (key->type == PGP_PTAG_CT_PUBLIC_KEY) {
  105. pgp_pubkey_free(&key->key.pubkey);
  106. } else {
  107. pgp_seckey_free(&key->key.seckey);
  108. }
  109. for (n = 0; n < key->directsigc; ++n) {
  110. pgp_free_sig_info(&key->directsigs[n].siginfo);
  111. pgp_subpacket_free(&key->directsigs[n].packet);
  112. }
  113. FREE_ARRAY(key, directsig);
  114. for (n = 0; n < key->uidc; ++n) {
  115. pgp_userid_free(&key->uids[n]);
  116. }
  117. FREE_ARRAY(key, uid);
  118. for (n = 0; n < key->uidsigc; ++n) {
  119. pgp_free_sig_info(&key->uidsigs[n].siginfo);
  120. pgp_subpacket_free(&key->uidsigs[n].packet);
  121. }
  122. FREE_ARRAY(key, uidsig);
  123. for (n = 0; n < key->subkeyc; ++n) {
  124. if (key->type == PGP_PTAG_CT_PUBLIC_KEY) {
  125. pgp_pubkey_free(&key->subkeys[n].key.pubkey);
  126. } else {
  127. pgp_seckey_free(&key->subkeys[n].key.seckey);
  128. }
  129. }
  130. FREE_ARRAY(key, subkey);
  131. for (n = 0; n < key->subkeysigc; ++n) {
  132. pgp_free_sig_info(&key->subkeysigs[n].siginfo);
  133. pgp_subpacket_free(&key->subkeysigs[n].packet);
  134. }
  135. FREE_ARRAY(key, subkeysig);
  136. }
  137. /**
  138. \ingroup HighLevel_Keyring
  139. \brief Frees keydata and its memory
  140. \param keydata Key to be freed.
  141. \note This frees the keydata itself, as well as any other memory alloc-ed by it.
  142. */
  143. void
  144. pgp_keydata_free(pgp_key_t *keydata)
  145. {
  146. pgp_key_free(keydata);
  147. free(keydata);
  148. }
  149. static unsigned siginfo_in_time(pgp_sig_info_t *siginfo)
  150. {
  151. printf("%s...\n",__FUNCTION__);
  152. time_t now;
  153. now = time(NULL);
  154. /* in sig validity time frame */
  155. return now >= siginfo->birthtime && (
  156. siginfo->key_expiry == 0 ||
  157. now < siginfo->birthtime +
  158. siginfo->key_expiry);
  159. }
  160. const int32_t
  161. pgp_key_find_uid_cond(
  162. const pgp_key_t *key,
  163. unsigned(*uidcond) ( uint8_t *, void *),
  164. void *uidcondarg,
  165. unsigned(*sigcond) ( const pgp_sig_info_t *, void *),
  166. void *sigcondarg,
  167. time_t *youngest,
  168. unsigned checkrevoke,
  169. unsigned checkexpiry)
  170. {
  171. printf("%s...\n",__FUNCTION__);
  172. unsigned uididx = 0;
  173. unsigned uidsigidx = 0;
  174. int32_t res = -1; /* Not found */
  175. int32_t lastgood;
  176. uint8_t **uidp;
  177. pgp_uidsig_t *uidsigp;
  178. time_t yngst = 0;
  179. /* If not maximum age given, take default */
  180. if(!youngest)
  181. youngest = &yngst;
  182. /* Loop over key's user ids*/
  183. uidp = key->uids;
  184. for (uididx = 0 ; uididx < key->uidc; uididx++, uidp++)
  185. {
  186. if(uidcond && !uidcond(*uidp, uidcondarg)) continue;
  187. lastgood = res;
  188. /* Loop over key's user ids sigs */
  189. uidsigp = key->uidsigs;
  190. for (uidsigidx = 0 ; uidsigidx < key->uidsigc; uidsigidx++, uidsigp++)
  191. {
  192. /* matching selected user id */
  193. if(uidsigp->uid == uididx)
  194. {
  195. /* if uid is revoked */
  196. /* revoke on secret keys has no effect*/
  197. if(uidsigp->siginfo.type == PGP_SIG_REV_CERT)
  198. {
  199. /* ignore revocation if secret */
  200. if(!checkrevoke)
  201. continue;
  202. /* revert to last good candidate */
  203. res = lastgood;
  204. break; /* jump to next uid */
  205. }
  206. /* in sig validity time frame */
  207. if(!checkexpiry || siginfo_in_time(&uidsigp->siginfo))
  208. {
  209. /* sig cond is ok ? */
  210. if(!sigcond || sigcond(&uidsigp->siginfo, sigcondarg))
  211. {
  212. /* youngest signature is deciding */
  213. if(uidsigp->siginfo.birthtime > *youngest)
  214. {
  215. *youngest = uidsigp->siginfo.birthtime;
  216. res = uididx;
  217. }
  218. }
  219. }
  220. }
  221. }
  222. }
  223. return res;
  224. }
  225. /*
  226. * Returns :
  227. * -2 not found
  228. * -1 match is priamary key
  229. * >=0 index of matching valid subkey
  230. * */
  231. const int32_t
  232. pgp_key_find_key_conds(
  233. pgp_key_t *key,
  234. unsigned(*keycond) ( const pgp_pubkey_t *, const uint8_t *, void*),
  235. void *keycondarg,
  236. unsigned(*sigcond) ( const pgp_sig_info_t *, void*),
  237. void *sigcondarg,
  238. unsigned checkrevoke,
  239. unsigned checkexpiry)
  240. {
  241. printf("%s...\n",__FUNCTION__);
  242. unsigned subkeyidx = 0;
  243. unsigned subkeysigidx = 0;
  244. unsigned directsigidx = 0;
  245. int32_t res = -2; /* Not found */
  246. int32_t lastgood;
  247. pgp_subkey_t *subkeyp;
  248. pgp_subkeysig_t *subkeysigp;
  249. pgp_directsig_t *directsigp;
  250. time_t youngest;
  251. youngest = 0;
  252. /* check pubkey first */
  253. if(!keycond || keycond(pgp_key_get_pubkey(key), key->pubkeyid, keycondarg)){
  254. int32_t uidres;
  255. /* Loop over key's direct sigs */
  256. directsigp = key->directsigs;
  257. for (directsigidx = 0 ; directsigidx < key->directsigc;
  258. directsigidx++, directsigp++)
  259. {
  260. /* if direct is revoked */
  261. if(directsigp->siginfo.type == PGP_SIG_REV_KEY)
  262. {
  263. /* ignore revocation if secret */
  264. if(!checkrevoke)
  265. continue;
  266. return -2; /* Key is globally revoked, no result */
  267. }
  268. /* in sig validity time frame */
  269. if(!checkexpiry || siginfo_in_time(&directsigp->siginfo))
  270. {
  271. /* condition on sig is ok */
  272. if(!sigcond || sigcond(&directsigp->siginfo, sigcondarg))
  273. {
  274. /* youngest signature is deciding */
  275. if(directsigp->siginfo.birthtime > youngest)
  276. {
  277. youngest = directsigp->siginfo.birthtime;
  278. res = -1; /* Primary key is a candidate */
  279. }
  280. }
  281. }
  282. }
  283. uidres = pgp_key_find_uid_cond(
  284. key, NULL, NULL, sigcond, sigcondarg, &youngest,
  285. checkrevoke, checkexpiry);
  286. /* if matching uid sig, then primary is matching key */
  287. if(uidres != -1){
  288. res = -1;
  289. }
  290. }
  291. /* Loop over key's subkeys */
  292. subkeyp = key->subkeys;
  293. for (subkeyidx = 0 ; subkeyidx < key->subkeyc; subkeyidx++, subkeyp++)
  294. {
  295. lastgood = res;
  296. subkeysigp = key->subkeysigs;
  297. /* Skip this subkey if key condition not met */
  298. if(keycond && !keycond(&subkeyp->key.pubkey, subkeyp->id, keycondarg))
  299. continue;
  300. /* Loop over key's subkeys sigs */
  301. for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc;
  302. subkeysigidx++, subkeysigp++)
  303. {
  304. /* matching selected subkey */
  305. if(subkeysigp->subkey == subkeyidx)
  306. {
  307. /* if subkey is revoked */
  308. if(subkeysigp->siginfo.type == PGP_SIG_REV_SUBKEY)
  309. {
  310. /* ignore revocation if secret */
  311. if(!checkrevoke)
  312. continue;
  313. /* revert to last good candidate */
  314. res = lastgood;
  315. break; /* jump to next subkey */
  316. }
  317. /* in sig validity time frame */
  318. if(!checkexpiry || siginfo_in_time(&subkeysigp->siginfo))
  319. {
  320. /* subkey sig condition is ok */
  321. if(!sigcond || sigcond(&subkeysigp->siginfo, sigcondarg))
  322. {
  323. /* youngest signature is deciding */
  324. if(subkeysigp->siginfo.birthtime > youngest)
  325. {
  326. youngest = subkeysigp->siginfo.birthtime;
  327. res = subkeyidx;
  328. }
  329. }
  330. }
  331. }
  332. }
  333. }
  334. return res;
  335. }
  336. /**
  337. \ingroup HighLevel_KeyGeneral
  338. \brief Returns the public key in the given keydata.
  339. \param keydata
  340. \return Pointer to public key
  341. \note This is not a copy, do not free it after use.
  342. */
  343. pgp_pubkey_t *
  344. pgp_key_get_pubkey(pgp_key_t *keydata)
  345. {
  346. return (keydata->type == PGP_PTAG_CT_PUBLIC_KEY) ?
  347. &keydata->key.pubkey :
  348. &keydata->key.seckey.pubkey;
  349. }
  350. pgp_pubkey_t *
  351. pgp_key_get_subpubkey(pgp_key_t *key, int32_t subkeyidx)
  352. {
  353. return (key->type == PGP_PTAG_CT_PUBLIC_KEY) ?
  354. &key->subkeys[subkeyidx].key.pubkey :
  355. &key->subkeys[subkeyidx].key.seckey.pubkey;
  356. }
  357. pgp_seckey_t *
  358. pgp_key_get_subseckey(pgp_key_t *key, int32_t subkeyidx)
  359. {
  360. return (key->type == PGP_PTAG_CT_SECRET_KEY) ?
  361. &key->subkeys[subkeyidx].key.seckey :
  362. NULL;
  363. }
  364. static pgp_pubkey_t *
  365. key_get_pubkey_from_subidx(
  366. pgp_key_t *key,
  367. const uint8_t **id,
  368. int32_t subkeyidx)
  369. {
  370. if(subkeyidx == -2){
  371. return NULL;
  372. }
  373. if(subkeyidx != -1)
  374. {
  375. if(id) *id = key->subkeys[subkeyidx].id;
  376. return pgp_key_get_subpubkey(key, subkeyidx);
  377. }
  378. if(id) *id = key->pubkeyid;
  379. return pgp_key_get_pubkey(key);
  380. }
  381. static pgp_seckey_t *
  382. key_get_seckey_from_subidx(
  383. pgp_key_t *key,
  384. const uint8_t **id,
  385. int32_t subkeyidx)
  386. {
  387. if(subkeyidx == -2){
  388. return NULL;
  389. }
  390. if(subkeyidx != -1)
  391. {
  392. if(id) *id = key->subkeys[subkeyidx].id;
  393. return pgp_key_get_subseckey(key, subkeyidx);
  394. }
  395. if(id) *id = key->pubkeyid;
  396. return pgp_get_seckey(key);
  397. }
  398. static unsigned is_signing_role(const pgp_sig_info_t *siginfo, void *arg)
  399. {
  400. printf("%s...\n",__FUNCTION__);
  401. return siginfo->key_flags & PGP_KEYFLAG_SIGN_DATA;
  402. }
  403. /* Get a pub key to check signature */
  404. pgp_pubkey_t *
  405. pgp_key_get_sigkey(pgp_key_t *key)
  406. {
  407. int32_t subkeyidx =
  408. pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 0, 0);
  409. return key_get_pubkey_from_subidx(key, NULL, subkeyidx);
  410. }
  411. /* Get a sec key to write a signature */
  412. pgp_seckey_t *
  413. pgp_key_get_certkey(pgp_key_t *key)
  414. {
  415. int32_t subkeyidx =
  416. pgp_key_find_key_conds(key, NULL, NULL, &is_signing_role, NULL, 1, 0);
  417. return key_get_seckey_from_subidx(key, NULL, subkeyidx);
  418. }
  419. static unsigned is_encryption_role(const pgp_sig_info_t *siginfo, void *arg)
  420. {
  421. printf("%s...\n",__FUNCTION__);
  422. return siginfo->key_flags & PGP_KEYFLAG_ENC_COMM;
  423. }
  424. pgp_pubkey_t *
  425. pgp_key_get_enckey(pgp_key_t *key, const uint8_t **id)
  426. {
  427. int32_t subkeyidx =
  428. pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 1, 0);
  429. return key_get_pubkey_from_subidx(key, id, subkeyidx);
  430. }
  431. pgp_seckey_t *
  432. pgp_key_get_deckey(pgp_key_t *key, const uint8_t **id)
  433. {
  434. int32_t subkeyidx =
  435. pgp_key_find_key_conds(key, NULL, NULL, &is_encryption_role, NULL, 0, 0);
  436. return key_get_seckey_from_subidx(key, id, subkeyidx);
  437. }
  438. static unsigned primary_uid_sigcond(const pgp_sig_info_t *siginfo, void *arg)
  439. {
  440. printf("%s...\n",__FUNCTION__);
  441. return siginfo->primary_userid;
  442. }
  443. const int32_t pgp_key_get_uid0(pgp_key_t *key)
  444. {
  445. int32_t res =
  446. pgp_key_find_uid_cond(key, NULL, NULL, &primary_uid_sigcond, NULL, NULL, 1, 0);
  447. /* arbitrarily use youngest uid if no primary is found */
  448. return res == -1 ?
  449. pgp_key_find_uid_cond(key, NULL, NULL, NULL, NULL, NULL, 1, 0):
  450. res;
  451. }
  452. const uint8_t *pgp_key_get_primary_userid(pgp_key_t *key)
  453. {
  454. const int32_t uid0 = pgp_key_get_uid0(key);
  455. if( uid0 >= 0 && key->uids && key->uidc > uid0)
  456. {
  457. return key->uids[uid0];
  458. }
  459. return NULL;
  460. }
  461. unsigned key_bit_len(const pgp_pubkey_t *key)
  462. {
  463. switch (key->alg) {
  464. #if defined(HAVE_OPENSSL_BN_H)
  465. case PGP_PKA_DSA:
  466. return BN_num_bits(key->key.dsa.p);
  467. case PGP_PKA_RSA:
  468. return BN_num_bits(key->key.rsa.n);
  469. case PGP_PKA_ELGAMAL:
  470. return BN_num_bits(key->key.elgamal.p);
  471. #elif defined(HAVE_GSKSSL)
  472. case PGP_PKA_DSA:
  473. return key->key.dsa.p->length*8-7;
  474. case PGP_PKA_RSA:
  475. return key->key.rsa.n->length*8-7;
  476. case PGP_PKA_ELGAMAL:
  477. return key->key.elgamal.p->length*8-7;
  478. #endif
  479. default:
  480. return 0;
  481. }
  482. }
  483. unsigned key_is_weak(
  484. const pgp_pubkey_t *key,
  485. const uint8_t *keyid,
  486. void *arg)
  487. {
  488. unsigned kbl;
  489. pgp_key_rating_t *res;
  490. res = (pgp_key_rating_t*)arg;
  491. kbl = key_bit_len(key);
  492. if(kbl == 0)
  493. {
  494. *res = PGP_INVALID;
  495. }
  496. else if(kbl < 1024)
  497. {
  498. *res = PGP_TOOSHORT;
  499. }
  500. else if(kbl == 1024 && key->alg == PGP_PKA_RSA)
  501. {
  502. *res = PGP_WEAK;
  503. }
  504. return 0;
  505. }
  506. const pgp_key_rating_t pgp_key_get_rating(pgp_key_t *key)
  507. {
  508. /* keys exist in rings only if valid */
  509. pgp_key_rating_t res = PGP_VALID;
  510. pgp_key_find_key_conds(key, &key_is_weak, (void*)&res, NULL, NULL, 0, 0);
  511. if(res == PGP_VALID)
  512. {
  513. if(pgp_key_find_key_conds(
  514. key, NULL, NULL, NULL, NULL, 1, 0) == -2)
  515. {
  516. return PGP_REVOKED;
  517. }
  518. if(pgp_key_find_key_conds(
  519. key, NULL, NULL, NULL, NULL, 0, 1) == -2)
  520. {
  521. return PGP_EXPIRED;
  522. }
  523. }
  524. return res;
  525. }
  526. /**
  527. \ingroup HighLevel_KeyGeneral
  528. \brief Check whether this is a secret key or not.
  529. */
  530. unsigned
  531. pgp_is_key_secret(pgp_key_t *data)
  532. {
  533. return data->type != PGP_PTAG_CT_PUBLIC_KEY;
  534. }
  535. /**
  536. \ingroup HighLevel_KeyGeneral
  537. \brief Returns the secret key in the given keydata.
  538. \note This is not a copy, do not free it after use.
  539. \note This returns a const. If you need to be able to write to this
  540. pointer, use pgp_get_writable_seckey
  541. */
  542. pgp_seckey_t *
  543. pgp_get_seckey(pgp_key_t *data)
  544. {
  545. return (data->type == PGP_PTAG_CT_SECRET_KEY) ?
  546. &data->key.seckey : NULL;
  547. }
  548. /**
  549. \ingroup HighLevel_KeyGeneral
  550. \brief Returns the secret key in the given keydata.
  551. \note This is not a copy, do not free it after use.
  552. \note If you do not need to be able to modify this key, there is an
  553. equivalent read-only function pgp_get_seckey.
  554. */
  555. pgp_seckey_t *
  556. pgp_get_writable_seckey(pgp_key_t *data)
  557. {
  558. return (data->type == PGP_PTAG_CT_SECRET_KEY) ?
  559. &data->key.seckey : NULL;
  560. }
  561. /* utility function to zero out memory */
  562. void
  563. pgp_forget(void *vp, unsigned size)
  564. {
  565. (void) memset(vp, 0x0, size);
  566. }
  567. typedef struct {
  568. const pgp_key_t *key;
  569. char *passphrase;
  570. pgp_seckey_t *seckey;
  571. } decrypt_t;
  572. /* \todo check where userid pointers are copied */
  573. /**
  574. \ingroup Core_Keys
  575. \brief Copy user id, including contents
  576. \param dst Destination User ID
  577. \param src Source User ID
  578. \note If dst already has a userid, it will be freed.
  579. */
  580. uint8_t *
  581. pgp_copy_userid(uint8_t **dst, const uint8_t *src)
  582. {
  583. size_t len;
  584. len = strlen((const char *) src);
  585. if (*dst) {
  586. free(*dst);
  587. }
  588. if ((*dst = calloc(1, len + 1)) == NULL) {
  589. (void) fprintf(stderr, "pgp_copy_userid: bad alloc\n");
  590. } else {
  591. (void) memcpy(*dst, src, len);
  592. }
  593. return *dst;
  594. }
  595. /* \todo check where pkt pointers are copied */
  596. /**
  597. \ingroup Core_Keys
  598. \brief Copy packet, including contents
  599. \param dst Destination packet
  600. \param src Source packet
  601. \note If dst already has a packet, it will be freed.
  602. */
  603. pgp_subpacket_t *
  604. pgp_copy_packet(pgp_subpacket_t *dst, const pgp_subpacket_t *src)
  605. {
  606. if (dst->raw) {
  607. free(dst->raw);
  608. }
  609. if ((dst->raw = calloc(1, src->length)) == NULL) {
  610. (void) fprintf(stderr, "pgp_copy_packet: bad alloc\n");
  611. } else {
  612. dst->length = src->length;
  613. (void) memcpy(dst->raw, src->raw, src->length);
  614. }
  615. return dst;
  616. }
  617. #if 0
  618. /**
  619. \ingroup Core_Keys
  620. \brief Add User ID to key
  621. \param key Key to which to add User ID
  622. \param userid User ID to add
  623. \return Pointer to new User ID
  624. */
  625. uint8_t *
  626. pgp_add_userid(pgp_key_t *key, const uint8_t *userid)
  627. {
  628. uint8_t **uidp;
  629. EXPAND_ARRAY(key, uid);
  630. /* initialise new entry in array */
  631. uidp = &key->uids[key->uidc++];
  632. *uidp = NULL;
  633. /* now copy it */
  634. return pgp_copy_userid(uidp, userid);
  635. }
  636. #endif
  637. void print_packet_hex(const pgp_subpacket_t *pkt);
  638. /**
  639. \ingroup Core_Keys
  640. \brief Add selfsigned User ID to key
  641. \param keydata Key to which to add user ID
  642. \param userid Self-signed User ID to add
  643. \return 1 if OK; else 0
  644. */
  645. unsigned
  646. pgp_add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *userid, time_t key_expiry)
  647. {
  648. pgp_create_sig_t *sig;
  649. pgp_subpacket_t sigpacket;
  650. pgp_memory_t *mem_sig = NULL;
  651. pgp_output_t *sigoutput = NULL;
  652. /*
  653. * create signature packet for this userid
  654. */
  655. /* create sig for this pkt */
  656. sig = pgp_create_sig_new();
  657. pgp_sig_start_key_sig(sig, &skey->key.seckey.pubkey, userid, PGP_CERT_POSITIVE);
  658. pgp_add_creation_time(sig, time(NULL));
  659. pgp_add_key_expiration_time(sig, key_expiry);
  660. pgp_add_issuer_keyid(sig, skey->pubkeyid);
  661. pgp_add_primary_userid(sig, 1);
  662. pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_ENC_COMM);
  663. pgp_add_key_prefs(sig);
  664. pgp_add_key_features(sig);
  665. pgp_end_hashed_subpkts(sig);
  666. pgp_setup_memory_write(&sigoutput, &mem_sig, 128);
  667. pgp_write_sig(sigoutput, sig, &skey->key.seckey.pubkey, &skey->key.seckey);
  668. /* add this packet to key */
  669. sigpacket.length = pgp_mem_len(mem_sig);
  670. sigpacket.raw = pgp_mem_data(mem_sig);
  671. /* add user id and signature to key */
  672. pgp_update_userid(skey, userid, &sigpacket, &sig->sig.info);
  673. if(pkey) pgp_update_userid(pkey, userid, &sigpacket, &sig->sig.info);
  674. /* cleanup */
  675. pgp_create_sig_delete(sig);
  676. pgp_output_delete(sigoutput);
  677. pgp_memory_free(mem_sig);
  678. return 1;
  679. }
  680. unsigned
  681. pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reason)
  682. {
  683. pgp_create_sig_t *sig;
  684. pgp_subpacket_t sigpacket;
  685. pgp_memory_t *mem_sig = NULL;
  686. pgp_output_t *sigoutput = NULL;
  687. sig = pgp_create_sig_new();
  688. pgp_sig_start_key_rev(sig, &skey->key.seckey.pubkey, PGP_SIG_REV_KEY);
  689. pgp_add_creation_time(sig, time(NULL));
  690. pgp_add_issuer_keyid(sig, skey->pubkeyid);
  691. pgp_add_revocation_reason(sig, code, reason);
  692. pgp_end_hashed_subpkts(sig);
  693. pgp_setup_memory_write(&sigoutput, &mem_sig, 128);
  694. pgp_write_sig(sigoutput, sig, &skey->key.seckey.pubkey, &skey->key.seckey);
  695. sigpacket.length = pgp_mem_len(mem_sig);
  696. sigpacket.raw = pgp_mem_data(mem_sig);
  697. pgp_add_directsig(skey, &sigpacket, &sig->sig.info);
  698. pgp_add_directsig(pkey, &sigpacket, &sig->sig.info);
  699. /* cleanup */
  700. pgp_create_sig_delete(sig);
  701. pgp_output_delete(sigoutput);
  702. pgp_memory_free(mem_sig);
  703. return 1;
  704. }
  705. /**
  706. \ingroup Core_Keys
  707. \brief Initialise pgp_key_t
  708. \param keydata Keydata to initialise
  709. \param type PGP_PTAG_CT_PUBLIC_KEY or PGP_PTAG_CT_SECRET_KEY
  710. */
  711. void
  712. pgp_keydata_init(pgp_key_t *keydata, const pgp_content_enum type)
  713. {
  714. if (keydata->type != PGP_PTAG_CT_RESERVED) {
  715. (void) fprintf(stderr,
  716. "pgp_keydata_init: wrong keydata type\n");
  717. } else if (type != PGP_PTAG_CT_PUBLIC_KEY &&
  718. type != PGP_PTAG_CT_SECRET_KEY) {
  719. (void) fprintf(stderr, "pgp_keydata_init: wrong type\n");
  720. } else {
  721. keydata->type = type;
  722. }
  723. }
  724. /**
  725. \ingroup HighLevel_KeyringRead
  726. \brief Reads a keyring from a file
  727. \param keyring Pointer to an existing pgp_keyring_t struct
  728. \param armour 1 if file is armoured; else 0
  729. \param filename Filename of keyring to be read
  730. \return pgp 1 if OK; 0 on error
  731. \note Keyring struct must already exist.
  732. \note Can be used with either a public or secret keyring.
  733. \note You must call pgp_keyring_free() after usage to free alloc-ed memory.
  734. \note If you call this twice on the same keyring struct, without calling
  735. pgp_keyring_free() between these calls, you will introduce a memory leak.
  736. \sa pgp_keyring_read_from_mem()
  737. \sa pgp_keyring_free()
  738. */
  739. unsigned
  740. pgp_keyring_fileread(pgp_io_t *io,
  741. pgp_keyring_t *pubring,
  742. pgp_keyring_t *secring,
  743. const unsigned armour,
  744. const char *filename)
  745. {
  746. return pgp_filter_keys_fileread(
  747. io,
  748. pubring,
  749. secring,
  750. NULL /*certring -> self cert */,
  751. armour,
  752. filename);
  753. }
  754. /**
  755. \ingroup HighLevel_KeyringRead
  756. \brief Reads a keyring from memory
  757. \param keyring Pointer to existing pgp_keyring_t struct
  758. \param armour 1 if file is armoured; else 0
  759. \param mem Pointer to a pgp_memory_t struct containing keyring to be read
  760. \return pgp 1 if OK; 0 on error
  761. \note Keyring struct must already exist.
  762. \note Can be used with either a public or secret keyring.
  763. \note You must call pgp_keyring_free() after usage to free alloc-ed memory.
  764. \note If you call this twice on the same keyring struct, without calling
  765. pgp_keyring_free() between these calls, you will introduce a memory leak.
  766. \sa pgp_keyring_fileread
  767. \sa pgp_keyring_free
  768. */
  769. unsigned
  770. pgp_keyring_read_from_mem(pgp_io_t *io,
  771. pgp_keyring_t *pubring,
  772. pgp_keyring_t *secring,
  773. const unsigned armour,
  774. pgp_memory_t *mem)
  775. {
  776. return pgp_filter_keys_from_mem(io,
  777. pubring,
  778. secring,
  779. NULL /* certring -> self certification */,
  780. armour,
  781. mem);
  782. }
  783. /**
  784. \ingroup HighLevel_KeyringRead
  785. \brief Frees keyring's contents (but not keyring itself)
  786. \param keyring Keyring whose data is to be freed
  787. \note This does not free keyring itself, just the memory alloc-ed in it.
  788. */
  789. void
  790. pgp_keyring_free(pgp_keyring_t *keyring)
  791. {
  792. (void)free(keyring->keys);
  793. keyring->keys = NULL;
  794. keyring->keyc = keyring->keyvsize = 0;
  795. }
  796. void
  797. pgp_keyring_purge(pgp_keyring_t *keyring)
  798. {
  799. pgp_key_t *keyp;
  800. unsigned c = 0;
  801. for (keyp = keyring->keys; c < keyring->keyc; c++, keyp++) {
  802. pgp_key_free(keyp);
  803. }
  804. pgp_keyring_free(keyring);
  805. }
  806. static unsigned
  807. deletekey( pgp_keyring_t *keyring, pgp_key_t *key, unsigned from)
  808. {
  809. /* 'from' is index of key to delete */
  810. /* free key internals */
  811. pgp_key_free(key);
  812. /* decrement key count, vsize stays the same so no realloc needed */
  813. keyring->keyc--;
  814. /* Move following keys to fill the gap */
  815. for ( ; keyring && from < keyring->keyc; from += 1) {
  816. memcpy(&keyring->keys[from], &keyring->keys[from+1],
  817. sizeof(pgp_key_t));
  818. }
  819. return 1;
  820. }
  821. unsigned key_id_match(const pgp_pubkey_t *key, const uint8_t *keyid, void *refidarg)
  822. {
  823. uint8_t *refid = refidarg;
  824. return (memcmp(keyid, refid, PGP_KEY_ID_SIZE) == 0);
  825. }
  826. /**
  827. \ingroup HighLevel_KeyringFind
  828. \brief Finds key in keyring from its Key ID
  829. \param keyring Keyring to be searched
  830. \param keyid ID of required key
  831. \return Pointer to key, if found; NULL, if not found
  832. \note This returns a pointer to the key inside the given keyring,
  833. not a copy. Do not free it after use.
  834. */
  835. pgp_key_t *
  836. pgp_getkeybyid(pgp_io_t *io, const pgp_keyring_t *keyring,
  837. const uint8_t *keyid, unsigned *from,
  838. pgp_pubkey_t **pubkey,
  839. pgp_seckey_t **seckey,
  840. unsigned checkrevoke,
  841. unsigned checkexpiry)
  842. {
  843. uint8_t nullid[PGP_KEY_ID_SIZE];
  844. (void) memset(nullid, 0x0, sizeof(nullid));
  845. for ( ; keyring && *from < keyring->keyc; *from += 1) {
  846. pgp_key_t *key = &keyring->keys[*from];
  847. int32_t subkeyidx;
  848. if (pgp_get_debug_level(__FILE__)) {
  849. hexdump(io->errs, "keyring keyid", key->pubkeyid, PGP_KEY_ID_SIZE);
  850. hexdump(io->errs, "keyid", keyid, PGP_KEY_ID_SIZE);
  851. }
  852. subkeyidx = pgp_key_find_key_conds(key, &key_id_match, (void*)keyid, NULL, NULL, checkrevoke, checkexpiry);
  853. if (subkeyidx != -2) {
  854. if (pubkey) {
  855. *pubkey = key_get_pubkey_from_subidx(key, NULL, subkeyidx);
  856. }
  857. if (seckey) {
  858. *seckey = key_get_seckey_from_subidx(key, NULL, subkeyidx);
  859. }
  860. return key;
  861. }
  862. }
  863. return NULL;
  864. }
  865. unsigned
  866. pgp_deletekeybyid(pgp_io_t *io, pgp_keyring_t *keyring,
  867. const uint8_t *keyid)
  868. {
  869. unsigned from = 0;
  870. pgp_key_t *key;
  871. if ((key = (pgp_key_t *)pgp_getkeybyid(io, keyring, keyid,
  872. &from, NULL, NULL, 0, 0)) == NULL) {
  873. return 0;
  874. }
  875. /* 'from' is now index of key to delete */
  876. deletekey(keyring, key, from);
  877. return 1;
  878. }
  879. /**
  880. \ingroup HighLevel_KeyringFind
  881. \brief Finds key in keyring from its Key Fingerprint
  882. \param keyring Keyring to be searched
  883. \param fpr fingerprint of required key
  884. \param fpr length of required key
  885. \return Pointer to key, if found; NULL, if not found
  886. \note This returns a pointer to the key inside the given keyring,
  887. not a copy. Do not free it after use.
  888. */
  889. pgp_key_t *
  890. pgp_getkeybyfpr(pgp_io_t *io, const pgp_keyring_t *keyring,
  891. const uint8_t *fpr, size_t length,
  892. unsigned *from,
  893. pgp_pubkey_t **pubkey,
  894. unsigned checkrevoke,
  895. unsigned checkexpiry)
  896. {
  897. int32_t subkeyidx;
  898. for ( ; keyring && *from < keyring->keyc; *from += 1) {
  899. pgp_key_t *key = &keyring->keys[*from];
  900. pgp_fingerprint_t *kfp = &key->pubkeyfpr;
  901. if (kfp->length == length &&
  902. memcmp(kfp->fingerprint, fpr, length) == 0) {
  903. if(checkrevoke || checkexpiry){
  904. subkeyidx = pgp_key_find_key_conds(key, NULL, NULL, NULL, NULL, checkrevoke, checkexpiry);
  905. if (subkeyidx == -2) return NULL;
  906. }
  907. if (pubkey) {
  908. *pubkey = &key->key.pubkey;
  909. }
  910. return key;
  911. }
  912. }
  913. return NULL;
  914. }
  915. unsigned
  916. pgp_deletekeybyfpr(pgp_io_t *io, pgp_keyring_t *keyring,
  917. const uint8_t *fpr, size_t length)
  918. {
  919. unsigned from = 0;
  920. pgp_key_t *key;
  921. if ((key = (pgp_key_t *)pgp_getkeybyfpr(io, keyring, fpr, length,
  922. &from, NULL,0,0)) == NULL) {
  923. return 0;
  924. }
  925. /* 'from' is now index of key to delete */
  926. deletekey(keyring, key, from);
  927. return 1;
  928. }
  929. #if 0
  930. /* convert a string keyid into a binary keyid */
  931. static void
  932. str2keyid(const char *userid, uint8_t *keyid, size_t len)
  933. {
  934. static const char *uppers = "0123456789ABCDEF";
  935. static const char *lowers = "0123456789abcdef";
  936. const char *hi;
  937. const char *lo;
  938. uint8_t hichar;
  939. uint8_t lochar;
  940. size_t j;
  941. int i;
  942. for (i = 0, j = 0 ; j < len && userid[i] && userid[i + 1] ; i += 2, j++) {
  943. if ((hi = strchr(uppers, userid[i])) == NULL) {
  944. if ((hi = strchr(lowers, userid[i])) == NULL) {
  945. break;
  946. }
  947. hichar = (uint8_t)(hi - lowers);
  948. } else {
  949. hichar = (uint8_t)(hi - uppers);
  950. }
  951. if ((lo = strchr(uppers, userid[i + 1])) == NULL) {
  952. if ((lo = strchr(lowers, userid[i + 1])) == NULL) {
  953. break;
  954. }
  955. lochar = (uint8_t)(lo - lowers);
  956. } else {
  957. lochar = (uint8_t)(lo - uppers);
  958. }
  959. keyid[j] = (hichar << 4) | (lochar);
  960. }
  961. keyid[j] = 0x0;
  962. }
  963. #endif
  964. /* return the next key which matches, starting searching at *from */
  965. static const pgp_key_t *
  966. getkeybyname(pgp_io_t *io,
  967. const pgp_keyring_t *keyring,
  968. const char *name,
  969. unsigned *from)
  970. {
  971. //const pgp_key_t *kp;
  972. uint8_t **uidp;
  973. unsigned i = 0;
  974. pgp_key_t *keyp;
  975. // unsigned savedstart;
  976. regex_t r;
  977. //uint8_t keyid[PGP_KEY_ID_SIZE + 1];
  978. size_t len;
  979. if (!keyring || !name || !from) {
  980. return NULL;
  981. }
  982. len = strlen(name);
  983. if (pgp_get_debug_level(__FILE__)) {
  984. (void) fprintf(io->outs, "[%u] name '%s', len %zu\n",
  985. *from, name, len);
  986. }
  987. /* first try name as a keyid */
  988. // (void) memset(keyid, 0x0, sizeof(keyid));
  989. // str2keyid(name, keyid, sizeof(keyid));
  990. // if (pgp_get_debug_level(__FILE__)) {
  991. // hexdump(io->outs, "keyid", keyid, 4);
  992. // }
  993. // savedstart = *from;
  994. // if ((kp = pgp_getkeybyid(io, keyring, keyid, from,
  995. // NULL, NULL, 0, 0)) != NULL) {
  996. // return kp;
  997. // }
  998. // *from = savedstart;
  999. if (pgp_get_debug_level(__FILE__) && name != NULL) {
  1000. (void) fprintf(io->outs, "regex match '%s' from %u\n",
  1001. name, *from);
  1002. }
  1003. /* match on full name or email address as a
  1004. - NOSUB only success/failure, no match content
  1005. - LITERAL ignore special chars in given string
  1006. - ICASE ignore case
  1007. */
  1008. if (name != NULL) {
  1009. //(void) regcomp(&r, name, REG_NOSUB | REG_LITERAL | REG_ICASE);
  1010. (void) regcomp(&r, name, REG_NOSUB | REG_ICASE);
  1011. }
  1012. if(keyring->keys != NULL)
  1013. for (keyp = &keyring->keys[*from]; *from < keyring->keyc; *from += 1, keyp++) {
  1014. uidp = keyp->uids;
  1015. if (name == NULL) {
  1016. return keyp;
  1017. } else {
  1018. for (i = 0 ; i < keyp->uidc; i++, uidp++) {
  1019. if (regexec(&r, (char *)*uidp, 0, NULL, 0) == 0) {
  1020. if (pgp_get_debug_level(__FILE__)) {
  1021. (void) fprintf(io->outs,
  1022. "MATCHED keyid \"%s\" len %" PRIsize "u\n",
  1023. (char *) *uidp, len);
  1024. }
  1025. regfree(&r);
  1026. return keyp;
  1027. }
  1028. }
  1029. }
  1030. }
  1031. regfree(&r);
  1032. return NULL;
  1033. }
  1034. /**
  1035. \ingroup HighLevel_KeyringFind
  1036. \brief Finds key from its User ID
  1037. \param keyring Keyring to be searched
  1038. \param userid User ID of required key
  1039. \return Pointer to Key, if found; NULL, if not found
  1040. \note This returns a pointer to the key inside the keyring, not a
  1041. copy. Do not free it.
  1042. */
  1043. const pgp_key_t *
  1044. pgp_getkeybyname(pgp_io_t *io,
  1045. const pgp_keyring_t *keyring,
  1046. const char *name)
  1047. {
  1048. unsigned from;
  1049. from = 0;
  1050. return getkeybyname(io, keyring, name, &from);
  1051. }
  1052. const pgp_key_t *
  1053. pgp_getnextkeybyname(pgp_io_t *io,
  1054. const pgp_keyring_t *keyring,
  1055. const char *name,
  1056. unsigned *n)
  1057. {
  1058. return getkeybyname(io, keyring, name, n);
  1059. }
  1060. /* this interface isn't right - hook into callback for getting passphrase */
  1061. char *
  1062. pgp_export_key(pgp_io_t *io, const pgp_key_t *keydata, uint8_t *passphrase)
  1063. {
  1064. pgp_output_t *output;
  1065. pgp_memory_t *mem;
  1066. char *cp;
  1067. __PGP_USED(io);
  1068. pgp_setup_memory_write(&output, &mem, 128);
  1069. pgp_write_xfer_key(output, keydata, 1);
  1070. /* TODO deal with passphrase again
  1071. pgp_write_xfer_seckey(output, keydata, passphrase,
  1072. strlen((char *)passphrase), 1);
  1073. */
  1074. cp = netpgp_strdup(pgp_mem_data(mem));
  1075. pgp_teardown_memory_write(output, mem);
  1076. return cp;
  1077. }
  1078. /* lowlevel add to keyring */
  1079. int
  1080. pgp_keyring_add(pgp_keyring_t *dst, const pgp_key_t *src)
  1081. {
  1082. pgp_key_t *key;
  1083. EXPAND_ARRAY(dst, key);
  1084. key = &dst->keys[dst->keyc++];
  1085. memcpy(key, src, sizeof(*key));
  1086. return 1;
  1087. }
  1088. pgp_key_t *pgp_ensure_pubkey(pgp_keyring_t *keyring, pgp_pubkey_t *pubkey, uint8_t *pubkeyid)
  1089. {
  1090. pgp_key_t *key;
  1091. unsigned c;
  1092. if(keyring == NULL) return NULL;
  1093. /* try to find key in keyring */
  1094. for (c = 0; c < keyring->keyc; c += 1) {
  1095. if (memcmp(keyring->keys[c].pubkeyid, pubkeyid, PGP_KEY_ID_SIZE) == 0) {
  1096. return &keyring->keys[c];
  1097. }
  1098. }
  1099. /* if key doesn't already exist in keyring, create it */
  1100. EXPAND_ARRAY(keyring, key);
  1101. key = &keyring->keys[keyring->keyc++];
  1102. (void) memset(key, 0x0, sizeof(*key));
  1103. /* fill in what we already know */
  1104. key->type = PGP_PTAG_CT_PUBLIC_KEY;
  1105. pgp_pubkey_dup(&key->key.pubkey, pubkey);
  1106. memcpy(&key->pubkeyid, pubkeyid, PGP_KEY_ID_SIZE);
  1107. pgp_fingerprint(&key->pubkeyfpr, pubkey, keyring->hashtype);
  1108. return key;
  1109. }
  1110. pgp_key_t *pgp_ensure_seckey(pgp_keyring_t *keyring, pgp_seckey_t *seckey, uint8_t *pubkeyid)
  1111. {
  1112. pgp_key_t *key;
  1113. unsigned c;
  1114. if (keyring == NULL) return NULL;
  1115. /* try to find key in keyring */
  1116. for (c = 0; c < keyring->keyc; c += 1) {
  1117. if (memcmp(keyring->keys[c].pubkeyid, pubkeyid, PGP_KEY_ID_SIZE) == 0) {
  1118. return &keyring->keys[c];
  1119. }
  1120. }
  1121. /* if key doesn't already exist in keyring, create it */
  1122. EXPAND_ARRAY(keyring, key);
  1123. key = &keyring->keys[keyring->keyc++];
  1124. (void) memset(key, 0x0, sizeof(*key));
  1125. /* fill in what we already know */
  1126. key->type = PGP_PTAG_CT_SECRET_KEY;
  1127. pgp_seckey_dup(&key->key.seckey, seckey);
  1128. memcpy(&key->pubkeyid, pubkeyid, PGP_KEY_ID_SIZE);
  1129. pgp_fingerprint(&key->pubkeyfpr, &seckey->pubkey, keyring->hashtype);
  1130. return key;
  1131. }
  1132. unsigned pgp_add_directsig(
  1133. pgp_key_t *key,
  1134. const pgp_subpacket_t *sigpkt,
  1135. pgp_sig_info_t *siginfo)
  1136. {
  1137. printf("%s...\n",__FUNCTION__);
  1138. pgp_directsig_t *directsigp;
  1139. unsigned directsigidx;
  1140. /* Detect duplicate direct sig */
  1141. directsigp = key->directsigs;
  1142. for (directsigidx = 0 ; directsigidx < key->directsigc;
  1143. directsigidx++, directsigp++)
  1144. {
  1145. if( directsigp->packet.length == sigpkt->length &&
  1146. memcmp(directsigp->packet.raw, sigpkt->raw, sigpkt->length) == 0)
  1147. {
  1148. /* signature already exist */
  1149. return 1;
  1150. }
  1151. }
  1152. EXPAND_ARRAY(key, directsig);
  1153. directsigp = &key->directsigs[key->directsigc++];
  1154. copy_sig_info(&directsigp->siginfo, siginfo);
  1155. pgp_copy_packet(&directsigp->packet, sigpkt);
  1156. return 0;
  1157. }
  1158. unsigned pgp_update_userid(
  1159. pgp_key_t *key,
  1160. const uint8_t *userid,
  1161. const pgp_subpacket_t *sigpkt,
  1162. pgp_sig_info_t *siginfo)
  1163. {
  1164. unsigned uididx = 0;
  1165. unsigned uidsigidx = 0;
  1166. uint8_t **uidp;
  1167. pgp_uidsig_t *uidsigp;
  1168. /* Try to find identical userID */
  1169. uidp = key->uids;
  1170. for (uididx = 0 ; uididx < key->uidc; uididx++, uidp++)
  1171. {
  1172. if (strcmp(*uidp, userid) == 0)
  1173. {
  1174. /* Found one. check for duplicate uidsig */
  1175. uidsigp = key->uidsigs;
  1176. for (uidsigidx = 0 ; uidsigidx < key->uidsigc; uidsigidx++, uidsigp++)
  1177. {
  1178. if(uidsigp->uid == uididx &&
  1179. uidsigp->packet.length == sigpkt->length &&
  1180. memcmp(uidsigp->packet.raw, sigpkt->raw,
  1181. sigpkt->length) == 0)
  1182. {
  1183. /* signature already exists */
  1184. return 1;
  1185. }
  1186. }
  1187. break;
  1188. }
  1189. }
  1190. /* Add a new one if none found */
  1191. if(uididx==key->uidc){
  1192. EXPAND_ARRAY(key, uid);
  1193. uidp = &key->uids[key->uidc++];
  1194. *uidp = NULL;
  1195. pgp_copy_userid(uidp, userid);
  1196. }
  1197. /* Add uid sig info, pointing to that uid */
  1198. EXPAND_ARRAY(key, uidsig);
  1199. uidsigp = &key->uidsigs[key->uidsigc++];
  1200. uidsigp->uid = uididx;
  1201. /* store sig info and packet */
  1202. copy_sig_info(&uidsigp->siginfo, siginfo);
  1203. pgp_copy_packet(&uidsigp->packet, sigpkt);
  1204. return 0;
  1205. }
  1206. unsigned pgp_update_subkey(
  1207. pgp_key_t *key,
  1208. pgp_content_enum subkeytype,
  1209. pgp_keydata_key_t *subkey,
  1210. const pgp_subpacket_t *sigpkt,
  1211. pgp_sig_info_t *siginfo)
  1212. {
  1213. printf("%s...\n",__FUNCTION__);
  1214. unsigned subkeyidx = 0;
  1215. unsigned subkeysigidx = 0;
  1216. pgp_subkey_t *subkeyp;
  1217. pgp_subkeysig_t *subkeysigp;
  1218. uint8_t subkeyid[PGP_KEY_ID_SIZE];
  1219. pgp_keyid(subkeyid, PGP_KEY_ID_SIZE,
  1220. (subkeytype == PGP_PTAG_CT_PUBLIC_KEY) ?
  1221. &subkey->pubkey:
  1222. &subkey->seckey.pubkey, PGP_HASH_SHA1);
  1223. /* Try to find identical subkey ID */
  1224. subkeyp = key->subkeys;
  1225. for (subkeyidx = 0 ; subkeyidx < key->subkeyc; subkeyidx++, subkeyp++)
  1226. {
  1227. if(memcmp(subkeyid, subkeyp->id, PGP_KEY_ID_SIZE) == 0 )
  1228. {
  1229. /* Found same subkey. Detect duplicate sig */
  1230. subkeysigp = key->subkeysigs;
  1231. for (subkeysigidx = 0 ; subkeysigidx < key->subkeysigc; subkeysigidx++, subkeysigp++)
  1232. {
  1233. if(subkeysigp->subkey == subkeyidx &&
  1234. subkeysigp->packet.length == sigpkt->length &&
  1235. memcmp(subkeysigp->packet.raw, sigpkt->raw,
  1236. sigpkt->length) == 0)
  1237. {
  1238. /* signature already exists */
  1239. return 1;
  1240. }
  1241. }
  1242. break;
  1243. }
  1244. }
  1245. /* Add a new one if none found */
  1246. if(subkeyidx==key->subkeyc){
  1247. if(subkeytype == PGP_PTAG_CT_PUBLIC_KEY &&
  1248. key->type != PGP_PTAG_CT_PUBLIC_KEY){
  1249. /* cannot create secret subkey from public */
  1250. /* and may not insert public subkey in seckey */
  1251. return 1;
  1252. }
  1253. EXPAND_ARRAY(key, subkey);
  1254. subkeyp = &key->subkeys[key->subkeyc++];
  1255. /* copy subkey material */
  1256. if(key->type == PGP_PTAG_CT_PUBLIC_KEY) {
  1257. pgp_pubkey_dup(&subkeyp->key.pubkey,
  1258. (subkeytype == PGP_PTAG_CT_PUBLIC_KEY) ?
  1259. &subkey->pubkey:
  1260. &subkey->seckey.pubkey);
  1261. } else {
  1262. pgp_seckey_dup(&subkeyp->key.seckey, &subkey->seckey);
  1263. }
  1264. /* copy subkeyID */
  1265. memcpy(subkeyp->id, subkeyid, PGP_KEY_ID_SIZE);
  1266. }
  1267. /* Add subkey sig info, pointing to that subkey */
  1268. EXPAND_ARRAY(key, subkeysig);
  1269. subkeysigp = &key->subkeysigs[key->subkeysigc++];
  1270. subkeysigp->subkey = subkeyidx;
  1271. /* store sig info and packet */
  1272. copy_sig_info(&subkeysigp->siginfo, siginfo);
  1273. pgp_copy_packet(&subkeysigp->packet, sigpkt);
  1274. return 0;
  1275. }
  1276. /* append one keyring to another */
  1277. int
  1278. pgp_append_keyring(pgp_keyring_t *keyring, pgp_keyring_t *newring)
  1279. {
  1280. unsigned i;
  1281. for (i = 0 ; i < newring->keyc ; i++) {
  1282. EXPAND_ARRAY(keyring, key);
  1283. (void) memcpy(&keyring->keys[keyring->keyc], &newring->keys[i],
  1284. sizeof(newring->keys[i]));
  1285. keyring->keyc += 1;
  1286. }
  1287. return 1;
  1288. }