diff options
Diffstat (limited to '')
-rw-r--r-- | g10/keylist.c | 2222 |
1 files changed, 2222 insertions, 0 deletions
diff --git a/g10/keylist.c b/g10/keylist.c new file mode 100644 index 0000000..7deb04d --- /dev/null +++ b/g10/keylist.c @@ -0,0 +1,2222 @@ +/* keylist.c - Print information about OpenPGP keys + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + * 2008, 2010, 2012 Free Software Foundation, Inc. + * Copyright (C) 2013, 2014 Werner Koch + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#include <config.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#ifdef HAVE_DOSISH_SYSTEM +# include <fcntl.h> /* for setmode() */ +#endif + +#include "gpg.h" +#include "options.h" +#include "packet.h" +#include "../common/status.h" +#include "keydb.h" +#include "photoid.h" +#include "../common/util.h" +#include "../common/ttyio.h" +#include "trustdb.h" +#include "main.h" +#include "../common/i18n.h" +#include "../common/status.h" +#include "call-agent.h" +#include "../common/mbox-util.h" +#include "../common/zb32.h" +#include "tofu.h" +#include "../common/compliance.h" + + +static void list_all (ctrl_t, int, int); +static void list_one (ctrl_t ctrl, + strlist_t names, int secret, int mark_secret); +static void locate_one (ctrl_t ctrl, strlist_t names, int no_local); +static void print_card_serialno (const char *serialno); + +struct keylist_context +{ + int check_sigs; /* If set signatures shall be verified. */ + int good_sigs; /* Counter used if CHECK_SIGS is set. */ + int inv_sigs; /* Counter used if CHECK_SIGS is set. */ + int no_key; /* Counter used if CHECK_SIGS is set. */ + int oth_err; /* Counter used if CHECK_SIGS is set. */ + int no_validity; /* Do not show validity. */ +}; + + +static void list_keyblock (ctrl_t ctrl, + kbnode_t keyblock, int secret, int has_secret, + int fpr, struct keylist_context *listctx); + + +/* The stream used to write attribute packets to. */ +static estream_t attrib_fp; + + +/* Release resources from a keylist context. */ +static void +keylist_context_release (struct keylist_context *listctx) +{ + (void)listctx; /* Nothing to release. */ +} + + +/* List the keys. If list is NULL, all available keys are listed. + * With LOCATE_MODE set the locate algorithm is used to find a key; if + * in addition NO_LOCAL is set the locate does not look into the local + * keyring. */ +void +public_key_list (ctrl_t ctrl, strlist_t list, int locate_mode, int no_local) +{ +#ifndef NO_TRUST_MODELS + if (opt.with_colons) + { + byte trust_model, marginals, completes, cert_depth, min_cert_level; + ulong created, nextcheck; + + read_trust_options (ctrl, &trust_model, &created, &nextcheck, + &marginals, &completes, &cert_depth, &min_cert_level); + + es_fprintf (es_stdout, "tru:"); + + if (nextcheck && nextcheck <= make_timestamp ()) + es_fprintf (es_stdout, "o"); + if (trust_model != opt.trust_model) + es_fprintf (es_stdout, "t"); + if (opt.trust_model == TM_PGP || opt.trust_model == TM_CLASSIC + || opt.trust_model == TM_TOFU_PGP) + { + if (marginals != opt.marginals_needed) + es_fprintf (es_stdout, "m"); + if (completes != opt.completes_needed) + es_fprintf (es_stdout, "c"); + if (cert_depth != opt.max_cert_depth) + es_fprintf (es_stdout, "d"); + if (min_cert_level != opt.min_cert_level) + es_fprintf (es_stdout, "l"); + } + + es_fprintf (es_stdout, ":%d:%lu:%lu", trust_model, created, nextcheck); + + /* Only show marginals, completes, and cert_depth in the classic + or PGP trust models since they are not meaningful + otherwise. */ + + if (trust_model == TM_PGP || trust_model == TM_CLASSIC) + es_fprintf (es_stdout, ":%d:%d:%d", marginals, completes, cert_depth); + es_fprintf (es_stdout, "\n"); + } +#endif /*!NO_TRUST_MODELS*/ + + /* We need to do the stale check right here because it might need to + update the keyring while we already have the keyring open. This + is very bad for W32 because of a sharing violation. For real OSes + it might lead to false results if we are later listing a keyring + which is associated with the inode of a deleted file. */ + check_trustdb_stale (ctrl); + +#ifdef USE_TOFU + tofu_begin_batch_update (ctrl); +#endif + + if (locate_mode) + locate_one (ctrl, list, no_local); + else if (!list) + list_all (ctrl, 0, opt.with_secret); + else + list_one (ctrl, list, 0, opt.with_secret); + +#ifdef USE_TOFU + tofu_end_batch_update (ctrl); +#endif +} + + +void +secret_key_list (ctrl_t ctrl, strlist_t list) +{ + (void)ctrl; + + check_trustdb_stale (ctrl); + + if (!list) + list_all (ctrl, 1, 0); + else /* List by user id */ + list_one (ctrl, list, 1, 0); +} + +char * +format_seckey_info (ctrl_t ctrl, PKT_public_key *pk) +{ + u32 keyid[2]; + char *p; + char pkstrbuf[PUBKEY_STRING_SIZE]; + char *info; + + keyid_from_pk (pk, keyid); + p = get_user_id_native (ctrl, keyid); + + info = xtryasprintf ("sec %s/%s %s %s", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr (keyid), datestr_from_pk (pk), p); + + xfree (p); + + return info; +} + +void +print_seckey_info (ctrl_t ctrl, PKT_public_key *pk) +{ + char *p = format_seckey_info (ctrl, pk); + tty_printf ("\n%s\n", p); + xfree (p); +} + +/* Print information about the public key. With FP passed as NULL, + the tty output interface is used, otherwise output is directed to + the given stream. */ +void +print_pubkey_info (ctrl_t ctrl, estream_t fp, PKT_public_key *pk) +{ + u32 keyid[2]; + char *p; + char pkstrbuf[PUBKEY_STRING_SIZE]; + + keyid_from_pk (pk, keyid); + + /* If the pk was chosen by a particular user ID, that is the one to + print. */ + if (pk->user_id) + p = utf8_to_native (pk->user_id->name, pk->user_id->len, 0); + else + p = get_user_id_native (ctrl, keyid); + + if (!fp) + tty_printf ("\n"); + tty_fprintf (fp, "%s %s/%s %s %s\n", + pk->flags.primary? "pub":"sub", + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr (keyid), datestr_from_pk (pk), p); + xfree (p); +} + + +/* Print basic information of a secret key including the card serial + number information. */ +#ifdef ENABLE_CARD_SUPPORT +void +print_card_key_info (estream_t fp, kbnode_t keyblock) +{ + kbnode_t node; + char *hexgrip; + char *serialno; + int s2k_char; + char pkstrbuf[PUBKEY_STRING_SIZE]; + int indent; + + for (node = keyblock; node; node = node->next) + { + if (node->pkt->pkttype == PKT_PUBLIC_KEY + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + int rc; + PKT_public_key *pk = node->pkt->pkt.public_key; + + serialno = NULL; + rc = hexkeygrip_from_pk (pk, &hexgrip); + if (rc) + { + log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + s2k_char = '?'; + } + else if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + s2k_char = serialno? '>':' '; + else + s2k_char = '#'; /* Key not found. */ + + tty_fprintf (fp, "%s%c %s/%s %n", + node->pkt->pkttype == PKT_PUBLIC_KEY ? "sec" : "ssb", + s2k_char, + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf), + keystr_from_pk (pk), + &indent); + tty_fprintf (fp, _("created: %s"), datestr_from_pk (pk)); + tty_fprintf (fp, " "); + tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); + if (serialno) + { + tty_fprintf (fp, "\n%*s%s", indent, "", _("card-no: ")); + if (strlen (serialno) == 32 + && !strncmp (serialno, "D27600012401", 12)) + { + /* This is an OpenPGP card. Print the relevant part. */ + /* Example: D2760001240101010001000003470000 */ + /* xxxxyyyyyyyy */ + tty_fprintf (fp, "%.*s %.*s", 4, serialno+16, 8, serialno+20); + } + else + tty_fprintf (fp, "%s", serialno); + } + tty_fprintf (fp, "\n"); + xfree (hexgrip); + xfree (serialno); + } + } +} +#endif /*ENABLE_CARD_SUPPORT*/ + + +/* Flags = 0x01 hashed 0x02 critical. */ +static void +status_one_subpacket (sigsubpkttype_t type, size_t len, int flags, + const byte * buf) +{ + char status[40]; + + /* Don't print these. */ + if (len > 256) + return; + + snprintf (status, sizeof status, + "%d %u %u ", type, flags, (unsigned int) len); + + write_status_text_and_buffer (STATUS_SIG_SUBPACKET, status, buf, len, 0); +} + + +/* Print a policy URL. Allowed values for MODE are: + * -1 - print to the TTY + * 0 - print to stdout. + * 1 - use log_info and emit status messages. + * 2 - emit only status messages. + */ +void +show_policy_url (PKT_signature * sig, int indent, int mode) +{ + const byte *p; + size_t len; + int seq = 0, crit; + estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; + + while ((p = + enum_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, &len, &seq, &crit))) + { + if (mode != 2) + { + const char *str; + + tty_fprintf (fp, "%*s", indent, ""); + + if (crit) + str = _("Critical signature policy: "); + else + str = _("Signature policy: "); + if (mode > 0) + log_info ("%s", str); + else + tty_fprintf (fp, "%s", str); + tty_print_utf8_string2 (fp, p, len, 0); + tty_fprintf (fp, "\n"); + } + + if (mode > 0) + write_status_buffer (STATUS_POLICY_URL, p, len, 0); + } +} + + +/* Print a keyserver URL. Allowed values for MODE are: + * -1 - print to the TTY + * 0 - print to stdout. + * 1 - use log_info and emit status messages. + * 2 - emit only status messages. + */ +void +show_keyserver_url (PKT_signature * sig, int indent, int mode) +{ + const byte *p; + size_t len; + int seq = 0, crit; + estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; + + while ((p = + enum_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, &len, &seq, + &crit))) + { + if (mode != 2) + { + const char *str; + + tty_fprintf (fp, "%*s", indent, ""); + + if (crit) + str = _("Critical preferred keyserver: "); + else + str = _("Preferred keyserver: "); + if (mode > 0) + log_info ("%s", str); + else + tty_fprintf (fp, "%s", str); + tty_print_utf8_string2 (fp, p, len, 0); + tty_fprintf (fp, "\n"); + } + + if (mode > 0) + status_one_subpacket (SIGSUBPKT_PREF_KS, len, + (crit ? 0x02 : 0) | 0x01, p); + } +} + + +/* Print notation data. Allowed values for MODE are: + * -1 - print to the TTY + * 0 - print to stdout. + * 1 - use log_info and emit status messages. + * 2 - emit only status messages. + * + * Defined bits in WHICH: + * 1 - standard notations + * 2 - user notations + */ +void +show_notation (PKT_signature * sig, int indent, int mode, int which) +{ + estream_t fp = mode < 0? NULL : mode ? log_get_stream () : es_stdout; + notation_t nd, notations; + + if (which == 0) + which = 3; + + notations = sig_to_notation (sig); + + /* There may be multiple notations in the same sig. */ + for (nd = notations; nd; nd = nd->next) + { + if (mode != 2) + { + int has_at = !!strchr (nd->name, '@'); + + if ((which & 1 && !has_at) || (which & 2 && has_at)) + { + const char *str; + + tty_fprintf (fp, "%*s", indent, ""); + + if (nd->flags.critical) + str = _("Critical signature notation: "); + else + str = _("Signature notation: "); + if (mode > 0) + log_info ("%s", str); + else + tty_fprintf (fp, "%s", str); + /* This is all UTF8 */ + tty_print_utf8_string2 (fp, nd->name, strlen (nd->name), 0); + tty_fprintf (fp, "="); + tty_print_utf8_string2 (fp, nd->value, strlen (nd->value), 0); + /* (We need to use log_printf so that the next call to a + log function does not insert an extra LF.) */ + if (mode > 0) + log_printf ("\n"); + else + tty_fprintf (fp, "\n"); + } + } + + if (mode > 0) + { + write_status_buffer (STATUS_NOTATION_NAME, + nd->name, strlen (nd->name), 0); + if (nd->flags.critical || nd->flags.human) + write_status_text (STATUS_NOTATION_FLAGS, + nd->flags.critical && nd->flags.human? "1 1" : + nd->flags.critical? "1 0" : "0 1"); + write_status_buffer (STATUS_NOTATION_DATA, + nd->value, strlen (nd->value), 50); + } + } + + free_notation (notations); +} + + +static void +print_signature_stats (struct keylist_context *s) +{ + if (!s->check_sigs) + return; /* Signature checking was not requested. */ + + /* Better flush stdout so that the stats are always printed after + * the output. */ + es_fflush (es_stdout); + + if (s->good_sigs) + log_info (ngettext("%d good signature\n", + "%d good signatures\n", s->good_sigs), s->good_sigs); + + if (s->inv_sigs) + log_info (ngettext("%d bad signature\n", + "%d bad signatures\n", s->inv_sigs), s->inv_sigs); + + if (s->no_key) + log_info (ngettext("%d signature not checked due to a missing key\n", + "%d signatures not checked due to missing keys\n", + s->no_key), s->no_key); + + if (s->oth_err) + log_info (ngettext("%d signature not checked due to an error\n", + "%d signatures not checked due to errors\n", + s->oth_err), s->oth_err); +} + + +/* List all keys. If SECRET is true only secret keys are listed. If + MARK_SECRET is true secret keys are indicated in a public key + listing. */ +static void +list_all (ctrl_t ctrl, int secret, int mark_secret) +{ + KEYDB_HANDLE hd; + KBNODE keyblock = NULL; + int rc = 0; + int any_secret; + const char *lastresname, *resname; + struct keylist_context listctx; + + memset (&listctx, 0, sizeof (listctx)); + if (opt.check_sigs) + listctx.check_sigs = 1; + + hd = keydb_new (); + if (!hd) + rc = gpg_error_from_syserror (); + else + rc = keydb_search_first (hd); + if (rc) + { + if (gpg_err_code (rc) != GPG_ERR_NOT_FOUND) + log_error ("keydb_search_first failed: %s\n", gpg_strerror (rc)); + goto leave; + } + + lastresname = NULL; + do + { + if (secret) + glo_ctrl.silence_parse_warnings++; + rc = keydb_get_keyblock (hd, &keyblock); + if (secret) + glo_ctrl.silence_parse_warnings--; + if (rc) + { + if (gpg_err_code (rc) == GPG_ERR_LEGACY_KEY) + continue; /* Skip legacy keys. */ + if (gpg_err_code (rc) == GPG_ERR_UNKNOWN_VERSION) + continue; /* Skip keys with unknown versions. */ + log_error ("keydb_get_keyblock failed: %s\n", gpg_strerror (rc)); + goto leave; + } + + if (secret || mark_secret) + any_secret = !agent_probe_any_secret_key (NULL, keyblock); + else + any_secret = 0; + + if (secret && !any_secret) + ; /* Secret key listing requested but this isn't one. */ + else + { + if (!opt.with_colons && !(opt.list_options & LIST_SHOW_ONLY_FPR_MBOX)) + { + resname = keydb_get_resource_name (hd); + if (lastresname != resname) + { + int i; + + es_fprintf (es_stdout, "%s\n", resname); + for (i = strlen (resname); i; i--) + es_putc ('-', es_stdout); + es_putc ('\n', es_stdout); + lastresname = resname; + } + } + merge_keys_and_selfsig (ctrl, keyblock); + list_keyblock (ctrl, keyblock, secret, any_secret, opt.fingerprint, + &listctx); + } + release_kbnode (keyblock); + keyblock = NULL; + } + while (!(rc = keydb_search_next (hd))); + es_fflush (es_stdout); + if (rc && gpg_err_code (rc) != GPG_ERR_NOT_FOUND) + log_error ("keydb_search_next failed: %s\n", gpg_strerror (rc)); + if (keydb_get_skipped_counter (hd)) + log_info (ngettext("Warning: %lu key skipped due to its large size\n", + "Warning: %lu keys skipped due to their large sizes\n", + keydb_get_skipped_counter (hd)), + keydb_get_skipped_counter (hd)); + + if (opt.check_sigs && !opt.with_colons) + print_signature_stats (&listctx); + + leave: + keylist_context_release (&listctx); + release_kbnode (keyblock); + keydb_release (hd); +} + + +static void +list_one (ctrl_t ctrl, strlist_t names, int secret, int mark_secret) +{ + int rc = 0; + KBNODE keyblock = NULL; + GETKEY_CTX ctx; + int any_secret; + const char *resname; + const char *keyring_str = _("Keyring"); + int i; + struct keylist_context listctx; + + memset (&listctx, 0, sizeof (listctx)); + if (!secret && opt.check_sigs) + listctx.check_sigs = 1; + + /* fixme: using the bynames function has the disadvantage that we + * don't know whether one of the names given was not found. OTOH, + * this function has the advantage to list the names in the + * sequence as defined by the keyDB and does not duplicate + * outputs. A solution could be do test whether all given have + * been listed (this needs a way to use the keyDB search + * functions) or to have the search function return indicators for + * found names. Yet another way is to use the keydb search + * facilities directly. */ + rc = getkey_bynames (ctrl, &ctx, NULL, names, secret, &keyblock); + if (rc) + { + log_error ("error reading key: %s\n", gpg_strerror (rc)); + getkey_end (ctrl, ctx); + write_status_error ("keylist.getkey", rc); + return; + } + + do + { + /* getkey_bynames makes sure that only secret keys are returned + * if requested, thus we do not need to test again. With + * MARK_SECRET set (ie. option --with-secret) we have to test + * for a secret key, though. */ + if (secret) + any_secret = 1; + else if (mark_secret) + any_secret = !agent_probe_any_secret_key (NULL, keyblock); + else + any_secret = 0; + + if (secret && !any_secret) + ;/* Secret key listing requested but getkey_bynames failed. */ + else + { + if ((opt.list_options & LIST_SHOW_KEYRING) && !opt.with_colons) + { + resname = keydb_get_resource_name (get_ctx_handle (ctx)); + es_fprintf (es_stdout, "%s: %s\n", keyring_str, resname); + for (i = strlen (resname) + strlen (keyring_str) + 2; i; i--) + es_putc ('-', es_stdout); + es_putc ('\n', es_stdout); + } + list_keyblock (ctrl, keyblock, secret, any_secret, + opt.fingerprint, &listctx); + } + release_kbnode (keyblock); + } + while (!getkey_next (ctrl, ctx, NULL, &keyblock)); + getkey_end (ctrl, ctx); + + if (opt.check_sigs && !opt.with_colons) + print_signature_stats (&listctx); + + keylist_context_release (&listctx); +} + + +static void +locate_one (ctrl_t ctrl, strlist_t names, int no_local) +{ + int rc = 0; + strlist_t sl; + GETKEY_CTX ctx = NULL; + KBNODE keyblock = NULL; + struct keylist_context listctx; + + memset (&listctx, 0, sizeof (listctx)); + if (opt.check_sigs) + listctx.check_sigs = 1; + + for (sl = names; sl; sl = sl->next) + { + rc = get_best_pubkey_byname (ctrl, + no_local? GET_PUBKEY_NO_LOCAL + /* */: GET_PUBKEY_NORMAL, + &ctx, NULL, sl->d, &keyblock, 1); + if (rc) + { + if (gpg_err_code (rc) != GPG_ERR_NO_PUBKEY) + log_error ("error reading key: %s\n", gpg_strerror (rc)); + else if (opt.verbose) + log_info (_("key \"%s\" not found: %s\n"), + sl->d, gpg_strerror (rc)); + } + else + { + do + { + list_keyblock (ctrl, keyblock, 0, 0, opt.fingerprint, &listctx); + release_kbnode (keyblock); + } + while (ctx && !getkey_next (ctrl, ctx, NULL, &keyblock)); + getkey_end (ctrl, ctx); + ctx = NULL; + } + } + + if (opt.check_sigs && !opt.with_colons) + print_signature_stats (&listctx); + + keylist_context_release (&listctx); +} + + +static void +print_key_data (PKT_public_key * pk) +{ + int n = pk ? pubkey_get_npkey (pk->pubkey_algo) : 0; + int i; + + for (i = 0; i < n; i++) + { + es_fprintf (es_stdout, "pkd:%d:%u:", i, mpi_get_nbits (pk->pkey[i])); + mpi_print (es_stdout, pk->pkey[i], 1); + es_putc (':', es_stdout); + es_putc ('\n', es_stdout); + } +} + +static void +print_capabilities (ctrl_t ctrl, PKT_public_key *pk, KBNODE keyblock) +{ + unsigned int use = pk->pubkey_usage; + int c_printed = 0; + + if (use & PUBKEY_USAGE_ENC) + es_putc ('e', es_stdout); + + if (use & PUBKEY_USAGE_SIG) + { + es_putc ('s', es_stdout); + if (pk->flags.primary) + { + es_putc ('c', es_stdout); + /* The PUBKEY_USAGE_CERT flag was introduced later and we + used to always print 'c' for a primary key. To avoid any + regression here we better track whether we printed 'c' + already. */ + c_printed = 1; + } + } + + if ((use & PUBKEY_USAGE_CERT) && !c_printed) + es_putc ('c', es_stdout); + + if ((use & PUBKEY_USAGE_AUTH)) + es_putc ('a', es_stdout); + + if ((use & PUBKEY_USAGE_UNKNOWN)) + es_putc ('?', es_stdout); + + if (keyblock) + { + /* Figure out the usable capabilities. */ + KBNODE k; + int enc = 0, sign = 0, cert = 0, auth = 0, disabled = 0; + + for (k = keyblock; k; k = k->next) + { + if (k->pkt->pkttype == PKT_PUBLIC_KEY + || k->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + pk = k->pkt->pkt.public_key; + + if (pk->flags.primary) + disabled = pk_is_disabled (pk); + + if (pk->flags.valid && !pk->flags.revoked && !pk->has_expired) + { + if (pk->pubkey_usage & PUBKEY_USAGE_ENC) + enc = 1; + if (pk->pubkey_usage & PUBKEY_USAGE_SIG) + { + sign = 1; + if (pk->flags.primary) + cert = 1; + } + if (pk->pubkey_usage & PUBKEY_USAGE_CERT) + cert = 1; + if ((pk->pubkey_usage & PUBKEY_USAGE_AUTH)) + auth = 1; + } + } + } + if (enc) + es_putc ('E', es_stdout); + if (sign) + es_putc ('S', es_stdout); + if (cert) + es_putc ('C', es_stdout); + if (auth) + es_putc ('A', es_stdout); + if (disabled) + es_putc ('D', es_stdout); + } + + es_putc (':', es_stdout); +} + + +/* FLAGS: 0x01 hashed + 0x02 critical */ +static void +print_one_subpacket (sigsubpkttype_t type, size_t len, int flags, + const byte * buf) +{ + size_t i; + + es_fprintf (es_stdout, "spk:%d:%u:%u:", type, flags, (unsigned int) len); + + for (i = 0; i < len; i++) + { + /* printable ascii other than : and % */ + if (buf[i] >= 32 && buf[i] <= 126 && buf[i] != ':' && buf[i] != '%') + es_fprintf (es_stdout, "%c", buf[i]); + else + es_fprintf (es_stdout, "%%%02X", buf[i]); + } + + es_fprintf (es_stdout, "\n"); +} + + +void +print_subpackets_colon (PKT_signature * sig) +{ + byte *i; + + log_assert (opt.show_subpackets); + + for (i = opt.show_subpackets; *i; i++) + { + const byte *p; + size_t len; + int seq, crit; + + seq = 0; + + while ((p = enum_sig_subpkt (sig->hashed, *i, &len, &seq, &crit))) + print_one_subpacket (*i, len, 0x01 | (crit ? 0x02 : 0), p); + + seq = 0; + + while ((p = enum_sig_subpkt (sig->unhashed, *i, &len, &seq, &crit))) + print_one_subpacket (*i, len, 0x00 | (crit ? 0x02 : 0), p); + } +} + + +void +dump_attribs (const PKT_user_id *uid, PKT_public_key *pk) +{ + int i; + + if (!attrib_fp) + return; + + for (i = 0; i < uid->numattribs; i++) + { + if (is_status_enabled ()) + { + byte array[MAX_FINGERPRINT_LEN], *p; + char buf[(MAX_FINGERPRINT_LEN * 2) + 90]; + size_t j, n; + + if (!pk) + BUG (); + fingerprint_from_pk (pk, array, &n); + + p = array; + for (j = 0; j < n; j++, p++) + sprintf (buf + 2 * j, "%02X", *p); + + sprintf (buf + strlen (buf), " %lu %u %u %u %lu %lu %u", + (ulong) uid->attribs[i].len, uid->attribs[i].type, i + 1, + uid->numattribs, (ulong) uid->created, + (ulong) uid->expiredate, + ((uid->flags.primary ? 0x01 : 0) | (uid->flags.revoked ? 0x02 : 0) | + (uid->flags.expired ? 0x04 : 0))); + write_status_text (STATUS_ATTRIBUTE, buf); + } + + es_fwrite (uid->attribs[i].data, uid->attribs[i].len, 1, attrib_fp); + es_fflush (attrib_fp); + } +} + + +/* Order two signatures. We first order by keyid and then by creation + * time. This is currently only used in keyedit.c */ +int +cmp_signodes (const void *av, const void *bv) +{ + const kbnode_t an = *(const kbnode_t *)av; + const kbnode_t bn = *(const kbnode_t *)bv; + const PKT_signature *a; + const PKT_signature *b; + int i; + + /* log_assert (an->pkt->pkttype == PKT_SIGNATURE); */ + /* log_assert (bn->pkt->pkttype == PKT_SIGNATURE); */ + + a = an->pkt->pkt.signature; + b = bn->pkt->pkt.signature; + + /* Self-signatures are ordered first. */ + if ((an->flag & NODFLG_MARK_B) && !(bn->flag & NODFLG_MARK_B)) + return -1; + if (!(an->flag & NODFLG_MARK_B) && (bn->flag & NODFLG_MARK_B)) + return 1; + + /* then the keyids. (which are or course the same for self-sigs). */ + i = keyid_cmp (a->keyid, b->keyid); + if (i) + return i; + + /* Followed by creation time */ + if (a->timestamp > b->timestamp) + return 1; + if (a->timestamp < b->timestamp) + return -1; + + /* followed by the class in a way that a rev comes first. */ + if (a->sig_class > b->sig_class) + return 1; + if (a->sig_class < b->sig_class) + return -1; + + /* To make the sort stable we compare the entire structure as last resort. */ + return memcmp (a, b, sizeof *a); +} + + +static void +list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr, + struct keylist_context *listctx) +{ + int rc; + KBNODE kbctx; + KBNODE node; + PKT_public_key *pk; + int skip_sigs = 0; + char *hexgrip = NULL; + char *serialno = NULL; + + /* Get the keyid from the keyblock. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; key lost!\n"); + dump_kbnode (keyblock); + return; + } + + pk = node->pkt->pkt.public_key; + + if (secret || opt.with_keygrip) + { + rc = hexkeygrip_from_pk (pk, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + } + + if (secret) + { + /* Encode some info about the secret key in SECRET. */ + if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + secret = serialno? 3 : 1; + else + secret = 2; /* Key not found. */ + } + + if (!listctx->no_validity) + check_trustdb_stale (ctrl); + + /* Print the "pub" line and in KF_NONE mode the fingerprint. */ + print_key_line (ctrl, es_stdout, pk, secret); + + if (fpr) + print_fingerprint (ctrl, NULL, pk, 0); + + if (opt.with_keygrip && hexgrip) + es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); + + if (serialno) + print_card_serialno (serialno); + + if (opt.with_key_data) + print_key_data (pk); + + if (opt.with_key_origin + && (pk->keyorg || pk->keyupdate || pk->updateurl)) + { + char updatestr[MK_DATESTR_SIZE]; + + es_fprintf (es_stdout, " origin=%s last=%s %s", + key_origin_string (pk->keyorg), + mk_datestr (updatestr, sizeof updatestr, pk->keyupdate), + pk->updateurl? "url=":""); + if (pk->updateurl) + print_utf8_string (es_stdout, pk->updateurl); + es_putc ('\n', es_stdout); + } + + + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = node->pkt->pkt.user_id; + int indent; + int kl = opt.keyid_format == KF_NONE? 10 : keystrlen (); + + if ((uid->flags.expired || uid->flags.revoked) + && !(opt.list_options & LIST_SHOW_UNUSABLE_UIDS)) + { + skip_sigs = 1; + continue; + } + else + skip_sigs = 0; + + if (attrib_fp && uid->attrib_data != NULL) + dump_attribs (uid, pk); + + if ((uid->flags.revoked || uid->flags.expired) + || ((opt.list_options & LIST_SHOW_UID_VALIDITY) + && !listctx->no_validity)) + { + const char *validity; + + validity = uid_trust_string_fixed (ctrl, pk, uid); + indent = ((kl + (opt.legacy_list_mode? 9:11)) + - atoi (uid_trust_string_fixed (ctrl, NULL, NULL))); + if (indent < 0 || indent > 40) + indent = 0; + + es_fprintf (es_stdout, "uid%*s%s ", indent, "", validity); + } + else + { + indent = kl + (opt.legacy_list_mode? 10:12); + es_fprintf (es_stdout, "uid%*s", indent, ""); + } + + print_utf8_buffer (es_stdout, uid->name, uid->len); + es_putc ('\n', es_stdout); + + if (opt.with_wkd_hash) + { + char *mbox, *hash, *p; + char hashbuf[32]; + + mbox = mailbox_from_userid (uid->name); + if (mbox && (p = strchr (mbox, '@'))) + { + *p++ = 0; + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, + mbox, strlen (mbox)); + hash = zb32_encode (hashbuf, 8*20); + if (hash) + { + es_fprintf (es_stdout, " %*s%s@%s\n", + indent, "", hash, p); + xfree (hash); + } + } + xfree (mbox); + } + + if (opt.with_key_origin + && (uid->keyorg || uid->keyupdate || uid->updateurl)) + { + char updatestr[MK_DATESTR_SIZE]; + + es_fprintf (es_stdout, " %*sorigin=%s last=%s %s", + indent, "", + key_origin_string (uid->keyorg), + mk_datestr (updatestr, sizeof updatestr, + uid->keyupdate), + uid->updateurl? "url=":""); + if (uid->updateurl) + print_utf8_string (es_stdout, uid->updateurl); + es_putc ('\n', es_stdout); + } + + if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL) + show_photos (ctrl, uid->attribs, uid->numattribs, pk, uid); + } + else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + PKT_public_key *pk2 = node->pkt->pkt.public_key; + + if ((pk2->flags.revoked || pk2->has_expired) + && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS)) + { + skip_sigs = 1; + continue; + } + else + skip_sigs = 0; + + xfree (serialno); serialno = NULL; + xfree (hexgrip); hexgrip = NULL; + if (secret || opt.with_keygrip) + { + rc = hexkeygrip_from_pk (pk2, &hexgrip); + if (rc) + log_error ("error computing a keygrip: %s\n", + gpg_strerror (rc)); + } + if (secret) + { + if (!agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + secret = serialno? 3 : 1; + else + secret = 2; /* Key not found. */ + } + + /* Print the "sub" line. */ + print_key_line (ctrl, es_stdout, pk2, secret); + if (fpr > 1 || opt.with_subkey_fingerprint) + { + print_fingerprint (ctrl, NULL, pk2, 0); + if (serialno) + print_card_serialno (serialno); + } + if (opt.with_keygrip && hexgrip) + es_fprintf (es_stdout, " Keygrip = %s\n", hexgrip); + if (opt.with_key_data) + print_key_data (pk2); + } + else if (opt.list_sigs + && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs) + { + PKT_signature *sig = node->pkt->pkt.signature; + int sigrc; + char *sigstr; + char *reason_text = NULL; + char *reason_comment = NULL; + size_t reason_commentlen; + + if (listctx->check_sigs) + { + rc = check_key_signature (ctrl, keyblock, node, NULL); + switch (gpg_err_code (rc)) + { + case 0: + listctx->good_sigs++; + sigrc = '!'; + break; + case GPG_ERR_BAD_SIGNATURE: + listctx->inv_sigs++; + sigrc = '-'; + break; + case GPG_ERR_NO_PUBKEY: + case GPG_ERR_UNUSABLE_PUBKEY: + listctx->no_key++; + continue; + default: + listctx->oth_err++; + sigrc = '%'; + break; + } + + /* TODO: Make sure a cached sig record here still has + the pk that issued it. See also + keyedit.c:print_and_check_one_sig */ + } + else + { + rc = 0; + sigrc = ' '; + } + + if (sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30) + { + sigstr = "rev"; + get_revocation_reason (sig, &reason_text, + &reason_comment, &reason_commentlen); + } + else if ((sig->sig_class & ~3) == 0x10) + sigstr = "sig"; + else if (sig->sig_class == 0x18) + sigstr = "sig"; + else if (sig->sig_class == 0x1F) + sigstr = "sig"; + else + { + es_fprintf (es_stdout, "sig " + "[unexpected signature class 0x%02x]\n", + sig->sig_class); + continue; + } + + es_fputs (sigstr, es_stdout); + es_fprintf (es_stdout, "%c%c %c%c%c%c%c%c %s %s", + sigrc, (sig->sig_class - 0x10 > 0 && + sig->sig_class - 0x10 < + 4) ? '0' + sig->sig_class - 0x10 : ' ', + sig->flags.exportable ? ' ' : 'L', + sig->flags.revocable ? ' ' : 'R', + sig->flags.policy_url ? 'P' : ' ', + sig->flags.notation ? 'N' : ' ', + sig->flags.expired ? 'X' : ' ', + (sig->trust_depth > 9) ? 'T' : (sig->trust_depth > + 0) ? '0' + + sig->trust_depth : ' ', keystr (sig->keyid), + datestr_from_sig (sig)); + if (opt.list_options & LIST_SHOW_SIG_EXPIRE) + es_fprintf (es_stdout, " %s", expirestr_from_sig (sig)); + es_fprintf (es_stdout, " "); + if (sigrc == '%') + es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); + else if (sigrc == '?') + ; + else if (!opt.fast_list_mode) + { + size_t n; + char *p = get_user_id (ctrl, sig->keyid, &n, NULL); + print_utf8_buffer (es_stdout, p, n); + xfree (p); + } + es_putc ('\n', es_stdout); + + if (sig->flags.policy_url + && (opt.list_options & LIST_SHOW_POLICY_URLS)) + show_policy_url (sig, 3, 0); + + if (sig->flags.notation && (opt.list_options & LIST_SHOW_NOTATIONS)) + show_notation (sig, 3, 0, + ((opt. + list_options & LIST_SHOW_STD_NOTATIONS) ? 1 : 0) + + + ((opt. + list_options & LIST_SHOW_USER_NOTATIONS) ? 2 : + 0)); + + if (sig->flags.pref_ks + && (opt.list_options & LIST_SHOW_KEYSERVER_URLS)) + show_keyserver_url (sig, 3, 0); + + if (reason_text) + { + es_fprintf (es_stdout, " %s%s\n", + _("reason for revocation: "), reason_text); + if (reason_comment) + { + const byte *s, *s_lf; + size_t n, n_lf; + + s = reason_comment; + n = reason_commentlen; + s_lf = NULL; + do + { + /* We don't want any empty lines, so we skip them. */ + for (;n && *s == '\n'; s++, n--) + ; + if (n) + { + s_lf = memchr (s, '\n', n); + n_lf = s_lf? s_lf - s : n; + es_fprintf (es_stdout, " %s", + _("revocation comment: ")); + es_write_sanitized (es_stdout, s, n_lf, NULL, NULL); + es_putc ('\n', es_stdout); + s += n_lf; n -= n_lf; + } + } while (s_lf); + } + } + + xfree (reason_text); + xfree (reason_comment); + + /* fixme: check or list other sigs here */ + } + } + es_putc ('\n', es_stdout); + xfree (serialno); + xfree (hexgrip); +} + + +/* Do a simple key listing printing only the fingerprint and the mail + * address of valid keys. */ +static void +list_keyblock_simple (ctrl_t ctrl, kbnode_t keyblock) +{ + gpg_err_code_t ec; + kbnode_t kbctx; + kbnode_t node; + char hexfpr[2*MAX_FINGERPRINT_LEN+1]; + char *mbox; + + (void)ctrl; + + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; key lost!\n"); + dump_kbnode (keyblock); + return; + } + hexfingerprint (node->pkt->pkt.public_key, hexfpr, sizeof hexfpr); + + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = node->pkt->pkt.user_id; + + if (uid->attrib_data) + continue; + + if (uid->flags.expired || uid->flags.revoked) + continue; + + mbox = mailbox_from_userid (uid->name); + if (!mbox) + { + ec = gpg_err_code_from_syserror (); + if (ec != GPG_ERR_EINVAL) + log_error ("error getting mailbox from user-id: %s\n", + gpg_strerror (ec)); + continue; + } + es_fprintf (es_stdout, "%s %s\n", hexfpr, mbox); + xfree (mbox); + } + } +} + + +void +print_revokers (estream_t fp, PKT_public_key * pk) +{ + /* print the revoker record */ + if (!pk->revkey && pk->numrevkeys) + BUG (); + else + { + int i, j; + + for (i = 0; i < pk->numrevkeys; i++) + { + byte *p; + + es_fprintf (fp, "rvk:::%d::::::", pk->revkey[i].algid); + p = pk->revkey[i].fpr; + for (j = 0; j < 20; j++, p++) + es_fprintf (fp, "%02X", *p); + es_fprintf (fp, ":%02x%s:\n", + pk->revkey[i].class, + (pk->revkey[i].class & 0x40) ? "s" : ""); + } + } +} + + +/* Print the compliance flags to field 18. PK is the public key. + * KEYLENGTH is the length of the key in bits and CURVENAME is either + * NULL or the name of the curve. The latter two args are here + * merely because the caller has already computed them. */ +static void +print_compliance_flags (PKT_public_key *pk, + unsigned int keylength, const char *curvename) +{ + int any = 0; + + if (!keylength) + keylength = nbits_from_pk (pk); + + if (pk->version == 5) + { + es_fputs (gnupg_status_compliance_flag (CO_GNUPG), es_stdout); + any++; + } + if (gnupg_pk_is_compliant (CO_DE_VS, pk->pubkey_algo, 0, pk->pkey, + keylength, curvename)) + { + es_fprintf (es_stdout, any ? " %s" : "%s", + gnupg_status_compliance_flag (CO_DE_VS)); + any++; + } +} + + +/* List a key in colon mode. If SECRET is true this is a secret key + record (i.e. requested via --list-secret-key). If HAS_SECRET a + secret key is available even if SECRET is not set. */ +static void +list_keyblock_colon (ctrl_t ctrl, kbnode_t keyblock, + int secret, int has_secret) +{ + int rc; + KBNODE kbctx; + KBNODE node; + PKT_public_key *pk; + u32 keyid[2]; + int trustletter = 0; + int trustletter_print; + int ownertrust_print; + int ulti_hack = 0; + int i; + char *hexgrip_buffer = NULL; + const char *hexgrip = NULL; + char *serialno = NULL; + int stubkey; + unsigned int keylength; + char *curve = NULL; + const char *curvename = NULL; + + /* Get the keyid from the keyblock. */ + node = find_kbnode (keyblock, PKT_PUBLIC_KEY); + if (!node) + { + log_error ("Oops; key lost!\n"); + dump_kbnode (keyblock); + return; + } + + pk = node->pkt->pkt.public_key; + if (secret || has_secret || opt.with_keygrip || opt.with_key_data) + { + rc = hexkeygrip_from_pk (pk, &hexgrip_buffer); + if (rc) + log_error ("error computing a keygrip: %s\n", gpg_strerror (rc)); + /* In the error case we print an empty string so that we have a + * "grp" record for each and subkey - even if it is empty. This + * may help to prevent sync problems. */ + hexgrip = hexgrip_buffer? hexgrip_buffer : ""; + } + stubkey = 0; + if ((secret || has_secret) + && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + stubkey = 1; /* Key not found. */ + + keyid_from_pk (pk, keyid); + if (!pk->flags.valid) + trustletter_print = 'i'; + else if (pk->flags.revoked) + trustletter_print = 'r'; + else if (pk->has_expired) + trustletter_print = 'e'; + else if (opt.fast_list_mode || opt.no_expensive_trust_checks) + trustletter_print = 0; + else + { + trustletter = get_validity_info (ctrl, keyblock, pk, NULL); + if (trustletter == 'u') + ulti_hack = 1; + trustletter_print = trustletter; + } + + if (!opt.fast_list_mode && !opt.no_expensive_trust_checks) + ownertrust_print = get_ownertrust_info (ctrl, pk, 0); + else + ownertrust_print = 0; + + keylength = nbits_from_pk (pk); + + es_fputs (secret? "sec:":"pub:", es_stdout); + if (trustletter_print) + es_putc (trustletter_print, es_stdout); + es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s::", + keylength, + pk->pubkey_algo, + (ulong) keyid[0], (ulong) keyid[1], + colon_datestr_from_pk (pk), colon_strtime (pk->expiredate)); + + if (ownertrust_print) + es_putc (ownertrust_print, es_stdout); + es_putc (':', es_stdout); + + es_putc (':', es_stdout); + es_putc (':', es_stdout); + print_capabilities (ctrl, pk, keyblock); + es_putc (':', es_stdout); /* End of field 13. */ + es_putc (':', es_stdout); /* End of field 14. */ + if (secret || has_secret) + { + if (stubkey) + es_putc ('#', es_stdout); + else if (serialno) + es_fputs (serialno, es_stdout); + else if (has_secret) + es_putc ('+', es_stdout); + } + es_putc (':', es_stdout); /* End of field 15. */ + es_putc (':', es_stdout); /* End of field 16. */ + if (pk->pubkey_algo == PUBKEY_ALGO_ECDSA + || pk->pubkey_algo == PUBKEY_ALGO_EDDSA + || pk->pubkey_algo == PUBKEY_ALGO_ECDH) + { + curve = openpgp_oid_to_str (pk->pkey[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + es_fputs (curvename, es_stdout); + } + es_putc (':', es_stdout); /* End of field 17. */ + print_compliance_flags (pk, keylength, curvename); + es_putc (':', es_stdout); /* End of field 18 (compliance). */ + if (pk->keyupdate) + es_fputs (colon_strtime (pk->keyupdate), es_stdout); + es_putc (':', es_stdout); /* End of field 19 (last_update). */ + es_fprintf (es_stdout, "%d%s", pk->keyorg, pk->updateurl? " ":""); + if (pk->updateurl) + es_write_sanitized (es_stdout, pk->updateurl, strlen (pk->updateurl), + ":", NULL); + es_putc (':', es_stdout); /* End of field 20 (origin). */ + es_putc ('\n', es_stdout); + + print_revokers (es_stdout, pk); + print_fingerprint (ctrl, NULL, pk, 0); + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); + if (opt.with_key_data) + print_key_data (pk); + + for (kbctx = NULL; (node = walk_kbnode (keyblock, &kbctx, 0));) + { + if (node->pkt->pkttype == PKT_USER_ID) + { + PKT_user_id *uid = node->pkt->pkt.user_id; + int uid_validity; + + if (attrib_fp && uid->attrib_data != NULL) + dump_attribs (uid, pk); + + if (uid->flags.revoked) + uid_validity = 'r'; + else if (uid->flags.expired) + uid_validity = 'e'; + else if (opt.no_expensive_trust_checks) + uid_validity = 0; + else if (ulti_hack) + uid_validity = 'u'; + else + uid_validity = get_validity_info (ctrl, keyblock, pk, uid); + + es_fputs (uid->attrib_data? "uat:":"uid:", es_stdout); + if (uid_validity) + es_putc (uid_validity, es_stdout); + es_fputs ("::::", es_stdout); + + es_fprintf (es_stdout, "%s:", colon_strtime (uid->created)); + es_fprintf (es_stdout, "%s:", colon_strtime (uid->expiredate)); + + namehash_from_uid (uid); + + for (i = 0; i < 20; i++) + es_fprintf (es_stdout, "%02X", uid->namehash[i]); + + es_fprintf (es_stdout, "::"); + + if (uid->attrib_data) + es_fprintf (es_stdout, "%u %lu", uid->numattribs, uid->attrib_len); + else + es_write_sanitized (es_stdout, uid->name, uid->len, ":", NULL); + es_fputs (":::::::::", es_stdout); + if (uid->keyupdate) + es_fputs (colon_strtime (uid->keyupdate), es_stdout); + es_putc (':', es_stdout); /* End of field 19 (last_update). */ + es_fprintf (es_stdout, "%d%s", uid->keyorg, uid->updateurl? " ":""); + if (uid->updateurl) + es_write_sanitized (es_stdout, + uid->updateurl, strlen (uid->updateurl), + ":", NULL); + es_putc (':', es_stdout); /* End of field 20 (origin). */ + es_putc ('\n', es_stdout); +#ifdef USE_TOFU + if (!uid->attrib_data && opt.with_tofu_info + && (opt.trust_model == TM_TOFU || opt.trust_model == TM_TOFU_PGP)) + { + /* Print a "tfs" record. */ + tofu_write_tfs_record (ctrl, es_stdout, pk, uid->name); + } +#endif /*USE_TOFU*/ + } + else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY) + { + u32 keyid2[2]; + PKT_public_key *pk2; + int need_hexgrip = !!hexgrip; + + pk2 = node->pkt->pkt.public_key; + xfree (hexgrip_buffer); hexgrip_buffer = NULL; hexgrip = NULL; + xfree (serialno); serialno = NULL; + if (need_hexgrip + || secret || has_secret || opt.with_keygrip || opt.with_key_data) + { + rc = hexkeygrip_from_pk (pk2, &hexgrip_buffer); + if (rc) + log_error ("error computing a keygrip: %s\n", + gpg_strerror (rc)); + hexgrip = hexgrip_buffer? hexgrip_buffer : ""; + } + stubkey = 0; + if ((secret||has_secret) + && agent_get_keyinfo (NULL, hexgrip, &serialno, NULL)) + stubkey = 1; /* Key not found. */ + + keyid_from_pk (pk2, keyid2); + es_fputs (secret? "ssb:":"sub:", es_stdout); + if (!pk2->flags.valid) + es_putc ('i', es_stdout); + else if (pk2->flags.revoked) + es_putc ('r', es_stdout); + else if (pk2->has_expired) + es_putc ('e', es_stdout); + else if (opt.fast_list_mode || opt.no_expensive_trust_checks) + ; + else + { + /* TRUSTLETTER should always be defined here. */ + if (trustletter) + es_fprintf (es_stdout, "%c", trustletter); + } + keylength = nbits_from_pk (pk2); + es_fprintf (es_stdout, ":%u:%d:%08lX%08lX:%s:%s:::::", + keylength, + pk2->pubkey_algo, + (ulong) keyid2[0], (ulong) keyid2[1], + colon_datestr_from_pk (pk2), + colon_strtime (pk2->expiredate)); + print_capabilities (ctrl, pk2, NULL); + es_putc (':', es_stdout); /* End of field 13. */ + es_putc (':', es_stdout); /* End of field 14. */ + if (secret || has_secret) + { + if (stubkey) + es_putc ('#', es_stdout); + else if (serialno) + es_fputs (serialno, es_stdout); + else if (has_secret) + es_putc ('+', es_stdout); + } + es_putc (':', es_stdout); /* End of field 15. */ + es_putc (':', es_stdout); /* End of field 16. */ + if (pk2->pubkey_algo == PUBKEY_ALGO_ECDSA + || pk2->pubkey_algo == PUBKEY_ALGO_EDDSA + || pk2->pubkey_algo == PUBKEY_ALGO_ECDH) + { + xfree (curve); + curve = openpgp_oid_to_str (pk2->pkey[0]); + curvename = openpgp_oid_to_curve (curve, 0); + if (!curvename) + curvename = curve; + es_fputs (curvename, es_stdout); + } + es_putc (':', es_stdout); /* End of field 17. */ + print_compliance_flags (pk2, keylength, curvename); + es_putc (':', es_stdout); /* End of field 18. */ + es_putc ('\n', es_stdout); + print_fingerprint (ctrl, NULL, pk2, 0); + if (hexgrip) + es_fprintf (es_stdout, "grp:::::::::%s:\n", hexgrip); + if (opt.with_key_data) + print_key_data (pk2); + } + else if (opt.list_sigs && node->pkt->pkttype == PKT_SIGNATURE) + { + PKT_signature *sig = node->pkt->pkt.signature; + int sigrc, fprokay = 0; + char *sigstr; + size_t fplen; + byte fparray[MAX_FINGERPRINT_LEN]; + char *siguid; + size_t siguidlen; + char *issuer_fpr = NULL; + char *reason_text = NULL; + char *reason_comment = NULL; + size_t reason_commentlen; + int reason_code; + + if (sig->sig_class == 0x20 || sig->sig_class == 0x28 + || sig->sig_class == 0x30) + { + sigstr = "rev"; + reason_code = get_revocation_reason (sig, &reason_text, + &reason_comment, + &reason_commentlen); + } + else if ((sig->sig_class & ~3) == 0x10) + sigstr = "sig"; + else if (sig->sig_class == 0x18) + sigstr = "sig"; + else if (sig->sig_class == 0x1F) + sigstr = "sig"; + else + { + es_fprintf (es_stdout, "sig::::::::::%02x%c:\n", + sig->sig_class, sig->flags.exportable ? 'x' : 'l'); + continue; + } + + if (opt.check_sigs) + { + PKT_public_key *signer_pk = NULL; + + es_fflush (es_stdout); + if (opt.no_sig_cache) + signer_pk = xmalloc_clear (sizeof (PKT_public_key)); + + rc = check_key_signature2 (ctrl, keyblock, node, NULL, signer_pk, + NULL, NULL, NULL); + switch (gpg_err_code (rc)) + { + case 0: + sigrc = '!'; + break; + case GPG_ERR_BAD_SIGNATURE: + sigrc = '-'; + break; + case GPG_ERR_NO_PUBKEY: + case GPG_ERR_UNUSABLE_PUBKEY: + sigrc = '?'; + break; + default: + sigrc = '%'; + break; + } + + if (opt.no_sig_cache) + { + if (!rc) + { + fingerprint_from_pk (signer_pk, fparray, &fplen); + fprokay = 1; + } + free_public_key (signer_pk); + } + } + else + { + rc = 0; + sigrc = ' '; /* Note the fix-up below in --list-sigs mode. */ + } + + if (sigrc != '%' && sigrc != '?' && !opt.fast_list_mode) + { + int nouid; + siguid = get_user_id (ctrl, sig->keyid, &siguidlen, &nouid); + if (!opt.check_sigs && nouid) + sigrc = '?'; /* No key in local keyring. */ + } + else + { + siguid = NULL; + siguidlen = 0; + } + + + es_fputs (sigstr, es_stdout); + es_putc (':', es_stdout); + if (sigrc != ' ') + es_putc (sigrc, es_stdout); + es_fprintf (es_stdout, "::%d:%08lX%08lX:%s:%s:", sig->pubkey_algo, + (ulong) sig->keyid[0], (ulong) sig->keyid[1], + colon_datestr_from_sig (sig), + colon_expirestr_from_sig (sig)); + + if (sig->trust_depth || sig->trust_value) + es_fprintf (es_stdout, "%d %d", sig->trust_depth, sig->trust_value); + es_fprintf (es_stdout, ":"); + + if (sig->trust_regexp) + es_write_sanitized (es_stdout, sig->trust_regexp, + strlen (sig->trust_regexp), ":", NULL); + es_fprintf (es_stdout, ":"); + + if (sigrc == '%') + es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc)); + else if (siguid) + es_write_sanitized (es_stdout, siguid, siguidlen, ":", NULL); + + es_fprintf (es_stdout, ":%02x%c", sig->sig_class, + sig->flags.exportable ? 'x' : 'l'); + if (reason_text) + es_fprintf (es_stdout, ",%02x", reason_code); + es_fputs ("::", es_stdout); + + if (opt.no_sig_cache && opt.check_sigs && fprokay) + { + for (i = 0; i < fplen; i++) + es_fprintf (es_stdout, "%02X", fparray[i]); + } + else if ((issuer_fpr = issuer_fpr_string (sig))) + es_fputs (issuer_fpr, es_stdout); + + es_fprintf (es_stdout, ":::%d:", sig->digest_algo); + + if (reason_comment) + { + es_fputs ("::::", es_stdout); + es_write_sanitized (es_stdout, reason_comment, reason_commentlen, + ":", NULL); + es_putc (':', es_stdout); + } + es_putc ('\n', es_stdout); + + if (opt.show_subpackets) + print_subpackets_colon (sig); + + /* fixme: check or list other sigs here */ + xfree (reason_text); + xfree (reason_comment); + xfree (siguid); + xfree (issuer_fpr); + } + } + + xfree (curve); + xfree (hexgrip_buffer); + xfree (serialno); +} + +/* + * Reorder the keyblock so that the primary user ID (and not attribute + * packet) comes first. Fixme: Replace this by a generic sort + * function. */ +static void +do_reorder_keyblock (KBNODE keyblock, int attr) +{ + KBNODE primary = NULL, primary0 = NULL, primary2 = NULL; + KBNODE last, node; + + for (node = keyblock; node; primary0 = node, node = node->next) + { + if (node->pkt->pkttype == PKT_USER_ID && + ((attr && node->pkt->pkt.user_id->attrib_data) || + (!attr && !node->pkt->pkt.user_id->attrib_data)) && + node->pkt->pkt.user_id->flags.primary) + { + primary = primary2 = node; + for (node = node->next; node; primary2 = node, node = node->next) + { + if (node->pkt->pkttype == PKT_USER_ID + || node->pkt->pkttype == PKT_PUBLIC_SUBKEY + || node->pkt->pkttype == PKT_SECRET_SUBKEY) + { + break; + } + } + break; + } + } + if (!primary) + return; /* No primary key flag found (should not happen). */ + + for (last = NULL, node = keyblock; node; last = node, node = node->next) + { + if (node->pkt->pkttype == PKT_USER_ID) + break; + } + log_assert (node); + log_assert (last); /* The user ID is never the first packet. */ + log_assert (primary0); /* Ditto (this is the node before primary). */ + if (node == primary) + return; /* Already the first one. */ + + last->next = primary; + primary0->next = primary2->next; + primary2->next = node; +} + +void +reorder_keyblock (KBNODE keyblock) +{ + do_reorder_keyblock (keyblock, 1); + do_reorder_keyblock (keyblock, 0); +} + +static void +list_keyblock (ctrl_t ctrl, + KBNODE keyblock, int secret, int has_secret, int fpr, + struct keylist_context *listctx) +{ + reorder_keyblock (keyblock); + + if (opt.with_colons) + list_keyblock_colon (ctrl, keyblock, secret, has_secret); + else if ((opt.list_options & LIST_SHOW_ONLY_FPR_MBOX)) + { + if (!listctx->no_validity) + check_trustdb_stale (ctrl); + list_keyblock_simple (ctrl, keyblock); + } + else + list_keyblock_print (ctrl, keyblock, secret, fpr, listctx); + + if (secret) + es_fflush (es_stdout); +} + + +/* Public function used by keygen to list a keyblock. If NO_VALIDITY + * is set the validity of a key is never shown. */ +void +list_keyblock_direct (ctrl_t ctrl, + kbnode_t keyblock, int secret, int has_secret, int fpr, + int no_validity) +{ + struct keylist_context listctx; + + memset (&listctx, 0, sizeof (listctx)); + listctx.no_validity = !!no_validity; + list_keyblock (ctrl, keyblock, secret, has_secret, fpr, &listctx); + keylist_context_release (&listctx); +} + + +/* Print an hex digit in ICAO spelling. */ +static void +print_icao_hexdigit (estream_t fp, int c) +{ + static const char *list[16] = { + "Zero", "One", "Two", "Three", "Four", "Five", "Six", "Seven", + "Eight", "Niner", "Alfa", "Bravo", "Charlie", "Delta", "Echo", "Foxtrot" + }; + + tty_fprintf (fp, "%s", list[c&15]); +} + + +/* + * Function to print the finperprint. + * mode 0: as used in key listings, opt.with_colons is honored + * 1: print using log_info () + * 2: direct use of tty + * 3: direct use of tty but only primary key. + * 4: direct use of tty but only subkey. + * 10: Same as 0 but with_colons etc is ignored. + * 20: Same as 0 but using a compact format. + * + * Modes 1 and 2 will try and print both subkey and primary key + * fingerprints. A MODE with bit 7 set is used internally. If + * OVERRIDE_FP is not NULL that stream will be used in 0 instead + * of es_stdout or instead of the TTY in modes 2 and 3. + */ +void +print_fingerprint (ctrl_t ctrl, estream_t override_fp, + PKT_public_key *pk, int mode) +{ + char hexfpr[2*MAX_FINGERPRINT_LEN+1]; + char *p; + size_t i; + estream_t fp; + const char *text; + int primary = 0; + int with_colons = opt.with_colons; + int with_icao = opt.with_icao_spelling; + int compact = 0; + + if (mode == 10) + { + mode = 0; + with_colons = 0; + with_icao = 0; + } + else if (mode == 20) + { + mode = 0; + with_colons = 0; + compact = 1; + } + + if (!opt.fingerprint && !opt.with_fingerprint + && opt.with_subkey_fingerprint) + compact = 1; + + if (pk->main_keyid[0] == pk->keyid[0] + && pk->main_keyid[1] == pk->keyid[1]) + primary = 1; + + /* Just to be safe */ + if ((mode & 0x80) && !primary) + { + log_error ("primary key is not really primary!\n"); + return; + } + + mode &= ~0x80; + + if (!primary && (mode == 1 || mode == 2)) + { + PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk)); + get_pubkey (ctrl, primary_pk, pk->main_keyid); + print_fingerprint (ctrl, override_fp, primary_pk, (mode | 0x80)); + free_public_key (primary_pk); + } + + if (mode == 1) + { + fp = log_get_stream (); + if (primary) + text = _("Primary key fingerprint:"); + else + text = _(" Subkey fingerprint:"); + } + else if (mode == 2) + { + fp = override_fp; /* Use tty or given stream. */ + if (primary) + /* TRANSLATORS: this should fit into 24 bytes so that the + * fingerprint data is properly aligned with the user ID */ + text = _(" Primary key fingerprint:"); + else + text = _(" Subkey fingerprint:"); + } + else if (mode == 3) + { + fp = override_fp; /* Use tty or given stream. */ + text = _(" Key fingerprint ="); + } + else if (mode == 4) + { + fp = override_fp; /* Use tty or given stream. */ + text = _(" Subkey fingerprint:"); + } + else + { + fp = override_fp? override_fp : es_stdout; + if (opt.keyid_format == KF_NONE) + { + text = " "; /* To indent ICAO spelling. */ + compact = 1; + } + else + text = _(" Key fingerprint ="); + } + + hexfingerprint (pk, hexfpr, sizeof hexfpr); + if (with_colons && !mode) + { + es_fprintf (fp, "fpr:::::::::%s:", hexfpr); + } + else if (compact && !opt.fingerprint && !opt.with_fingerprint) + { + tty_fprintf (fp, "%*s%s", 6, "", hexfpr); + } + else + { + char fmtfpr[MAX_FORMATTED_FINGERPRINT_LEN + 1]; + format_hexfingerprint (hexfpr, fmtfpr, sizeof fmtfpr); + if (compact) + tty_fprintf (fp, "%*s%s", 6, "", fmtfpr); + else + tty_fprintf (fp, "%s %s", text, fmtfpr); + } + tty_fprintf (fp, "\n"); + if (!with_colons && with_icao) + { + ; + tty_fprintf (fp, "%*s\"", (int)strlen(text)+1, ""); + for (i = 0, p = hexfpr; *p; i++, p++) + { + if (!i) + ; + else if (!(i%8)) + tty_fprintf (fp, "\n%*s ", (int)strlen(text)+1, ""); + else if (!(i%4)) + tty_fprintf (fp, " "); + else + tty_fprintf (fp, " "); + print_icao_hexdigit (fp, xtoi_1 (p)); + } + tty_fprintf (fp, "\"\n"); + } +} + +/* Print the serial number of an OpenPGP card if available. */ +static void +print_card_serialno (const char *serialno) +{ + if (!serialno) + return; + if (opt.with_colons) + return; /* Handled elsewhere. */ + + es_fputs (_(" Card serial no. ="), es_stdout); + es_putc (' ', es_stdout); + if (strlen (serialno) == 32 && !strncmp (serialno, "D27600012401", 12)) + { + /* This is an OpenPGP card. Print the relevant part. */ + /* Example: D2760001240101010001000003470000 */ + /* xxxxyyyyyyyy */ + es_fprintf (es_stdout, "%.*s %.*s", 4, serialno+16, 8, serialno+20); + } + else + es_fputs (serialno, es_stdout); + es_putc ('\n', es_stdout); +} + + +/* Print a public or secret (sub)key line. Example: + * + * pub dsa2048 2007-12-31 [SC] [expires: 2018-12-31] + * 80615870F5BAD690333686D0F2AD85AC1E42B367 + * + * Some global options may result in a different output format. If + * SECRET is set, "sec" or "ssb" is used instead of "pub" or "sub" and + * depending on the value a flag character is shown: + * + * 1 := ' ' Regular secret key + * 2 := '#' Stub secret key + * 3 := '>' Secret key is on a token. + */ +void +print_key_line (ctrl_t ctrl, estream_t fp, PKT_public_key *pk, int secret) +{ + char pkstrbuf[PUBKEY_STRING_SIZE]; + + tty_fprintf (fp, "%s%c %s", + pk->flags.primary? (secret? "sec":"pub") + /**/ : (secret? "ssb":"sub"), + secret == 2? '#' : secret == 3? '>' : ' ', + pubkey_string (pk, pkstrbuf, sizeof pkstrbuf)); + if (opt.keyid_format != KF_NONE) + tty_fprintf (fp, "/%s", keystr_from_pk (pk)); + tty_fprintf (fp, " %s", datestr_from_pk (pk)); + + if (pk->flags.primary + && !(openpgp_pk_algo_usage (pk->pubkey_algo) + & (PUBKEY_USAGE_CERT| PUBKEY_USAGE_SIG|PUBKEY_USAGE_AUTH))) + { + /* A primary key which is really not capable to sign. */ + tty_fprintf (fp, " [INVALID_ALGO]"); + } + else if ((opt.list_options & LIST_SHOW_USAGE)) + { + tty_fprintf (fp, " [%s]", usagestr_from_pk (pk, 0)); + } + + if (pk->flags.revoked) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("revoked: %s"), revokestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->has_expired) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expired: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + else if (pk->expiredate) + { + tty_fprintf (fp, " ["); + tty_fprintf (fp, _("expires: %s"), expirestr_from_pk (pk)); + tty_fprintf (fp, "]"); + } + +#if 0 + /* I need to think about this some more. It's easy enough to + include, but it looks sort of confusing in the listing... */ + if (opt.list_options & LIST_SHOW_VALIDITY) + { + int validity = get_validity (ctrl, pk, NULL, NULL, 0); + tty_fprintf (fp, " [%s]", trust_value_to_string (validity)); + } +#endif + + if (pk->pubkey_algo >= 100) + tty_fprintf (fp, " [experimental algorithm %d]", pk->pubkey_algo); + + tty_fprintf (fp, "\n"); + + /* if the user hasn't explicitly asked for human-readable + fingerprints, show compact fpr of primary key: */ + if (pk->flags.primary && + !opt.fingerprint && !opt.with_fingerprint) + print_fingerprint (ctrl, fp, pk, 20); +} + + +void +set_attrib_fd (int fd) +{ + static int last_fd = -1; + + if (fd != -1 && last_fd == fd) + return; + + /* Fixme: Do we need to check for the log stream here? */ + if (attrib_fp && attrib_fp != log_get_stream ()) + es_fclose (attrib_fp); + attrib_fp = NULL; + if (fd == -1) + return; + + if (! gnupg_fd_valid (fd)) + log_fatal ("attribute-fd is invalid: %s\n", strerror (errno)); + +#ifdef HAVE_DOSISH_SYSTEM + setmode (fd, O_BINARY); +#endif + if (fd == 1) + attrib_fp = es_stdout; + else if (fd == 2) + attrib_fp = es_stderr; + else + attrib_fp = es_fdopen (fd, "wb"); + if (!attrib_fp) + { + log_fatal ("can't open fd %d for attribute output: %s\n", + fd, strerror (errno)); + } + + last_fd = fd; +} |