diff options
Diffstat (limited to 'g10/keydb.h')
-rw-r--r-- | g10/keydb.h | 570 |
1 files changed, 570 insertions, 0 deletions
diff --git a/g10/keydb.h b/g10/keydb.h new file mode 100644 index 0000000..0f8d711 --- /dev/null +++ b/g10/keydb.h @@ -0,0 +1,570 @@ +/* keydb.h - Key database + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, + * 2006, 2010 Free Software Foundation, Inc. + * Copyright (C) 2015, 2016 g10 Code GmbH + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <https://www.gnu.org/licenses/>. + */ + +#ifndef G10_KEYDB_H +#define G10_KEYDB_H + +#include "../common/types.h" +#include "../common/util.h" +#include "packet.h" + +/* What qualifies as a certification (key-signature in contrast to a + * data signature)? Note that a back signature is special and can be + * made by key and data signatures capable subkeys.) */ +#define IS_CERT(s) (IS_KEY_SIG(s) || IS_UID_SIG(s) || IS_SUBKEY_SIG(s) \ + || IS_KEY_REV(s) || IS_UID_REV(s) || IS_SUBKEY_REV(s)) +#define IS_SIG(s) (!IS_CERT(s)) +#define IS_KEY_SIG(s) ((s)->sig_class == 0x1f) +#define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10) +#define IS_SUBKEY_SIG(s) ((s)->sig_class == 0x18) +#define IS_BACK_SIG(s) ((s)->sig_class == 0x19) +#define IS_KEY_REV(s) ((s)->sig_class == 0x20) +#define IS_UID_REV(s) ((s)->sig_class == 0x30) +#define IS_SUBKEY_REV(s) ((s)->sig_class == 0x28) + +struct getkey_ctx_s; +typedef struct getkey_ctx_s *GETKEY_CTX; +typedef struct getkey_ctx_s *getkey_ctx_t; + +/**************** + * A Keyblock is all packets which form an entire certificate; + * i.e. the public key, certificate, trust packets, user ids, + * signatures, and subkey. + * + * This structure is also used to bind arbitrary packets together. + */ + +struct kbnode_struct +{ + kbnode_t next; + PACKET *pkt; + int flag; /* Local use during keyblock processing (not cloned).*/ + unsigned int tag; /* Ditto. */ + int private_flag; +}; + +#define is_deleted_kbnode(a) ((a)->private_flag & 1) +#define is_cloned_kbnode(a) ((a)->private_flag & 2) + + +/* + * A structure to store key identification as well as some stuff + * needed for key validation. + */ +struct key_item { + struct key_item *next; + unsigned int ownertrust,min_ownertrust; + byte trust_depth; + byte trust_value; + char *trust_regexp; + u32 kid[2]; +}; + + +/* Bit flags used with build_pk_list. */ +enum + { + PK_LIST_ENCRYPT_TO = 1, /* This is an encrypt-to recipient. */ + PK_LIST_HIDDEN = 2, /* This is a hidden recipient. */ + PK_LIST_CONFIG = 4, /* Specified via config file. */ + PK_LIST_FROM_FILE = 8 /* Take key from file with that name. */ + }; + +/* To store private data in the flags the private data must be left + * shifted by this value. */ +enum + { + PK_LIST_SHIFT = 4 + }; + + +/* Structure to hold a couple of public key certificates. */ +typedef struct pk_list *PK_LIST; /* Deprecated. */ +typedef struct pk_list *pk_list_t; +struct pk_list +{ + PK_LIST next; + PKT_public_key *pk; + int flags; /* See PK_LIST_ constants. */ +}; + +/* Structure to hold a list of secret key certificates. */ +typedef struct sk_list *SK_LIST; +struct sk_list +{ + SK_LIST next; + PKT_public_key *pk; + int mark; /* not used */ +}; + +/* structure to collect all information which can be used to + * identify a public key */ +typedef struct pubkey_find_info *PUBKEY_FIND_INFO; +struct pubkey_find_info { + u32 keyid[2]; + unsigned nbits; + byte pubkey_algo; + byte fingerprint[MAX_FINGERPRINT_LEN]; + char userid[1]; +}; + + +/* Helper type for preference functions. */ +struct pref_hint +{ + int digest_length; /* We want at least this digest length. */ + int exact; /* We need to use exactly this length. */ +}; + + +/* Constants to describe from where a key was fetched or updated. */ +enum + { + KEYORG_UNKNOWN = 0, + KEYORG_KS = 1, /* Public keyserver. */ + KEYORG_KS_PREF = 2, /* Preferred keysrver. */ + KEYORG_DANE = 3, /* OpenPGP DANE. */ + KEYORG_WKD = 4, /* Web Key Directory. */ + KEYORG_URL = 5, /* Trusted URL. */ + KEYORG_FILE = 6, /* Trusted file. */ + KEYORG_SELF = 7 /* We generated it. */ + }; + + +/* + * Check whether the signature SIG is in the klist K. + */ +static inline struct key_item * +is_in_klist (struct key_item *k, PKT_signature *sig) +{ + for (; k; k = k->next) + { + if (k->kid[0] == sig->keyid[0] && k->kid[1] == sig->keyid[1]) + return k; + } + return NULL; +} + + + +/*-- keydb.c --*/ + +#define KEYDB_RESOURCE_FLAG_PRIMARY 2 /* The primary resource. */ +#define KEYDB_RESOURCE_FLAG_DEFAULT 4 /* The default one. */ +#define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */ +#define KEYDB_RESOURCE_FLAG_GPGVDEF 16 /* Default file for gpgv. */ + +/* Format a search term for debugging output. The caller must free + the result. */ +char *keydb_search_desc_dump (struct keydb_search_desc *desc); + +/* Register a resource (keyring or keybox). */ +gpg_error_t keydb_add_resource (const char *url, unsigned int flags); + +/* Dump some statistics to the log. */ +void keydb_dump_stats (void); + +/* Create a new database handle. Returns NULL on error, sets ERRNO, + and prints an error diagnostic. */ +KEYDB_HANDLE keydb_new (void); + +/* Free all resources owned by the database handle. */ +void keydb_release (KEYDB_HANDLE hd); + +/* Take a lock on the files immediately and not only during insert or + * update. This lock is released with keydb_release. */ +gpg_error_t keydb_lock (KEYDB_HANDLE hd); + +/* Set a flag on the handle to suppress use of cached results. This + is required for updating a keyring and for key listings. Fixme: + Using a new parameter for keydb_new might be a better solution. */ +void keydb_disable_caching (KEYDB_HANDLE hd); + +/* Save the last found state and invalidate the current selection. */ +void keydb_push_found_state (KEYDB_HANDLE hd); + +/* Restore the previous save state. */ +void keydb_pop_found_state (KEYDB_HANDLE hd); + +/* Return the file name of the resource. */ +const char *keydb_get_resource_name (KEYDB_HANDLE hd); + +/* Return the keyblock last found by keydb_search. */ +gpg_error_t keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb); + +/* Update the keyblock KB. */ +gpg_error_t keydb_update_keyblock (ctrl_t ctrl, KEYDB_HANDLE hd, kbnode_t kb); + +/* Insert a keyblock into one of the underlying keyrings or keyboxes. */ +gpg_error_t keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb); + +/* Delete the currently selected keyblock. */ +gpg_error_t keydb_delete_keyblock (KEYDB_HANDLE hd); + +/* Find the first writable resource. */ +gpg_error_t keydb_locate_writable (KEYDB_HANDLE hd); + +/* Rebuild the on-disk caches of all key resources. */ +void keydb_rebuild_caches (ctrl_t ctrl, int noisy); + +/* Return the number of skipped blocks (because they were to large to + read from a keybox) since the last search reset. */ +unsigned long keydb_get_skipped_counter (KEYDB_HANDLE hd); + +/* Clears the current search result and resets the handle's position. */ +gpg_error_t keydb_search_reset (KEYDB_HANDLE hd); + +/* Search the database for keys matching the search description. */ +gpg_error_t keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, + size_t ndesc, size_t *descindex); + +/* Return the first non-legacy key in the database. */ +gpg_error_t keydb_search_first (KEYDB_HANDLE hd); + +/* Return the next key (not the next matching key!). */ +gpg_error_t keydb_search_next (KEYDB_HANDLE hd); + +/* This is a convenience function for searching for keys with a long + key id. */ +gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid); + +/* This is a convenience function for searching for keys with a long + (20 byte) fingerprint. */ +gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr); + + +/*-- pkclist.c --*/ +void show_revocation_reason (ctrl_t ctrl, PKT_public_key *pk, int mode ); +int check_signatures_trust (ctrl_t ctrl, PKT_signature *sig); + +void release_pk_list (PK_LIST pk_list); +int build_pk_list (ctrl_t ctrl, strlist_t rcpts, PK_LIST *ret_pk_list); +gpg_error_t find_and_check_key (ctrl_t ctrl, + const char *name, unsigned int use, + int mark_hidden, int from_file, + pk_list_t *pk_list_addr); + +int algo_available( preftype_t preftype, int algo, + const struct pref_hint *hint ); +int select_algo_from_prefs( PK_LIST pk_list, int preftype, + int request, const struct pref_hint *hint); +int select_mdc_from_pklist (PK_LIST pk_list); +void warn_missing_mdc_from_pklist (PK_LIST pk_list); +void warn_missing_aes_from_pklist (PK_LIST pk_list); + +/*-- skclist.c --*/ +int random_is_faked (void); +void release_sk_list( SK_LIST sk_list ); +gpg_error_t build_sk_list (ctrl_t ctrl, strlist_t locusr, + SK_LIST *ret_sk_list, unsigned use); + +/*-- passphrase.h --*/ + +/* Flags for passphrase_to_dek */ +#define GETPASSWORD_FLAG_SYMDECRYPT 1 + + +unsigned char encode_s2k_iterations (int iterations); +int have_static_passphrase(void); +const char *get_static_passphrase (void); +void set_passphrase_from_string(const char *pass); +void read_passphrase_from_fd( int fd ); +void passphrase_clear_cache (const char *cacheid); +DEK *passphrase_to_dek (int cipher_algo, STRING2KEY *s2k, + int create, int nocache, + const char *tryagain_text, unsigned int flags, + int *canceled); +void set_next_passphrase( const char *s ); +char *get_last_passphrase(void); +void next_to_last_passphrase(void); + +void emit_status_need_passphrase (ctrl_t ctrl, u32 *keyid, + u32 *mainkeyid, int pubkey_algo); + +#define FORMAT_KEYDESC_NORMAL 0 +#define FORMAT_KEYDESC_IMPORT 1 +#define FORMAT_KEYDESC_EXPORT 2 +#define FORMAT_KEYDESC_DELKEY 3 +char *gpg_format_keydesc (ctrl_t ctrl, + PKT_public_key *pk, int mode, int escaped); + + +/*-- getkey.c --*/ + +/* Cache a copy of a public key in the public key cache. */ +void cache_public_key( PKT_public_key *pk ); + +/* Disable and drop the public key cache. */ +void getkey_disable_caches(void); + +/* Return the public key used for signature SIG and store it at PK. */ +gpg_error_t get_pubkey_for_sig (ctrl_t ctrl, + PKT_public_key *pk, PKT_signature *sig, + PKT_public_key *forced_pk); + +/* Return the public key with the key id KEYID and store it at PK. */ +int get_pubkey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid); + +/* Same as get_pubkey but with auto LDAP fetch. */ +gpg_error_t get_pubkey_with_ldap_fallback (ctrl_t ctrl, + PKT_public_key *pk, u32 * keyid); + +/* Similar to get_pubkey, but it does not take PK->REQ_USAGE into + account nor does it merge in the self-signed data. This function + also only considers primary keys. */ +int get_pubkey_fast (PKT_public_key *pk, u32 *keyid); + +/* Return the entire keyblock used to create SIG. This is a + * specialized version of get_pubkeyblock. */ +kbnode_t get_pubkeyblock_for_sig (ctrl_t ctrl, PKT_signature *sig); + +/* Return the key block for the key with KEYID. */ +kbnode_t get_pubkeyblock (ctrl_t ctrl, u32 *keyid); + +/* A list used by get_pubkeys to gather all of the matches. */ +struct pubkey_s +{ + struct pubkey_s *next; + /* The key to use (either the public key or the subkey). */ + PKT_public_key *pk; + kbnode_t keyblock; +}; +typedef struct pubkey_s *pubkey_t; + +/* Free a list of public keys. */ +void pubkeys_free (pubkey_t keys); + + +/* Mode flags for get_pubkey_byname. */ +enum get_pubkey_modes + { + GET_PUBKEY_NORMAL = 0, + GET_PUBKEY_NO_AKL = 1, + GET_PUBKEY_NO_LOCAL = 2 + }; + +/* Find a public key identified by NAME. */ +int get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, + GETKEY_CTX *retctx, PKT_public_key *pk, + const char *name, + KBNODE *ret_keyblock, KEYDB_HANDLE *ret_kdbhd, + int include_unusable); + +/* Likewise, but only return the best match if NAME resembles a mail + * address. */ +gpg_error_t get_best_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, + GETKEY_CTX *retctx, PKT_public_key *pk, + const char *name, KBNODE *ret_keyblock, + int include_unusable); + +/* Get a public key directly from file FNAME. */ +gpg_error_t get_pubkey_fromfile (ctrl_t ctrl, + PKT_public_key *pk, const char *fname); + +/* Get a public key from a buffer. */ +gpg_error_t get_pubkey_from_buffer (ctrl_t ctrl, PKT_public_key *pkbuf, + const void *buffer, size_t buflen, + u32 *want_keyid, kbnode_t *r_keyblock); + +/* Return the public key with the key id KEYID iff the secret key is + * available and store it at PK. */ +gpg_error_t get_seckey (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid); + +/* Lookup a key with the specified fingerprint. */ +int get_pubkey_byfprint (ctrl_t ctrl, PKT_public_key *pk, kbnode_t *r_keyblock, + const byte *fprint, size_t fprint_len); + +/* This function is similar to get_pubkey_byfprint, but it doesn't + merge the self-signed data into the public key and subkeys or into + the user ids. */ +gpg_error_t get_pubkey_byfprint_fast (PKT_public_key *pk, + const byte *fprint, size_t fprint_len); + +/* This function is similar to get_pubkey_byfprint, but it doesn't + merge the self-signed data into the public key and subkeys or into + the user ids. */ +gpg_error_t get_keyblock_byfprint_fast (kbnode_t *r_keyblock, + KEYDB_HANDLE *r_hd, + const byte *fprint, size_t fprint_len, + int lock); + + +/* Returns true if a secret key is available for the public key with + key id KEYID. */ +int have_secret_key_with_kid (u32 *keyid); + +/* Parse the --default-key parameter. Returns the last key (in terms + of when the option is given) that is available. */ +const char *parse_def_secret_key (ctrl_t ctrl); + +/* Look up a secret key. */ +gpg_error_t get_seckey_default (ctrl_t ctrl, PKT_public_key *pk); +gpg_error_t get_seckey_default_or_card (ctrl_t ctrl, PKT_public_key *pk, + const byte *fpr, size_t fpr_len); + +/* Search for keys matching some criteria. */ +gpg_error_t getkey_bynames (ctrl_t ctrl, + getkey_ctx_t *retctx, PKT_public_key *pk, + strlist_t names, int want_secret, + kbnode_t *ret_keyblock); + +/* Search for one key matching some criteria. */ +gpg_error_t getkey_byname (ctrl_t ctrl, + getkey_ctx_t *retctx, PKT_public_key *pk, + const char *name, int want_secret, + kbnode_t *ret_keyblock); + +/* Return the next search result. */ +gpg_error_t getkey_next (ctrl_t ctrl, getkey_ctx_t ctx, + PKT_public_key *pk, kbnode_t *ret_keyblock); + +/* Release any resources used by a key listing context. */ +void getkey_end (ctrl_t ctrl, getkey_ctx_t ctx); + +/* Return the database handle used by this context. The context still + owns the handle. */ +KEYDB_HANDLE get_ctx_handle(GETKEY_CTX ctx); + +/* Enumerate some secret keys. */ +gpg_error_t enum_secret_keys (ctrl_t ctrl, void **context, PKT_public_key *pk); + +/* Set the mainkey_id fields for all keys in KEYBLOCK. */ +void setup_main_keyids (kbnode_t keyblock); + +/* This function merges information from the self-signed data into the + data structures. */ +void merge_keys_and_selfsig (ctrl_t ctrl, kbnode_t keyblock); + +char *get_user_id_string_native (ctrl_t ctrl, u32 *keyid); +char *get_long_user_id_string (ctrl_t ctrl, u32 *keyid); +char *get_user_id (ctrl_t ctrl, u32 *keyid, size_t *rn, int *r_nouid); +char *get_user_id_native (ctrl_t ctrl, u32 *keyid); +char *get_user_id_byfpr (ctrl_t ctrl, const byte *fpr, size_t *rn); +char *get_user_id_byfpr_native (ctrl_t ctrl, const byte *fpr); + +void release_akl(void); +int akl_empty_or_only_local (void); +int parse_auto_key_locate(const char *options); +int parse_key_origin (char *string); +const char *key_origin_string (int origin); + +/*-- keyid.c --*/ +int pubkey_letter( int algo ); +char *pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize); +#define PUBKEY_STRING_SIZE 32 +u32 v3_keyid (gcry_mpi_t a, u32 *ki); +void hash_public_key( gcry_md_hd_t md, PKT_public_key *pk ); +char *format_keyid (u32 *keyid, int format, char *buffer, int len); + +/* Return PK's keyid. The memory is owned by PK. */ +u32 *pk_keyid (PKT_public_key *pk); + +/* Return the keyid of the primary key associated with PK. The memory + is owned by PK. */ +u32 *pk_main_keyid (PKT_public_key *pk); + +/* Order A and B. If A < B then return -1, if A == B then return 0, + and if A > B then return 1. */ +static int GPGRT_ATTR_UNUSED +keyid_cmp (const u32 *a, const u32 *b) +{ + if (a[0] < b[0]) + return -1; + if (a[0] > b[0]) + return 1; + if (a[1] < b[1]) + return -1; + if (a[1] > b[1]) + return 1; + return 0; +} + +/* Return whether PK is a primary key. */ +static int GPGRT_ATTR_UNUSED +pk_is_primary (PKT_public_key *pk) +{ + return keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0; +} + +/* Copy the keyid in SRC to DEST and return DEST. */ +u32 *keyid_copy (u32 *dest, const u32 *src); + +size_t keystrlen(void); +const char *keystr(u32 *keyid); +const char *keystr_with_sub (u32 *main_kid, u32 *sub_kid); +const char *keystr_from_pk(PKT_public_key *pk); +const char *keystr_from_pk_with_sub (PKT_public_key *main_pk, + PKT_public_key *sub_pk); + +/* Return PK's key id as a string using the default format. PK owns + the storage. */ +const char *pk_keyid_str (PKT_public_key *pk); + +const char *keystr_from_desc(KEYDB_SEARCH_DESC *desc); +u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid ); +u32 keyid_from_sig (PKT_signature *sig, u32 *keyid ); +u32 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint, size_t fprint_len, + u32 *keyid); +byte *namehash_from_uid(PKT_user_id *uid); +unsigned nbits_from_pk( PKT_public_key *pk ); + +/* Convert an UTC TIMESTAMP into an UTC yyyy-mm-dd string. Return + * that string. The caller should pass a buffer with at least a size + * of MK_DATESTR_SIZE. */ +char *mk_datestr (char *buffer, size_t bufsize, u32 timestamp); +#define MK_DATESTR_SIZE 11 + +const char *datestr_from_pk( PKT_public_key *pk ); +const char *datestr_from_sig( PKT_signature *sig ); +const char *expirestr_from_pk( PKT_public_key *pk ); +const char *expirestr_from_sig( PKT_signature *sig ); +const char *revokestr_from_pk( PKT_public_key *pk ); +const char *usagestr_from_pk (PKT_public_key *pk, int fill); +const char *colon_strtime (u32 t); +const char *colon_datestr_from_pk (PKT_public_key *pk); +const char *colon_datestr_from_sig (PKT_signature *sig); +const char *colon_expirestr_from_sig (PKT_signature *sig); +byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); +char *hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen); +char *format_hexfingerprint (const char *fingerprint, + char *buffer, size_t buflen); +gpg_error_t keygrip_from_pk (PKT_public_key *pk, unsigned char *array); +gpg_error_t hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip); + + +/*-- kbnode.c --*/ +KBNODE new_kbnode( PACKET *pkt ); +KBNODE clone_kbnode( KBNODE node ); +void release_kbnode( KBNODE n ); +void delete_kbnode( KBNODE node ); +void add_kbnode( KBNODE root, KBNODE node ); +void insert_kbnode( KBNODE root, KBNODE node, int pkttype ); +void move_kbnode( KBNODE *root, KBNODE node, KBNODE where ); +void remove_kbnode( KBNODE *root, KBNODE node ); +KBNODE find_prev_kbnode( KBNODE root, KBNODE node, int pkttype ); +KBNODE find_next_kbnode( KBNODE node, int pkttype ); +KBNODE find_kbnode( KBNODE node, int pkttype ); +KBNODE walk_kbnode( KBNODE root, KBNODE *context, int all ); +void clear_kbnode_flags( KBNODE n ); +int commit_kbnode( KBNODE *root ); +void dump_kbnode( KBNODE node ); + +#endif /*G10_KEYDB_H*/ |