[svn] GnuPG - r5320 - in trunk: common g10 sm
svn author wk
cvs at cvs.gnupg.org
Fri Apr 23 13:37:00 CEST 2010
Author: wk
Date: 2010-04-23 13:36:59 +0200 (Fri, 23 Apr 2010)
New Revision: 5320
Modified:
trunk/common/sexputil.c
trunk/g10/ChangeLog
trunk/g10/call-agent.c
trunk/g10/call-agent.h
trunk/g10/gpg.c
trunk/g10/gpgv.c
trunk/g10/keydb.c
trunk/g10/keydb.h
trunk/g10/keyedit.c
trunk/g10/keylist.c
trunk/g10/keyring.c
trunk/g10/keyring.h
trunk/g10/main.h
trunk/g10/mainproc.c
trunk/g10/photoid.c
trunk/g10/photoid.h
trunk/g10/pkclist.c
trunk/g10/pubkey-enc.c
trunk/g10/revoke.c
trunk/g10/sign.c
trunk/g10/skclist.c
trunk/sm/call-agent.c
Log:
Decryption and signi via agent is now implemented.
[The diff below has been truncated]
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/ChangeLog 2010-04-23 11:36:59 UTC (rev 5320)
@@ -1,3 +1,33 @@
+2010-04-23 Werner Koch <wk at g10code.com>
+
+ * pubkey-enc.c (get_it): Use the agent for decryption.
+ * call-agent.c (agent_pkdecrypt, inq_ciphertext_cb): New.
+
+2010-04-22 Werner Koch <wk at g10code.com>
+
+ * photoid.c (show_photos): Remove arg SK.
+
+ * pubkey-enc.c (get_session_key, get_it): Change to use the public
+ key object.
+ (get_it): Remove card related stuff. Now automagically handled
+ by the agent.
+
+ * skclist.c (build_sk_list): Remove UNLOCK arg.
+
+ * keylist.c (print_fingerprint): Remove arg SK.
+ * mainproc.c (list_node): Disable listing of secret key packets.
+
+ * keyring.c (struct keyring_name, struct keyring_handle): Remove
+ field SECRET.
+ (keyring_register_filename, keyring_new, orename_tmp_file)
+ (do_copy): Remove arg SECRET.
+ * keydb.c (struct resource_item): Remove field SECRET.
+ (keydb_add_resource): Remove arg SECRET.
+ (keydb_new): Remove code fro secret keyrings.
+
+ * gpg.c (main): Ignore --secret-keyring. Remove all secret
+ keyring related code.
+
2010-04-21 Werner Koch <wk at g10code.com>
* pkclist.c (default_recipient): Change to use public keys.
Modified: trunk/common/sexputil.c
===================================================================
--- trunk/common/sexputil.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/common/sexputil.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -136,7 +136,7 @@
}
-/* Create a simple S-expression from the hex string at LIBNE. Returns
+/* Create a simple S-expression from the hex string at LINE. Returns
a newly allocated buffer with that canonical encoded S-expression
or NULL in case of an error. On return the number of characters
scanned in LINE will be stored at NSCANNED. This fucntions stops
Modified: trunk/g10/call-agent.c
===================================================================
--- trunk/g10/call-agent.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/call-agent.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -50,8 +50,9 @@
struct cipher_parm_s
{
+ ctrl_t ctrl;
assuan_context_t ctx;
- const char *ciphertext;
+ unsigned char *ciphertext;
size_t ciphertextlen;
};
@@ -104,7 +105,6 @@
-
/* Try to connect to the agent via socket or fork it off and work by
pipes. Handle the server's initial greeting */
static int
@@ -1582,3 +1582,127 @@
}
+�
+/* Handle a CIPHERTEXT inquiry. Note, we only send the data,
+ assuan_transact takes care of flushing and writing the END. */
+static gpg_error_t
+inq_ciphertext_cb (void *opaque, const char *line)
+{
+ struct cipher_parm_s *parm = opaque;
+ int rc;
+
+ if (!strncmp (line, "CIPHERTEXT", 10) && (line[10]==' '||!line[10]))
+ {
+ assuan_begin_confidential (parm->ctx);
+ rc = assuan_send_data (parm->ctx, parm->ciphertext, parm->ciphertextlen);
+ assuan_end_confidential (parm->ctx);
+ }
+ else
+ rc = default_inq_cb (parm->ctrl, line);
+
+ return rc;
+}
+
+
+/* Call the agent to do a decrypt operation using the key identified
+ by the hex string KEYGRIP and the input data S_CIPHERTEXT. On the
+ success the decoded value is stored verbatim at R_BUF and its
+ length at R_BUF; the callers needs to release it. */
+gpg_error_t
+agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
+ gcry_sexp_t s_ciphertext,
+ unsigned char **r_buf, size_t *r_buflen)
+{
+ gpg_error_t err;
+ char line[ASSUAN_LINELENGTH];
+ membuf_t data;
+ size_t n, len;
+ char *p, *buf, *endp;
+
+ if (!keygrip || strlen(keygrip) != 40 || !s_ciphertext || !r_buf || !r_buflen)
+ return gpg_error (GPG_ERR_INV_VALUE);
+ *r_buf = NULL;
+
+ err = start_agent (ctrl, 0);
+ if (err)
+ return err;
+
+ err = assuan_transact (agent_ctx, "RESET",
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ return err;
+
+ snprintf (line, sizeof line, "SETKEY %s", keygrip);
+ err = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ return err;
+
+ if (desc)
+ {
+ snprintf (line, DIM(line)-1, "SETKEYDESC %s", desc);
+ line[DIM(line)-1] = 0;
+ err = assuan_transact (agent_ctx, line,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (err)
+ return err;
+ }
+
+ init_membuf_secure (&data, 1024);
+ {
+ struct cipher_parm_s parm;
+
+ parm.ctrl = ctrl;
+ parm.ctx = agent_ctx;
+ err = make_canon_sexp (s_ciphertext, &parm.ciphertext, &parm.ciphertextlen);
+ if (err)
+ return err;
+ err = assuan_transact (agent_ctx, "PKDECRYPT",
+ membuf_data_cb, &data,
+ inq_ciphertext_cb, &parm, NULL, NULL);
+ xfree (parm.ciphertext);
+ }
+ if (err)
+ {
+ xfree (get_membuf (&data, &len));
+ return err;
+ }
+
+ put_membuf (&data, "", 1); /* Make sure it is 0 terminated. */
+ buf = get_membuf (&data, &len);
+ if (!buf)
+ return gpg_error_from_syserror ();
+ assert (len); /* (we forced Nul termination.) */
+
+ if (*buf != '(')
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+
+ if (len < 13 || memcmp (buf, "(5:value", 8) ) /* "(5:valueN:D)\0" */
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+ len -= 11; /* Count only the data of the second part. */
+ p = buf + 8; /* Skip leading parenthesis and the value tag. */
+
+ n = strtoul (p, &endp, 10);
+ if (!n || *endp != ':')
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP);
+ }
+ endp++;
+ if (endp-p+n > len)
+ {
+ xfree (buf);
+ return gpg_error (GPG_ERR_INV_SEXP); /* Oops: Inconsistent S-Exp. */
+ }
+
+ memmove (buf, endp, n);
+
+ *r_buflen = n;
+ *r_buf = buf;
+ return 0;
+}
Modified: trunk/g10/call-agent.h
===================================================================
--- trunk/g10/call-agent.h 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/call-agent.h 2010-04-23 11:36:59 UTC (rev 5320)
@@ -158,6 +158,10 @@
int digestalgo,
gcry_sexp_t *r_sigval);
+/* Decrypt a ciphertext. */
+gpg_error_t agent_pkdecrypt (ctrl_t ctrl, const char *keygrip, const char *desc,
+ gcry_sexp_t s_ciphertext,
+ unsigned char **r_buf, size_t *r_buflen);
#endif /*GNUPG_G10_CALL_AGENT_H*/
Modified: trunk/g10/gpg.c
===================================================================
--- trunk/g10/gpg.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/gpg.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -1890,7 +1890,7 @@
char *username;
int may_coredump;
strlist_t sl, remusr= NULL, locusr=NULL;
- strlist_t nrings=NULL, sec_nrings=NULL;
+ strlist_t nrings = NULL;
armor_filter_context_t *afx = NULL;
int detached_sig = 0;
FILE *configfp = NULL;
@@ -2283,8 +2283,9 @@
break;
case oSecretKeyring:
- append_to_strlist( &sec_nrings, pargs.r.ret_str);
+ /* Ignore this old option. */
break;
+
case oOptions:
/* config files may not be nested (silently ignore them) */
if( !configfp ) {
@@ -3385,22 +3386,12 @@
if( ALWAYS_ADD_KEYRINGS
|| (cmd != aDeArmor && cmd != aEnArmor && cmd != aGPGConfTest) )
{
- if (ALWAYS_ADD_KEYRINGS
- || (cmd != aCheckKeys && cmd != aListSigs && cmd != aListKeys
- && cmd != aVerify && cmd != aSym && cmd != aLocateKeys))
- {
- if (!sec_nrings || default_keyring) /* add default secret rings */
- keydb_add_resource ("secring" EXTSEP_S "gpg", 4, 1);
- for (sl = sec_nrings; sl; sl = sl->next)
- keydb_add_resource ( sl->d, 0, 1 );
- }
- if( !nrings || default_keyring ) /* add default ring */
- keydb_add_resource ("pubring" EXTSEP_S "gpg", 4, 0);
- for(sl = nrings; sl; sl = sl->next )
- keydb_add_resource ( sl->d, sl->flags, 0 );
+ if (!nrings || default_keyring) /* Add default ring. */
+ keydb_add_resource ("pubring" EXTSEP_S "gpg", 4);
+ for (sl = nrings; sl; sl = sl->next )
+ keydb_add_resource (sl->d, sl->flags);
}
FREE_STRLIST(nrings);
- FREE_STRLIST(sec_nrings);
if (cmd == aGPGConfTest)
g10_exit(0);
Modified: trunk/g10/gpgv.c
===================================================================
--- trunk/g10/gpgv.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/gpgv.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -196,9 +196,9 @@
/* Note: We open all keyrings in read-only mode (flag value: 8). */
if (!nrings) /* No keyring given: use default one. */
- keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8, 0);
+ keydb_add_resource ("trustedkeys" EXTSEP_S "gpg", 8);
for (sl = nrings; sl; sl = sl->next)
- keydb_add_resource (sl->d, 8, 0 );
+ keydb_add_resource (sl->d, 8);
FREE_STRLIST (nrings);
Modified: trunk/g10/keydb.c
===================================================================
--- trunk/g10/keydb.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keydb.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -45,13 +45,13 @@
} KeydbResourceType;
#define MAX_KEYDB_RESOURCES 40
-struct resource_item {
+struct resource_item
+{
KeydbResourceType type;
union {
KEYRING_HANDLE kr;
} u;
void *token;
- int secret;
};
static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
@@ -213,9 +213,9 @@
* Flag 8 - Open as read-only.
*/
int
-keydb_add_resource (const char *url, int flags, int secret)
+keydb_add_resource (const char *url, int flags)
{
- static int any_secret, any_public;
+ static int any_public;
const char *resname = url;
char *filename = NULL;
int force = (flags&1);
@@ -255,7 +255,7 @@
filename = xstrdup (resname);
if (!force && !read_only)
- force = secret? !any_secret : !any_public;
+ force = !any_public;
/* See whether we can determine the filetype. */
if (rt == KEYDB_RESOURCE_TYPE_NONE) {
@@ -289,7 +289,7 @@
if (rc)
goto leave;
- if(keyring_register_filename (filename, secret, read_only, &token))
+ if(keyring_register_filename (filename, read_only, &token))
{
if (used_resources >= MAX_KEYDB_RESOURCES)
rc = G10ERR_RESOURCE_LIMIT;
@@ -300,7 +300,6 @@
all_resources[used_resources].type = rt;
all_resources[used_resources].u.kr = NULL; /* Not used here */
all_resources[used_resources].token = token;
- all_resources[used_resources].secret = secret;
used_resources++;
}
}
@@ -324,22 +323,9 @@
leave:
if (rc)
- {
- /* Secret keyrings are not required in all cases. To avoid
- having gpg return failure we use log_info here if the
- rewsource is a secret one and marked as default
- resource. */
- if ((flags&4) && secret)
- log_info (_("keyblock resource `%s': %s\n"),
- filename, g10_errstr(rc));
- else
- log_error (_("keyblock resource `%s': %s\n"),
- filename, g10_errstr(rc));
- }
- else if (secret)
- any_secret = 1;
+ log_error (_("keyblock resource `%s': %s\n"), filename, g10_errstr(rc));
else
- any_public = 1;
+ any_public = 1;
xfree (filename);
return rc;
}
@@ -352,7 +338,6 @@
{
KEYDB_HANDLE hd;
int i, j;
- int secret = 0; /* FIXME: Remove the secret stuff all together. */
hd = xmalloc_clear (sizeof *hd);
hd->found = -1;
@@ -360,8 +345,6 @@
assert (used_resources <= MAX_KEYDB_RESOURCES);
for (i=j=0; i < used_resources; i++)
{
- if (!all_resources[i].secret != !secret)
- continue;
switch (all_resources[i].type)
{
case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
@@ -369,8 +352,7 @@
case KEYDB_RESOURCE_TYPE_KEYRING:
hd->active[j].type = all_resources[i].type;
hd->active[j].token = all_resources[i].token;
- hd->active[j].secret = all_resources[i].secret;
- hd->active[j].u.kr = keyring_new (all_resources[i].token, secret);
+ hd->active[j].u.kr = keyring_new (all_resources[i].token);
if (!hd->active[j].u.kr) {
xfree (hd);
return NULL; /* fixme: release all previously allocated handles*/
@@ -706,8 +688,6 @@
for (i=0; i < used_resources; i++)
{
- if (all_resources[i].secret)
- continue;
if (!keyring_is_writable (all_resources[i].token))
continue;
switch (all_resources[i].type)
Modified: trunk/g10/keydb.h
===================================================================
--- trunk/g10/keydb.h 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keydb.h 2010-04-23 11:36:59 UTC (rev 5320)
@@ -132,7 +132,7 @@
Flag 1 == force
Flag 2 == default
*/
-int keydb_add_resource (const char *url, int flags, int secret);
+int keydb_add_resource (const char *url, int flags);
KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
const char *keydb_get_resource_name (KEYDB_HANDLE hd);
@@ -173,7 +173,7 @@
int random_is_faked (void);
void release_sk_list( SK_LIST sk_list );
gpg_error_t build_sk_list (strlist_t locusr, SK_LIST *ret_sk_list,
- int unlock, unsigned use);
+ unsigned use);
/*-- passphrase.h --*/
unsigned char encode_s2k_iterations (int iterations);
Modified: trunk/g10/keyedit.c
===================================================================
--- trunk/g10/keyedit.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keyedit.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -557,7 +557,7 @@
* why to sign keys using a subkey. Implementation of USAGE_CERT
* is just a hack in getkey.c and does not mean that a subkey
* marked as certification capable will be used. */
- rc = build_sk_list (locusr, &sk_list, 0, PUBKEY_USAGE_CERT);
+ rc = build_sk_list (locusr, &sk_list, PUBKEY_USAGE_CERT);
if (rc)
goto leave;
@@ -2686,7 +2686,7 @@
putchar ('a');
putchar ('\n');
- print_fingerprint (pk, NULL, 0);
+ print_fingerprint (pk, 0);
print_revokers (pk);
}
}
@@ -2970,7 +2970,7 @@
if (node->pkt->pkttype == PKT_PUBLIC_KEY && with_fpr)
{
- print_fingerprint (pk, NULL, 2);
+ print_fingerprint (pk, 2);
tty_printf ("\n");
}
}
@@ -3047,7 +3047,7 @@
tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_pk (pk));
tty_printf ("\n");
- print_fingerprint (pk, NULL, 3);
+ print_fingerprint (pk, 3);
tty_printf ("\n");
}
else if (node->pkt->pkttype == PKT_SECRET_KEY)
@@ -3061,7 +3061,8 @@
tty_printf (" ");
tty_printf (_("expires: %s"), expirestr_from_sk (sk));
tty_printf ("\n");
- print_fingerprint (NULL, sk, 3);
+ log_debug ("FIXME\n");
+ /* print_fingerprint (NULL, sk, 3); */
tty_printf ("\n");
}
}
@@ -3110,7 +3111,7 @@
}
tty_printf ("\n");
if (pk)
- print_fingerprint (pk, NULL, 2);
+ print_fingerprint (pk, 2);
}
@@ -3588,7 +3589,7 @@
}
print_pubkey_info (NULL, revoker_pk);
- print_fingerprint (revoker_pk, NULL, 2);
+ print_fingerprint (revoker_pk, 2);
tty_printf ("\n");
tty_printf (_("WARNING: appointing a key as a designated revoker "
@@ -5201,7 +5202,7 @@
"key %s (uid %d)\n"),
image_type_to_string (type, 1),
(ulong) size, keystr_from_pk (pk), count);
- show_photos (&uid->attribs[i], 1, pk, NULL, uid);
+ show_photos (&uid->attribs[i], 1, pk, uid);
}
}
}
Modified: trunk/g10/keylist.c
===================================================================
--- trunk/g10/keylist.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keylist.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -817,7 +817,7 @@
es_fprintf (es_stdout, "\n");
if (fpr)
- print_fingerprint (pk, NULL, 0);
+ print_fingerprint (pk, 0);
/* FIXME: Change this function to take a PK and ask the agent: */
/* if (secret) print_card_serialno (sk); */
@@ -866,7 +866,7 @@
es_putc ('\n', es_stdout);
if ((opt.list_options & LIST_SHOW_PHOTOS) && uid->attribs != NULL)
- show_photos (uid->attribs, uid->numattribs, pk, NULL, uid);
+ show_photos (uid->attribs, uid->numattribs, pk, uid);
}
else if (node->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
@@ -911,7 +911,7 @@
es_putc ('\n', es_stdout);
if (fpr > 1)
{
- print_fingerprint (pk2, NULL, 0);
+ print_fingerprint (pk2, 0);
/* FIXME: (see above) */
/* if (secret) */
/* print_card_serialno (sk2); */
@@ -1127,7 +1127,7 @@
print_revokers (pk);
if (fpr)
- print_fingerprint (pk, NULL, 0);
+ print_fingerprint (pk, 0);
if (opt.with_key_data)
{
if (!hexkeygrip_from_pk (pk, &p))
@@ -1232,7 +1232,7 @@
}
es_putc ('\n', es_stdout);
if (fpr > 1)
- print_fingerprint (pk2, NULL, 0);
+ print_fingerprint (pk2, 0);
if (opt.with_key_data)
{
if (!hexkeygrip_from_pk (pk2, &p))
@@ -1428,15 +1428,17 @@
}
/*
- * standard function to print the finperprint.
+ * Function to print the finperprint.
* mode 0: as used in key listings, opt.with_colons is honored
* 1: print using log_info ()
* 2: direct use of tty
* 3: direct use of tty but only primary key.
- * modes 1 and 2 will try and print both subkey and primary key fingerprints
+ *
+ * Modes 1 and 2 will try and print both subkey and primary key
+ * fingerprints. A MODE with bit 7 set is used internally.
*/
void
-print_fingerprint (PKT_public_key * pk, PKT_secret_key * sk, int mode)
+print_fingerprint (PKT_public_key *pk, int mode)
{
byte array[MAX_FINGERPRINT_LEN], *p;
size_t i, n;
@@ -1444,21 +1446,12 @@
const char *text;
int primary = 0;
- if (sk)
- {
- if (sk->main_keyid[0] == sk->keyid[0]
- && sk->main_keyid[1] == sk->keyid[1])
- primary = 1;
- }
- else
- {
- if (pk->main_keyid[0] == pk->keyid[0]
- && pk->main_keyid[1] == pk->keyid[1])
- primary = 1;
- }
+ if (pk->main_keyid[0] == pk->keyid[0]
+ && pk->main_keyid[1] == pk->keyid[1])
+ primary = 1;
/* Just to be safe */
- if (mode & 0x80 && !primary)
+ if ((mode & 0x80) && !primary)
{
log_error ("primary key is not really primary!\n");
return;
@@ -1468,20 +1461,10 @@
if (!primary && (mode == 1 || mode == 2))
{
- if (sk)
- {
- PKT_secret_key *primary_sk = xmalloc_clear (sizeof (*primary_sk));
- get_seckey (primary_sk, sk->main_keyid);
- print_fingerprint (NULL, primary_sk, mode | 0x80);
- free_secret_key (primary_sk);
- }
- else
- {
- PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
- get_pubkey (primary_pk, pk->main_keyid);
- print_fingerprint (primary_pk, NULL, mode | 0x80);
- free_public_key (primary_pk);
- }
+ PKT_public_key *primary_pk = xmalloc_clear (sizeof (*primary_pk));
+ get_pubkey (primary_pk, pk->main_keyid);
+ print_fingerprint (primary_pk, mode | 0x80);
+ free_public_key (primary_pk);
}
if (mode == 1)
@@ -1513,10 +1496,7 @@
text = _(" Key fingerprint =");
}
- if (sk)
- fingerprint_from_sk (sk, array, &n);
- else
- fingerprint_from_pk (pk, array, &n);
+ fingerprint_from_pk (pk, array, &n);
p = array;
if (opt.with_colons && !mode)
{
Modified: trunk/g10/keyring.c
===================================================================
--- trunk/g10/keyring.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keyring.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -1,5 +1,5 @@
/* keyring.c - keyring file handling
- * Copyright (C) 2001, 2004, 2009 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2004, 2009, 2010 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -53,7 +53,6 @@
struct keyring_name
{
struct keyring_name *next;
- int secret;
int read_only;
dotlock_t lockhd;
int is_locked;
@@ -69,9 +68,9 @@
static int kr_offtbl_ready;
-struct keyring_handle {
+struct keyring_handle
+{
CONST_KR_NAME resource;
- int secret; /* this is for a secret keyring */
struct {
CONST_KR_NAME kr;
IOBUF iobuf;
@@ -93,7 +92,7 @@
-static int do_copy (int mode, const char *fname, KBNODE root, int secret,
+static int do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets );
@@ -201,8 +200,7 @@
* if a new keyring was registered.
*/
int
-keyring_register_filename (const char *fname, int secret, int read_only,
- void **ptr)
+keyring_register_filename (const char *fname, int read_only, void **ptr)
{
KR_NAME kr;
@@ -221,12 +219,8 @@
}
}
- if (secret)
- register_secured_file (fname);
-
kr = xmalloc (sizeof *kr + strlen (fname));
strcpy (kr->fname, fname);
- kr->secret = !!secret;
kr->read_only = read_only;
kr->lockhd = NULL;
kr->is_locked = 0;
@@ -254,21 +248,19 @@
�
-/* Create a new handle for the resource associated with TOKEN. SECRET
- is just just as a cross-check.
+/* Create a new handle for the resource associated with TOKEN.
The returned handle must be released using keyring_release (). */
KEYRING_HANDLE
-keyring_new (void *token, int secret)
+keyring_new (void *token)
{
KEYRING_HANDLE hd;
KR_NAME resource = token;
- assert (resource && !resource->secret == !secret);
+ assert (resource);
hd = xmalloc_clear (sizeof *hd);
hd->resource = resource;
- hd->secret = !!secret;
active_handles++;
return hd;
}
@@ -537,10 +529,10 @@
hd->current.iobuf = NULL;
/* do the update */
- rc = do_copy (3, hd->found.kr->fname, kb, hd->secret,
+ rc = do_copy (3, hd->found.kr->fname, kb,
hd->found.offset, hd->found.n_packets );
if (!rc) {
- if (!hd->secret && kr_offtbl)
+ if (kr_offtbl)
{
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
}
@@ -585,8 +577,8 @@
hd->current.iobuf = NULL;
/* do the insert */
- rc = do_copy (1, fname, kb, hd->secret, 0, 0 );
- if (!rc && !hd->secret && kr_offtbl)
+ rc = do_copy (1, fname, kb, 0, 0 );
+ if (!rc && kr_offtbl)
{
update_offset_hash_table_from_kb (kr_offtbl, kb, 0);
}
@@ -625,7 +617,7 @@
hd->current.iobuf = NULL;
/* do the delete */
- rc = do_copy (2, hd->found.kr->fname, NULL, hd->secret,
+ rc = do_copy (2, hd->found.kr->fname, NULL,
hd->found.offset, hd->found.n_packets );
if (!rc) {
/* better reset the found info */
@@ -953,7 +945,7 @@
if (rc)
return rc;
- use_offtbl = !hd->secret && kr_offtbl;
+ use_offtbl = !!kr_offtbl;
if (!use_offtbl)
;
else if (!kr_offtbl_ready)
@@ -1148,11 +1140,10 @@
{
KR_NAME kr;
- /* First set the did_full_scan flag for this keyring (ignore
- secret keyrings) */
+ /* First set the did_full_scan flag for this keyring. */
for (kr=kr_names; kr; kr = kr->next)
{
- if (!kr->secret && hd->resource == kr)
+ if (hd->resource == kr)
{
kr->did_full_scan = 1;
break;
@@ -1162,7 +1153,7 @@
offtbl ready */
for (kr=kr_names; kr; kr = kr->next)
{
- if (!kr->secret && !kr->did_full_scan)
+ if (!kr->did_full_scan)
break;
}
if (!kr)
@@ -1247,20 +1238,10 @@
static int
-rename_tmp_file (const char *bakfname, const char *tmpfname,
- const char *fname, int secret )
+rename_tmp_file (const char *bakfname, const char *tmpfname, const char *fname)
{
int rc = 0;
- /* It's a secret keyring, so let's force a fsync just to be safe on
- filesystems that may not sync data and metadata together
- (e.g. ext4). */
- if (secret && iobuf_ioctl (NULL, IOBUF_IOCTL_FSYNC, 0, (char*)tmpfname))
- {
- rc = gpg_error_from_syserror ();
- goto fail;
- }
-
/* Invalidate close caches. */
if (iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)tmpfname ))
{
@@ -1270,27 +1251,22 @@
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)bakfname );
iobuf_ioctl (NULL, IOBUF_IOCTL_INVALIDATE_CACHE, 0, (char*)fname );
- /* first make a backup file except for secret keyrings */
- if (!secret)
- {
+ /* First make a backup file. */
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
- gnupg_remove (bakfname);
+ gnupg_remove (bakfname);
#endif
- if (rename (fname, bakfname) )
- {
- rc = gpg_error_from_syserror ();
- log_error ("renaming `%s' to `%s' failed: %s\n",
- fname, bakfname, strerror(errno) );
- return rc;
- }
+ if (rename (fname, bakfname) )
+ {
+ rc = gpg_error_from_syserror ();
+ log_error ("renaming `%s' to `%s' failed: %s\n",
+ fname, bakfname, strerror(errno) );
+ return rc;
}
/* then rename the file */
#if defined(HAVE_DOSISH_SYSTEM) || defined(__riscos__)
gnupg_remove( fname );
#endif
- if (secret)
- unregister_secured_file (fname);
if (rename (tmpfname, fname) )
{
rc = gpg_error_from_syserror ();
@@ -1308,9 +1284,7 @@
statbuf.st_mode=S_IRUSR | S_IWUSR;
- if (((secret && !opt.preserve_permissions)
- || !stat (bakfname,&statbuf))
- && !chmod (fname,statbuf.st_mode))
+ if (!stat (bakfname, &statbuf) && !chmod (fname, statbuf.st_mode))
;
else
log_error ("WARNING: unable to restore permissions to `%s': %s",
@@ -1321,13 +1295,6 @@
return 0;
fail:
- if (secret)
- {
- log_info(_("WARNING: 2 files with confidential information exists.\n"));
- log_info(_("%s is the unchanged one\n"), fname );
- log_info(_("%s is the new one\n"), tmpfname );
- log_info(_("Please fix this possible security flaw\n"));
- }
return rc;
}
@@ -1392,7 +1359,7 @@
int rc;
ulong count = 0, sigcount = 0;
- hd = keyring_new (token, 0);
+ hd = keyring_new (token);
memset (&desc, 0, sizeof desc);
desc.mode = KEYDB_SEARCH_MODE_FIRST;
@@ -1420,7 +1387,7 @@
tmpfp = NULL;
}
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
- lastresname, 0) : 0;
+ lastresname) : 0;
xfree (tmpfilename); tmpfilename = NULL;
xfree (bakfilename); bakfilename = NULL;
if (rc)
@@ -1513,7 +1480,7 @@
tmpfp = NULL;
}
rc = lastresname? rename_tmp_file (bakfilename, tmpfilename,
- lastresname, 0) : 0;
+ lastresname) : 0;
xfree (tmpfilename); tmpfilename = NULL;
xfree (bakfilename); bakfilename = NULL;
@@ -1536,7 +1503,7 @@
* 3 = update
*/
static int
-do_copy (int mode, const char *fname, KBNODE root, int secret,
+do_copy (int mode, const char *fname, KBNODE root,
off_t start_offset, unsigned int n_packets )
{
IOBUF fp, newfp;
@@ -1556,7 +1523,7 @@
mode_t oldmask;
oldmask=umask(077);
- if (!secret && is_secured_filename (fname)) {
+ if (is_secured_filename (fname)) {
newfp = NULL;
gpg_err_set_errno (EPERM);
}
@@ -1602,8 +1569,6 @@
iobuf_close(fp);
goto leave;
}
- if (secret)
- register_secured_file (tmpfname);
if( mode == 1 ) { /* insert */
/* copy everything to the new file */
@@ -1612,8 +1577,6 @@
log_error("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp);
- if (secret)
- unregister_secured_file (tmpfname);
iobuf_cancel(newfp);
goto leave;
}
@@ -1627,8 +1590,6 @@
log_error ("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp);
- if (secret)
- unregister_secured_file (tmpfname);
iobuf_cancel(newfp);
goto leave;
}
@@ -1639,8 +1600,6 @@
log_error("%s: skipping %u packets failed: %s\n",
fname, n_packets, g10_errstr(rc));
iobuf_close(fp);
- if (secret)
- unregister_secured_file (tmpfname);
iobuf_cancel(newfp);
goto leave;
}
@@ -1650,8 +1609,6 @@
rc = write_keyblock (newfp, root);
if (rc) {
iobuf_close(fp);
- if (secret)
- unregister_secured_file (tmpfname);
iobuf_cancel(newfp);
goto leave;
}
@@ -1664,8 +1621,6 @@
log_error("%s: copy to `%s' failed: %s\n",
fname, tmpfname, g10_errstr(rc) );
iobuf_close(fp);
- if (secret)
- unregister_secured_file (tmpfname);
iobuf_cancel(newfp);
goto leave;
}
@@ -1684,7 +1639,7 @@
goto leave;
}
- rc = rename_tmp_file (bakfname, tmpfname, fname, secret);
+ rc = rename_tmp_file (bakfname, tmpfname, fname);
leave:
xfree(bakfname);
Modified: trunk/g10/keyring.h
===================================================================
--- trunk/g10/keyring.h 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/keyring.h 2010-04-23 11:36:59 UTC (rev 5320)
@@ -24,11 +24,10 @@
typedef struct keyring_handle *KEYRING_HANDLE;
-int keyring_register_filename (const char *fname, int secret, int read_only,
- void **ptr);
+int keyring_register_filename (const char *fname, int read_only, void **ptr);
int keyring_is_writable (void *token);
-KEYRING_HANDLE keyring_new (void *token, int secret);
+KEYRING_HANDLE keyring_new (void *token);
void keyring_release (KEYRING_HANDLE hd);
const char *keyring_get_resource_name (KEYRING_HANDLE hd);
int keyring_lock (KEYRING_HANDLE hd, int yes);
Modified: trunk/g10/main.h
===================================================================
--- trunk/g10/main.h 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/main.h 2010-04-23 11:36:59 UTC (rev 5320)
@@ -305,7 +305,7 @@
void print_subpackets_colon(PKT_signature *sig);
void reorder_keyblock (KBNODE keyblock);
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
-void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
+void print_fingerprint (PKT_public_key *pk, int mode);
void print_revokers(PKT_public_key *pk);
void show_policy_url(PKT_signature *sig,int indent,int mode);
void show_keyserver_url(PKT_signature *sig,int indent,int mode);
Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/mainproc.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -939,7 +939,7 @@
if( node->next && node->next->pkt->pkttype == PKT_RING_TRUST) {
putchar('\n'); any=1;
if( opt.fingerprint )
- print_fingerprint( pk, NULL, 0 );
+ print_fingerprint (pk, 0);
printf("rtv:1:%u:\n",
node->next->pkt->pkt.ring_trust->trustval );
}
@@ -976,7 +976,7 @@
putchar(':');
putchar('\n');
if( opt.fingerprint && !any )
- print_fingerprint( pk, NULL, 0 );
+ print_fingerprint ( pk, 0 );
if( opt.with_colons
&& node->next
&& node->next->pkt->pkttype == PKT_RING_TRUST ) {
@@ -1015,71 +1015,75 @@
if( !any )
putchar('\n');
if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint( pk, NULL, 0 );
+ print_fingerprint( pk, 0 );
}
else if( (mainkey = (node->pkt->pkttype == PKT_SECRET_KEY) )
|| node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- PKT_secret_key *sk = node->pkt->pkt.secret_key;
- if( opt.with_colons )
- {
- u32 keyid[2];
- keyid_from_sk( sk, keyid );
- printf("%s::%u:%d:%08lX%08lX:%s:%s:::",
- mainkey? "sec":"ssb",
- nbits_from_sk( sk ),
- sk->pubkey_algo,
- (ulong)keyid[0],(ulong)keyid[1],
- colon_datestr_from_sk( sk ),
- colon_strtime (sk->expiredate)
- /* fixme: add LID */ );
- }
- else
- printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb",
- nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ),
- keystr_from_sk( sk ), datestr_from_sk( sk ));
- if( mainkey ) {
- /* and now list all userids with their signatures */
- for( node = node->next; node; node = node->next ) {
- if( node->pkt->pkttype == PKT_SIGNATURE ) {
- if( !any ) {
- if( node->pkt->pkt.signature->sig_class == 0x20 )
- puts("[revoked]");
- else
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
- }
- else if( node->pkt->pkttype == PKT_USER_ID ) {
- if( any ) {
- if( opt.with_colons )
- printf("%s:::::::::",
- node->pkt->pkt.user_id->attrib_data?"uat":"uid");
- else
- printf( "uid%*s", 28, "" );
- }
- print_userid( node->pkt );
- if( opt.with_colons )
- putchar(':');
- putchar('\n');
- if( opt.fingerprint && !any )
- print_fingerprint( NULL, sk, 0 );
- any=1;
- }
- else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) {
- if( !any ) {
- putchar('\n');
- any = 1;
- }
- list_node(c, node );
- }
- }
- }
- if( !any )
- putchar('\n');
- if( !mainkey && opt.fingerprint > 1 )
- print_fingerprint( NULL, sk, 0 );
+ log_debug ("FIXME: No way to print secret key packets here\n");
+ /* fixme: We may use a fucntion to trun a secret key packet into
+ a public key one and use that here. */
+ /* PKT_secret_key *sk = node->pkt->pkt.secret_key; */
+
+ /* if( opt.with_colons ) */
+ /* { */
+ /* u32 keyid[2]; */
+ /* keyid_from_sk( sk, keyid ); */
+ /* printf("%s::%u:%d:%08lX%08lX:%s:%s:::", */
+ /* mainkey? "sec":"ssb", */
+ /* nbits_from_sk( sk ), */
+ /* sk->pubkey_algo, */
+ /* (ulong)keyid[0],(ulong)keyid[1], */
+ /* colon_datestr_from_sk( sk ), */
+ /* colon_strtime (sk->expiredate) */
+ /* /\* fixme: add LID *\/ ); */
+ /* } */
+ /* else */
+ /* printf("%s %4u%c/%s %s ", mainkey? "sec":"ssb", */
+ /* nbits_from_sk( sk ), pubkey_letter( sk->pubkey_algo ), */
+ /* keystr_from_sk( sk ), datestr_from_sk( sk )); */
+ /* if( mainkey ) { */
+ /* /\* and now list all userids with their signatures *\/ */
+ /* for( node = node->next; node; node = node->next ) { */
+ /* if( node->pkt->pkttype == PKT_SIGNATURE ) { */
+ /* if( !any ) { */
+ /* if( node->pkt->pkt.signature->sig_class == 0x20 ) */
+ /* puts("[revoked]"); */
+ /* else */
+ /* putchar('\n'); */
+ /* any = 1; */
+ /* } */
+ /* list_node(c, node ); */
+ /* } */
+ /* else if( node->pkt->pkttype == PKT_USER_ID ) { */
+ /* if( any ) { */
+ /* if( opt.with_colons ) */
+ /* printf("%s:::::::::", */
+ /* node->pkt->pkt.user_id->attrib_data?"uat":"uid"); */
+ /* else */
+ /* printf( "uid%*s", 28, "" ); */
+ /* } */
+ /* print_userid( node->pkt ); */
+ /* if( opt.with_colons ) */
+ /* putchar(':'); */
+ /* putchar('\n'); */
+ /* if( opt.fingerprint && !any ) */
+ /* print_fingerprint( NULL, sk, 0 ); */
+ /* any=1; */
+ /* } */
+ /* else if( node->pkt->pkttype == PKT_SECRET_SUBKEY ) { */
+ /* if( !any ) { */
+ /* putchar('\n'); */
+ /* any = 1; */
+ /* } */
+ /* list_node(c, node ); */
+ /* } */
+ /* } */
+ /* } */
+ /* if( !any ) */
+ /* putchar('\n'); */
+ /* if( !mainkey && opt.fingerprint > 1 ) */
+ /* print_fingerprint( NULL, sk, 0 ); */
}
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
PKT_signature *sig = node->pkt->pkt.signature;
@@ -1848,7 +1852,7 @@
if(opt.verify_options&VERIFY_SHOW_PHOTOS)
show_photos(un->pkt->pkt.user_id->attribs,
un->pkt->pkt.user_id->numattribs,
- pk,NULL,un->pkt->pkt.user_id);
+ pk ,un->pkt->pkt.user_id);
}
p=utf8_to_native(un->pkt->pkt.user_id->name,
Modified: trunk/g10/photoid.c
===================================================================
--- trunk/g10/photoid.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/photoid.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -161,7 +161,7 @@
"user" may not be able to dismiss a viewer window! */
if(opt.command_fd==-1)
{
- show_photos(uid->attribs,uid->numattribs,pk,NULL,uid);
+ show_photos (uid->attribs, uid->numattribs, pk, uid);
switch(cpr_get_answer_yes_no_quit("photoid.jpeg.okay",
_("Is this photo correct (y/N/q)? ")))
{
@@ -285,9 +285,8 @@
#endif
void
-show_photos(const struct user_attribute *attrs,
- int count,PKT_public_key *pk,PKT_secret_key *sk,
- PKT_user_id *uid)
+show_photos(const struct user_attribute *attrs, int count,
+ PKT_public_key *pk, PKT_user_id *uid)
{
#ifndef DISABLE_PHOTO_VIEWER
int i;
@@ -295,16 +294,13 @@
u32 len;
u32 kid[2]={0,0};
- memset(&args,0,sizeof(args));
- args.pk=pk;
- args.pksk=sk;
- args.validity_info=get_validity_info(pk,uid);
- args.validity_string=get_validity_string(pk,uid);
+ memset (&args, 0, sizeof(args));
+ args.pk = pk;
+ args.validity_info = get_validity_info (pk, uid);
+ args.validity_string = get_validity_string (pk, uid);
- if(pk)
- keyid_from_pk(pk,kid);
- else if(sk)
- keyid_from_sk(sk,kid);
+ if (pk)
+ keyid_from_pk (pk, kid);
for(i=0;i<count;i++)
if(attrs[i].type==ATTRIB_IMAGE &&
Modified: trunk/g10/photoid.h
===================================================================
--- trunk/g10/photoid.h 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/photoid.h 2010-04-23 11:36:59 UTC (rev 5320)
@@ -27,7 +27,7 @@
PKT_user_id *generate_photo_id(PKT_public_key *pk,const char *filename);
int parse_image_header(const struct user_attribute *attr,byte *type,u32 *len);
char *image_type_to_string(byte type,int style);
-void show_photos(const struct user_attribute *attrs,int count,
- PKT_public_key *pk,PKT_secret_key *sk,PKT_user_id *uid);
+void show_photos (const struct user_attribute *attrs, int count,
+ PKT_public_key *pk, PKT_user_id *uid);
#endif /* !_PHOTOID_H_ */
Modified: trunk/g10/pkclist.c
===================================================================
--- trunk/g10/pkclist.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/pkclist.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -246,9 +246,9 @@
if((opt.verify_options&VERIFY_SHOW_PHOTOS)
&& un->pkt->pkt.user_id->attrib_data)
- show_photos(un->pkt->pkt.user_id->attribs,
- un->pkt->pkt.user_id->numattribs,pk,NULL,
- un->pkt->pkt.user_id);
+ show_photos (un->pkt->pkt.user_id->attribs,
+ un->pkt->pkt.user_id->numattribs, pk,
+ un->pkt->pkt.user_id);
p=utf8_to_native(un->pkt->pkt.user_id->name,
un->pkt->pkt.user_id->len,0);
@@ -256,7 +256,7 @@
tty_printf(_(" aka \"%s\"\n"),p);
}
- print_fingerprint (pk, NULL, 2);
+ print_fingerprint (pk, 2);
tty_printf("\n");
release_kbnode (keyblock);
}
@@ -464,7 +464,7 @@
if( !opt.batch && !rc )
{
print_pubkey_info(NULL,pk);
- print_fingerprint (pk, NULL, 2);
+ print_fingerprint (pk, 2);
tty_printf("\n");
tty_printf(
@@ -523,7 +523,7 @@
if( !opt.quiet )
log_info(_("WARNING: Using untrusted key!\n"));
if (opt.with_fingerprint)
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
goto leave;
}
@@ -611,7 +611,7 @@
{
case TRUST_EXPIRED:
log_info(_("Note: This key has expired!\n"));
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
break;
default:
@@ -625,7 +625,7 @@
" a trusted signature!\n"));
log_info(_(" There is no indication that the "
"signature belongs to the owner.\n" ));
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
break;
case TRUST_NEVER:
@@ -634,7 +634,7 @@
log_info(_("WARNING: We do NOT trust this key!\n"));
log_info(_(" The signature is probably a FORGERY.\n"));
if (opt.with_fingerprint)
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
rc = gpg_error (GPG_ERR_BAD_SIGNATURE);
break;
@@ -644,19 +644,19 @@
" sufficiently trusted signatures!\n"));
log_info(_(" It is not certain that the"
" signature belongs to the owner.\n" ));
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
break;
case TRUST_FULLY:
write_status( STATUS_TRUST_FULLY );
if (opt.with_fingerprint)
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
break;
case TRUST_ULTIMATE:
write_status( STATUS_TRUST_ULTIMATE );
if (opt.with_fingerprint)
- print_fingerprint (pk, NULL, 1);
+ print_fingerprint (pk, 1);
break;
}
Modified: trunk/g10/pubkey-enc.c
===================================================================
--- trunk/g10/pubkey-enc.c 2010-04-23 01:59:08 UTC (rev 5319)
+++ trunk/g10/pubkey-enc.c 2010-04-23 11:36:59 UTC (rev 5320)
@@ -39,7 +39,7 @@
static gpg_error_t get_it (PKT_pubkey_enc *k,
- DEK *dek, PKT_secret_key *sk, u32 *keyid);
+ DEK *dek, PKT_public_key *sk, u32 *keyid);
/* Check that the given algo is mentioned in one of the valid user-ids. */
@@ -74,7 +74,7 @@
gpg_error_t
get_session_key (PKT_pubkey_enc * k, DEK * dek)
{
- PKT_secret_key *sk = NULL;
+ PKT_public_key *sk = NULL;
int rc;
rc = openpgp_pk_test_algo2 (k->pubkey_algo, PUBKEY_USAGE_ENC);
@@ -84,7 +84,7 @@
if ((k->keyid[0] || k->keyid[1]) && !opt.try_all_secrets)
{
sk = xmalloc_clear (sizeof *sk);
- sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo */
+ sk->pubkey_algo = k->pubkey_algo; /* We want a pubkey with this algo. */
if (!(rc = get_seckey (sk, k->keyid)))
rc = get_it (k, dek, sk, k->keyid);
}
@@ -99,9 +99,9 @@
for (;;)
{
if (sk)
- free_secret_key (sk);
+ free_public_key (sk);
sk = xmalloc_clear (sizeof *sk);
- rc = enum_secret_keys (&enum_context, sk, 1, 0);
+ rc = -1; /* FIXME:enum_secret_keys (&enum_context, sk, 1, 0);*/
if (rc)
{
rc = G10ERR_NO_SECKEY;
@@ -109,7 +109,7 @@
}
if (sk->pubkey_algo != k->pubkey_algo)
continue;
- keyid_from_sk (sk, keyid);
+ keyid_from_pk (sk, keyid);
log_info (_("anonymous recipient; trying secret key %s ...\n"),
keystr (keyid));
@@ -149,64 +149,60 @@
leave:
if (sk)
- free_secret_key (sk);
+ free_public_key (sk);
return rc;
}
static gpg_error_t
-get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid)
+get_it (PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{
- int rc;
- gcry_mpi_t plain_dek = NULL;
+ gpg_error_t err;
byte *frame = NULL;
unsigned int n;
size_t nframe;
u16 csum, csum2;
-
int card = 0;
+ gcry_sexp_t s_data;
+ char *desc;
+ char *keygrip;
- if (sk->is_protected && sk->protect.s2k.mode == 1002)
- { /* Note, that we only support RSA for now. */
-#ifdef ENABLE_CARD_SUPPORT
- unsigned char *rbuf;
- size_t rbuflen;
- char *snbuf;
- unsigned char *indata = NULL;
- size_t indatalen;
+ /* Get the keygrip. */
+ err = hexkeygrip_from_pk (sk, &keygrip);
+ if (err)
+ goto leave;
- snbuf =
- serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
-
- if (gcry_mpi_aprint
- (GCRYMPI_FMT_USG, &indata, &indatalen, enc->data[0]))
- BUG ();
-
- rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen);
- xfree (snbuf);
- xfree (indata);
- if (rc)
- goto leave;
-
- frame = rbuf;
- nframe = rbuflen;
- card = 1;
-#else
- rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
- goto leave;
-#endif /*!ENABLE_CARD_SUPPORT */
+ /* Convert the data to an S-expression. */
+ if (sk->pubkey_algo == GCRY_PK_ELG || sk->pubkey_algo == GCRY_PK_ELG_E)
+ {
+ if (!enc->data[0] || !enc->data[1])
+ err = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
+ enc->data[0], enc->data[1]);
}
- else
+ else if (sk->pubkey_algo == GCRY_PK_RSA || sk->pubkey_algo == GCRY_PK_RSA_E)
{
- rc = pk_decrypt (sk->pubkey_algo, &plain_dek, enc->data, sk->skey);
- if (rc)
- goto leave;
- if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, plain_dek))
- BUG ();
- gcry_mpi_release (plain_dek);
- plain_dek = NULL;
+ if (!enc->data[0])
+ err = gpg_error (GPG_ERR_BAD_MPI);
+ else
+ err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
+ enc->data[0]);
}
+ else
+ err = gpg_error (GPG_ERR_BUG);
+ if (err)
+ goto leave;
+
+ /* Decrypt. */
+ desc = xtrystrdup ("FIXME: Format a description");
+ err = agent_pkdecrypt (NULL, keygrip, desc, s_data, &frame, &nframe);
+ xfree (desc);
+ gcry_sexp_release (s_data);
+ if (err)
+ goto leave;
+
/* Now get the DEK (data encryption key) from the frame
*
* Old versions encode the DEK in in this format (msb is left):
@@ -231,18 +227,18 @@
{
if (n + 7 > nframe)
{
- rc = G10ERR_WRONG_SECKEY;
+ err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave;
}
if (frame[n] == 1 && frame[nframe - 1] == 2)
{
log_info (_("old encoding of the DEK is not supported\n"));
- rc = G10ERR_CIPHER_ALGO;
+ err = gpg_error (G10ERR_CIPHER_ALGO);
goto leave;
}
- if (frame[n] != 2) /* Somethink is wrong. */
+ if (frame[n] != 2) /* Something went wrong. */
{
- rc = G10ERR_WRONG_SECKEY;
+ err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave;
}
for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */
@@ -252,7 +248,7 @@
if (n + 4 > nframe)
{
- rc = G10ERR_WRONG_SECKEY;
+ err = gpg_error (G10ERR_WRONG_SECKEY);
goto leave;
}
@@ -260,10 +256,10 @@
dek->algo = frame[n++];
More information about the Gnupg-commits
mailing list