You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tdepim/libkdenetwork/libgpgme-copy/gpgme/keylist.c

981 lines
22 KiB

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

/* keylist.c - Listing keys.
Copyright (C) 2000 Werner Koch (dd9jn)
Copyright (C) 2001, 2002, 2003, 2004, 2006 g10 Code GmbH
This file is part of GPGME.
GPGME is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation; either version 2.1 of
the License, or (at your option) any later version.
GPGME is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA. */
#if HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include "gpgme.h"
#include "util.h"
#include "context.h"
#include "ops.h"
#include "debug.h"
struct key_queue_item_s
{
struct key_queue_item_s *next;
gpgme_key_t key;
};
typedef struct
{
struct _gpgme_op_keylist_result result;
gpgme_key_t tmp_key;
/* This points to the last uid in tmp_key. */
gpgme_user_id_t tmp_uid;
/* This points to the last sig in tmp_uid. */
gpgme_key_sig_t tmp_keysig;
/* Something new is available. */
int key_cond;
struct key_queue_item_s *key_queue;
} *op_data_t;
static void
release_op_data (void *hook)
{
op_data_t opd = (op_data_t) hook;
struct key_queue_item_s *key = opd->key_queue;
if (opd->tmp_key)
gpgme_key_unref (opd->tmp_key);
/* opd->tmp_uid and opd->tmp_keysig are actually part of opd->tmp_key,
so we do not need to release them here. */
while (key)
{
struct key_queue_item_s *next = key->next;
gpgme_key_unref (key->key);
key = next;
}
}
gpgme_keylist_result_t
gpgme_op_keylist_result (gpgme_ctx_t ctx)
{
void *hook;
op_data_t opd;
gpgme_error_t err;
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err || !opd)
return NULL;
return &opd->result;
}
static gpgme_error_t
keylist_status_handler (void *priv, gpgme_status_code_t code, char *args)
{
gpgme_ctx_t ctx = (gpgme_ctx_t) priv;
gpgme_error_t err;
void *hook;
op_data_t opd;
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err)
return err;
switch (code)
{
case GPGME_STATUS_TRUNCATED:
opd->result.truncated = 1;
break;
default:
break;
}
return 0;
}
static void
set_subkey_trust_info (gpgme_subkey_t subkey, const char *src)
{
while (*src && !isdigit (*src))
{
switch (*src)
{
case 'e':
subkey->expired = 1;
break;
case 'r':
subkey->revoked = 1;
break;
case 'd':
/* Note that gpg 1.3 won't print that anymore but only uses
the capabilities field. */
subkey->disabled = 1;
break;
case 'i':
subkey->invalid = 1;
break;
}
src++;
}
}
static void
set_mainkey_trust_info (gpgme_key_t key, const char *src)
{
/* First set the trust info of the main key (the first subkey). */
set_subkey_trust_info (key->subkeys, src);
/* Now set the summarized trust info. */
while (*src && !isdigit (*src))
{
switch (*src)
{
case 'e':
key->expired = 1;
break;
case 'r':
key->revoked = 1;
break;
case 'd':
/* Note that gpg 1.3 won't print that anymore but only uses
the capabilities field. However, it is still used for
external key listings. */
key->disabled = 1;
break;
case 'i':
key->invalid = 1;
break;
}
src++;
}
}
static void
set_userid_flags (gpgme_key_t key, const char *src)
{
gpgme_user_id_t uid = key->_last_uid;
assert (uid);
/* Look at letters and stop at the first digit. */
while (*src && !isdigit (*src))
{
switch (*src)
{
case 'r':
uid->revoked = 1;
break;
case 'i':
uid->invalid = 1;
break;
case 'n':
uid->validity = GPGME_VALIDITY_NEVER;
break;
case 'm':
uid->validity = GPGME_VALIDITY_MARGINAL;
break;
case 'f':
uid->validity = GPGME_VALIDITY_FULL;
break;
case 'u':
uid->validity = GPGME_VALIDITY_ULTIMATE;
break;
}
src++;
}
}
static void
set_subkey_capability (gpgme_subkey_t subkey, const char *src)
{
while (*src)
{
switch (*src)
{
case 'e':
subkey->can_encrypt = 1;
break;
case 's':
subkey->can_sign = 1;
break;
case 'c':
subkey->can_certify = 1;
break;
case 'a':
subkey->can_authenticate = 1;
break;
case 'q':
subkey->is_qualified = 1;
break;
case 'd':
subkey->disabled = 1;
break;
}
src++;
}
}
static void
set_mainkey_capability (gpgme_key_t key, const char *src)
{
/* First set the capabilities of the main key (the first subkey). */
set_subkey_capability (key->subkeys, src);
while (*src)
{
switch (*src)
{
case 'd':
case 'D':
/* Note, that this flag is also set using the key validity
field for backward compatibility with gpg 1.2. We use d
and D, so that a future gpg version will be able to
disable certain subkeys. Currently it is expected that
gpg sets this for the primary key. */
key->disabled = 1;
break;
case 'e':
case 'E':
key->can_encrypt = 1;
break;
case 's':
case 'S':
key->can_sign = 1;
break;
case 'c':
case 'C':
key->can_certify = 1;
break;
case 'a':
case 'A':
key->can_authenticate = 1;
break;
case 'q':
case 'Q':
key->is_qualified = 1;
break;
}
src++;
}
}
static void
set_ownertrust (gpgme_key_t key, const char *src)
{
/* Look at letters and stop at the first digit. */
while (*src && !isdigit (*src))
{
switch (*src)
{
case 'n':
key->owner_trust = GPGME_VALIDITY_NEVER;
break;
case 'm':
key->owner_trust = GPGME_VALIDITY_MARGINAL;
break;
case 'f':
key->owner_trust = GPGME_VALIDITY_FULL;
break;
case 'u':
key->owner_trust = GPGME_VALIDITY_ULTIMATE;
break;
default:
key->owner_trust = GPGME_VALIDITY_UNKNOWN;
break;
}
src++;
}
}
/* We have read an entire key into tmp_key and should now finish it.
It is assumed that this releases tmp_key. */
static void
finish_key (gpgme_ctx_t ctx, op_data_t opd)
{
gpgme_key_t key = opd->tmp_key;
opd->tmp_key = NULL;
opd->tmp_uid = NULL;
opd->tmp_keysig = NULL;
if (key)
_gpgme_engine_io_event (ctx->engine, GPGME_EVENT_NEXT_KEY, key);
}
/* Note: We are allowed to modify LINE. */
static gpgme_error_t
keylist_colon_handler (void *priv, char *line)
{
gpgme_ctx_t ctx = (gpgme_ctx_t) priv;
enum
{
RT_NONE, RT_SIG, RT_UID, RT_SUB, RT_PUB, RT_FPR,
RT_SSB, RT_SEC, RT_CRT, RT_CRS, RT_REV, RT_SPK
}
rectype = RT_NONE;
#define NR_FIELDS 16
char *field[NR_FIELDS];
int fields = 0;
void *hook;
op_data_t opd;
gpgme_error_t err;
gpgme_key_t key;
gpgme_subkey_t subkey = NULL;
gpgme_key_sig_t keysig = NULL;
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err)
return err;
key = opd->tmp_key;
DEBUG3 ("keylist_colon_handler ctx = %p, key = %p, line = %s\n",
ctx, key, line ? line : "(null)");
if (!line)
{
/* End Of File. */
finish_key (ctx, opd);
return 0;
}
while (line && fields < NR_FIELDS)
{
field[fields++] = line;
line = strchr (line, ':');
if (line)
*(line++) = '\0';
}
if (!strcmp (field[0], "sig"))
rectype = RT_SIG;
else if (!strcmp (field[0], "rev"))
rectype = RT_REV;
else if (!strcmp (field[0], "pub"))
rectype = RT_PUB;
else if (!strcmp (field[0], "sec"))
rectype = RT_SEC;
else if (!strcmp (field[0], "crt"))
rectype = RT_CRT;
else if (!strcmp (field[0], "crs"))
rectype = RT_CRS;
else if (!strcmp (field[0], "fpr") && key)
rectype = RT_FPR;
else if (!strcmp (field[0], "uid") && key)
rectype = RT_UID;
else if (!strcmp (field[0], "sub") && key)
rectype = RT_SUB;
else if (!strcmp (field[0], "ssb") && key)
rectype = RT_SSB;
else if (!strcmp (field[0], "spk") && key)
rectype = RT_SPK;
else
rectype = RT_NONE;
/* Only look at signatures immediately following a user ID. For
this, clear the user ID pointer when encountering anything but a
signature. */
if (rectype != RT_SIG && rectype != RT_REV)
opd->tmp_uid = NULL;
/* Only look at subpackets immediately following a signature. For
this, clear the signature pointer when encountering anything but
a subpacket. */
if (rectype != RT_SPK)
opd->tmp_keysig = NULL;
switch (rectype)
{
case RT_PUB:
case RT_SEC:
case RT_CRT:
case RT_CRS:
/* Start a new keyblock. */
err = _gpgme_key_new (&key);
if (err)
return err;
key->keylist_mode = ctx->keylist_mode;
err = _gpgme_key_add_subkey (key, &subkey);
if (err)
{
gpgme_key_unref (key);
return err;
}
if (rectype == RT_SEC || rectype == RT_CRS)
key->secret = subkey->secret = 1;
if (rectype == RT_CRT || rectype == RT_CRS)
key->protocol = GPGME_PROTOCOL_CMS;
finish_key (ctx, opd);
opd->tmp_key = key;
/* Field 2 has the trust info. */
if (fields >= 2)
set_mainkey_trust_info (key, field[1]);
/* Field 3 has the key length. */
if (fields >= 3)
{
int i = atoi (field[2]);
/* Ignore invalid values. */
if (i > 1)
subkey->length = i;
}
/* Field 4 has the public key algorithm. */
if (fields >= 4)
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
subkey->pubkey_algo = i;
}
/* Field 5 has the long keyid. Allow short key IDs for the
output of an external keyserver listing. */
if (fields >= 5 && strlen (field[4]) <= DIM(subkey->_keyid) - 1)
strcpy (subkey->_keyid, field[4]);
/* Field 6 has the timestamp (seconds). */
if (fields >= 6)
subkey->timestamp = _gpgme_parse_timestamp (field[5], NULL);
/* Field 7 has the expiration time (seconds). */
if (fields >= 7)
subkey->expires = _gpgme_parse_timestamp (field[6], NULL);
/* Field 8 has the X.509 serial number. */
if (fields >= 8 && (rectype == RT_CRT || rectype == RT_CRS))
{
key->issuer_serial = strdup (field[7]);
if (!key->issuer_serial)
return gpg_error_from_errno (errno);
}
/* Field 9 has the ownertrust. */
if (fields >= 9)
set_ownertrust (key, field[8]);
/* Field 10 is not used for gpg due to --fixed-list-mode option
but GPGSM stores the issuer name. */
if (fields >= 10 && (rectype == RT_CRT || rectype == RT_CRS))
if (_gpgme_decode_c_string (field[9], &key->issuer_name, 0))
return gpg_error (GPG_ERR_ENOMEM); /* FIXME */
/* Field 11 has the signature class. */
/* Field 12 has the capabilities. */
if (fields >= 12)
set_mainkey_capability (key, field[11]);
/* Field 15 carries special flags of a secret key. We reset the
SECRET flag of a subkey here if the key is actually only a
stub. The SECRET flag of the key will be true even then. */
if (fields >= 15 && key->secret)
if (*field[14] == '#')
subkey->secret = 0;
break;
case RT_SUB:
case RT_SSB:
/* Start a new subkey. */
err = _gpgme_key_add_subkey (key, &subkey);
if (err)
return err;
if (rectype == RT_SSB)
subkey->secret = 1;
/* Field 2 has the trust info. */
if (fields >= 2)
set_subkey_trust_info (subkey, field[1]);
/* Field 3 has the key length. */
if (fields >= 3)
{
int i = atoi (field[2]);
/* Ignore invalid values. */
if (i > 1)
subkey->length = i;
}
/* Field 4 has the public key algorithm. */
if (fields >= 4)
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
subkey->pubkey_algo = i;
}
/* Field 5 has the long keyid. */
if (fields >= 5 && strlen (field[4]) == DIM(subkey->_keyid) - 1)
strcpy (subkey->_keyid, field[4]);
/* Field 6 has the timestamp (seconds). */
if (fields >= 6)
subkey->timestamp = _gpgme_parse_timestamp (field[5], NULL);
/* Field 7 has the expiration time (seconds). */
if (fields >= 7)
subkey->expires = _gpgme_parse_timestamp (field[6], NULL);
/* Field 8 is reserved (LID). */
/* Field 9 has the ownertrust. */
/* Field 10, the user ID, is n/a for a subkey. */
/* Field 11 has the signature class. */
/* Field 12 has the capabilities. */
if (fields >= 12)
set_subkey_capability (subkey, field[11]);
/* Field 15 carries special flags of a secret key. */
if (fields >= 15 && key->secret)
if (*field[14] == '#')
subkey->secret = 0;
break;
case RT_UID:
/* Field 2 has the trust info, and field 10 has the user ID. */
if (fields >= 10)
{
if (_gpgme_key_append_name (key, field[9]))
return gpg_error_from_errno (GPG_ERR_ENOMEM); /* FIXME */
else
{
if (field[1])
set_userid_flags (key, field[1]);
opd->tmp_uid = key->_last_uid;
}
}
break;
case RT_FPR:
/* Field 10 has the fingerprint (take only the first one). */
if (fields >= 10 && field[9] && *field[9])
{
/* Need to apply it to the last subkey because all subkeys
do have fingerprints. */
subkey = key->_last_subkey;
if (!subkey->fpr)
{
subkey->fpr = strdup (field[9]);
if (!subkey->fpr)
return gpg_error_from_errno (errno);
}
}
/* Field 13 has the gpgsm chain ID (take only the first one). */
if (fields >= 13 && !key->chain_id && *field[12])
{
key->chain_id = strdup (field[12]);
if (!key->chain_id)
return gpg_error_from_errno (errno);
}
break;
case RT_SIG:
case RT_REV:
if (!opd->tmp_uid)
return 0;
/* Start a new (revoked) signature. */
assert (opd->tmp_uid == key->_last_uid);
keysig = _gpgme_key_add_sig (key, (fields >= 10) ? field[9] : NULL);
if (!keysig)
return gpg_error (GPG_ERR_ENOMEM); /* FIXME */
/* Field 2 has the calculated trust ('!', '-', '?', '%'). */
if (fields >= 2)
switch (field[1][0])
{
case '!':
keysig->status = gpg_error (GPG_ERR_NO_ERROR);
break;
case '-':
keysig->status = gpg_error (GPG_ERR_BAD_SIGNATURE);
break;
case '?':
keysig->status = gpg_error (GPG_ERR_NO_PUBKEY);
break;
case '%':
keysig->status = gpg_error (GPG_ERR_GENERAL);
break;
default:
keysig->status = gpg_error (GPG_ERR_NO_ERROR);
break;
}
/* Field 4 has the public key algorithm. */
if (fields >= 4)
{
int i = atoi (field[3]);
if (i >= 1 && i < 128)
keysig->pubkey_algo = i;
}
/* Field 5 has the long keyid. */
if (fields >= 5 && strlen (field[4]) == DIM(keysig->_keyid) - 1)
strcpy (keysig->_keyid, field[4]);
/* Field 6 has the timestamp (seconds). */
if (fields >= 6)
keysig->timestamp = _gpgme_parse_timestamp (field[5], NULL);
/* Field 7 has the expiration time (seconds). */
if (fields >= 7)
keysig->expires = _gpgme_parse_timestamp (field[6], NULL);
/* Field 11 has the signature class (eg, 0x30 means revoked). */
if (fields >= 11)
if (field[10][0] && field[10][1])
{
int sig_class = _gpgme_hextobyte (field[10]);
if (sig_class >= 0)
{
keysig->sig_class = sig_class;
keysig->class = keysig->sig_class;
if (sig_class == 0x30)
keysig->revoked = 1;
}
if (field[10][2] == 'x')
keysig->exportable = 1;
}
opd->tmp_keysig = keysig;
break;
case RT_SPK:
if (!opd->tmp_keysig)
return 0;
assert (opd->tmp_keysig == key->_last_uid->_last_keysig);
if (fields >= 4)
{
/* Field 2 has the subpacket type. */
int type = atoi (field[1]);
/* Field 3 has the flags. */
int flags = atoi (field[2]);
/* Field 4 has the length. */
int len = atoi (field[3]);
/* Field 5 has the data. */
char *data = field[4];
/* Type 20: Notation data. */
/* Type 26: Policy URL. */
if (type == 20 || type == 26)
{
gpgme_sig_notation_t notation;
keysig = opd->tmp_keysig;
/* At this time, any error is serious. */
err = _gpgme_parse_notation (&notation, type, flags, len, data);
if (err)
return err;
/* Add a new notation. FIXME: Could be factored out. */
if (!keysig->notations)
keysig->notations = notation;
if (keysig->_last_notation)
keysig->_last_notation->next = notation;
keysig->_last_notation = notation;
}
}
case RT_NONE:
/* Unknown record. */
break;
}
return 0;
}
void
_gpgme_op_keylist_event_cb (void *data, gpgme_event_io_t type, void *type_data)
{
gpgme_error_t err;
gpgme_ctx_t ctx = (gpgme_ctx_t) data;
gpgme_key_t key = (gpgme_key_t) type_data;
void *hook;
op_data_t opd;
struct key_queue_item_s *q, *q2;
assert (type == GPGME_EVENT_NEXT_KEY);
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err)
return;
q = malloc (sizeof *q);
if (!q)
{
gpgme_key_unref (key);
/* FIXME return GPGME_Out_Of_Core; */
return;
}
q->key = key;
q->next = NULL;
/* FIXME: Use a tail pointer? */
if (!(q2 = opd->key_queue))
opd->key_queue = q;
else
{
for (; q2->next; q2 = q2->next)
;
q2->next = q;
}
opd->key_cond = 1;
}
/* Start a keylist operation within CTX, searching for keys which
match PATTERN. If SECRET_ONLY is true, only secret keys are
returned. */
gpgme_error_t
gpgme_op_keylist_start (gpgme_ctx_t ctx, const char *pattern, int secret_only)
{
gpgme_error_t err;
void *hook;
op_data_t opd;
err = _gpgme_op_reset (ctx, 2);
if (err)
return err;
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook,
sizeof (*opd), release_op_data);
opd = hook;
if (err)
return err;
_gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx);
err = _gpgme_engine_set_colon_line_handler (ctx->engine,
keylist_colon_handler, ctx);
if (err)
return err;
return _gpgme_engine_op_keylist (ctx->engine, pattern, secret_only,
ctx->keylist_mode);
}
/* Start a keylist operation within CTX, searching for keys which
match PATTERN. If SECRET_ONLY is true, only secret keys are
returned. */
gpgme_error_t
gpgme_op_keylist_ext_start (gpgme_ctx_t ctx, const char *pattern[],
int secret_only, int reserved)
{
gpgme_error_t err;
void *hook;
op_data_t opd;
err = _gpgme_op_reset (ctx, 2);
if (err)
return err;
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook,
sizeof (*opd), release_op_data);
opd = hook;
if (err)
return err;
_gpgme_engine_set_status_handler (ctx->engine, keylist_status_handler, ctx);
err = _gpgme_engine_set_colon_line_handler (ctx->engine,
keylist_colon_handler, ctx);
if (err)
return err;
return _gpgme_engine_op_keylist_ext (ctx->engine, pattern, secret_only,
reserved, ctx->keylist_mode);
}
/* Return the next key from the keylist in R_KEY. */
gpgme_error_t
gpgme_op_keylist_next (gpgme_ctx_t ctx, gpgme_key_t *r_key)
{
gpgme_error_t err;
struct key_queue_item_s *queue_item;
void *hook;
op_data_t opd;
if (!ctx || !r_key)
return gpg_error (GPG_ERR_INV_VALUE);
*r_key = NULL;
if (!ctx)
return gpg_error (GPG_ERR_INV_VALUE);
err = _gpgme_op_data_lookup (ctx, OPDATA_KEYLIST, &hook, -1, NULL);
opd = hook;
if (err)
return err;
if (opd == NULL)
return gpg_error (GPG_ERR_INV_VALUE);
if (!opd->key_queue)
{
err = _gpgme_wait_on_condition (ctx, &opd->key_cond);
if (err)
return err;
if (!opd->key_cond)
return gpg_error (GPG_ERR_EOF);
opd->key_cond = 0;
assert (opd->key_queue);
}
queue_item = opd->key_queue;
opd->key_queue = queue_item->next;
if (!opd->key_queue)
opd->key_cond = 0;
*r_key = queue_item->key;
free (queue_item);
return 0;
}
/* Terminate a pending keylist operation within CTX. */
gpgme_error_t
gpgme_op_keylist_end (gpgme_ctx_t ctx)
{
if (!ctx)
return gpg_error (GPG_ERR_INV_VALUE);
return 0;
}
/* Get the key with the fingerprint FPR from the crypto backend. If
SECRET is true, get the secret key. */
gpgme_error_t
gpgme_get_key (gpgme_ctx_t ctx, const char *fpr, gpgme_key_t *r_key,
int secret)
{
gpgme_ctx_t listctx;
gpgme_error_t err;
gpgme_key_t key;
if (!ctx || !r_key || !fpr)
return gpg_error (GPG_ERR_INV_VALUE);
if (strlen (fpr) < 8) /* We have at least a key ID. */
return gpg_error (GPG_ERR_INV_VALUE);
/* FIXME: We use our own context because we have to avoid the user's
I/O callback handlers. */
err = gpgme_new (&listctx);
if (err)
return err;
{
gpgme_protocol_t proto;
gpgme_engine_info_t info;
/* Clone the relevant state. */
proto = gpgme_get_protocol (ctx);
gpgme_set_protocol (listctx, proto);
gpgme_set_keylist_mode (listctx, gpgme_get_keylist_mode (ctx));
info = gpgme_ctx_get_engine_info (ctx);
while (info && info->protocol != proto)
info = info->next;
if (info)
gpgme_ctx_set_engine_info (listctx, proto,
info->file_name, info->home_dir);
}
err = gpgme_op_keylist_start (listctx, fpr, secret);
if (!err)
err = gpgme_op_keylist_next (listctx, r_key);
if (!err)
{
err = gpgme_op_keylist_next (listctx, &key);
if (gpgme_err_code (err) == GPG_ERR_EOF)
err = gpg_error (GPG_ERR_NO_ERROR);
else
{
if (!err)
{
gpgme_key_unref (key);
err = gpg_error (GPG_ERR_AMBIGUOUS_NAME);
}
gpgme_key_unref (*r_key);
}
}
gpgme_release (listctx);
return err;
}