![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to keyadd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [PGP] / pgp / src|
Return to keyadd.c CVS log | Up to [PGP] / pgp / src |
1.1 ! root 1: /* keyadd.c - Keyring merging routines for PGP. ! 2: PGP: Pretty Good(tm) Privacy - public key cryptography for the masses. ! 3: ! 4: (c) Copyright 1990-1992 by Philip Zimmermann. All rights reserved. ! 5: The author assumes no liability for damages resulting from the use ! 6: of this software, even if the damage results from defects in this ! 7: software. No warranty is expressed or implied. ! 8: ! 9: All the source code Philip Zimmermann wrote for PGP is available for ! 10: free under the "Copyleft" General Public License from the Free ! 11: Software Foundation. A copy of that license agreement is included in ! 12: the source release package of PGP. Code developed by others for PGP ! 13: is also freely available. Other code that has been incorporated into ! 14: PGP from other sources was either originally published in the public ! 15: domain or was used with permission from the various authors. See the ! 16: PGP User's Guide for more complete information about licensing, ! 17: patent restrictions on certain algorithms, trademarks, copyrights, ! 18: and export controls. ! 19: */ ! 20: ! 21: #include <stdio.h> ! 22: #include <stdlib.h> ! 23: #ifdef UNIX ! 24: #include <sys/types.h> ! 25: #endif ! 26: #include <time.h> ! 27: #include "mpilib.h" ! 28: #include "idea.h" ! 29: #include "random.h" ! 30: #include "crypto.h" ! 31: #include "fileio.h" ! 32: #include "keymgmt.h" ! 33: #include "genprime.h" ! 34: #include "rsagen.h" ! 35: #include "mpiio.h" ! 36: #include "language.h" ! 37: #include "pgp.h" ! 38: ! 39: static int ask_to_sign(byte *keyID, char *ringfile); ! 40: ! 41: static int newkeys, newsigs, newids, newrvks; ! 42: ! 43: void mergesigs (FILE *fkey, char *keyfile, long keypos, FILE *fring, ! 44: char *ringfile, long *pringpos, FILE *out) ! 45: /* Merge signatures from userid in fkey (which is keyfile) at keypos with ! 46: * userid from fring (which is ringfile) at ringpos, appending result to out. ! 47: */ ! 48: { ! 49: long ringuseridpos, ringpos; ! 50: int ringpktlen, keypktlen; ! 51: int status; ! 52: byte ctb; ! 53: int copying; ! 54: byte keyID[KEYFRAGSIZE]; ! 55: char userid[256]; ! 56: ! 57: /* First, copy the userid packet itself, plus any comments or ctrls */ ! 58: ringuseridpos = ringpos = *pringpos; ! 59: fseek (fring, ringpos, SEEK_SET); ! 60: (void) readkeypacket(fring,FALSE,&ctb,NULL,userid,NULL,NULL, ! 61: NULL,NULL,NULL,NULL,NULL,NULL); ! 62: PascalToC(userid); ! 63: ringpktlen = ftell(fring) - ringpos; ! 64: copyfilepos (fring, out, ringpktlen, ringpos); ! 65: for ( ; ; ) ! 66: { ringpos = ftell(fring); ! 67: status = nextkeypacket (fring, &ctb); ! 68: if (status < 0 || is_key_ctb(ctb) || ctb==CTB_USERID || ! 69: is_ctb_type(ctb,CTB_SKE_TYPE)) ! 70: break; ! 71: ringpktlen = ftell(fring) - ringpos; ! 72: copyfilepos (fring, out, ringpktlen, ringpos); ! 73: } ! 74: fseek (fring, ringpos, SEEK_SET); ! 75: ! 76: /* Now, ringpos points just past userid packet and ctrl packet. */ ! 77: /* Advance keypos to the analogous location. */ ! 78: fseek (fkey, keypos, SEEK_SET); ! 79: (void) nextkeypacket (fkey, &ctb); ! 80: for ( ; ; ) ! 81: { keypos = ftell(fkey); ! 82: status = nextkeypacket (fkey, &ctb); ! 83: if (status < 0 || is_key_ctb(ctb) || ctb==CTB_USERID || ! 84: is_ctb_type(ctb,CTB_SKE_TYPE)) ! 85: break; ! 86: } ! 87: fseek (fkey, keypos, SEEK_SET); ! 88: ! 89: /* Second, copy all keyfile signatures that aren't in ringfile. ! 90: */ ! 91: ! 92: copying = FALSE; ! 93: for ( ; ; ) ! 94: { /* Read next sig from keyfile; see if it is in ringfile; ! 95: * set copying true/false accordingly. If copying is true ! 96: * and it is a signature, copy it. Loop till hit ! 97: * a new key or userid in keyfile, or EOF. ! 98: */ ! 99: keypos = ftell(fkey); ! 100: status = readkeypacket(fkey,FALSE,&ctb,NULL,NULL,NULL,NULL, ! 101: NULL,NULL,NULL,NULL,keyID,NULL); ! 102: keypktlen = ftell(fkey) - keypos; ! 103: if (status < 0 || is_key_ctb (ctb) || ctb==CTB_USERID) ! 104: break; ! 105: if (is_ctb_type(ctb,CTB_SKE_TYPE)) ! 106: { long sig_pos; ! 107: int sig_len; ! 108: /* Set copying true if signature is not in the ringfile */ ! 109: copying = (getpubusersig (ringfile, ringuseridpos, keyID, &sig_pos, ! 110: &sig_len) < 0); ! 111: if (copying) ! 112: { fprintf (pgpout, PSTR("New signature from keyID %s on userid \"%s\"\n"), ! 113: keyIDstring(keyID),EXTERNAL(userid)); ! 114: ++newsigs; ! 115: } ! 116: } ! 117: if (copying && is_ctb_type(ctb,CTB_SKE_TYPE)) ! 118: { copyfilepos (fkey, out, keypktlen, keypos); ! 119: write_trust (out, KC_SIGTRUST_UNDEFINED); ! 120: } ! 121: } ! 122: ! 123: /* Third, for all ring sig's, copy to output */ ! 124: fseek (fring, ringpos, SEEK_SET); ! 125: for ( ; ; ) ! 126: { ringpos = ftell(fring); ! 127: status = nextkeypacket (fring, &ctb); ! 128: ringpktlen = ftell(fring) - ringpos; ! 129: if (status < 0 || is_key_ctb (ctb) || ctb==CTB_USERID) ! 130: break; ! 131: copyfilepos (fring, out, ringpktlen, ringpos); ! 132: } /* End of loop for each sig in ringfile */ ! 133: fseek (fring, ringpos, SEEK_SET); ! 134: *pringpos = ringpos; ! 135: } /* mergesigs */ ! 136: ! 137: ! 138: void mergekeys (FILE *fkey, char *keyfile, long keypos, FILE *fring, ! 139: char *ringfile, long *pringpos, FILE *out) ! 140: /* Merge key from fkey (which is keyfile) at keypos with key from ! 141: * fring (which is ringfile) at ringpos, appending result to out. ! 142: */ ! 143: { ! 144: long ringkeypos, keykeypos, ringpos; ! 145: int ringpktlen, keypktlen; ! 146: int status; ! 147: byte ctb; ! 148: int copying; ! 149: boolean ring_compromise = FALSE; ! 150: byte userid[256]; ! 151: ! 152: /* First, copy the key packet itself, plus any comments or ctrls */ ! 153: ringkeypos = ringpos = *pringpos; ! 154: fseek (fring, ringpos, SEEK_SET); ! 155: (void) nextkeypacket(fring, &ctb); ! 156: ringpktlen = ftell(fring) - ringpos; ! 157: copyfilepos (fring, out, ringpktlen, ringpos); ! 158: for ( ; ; ) ! 159: { ringpos = ftell(fring); ! 160: status = nextkeypacket (fring, &ctb); ! 161: if (status < 0 || is_key_ctb(ctb) || ctb==CTB_USERID) ! 162: break; ! 163: if (is_ctb_type(ctb, CTB_SKE_TYPE)) ! 164: ring_compromise = TRUE; /* compromise cert on keyring */ ! 165: ringpktlen = ftell(fring) - ringpos; ! 166: copyfilepos (fring, out, ringpktlen, ringpos); ! 167: } ! 168: fseek (fring, ringpos, SEEK_SET); ! 169: ! 170: /* Now, ringpos points just past key packet and ctrl packet. */ ! 171: /* Advance keypos to the analogous location. */ ! 172: fseek (fkey, keypos, SEEK_SET); ! 173: keykeypos = keypos; ! 174: (void) nextkeypacket (fkey, &ctb); ! 175: keypktlen = ftell(fkey) - keypos; /* for check_key_sig() */ ! 176: for ( ; ; ) ! 177: { keypos = ftell(fkey); ! 178: status = nextkeypacket (fkey, &ctb); ! 179: if (status < 0 || ctb == CTB_USERID || is_ctb_type(ctb, CTB_SKE_TYPE)) ! 180: break; ! 181: } ! 182: if (!ring_compromise && is_ctb_type(ctb, CTB_SKE_TYPE)) ! 183: { /* found a compromise cert on keyfile that is not in ringfile */ ! 184: word32 timestamp; ! 185: byte sig_class; ! 186: int cert_pktlen; ! 187: ! 188: cert_pktlen = ftell(fkey) - keypos; ! 189: if (check_key_sig(fkey, keykeypos, keypktlen, (char *)userid, fkey, keypos, ! 190: ringfile, (char *)userid, (byte *)×tamp, &sig_class) == 0 && ! 191: sig_class == KC_SIGNATURE_BYTE) ! 192: { ! 193: fprintf(pgpout, PSTR("Key revocation certificate from \"%s\".\n"), ! 194: EXTERNAL((char *)userid)); ! 195: copyfilepos (fkey, out, cert_pktlen, keypos); ! 196: ++newrvks; ! 197: } ! 198: else ! 199: fprintf(pgpout, PSTR("\n\007WARNING: File '%s' contains bad revocation certificate.\n")); ! 200: } ! 201: fseek (fkey, keypos, SEEK_SET); ! 202: ! 203: /* Second, copy all keyfile userid's plus signatures that aren't ! 204: * in ringfile. ! 205: */ ! 206: ! 207: copying = FALSE; ! 208: for ( ; ; ) ! 209: { /* Read next userid from keyfile; see if it is in ringfile; ! 210: * set copying true/false accordingly. If copying is true ! 211: * and it is a userid or a signature, copy it. Loop till hit ! 212: * a new key in keyfile, or EOF. ! 213: */ ! 214: keypos = ftell(fkey); ! 215: status = readkeypacket(fkey,FALSE,&ctb,NULL,(char *)userid,NULL,NULL, ! 216: NULL,NULL,NULL,NULL,NULL,NULL); ! 217: keypktlen = ftell(fkey) - keypos; ! 218: if (status < 0 || is_key_ctb (ctb)) ! 219: break; ! 220: if (ctb == CTB_USERID) ! 221: { long userid_pos; ! 222: int userid_len; ! 223: PascalToC ((char *)userid); ! 224: /* Set copying true if userid is not in the ringfile */ ! 225: copying = (getpubuserid (ringfile, ringkeypos, userid, &userid_pos, ! 226: &userid_len) < 0); ! 227: if (copying) ! 228: { fprintf (pgpout, PSTR("New userid: \"%s\".\n"), EXTERNAL((char *)userid)); ! 229: ++newids; ! 230: } ! 231: } ! 232: if (copying) ! 233: { if (ctb==CTB_USERID || is_ctb_type(ctb,CTB_SKE_TYPE)) ! 234: { copyfilepos (fkey, out, keypktlen, keypos); ! 235: if (is_ctb_type(ctb,CTB_SKE_TYPE)) ! 236: write_trust (out, KC_SIGTRUST_UNDEFINED); ! 237: else ! 238: write_trust (out, KC_LEGIT_UNKNOWN); ! 239: } ! 240: } ! 241: } ! 242: ! 243: /* Third, for all ring userid's, if not in keyfile, copy the userid ! 244: * plus its dependant signatures. ! 245: */ ! 246: fseek (fring, ringpos, SEEK_SET); ! 247: for ( ; ; ) ! 248: { ringpos = ftell(fring); ! 249: status = readkeypacket(fring,FALSE,&ctb,NULL,(char *)userid,NULL,NULL, ! 250: NULL,NULL,NULL,NULL,NULL,NULL); ! 251: ringpktlen = ftell(fring) - ringpos; ! 252: if (status < 0 || is_key_ctb (ctb)) ! 253: break; ! 254: if (ctb == CTB_USERID) ! 255: { long userid_pos; ! 256: int userid_len; ! 257: /* See if there is a match in keyfile */ ! 258: PascalToC ((char *) userid); ! 259: if (getpubuserid (keyfile, keykeypos, userid, &userid_pos, ! 260: &userid_len) >= 0) ! 261: { mergesigs (fkey,keyfile,userid_pos,fring,ringfile,&ringpos,out); ! 262: copying = FALSE; ! 263: } ! 264: else ! 265: copying = TRUE; ! 266: } ! 267: if (copying) ! 268: { /* Copy ringfile userid and sigs to out */ ! 269: copyfilepos (fring, out, ringpktlen, ringpos); ! 270: } ! 271: } /* End of loop for each key in ringfile */ ! 272: fseek (fring, ringpos, SEEK_SET); ! 273: *pringpos = ringpos; ! 274: } /* mergekeys */ ! 275: ! 276: ! 277: int addto_keyring(char *keyfile, char *ringfile, boolean query) ! 278: /* Adds (prepends) key file to key ring file. If query is TRUE, ask ! 279: before doing any actual changes. */ ! 280: { FILE *f, *g, *h; ! 281: long file_position,fp; ! 282: int pktlen; /* unused, just to satisfy getpublickey */ ! 283: byte ctb; ! 284: int status; ! 285: unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION]; ! 286: unit n1[MAX_UNIT_PRECISION]; ! 287: byte keyID[KEYFRAGSIZE]; ! 288: byte userid[256]; /* key certificate userid */ ! 289: byte userid1[256]; ! 290: word32 tstamp; byte *timestamp = (byte *) &tstamp; /* key certificate timestamp */ ! 291: char trans_keyfile[MAX_PATH]; ! 292: boolean is_armored = FALSE; ! 293: boolean userid_seen = FALSE; ! 294: int commonkeys = 0; ! 295: int copying; ! 296: struct nkey { ! 297: byte keyID[KEYFRAGSIZE]; ! 298: struct nkey *next; ! 299: } *nkey, *nkeys = NULL; ! 300: ! 301: if (build_path(SCRATCH_KEYRING_PATH,SCRATCH_KEYRING_FILENAME,ringfile)<0) ! 302: return(-1); /* File path too long */ ! 303: ! 304: /* check if the keyfile to be added is armored */ ! 305: if ((is_armored = is_armor_file(keyfile)) == TRUE) ! 306: { /* decode it into the actual keyfile */ ! 307: boolean changed_name; ! 308: strcpy(trans_keyfile,keyfile); ! 309: keyfile = tempfile(TMP_TMPDIR|TMP_WIPE); ! 310: if (de_armor_file(trans_keyfile,keyfile,&changed_name) < 0) ! 311: return(-1); ! 312: } ! 313: ! 314: userid[0] = '\0'; ! 315: if (dokeycheck((char *) userid, keyfile, NULL) < 0) ! 316: { fprintf(pgpout, PSTR("\007Keyring check error. ") ); ! 317: fprintf(pgpout, PSTR("\nKey(s) will not be added to keyring.\n")); ! 318: goto err; ! 319: } ! 320: ! 321: /* open file f for read, in binary (not text) mode...*/ ! 322: #ifdef VMS ! 323: if ((f = fopen(keyfile,"rb","ctx=stm")) == NULL) ! 324: #else ! 325: if ((f = fopen(keyfile,"rb")) == NULL) ! 326: #endif ! 327: { fprintf(pgpout,PSTR("\n\007Can't open key file '%s'\n"),keyfile); ! 328: goto err; ! 329: } ! 330: if (!file_exists(ringfile)) ! 331: { /* ringfile does not exist. Can it be created? */ ! 332: /* open file g for writing, in binary (not text) mode...*/ ! 333: g = fopen(ringfile,"wb"); ! 334: if (g==NULL) ! 335: { fprintf(pgpout,PSTR("\nKey ring file '%s' cannot be created.\n"),ringfile); ! 336: fclose(f); ! 337: goto err; ! 338: } ! 339: fclose(g); ! 340: } ! 341: ! 342: /* Create working output file */ ! 343: remove(SCRATCH_KEYRING_PATH); ! 344: /* open file g for writing, in binary (not text) mode...*/ ! 345: if ((g = fopen(SCRATCH_KEYRING_PATH,"wb")) == NULL) ! 346: { fclose(f); ! 347: goto err; ! 348: } ! 349: newkeys = newsigs = newids = newrvks = 0; ! 350: ! 351: /* Pass 1 - copy all keys from f which aren't in ring file */ ! 352: /* Also copy userid and signature packets. */ ! 353: copying = FALSE; ! 354: for ( ; ; ) ! 355: { file_position = ftell(f); ! 356: ! 357: status = readkeypacket(f,FALSE,&ctb,timestamp,(char *)userid,n,e, ! 358: NULL,NULL,NULL,NULL,NULL,NULL); ! 359: /* Note that readkeypacket has called set_precision */ ! 360: if (status == -1) /* EOF */ ! 361: break; ! 362: if (status < 0) ! 363: { fprintf(pgpout,PSTR("\n\007Could not read key from file '%s'.\n"), ! 364: keyfile); ! 365: fclose(f); /* close key file */ ! 366: goto err; ! 367: } ! 368: ! 369: /* Check to see if key is already on key ring */ ! 370: if (is_key_ctb(ctb)) ! 371: { ! 372: extract_keyID(keyID, n); /* from keyfile, not ringfile */ ! 373: ! 374: /* Check for duplicate key in key ring: */ ! 375: if (getpublickey(TRUE, FALSE, ringfile, &fp, &pktlen, keyID, timestamp, userid, n1, e) >= 0) ! 376: { if (mp_compare (n, n1) != 0) ! 377: { fprintf(pgpout, PSTR("\n\007Warning: Key ID %s matches key ID of key already on \n\ ! 378: key ring '%s', but the keys themselves differ.\n\ ! 379: This is highly suspicious. This key will not be added to ring.\n\ ! 380: Acknowledge by pressing return: "), keyIDstring(keyID), ringfile); ! 381: getyesno('n'); ! 382: fclose(f); /* close key file */ ! 383: goto err; ! 384: } ! 385: else ! 386: { if (verbose) ! 387: fprintf(pgpout,PSTR("Key ID %s is already included in key ring '%s'.\n"), ! 388: keyIDstring(keyID), ringfile); ! 389: ++commonkeys; ! 390: } ! 391: copying = FALSE; ! 392: } ! 393: else ! 394: { ! 395: ++newkeys; ! 396: #if 0 ! 397: if (query) ! 398: { if (is_ctb_type(ctb, CTB_CERT_SECKEY_TYPE)) ! 399: fprintf (pgpout, PSTR ("\nAdd secret key to key ring '%s' (y/N)? "), ! 400: ringfile); ! 401: else ! 402: fprintf (pgpout, PSTR ("\nAdd public key to key ring '%s' (y/N)? "), ! 403: ringfile); ! 404: ! 405: if (! getyesno( 'n' )) ! 406: { fclose(f); ! 407: remove(SCRATCH_KEYRING_PATH); ! 408: return(0); /* user chose to abort */ ! 409: } ! 410: query = FALSE; /* Don't ask subsequently */ ! 411: } ! 412: #endif ! 413: ! 414: if ((nkey = (struct nkey *) malloc(sizeof(struct nkey))) == NULL) ! 415: { ! 416: fprintf(stderr, PSTR("\n\007Out of memory.\n")); ! 417: exitPGP(7); ! 418: } ! 419: memcpy(nkey->keyID, keyID, KEYFRAGSIZE); ! 420: nkey->next = nkeys; ! 421: nkeys = nkey; ! 422: ! 423: fprintf(pgpout, PSTR("New key ID: %s\n"), keyIDstring(keyID)); ! 424: copying = TRUE; ! 425: } ! 426: } ! 427: /* Now, we copy according to the copying flag */ ! 428: /* The key is prepended to the ring to give it search precedence ! 429: over other keys with that same userid. */ ! 430: ! 431: if (copying && (is_key_ctb(ctb) || ctb==CTB_USERID || ! 432: is_ctb_type(ctb,CTB_SKE_TYPE))) ! 433: { pktlen = (int) (ftell(f) - file_position); ! 434: copyfilepos(f,g,pktlen,file_position); /* copy packet from f */ ! 435: /* Initialize trust packets after keys and signatures */ ! 436: if (is_key_ctb(ctb)) ! 437: { ! 438: write_trust (g, KC_OWNERTRUST_UNDEFINED); ! 439: userid_seen = FALSE; ! 440: } ! 441: else if (is_ctb_type(ctb,CTB_SKE_TYPE)) ! 442: { ! 443: if (userid_seen) ! 444: write_trust (g, KC_SIGTRUST_UNDEFINED); ! 445: else ! 446: /* signature certificate before userid must be compromise cert. */ ! 447: fprintf(pgpout, PSTR("Key has been revoked.\n")); ! 448: } ! 449: else if (is_ctb_type(ctb,CTB_USERID_TYPE)) ! 450: { ! 451: write_trust (g, KC_LEGIT_UNKNOWN); ! 452: userid_seen = TRUE; ! 453: } ! 454: } ! 455: } ! 456: ! 457: /* Now copy the remainder of the ringfile, h, to g. commonkeys tells ! 458: how many keys are common to keyfile and ringfile. As long as that is ! 459: nonzero we will check each key in ringfile to see if it has a match ! 460: in keyfile. ! 461: */ ! 462: #ifdef VMS ! 463: if ((h = fopen(ringfile,"rb","ctx=stm")) != NULL) ! 464: #else ! 465: if ((h = fopen(ringfile,"rb")) != NULL) ! 466: #endif ! 467: { while (commonkeys) /* Loop for each key in ringfile */ ! 468: { file_position = ftell(h); ! 469: status = readkeypacket(h,FALSE,&ctb,NULL,(char *)userid,n,e, ! 470: NULL,NULL,NULL,NULL,NULL,NULL); ! 471: if (status < 0) ! 472: { if (status == -1) ! 473: fprintf(pgpout, PSTR("\n\007Key file contains duplicate keys: cannot be added to keyring\n")); ! 474: else ! 475: fprintf(pgpout,PSTR("\n\007Could not read key from file '%s'.\n"), ! 476: ringfile); ! 477: fclose(f); ! 478: fclose(g); ! 479: fclose(h); ! 480: goto err; ! 481: } ! 482: PascalToC ((char *) userid); ! 483: pktlen = ftell(h) - file_position; ! 484: if (is_key_ctb(ctb)) ! 485: { long tfp; ! 486: int tpktlen; ! 487: /* See if there is a match in keyfile */ ! 488: extract_keyID(keyID, n); /* from ringfile, not keyfile */ ! 489: if ((getpublickey(TRUE, FALSE, keyfile, &tfp, &tpktlen, ! 490: keyID, timestamp, userid1, n1, e) >= 0) && ! 491: (mp_compare(n, n1) == 0)) ! 492: { ! 493: if (verbose) ! 494: fprintf (pgpout, PSTR("Merging key ID: %s\n"),keyIDstring(keyID)); ! 495: mergekeys (f,keyfile,tfp, h,ringfile,&file_position, g); ! 496: copying = FALSE; ! 497: --commonkeys; ! 498: } ! 499: else ! 500: copying = TRUE; ! 501: } ! 502: if (copying) ! 503: { /* Copy ringfile key to g, without its sigs */ ! 504: copyfilepos (h,g,pktlen,file_position); ! 505: file_position += pktlen; ! 506: } ! 507: } /* End of loop for each key in ringfile */ ! 508: copyfile(h,g,-1L); /* copy rest of file from file h to g */ ! 509: fclose(h); ! 510: } ! 511: fclose(f); ! 512: fclose(g); ! 513: if (newsigs == 0 && newkeys == 0 && newids == 0 && newrvks == 0) ! 514: { ! 515: fprintf(pgpout, PSTR("No new keys or signatures in keyfile.\n")); ! 516: remove(SCRATCH_KEYRING_PATH); ! 517: return(0); ! 518: } ! 519: ! 520: for (nkey = nkeys; nkey; nkey = nkey->next) ! 521: { ! 522: if (dokeycheck(NULL, SCRATCH_KEYRING_PATH, nkey->keyID)) ! 523: goto err; ! 524: } ! 525: fprintf(pgpout, PSTR("\nKeyfile contains:\n")); ! 526: if (newkeys) ! 527: fprintf(pgpout, PSTR("%4d new key(s)\n"), newkeys); ! 528: if (newsigs) ! 529: fprintf(pgpout, PSTR("%4d new signatures(s)\n"), newsigs); ! 530: if (newids) ! 531: fprintf(pgpout, PSTR("%4d new user ID(s)\n"), newids); ! 532: if (newrvks) ! 533: fprintf(pgpout, PSTR("%4d new revocation(s)\n"), newrvks); ! 534: if (query) ! 535: { ! 536: fprintf(pgpout, PSTR("\nDo you want to add this keyfile to keyring '%s' (y/N)? "), ringfile); ! 537: if (!getyesno('n')) ! 538: { remove(SCRATCH_KEYRING_PATH); ! 539: return(1); ! 540: } ! 541: } ! 542: if ((status = maintenance(SCRATCH_KEYRING_PATH, MAINT_SILENT)) == 0) ! 543: for (nkey = nkeys; nkey; nkey = nkey->next) ! 544: { fprintf(pgpout,PSTR("Adding key ID %s from file '%s' to key ring '%s'.\n"), ! 545: keyIDstring(nkey->keyID),(is_armored?trans_keyfile:keyfile),ringfile); ! 546: ask_to_sign(nkey->keyID, SCRATCH_KEYRING_PATH); ! 547: } ! 548: ! 549: backup_rename(SCRATCH_KEYRING_PATH,ringfile); ! 550: ! 551: if (is_armored) ! 552: rmtemp(keyfile); /* zap decoded keyfile */ ! 553: return(0); /* normal return */ ! 554: ! 555: err: ! 556: /* make sure we remove any garbage files we may have created */ ! 557: if (is_armored) ! 558: rmtemp(keyfile); /* zap decoded keyfile */ ! 559: remove(SCRATCH_KEYRING_PATH); ! 560: return(-1); ! 561: } /* addto_keyring */ ! 562: ! 563: ! 564: static int ask_to_sign(byte *keyID, char *ringfile) ! 565: { ! 566: FILE *f; ! 567: word32 timestamp; ! 568: byte ctb, trust; ! 569: unit n[MAX_UNIT_PRECISION], e[MAX_UNIT_PRECISION]; ! 570: byte userid[256]; ! 571: long fpos; ! 572: int pktlen; /* unused, just to satisfy getpublickey */ ! 573: int status; ! 574: extern char my_name[]; ! 575: ! 576: if (getpublickey(TRUE, FALSE, ringfile, &fpos, &pktlen, ! 577: keyID, (byte *)×tamp, userid, n, e) < 0) ! 578: return(-1); ! 579: ! 580: if ((f = fopenbin(ringfile, "r")) == NULL) ! 581: return(-1); ! 582: ! 583: fseek(f, fpos, SEEK_SET); ! 584: if (is_compromised(f)) ! 585: { fclose(f); ! 586: return(0); ! 587: } ! 588: if (nextkeypacket(f, &ctb) < 0) ! 589: { fclose(f); ! 590: return(-1); ! 591: } ! 592: if (ctb != CTB_CERT_PUBKEY) ! 593: { fclose(f); ! 594: return(0); /* don't ask to sign secret key */ ! 595: } ! 596: while (nextkeypacket(f, &ctb) == 0 && !is_key_ctb(ctb)) ! 597: if (ctb == CTB_USERID) /* check first userid */ ! 598: break; ! 599: if (ctb != CTB_USERID) ! 600: { ! 601: fclose(f); ! 602: return(-1); ! 603: } ! 604: ! 605: if ((status = read_trust(f, &trust)) < 0) ! 606: { ! 607: fclose(f); ! 608: return(status); ! 609: } ! 610: if ((trust & KC_LEGIT_MASK) == KC_LEGIT_COMPLETE) ! 611: { ! 612: fclose(f); ! 613: return(0); ! 614: } ! 615: show_key(f, fpos, SHOW_ALL); ! 616: fclose(f); ! 617: PascalToC((char *)userid); ! 618: fprintf(pgpout, PSTR("\nDo you want to certify this key yourself (y/N)? ")); ! 619: if (getyesno('n')) ! 620: { ! 621: if (signkey((char *)userid, my_name, ringfile) == 0) ! 622: maintenance(ringfile, MAINT_SILENT); ! 623: } ! 624: return(0); ! 625: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.