/[pkg-mixmaster]/trunk/Mix/Src/pgpdb.c

Diff of /trunk/Mix/Src/pgpdb.c

Parent Directory | Revision Log | View Patch Patch

-revision 91 by rabbi,
Wed Jul 10 01:58:49 2002 UTC
+revision 332 by weaselp,
Wed Oct  9 20:53:32 2002 UTC
 Line 6
     details.
     OpenPGP key database
-    $Id: pgpdb.c,v 1.2 2002/07/10 01:58:49 rabbi Exp $ */
+    $Id: pgpdb.c,v 1.21 2002/10/09 20:53:31 weaselp Exp $ */
  #include "mix3.h"
 Line 20
  static int pgp_readkeyring(BUFFER *keys, char *filename)
  {
    FILE *keyfile;
-   BUFFER *armored;
+   BUFFER *armored, *line, *tmp;
    int err = -1;
    if ((keyfile = mix_openfile(filename, "rb")) == NULL)
 Line 33 
 static int pgp_readkeyring(BUFFER *keys,
      err = 0;
      buf_move(keys, armored);
    } else {
-     err = pgp_dearmor(armored, keys);
+     line = buf_new();
-     if (err == 0)
+     tmp = buf_new();
-       err = ARMORED;
+     while (1) {
+       do
+         if (buf_getline(armored, line) == -1) {
+           goto end_greedy_dearmor;
+         }
+       while (!bufleft(line, begin_pgp)) ;
+       buf_clear(tmp);
+       buf_cat(tmp, line);
+       buf_appends(tmp, "\n");
+       do {
+         if (buf_getline(armored, line) == -1) {
+           goto end_greedy_dearmor;
+         }
+         buf_cat(tmp, line);
+         buf_appends(tmp, "\n");
+       } while (!bufleft(line, end_pgp)) ;
+       if (pgp_dearmor(tmp, tmp) == 0) {
+         err = ARMORED;
+         buf_cat(keys, tmp);
+       }
+     }
+ end_greedy_dearmor:
+     buf_free(line);
+     buf_free(tmp);
    }
    buf_free(armored);
    return (err);
  }
- KEYRING *pgpdb_open(char *keyring, BUFFER *encryptkey, int writer)
+ KEYRING *pgpdb_open(char *keyring, BUFFER *encryptkey, int writer, int type)
  {
    KEYRING *keydb;
-   keydb = pgpdb_new(keyring, -1, encryptkey);
+   assert(! ((writer) && (type == PGP_TYPE_UNDEFINED)));
+   keydb = pgpdb_new(keyring, -1, encryptkey, type);
+ #ifndef NDEBUG
+   keydb->writer = writer;
+ #endif
    if (writer)
      keydb->lock = lockfile(keyring);
    keydb->filetype = pgp_readkeyring(keydb->db, keyring);
-Line 54 
 KEYRING *pgpdb_open(char *keyring, BUFFE
+Line 84 
 KEYRING *pgpdb_open(char *keyring, BUFFE
      pgpdb_close(keydb);
      return (NULL);
    }
- #endif
+ #endif /* if 0 */
    if (encryptkey && encryptkey->length && pgp_isconventional(keydb->db) &&
        pgp_decrypt(keydb->db, encryptkey, NULL, NULL, NULL) < 0) {
      user_delpass();
-Line 63 
 KEYRING *pgpdb_open(char *keyring, BUFFE
+Line 93 
 KEYRING *pgpdb_open(char *keyring, BUFFE
    return (keydb);
  }
- KEYRING *pgpdb_new(char *keyring, int filetype, BUFFER *encryptkey)
+ KEYRING *pgpdb_new(char *keyring, int filetype, BUFFER *encryptkey, int type)
  {
    KEYRING *keydb;
-Line 74 
 KEYRING *pgpdb_new(char *keyring, int fi
+Line 104 
 KEYRING *pgpdb_new(char *keyring, int fi
    keydb->db = buf_new();
    keydb->modified = 0;
    keydb->lock = NULL;
+   keydb->type = type;
    strncpy(keydb->filename, keyring, sizeof(keydb->filename));
    keydb->filetype = filetype;
    if (encryptkey == NULL)
-Line 91 
 int pgpdb_close(KEYRING *keydb)
+Line 122 
 int pgpdb_close(KEYRING *keydb)
    if (keydb->modified) {
      FILE *f;
+ #ifndef ndebug
+     assert(keydb->writer);
+ #endif
      if (keydb->encryptkey && keydb->encryptkey->length)
        pgp_encrypt(PGP_NCONVENTIONAL | PGP_NOARMOR, keydb->db,
                    keydb->encryptkey, NULL, NULL, NULL, NULL);
+     assert(keydb->type == PGP_TYPE_PRIVATE || keydb->type == PGP_TYPE_PUBLIC);
      if (keydb->filetype == ARMORED)
-       pgp_armor(keydb->db, 2);
+       pgp_armor(keydb->db, keydb->type == PGP_TYPE_PUBLIC ? PGP_ARMOR_KEY : PGP_ARMOR_SECKEY);
      if (keydb->filetype == -1 || (f = mix_openfile(keydb->filename,
                                                     keydb->filetype ==
                                                     ARMORED ? "w" : "wb"))
-Line 128 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
+Line 162 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
    p = buf_new();
    i = buf_new();
    thisid = buf_new();
    if (key == NULL) {
      tempbuf = 1;
      key = buf_new();
-Line 170 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
+Line 204 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
        case PGP_USERID:
  #ifdef DEBUG
          printf("%s\n", p->data);
- #endif
+ #endif /* DEBUG */
          if (userid && userid->length > 0 && bufifind(p, userid->data))
            found = 1;
          break;
-Line 192 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
+Line 226 
 int pgpdb_getnext(KEYRING *keydb, BUFFER
  int pgpdb_append(KEYRING *keydb, BUFFER *p)
  {
    assert(keydb->lock);
+ #ifndef ndebug
+   assert(keydb->writer);
+ #endif
    buf_cat(keydb->db, p);
    keydb->modified = 1;
    return (0);
-Line 199 
 int pgpdb_append(KEYRING *keydb, BUFFER
+Line 236 
 int pgpdb_append(KEYRING *keydb, BUFFER
  #define pgp_preferredalgo PGP_ES_RSA
- int pgpdb_getkey(int mode, int algo, int *sym, BUFFER *key, BUFFER *userid,
+ int pgpdb_getkey(int mode, int algo, int *sym, int *mdc, long *expires, BUFFER *key, BUFFER *userid,
                   BUFFER *founduid, BUFFER *keyid, char *keyring, BUFFER *pass)
+ /* FIXME: This could be changed to return the key with the latest expiration date if
+  *        a key is not unique */
  {
    KEYRING *r;
    BUFFER *id, *thisid, *thiskey;
-Line 211 
 int pgpdb_getkey(int mode, int algo, int
+Line 250 
 int pgpdb_getkey(int mode, int algo, int
    thisid = buf_new();
    thiskey = buf_new();
    if (keyring)
-     r = pgpdb_open(keyring, pass, 0);
+     r = pgpdb_open(keyring, pass, 0, PGP_TYPE_UNDEFINED);
    else
      switch (mode) {
      case PK_DECRYPT:
      case PK_SIGN:
-       r = pgpdb_open(PGPREMSECRING, NULL, 0);
+       r = pgpdb_open(PGPREMSECRING, NULL, 0, PGP_TYPE_PRIVATE);
        break;
      case PK_ENCRYPT:
      case PK_VERIFY:
-       r = pgpdb_open(PGPREMPUBRING, NULL, 0);
+       r = pgpdb_open(PGPREMPUBRING, NULL, 0, PGP_TYPE_PUBLIC);
        if (r != NULL && r->filetype == -1) {
          pgpdb_close(r);
-         r = pgpdb_open(PGPREMPUBASC, NULL, 0);
+         r = pgpdb_open(PGPREMPUBASC, NULL, 0, PGP_TYPE_PUBLIC);
        }
        break;
      default:
-Line 238 
 int pgpdb_getkey(int mode, int algo, int
+Line 277 
 int pgpdb_getkey(int mode, int algo, int
        break;
      if (keyid) /* pgp_getkey has to chose subkey with given keyid */
        buf_set(thisid, keyid);
-     thisalgo = pgp_getkey(mode, algo, sym, thiskey, thiskey, thisid, founduid,
+     thisalgo = pgp_getkey(mode, algo, sym, mdc, expires, thiskey, thiskey, thisid, founduid,
                            pass);
      if (thisalgo == PGP_PASS)
        needpass = 1;
-Line 267 
 end:
+Line 306 
 end:
          errlog(NOTICE, "Key %b not found!\n", userid);
        else if (keyid && keyid->length > 7)
          errlog(NOTICE, "Key %02X%02X%02X%02X not found!\n", keyid->data[4],
                 keyid->data[5], keyid->data[6], keyid->data[7]);
      }
    }
    if (found > 1) {
-Line 291 
 end:
+Line 330 
 end:
  int pgp_keymgt(int force)
  {
    FILE *f = NULL;
-   BUFFER *key, *userid, *out, *outkey, *outtxt, *pass;
+   BUFFER *key, *keybak, *userid, *out, *outkey, *outtxt, *pass, *secout;
    KEYRING *keys;
-   int err = 0, type = 0;
+   int err = 0, res, recreate_pubring = 0, dsa_ok = 0;
+ #ifdef USE_RSA
+ #ifdef USE_IDEA
+   int rsa_ok = 0;
+ #endif /* USE_IDEA */
+ #endif /* USE_RSA */
+   long expires;
+   LOCK *seclock;
    key = buf_new();
    out = buf_new();
+   keybak = buf_new();
+   secout = buf_new();
    userid = buf_new();
    buf_sets(userid, REMAILERNAME);
    pass = buf_new();
-   buf_sets(pass, PASS_PHRASE);
+   buf_sets(pass, PASSPHRASE);
    outtxt = buf_new();
    outkey = buf_new();
  #ifdef USE_RSA
-   if (force == 2 || (pgpdb_getkey(PK_DECRYPT, PGP_ES_RSA, NULL, NULL, NULL,
+   /* We only want to build RSA keys if we also can do IDEA
-                                   NULL, NULL, NULL, pass) < 0))
+    * This is to not lose any mail should users try our RSA key
+    * with IDEA.
+    */
+ #ifdef USE_IDEA
+   /* FIXME: pgpdb_getky returns the expiration date from the last key in the keyring
+    *        which probably works most of the time if the keys are in the correct order
+    *        it doesn't return the latest expiration date (or 0) if the key in question
+    *        is before another matching key in the keyring tho
+    */
+   res = pgpdb_getkey(PK_DECRYPT, PGP_ES_RSA, NULL, NULL, &expires, NULL, NULL,
+                                   NULL, NULL, NULL, pass);
+   if (force == 2 || res < 0 || (expires > 0 && expires - KEYOVERLAPPERIOD < time(NULL))) {
+     rsa_ok = -1;
      pgp_keygen(PGP_ES_RSA, 0, userid, pass, PGPKEY, PGPREMSECRING, 0);
+   };
-   if (force == 0 && (pgpdb_getkey(PK_ENCRYPT, PGP_ES_RSA, NULL, NULL, NULL,
+   if (force == 0 && (pgpdb_getkey(PK_ENCRYPT, PGP_ES_RSA, NULL, NULL, NULL, NULL, NULL,
-                                   NULL, NULL, PGPKEY, NULL) < 0))
+                                   NULL, NULL, PGPKEY, NULL) < 0) && rsa_ok == 0)
-     goto end;
+     rsa_ok = 1;
- #endif
+ #endif /* USE_IDEA */
-   if (force == 2 || (pgpdb_getkey(PK_DECRYPT, PGP_E_ELG, NULL, NULL, NULL,
+ #endif /* USE_RSA */
-                                   NULL, NULL, NULL, pass) < 0))
+   /* FIXME: pgpdb_getky returns the expiration date from the last key in the keyring
+    *        which probably works most of the time if the keys are in the correct order
+    *        it doesn't return the latest expiration date (or 0) if the key in question
+    *        is before another matching key in the keyring tho
+    */
+   res = pgpdb_getkey(PK_DECRYPT, PGP_E_ELG, NULL, NULL, &expires, NULL, NULL,
+                                   NULL, NULL, NULL, pass);
+   if (force == 2 || res < 0 || (expires > 0 && expires - KEYOVERLAPPERIOD < time(NULL))) {
+     dsa_ok = -1;
      pgp_keygen(PGP_E_ELG, 0, userid, pass, PGPKEY, PGPREMSECRING, 0);
+   }
+   if (force == 0 && (pgpdb_getkey(PK_ENCRYPT, PGP_E_ELG, NULL, NULL, NULL, NULL, NULL,
+                                   NULL, NULL, PGPKEY, NULL) > 0) && dsa_ok == 0)
+     dsa_ok = 1;
-   if (force == 0 && (pgpdb_getkey(PK_ENCRYPT, PGP_E_ELG, NULL, NULL, NULL,
+   /* No need to rewrite the files - we didn't change a thing */
-                                   NULL, NULL, PGPKEY, NULL) > 0))
+   if (
+ #ifdef USE_RSA
+ #ifdef USE_IDEA
+       rsa_ok == 1 &&
+ #endif /* USE_IDEA */
+ #endif /* USE_RSA */
+       dsa_ok == 1)
      goto end;
-   /* write RSA and DSA/ElGamal keys separately to make old PGP
+   /* write keys one key per armor to make hand editing easy and old PGP
-      versions happy */
+    * versions happy */
    err = -1;
-   for (type = 0; type < 2; type++) {
+   keys = pgpdb_open(PGPKEY, NULL, 0, PGP_TYPE_PUBLIC);
-     keys = pgpdb_open(PGPREMSECRING, NULL, 0);
+   if (keys == NULL)
-     if (keys == NULL)
+     recreate_pubring = 1;
-       goto end;
+   else {
      while (pgpdb_getnext(keys, key, NULL, userid) != -1) {
-       buf_clear(outkey);
        buf_clear(outtxt);
-       if (pgp_makepubkey(key, outtxt, outkey, pass,
+       if (pgp_makekeyheader(PGP_PUBKEY, key, outtxt, NULL, PGP_ANY) == 0) {
-                          type == 0 ? PGP_ES_RSA : PGP_S_DSA) == 0) {
+         err = 0;
-         err = 0;
+         buf_appends(out, "Type Bits/KeyID     Date       User ID\n");
-         buf_appends(out, "Type Bits/KeyID    Date       User ID\n");
          buf_cat(out, outtxt);
-         pgp_armor(outkey, 2);
          buf_nl(out);
-         buf_cat(out, outkey);
+         pgp_armor(key, PGP_ARMOR_KEY);
+         buf_cat(out, key);
          buf_nl(out);
        }
      }
      pgpdb_close(keys);
    }
+   if (err != 0)
+     recreate_pubring = 1;
+   err = -1;
+   keys = pgpdb_open(PGPREMSECRING, NULL, 0, PGP_TYPE_PRIVATE);
+   if (keys == NULL)
+     goto end;
+   while (pgpdb_getnext(keys, key, NULL, userid) != -1) {
+     buf_clear(outtxt);
+     buf_clear(outkey);
+     buf_clear(keybak);
+     buf_cat(keybak, key);
+     if (pgp_makekeyheader(PGP_SECKEY, key, outtxt, pass, PGP_ANY) == 0) {
+       err = 0;
+       buf_appends(secout, "Type Bits/KeyID     Date       User ID\n");
+       buf_cat(secout, outtxt);
+       buf_nl(secout);
+       pgp_armor(key, PGP_ARMOR_SECKEY);
+       buf_cat(secout, key);
+       buf_nl(secout);
+     }
+     buf_clear(outtxt);
+     if (recreate_pubring &&
+         pgp_makepubkey(keybak, outtxt, outkey, pass, PGP_ANY) == 0) {
+       buf_appends(out, "Type Bits/KeyID     Date       User ID\n");
+       buf_cat(out, outtxt);
+       buf_nl(out);
+       pgp_armor(outkey, PGP_ARMOR_KEY);
+       buf_cat(out, outkey);
+       buf_nl(out);
+     }
+   }
+   pgpdb_close(keys);
+   seclock = lockfile(PGPREMSECRING);
+   if (err == 0 && (f = mix_openfile(PGPREMSECRING, "w")) != NULL) {
+     buf_write(secout, f);
+     fclose(f);
+   } else
+     err = -1;
+   unlockfile(seclock);
    if (err == 0 && (f = mix_openfile(PGPKEY, "w")) != NULL) {
-       buf_write(out, f);
+     buf_write(out, f);
-       fclose(f);
+     fclose(f);
-     } else
+   } else
-       err = -1;
+     err = -1;
  end:
    buf_free(key);
+   buf_free(keybak);
    buf_free(out);
    buf_free(userid);
    buf_free(pass);
    buf_free(outtxt);
    buf_free(outkey);
+   buf_free(secout);
+   return (err);
+ }
+ int pgp_latestkeys(BUFFER* outtxt, int algo)
+ /* returns our latest key from pgpkey.txt in the buffer outtxt
+  * with pgp key header, ascii armored
+  *
+  * Can probably be extended to do this for all keys if we pass
+  * the keyring file and the userid
+  *
+  * IN:  algo: PGP_ANY, PGP_ES_RSA, PGP_E_ELG, PGP_S_DSA
+  * OUT: outtxt
+  */
+ {
+   int err = -1;
+   long expires_found = 0, expires;
+   BUFFER *key, *userid, *tmptxt;
+   KEYRING *keys;
+   key = buf_new();
+   userid = buf_new();
+   buf_sets(userid, REMAILERNAME);
+   tmptxt = buf_new();
+   keys = pgpdb_open(PGPKEY, NULL, 0, PGP_TYPE_PUBLIC);
+   if (keys != NULL) {
+     while (pgpdb_getnext(keys, key, NULL, userid) != -1) {
+       buf_clear(tmptxt);
+       if (pgp_makekeyheader(PGP_PUBKEY, key, tmptxt, NULL, algo) == 0) {
+         buf_rewind(key);
+         pgp_getkey(PK_VERIFY, algo, NULL, NULL, &expires, key, NULL, NULL, NULL, NULL);
+         if (expires == 0 || (expires_found <= expires)) {
+           err = 0;
+           buf_clear(outtxt);
+           buf_appends(outtxt, "Type Bits/KeyID     Date       User ID\n");
+           buf_cat(outtxt, tmptxt);
+           buf_nl(outtxt);
+           pgp_armor(key, PGP_ARMOR_KEY);
+           buf_cat(outtxt, key);
+           buf_nl(outtxt);
+           expires_found = expires;
+         }
+       }
+     }
+     pgpdb_close(keys);
+   }
+   buf_free(key);
+   buf_free(userid);
+   buf_free(tmptxt);
    return (err);
  }
-Line 385 
 int pgp_rlist(REMAILER remailer[], int n
+Line 556 
 int pgp_rlist(REMAILER remailer[], int n
    return (0);
  }
+ int pgp_rkeylist(REMAILER remailer[], int keyid[], int n)
+      /* Step through all remailers and get keyid */
+ {
+   BUFFER *userid;
+   BUFFER *id;
+   int i, err;
+   userid = buf_new();
+   id = buf_new();
+   for (i = 1; i < n; i++) {
+     buf_clear(userid);
+     buf_setf(userid, "<%s>", remailer[i].addr);
+     keyid[i]=0;
+     if (remailer[i].flags.pgp) {
+       buf_clear(id);
+       err = pgpdb_getkey(PK_VERIFY, PGP_ANY, NULL, NULL, NULL, NULL, userid, NULL, id, NULL, NULL);
+       if (id->length == 8) {
+         /* printf("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x %s\n",
+            id->data[0], id->data[1], id->data[2], id->data[3], id->data[4], id->data[5], id->data[6], id->data[7], id->data[8], remailer[i].addr); */
+         keyid[i] = (((((id->data[4] << 8) + id->data[5]) << 8) + id->data[6]) << 8) + id->data[7];
+       }
+     }
+   }
+   buf_free(userid);
+   return (0);
+ }
  #endif /* USE_PGP */

 Legend:



Removed from v.91
 


changed lines


 
Added in v.332
 Legend:



Removed from v.91
 


changed lines


 
Added in v.332
-Removed from v.91
+Added in v.332

	ViewVC Help
Powered by ViewVC 1.1.5