pgprngpub.c

vc环境下的pgp源码

    pgpAssert(0);
    return 0;
#else
    union RingObject *key;
    pgpAssert(OBJISNAME(name));
	pgpAssert(pgpIsRingSetMember(set, name));
    (void)set;
    key = name->g.up;
    pgpAssert (OBJISTOPKEY(key));
	/*
	 * Force returned value if key is revoked or axiomatic.
	 * Allow expired keys to stay valid, so users can know what their status
	 * was before they expired.
	 */
    if (key->k.trust & PGP_KEYTRUSTF_REVOKED)
        return 0;
    if (key->k.trust & PGP_KEYTRUSTF_BUCKSTOP)
        return PGP_TRUST_INFINITE;
    if (!(name->g.flags & (RINGOBJF_TRUST)))
        ringMntValidateName (set, name);
    return ringTrustToIntern (name->n.validity); 
#endif
}

PGPUInt16
ringNameConfidence(RingSet const *set, union RingObject *name)
{
#if PGPTRUSTMODEL==0
	(void)set;
	(void)name;
	pgpAssert(0);
	return 0;
#else
	pgpAssert(OBJISNAME(name));
	pgpAssert(pgpIsRingSetMember(set, name));
	(void)set;
	return ringTrustToIntern (name->n.confidence);
#endif
}

int 
ringNameConfidenceUndefined(RingSet const *set, union RingObject *name)
{
#if PGPTRUSTMODEL==0
	(void)set;
	(void)name;
	pgpAssert(0);
	return 0;
#else
	pgpAssert(OBJISNAME(name));
	pgpAssert(pgpIsRingSetMember(set, name));
	(void)set;
	return (name->n.confidence == PGP_NEWTRUST_UNDEFINED);
#endif
}


void
ringNameSetConfidence(RingSet const *set, union RingObject *name,
		      PGPUInt16 confidence)
{
#if PGPTRUSTMODEL==0
	(void)set;
	(void)name;
	(void)confidence;
	pgpAssert(0);
#else
	pgpAssert(OBJISNAME(name));
	pgpAssert(pgpIsRingSetMember(set, name));

	confidence = (PGPUInt16) ringTrustToExtern (confidence);
	
	if (name->n.confidence != confidence) {
		name->n.confidence = (PGPByte) confidence;
		name->g.flags |= RINGOBJF_TRUSTCHANGED;
		ringPoolMarkTrustChanged (set->pool, &name->g.mask);
	}
	name->g.flags |= RINGOBJF_TRUST;
#endif
}

int
ringSigError(RingSet const *set, union RingObject *sig)
{
	PGPByte const *p;
	PGPSize len;

	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));

	if (!(sig->g.flags & SIGF_ERROR))
		return 0;

	p = (PGPByte const *)ringFetchObject(set, sig, &len);
	if (!p)
		return ringSetError(set)->error;
	return ringSigParse(p, len, NULL, NULL, NULL, NULL, NULL, NULL,
		NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
}

union RingObject *
ringSigMaker(RingSet const *sset, union RingObject *sig,
	RingSet const *kset)
{
	(void)sset;	/* Avoid warning */
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(sset, sig));

	sig = sig->s.by;
	pgpAssert(OBJISKEY(sig));	/* "sig" is now a key! */
	if (!pgpIsRingSetMember(kset, sig))
		return NULL;
	ringObjectHold(sig);
	return sig;
}

void
ringSigID8(RingSet const *set, union RingObject const *sig,
	PGPByte *pkalg, PGPKeyID *keyID)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	sig = sig->s.by;
	pgpAssert(OBJISKEY(sig));
	if (pkalg) {
		*pkalg = sig->k.pkalg;
		if ((*pkalg | 1) == 3)
			*pkalg = 1;	/* ViaCrypt */
	}
	if ( keyID )
	{
		pgpNewKeyIDFromRawData( sig->k.keyID, 8, keyID );
	}
}

PGPByte
ringSigTrust(RingSet const *set, union RingObject *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	if (ringSigError (set, sig))
		return PGP_SIGTRUST_INVALID;
	if (sig->s.by == NULL)
		return PGP_SIGTRUST_NOKEY;
	if (!(sig->s.trust & PGP_SIGTRUSTF_TRIED))
		return PGP_SIGTRUST_UNTRIED;
	if (!(sig->s.trust & PGP_SIGTRUSTF_CHECKED))
		return PGP_SIGTRUST_BAD;
	if (!(sig->g.flags & (RINGOBJF_TRUST))) {
		ringMntValidateKey (set, sig->s.by);
		return sig->s.by->k.trust & kPGPKeyTrust_Mask;
	}
	else
	        return sig->s.trust & kPGPKeyTrust_Mask;
}

int
ringSigChecked(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return sig->s.trust & PGP_SIGTRUSTF_CHECKED;
}

int
ringSigTried(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return sig->s.trust & PGP_SIGTRUSTF_TRIED;
}

int
ringSigExportable(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return SIGISEXPORTABLE(&sig->s);
}

PGPByte
ringSigTrustLevel(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return sig->s.trustLevel;
}

PGPByte
ringSigTrustValue(RingSet const *set, union RingObject const *sig)
{
	PGPByte trustValue;

	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	trustValue = sig->s.trustValue;
#if PGPTRUSTMODEL==0
	trustValue = ringTrustExternToOld(set->pool, trustValue);
#endif
	return sig->s.trustValue;
}

/* Call ringSigTrust to get sig status, then call this function if
   sig is good and the confidence is required. */

PGPUInt16
ringSigConfidence(RingSet const *set, union RingObject *sig)
{
#if PGPTRUSTMODEL==0
	(void)set;
	(void)sig;
	pgpAssert(0);
	return 0;
#else
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	if (sig->s.by != NULL) {
		if (pgpIsRingSetMember(set, sig->s.by)) {
			if (sig->s.by->k.trust & PGP_KEYTRUSTF_REVOKED)
				return 0;
			else
				return ringKeyCalcTrust (set, sig->s.by);
		}
		else
			return 0;
	}
	else
		return 0;
#endif
}


int
ringSigType(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return sig->s.type;
}

PGPUInt32
ringSigTimestamp(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	return sig->s.tstamp;
}

PGPUInt32
ringSigExpiration(RingSet const *set, union RingObject const *sig)
{
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	(void)set;
	if (sig->s.tstamp == 0 || sig->s.sigvalidity == 0)
		return 0;    /* valid indefinitely */
	else
		return sig->s.tstamp + sig->s.sigvalidity;
}

/*
 * True if sig is a self-sig.
 */
PGPBoolean
ringSigIsSelfSig(RingSet const *set, RingObject const *sig)
{
	RingObject const	*parent;

	(void)set;
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));

	/* Find top-level key */
	parent = sig;
	while (!OBJISTOPKEY(parent))
		parent = parent->g.up;

	/* No good if not signed by top-level key (selfsig) */
	if (sig->s.by != parent)
		return FALSE;

	/* All OK */
	return TRUE;
}



/*
 * True if sig is an X509 sig.
 */
PGPBoolean
ringSigIsX509(RingSet const *set, RingObject const *sig)
{
	(void)set;
	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));

	return SIGISX509(&sig->s) != 0;
}

PGPByte *
ringSigX509Certificate(RingSet const *set, RingObject *sig, PGPSize *len)
{
	PGPByte *ptr;

	pgpAssert(OBJISSIG(sig));
	pgpAssert(pgpIsRingSetMember(set, sig));
	pgpAssert(IsntNull(len));

	*len = 0;
	if (!SIGISX509 (&sig->s))
		return NULL;
	ptr = (PGPByte *)ringFetchObject(set, sig, len);
	if (IsNull( ptr ) )
		return NULL;
	ptr = (PGPByte *)ringSigFindNAISubSubpacket(ptr, SIGSUBSUB_X509, 0, len,
												NULL, NULL, NULL, NULL);
	if( IsntNull( ptr ) ) {
		/* Skip type, version bytes */
		pgpAssert (ptr[0] == SIGSUBSUB_X509);
		ptr += 3;
		*len -= 3;
	}

	return ptr;
}

int
ringCRLChecked(RingSet const *set, union RingObject const *crl)
{
	pgpAssert(OBJISCRL(crl));
	pgpAssert(pgpIsRingSetMember(set, crl));
	(void)set;
	return crl->r.trust & PGP_SIGTRUSTF_CHECKED;
}

int
ringCRLTried(RingSet const *set, union RingObject const *crl)
{
	pgpAssert(OBJISCRL(crl));
	pgpAssert(pgpIsRingSetMember(set, crl));
	(void)set;
	return crl->r.trust & PGP_SIGTRUSTF_TRIED;
}

PGPUInt32
ringCRLCreation(RingSet const *set, union RingObject const *crl)
{
	pgpAssert(OBJISCRL(crl));
	pgpAssert(pgpIsRingSetMember(set, crl));
	(void)set;
	return crl->r.tstamp;
}

PGPUInt32
ringCRLExpiration(RingSet const *set, union RingObject const *crl)
{
	pgpAssert(OBJISCRL(crl));
	pgpAssert(pgpIsRingSetMember(set, crl));
	(void)set;
	return crl->r.tstampnext;
}

/* True if the key has a CRL */
PGPBoolean
ringKeyHasCRL(RingSet const *set, RingObject *key)
{
	RingIterator *iter;
	union RingObject *obj;
	PGPInt32 level;

	if (!set)
		return FALSE;

	iter = ringIterCreate(set);
	if (!iter)
		return FALSE;	/* How to distinguish from no luck? */

	ringIterSeekTo (iter, key);
	level = ringIterCurrentLevel(iter);
	while (ringIterNextObject(iter, level+1) > 0) {
		obj = ringIterCurrentObject(iter, level+1);
		pgpAssert(obj);
		if (!OBJISCRL(obj))
			continue;
		/* Don't count unverifiable CRLs */
		if (!ringCRLChecked(set, obj))
			continue;
		ringIterDestroy(iter);
		return TRUE;
	}
	ringIterDestroy(iter);
	return FALSE;
}

/* Return nth CRL of key, along with a count of all CRLs if requested.
 * Doesn't count superceded CRLs.
 * Call this the first time with n=0 and &crlcount, and later times with
 * crlcount holding NULL.
 */
RingObject *
ringKeyNthCRL(RingSet const *set, RingObject *key, PGPUInt32 n,
	PGPUInt32 *crlcount)
{
	RingIterator *iter;
	RingObject *obj;
	RingObject *nthcrl = NULL;
	PGPUInt32 count = 0;
	PGPInt32 level;

	if( IsntNull( crlcount ) )
		*crlcount = 0;

	if (!set)
		return NULL;
	iter = ringIterCreate(set);
	if (!iter)
		return NULL;	/* How to distinguish from no luck? */

	ringIterSeekTo (iter, key);
	level = ringIterCurrentLevel(iter);
	while (ringIterNextObject(iter, level+1) > 0) {
		obj = ringIterCurrentObject(iter, level+1);
		pgpAssert(obj);
		if (!OBJISCRL(obj))
			continue;
		if (!ringCRLChecked(set, obj))
			continue;
		if (!ringCRLIsCurrent(set, obj, 0))
			continue;
		if (count++ == n) {
			nthcrl = obj;
			if (IsNull( crlcount ))
				break;
		}
	}
	ringIterDestroy(iter);
	if( IsntNull( crlcount ) )
		*crlcount = count;
	return nthcrl;
}


/*
 * Find the earliest non-replaced CRL issued by a key.
 * If expiration is true, use expiration dates, else creation dates.
 */
union RingObject *
ringKeyEarliestCRL(RingSet const *set, RingObject *key, PGPBoolean expiration)
{
	RingObject	*crl;
	RingObject *bestcrl = NULL;
	PGPUInt32 crltime;
	PGPUInt32 besttime = (PGPUInt32)-1L;
	PGPUInt32 n = 0;
	PGPUInt32 crlcount = 0;

	do {
		crl = ringKeyNthCRL(set, key, n, (n?NULL:&crlcount));
		if( IsNull( crl ) )
			break;
		if( expiration )
			crltime = ringCRLExpiration( set, crl );
		else
			crltime = ringCRLCreation( set, crl );
		if (crltime < besttime) {
			besttime = crltime;
			bestcrl = crl;
		}
	} while (n++ < crlcount);

	return bestcrl;
}


/*
 * See whether there is a more recent CRL for this key with the same
 * dist. point.
 * If tstamp is nonzero, also checks for expiration of CRL.
 */
PGPBoolean
ringCRLIsCurrent (RingSet const *set, RingObject *crl, PGPUInt32 tstamp)
{
	RingIterator *iter;
	union RingObject *obj;
	PGPUInt32 crlcreation, crlexpiration;
	PGPUInt32 objcreation;
	PGPInt32 level;
	PGPByte const *tmpdpoint;
	PGPByte *dpoint = NULL;
	PGPByte const *dpoint2;
	PGPSize dpointlen;
	PGPSize dpoint2len;
	PGPContextRef context;

	pgpAssert (IsntNull(set));
	pgpAssert (OBJISCRL(crl));
	pgpAssert (pgpIsRingSetMember(set, crl));

	context = ringPoolContext( ringSetPool(set) );

	crlcreation = ringCRLCreation(set, crl);
	crlexpiration = ringCRLExpiration(set, crl);
	if (tstamp != 0) {
		if (crlexpiration < tstamp)
			return FALSE;
	}

	iter = ringIterCreate(set);
	if (!iter)
		return TRUE;	/* How to distinguish from no luck? */

	if( CRLHASDPOINT( &crl->r ) ) {
		/* Read dpoint data structure */
		tmpdpoint = ringCRLDistributionPoint( set, crl, &dpointlen );
		dpoint = pgpContextMemAlloc( context, dpointlen, 0 );
		pgpCopyMemory( tmpdpoint, dpoint, dpointlen );
		if( IsNull( dpoint ) ) {
			ringIterDestroy( iter );
			return TRUE;
		}
	}

	/* Find key above CRL */
	ringIterSeekTo (iter, crl);
	level = ringIterCurrentLevel(iter);
	pgpAssert (level > 1);
	obj = ringIterCurrentObject(iter, level-1);
	pgpAssert (OBJISKEY(obj));
	while (ringIterNextObject(iter, level) > 0) {
		obj = ringIterCurrentObject(iter, level);
		pgpAssert(obj);
		if (obj == crl)
			continue;
		if (!OBJISCRL(obj))
			continue;
		if (!ringCRLChecked(set, obj))
			continue;
		if (CRLHASDPOINT(&obj->r) != CRLHASDPOINT(&crl->r))
			continu