1 files changed, 58 insertions, 32 deletions
diff --git a/kiki.hs b/kiki.hs
index dab3d2c..f265add 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -1270,7 +1270,8 @@ sortByHint fname f = sortBy (comparing gethint)
    gethint = maybe defnum originalNum . Map.lookup fname . locations . f
    defnum = -1
-keyPacket (KeyData k _ _ _) = k
+keyMappedPacket (KeyData k _ _ _) = k
+keyPacket (KeyData k _ _ _) = packet k
 writeOutKeyrings :: Map.Map FilePath DotLock -> KeyDB -> IO ()
 writeOutKeyrings lkmap db = do
@@ -1282,7 +1283,7 @@ writeOutKeyrings lkmap db = do
    let s = do
        f <- fs
        let x = do
-                d@(KeyData p _ _ _) <- filter (fromfile f) (sortByHint f keyPacket ks)
+                d@(KeyData p _ _ _) <- filter (fromfile f) (sortByHint f keyMappedPacket ks)
                n <- maybeToList $ Map.lookup f (locations p)
                flattenTop f (originallyPublic n) d
            changes = filter isnew x
@@ -1333,8 +1334,7 @@ cross_merge doDecrypt grip0 keyrings wallets f = do
                            fp <- maybeToList grip
                            elm <- Map.toList db0
                            guard $ matchSpec (KeyGrip fp) elm
-                            let undata (KeyData p _ _ _) = packet p
+                            return $ keyPacket (snd elm)
-                            return $ undata (snd elm)
                wms <- mapM (readw wk) (map snd wsns++failed_wlocks)
                let -- db1= foldl' (uncurry . merge_) db0 wms
                    ts = do
@@ -2156,6 +2156,45 @@ whoseKey rsakey db = filter matchkey (Map.elems db)
        s2 <- signatures . Message $ [k,sub,subsig]
        signatures_over $ verify (Message [sub]) s2
+workingKey grip use_db = listToMaybe $ do
+                            fp <- maybeToList grip
+                            elm <- Map.toList use_db
+                            guard $ matchSpec (KeyGrip fp) elm
+                            return $ keyPacket (snd elm)
+has_good_sig wk (KeyData k sigs uids subs) = any goodsig $ Map.toList uids
+ where
+    goodsig (uidstr,(sigs,_)) = not . null $ do
+        sig0 <- fmap (packet . fst) sigs
+        pre_ov <- signatures (Message [packet k, UserIDPacket uidstr, sig0])
+        signatures_over $ verify (Message [wk]) pre_ov
+markForImport margs grip pubring db = maybe (return db) import_db $ wantToImport
+ where wantToImport = mplus import_f importifauth_f
+             where
+                import_f = do Map.lookup "--import" margs 
+                              return dont_have
+                importifauth_f = do Map.lookup "--import-if-authentic" margs
+                                    return isauth
+                dont_have (KeyData p _ _ _) = not . Map.member pubring
+                                                   $ locations p
+                isauth keydata = dont_have keydata && maybe False (`has_good_sig` keydata) wk
+                                  where wk = workingKey grip db
+       import_db dont_have = do
+                  forM_ to_alters $ \(_,KeyData c _ _ _) ->
+                    warn $ pubring ++ ": new "++showPacket (packet c)
+                  let db' = Map.union (Map.fromList altered)
+                                      db
+                  return db'
+              where
+                to_alters = filter (dont_have . snd) $ Map.toList db
+                altered = map (second append_loc) to_alters
+                append_loc (KeyData p a b c) = KeyData p' a b c
+                 where p' = p { locations = Map.insert pubring
+                                                       (origin (secretToPublic (packet p)) (-1))
+                                                       (locations p) 
+                              }
 kiki_usage = do
    putStr . unlines $
        ["kiki - a pgp key editing utility"
@@ -2188,6 +2227,11 @@ kiki_usage = do
        ,"     --import   Add master keys to pubring.gpg.  Without this option, only UID"
        ,"                and subkey data is updated. "
        ,""
+        ,"     --import-if-authentic"
+        ,"                Add signed master keys to pubring.gpg.  Like --import except that"
+        ,"                only keys with signatures from the working key (--show-wk) are"
+        ,"                imported."
+        ,""
        ,"     --autosign Sign all cross-certified tor-style UIDs."
        ,"                A tor-style UID is of the form:"
        ,"                        Anonymous <root@HOSTNAME.onion>"
@@ -2218,7 +2262,8 @@ kiki_usage = do
        ,"     --show-wk  Show fingerprints for the working key (which will be used to"
        ,"                make signatures) and all its subkeys and UID."
        ,""
-        ,"     --show-key Show fingerprints for the specified key and all its subkeys"
+        ,"     --show-key SPEC"
+        ,"                Show fingerprints for the specified key and all its subkeys"
        ,"                and UID."
        ,""
        ,"     --show-all Show fingerprints and UIDs and usage tags for all known keys."
@@ -2267,6 +2312,7 @@ main = do
                                     , ("--passphrase-fd",1)
                                     , ("--import",0)
                                     , ("--autosign",0)
+                                     , ("--import-if-authentic",0)
                                     , ("--show-wk",0)
                                     , ("--show-all",0)
                                     , ("--show-whose-key",0)
@@ -2377,25 +2423,8 @@ main = do
    -}
    cross_merge decrypt grip0 keyrings wallets $ \(secfile,grip) db -> do
-        let get_use_db = maybe (return db) import_db 
-                            $ Map.lookup "--import" margs
+        use_db0 <- return db
-            import_db _ = do
-                  forM_ to_alters $ \(_,KeyData c _ _ _) ->
-                    warn $ pubring ++ ": new "++showPacket (packet c)
-                  let db' = Map.union (Map.fromList altered)
-                                      db
-                  return db'
-              where
-                to_alters = filter (dont_have . snd) $ Map.toList db
-                altered = map (second append_loc) to_alters
-                append_loc (KeyData p a b c) = KeyData p' a b c
-                 where p' = p { locations = Map.insert pubring
-                                                       (origin (secretToPublic (packet p)) (-1))
-                                                       (locations p) 
-                              }
-                dont_have (KeyData p _ _ _) = not . Map.member pubring
-                                                   $ locations p
-        use_db0 <- get_use_db
        let pkeypairs = maybe [] id $ do
                            keygrip <- grip
@@ -2433,14 +2462,8 @@ main = do
            flip (maybe $ return use_db) 
                 (lookup "--autosign" $ map (\(x:xs)->(x,xs)) sargs)
                 $ \_ -> do
-                let keys = map undata $ Map.elems use_db
+                let keys = map keyPacket $ Map.elems use_db
-                    wk = listToMaybe $ do
+                    wk = workingKey grip use_db
-                            fp <- maybeToList grip
-                            elm <- Map.toList use_db
-                            guard $ matchSpec (KeyGrip fp) elm
-                            return $ undata (snd elm)
-                            
-                    undata (KeyData p _ _ _) = packet p
                -- g <- newGenIO
                -- stamp <- now
                wkun <- flip (maybe $ return Nothing) wk $ \wk -> do
@@ -2448,6 +2471,9 @@ main = do
                            maybe (error $ "Bad passphrase?") (return . Just) wkun
                -- return . snd $ Map.mapAccum (signTorIds stamp wkun keys) g use_db
                Traversable.mapM (signTorIds wkun keys) use_db
+        use_db <- markForImport margs grip pubring use_db
        ret_db <- return $ fmap (const use_db) ret_db
            
        ret_db <- flip (maybe $ return ret_db) ret_db $ \db -> do

diff --git a/kiki.hs b/kiki.hs index dab3d2c..f265add 100644 --- a/kiki.hs +++ b/kiki.hs
@@ -1270,7 +1270,8 @@ sortByHint fname f = sortBy (comparing gethint)
1270	gethint = maybe defnum originalNum . Map.lookup fname . locations . f	1270	gethint = maybe defnum originalNum . Map.lookup fname . locations . f
1271	defnum = -1	1271	defnum = -1
1272		1272
1273	keyPacket (KeyData k _ _ _) = k	1273	keyMappedPacket (KeyData k _ _ _) = k
		1274	keyPacket (KeyData k _ _ _) = packet k
1274		1275
1275	writeOutKeyrings :: Map.Map FilePath DotLock -> KeyDB -> IO ()	1276	writeOutKeyrings :: Map.Map FilePath DotLock -> KeyDB -> IO ()
1276	writeOutKeyrings lkmap db = do	1277	writeOutKeyrings lkmap db = do
@@ -1282,7 +1283,7 @@ writeOutKeyrings lkmap db = do
1282	let s = do	1283	let s = do
1283	f <- fs	1284	f <- fs
1284	let x = do	1285	let x = do
1285	d@(KeyData p _ _ _) <- filter (fromfile f) (sortByHint f keyPacket ks)	1286	d@(KeyData p _ _ _) <- filter (fromfile f) (sortByHint f keyMappedPacket ks)
1286	n <- maybeToList $ Map.lookup f (locations p)	1287	n <- maybeToList $ Map.lookup f (locations p)
1287	flattenTop f (originallyPublic n) d	1288	flattenTop f (originallyPublic n) d
1288	changes = filter isnew x	1289	changes = filter isnew x
@@ -1333,8 +1334,7 @@ cross_merge doDecrypt grip0 keyrings wallets f = do
1333	fp <- maybeToList grip	1334	fp <- maybeToList grip
1334	elm <- Map.toList db0	1335	elm <- Map.toList db0
1335	guard $ matchSpec (KeyGrip fp) elm	1336	guard $ matchSpec (KeyGrip fp) elm
1336	let undata (KeyData p _ _ _) = packet p	1337	return $ keyPacket (snd elm)
1337	return $ undata (snd elm)
1338	wms <- mapM (readw wk) (map snd wsns++failed_wlocks)	1338	wms <- mapM (readw wk) (map snd wsns++failed_wlocks)
1339	let -- db1= foldl' (uncurry . merge_) db0 wms	1339	let -- db1= foldl' (uncurry . merge_) db0 wms
1340	ts = do	1340	ts = do
@@ -2156,6 +2156,45 @@ whoseKey rsakey db = filter matchkey (Map.elems db)
2156	s2 <- signatures . Message $ [k,sub,subsig]	2156	s2 <- signatures . Message $ [k,sub,subsig]
2157	signatures_over $ verify (Message [sub]) s2	2157	signatures_over $ verify (Message [sub]) s2
2158		2158
		2159	workingKey grip use_db = listToMaybe $ do
		2160	fp <- maybeToList grip
		2161	elm <- Map.toList use_db
		2162	guard $ matchSpec (KeyGrip fp) elm
		2163	return $ keyPacket (snd elm)
		2164
		2165	has_good_sig wk (KeyData k sigs uids subs) = any goodsig $ Map.toList uids
		2166	where
		2167	goodsig (uidstr,(sigs,_)) = not . null $ do
		2168	sig0 <- fmap (packet . fst) sigs
		2169	pre_ov <- signatures (Message [packet k, UserIDPacket uidstr, sig0])
		2170	signatures_over $ verify (Message [wk]) pre_ov
		2171
		2172	markForImport margs grip pubring db = maybe (return db) import_db $ wantToImport
		2173	where wantToImport = mplus import_f importifauth_f
		2174	where
		2175	import_f = do Map.lookup "--import" margs
		2176	return dont_have
		2177	importifauth_f = do Map.lookup "--import-if-authentic" margs
		2178	return isauth
		2179	dont_have (KeyData p _ _ _) = not . Map.member pubring
		2180	$ locations p
		2181	isauth keydata = dont_have keydata && maybe False (`has_good_sig` keydata) wk
		2182	where wk = workingKey grip db
		2183	import_db dont_have = do
		2184	forM_ to_alters $ \(_,KeyData c _ _ _) ->
		2185	warn $ pubring ++ ": new "++showPacket (packet c)
		2186	let db' = Map.union (Map.fromList altered)
		2187	db
		2188	return db'
		2189	where
		2190	to_alters = filter (dont_have . snd) $ Map.toList db
		2191	altered = map (second append_loc) to_alters
		2192	append_loc (KeyData p a b c) = KeyData p' a b c
		2193	where p' = p { locations = Map.insert pubring
		2194	(origin (secretToPublic (packet p)) (-1))
		2195	(locations p)
		2196	}
		2197
2159	kiki_usage = do	2198	kiki_usage = do
2160	putStr . unlines $	2199	putStr . unlines $
2161	["kiki - a pgp key editing utility"	2200	["kiki - a pgp key editing utility"
@@ -2188,6 +2227,11 @@ kiki_usage = do
2188	," --import Add master keys to pubring.gpg. Without this option, only UID"	2227	," --import Add master keys to pubring.gpg. Without this option, only UID"
2189	," and subkey data is updated. "	2228	," and subkey data is updated. "
2190	,""	2229	,""
		2230	," --import-if-authentic"
		2231	," Add signed master keys to pubring.gpg. Like --import except that"
		2232	," only keys with signatures from the working key (--show-wk) are"
		2233	," imported."
		2234	,""
2191	," --autosign Sign all cross-certified tor-style UIDs."	2235	," --autosign Sign all cross-certified tor-style UIDs."
2192	," A tor-style UID is of the form:"	2236	," A tor-style UID is of the form:"
2193	," Anonymous <root@HOSTNAME.onion>"	2237	," Anonymous <root@HOSTNAME.onion>"
@@ -2218,7 +2262,8 @@ kiki_usage = do
2218	," --show-wk Show fingerprints for the working key (which will be used to"	2262	," --show-wk Show fingerprints for the working key (which will be used to"
2219	," make signatures) and all its subkeys and UID."	2263	," make signatures) and all its subkeys and UID."
2220	,""	2264	,""
2221	," --show-key Show fingerprints for the specified key and all its subkeys"	2265	," --show-key SPEC"
		2266	," Show fingerprints for the specified key and all its subkeys"
2222	," and UID."	2267	," and UID."
2223	,""	2268	,""
2224	," --show-all Show fingerprints and UIDs and usage tags for all known keys."	2269	," --show-all Show fingerprints and UIDs and usage tags for all known keys."
@@ -2267,6 +2312,7 @@ main = do
2267	, ("--passphrase-fd",1)	2312	, ("--passphrase-fd",1)
2268	, ("--import",0)	2313	, ("--import",0)
2269	, ("--autosign",0)	2314	, ("--autosign",0)
		2315	, ("--import-if-authentic",0)
2270	, ("--show-wk",0)	2316	, ("--show-wk",0)
2271	, ("--show-all",0)	2317	, ("--show-all",0)
2272	, ("--show-whose-key",0)	2318	, ("--show-whose-key",0)
@@ -2377,25 +2423,8 @@ main = do
2377	-}	2423	-}
2378		2424
2379	cross_merge decrypt grip0 keyrings wallets $ \(secfile,grip) db -> do	2425	cross_merge decrypt grip0 keyrings wallets $ \(secfile,grip) db -> do
2380	let get_use_db = maybe (return db) import_db	2426
2381	$ Map.lookup "--import" margs	2427	use_db0 <- return db
2382	import_db _ = do
2383	forM_ to_alters $ \(_,KeyData c _ _ _) ->
2384	warn $ pubring ++ ": new "++showPacket (packet c)
2385	let db' = Map.union (Map.fromList altered)
2386	db
2387	return db'
2388	where
2389	to_alters = filter (dont_have . snd) $ Map.toList db
2390	altered = map (second append_loc) to_alters
2391	append_loc (KeyData p a b c) = KeyData p' a b c
2392	where p' = p { locations = Map.insert pubring
2393	(origin (secretToPublic (packet p)) (-1))
2394	(locations p)
2395	}
2396	dont_have (KeyData p _ _ _) = not . Map.member pubring
2397	$ locations p
2398	use_db0 <- get_use_db
2399		2428
2400	let pkeypairs = maybe [] id $ do	2429	let pkeypairs = maybe [] id $ do
2401	keygrip <- grip	2430	keygrip <- grip
@@ -2433,14 +2462,8 @@ main = do
2433	flip (maybe $ return use_db)	2462	flip (maybe $ return use_db)
2434	(lookup "--autosign" $ map (\(x:xs)->(x,xs)) sargs)	2463	(lookup "--autosign" $ map (\(x:xs)->(x,xs)) sargs)
2435	$ \_ -> do	2464	$ \_ -> do
2436	let keys = map undata $ Map.elems use_db	2465	let keys = map keyPacket $ Map.elems use_db
2437	wk = listToMaybe $ do	2466	wk = workingKey grip use_db
2438	fp <- maybeToList grip
2439	elm <- Map.toList use_db
2440	guard $ matchSpec (KeyGrip fp) elm
2441	return $ undata (snd elm)
2442
2443	undata (KeyData p _ _ _) = packet p
2444	-- g <- newGenIO	2467	-- g <- newGenIO
2445	-- stamp <- now	2468	-- stamp <- now
2446	wkun <- flip (maybe $ return Nothing) wk $ \wk -> do	2469	wkun <- flip (maybe $ return Nothing) wk $ \wk -> do
@@ -2448,6 +2471,9 @@ main = do
2448	maybe (error $ "Bad passphrase?") (return . Just) wkun	2471	maybe (error $ "Bad passphrase?") (return . Just) wkun
2449	-- return . snd $ Map.mapAccum (signTorIds stamp wkun keys) g use_db	2472	-- return . snd $ Map.mapAccum (signTorIds stamp wkun keys) g use_db
2450	Traversable.mapM (signTorIds wkun keys) use_db	2473	Traversable.mapM (signTorIds wkun keys) use_db
		2474
		2475	use_db <- markForImport margs grip pubring use_db
		2476
2451	ret_db <- return $ fmap (const use_db) ret_db	2477	ret_db <- return $ fmap (const use_db) ret_db
2452		2478
2453	ret_db <- flip (maybe $ return ret_db) ret_db $ \db -> do	2479	ret_db <- flip (maybe $ return ret_db) ret_db $ \db -> do