gpg: Add experimental AKL method "wkd" and option --with-wkd-hash.

* g10/getkey.c (parse_auto_key_locate): Add method "wkd".
(get_pubkey_byname): Implement that method.  Also rename a variable.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): New.
* g10/keyserver.c (keyserver_import_wkd): New.
* g10/test-stubs.c (keyserver_import_wkd): Add stub.
* g10/gpgv.c (keyserver_import_wkd): Ditto.
* g10/options.h (opt):  Add field 'with_wkd_hash'.
(AKL_WKD): New.

* g10/gpg.c (oWithWKDHash): New.
(opts): Add option --with-wkd-hash.
(main): Set that option.
* g10/keylist.c (list_keyblock_print): Implement that option.
--

The Web Key Directory is an experimental feature to retrieve a key via
https.  It is similar to OpenPGP DANE but also uses an encryption to
reveal less information about a key lookup.

For example the URI to lookup the key for [email protected] is:

    https://example.org/.well-known/openpgpkey/
    hu/example.org/iy9q119eutrkn8s1mk4r39qejnbu3n5q

(line has been wrapped for rendering purposes).  The hash is a
z-Base-32 encoded SHA-1 hash of the mail address' local-part.  The
address [email protected] can be used for testing.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 21 insertions, 13 deletions

diff --git a/g10/getkey.c b/g10/getkey.c
index 481e8dd92..a3d29f50a 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1274,7 +1274,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	{
 	  unsigned char *fpr = NULL;
 	  size_t fpr_len;
-	  int did_key_byname = 0;
+	  int did_akl_local = 0;
 	  int no_fingerprint = 0;
 	  const char *mechanism = "?";
 
@@ -1288,7 +1288,7 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
 	    case AKL_LOCAL:
 	      mechanism = "Local";
-	      did_key_byname = 1;
+	      did_akl_local = 1;
 	      if (retctx)
 		{
 		  getkey_end (*retctx);
@@ -1321,6 +1321,13 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 	      glo_ctrl.in_auto_key_retrieve--;
 	      break;
 
+	    case AKL_WKD:
+	      mechanism = "WKD";
+	      glo_ctrl.in_auto_key_retrieve++;
+	      rc = keyserver_import_wkd (ctrl, name, &fpr, &fpr_len);
+	      glo_ctrl.in_auto_key_retrieve--;
+	      break;
+
 	    case AKL_LDAP:
 	      mechanism = "LDAP";
 	      glo_ctrl.in_auto_key_retrieve++;
@@ -1386,22 +1393,20 @@ get_pubkey_byname (ctrl_t ctrl, GETKEY_CTX * retctx, PKT_public_key * pk,
 
 	      add_to_strlist (&namelist, fpr_string);
 	    }
-	  else if (!rc && !fpr && !did_key_byname)
-	    /* The acquisition method said no failure occurred, but it
-	       didn't return a fingerprint.  That's a failure.  */
-	    {
-	      no_fingerprint = 1;
+	  else if (!rc && !fpr && !did_akl_local)
+            { /* The acquisition method said no failure occurred, but
+                 it didn't return a fingerprint.  That's a failure.  */
+              no_fingerprint = 1;
 	      rc = GPG_ERR_NO_PUBKEY;
 	    }
 	  xfree (fpr);
 	  fpr = NULL;
 
-	  if (!rc && !did_key_byname)
-	    /* There was no error and we didn't do a local lookup.
-	       This means that we imported a key into the local
-	       keyring.  Try to read the imported key from the
-	       keyring.  */
-	    {
+	  if (!rc && !did_akl_local)
+            { /* There was no error and we didn't do a local lookup.
+	         This means that we imported a key into the local
+	         keyring.  Try to read the imported key from the
+	         keyring.  */
 	      if (retctx)
 		{
 		  getkey_end (*retctx);
@@ -3195,6 +3200,7 @@ finish_lookup (GETKEY_CTX ctx, KBNODE keyblock)
 	      if (DBG_LOOKUP)
 		log_debug ("\tsubkey has expired\n");
 	      continue;
+
 	    }
 	  if (pk->timestamp > curtime && !opt.ignore_valid_from)
 	    {
@@ -3769,6 +3775,8 @@ parse_auto_key_locate (char *options)
 	akl->type = AKL_PKA;
       else if (ascii_strcasecmp (tok, "dane") == 0)
 	akl->type = AKL_DANE;
+      else if (ascii_strcasecmp (tok, "wkd") == 0)
+	akl->type = AKL_WKD;
       else if ((akl->spec = parse_keyserver_uri (tok, 1)))
 	akl->type = AKL_SPEC;
       else