2 * keydb_hkp.c - Routines to store and fetch keys from another keyserver.
4 * Copyright 2013 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program; if not, write to the Free Software Foundation, Inc., 51
17 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24 #include <curl/curl.h>
27 #include "charfuncs.h"
29 #include "keystructs.h"
32 #include "onak-conf.h"
36 static CURL *curl = NULL;
38 static char hkpbase[1024];
40 static int hkp_parse_url(const char *url)
42 char proto[6], host[256];
47 proto[0] = host[0] = 0;
50 matched = sscanf(url, "%5[a-z]://%256[a-zA-Z0-9.]:%u", proto, host,
54 matched = sscanf(url, "%256[a-zA-Z0-9.]:%u", host, &port);
58 logthing(LOGTHING_CRITICAL, "Couldn't parse HKP host: %s",
64 if (proto[0] == 0 || !strcmp(proto, "hkp")) {
68 snprintf(hkpbase, sizeof(hkpbase),
69 "http://%s:%u/pks", host, port);
70 } else if (!strcmp(proto, "hkps")) {
74 snprintf(hkpbase, sizeof(hkpbase),
75 "https://%s:%u/pks", host, port);
76 } else if (strcmp(proto, "http") && strcmp(proto, "https")) {
77 logthing(LOGTHING_CRITICAL, "Unknown HKP protocol: %s",
81 } else if (port == 0) {
82 snprintf(hkpbase, sizeof(hkpbase),
83 "%s://%s/pks", proto, host);
85 snprintf(hkpbase, sizeof(hkpbase),
86 "%s://%s:%u/pks", proto, host, port);
94 * cleanupdb - De-initialize the key database.
96 * We cleanup CURL here.
98 static void hkp_cleanupdb(void)
101 curl_easy_cleanup(curl);
104 curl_global_cleanup();
108 * initdb - Initialize the key database.
110 * We initialize CURL here.
112 static void hkp_initdb(bool readonly)
114 curl_version_info_data *curl_info;
116 if (!hkp_parse_url(config.db_dir)) {
119 curl_global_init(CURL_GLOBAL_DEFAULT);
120 curl = curl_easy_init();
122 logthing(LOGTHING_CRITICAL, "Could not initialize CURL.");
125 curl_easy_setopt(curl, CURLOPT_USERAGENT, "onak/" ONAK_VERSION);
127 if (strncmp(hkpbase, "https://", 8) == 0) {
128 curl_info = curl_version_info(CURLVERSION_NOW);
129 if (! (curl_info->features & CURL_VERSION_SSL)) {
130 logthing(LOGTHING_CRITICAL,
131 "CURL lacks SSL support; cannot use HKP url: %s",
140 * Receive data from a CURL request and process it into a buffer context.
142 static size_t hkp_curl_recv_data(void *buffer, size_t size, size_t nmemb,
145 buffer_putchar(ctx, nmemb * size, buffer);
147 return (nmemb * size);
151 * fetch_key - Given a keyid fetch the key from storage.
152 * @keyid: The keyid to fetch.
153 * @publickey: A pointer to a structure to return the key in.
154 * @intrans: If we're already in a transaction.
156 * We use the hex representation of the keyid as the filename to fetch the
157 * key from. The key is stored in the file as a binary OpenPGP stream of
158 * packets, so we can just use read_openpgp_stream() to read the packets
159 * in and then parse_keys() to parse the packets into a publickey
162 static int hkp_fetch_key(uint64_t keyid, struct openpgp_publickey **publickey,
165 struct openpgp_packet_list *packets = NULL;
168 struct buffer_ctx buf;
172 buf.buffer = malloc(8192);
174 snprintf(keyurl, sizeof(keyurl),
175 "%s/lookup?op=get&search=0x%08" PRIX64,
178 curl_easy_setopt(curl, CURLOPT_URL, keyurl);
179 curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
181 curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
182 res = curl_easy_perform(curl);
186 dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets);
187 parse_keys(packets, publickey);
188 free_packet_list(packets);
191 logthing(LOGTHING_ERROR, "Couldn't find key: %s (%d)",
192 curl_easy_strerror(res), res);
196 buf.offset = buf.size = 0;
199 return (res == 0) ? 1 : 0;
203 * fetch_key_text - Tries to find the keys that contain the supplied text.
204 * @search: The text to search for.
205 * @publickey: A pointer to a structure to return the key in.
207 * This function searches for the supplied text and returns the keys that
210 * TODO: Write for flat file access. Some sort of grep?
212 static int hkp_fetch_key_text(const char *search,
213 struct openpgp_publickey **publickey)
215 struct openpgp_packet_list *packets = NULL;
218 struct buffer_ctx buf;
223 buf.buffer = malloc(8192);
225 snprintf(keyurl, sizeof(keyurl),
226 "%s/lookup?op=get&search=%s",
229 curl_easy_setopt(curl, CURLOPT_URL, keyurl);
230 curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
232 curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
233 res = curl_easy_perform(curl);
237 dearmor_openpgp_stream(buffer_fetchchar, &buf, &packets);
238 count = parse_keys(packets, publickey);
239 free_packet_list(packets);
242 logthing(LOGTHING_ERROR, "Couldn't find key: %s (%d)",
243 curl_easy_strerror(res), res);
247 buf.offset = buf.size = 0;
254 * store_key - Takes a key and stores it.
255 * @publickey: A pointer to the public key to store.
256 * @intrans: If we're already in a transaction.
257 * @update: If true the key exists and should be updated.
260 static int hkp_store_key(struct openpgp_publickey *publickey, bool intrans,
263 struct openpgp_packet_list *packets = NULL;
264 struct openpgp_packet_list *list_end = NULL;
267 struct buffer_ctx buf;
272 buf.buffer = malloc(8192);
273 buf.offset = snprintf(buf.buffer, buf.size, "keytextz");
275 flatten_publickey(publickey, &packets, &list_end);
276 armor_openpgp_stream(buffer_putchar, &buf, packets);
277 addform = curl_easy_escape(curl, buf.buffer, buf.offset);
280 snprintf(keyurl, sizeof(keyurl), "%s/add", hkpbase);
282 curl_easy_setopt(curl, CURLOPT_URL, keyurl);
283 curl_easy_setopt(curl, CURLOPT_POSTFIELDS, addform);
284 curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION,
287 curl_easy_setopt(curl, CURLOPT_WRITEDATA, &buf);
288 res = curl_easy_perform(curl);
291 logthing(LOGTHING_ERROR, "Couldn't send key: %s (%d)",
292 curl_easy_strerror(res), res);
297 /* TODO: buf has any response text we might want to parse. */
299 buf.offset = buf.size = 0;
302 return (res == 0) ? 1 : 0;
306 * delete_key - Given a keyid delete the key from storage.
307 * @keyid: The keyid to delete.
308 * @intrans: If we're already in a transaction.
312 static int hkp_delete_key(uint64_t keyid, bool intrans)
318 * iterate_keys - call a function once for each key in the db.
319 * @iterfunc: The function to call.
320 * @ctx: A context pointer
322 * Not applicable for HKP backend.
324 static int hkp_iterate_keys(void (*iterfunc)(void *ctx,
325 struct openpgp_publickey *key), void *ctx)
331 * starttrans - Start a transaction.
333 * This is just a no-op for HKP access.
335 static bool hkp_starttrans(void)
341 * endtrans - End a transaction.
343 * This is just a no-op for HKP access.
345 static void hkp_endtrans(void)
351 * Include the basic keydb routines.
353 #define NEED_KEYID2UID 1
354 #define NEED_GETKEYSIGS 1
355 #define NEED_GETFULLKEYID 1
356 #define NEED_UPDATEKEYS 1
359 struct dbfuncs keydb_hkp_funcs = {
360 .initdb = hkp_initdb,
361 .cleanupdb = hkp_cleanupdb,
362 .starttrans = hkp_starttrans,
363 .endtrans = hkp_endtrans,
364 .fetch_key = hkp_fetch_key,
365 .fetch_key_text = hkp_fetch_key_text,
366 .store_key = hkp_store_key,
367 .update_keys = generic_update_keys,
368 .delete_key = hkp_delete_key,
369 .getkeysigs = generic_getkeysigs,
370 .cached_getkeysigs = generic_cached_getkeysigs,
371 .keyid2uid = generic_keyid2uid,
372 .getfullkeyid = generic_getfullkeyid,
373 .iterate_keys = hkp_iterate_keys,