* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see <https://www.gnu.org/licenses/>.
*/
#include <inttypes.h>
#include <time.h>
#include "decodekey.h"
-#include "getcgi.h"
-#include "hash.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
#include "keystructs.h"
#include "log.h"
#include "onak.h"
-#include "onak-conf.h"
#include "openpgp.h"
/*
return typech;
}
+/**
+ * html_escape - Takes a string and converts it to HTML.
+ * @src: The string to HTMLize.
+ * @src_len: The length of the source string
+ * @dst: A buffer to put the escaped string into
+ * @dst_len: Length of the destination buffer (including a trailing NULL)
+ *
+ * Takes a string and escapes any HTML entities (<, >, &, ", '). Returns
+ * dst.
+ */
+const char *html_escape(const char *src, size_t src_len,
+ char *dst, size_t dst_len)
+{
+ size_t in_pos, out_pos;
+
+ dst_len--;
+
+ for (in_pos = 0, out_pos = 0;
+ in_pos < src_len && out_pos < (dst_len - 1);
+ in_pos++, out_pos++) {
+ switch (src[in_pos]) {
+ case '<':
+ if ((out_pos + 4) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'l';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '>':
+ if ((out_pos + 4) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'g';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '"':
+ if ((out_pos + 6) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'q';
+ dst[out_pos++] = 'u';
+ dst[out_pos++] = 'o';
+ dst[out_pos++] = 't';
+ dst[out_pos] = ';';
+ break;
+ case '\'':
+ if ((out_pos + 5) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = '#';
+ dst[out_pos++] = '3';
+ dst[out_pos++] = '9';
+ dst[out_pos] = ';';
+ break;
+ case '&':
+ if ((out_pos + 5) >= dst_len) {
+ break;
+ }
+ dst[out_pos++] = '&';
+ dst[out_pos++] = 'a';
+ dst[out_pos++] = 'm';
+ dst[out_pos++] = 'p';
+ dst[out_pos] = ';';
+ break;
+ default:
+ dst[out_pos] = src[in_pos];
+ }
+ }
+ dst[out_pos] = 0;
+
+ return dst;
+}
+
/*
* Given a public key/subkey packet return the key length.
*/
unsigned int keylength(struct openpgp_packet *keydata)
{
unsigned int length;
+ uint8_t keyofs;
+ enum onak_oid oid;
switch (keydata->data[0]) {
case 2:
keydata->data[9];
break;
case 4:
+ case 5:
+ /* v5 has an additional 4 bytes of key length data */
+ keyofs = (keydata->data[0] == 4) ? 6 : 10;
switch (keydata->data[5]) {
case OPENPGP_PKALGO_EC:
case OPENPGP_PKALGO_ECDSA:
case OPENPGP_PKALGO_EDDSA:
/* Elliptic curve key size is based on OID */
- /* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
- if ((keydata->data[6] == 10) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x06) &&
- (keydata->data[9] == 0x01) &&
- (keydata->data[10] == 0x04) &&
- (keydata->data[11] == 0x01) &&
- (keydata->data[12] == 0x97) &&
- (keydata->data[13] == 0x55) &&
- (keydata->data[14] == 0x01) &&
- (keydata->data[15] == 0x05) &&
- (keydata->data[16] == 0x01)) {
+ oid = onak_parse_oid(&keydata->data[keyofs],
+ keydata->length - keyofs);
+ if (oid == ONAK_OID_CURVE25519) {
length = 255;
- /* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
- } else if ((keydata->data[6] == 9) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x06) &&
- (keydata->data[9] == 0x01) &&
- (keydata->data[10] == 0x04) &&
- (keydata->data[11] == 0x01) &&
- (keydata->data[12] == 0xDA) &&
- (keydata->data[13] == 0x47) &&
- (keydata->data[14] == 0x0F) &&
- (keydata->data[15] == 0x01)) {
+ } else if (oid == ONAK_OID_ED25519) {
length = 255;
- /* nistp256 / 1.2.840.10045.3.1.7 */
- } else if ((keydata->data[6] == 8) &&
- (keydata->data[7] == 0x2A) &&
- (keydata->data[8] == 0x86) &&
- (keydata->data[9] == 0x48) &&
- (keydata->data[10] == 0xCE) &&
- (keydata->data[11] == 0x3D) &&
- (keydata->data[12] == 0x03) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x07)) {
+ } else if (oid == ONAK_OID_NISTP256) {
length = 256;
- /* nistp384 / 1.3.132.0.34 */
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x22)) {
+ } else if (oid == ONAK_OID_NISTP384) {
length = 384;
- /* nistp521 / 1.3.132.0.35 */
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x23)) {
+ } else if (oid == ONAK_OID_NISTP521) {
length = 521;
- /* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
- } else if ((keydata->data[6] == 9) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x24) &&
- (keydata->data[9] == 0x03) &&
- (keydata->data[10] == 0x03) &&
- (keydata->data[11] == 0x02) &&
- (keydata->data[12] == 0x08) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x01) &&
- (keydata->data[15] == 0x07)) {
+ } else if (oid == ONAK_OID_BRAINPOOLP256R1) {
length = 256;
- /* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
- } else if ((keydata->data[6] == 9) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x24) &&
- (keydata->data[9] == 0x03) &&
- (keydata->data[10] == 0x03) &&
- (keydata->data[11] == 0x02) &&
- (keydata->data[12] == 0x08) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x01) &&
- (keydata->data[15] == 0x0B)) {
+ } else if (oid == ONAK_OID_BRAINPOOLP384R1) {
length = 384;
- /* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
- } else if ((keydata->data[6] == 9) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x24) &&
- (keydata->data[9] == 0x03) &&
- (keydata->data[10] == 0x03) &&
- (keydata->data[11] == 0x02) &&
- (keydata->data[12] == 0x08) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x01) &&
- (keydata->data[15] == 0x0D)) {
+ } else if (oid == ONAK_OID_BRAINPOOLP512R1) {
length = 512;
- /* secp256k1 / 1.3.132.0.10 */
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x0A)) {
+ } else if (oid == ONAK_OID_SECP256K1) {
length = 256;
} else {
logthing(LOGTHING_ERROR,
}
break;
default:
- length = (keydata->data[6] << 8) +
- keydata->data[7];
+ length = (keydata->data[keyofs] << 8) +
+ keydata->data[keyofs + 1];
}
break;
default:
char *uid = NULL;
uint64_t sigid = 0;
char *sig = NULL;
+ char buf[1024];
while (sigs != NULL) {
sigid = sig_keyid(sigs->packet);
- uid = dbctx->keyid2uid(dbctx, sigid);
+ if (dbctx) {
+ uid = dbctx->keyid2uid(dbctx, sigid);
+ }
if (sigs->packet->data[0] == 4 &&
sigs->packet->data[1] == 0x30) {
/* It's a Type 4 sig revocation */
}
if (html && uid != NULL) {
printf("%s <a href=\"lookup?op=get&"
- "search=0x%016" PRIX64 "\">%08" PRIX64
+ "search=0x%016" PRIX64 "\">0x%016" PRIX64
"</a> "
"<a href=\"lookup?op=vindex&search=0x%016"
PRIX64 "\">%s</a>\n",
sig,
sigid,
- sigid & 0xFFFFFFFF,
sigid,
- txt2html(uid));
+ sigid,
+ html_escape(uid, strlen(uid), buf, sizeof(buf)));
} else if (html && uid == NULL) {
- printf("%s %08" PRIX64 " "
+ printf("%s 0x%016" PRIX64 " "
"[User id not found]\n",
sig,
- sigid & 0xFFFFFFFF);
+ sigid);
} else {
- printf("%s %08" PRIX64
+ printf("%s 0x%016" PRIX64
" %s\n",
sig,
- sigid & 0xFFFFFFFF,
+ sigid,
(uid != NULL) ? uid :
"[User id not found]");
}
snprintf(buf, 1023, "%.*s",
(int) uids->packet->length,
uids->packet->data);
- printf(" %s\n",
- (html) ? txt2html(buf) : buf);
+ if (html) {
+ printf(" %s\n",
+ html_escape((char *) uids->packet->data,
+ uids->packet->length,
+ buf,
+ sizeof(buf)));
+ } else {
+ printf(" %.*s\n",
+ (int) uids->packet->length,
+ uids->packet->data);
+ }
} else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
printf(" ");
if (html) {
struct openpgp_signedpacket_list *subkeys, bool verbose,
bool html)
{
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
(subkeys->packet->data[2] << 16) +
(subkeys->packet->data[3] << 8) +
subkeys->packet->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (subkeys->packet->data[0]) {
case 2:
type = subkeys->packet->data[7];
break;
case 4:
+ case 5:
type = subkeys->packet->data[5];
break;
default:
logthing(LOGTHING_ERROR,
- "Unknown key type: %d",
+ "Unknown key version: %d",
subkeys->packet->data[0]);
}
length = keylength(subkeys->packet);
&keyid) != ONAK_E_OK) {
logthing(LOGTHING_ERROR, "Couldn't get keyid.");
}
- printf("sub %5d%c/%08X %04d/%02d/%02d\n",
+ printf("sub %5d%c/0x%016" PRIX64 " %04d/%02d/%02d\n",
length,
pkalgo2char(type),
- (uint32_t) (keyid & 0xFFFFFFFF),
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
if (verbose) {
bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
char buf[1024];
uint64_t keyid;
+
if (html) {
puts("<pre>");
}
(keys->publickey->data[2] << 16) +
(keys->publickey->data[3] << 8) +
keys->publickey->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (keys->publickey->data[0]) {
case 2:
type = keys->publickey->data[7];
break;
case 4:
+ case 5:
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);
if (html) {
printf("pub %5d%c/<a href=\"lookup?op=get&"
- "search=0x%016" PRIX64 "\">%08" PRIX64
+ "search=0x%016" PRIX64 "\">0x%016" PRIX64
"</a> %04d/%02d/%02d ",
length,
pkalgo2char(type),
keyid,
- keyid & 0xFFFFFFFF,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
} else {
- printf("pub %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+ printf("pub %5d%c/0x%016" PRIX64 " %04d/%02d/%02d ",
length,
pkalgo2char(type),
- keyid & 0xFFFFFFFF,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
curuid = keys->uids;
if (curuid != NULL &&
curuid->packet->tag == OPENPGP_PACKET_UID) {
- snprintf(buf, 1023, "%.*s",
- (int) curuid->packet->length,
- curuid->packet->data);
if (html) {
printf("<a href=\"lookup?op=vindex&"
- "search=0x%016" PRIX64 "\">",
- keyid);
+ "search=0x%016" PRIX64 "\">"
+ "%s</a>%s\n",
+ keyid,
+ html_escape((char *) curuid->packet->data,
+ curuid->packet->length,
+ buf,
+ sizeof(buf)),
+ (keys->revoked) ? " *** REVOKED ***" : "");
+ } else {
+ printf("%.*s%s\n",
+ (int) curuid->packet->length,
+ curuid->packet->data,
+ (keys->revoked) ? " *** REVOKED ***" : "");
}
- printf("%s%s%s\n",
- (html) ? txt2html(buf) : buf,
- (html) ? "</a>" : "",
- (keys->revoked) ? " *** REVOKED ***" : "");
if (skshash) {
display_skshash(keys, html);
}
type = keys->publickey->data[7];
break;
case 4:
+ case 5:
(void) get_fingerprint(keys->publickey, &fingerprint);
for (i = 0; i < fingerprint.length; i++) {
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);