X-Git-Url: http://the.earth.li/gitweb/?a=blobdiff_plain;f=keyindex.c;h=3ce87359311a3f71d257875d5d6f69d3c6944954;hb=HEAD;hp=c656bd142e9f7f500965c182bdecb3b6c83d3c6b;hpb=6df51fef2960f533a741fb7290867387ed3fbba5;p=onak.git

diff --git a/keyindex.c b/keyindex.c
index c656bd1..3ce8735 100644
--- a/keyindex.c
+++ b/keyindex.c
@@ -24,7 +24,6 @@
 #include <time.h>
 
 #include "decodekey.h"
-#include "getcgi.h"
 #include "keydb.h"
 #include "keyid.h"
 #include "keyindex.h"
@@ -74,12 +73,93 @@ char pkalgo2char(uint8_t algo)
 	return typech;
 }
 
+/**
+ *	html_escape - Takes a string and converts it to HTML.
+ *	@src: The string to HTMLize.
+ *	@src_len: The length of the source string
+ *	@dst: A buffer to put the escaped string into
+ *	@dst_len: Length of the destination buffer (including a trailing NULL)
+ *
+ *	Takes a string and escapes any HTML entities (<, >, &, ", '). Returns
+ *	dst.
+ */
+const char *html_escape(const char *src, size_t src_len,
+		char *dst, size_t dst_len)
+{
+	size_t in_pos, out_pos;
+
+	dst_len--;
+
+	for (in_pos = 0, out_pos = 0;
+			in_pos < src_len && out_pos < (dst_len - 1);
+			in_pos++, out_pos++) {
+		switch (src[in_pos]) {
+		case '<':
+			if ((out_pos + 4) >= dst_len) {
+				break;
+			}
+			dst[out_pos++] = '&';
+			dst[out_pos++] = 'l';
+			dst[out_pos++] = 't';
+			dst[out_pos] = ';';
+			break;
+		case '>':
+			if ((out_pos + 4) >= dst_len) {
+				break;
+			}
+			dst[out_pos++] = '&';
+			dst[out_pos++] = 'g';
+			dst[out_pos++] = 't';
+			dst[out_pos] = ';';
+			break;
+		case '"':
+			if ((out_pos + 6) >= dst_len) {
+				break;
+			}
+			dst[out_pos++] = '&';
+			dst[out_pos++] = 'q';
+			dst[out_pos++] = 'u';
+			dst[out_pos++] = 'o';
+			dst[out_pos++] = 't';
+			dst[out_pos] = ';';
+			break;
+		case '\'':
+			if ((out_pos + 5) >= dst_len) {
+				break;
+			}
+			dst[out_pos++] = '&';
+			dst[out_pos++] = '#';
+			dst[out_pos++] = '3';
+			dst[out_pos++] = '9';
+			dst[out_pos] = ';';
+			break;
+		case '&':
+			if ((out_pos + 5) >= dst_len) {
+				break;
+			}
+			dst[out_pos++] = '&';
+			dst[out_pos++] = 'a';
+			dst[out_pos++] = 'm';
+			dst[out_pos++] = 'p';
+			dst[out_pos] = ';';
+			break;
+		default:
+			dst[out_pos] = src[in_pos];
+		}
+	}
+	dst[out_pos] = 0;
+
+	return dst;
+}
+
 /*
  * Given a public key/subkey packet return the key length.
  */
 unsigned int keylength(struct openpgp_packet *keydata)
 {
 	unsigned int length;
+	uint8_t keyofs;
+	enum onak_oid oid;
 
 	switch (keydata->data[0]) {
 	case 2:
@@ -88,106 +168,33 @@ unsigned int keylength(struct openpgp_packet *keydata)
 				keydata->data[9];
 		break;
 	case 4:
+	case 5:
+		/* v5 has an additional 4 bytes of key length data */
+		keyofs = (keydata->data[0] == 4) ? 6 : 10;
 		switch (keydata->data[5]) {
 		case OPENPGP_PKALGO_EC:
 		case OPENPGP_PKALGO_ECDSA:
 		case OPENPGP_PKALGO_EDDSA:
 			/* Elliptic curve key size is based on OID */
-			/* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
-			if ((keydata->data[6] == 10) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x06) &&
-					(keydata->data[9] == 0x01) &&
-					(keydata->data[10] == 0x04) &&
-					(keydata->data[11] == 0x01) &&
-					(keydata->data[12] == 0x97) &&
-					(keydata->data[13] == 0x55) &&
-					(keydata->data[14] == 0x01) &&
-					(keydata->data[15] == 0x05) &&
-					(keydata->data[16] == 0x01)) {
+			oid = onak_parse_oid(&keydata->data[keyofs],
+					keydata->length - keyofs);
+			if (oid == ONAK_OID_CURVE25519) {
 				length = 255;
-			/* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
-			} else if ((keydata->data[6] == 9) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x06) &&
-					(keydata->data[9] == 0x01) &&
-					(keydata->data[10] == 0x04) &&
-					(keydata->data[11] == 0x01) &&
-					(keydata->data[12] == 0xDA) &&
-					(keydata->data[13] == 0x47) &&
-					(keydata->data[14] == 0x0F) &&
-					(keydata->data[15] == 0x01)) {
+			} else if (oid == ONAK_OID_ED25519) {
 				length = 255;
-			/* nistp256 / 1.2.840.10045.3.1.7 */
-			} else if ((keydata->data[6] == 8) &&
-					(keydata->data[7] == 0x2A) &&
-					(keydata->data[8] == 0x86) &&
-					(keydata->data[9] == 0x48) &&
-					(keydata->data[10] == 0xCE) &&
-					(keydata->data[11] == 0x3D) &&
-					(keydata->data[12] == 0x03) &&
-					(keydata->data[13] == 0x01) &&
-					(keydata->data[14] == 0x07)) {
+			} else if (oid == ONAK_OID_NISTP256) {
 				length = 256;
-			/* nistp384 / 1.3.132.0.34 */
-			} else if ((keydata->data[6] == 5) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x81) &&
-					(keydata->data[9] == 0x04) &&
-					(keydata->data[10] == 0x00) &&
-					(keydata->data[11] == 0x22)) {
+			} else if (oid == ONAK_OID_NISTP384) {
 				length = 384;
-			/* nistp521 / 1.3.132.0.35 */
-			} else if ((keydata->data[6] == 5) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x81) &&
-					(keydata->data[9] == 0x04) &&
-					(keydata->data[10] == 0x00) &&
-					(keydata->data[11] == 0x23)) {
+			} else if (oid == ONAK_OID_NISTP521) {
 				length = 521;
-			/* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
-			} else if ((keydata->data[6] == 9) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x24) &&
-					(keydata->data[9] == 0x03) &&
-					(keydata->data[10] == 0x03) &&
-					(keydata->data[11] == 0x02) &&
-					(keydata->data[12] == 0x08) &&
-					(keydata->data[13] == 0x01) &&
-					(keydata->data[14] == 0x01) &&
-					(keydata->data[15] == 0x07)) {
+			} else if (oid == ONAK_OID_BRAINPOOLP256R1) {
 				length = 256;
-			/* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
-			} else if ((keydata->data[6] == 9) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x24) &&
-					(keydata->data[9] == 0x03) &&
-					(keydata->data[10] == 0x03) &&
-					(keydata->data[11] == 0x02) &&
-					(keydata->data[12] == 0x08) &&
-					(keydata->data[13] == 0x01) &&
-					(keydata->data[14] == 0x01) &&
-					(keydata->data[15] == 0x0B)) {
+			} else if (oid == ONAK_OID_BRAINPOOLP384R1) {
 				length = 384;
-			/* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
-			} else if ((keydata->data[6] == 9) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x24) &&
-					(keydata->data[9] == 0x03) &&
-					(keydata->data[10] == 0x03) &&
-					(keydata->data[11] == 0x02) &&
-					(keydata->data[12] == 0x08) &&
-					(keydata->data[13] == 0x01) &&
-					(keydata->data[14] == 0x01) &&
-					(keydata->data[15] == 0x0D)) {
+			} else if (oid == ONAK_OID_BRAINPOOLP512R1) {
 				length = 512;
-			/* secp256k1 / 1.3.132.0.10 */
-			} else if ((keydata->data[6] == 5) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x81) &&
-					(keydata->data[9] == 0x04) &&
-					(keydata->data[10] == 0x00) &&
-					(keydata->data[11] == 0x0A)) {
+			} else if (oid == ONAK_OID_SECP256K1) {
 				length = 256;
 			} else {
 				logthing(LOGTHING_ERROR,
@@ -196,8 +203,8 @@ unsigned int keylength(struct openpgp_packet *keydata)
 			}
 			break;
 		default:
-			length = (keydata->data[6] << 8) +
-				keydata->data[7];
+			length = (keydata->data[keyofs] << 8) +
+				keydata->data[keyofs + 1];
 		}
 		break;
 	default:
@@ -215,10 +222,13 @@ int list_sigs(struct onak_dbctx *dbctx,
 	char *uid = NULL;
 	uint64_t sigid = 0;
 	char *sig = NULL;
+	char buf[1024];
 
 	while (sigs != NULL) {
 		sigid = sig_keyid(sigs->packet);
-		uid = dbctx->keyid2uid(dbctx, sigid);
+		if (dbctx) {
+			uid = dbctx->keyid2uid(dbctx, sigid);
+		}
 		if (sigs->packet->data[0] == 4 &&
 				sigs->packet->data[1] == 0x30) {
 			/* It's a Type 4 sig revocation */
@@ -228,25 +238,25 @@ int list_sigs(struct onak_dbctx *dbctx,
 		}
 		if (html && uid != NULL) {
 			printf("%s         <a href=\"lookup?op=get&"
-				"search=0x%016" PRIX64 "\">%08" PRIX64
+				"search=0x%016" PRIX64 "\">0x%016" PRIX64
 				"</a>             "
 				"<a href=\"lookup?op=vindex&search=0x%016"
 				PRIX64 "\">%s</a>\n",
 				sig,
 				sigid,
-				sigid & 0xFFFFFFFF,
 				sigid,
-				txt2html(uid));
+				sigid,
+				html_escape(uid, strlen(uid), buf, sizeof(buf)));
 		} else if (html && uid == NULL) {
-			printf("%s         %08" PRIX64 "             "
+			printf("%s         0x%016" PRIX64 "             "
 				"[User id not found]\n",
 				sig,
-				sigid & 0xFFFFFFFF);
+				sigid);
 		} else {
-			printf("%s         %08" PRIX64
+			printf("%s         0x%016" PRIX64
 				"             %s\n",
 				sig,
-				sigid & 0xFFFFFFFF,
+				sigid,
 				(uid != NULL) ? uid :
 				"[User id not found]");
 		}
@@ -272,8 +282,17 @@ int list_uids(struct onak_dbctx *dbctx,
 			snprintf(buf, 1023, "%.*s",
 				(int) uids->packet->length,
 				uids->packet->data);
-			printf("                                %s\n",
-				(html) ? txt2html(buf) : buf);
+			if (html) {
+				printf("                                %s\n",
+					html_escape((char *) uids->packet->data,
+						uids->packet->length,
+						buf,
+						sizeof(buf)));
+			} else {
+				printf("                                %.*s\n",
+					(int) uids->packet->length,
+					uids->packet->data);
+			}
 		} else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
 			printf("                                ");
 			if (html) {
@@ -300,7 +319,7 @@ int list_subkeys(struct onak_dbctx *dbctx,
 		struct openpgp_signedpacket_list *subkeys, bool verbose,
 		bool html)
 {
-	struct tm	*created = NULL;
+	struct tm	created;
 	time_t		created_time = 0;
 	int	 	type = 0;
 	int	 	length = 0;
@@ -313,7 +332,7 @@ int list_subkeys(struct onak_dbctx *dbctx,
 					(subkeys->packet->data[2] << 16) +
 					(subkeys->packet->data[3] << 8) +
 					subkeys->packet->data[4];
-			created = gmtime(&created_time);
+			gmtime_r(&created_time, &created);
 
 			switch (subkeys->packet->data[0]) {
 			case 2:
@@ -321,11 +340,12 @@ int list_subkeys(struct onak_dbctx *dbctx,
 				type = subkeys->packet->data[7];
 				break;
 			case 4:
+			case 5:
 				type = subkeys->packet->data[5];
 				break;
 			default:
 				logthing(LOGTHING_ERROR,
-					"Unknown key type: %d",
+					"Unknown key version: %d",
 					subkeys->packet->data[0]);
 			}
 			length = keylength(subkeys->packet);
@@ -334,13 +354,13 @@ int list_subkeys(struct onak_dbctx *dbctx,
 					&keyid) != ONAK_E_OK) {
 				logthing(LOGTHING_ERROR, "Couldn't get keyid.");
 			}
-			printf("sub  %5d%c/%08X %04d/%02d/%02d\n",
+			printf("sub  %5d%c/0x%016" PRIX64 " %04d/%02d/%02d\n",
 				length,
 				pkalgo2char(type),
-				(uint32_t) (keyid & 0xFFFFFFFF),
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 
 		}
 		if (verbose) {
@@ -416,13 +436,14 @@ int key_index(struct onak_dbctx *dbctx,
 			bool skshash, bool html)
 {
 	struct openpgp_signedpacket_list	*curuid = NULL;
-	struct tm				*created = NULL;
+	struct tm				 created;
 	time_t					 created_time = 0;
 	int					 type = 0;
 	int					 length = 0;
 	char					 buf[1024];
 	uint64_t				 keyid;
 
+
 	if (html) {
 		puts("<pre>");
 	}
@@ -432,7 +453,7 @@ int key_index(struct onak_dbctx *dbctx,
 					(keys->publickey->data[2] << 16) +
 					(keys->publickey->data[3] << 8) +
 					keys->publickey->data[4];
-		created = gmtime(&created_time);
+		gmtime_r(&created_time, &created);
 
 		switch (keys->publickey->data[0]) {
 		case 2:
@@ -440,10 +461,11 @@ int key_index(struct onak_dbctx *dbctx,
 			type = keys->publickey->data[7];
 			break;
 		case 4:
+		case 5:
 			type = keys->publickey->data[5];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
 		length = keylength(keys->publickey);
@@ -454,40 +476,44 @@ int key_index(struct onak_dbctx *dbctx,
 
 		if (html) {
 			printf("pub  %5d%c/<a href=\"lookup?op=get&"
-				"search=0x%016" PRIX64 "\">%08" PRIX64
+				"search=0x%016" PRIX64 "\">0x%016" PRIX64
 				"</a> %04d/%02d/%02d ",
 				length,
 				pkalgo2char(type),
 				keyid,
-				keyid & 0xFFFFFFFF,
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 		} else {
-			printf("pub  %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+			printf("pub  %5d%c/0x%016" PRIX64 " %04d/%02d/%02d ",
 				length,
 				pkalgo2char(type),
-				keyid & 0xFFFFFFFF,
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 		}
 
 		curuid = keys->uids;
 		if (curuid != NULL &&
 				curuid->packet->tag == OPENPGP_PACKET_UID) {
-			snprintf(buf, 1023, "%.*s",
-				(int) curuid->packet->length,
-				curuid->packet->data);
 			if (html) {
 				printf("<a href=\"lookup?op=vindex&"
-					"search=0x%016" PRIX64 "\">",
-					keyid);
+					"search=0x%016" PRIX64 "\">"
+					"%s</a>%s\n",
+					keyid,
+					html_escape((char *) curuid->packet->data,
+						curuid->packet->length,
+						buf,
+						sizeof(buf)),
+					(keys->revoked) ? " *** REVOKED ***" : "");
+			} else {
+				printf("%.*s%s\n",
+					(int) curuid->packet->length,
+					curuid->packet->data,
+					(keys->revoked) ? " *** REVOKED ***" : "");
 			}
-			printf("%s%s%s\n", 
-				(html) ? txt2html(buf) : buf,
-				(html) ? "</a>" : "",
-				(keys->revoked) ? " *** REVOKED ***" : "");
 			if (skshash) {
 				display_skshash(keys, html);
 			}
@@ -557,6 +583,7 @@ int mrkey_index(struct openpgp_publickey *keys)
 			type = keys->publickey->data[7];
 			break;
 		case 4:
+		case 5:
 			(void) get_fingerprint(keys->publickey, &fingerprint);
 
 			for (i = 0; i < fingerprint.length; i++) {
@@ -566,7 +593,7 @@ int mrkey_index(struct openpgp_publickey *keys)
 			type = keys->publickey->data[5];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
 		length = keylength(keys->publickey);