2 * keydb.c - Routines for DB access that just use store/fetch.
4 * Copyright 2002-2004 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
20 * The routines in this file are meant to be used as an initial step when
21 * adding a new db access module. They provide various functions required
22 * of the db access module using only the store and fetch functions. As
23 * they need to parse the actual OpenPGP data to work they are a lot
24 * slower than custom functions however.
30 #include "decodekey.h"
34 #include "keystructs.h"
44 * keyid2uid - Takes a keyid and returns the primary UID for it.
45 * @keyid: The keyid to lookup.
47 char *generic_keyid2uid(struct onak_dbctx *dbctx, uint64_t keyid)
49 struct openpgp_publickey *publickey = NULL;
50 struct openpgp_signedpacket_list *curuid = NULL;
54 if (dbctx->fetch_key_id(dbctx, keyid, &publickey, false) &&
56 curuid = publickey->uids;
57 while (curuid != NULL && buf[0] == 0) {
58 if (curuid->packet->tag == OPENPGP_PACKET_UID) {
59 snprintf(buf, 1023, "%.*s",
60 (int) curuid->packet->length,
61 curuid->packet->data);
63 curuid = curuid -> next;
65 free_publickey(publickey);
76 #ifdef NEED_GETKEYSIGS
78 * getkeysigs - Gets a linked list of the signatures on a key.
79 * @keyid: The keyid to get the sigs for.
80 * @revoked: Is the key revoked?
82 * This function gets the list of signatures on a key. Used for key
83 * indexing and doing stats bits. If revoked is non-NULL then if the key
84 * is revoked it's set to true.
86 struct ll *generic_getkeysigs(struct onak_dbctx *dbctx,
87 uint64_t keyid, bool *revoked)
89 struct ll *sigs = NULL;
90 struct openpgp_signedpacket_list *uids = NULL;
91 struct openpgp_packet_list *cursig;
92 struct openpgp_publickey *publickey = NULL;
94 dbctx->fetch_key_id(dbctx, keyid, &publickey, false);
96 if (publickey != NULL) {
97 for (uids = publickey->uids; uids != NULL; uids = uids->next) {
98 for (cursig = uids->sigs; cursig != NULL;
99 cursig = cursig->next) {
101 createandaddtohash(sig_keyid(
105 if (revoked != NULL) {
106 *revoked = publickey->revoked;
108 free_publickey(publickey);
116 * cached_getkeysigs - Gets the signatures on a key.
117 * @keyid: The key we want the signatures for.
119 * This function gets the signatures on a key. It's the same as the
120 * getkeysigs function above except we use the hash module to cache the
121 * data so if we need it again it's already loaded.
123 struct ll *generic_cached_getkeysigs(struct onak_dbctx *dbctx, uint64_t keyid)
125 struct stats_key *key = NULL;
126 struct stats_key *signedkey = NULL;
127 struct ll *cursig = NULL;
128 struct ll *sigs = NULL;
129 bool revoked = false;
135 key = findinhash(keyid);
137 if (key == NULL || key->gotsigs == false) {
138 sigs = dbctx->getkeysigs(dbctx, keyid, &revoked);
143 key = createandaddtohash(keyid);
146 key->revoked = revoked;
147 for (cursig = key->sigs; cursig != NULL;
148 cursig = cursig->next) {
149 signedkey = (struct stats_key *) cursig->object;
150 signedkey->signs = lladd(signedkey->signs, key);
158 #ifdef NEED_UPDATEKEYS
160 * update_keys - Takes a list of public keys and updates them in the DB.
161 * @keys: The keys to update in the DB.
162 * @blacklist: A keyarray of key fingerprints not to accept.
163 * @updateonly: Only update existing keys, don't add new ones.
164 * @sendsync: Should we send a sync mail to our peers.
166 * Takes a list of keys and adds them to the database, merging them with
167 * the key in the database if it's already present there. The key list is
168 * update to contain the minimum set of updates required to get from what
169 * we had before to what we have now (ie the set of data that was added to
170 * the DB). Returns the number of entirely new keys added.
172 int generic_update_keys(struct onak_dbctx *dbctx,
173 struct openpgp_publickey **keys,
174 struct keyarray *blacklist,
178 struct openpgp_publickey **curkey, *tmp = NULL;
179 struct openpgp_publickey *oldkey = NULL;
180 struct openpgp_fingerprint fp;
181 int newkeys = 0, ret;
185 while (*curkey != NULL) {
186 get_fingerprint((*curkey)->publickey, &fp);
187 if (blacklist && array_find(blacklist, &fp)) {
188 logthing(LOGTHING_INFO, "Ignoring blacklisted key.");
190 *curkey = (*curkey)->next;
196 intrans = dbctx->starttrans(dbctx);
198 ret = dbctx->fetch_key_fp(dbctx, &fp, &oldkey, intrans);
199 if (ret == 0 && updateonly) {
200 logthing(LOGTHING_INFO,
201 "Skipping new key as update only set.");
202 curkey = &(*curkey)->next;
207 * If we already have the key stored in the DB then merge it
208 * with the new one that's been supplied. Otherwise the key
209 * we've just got is the one that goes in the DB and also the
210 * one that we send out.
212 if (oldkey != NULL) {
213 merge_keys(oldkey, *curkey);
214 if ((*curkey)->sigs == NULL &&
215 (*curkey)->uids == NULL &&
216 (*curkey)->subkeys == NULL) {
218 *curkey = (*curkey)->next;
222 logthing(LOGTHING_INFO,
223 "Merged key; storing updated key.");
224 dbctx->store_key(dbctx, oldkey, intrans,
226 curkey = &(*curkey)->next;
228 free_publickey(oldkey);
231 logthing(LOGTHING_INFO,
232 "Storing completely new key.");
233 dbctx->store_key(dbctx, *curkey, intrans, false);
235 curkey = &(*curkey)->next;
238 dbctx->endtrans(dbctx);
241 if (sendsync && keys != NULL && *keys != NULL) {
247 #endif /* NEED_UPDATEKEYS */
250 static int generic_fetch_key_fp(struct onak_dbctx *dbctx,
251 struct openpgp_fingerprint *fingerprint,
252 struct openpgp_publickey **publickey, bool intrans)
257 if (fingerprint->length > MAX_FINGERPRINT_LEN) {
262 * We assume if the backend is using this function it's not storing
263 * anything bigger than the 64 bit key ID and just truncate the
264 * fingerprint to get that value. v4 keys want the lowest 64 bits, v5
265 * keys need the top 64 bits. This doesn't work for v3 keys,
266 * but there's no way to map from v3 fingerprint to v3 key ID so
267 * if the backend can't do it we're going to fail anyway.
269 * We are also assuming they store a single key based on the ID, so
270 * we are implementing fetch_key rather than fetch_key_fp
273 if (fingerprint->length == 20) {
275 for (i = (fingerprint->length - 8); i < fingerprint->length;
277 keyid = (keyid << 8) + fingerprint->fp[i];
281 for (i = 0; i < 8; i++) {
282 keyid = (keyid << 8) + fingerprint->fp[i];
286 return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans);
292 * This fetches a key by fingerprint from the back end, then filters
293 * out what we got back to ensure it's the primary key that matches the
294 * fingerprint, and that only one is returned.
296 static int generic_fetch_key(struct onak_dbctx *dbctx,
297 struct openpgp_fingerprint *fingerprint,
298 struct openpgp_publickey **publickey,
301 struct openpgp_publickey *curkey, **newkey;
302 struct openpgp_publickey *keys;
303 struct openpgp_fingerprint fp;
306 /* Find the last key in the provided set of keys */
307 for (newkey = publickey; *newkey != NULL; newkey = &(*newkey)->next)
311 dbctx->fetch_key_fp(dbctx, fingerprint, &keys, intrans);
314 for (curkey = keys; curkey != NULL; curkey = curkey->next) {
315 if (get_fingerprint(curkey->publickey, &fp) == ONAK_E_OK) {
316 if (fingerprint_cmp(fingerprint, &fp) == 0) {
318 (*newkey)->next = NULL;
324 free_publickey(keys);