X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=keyindex.c;h=4883f636cfabdc4f55363a515d906a3a2c783866;hb=add20f8102d4e5a43957b62e59174378a23f4bc2;hp=4ca6a413f02642bd1501af78abc7039f91ba74a3;hpb=8e0907be1d73011075a99a0c029c56664e12843e;p=onak.git

diff --git a/keyindex.c b/keyindex.c
index 4ca6a41..4883f63 100644
--- a/keyindex.c
+++ b/keyindex.c
@@ -13,8 +13,7 @@
  * more details.
  *
  * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <inttypes.h>
@@ -26,14 +25,12 @@
 
 #include "decodekey.h"
 #include "getcgi.h"
-#include "hash.h"
 #include "keydb.h"
 #include "keyid.h"
 #include "keyindex.h"
 #include "keystructs.h"
 #include "log.h"
 #include "onak.h"
-#include "onak-conf.h"
 #include "openpgp.h"
 
 /*
@@ -48,6 +45,7 @@ char pkalgo2char(uint8_t algo)
 		typech = 'D';
 		break;
 	case OPENPGP_PKALGO_ECDSA:
+	case OPENPGP_PKALGO_EDDSA:
 		typech = 'E';
 		break;
 	case OPENPGP_PKALGO_EC:
@@ -82,6 +80,7 @@ char pkalgo2char(uint8_t algo)
 unsigned int keylength(struct openpgp_packet *keydata)
 {
 	unsigned int length;
+	uint8_t keyofs;
 
 	switch (keydata->data[0]) {
 	case 2:
@@ -90,34 +89,110 @@ unsigned int keylength(struct openpgp_packet *keydata)
 				keydata->data[9];
 		break;
 	case 4:
+	case 5:
+		/* v5 has an additional 4 bytes of key length data */
+		keyofs = (keydata->data[0] == 4) ? 6 : 10;
 		switch (keydata->data[5]) {
 		case OPENPGP_PKALGO_EC:
 		case OPENPGP_PKALGO_ECDSA:
+		case OPENPGP_PKALGO_EDDSA:
 			/* Elliptic curve key size is based on OID */
-			if ((keydata->data[6] == 8) &&
-					(keydata->data[7] == 0x2A) &&
-					(keydata->data[8] == 0x86) &&
-					(keydata->data[9] == 0x48) &&
-					(keydata->data[10] == 0xCE) &&
-					(keydata->data[11] == 0x3D) &&
-					(keydata->data[12] == 0x03) &&
-					(keydata->data[13] == 0x01) &&
-					(keydata->data[14] == 0x07)) {
+			/* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
+			if ((keydata->data[keyofs] == 10) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x06) &&
+					(keydata->data[keyofs + 3] == 0x01) &&
+					(keydata->data[keyofs + 4] == 0x04) &&
+					(keydata->data[keyofs + 5] == 0x01) &&
+					(keydata->data[keyofs + 6] == 0x97) &&
+					(keydata->data[keyofs + 7] == 0x55) &&
+					(keydata->data[keyofs + 8] == 0x01) &&
+					(keydata->data[keyofs + 9] == 0x05) &&
+					(keydata->data[keyofs + 10] == 0x01)) {
+				length = 255;
+			/* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
+			} else if ((keydata->data[keyofs] == 9) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x06) &&
+					(keydata->data[keyofs + 3] == 0x01) &&
+					(keydata->data[keyofs + 4] == 0x04) &&
+					(keydata->data[keyofs + 5] == 0x01) &&
+					(keydata->data[keyofs + 6] == 0xDA) &&
+					(keydata->data[keyofs + 7] == 0x47) &&
+					(keydata->data[keyofs + 8] == 0x0F) &&
+					(keydata->data[keyofs + 9] == 0x01)) {
+				length = 255;
+			/* nistp256 / 1.2.840.10045.3.1.7 */
+			} else if ((keydata->data[keyofs] == 8) &&
+					(keydata->data[keyofs + 1] == 0x2A) &&
+					(keydata->data[keyofs + 2] == 0x86) &&
+					(keydata->data[keyofs + 3] == 0x48) &&
+					(keydata->data[keyofs + 4] == 0xCE) &&
+					(keydata->data[keyofs + 5] == 0x3D) &&
+					(keydata->data[keyofs + 6] == 0x03) &&
+					(keydata->data[keyofs + 7] == 0x01) &&
+					(keydata->data[keyofs + 8] == 0x07)) {
 				length = 256;
-			} else if ((keydata->data[6] == 5) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x81) &&
-					(keydata->data[9] == 0x04) &&
-					(keydata->data[10] == 0x00) &&
-					(keydata->data[11] == 0x22)) {
+			/* nistp384 / 1.3.132.0.34 */
+			} else if ((keydata->data[keyofs] == 5) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x81) &&
+					(keydata->data[keyofs + 3] == 0x04) &&
+					(keydata->data[keyofs + 4] == 0x00) &&
+					(keydata->data[keyofs + 5] == 0x22)) {
 				length = 384;
-			} else if ((keydata->data[6] == 5) &&
-					(keydata->data[7] == 0x2B) &&
-					(keydata->data[8] == 0x81) &&
-					(keydata->data[9] == 0x04) &&
-					(keydata->data[10] == 0x00) &&
-					(keydata->data[11] == 0x23)) {
+			/* nistp521 / 1.3.132.0.35 */
+			} else if ((keydata->data[keyofs] == 5) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x81) &&
+					(keydata->data[keyofs + 3] == 0x04) &&
+					(keydata->data[keyofs + 4] == 0x00) &&
+					(keydata->data[keyofs + 5] == 0x23)) {
 				length = 521;
+			/* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
+			} else if ((keydata->data[keyofs] == 9) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x24) &&
+					(keydata->data[keyofs + 3] == 0x03) &&
+					(keydata->data[keyofs + 4] == 0x03) &&
+					(keydata->data[keyofs + 5] == 0x02) &&
+					(keydata->data[keyofs + 6] == 0x08) &&
+					(keydata->data[keyofs + 7] == 0x01) &&
+					(keydata->data[keyofs + 8] == 0x01) &&
+					(keydata->data[keyofs + 9] == 0x07)) {
+				length = 256;
+			/* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
+			} else if ((keydata->data[keyofs] == 9) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x24) &&
+					(keydata->data[keyofs + 3] == 0x03) &&
+					(keydata->data[keyofs + 4] == 0x03) &&
+					(keydata->data[keyofs + 5] == 0x02) &&
+					(keydata->data[keyofs + 6] == 0x08) &&
+					(keydata->data[keyofs + 7] == 0x01) &&
+					(keydata->data[keyofs + 8] == 0x01) &&
+					(keydata->data[keyofs + 9] == 0x0B)) {
+				length = 384;
+			/* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
+			} else if ((keydata->data[keyofs] == 9) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x24) &&
+					(keydata->data[keyofs + 3] == 0x03) &&
+					(keydata->data[keyofs + 4] == 0x03) &&
+					(keydata->data[keyofs + 5] == 0x02) &&
+					(keydata->data[keyofs + 6] == 0x08) &&
+					(keydata->data[keyofs + 7] == 0x01) &&
+					(keydata->data[keyofs + 8] == 0x01) &&
+					(keydata->data[keyofs + 9] == 0x0D)) {
+				length = 512;
+			/* secp256k1 / 1.3.132.0.10 */
+			} else if ((keydata->data[keyofs] == 5) &&
+					(keydata->data[keyofs + 1] == 0x2B) &&
+					(keydata->data[keyofs + 2] == 0x81) &&
+					(keydata->data[keyofs + 3] == 0x04) &&
+					(keydata->data[keyofs + 4] == 0x00) &&
+					(keydata->data[keyofs + 5] == 0x0A)) {
+				length = 256;
 			} else {
 				logthing(LOGTHING_ERROR,
 					"Unknown elliptic curve size");
@@ -125,8 +200,8 @@ unsigned int keylength(struct openpgp_packet *keydata)
 			}
 			break;
 		default:
-			length = (keydata->data[6] << 8) +
-				keydata->data[7];
+			length = (keydata->data[keyofs] << 8) +
+				keydata->data[keyofs + 1];
 		}
 		break;
 	default:
@@ -147,7 +222,9 @@ int list_sigs(struct onak_dbctx *dbctx,
 
 	while (sigs != NULL) {
 		sigid = sig_keyid(sigs->packet);
-		uid = dbctx->keyid2uid(dbctx, sigid);
+		if (dbctx) {
+			uid = dbctx->keyid2uid(dbctx, sigid);
+		}
 		if (sigs->packet->data[0] == 4 &&
 				sigs->packet->data[1] == 0x30) {
 			/* It's a Type 4 sig revocation */
@@ -250,11 +327,12 @@ int list_subkeys(struct onak_dbctx *dbctx,
 				type = subkeys->packet->data[7];
 				break;
 			case 4:
+			case 5:
 				type = subkeys->packet->data[5];
 				break;
 			default:
 				logthing(LOGTHING_ERROR,
-					"Unknown key type: %d",
+					"Unknown key version: %d",
 					subkeys->packet->data[0]);
 			}
 			length = keylength(subkeys->packet);
@@ -284,21 +362,21 @@ int list_subkeys(struct onak_dbctx *dbctx,
 void display_fingerprint(struct openpgp_publickey *key)
 {
 	int		i = 0;
-	size_t		length = 0;
-	unsigned char	fp[20];
+	struct openpgp_fingerprint fingerprint;
 
-	get_fingerprint(key->publickey, fp, &length);
+	get_fingerprint(key->publickey, &fingerprint);
 	printf("      Key fingerprint =");
-	for (i = 0; i < length; i++) {
-		if ((length == 16) ||
+	for (i = 0; i < fingerprint.length; i++) {
+		if ((fingerprint.length == 16) ||
 			(i % 2 == 0)) {
 			printf(" ");
 		}
-		if (length == 20 && (i * 2) == length) {
+		if (fingerprint.length == 20 &&
+				(i * 2) == fingerprint.length) {
 			/* Extra space in the middle of a SHA1 fingerprint */
 			printf(" ");
 		}
-		printf("%02X", fp[i]);
+		printf("%02X", fingerprint.fp[i]);
 	}
 	printf("\n");
 
@@ -369,10 +447,11 @@ int key_index(struct onak_dbctx *dbctx,
 			type = keys->publickey->data[7];
 			break;
 		case 4:
+		case 5:
 			type = keys->publickey->data[5];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
 		length = keylength(keys->publickey);
@@ -464,10 +543,9 @@ int mrkey_index(struct openpgp_publickey *keys)
 	int					 type = 0;
 	int					 length = 0;
 	int					 i = 0;
-	size_t					 fplength = 0;
-	unsigned char				 fp[20];
 	int					 c;
 	uint64_t				 keyid;
+	struct openpgp_fingerprint fingerprint;
 
 	while (keys != NULL) {
 		created_time = (keys->publickey->data[1] << 24) +
@@ -487,16 +565,17 @@ int mrkey_index(struct openpgp_publickey *keys)
 			type = keys->publickey->data[7];
 			break;
 		case 4:
-			(void) get_fingerprint(keys->publickey, fp, &fplength);
+		case 5:
+			(void) get_fingerprint(keys->publickey, &fingerprint);
 
-			for (i = 0; i < fplength; i++) {
-				printf("%02X", fp[i]);
+			for (i = 0; i < fingerprint.length; i++) {
+				printf("%02X", fingerprint.fp[i]);
 			}
 
 			type = keys->publickey->data[5];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
 		length = keylength(keys->publickey);