X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=keyindex.c;h=94f52f7e25c705d3644da6545c997092f529be3a;hb=85187675424f3854869f1607afd8a1e84e536946;hp=f3c36aafbf3527408894357ce80c1c7f6ecc2bd0;hpb=f8e9e43f90418ec6c8b5768a7981cbdabb64b198;p=onak.git
diff --git a/keyindex.c b/keyindex.c
index f3c36aa..94f52f7 100644
--- a/keyindex.c
+++ b/keyindex.c
@@ -13,8 +13,7 @@
* more details.
*
* You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ * this program. If not, see .
*/
#include
@@ -26,14 +25,12 @@
#include "decodekey.h"
#include "getcgi.h"
-#include "hash.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
#include "keystructs.h"
#include "log.h"
#include "onak.h"
-#include "onak-conf.h"
#include "openpgp.h"
/*
@@ -48,6 +45,7 @@ char pkalgo2char(uint8_t algo)
typech = 'D';
break;
case OPENPGP_PKALGO_ECDSA:
+ case OPENPGP_PKALGO_EDDSA:
typech = 'E';
break;
case OPENPGP_PKALGO_EC:
@@ -82,6 +80,7 @@ char pkalgo2char(uint8_t algo)
unsigned int keylength(struct openpgp_packet *keydata)
{
unsigned int length;
+ uint8_t keyofs;
switch (keydata->data[0]) {
case 2:
@@ -90,34 +89,110 @@ unsigned int keylength(struct openpgp_packet *keydata)
keydata->data[9];
break;
case 4:
+ case 5:
+ /* v5 has an additional 4 bytes of key length data */
+ keyofs = (keydata->data[0] == 4) ? 6 : 10;
switch (keydata->data[5]) {
case OPENPGP_PKALGO_EC:
case OPENPGP_PKALGO_ECDSA:
+ case OPENPGP_PKALGO_EDDSA:
/* Elliptic curve key size is based on OID */
- if ((keydata->data[6] == 8) &&
- (keydata->data[7] == 0x2A) &&
- (keydata->data[8] == 0x86) &&
- (keydata->data[9] == 0x48) &&
- (keydata->data[10] == 0xCE) &&
- (keydata->data[11] == 0x3D) &&
- (keydata->data[12] == 0x03) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x07)) {
+ /* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
+ if ((keydata->data[keyofs] == 10) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x06) &&
+ (keydata->data[keyofs + 3] == 0x01) &&
+ (keydata->data[keyofs + 4] == 0x04) &&
+ (keydata->data[keyofs + 5] == 0x01) &&
+ (keydata->data[keyofs + 6] == 0x97) &&
+ (keydata->data[keyofs + 7] == 0x55) &&
+ (keydata->data[keyofs + 8] == 0x01) &&
+ (keydata->data[keyofs + 9] == 0x05) &&
+ (keydata->data[keyofs + 10] == 0x01)) {
+ length = 255;
+ /* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
+ } else if ((keydata->data[keyofs] == 9) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x06) &&
+ (keydata->data[keyofs + 3] == 0x01) &&
+ (keydata->data[keyofs + 4] == 0x04) &&
+ (keydata->data[keyofs + 5] == 0x01) &&
+ (keydata->data[keyofs + 6] == 0xDA) &&
+ (keydata->data[keyofs + 7] == 0x47) &&
+ (keydata->data[keyofs + 8] == 0x0F) &&
+ (keydata->data[keyofs + 9] == 0x01)) {
+ length = 255;
+ /* nistp256 / 1.2.840.10045.3.1.7 */
+ } else if ((keydata->data[keyofs] == 8) &&
+ (keydata->data[keyofs + 1] == 0x2A) &&
+ (keydata->data[keyofs + 2] == 0x86) &&
+ (keydata->data[keyofs + 3] == 0x48) &&
+ (keydata->data[keyofs + 4] == 0xCE) &&
+ (keydata->data[keyofs + 5] == 0x3D) &&
+ (keydata->data[keyofs + 6] == 0x03) &&
+ (keydata->data[keyofs + 7] == 0x01) &&
+ (keydata->data[keyofs + 8] == 0x07)) {
length = 256;
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x22)) {
+ /* nistp384 / 1.3.132.0.34 */
+ } else if ((keydata->data[keyofs] == 5) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x81) &&
+ (keydata->data[keyofs + 3] == 0x04) &&
+ (keydata->data[keyofs + 4] == 0x00) &&
+ (keydata->data[keyofs + 5] == 0x22)) {
length = 384;
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x23)) {
+ /* nistp521 / 1.3.132.0.35 */
+ } else if ((keydata->data[keyofs] == 5) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x81) &&
+ (keydata->data[keyofs + 3] == 0x04) &&
+ (keydata->data[keyofs + 4] == 0x00) &&
+ (keydata->data[keyofs + 5] == 0x23)) {
length = 521;
+ /* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
+ } else if ((keydata->data[keyofs] == 9) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x24) &&
+ (keydata->data[keyofs + 3] == 0x03) &&
+ (keydata->data[keyofs + 4] == 0x03) &&
+ (keydata->data[keyofs + 5] == 0x02) &&
+ (keydata->data[keyofs + 6] == 0x08) &&
+ (keydata->data[keyofs + 7] == 0x01) &&
+ (keydata->data[keyofs + 8] == 0x01) &&
+ (keydata->data[keyofs + 9] == 0x07)) {
+ length = 256;
+ /* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
+ } else if ((keydata->data[keyofs] == 9) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x24) &&
+ (keydata->data[keyofs + 3] == 0x03) &&
+ (keydata->data[keyofs + 4] == 0x03) &&
+ (keydata->data[keyofs + 5] == 0x02) &&
+ (keydata->data[keyofs + 6] == 0x08) &&
+ (keydata->data[keyofs + 7] == 0x01) &&
+ (keydata->data[keyofs + 8] == 0x01) &&
+ (keydata->data[keyofs + 9] == 0x0B)) {
+ length = 384;
+ /* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
+ } else if ((keydata->data[keyofs] == 9) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x24) &&
+ (keydata->data[keyofs + 3] == 0x03) &&
+ (keydata->data[keyofs + 4] == 0x03) &&
+ (keydata->data[keyofs + 5] == 0x02) &&
+ (keydata->data[keyofs + 6] == 0x08) &&
+ (keydata->data[keyofs + 7] == 0x01) &&
+ (keydata->data[keyofs + 8] == 0x01) &&
+ (keydata->data[keyofs + 9] == 0x0D)) {
+ length = 512;
+ /* secp256k1 / 1.3.132.0.10 */
+ } else if ((keydata->data[keyofs] == 5) &&
+ (keydata->data[keyofs + 1] == 0x2B) &&
+ (keydata->data[keyofs + 2] == 0x81) &&
+ (keydata->data[keyofs + 3] == 0x04) &&
+ (keydata->data[keyofs + 4] == 0x00) &&
+ (keydata->data[keyofs + 5] == 0x0A)) {
+ length = 256;
} else {
logthing(LOGTHING_ERROR,
"Unknown elliptic curve size");
@@ -125,8 +200,8 @@ unsigned int keylength(struct openpgp_packet *keydata)
}
break;
default:
- length = (keydata->data[6] << 8) +
- keydata->data[7];
+ length = (keydata->data[keyofs] << 8) +
+ keydata->data[keyofs + 1];
}
break;
default:
@@ -138,7 +213,8 @@ unsigned int keylength(struct openpgp_packet *keydata)
return length;
}
-int list_sigs(struct openpgp_packet_list *sigs, bool html)
+int list_sigs(struct onak_dbctx *dbctx,
+ struct openpgp_packet_list *sigs, bool html)
{
char *uid = NULL;
uint64_t sigid = 0;
@@ -146,7 +222,7 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html)
while (sigs != NULL) {
sigid = sig_keyid(sigs->packet);
- uid = config.dbbackend->keyid2uid(sigid);
+ uid = dbctx->keyid2uid(dbctx, sigid);
if (sigs->packet->data[0] == 4 &&
sigs->packet->data[1] == 0x30) {
/* It's a Type 4 sig revocation */
@@ -188,7 +264,8 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html)
return 0;
}
-int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
+int list_uids(struct onak_dbctx *dbctx,
+ uint64_t keyid, struct openpgp_signedpacket_list *uids,
bool verbose, bool html)
{
char buf[1024];
@@ -215,7 +292,7 @@ int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
}
}
if (verbose) {
- list_sigs(uids->sigs, html);
+ list_sigs(dbctx, uids->sigs, html);
}
uids = uids->next;
}
@@ -223,7 +300,8 @@ int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
return 0;
}
-int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
+int list_subkeys(struct onak_dbctx *dbctx,
+ struct openpgp_signedpacket_list *subkeys, bool verbose,
bool html)
{
struct tm *created = NULL;
@@ -247,11 +325,12 @@ int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
type = subkeys->packet->data[7];
break;
case 4:
+ case 5:
type = subkeys->packet->data[5];
break;
default:
logthing(LOGTHING_ERROR,
- "Unknown key type: %d",
+ "Unknown key version: %d",
subkeys->packet->data[0]);
}
length = keylength(subkeys->packet);
@@ -270,7 +349,7 @@ int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
}
if (verbose) {
- list_sigs(subkeys->sigs, html);
+ list_sigs(dbctx, subkeys->sigs, html);
}
subkeys = subkeys->next;
}
@@ -281,21 +360,21 @@ int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
void display_fingerprint(struct openpgp_publickey *key)
{
int i = 0;
- size_t length = 0;
- unsigned char fp[20];
+ struct openpgp_fingerprint fingerprint;
- get_fingerprint(key->publickey, fp, &length);
+ get_fingerprint(key->publickey, &fingerprint);
printf(" Key fingerprint =");
- for (i = 0; i < length; i++) {
- if ((length == 16) ||
+ for (i = 0; i < fingerprint.length; i++) {
+ if ((fingerprint.length == 16) ||
(i % 2 == 0)) {
printf(" ");
}
- if (length == 20 && (i * 2) == length) {
+ if (fingerprint.length == 20 &&
+ (i * 2) == fingerprint.length) {
/* Extra space in the middle of a SHA1 fingerprint */
printf(" ");
}
- printf("%02X", fp[i]);
+ printf("%02X", fingerprint.fp[i]);
}
printf("\n");
@@ -337,7 +416,8 @@ void display_skshash(struct openpgp_publickey *key, bool html)
* This function takes a list of OpenPGP public keys and displays an index
* of them. Useful for debugging or the keyserver Index function.
*/
-int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
+int key_index(struct onak_dbctx *dbctx,
+ struct openpgp_publickey *keys, bool verbose, bool fingerprint,
bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
@@ -365,10 +445,11 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
type = keys->publickey->data[7];
break;
case 4:
+ case 5:
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);
@@ -420,7 +501,7 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
display_fingerprint(keys);
}
if (verbose) {
- list_sigs(curuid->sigs, html);
+ list_sigs(dbctx, curuid->sigs, html);
}
curuid = curuid->next;
} else {
@@ -431,9 +512,9 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
}
}
- list_uids(keyid, curuid, verbose, html);
+ list_uids(dbctx, keyid, curuid, verbose, html);
if (verbose) {
- list_subkeys(keys->subkeys, verbose, html);
+ list_subkeys(dbctx, keys->subkeys, verbose, html);
}
keys = keys->next;
@@ -460,10 +541,9 @@ int mrkey_index(struct openpgp_publickey *keys)
int type = 0;
int length = 0;
int i = 0;
- size_t fplength = 0;
- unsigned char fp[20];
int c;
uint64_t keyid;
+ struct openpgp_fingerprint fingerprint;
while (keys != NULL) {
created_time = (keys->publickey->data[1] << 24) +
@@ -483,16 +563,17 @@ int mrkey_index(struct openpgp_publickey *keys)
type = keys->publickey->data[7];
break;
case 4:
- (void) get_fingerprint(keys->publickey, fp, &fplength);
+ case 5:
+ (void) get_fingerprint(keys->publickey, &fingerprint);
- for (i = 0; i < fplength; i++) {
- printf("%02X", fp[i]);
+ for (i = 0; i < fingerprint.length; i++) {
+ printf("%02X", fingerprint.fp[i]);
}
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);