#include "decodekey.h"
-#include "getcgi.h"
-#include "hash.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
#include "keystructs.h"
#include "log.h"
#include "onak.h"
-#include "onak-conf.h"
#include "openpgp.h"
/*
@@ -48,6 +44,7 @@ char pkalgo2char(uint8_t algo)
typech = 'D';
break;
case OPENPGP_PKALGO_ECDSA:
+ case OPENPGP_PKALGO_EDDSA:
typech = 'E';
break;
case OPENPGP_PKALGO_EC:
@@ -76,12 +73,62 @@ char pkalgo2char(uint8_t algo)
return typech;
}
+/**
+ * txt2html - Takes a string and converts it to HTML.
+ * @string: The string to HTMLize.
+ *
+ * Takes a string and escapes any HTML entities.
+ */
+const char *txt2html(const char *string)
+{
+ static char buf[1024];
+ char *ptr = NULL;
+ char *nextptr = NULL;
+
+ if (strlen(string) > 1000) {
+ return string;
+ }
+
+ memset(buf, 0, 1024);
+
+ ptr = strchr(string, '<');
+ if (ptr != NULL) {
+ nextptr = ptr + 1;
+ *ptr = 0;
+ strncpy(buf, string, 1023);
+ strncat(buf, "<", 1023 - strlen(buf));
+ string = nextptr;
+ }
+
+ ptr = strchr(string, '>');
+ if (ptr != NULL) {
+ nextptr = ptr + 1;
+ *ptr = 0;
+ strncat(buf, string, 1023 - strlen(buf));
+ strncat(buf, ">", 1023 - strlen(buf));
+ string = nextptr;
+ }
+
+ /*
+ * TODO: We need to while() this really as each entity may appear more
+ * than once. We need to start with & and ; as we replace with those
+ * throughout. Fuck it for the moment though; it's Easter and < & > are
+ * the most common and tend to only appear once.
+ */
+
+ strncat(buf, string, 1023 - strlen(buf));
+
+ return buf;
+}
+
/*
* Given a public key/subkey packet return the key length.
*/
unsigned int keylength(struct openpgp_packet *keydata)
{
unsigned int length;
+ uint8_t keyofs;
+ enum onak_oid oid;
switch (keydata->data[0]) {
case 2:
@@ -90,34 +137,34 @@ unsigned int keylength(struct openpgp_packet *keydata)
keydata->data[9];
break;
case 4:
+ case 5:
+ /* v5 has an additional 4 bytes of key length data */
+ keyofs = (keydata->data[0] == 4) ? 6 : 10;
switch (keydata->data[5]) {
case OPENPGP_PKALGO_EC:
case OPENPGP_PKALGO_ECDSA:
+ case OPENPGP_PKALGO_EDDSA:
/* Elliptic curve key size is based on OID */
- if ((keydata->data[6] == 8) &&
- (keydata->data[7] == 0x2A) &&
- (keydata->data[8] == 0x86) &&
- (keydata->data[9] == 0x48) &&
- (keydata->data[10] == 0xCE) &&
- (keydata->data[11] == 0x3D) &&
- (keydata->data[12] == 0x03) &&
- (keydata->data[13] == 0x01) &&
- (keydata->data[14] == 0x07)) {
+ oid = onak_parse_oid(&keydata->data[keyofs],
+ keydata->length - keyofs);
+ if (oid == ONAK_OID_CURVE25519) {
+ length = 255;
+ } else if (oid == ONAK_OID_ED25519) {
+ length = 255;
+ } else if (oid == ONAK_OID_NISTP256) {
length = 256;
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x22)) {
+ } else if (oid == ONAK_OID_NISTP384) {
length = 384;
- } else if ((keydata->data[6] == 5) &&
- (keydata->data[7] == 0x2B) &&
- (keydata->data[8] == 0x81) &&
- (keydata->data[9] == 0x04) &&
- (keydata->data[10] == 0x00) &&
- (keydata->data[11] == 0x23)) {
+ } else if (oid == ONAK_OID_NISTP521) {
length = 521;
+ } else if (oid == ONAK_OID_BRAINPOOLP256R1) {
+ length = 256;
+ } else if (oid == ONAK_OID_BRAINPOOLP384R1) {
+ length = 384;
+ } else if (oid == ONAK_OID_BRAINPOOLP512R1) {
+ length = 512;
+ } else if (oid == ONAK_OID_SECP256K1) {
+ length = 256;
} else {
logthing(LOGTHING_ERROR,
"Unknown elliptic curve size");
@@ -125,8 +172,8 @@ unsigned int keylength(struct openpgp_packet *keydata)
}
break;
default:
- length = (keydata->data[6] << 8) +
- keydata->data[7];
+ length = (keydata->data[keyofs] << 8) +
+ keydata->data[keyofs + 1];
}
break;
default:
@@ -147,7 +194,9 @@ int list_sigs(struct onak_dbctx *dbctx,
while (sigs != NULL) {
sigid = sig_keyid(sigs->packet);
- uid = dbctx->keyid2uid(dbctx, sigid);
+ if (dbctx) {
+ uid = dbctx->keyid2uid(dbctx, sigid);
+ }
if (sigs->packet->data[0] == 4 &&
sigs->packet->data[1] == 0x30) {
/* It's a Type 4 sig revocation */
@@ -157,25 +206,25 @@ int list_sigs(struct onak_dbctx *dbctx,
}
if (html && uid != NULL) {
printf("%s %08" PRIX64
+ "search=0x%016" PRIX64 "\">0x%016" PRIX64
" "
"%s\n",
sig,
sigid,
- sigid & 0xFFFFFFFF,
+ sigid,
sigid,
txt2html(uid));
} else if (html && uid == NULL) {
- printf("%s %08" PRIX64 " "
+ printf("%s 0x%016" PRIX64 " "
"[User id not found]\n",
sig,
- sigid & 0xFFFFFFFF);
+ sigid);
} else {
- printf("%s %08" PRIX64
+ printf("%s 0x%016" PRIX64
" %s\n",
sig,
- sigid & 0xFFFFFFFF,
+ sigid,
(uid != NULL) ? uid :
"[User id not found]");
}
@@ -229,7 +278,7 @@ int list_subkeys(struct onak_dbctx *dbctx,
struct openpgp_signedpacket_list *subkeys, bool verbose,
bool html)
{
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
@@ -242,7 +291,7 @@ int list_subkeys(struct onak_dbctx *dbctx,
(subkeys->packet->data[2] << 16) +
(subkeys->packet->data[3] << 8) +
subkeys->packet->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (subkeys->packet->data[0]) {
case 2:
@@ -250,11 +299,12 @@ int list_subkeys(struct onak_dbctx *dbctx,
type = subkeys->packet->data[7];
break;
case 4:
+ case 5:
type = subkeys->packet->data[5];
break;
default:
logthing(LOGTHING_ERROR,
- "Unknown key type: %d",
+ "Unknown key version: %d",
subkeys->packet->data[0]);
}
length = keylength(subkeys->packet);
@@ -263,13 +313,13 @@ int list_subkeys(struct onak_dbctx *dbctx,
&keyid) != ONAK_E_OK) {
logthing(LOGTHING_ERROR, "Couldn't get keyid.");
}
- printf("sub %5d%c/%08X %04d/%02d/%02d\n",
+ printf("sub %5d%c/0x%016" PRIX64 " %04d/%02d/%02d\n",
length,
pkalgo2char(type),
- (uint32_t) (keyid & 0xFFFFFFFF),
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
if (verbose) {
@@ -284,21 +334,21 @@ int list_subkeys(struct onak_dbctx *dbctx,
void display_fingerprint(struct openpgp_publickey *key)
{
int i = 0;
- size_t length = 0;
- unsigned char fp[20];
+ struct openpgp_fingerprint fingerprint;
- get_fingerprint(key->publickey, fp, &length);
+ get_fingerprint(key->publickey, &fingerprint);
printf(" Key fingerprint =");
- for (i = 0; i < length; i++) {
- if ((length == 16) ||
+ for (i = 0; i < fingerprint.length; i++) {
+ if ((fingerprint.length == 16) ||
(i % 2 == 0)) {
printf(" ");
}
- if (length == 20 && (i * 2) == length) {
+ if (fingerprint.length == 20 &&
+ (i * 2) == fingerprint.length) {
/* Extra space in the middle of a SHA1 fingerprint */
printf(" ");
}
- printf("%02X", fp[i]);
+ printf("%02X", fingerprint.fp[i]);
}
printf("\n");
@@ -345,13 +395,14 @@ int key_index(struct onak_dbctx *dbctx,
bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
- struct tm *created = NULL;
+ struct tm created;
time_t created_time = 0;
int type = 0;
int length = 0;
char buf[1024];
uint64_t keyid;
+
if (html) {
puts("");
}
@@ -361,7 +412,7 @@ int key_index(struct onak_dbctx *dbctx,
(keys->publickey->data[2] << 16) +
(keys->publickey->data[3] << 8) +
keys->publickey->data[4];
- created = gmtime(&created_time);
+ gmtime_r(&created_time, &created);
switch (keys->publickey->data[0]) {
case 2:
@@ -369,10 +420,11 @@ int key_index(struct onak_dbctx *dbctx,
type = keys->publickey->data[7];
break;
case 4:
+ case 5:
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);
@@ -383,23 +435,23 @@ int key_index(struct onak_dbctx *dbctx,
if (html) {
printf("pub %5d%c/%08" PRIX64
+ "search=0x%016" PRIX64 "\">0x%016" PRIX64
" %04d/%02d/%02d ",
length,
pkalgo2char(type),
keyid,
- keyid & 0xFFFFFFFF,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
} else {
- printf("pub %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+ printf("pub %5d%c/0x%016" PRIX64 " %04d/%02d/%02d ",
length,
pkalgo2char(type),
- keyid & 0xFFFFFFFF,
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid,
+ created.tm_year + 1900,
+ created.tm_mon + 1,
+ created.tm_mday);
}
curuid = keys->uids;
@@ -464,10 +516,9 @@ int mrkey_index(struct openpgp_publickey *keys)
int type = 0;
int length = 0;
int i = 0;
- size_t fplength = 0;
- unsigned char fp[20];
int c;
uint64_t keyid;
+ struct openpgp_fingerprint fingerprint;
while (keys != NULL) {
created_time = (keys->publickey->data[1] << 24) +
@@ -487,16 +538,17 @@ int mrkey_index(struct openpgp_publickey *keys)
type = keys->publickey->data[7];
break;
case 4:
- (void) get_fingerprint(keys->publickey, fp, &fplength);
+ case 5:
+ (void) get_fingerprint(keys->publickey, &fingerprint);
- for (i = 0; i < fplength; i++) {
- printf("%02X", fp[i]);
+ for (i = 0; i < fingerprint.length; i++) {
+ printf("%02X", fingerprint.fp[i]);
}
type = keys->publickey->data[5];
break;
default:
- logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ logthing(LOGTHING_ERROR, "Unknown key version: %d",
keys->publickey->data[0]);
}
length = keylength(keys->publickey);