2 * keyindex.c - Routines to list an OpenPGP key.
4 * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
26 #include "decodekey.h"
31 #include "keystructs.h"
37 * Convert a Public Key algorithm to its single character representation.
39 char pkalgo2char(uint8_t algo)
44 case OPENPGP_PKALGO_DSA:
47 case OPENPGP_PKALGO_ECDSA:
48 case OPENPGP_PKALGO_EDDSA:
51 case OPENPGP_PKALGO_EC:
54 case OPENPGP_PKALGO_ELGAMAL_SIGN:
57 case OPENPGP_PKALGO_ELGAMAL_ENC:
60 case OPENPGP_PKALGO_RSA:
63 case OPENPGP_PKALGO_RSA_ENC:
66 case OPENPGP_PKALGO_RSA_SIGN:
78 * Given a public key/subkey packet return the key length.
80 unsigned int keylength(struct openpgp_packet *keydata)
85 switch (keydata->data[0]) {
88 length = (keydata->data[8] << 8) +
93 /* v5 has an additional 4 bytes of key length data */
94 keyofs = (keydata->data[0] == 4) ? 6 : 10;
95 switch (keydata->data[5]) {
96 case OPENPGP_PKALGO_EC:
97 case OPENPGP_PKALGO_ECDSA:
98 case OPENPGP_PKALGO_EDDSA:
99 /* Elliptic curve key size is based on OID */
100 /* Curve25519 / 1.3.6.1.4.1.3029.1.5.1 */
101 if ((keydata->data[keyofs] == 10) &&
102 (keydata->data[keyofs + 1] == 0x2B) &&
103 (keydata->data[keyofs + 2] == 0x06) &&
104 (keydata->data[keyofs + 3] == 0x01) &&
105 (keydata->data[keyofs + 4] == 0x04) &&
106 (keydata->data[keyofs + 5] == 0x01) &&
107 (keydata->data[keyofs + 6] == 0x97) &&
108 (keydata->data[keyofs + 7] == 0x55) &&
109 (keydata->data[keyofs + 8] == 0x01) &&
110 (keydata->data[keyofs + 9] == 0x05) &&
111 (keydata->data[keyofs + 10] == 0x01)) {
113 /* Ed25519 / 1.3.6.1.4.1.11591.15.1 */
114 } else if ((keydata->data[keyofs] == 9) &&
115 (keydata->data[keyofs + 1] == 0x2B) &&
116 (keydata->data[keyofs + 2] == 0x06) &&
117 (keydata->data[keyofs + 3] == 0x01) &&
118 (keydata->data[keyofs + 4] == 0x04) &&
119 (keydata->data[keyofs + 5] == 0x01) &&
120 (keydata->data[keyofs + 6] == 0xDA) &&
121 (keydata->data[keyofs + 7] == 0x47) &&
122 (keydata->data[keyofs + 8] == 0x0F) &&
123 (keydata->data[keyofs + 9] == 0x01)) {
125 /* nistp256 / 1.2.840.10045.3.1.7 */
126 } else if ((keydata->data[keyofs] == 8) &&
127 (keydata->data[keyofs + 1] == 0x2A) &&
128 (keydata->data[keyofs + 2] == 0x86) &&
129 (keydata->data[keyofs + 3] == 0x48) &&
130 (keydata->data[keyofs + 4] == 0xCE) &&
131 (keydata->data[keyofs + 5] == 0x3D) &&
132 (keydata->data[keyofs + 6] == 0x03) &&
133 (keydata->data[keyofs + 7] == 0x01) &&
134 (keydata->data[keyofs + 8] == 0x07)) {
136 /* nistp384 / 1.3.132.0.34 */
137 } else if ((keydata->data[keyofs] == 5) &&
138 (keydata->data[keyofs + 1] == 0x2B) &&
139 (keydata->data[keyofs + 2] == 0x81) &&
140 (keydata->data[keyofs + 3] == 0x04) &&
141 (keydata->data[keyofs + 4] == 0x00) &&
142 (keydata->data[keyofs + 5] == 0x22)) {
144 /* nistp521 / 1.3.132.0.35 */
145 } else if ((keydata->data[keyofs] == 5) &&
146 (keydata->data[keyofs + 1] == 0x2B) &&
147 (keydata->data[keyofs + 2] == 0x81) &&
148 (keydata->data[keyofs + 3] == 0x04) &&
149 (keydata->data[keyofs + 4] == 0x00) &&
150 (keydata->data[keyofs + 5] == 0x23)) {
152 /* brainpoolP256r1 / 1.3.36.3.3.2.8.1.1.7 */
153 } else if ((keydata->data[keyofs] == 9) &&
154 (keydata->data[keyofs + 1] == 0x2B) &&
155 (keydata->data[keyofs + 2] == 0x24) &&
156 (keydata->data[keyofs + 3] == 0x03) &&
157 (keydata->data[keyofs + 4] == 0x03) &&
158 (keydata->data[keyofs + 5] == 0x02) &&
159 (keydata->data[keyofs + 6] == 0x08) &&
160 (keydata->data[keyofs + 7] == 0x01) &&
161 (keydata->data[keyofs + 8] == 0x01) &&
162 (keydata->data[keyofs + 9] == 0x07)) {
164 /* brainpoolP384r1 / 1.3.36.3.3.2.8.1.1.11 */
165 } else if ((keydata->data[keyofs] == 9) &&
166 (keydata->data[keyofs + 1] == 0x2B) &&
167 (keydata->data[keyofs + 2] == 0x24) &&
168 (keydata->data[keyofs + 3] == 0x03) &&
169 (keydata->data[keyofs + 4] == 0x03) &&
170 (keydata->data[keyofs + 5] == 0x02) &&
171 (keydata->data[keyofs + 6] == 0x08) &&
172 (keydata->data[keyofs + 7] == 0x01) &&
173 (keydata->data[keyofs + 8] == 0x01) &&
174 (keydata->data[keyofs + 9] == 0x0B)) {
176 /* brainpoolP512r1 / 1.3.36.3.3.2.8.1.1.13 */
177 } else if ((keydata->data[keyofs] == 9) &&
178 (keydata->data[keyofs + 1] == 0x2B) &&
179 (keydata->data[keyofs + 2] == 0x24) &&
180 (keydata->data[keyofs + 3] == 0x03) &&
181 (keydata->data[keyofs + 4] == 0x03) &&
182 (keydata->data[keyofs + 5] == 0x02) &&
183 (keydata->data[keyofs + 6] == 0x08) &&
184 (keydata->data[keyofs + 7] == 0x01) &&
185 (keydata->data[keyofs + 8] == 0x01) &&
186 (keydata->data[keyofs + 9] == 0x0D)) {
188 /* secp256k1 / 1.3.132.0.10 */
189 } else if ((keydata->data[keyofs] == 5) &&
190 (keydata->data[keyofs + 1] == 0x2B) &&
191 (keydata->data[keyofs + 2] == 0x81) &&
192 (keydata->data[keyofs + 3] == 0x04) &&
193 (keydata->data[keyofs + 4] == 0x00) &&
194 (keydata->data[keyofs + 5] == 0x0A)) {
197 logthing(LOGTHING_ERROR,
198 "Unknown elliptic curve size");
203 length = (keydata->data[keyofs] << 8) +
204 keydata->data[keyofs + 1];
208 logthing(LOGTHING_ERROR, "Unknown key version: %d",
216 int list_sigs(struct onak_dbctx *dbctx,
217 struct openpgp_packet_list *sigs, bool html)
223 while (sigs != NULL) {
224 sigid = sig_keyid(sigs->packet);
225 uid = dbctx->keyid2uid(dbctx, sigid);
226 if (sigs->packet->data[0] == 4 &&
227 sigs->packet->data[1] == 0x30) {
228 /* It's a Type 4 sig revocation */
233 if (html && uid != NULL) {
234 printf("%s <a href=\"lookup?op=get&"
235 "search=0x%016" PRIX64 "\">%08" PRIX64
237 "<a href=\"lookup?op=vindex&search=0x%016"
238 PRIX64 "\">%s</a>\n",
244 } else if (html && uid == NULL) {
245 printf("%s %08" PRIX64 " "
246 "[User id not found]\n",
250 printf("%s %08" PRIX64
254 (uid != NULL) ? uid :
255 "[User id not found]");
267 int list_uids(struct onak_dbctx *dbctx,
268 uint64_t keyid, struct openpgp_signedpacket_list *uids,
269 bool verbose, bool html)
274 while (uids != NULL) {
275 if (uids->packet->tag == OPENPGP_PACKET_UID) {
276 snprintf(buf, 1023, "%.*s",
277 (int) uids->packet->length,
280 (html) ? txt2html(buf) : buf);
281 } else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
284 printf("<img src=\"lookup?op=photo&search="
285 "0x%016" PRIX64 "&idx=%d\" alt=\""
291 printf("[photo id]\n");
295 list_sigs(dbctx, uids->sigs, html);
303 int list_subkeys(struct onak_dbctx *dbctx,
304 struct openpgp_signedpacket_list *subkeys, bool verbose,
307 struct tm *created = NULL;
308 time_t created_time = 0;
313 while (subkeys != NULL) {
314 if (subkeys->packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
316 created_time = (subkeys->packet->data[1] << 24) +
317 (subkeys->packet->data[2] << 16) +
318 (subkeys->packet->data[3] << 8) +
319 subkeys->packet->data[4];
320 created = gmtime(&created_time);
322 switch (subkeys->packet->data[0]) {
325 type = subkeys->packet->data[7];
329 type = subkeys->packet->data[5];
332 logthing(LOGTHING_ERROR,
333 "Unknown key version: %d",
334 subkeys->packet->data[0]);
336 length = keylength(subkeys->packet);
338 if (get_packetid(subkeys->packet,
339 &keyid) != ONAK_E_OK) {
340 logthing(LOGTHING_ERROR, "Couldn't get keyid.");
342 printf("sub %5d%c/%08X %04d/%02d/%02d\n",
345 (uint32_t) (keyid & 0xFFFFFFFF),
346 created->tm_year + 1900,
352 list_sigs(dbctx, subkeys->sigs, html);
354 subkeys = subkeys->next;
360 void display_fingerprint(struct openpgp_publickey *key)
363 struct openpgp_fingerprint fingerprint;
365 get_fingerprint(key->publickey, &fingerprint);
366 printf(" Key fingerprint =");
367 for (i = 0; i < fingerprint.length; i++) {
368 if ((fingerprint.length == 16) ||
372 if (fingerprint.length == 20 &&
373 (i * 2) == fingerprint.length) {
374 /* Extra space in the middle of a SHA1 fingerprint */
377 printf("%02X", fingerprint.fp[i]);
384 void display_skshash(struct openpgp_publickey *key, bool html)
389 get_skshash(key, &hash);
390 printf(" Key hash = ");
392 printf("<a href=\"lookup?op=hget&search=");
393 for (i = 0; i < sizeof(hash.hash); i++) {
394 printf("%02X", hash.hash[i]);
398 for (i = 0; i < sizeof(hash.hash); i++) {
399 printf("%02X", hash.hash[i]);
410 * key_index - List a set of OpenPGP keys.
411 * @keys: The keys to display.
412 * @verbose: Should we list sigs as well?
413 * @fingerprint: List the fingerprint?
414 * @html: Should the output be tailored for HTML?
416 * This function takes a list of OpenPGP public keys and displays an index
417 * of them. Useful for debugging or the keyserver Index function.
419 int key_index(struct onak_dbctx *dbctx,
420 struct openpgp_publickey *keys, bool verbose, bool fingerprint,
421 bool skshash, bool html)
423 struct openpgp_signedpacket_list *curuid = NULL;
424 struct tm *created = NULL;
425 time_t created_time = 0;
434 puts("Type bits/keyID Date User ID");
435 while (keys != NULL) {
436 created_time = (keys->publickey->data[1] << 24) +
437 (keys->publickey->data[2] << 16) +
438 (keys->publickey->data[3] << 8) +
439 keys->publickey->data[4];
440 created = gmtime(&created_time);
442 switch (keys->publickey->data[0]) {
445 type = keys->publickey->data[7];
449 type = keys->publickey->data[5];
452 logthing(LOGTHING_ERROR, "Unknown key version: %d",
453 keys->publickey->data[0]);
455 length = keylength(keys->publickey);
457 if (get_keyid(keys, &keyid) != ONAK_E_OK) {
458 logthing(LOGTHING_ERROR, "Couldn't get keyid.");
462 printf("pub %5d%c/<a href=\"lookup?op=get&"
463 "search=0x%016" PRIX64 "\">%08" PRIX64
464 "</a> %04d/%02d/%02d ",
469 created->tm_year + 1900,
473 printf("pub %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
477 created->tm_year + 1900,
483 if (curuid != NULL &&
484 curuid->packet->tag == OPENPGP_PACKET_UID) {
485 snprintf(buf, 1023, "%.*s",
486 (int) curuid->packet->length,
487 curuid->packet->data);
489 printf("<a href=\"lookup?op=vindex&"
490 "search=0x%016" PRIX64 "\">",
494 (html) ? txt2html(buf) : buf,
495 (html) ? "</a>" : "",
496 (keys->revoked) ? " *** REVOKED ***" : "");
498 display_skshash(keys, html);
501 display_fingerprint(keys);
504 list_sigs(dbctx, curuid->sigs, html);
506 curuid = curuid->next;
509 (keys->revoked) ? "*** REVOKED ***": "");
511 display_fingerprint(keys);
515 list_uids(dbctx, keyid, curuid, verbose, html);
517 list_subkeys(dbctx, keys->subkeys, verbose, html);
531 * mrkey_index - List a set of OpenPGP keys in the MRHKP format.
532 * @keys: The keys to display.
534 * This function takes a list of OpenPGP public keys and displays a
535 * machine readable list of them.
537 int mrkey_index(struct openpgp_publickey *keys)
539 struct openpgp_signedpacket_list *curuid = NULL;
540 time_t created_time = 0;
546 struct openpgp_fingerprint fingerprint;
548 while (keys != NULL) {
549 created_time = (keys->publickey->data[1] << 24) +
550 (keys->publickey->data[2] << 16) +
551 (keys->publickey->data[3] << 8) +
552 keys->publickey->data[4];
556 switch (keys->publickey->data[0]) {
559 if (get_keyid(keys, &keyid) != ONAK_E_OK) {
560 logthing(LOGTHING_ERROR, "Couldn't get keyid");
562 printf("%016" PRIX64, keyid);
563 type = keys->publickey->data[7];
567 (void) get_fingerprint(keys->publickey, &fingerprint);
569 for (i = 0; i < fingerprint.length; i++) {
570 printf("%02X", fingerprint.fp[i]);
573 type = keys->publickey->data[5];
576 logthing(LOGTHING_ERROR, "Unknown key version: %d",
577 keys->publickey->data[0]);
579 length = keylength(keys->publickey);
581 printf(":%d:%d:%ld::%s\n",
585 (keys->revoked) ? "r" : "");
587 for (curuid = keys->uids; curuid != NULL;
588 curuid = curuid->next) {
590 if (curuid->packet->tag == OPENPGP_PACKET_UID) {
592 for (i = 0; i < (int) curuid->packet->length;
594 c = curuid->packet->data[i];
598 } else if (c == ':' || c > 127) {