X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=keyindex.c;h=e8d569a45b22de0d04e4ab4a9eae82af3acf1839;hp=c043fa4cfdd1f293b69f42bf0bb75e6c721c8a02;hb=58ed9a0076feb9604154b99da6ed1907ca7df089;hpb=abc90dd0602ca116ce61886e962aecd14d4459cc

diff --git a/keyindex.c b/keyindex.c
index c043fa4..e8d569a 100644
--- a/keyindex.c
+++ b/keyindex.c
@@ -1,9 +1,19 @@
 /*
  * keyindex.c - Routines to list an OpenPGP key.
  *
- * Jonathan McDowell <noodles@earth.li>
+ * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
  *
- * Copyright 2002-2005 Project Purple
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 
 #include <inttypes.h>
@@ -15,14 +25,121 @@
 
 #include "decodekey.h"
 #include "getcgi.h"
-#include "hash.h"
 #include "keydb.h"
 #include "keyid.h"
 #include "keyindex.h"
 #include "keystructs.h"
 #include "log.h"
+#include "onak.h"
+#include "openpgp.h"
+
+/*
+ * Convert a Public Key algorithm to its single character representation.
+ */
+char pkalgo2char(uint8_t algo)
+{
+	char typech;
+
+	switch (algo) {
+	case OPENPGP_PKALGO_DSA:
+		typech = 'D';
+		break;
+	case OPENPGP_PKALGO_ECDSA:
+	case OPENPGP_PKALGO_EDDSA:
+		typech = 'E';
+		break;
+	case OPENPGP_PKALGO_EC:
+		typech = 'e';
+		break;
+	case OPENPGP_PKALGO_ELGAMAL_SIGN:
+		typech = 'G';
+		break;
+	case OPENPGP_PKALGO_ELGAMAL_ENC:
+		typech = 'g';
+		break;
+	case OPENPGP_PKALGO_RSA:
+		typech = 'R';
+		break;
+	case OPENPGP_PKALGO_RSA_ENC:
+		typech = 'r';
+		break;
+	case OPENPGP_PKALGO_RSA_SIGN:
+		typech = 's';
+		break;
+	default:
+		typech = '?';
+		break;
+	}
+
+	return typech;
+}
+
+/*
+ * Given a public key/subkey packet return the key length.
+ */
+unsigned int keylength(struct openpgp_packet *keydata)
+{
+	unsigned int length;
+	uint8_t keyofs;
+	enum onak_oid oid;
+
+	switch (keydata->data[0]) {
+	case 2:
+	case 3:
+		length = (keydata->data[8] << 8) +
+				keydata->data[9];
+		break;
+	case 4:
+	case 5:
+		/* v5 has an additional 4 bytes of key length data */
+		keyofs = (keydata->data[0] == 4) ? 6 : 10;
+		switch (keydata->data[5]) {
+		case OPENPGP_PKALGO_EC:
+		case OPENPGP_PKALGO_ECDSA:
+		case OPENPGP_PKALGO_EDDSA:
+			/* Elliptic curve key size is based on OID */
+			oid = onak_parse_oid(&keydata->data[keyofs],
+					keydata->length - keyofs);
+			if (oid == ONAK_OID_CURVE25519) {
+				length = 255;
+			} else if (oid == ONAK_OID_ED25519) {
+				length = 255;
+			} else if (oid == ONAK_OID_NISTP256) {
+				length = 256;
+			} else if (oid == ONAK_OID_NISTP384) {
+				length = 384;
+			} else if (oid == ONAK_OID_NISTP521) {
+				length = 521;
+			} else if (oid == ONAK_OID_BRAINPOOLP256R1) {
+				length = 256;
+			} else if (oid == ONAK_OID_BRAINPOOLP384R1) {
+				length = 384;
+			} else if (oid == ONAK_OID_BRAINPOOLP512R1) {
+				length = 512;
+			} else if (oid == ONAK_OID_SECP256K1) {
+				length = 256;
+			} else {
+				logthing(LOGTHING_ERROR,
+					"Unknown elliptic curve size");
+				length = 0;
+			}
+			break;
+		default:
+			length = (keydata->data[keyofs] << 8) +
+				keydata->data[keyofs + 1];
+		}
+		break;
+	default:
+		logthing(LOGTHING_ERROR, "Unknown key version: %d",
+			keydata->data[0]);
+		length = 0;
+	}
+
+	return length;
+}
 
-int list_sigs(struct openpgp_packet_list *sigs, bool html)
+int list_sigs(struct onak_dbctx *dbctx,
+		struct openpgp_packet_list *sigs, bool html)
 {
 	char *uid = NULL;
 	uint64_t sigid = 0;
@@ -30,7 +147,9 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html)
 
 	while (sigs != NULL) {
 		sigid = sig_keyid(sigs->packet);
-		uid = keyid2uid(sigid);
+		if (dbctx) {
+			uid = dbctx->keyid2uid(dbctx, sigid);
+		}
 		if (sigs->packet->data[0] == 4 &&
 				sigs->packet->data[1] == 0x30) {
 			/* It's a Type 4 sig revocation */
@@ -40,24 +159,25 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html)
 		}
 		if (html && uid != NULL) {
 			printf("%s         <a href=\"lookup?op=get&"
-				"search=%08llX\">%08llX</a>             "
-				"<a href=\"lookup?op=vindex&search=0x%08llX\">"
-				"%s</a>\n",
+				"search=0x%016" PRIX64 "\">0x%016" PRIX64
+				"</a>             "
+				"<a href=\"lookup?op=vindex&search=0x%016"
+				PRIX64 "\">%s</a>\n",
 				sig,
-				sigid & 0xFFFFFFFF,
-				sigid & 0xFFFFFFFF,
-				sigid & 0xFFFFFFFF,
+				sigid,
+				sigid,
+				sigid,
 				txt2html(uid));
 		} else if (html && uid == NULL) {
-			printf("%s         %08llX             "
+			printf("%s         0x%016" PRIX64 "             "
 				"[User id not found]\n",
 				sig,
-				sigid & 0xFFFFFFFF);
+				sigid);
 		} else {
-			printf("%s         %08llX"
+			printf("%s         0x%016" PRIX64
 				"             %s\n",
 				sig,
-				sigid & 0xFFFFFFFF,
+				sigid,
 				(uid != NULL) ? uid :
 				"[User id not found]");
 		}
@@ -71,32 +191,35 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html)
 	return 0;
 }
 
-int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
+int list_uids(struct onak_dbctx *dbctx,
+		uint64_t keyid, struct openpgp_signedpacket_list *uids,
 		bool verbose, bool html)
 {
 	char buf[1024];
 	int  imgindx = 0;
 
 	while (uids != NULL) {
-		if (uids->packet->tag == 13) {
+		if (uids->packet->tag == OPENPGP_PACKET_UID) {
 			snprintf(buf, 1023, "%.*s",
 				(int) uids->packet->length,
 				uids->packet->data);
 			printf("                                %s\n",
 				(html) ? txt2html(buf) : buf);
-		} else if (uids->packet->tag == 17) {
+		} else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
 			printf("                                ");
 			if (html) {
-				printf("<img src=\"lookup?op=photo&search=0x%llX&idx=%d\" alt=\"[photo id]\">\n",
-						keyid,
-						imgindx);
+				printf("<img src=\"lookup?op=photo&search="
+					"0x%016" PRIX64 "&idx=%d\" alt=\""
+					"[photo id]\">\n",
+					keyid,
+					imgindx);
 				imgindx++;
 			} else {
 				printf("[photo id]\n");
 			}
 		}
 		if (verbose) {
-			list_sigs(uids->sigs, html);
+			list_sigs(dbctx, uids->sigs, html);
 		}
 		uids = uids->next;
 	}
@@ -104,54 +227,56 @@ int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
 	return 0;
 }
 
-int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
+int list_subkeys(struct onak_dbctx *dbctx,
+		struct openpgp_signedpacket_list *subkeys, bool verbose,
 		bool html)
 {
-	struct tm	*created = NULL;
+	struct tm	created;
 	time_t		created_time = 0;
 	int	 	type = 0;
 	int	 	length = 0;
+	uint64_t	keyid = 0;
 
 	while (subkeys != NULL) {
-		if (subkeys->packet->tag == 14) {
+		if (subkeys->packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
 
 			created_time = (subkeys->packet->data[1] << 24) +
 					(subkeys->packet->data[2] << 16) +
 					(subkeys->packet->data[3] << 8) +
 					subkeys->packet->data[4];
-			created = gmtime(&created_time);
+			gmtime_r(&created_time, &created);
 
 			switch (subkeys->packet->data[0]) {
 			case 2:
 			case 3:
 				type = subkeys->packet->data[7];
-				length = (subkeys->packet->data[8] << 8) +
-					subkeys->packet->data[9];
 				break;
 			case 4:
+			case 5:
 				type = subkeys->packet->data[5];
-				length = (subkeys->packet->data[6] << 8) +
-					subkeys->packet->data[7];
 				break;
 			default:
 				logthing(LOGTHING_ERROR,
-					"Unknown key type: %d",
+					"Unknown key version: %d",
 					subkeys->packet->data[0]);
 			}
-		
-			printf("sub  %5d%c/%08X %04d/%02d/%02d\n",
+			length = keylength(subkeys->packet);
+
+			if (get_packetid(subkeys->packet,
+					&keyid) != ONAK_E_OK) {
+				logthing(LOGTHING_ERROR, "Couldn't get keyid.");
+			}
+			printf("sub  %5d%c/0x%016" PRIX64 " %04d/%02d/%02d\n",
 				length,
-				(type == 1) ? 'R' : ((type == 16) ? 'g' : 
-					((type == 17) ? 'D' : '?')),
-				(uint32_t) (get_packetid(subkeys->packet) &
-					    0xFFFFFFFF),
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				pkalgo2char(type),
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 
 		}
 		if (verbose) {
-			list_sigs(subkeys->sigs, html);
+			list_sigs(dbctx, subkeys->sigs, html);
 		}
 		subkeys = subkeys->next;
 	}
@@ -162,20 +287,46 @@ int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
 void display_fingerprint(struct openpgp_publickey *key)
 {
 	int		i = 0;
-	size_t		length = 0;
-	unsigned char	fp[20];
+	struct openpgp_fingerprint fingerprint;
 
-	get_fingerprint(key->publickey, fp, &length);
+	get_fingerprint(key->publickey, &fingerprint);
 	printf("      Key fingerprint =");
-	for (i = 0; i < length; i++) {
-		if ((length == 16) ||
+	for (i = 0; i < fingerprint.length; i++) {
+		if ((fingerprint.length == 16) ||
 			(i % 2 == 0)) {
 			printf(" ");
 		}
-		printf("%02X", fp[i]);
-		if ((i * 2) == length) {
+		if (fingerprint.length == 20 &&
+				(i * 2) == fingerprint.length) {
+			/* Extra space in the middle of a SHA1 fingerprint */
 			printf(" ");
 		}
+		printf("%02X", fingerprint.fp[i]);
+	}
+	printf("\n");
+
+	return;
+}
+
+void display_skshash(struct openpgp_publickey *key, bool html)
+{
+	int		i = 0;
+	struct skshash	hash;
+
+	get_skshash(key, &hash);
+	printf("      Key hash = ");
+	if (html) {
+		printf("<a href=\"lookup?op=hget&search=");
+		for (i = 0; i < sizeof(hash.hash); i++) {
+			printf("%02X", hash.hash[i]);
+		}
+		printf("\">");
+	}
+	for (i = 0; i < sizeof(hash.hash); i++) {
+		printf("%02X", hash.hash[i]);
+	}
+	if (html) {
+		printf("</a>");
 	}
 	printf("\n");
 
@@ -192,17 +343,19 @@ void display_fingerprint(struct openpgp_publickey *key)
  *	This function takes a list of OpenPGP public keys and displays an index
  *	of them. Useful for debugging or the keyserver Index function.
  */
-int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
-			bool html)
+int key_index(struct onak_dbctx *dbctx,
+		struct openpgp_publickey *keys, bool verbose, bool fingerprint,
+			bool skshash, bool html)
 {
 	struct openpgp_signedpacket_list	*curuid = NULL;
-	struct tm				*created = NULL;
+	struct tm				 created;
 	time_t					 created_time = 0;
 	int					 type = 0;
 	int					 length = 0;
 	char					 buf[1024];
 	uint64_t				 keyid;
 
+
 	if (html) {
 		puts("<pre>");
 	}
@@ -212,83 +365,84 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
 					(keys->publickey->data[2] << 16) +
 					(keys->publickey->data[3] << 8) +
 					keys->publickey->data[4];
-		created = gmtime(&created_time);
+		gmtime_r(&created_time, &created);
 
 		switch (keys->publickey->data[0]) {
 		case 2:
 		case 3:
 			type = keys->publickey->data[7];
-			length = (keys->publickey->data[8] << 8) +
-					keys->publickey->data[9];
 			break;
 		case 4:
+		case 5:
 			type = keys->publickey->data[5];
-			length = (keys->publickey->data[6] << 8) +
-					keys->publickey->data[7];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
-		
-		keyid = (get_keyid(keys) & 0xFFFFFFFF);
+		length = keylength(keys->publickey);
+
+		if (get_keyid(keys, &keyid) != ONAK_E_OK) {
+			logthing(LOGTHING_ERROR, "Couldn't get keyid.");
+		}
 
 		if (html) {
 			printf("pub  %5d%c/<a href=\"lookup?op=get&"
-				"search=%08X\">%08X</a> %04d/%02d/%02d ",
+				"search=0x%016" PRIX64 "\">0x%016" PRIX64
+				"</a> %04d/%02d/%02d ",
 				length,
-				(type == 1) ? 'R' : ((type == 16) ? 'g' : 
-					((type == 17) ? 'D' : '?')),
-				(uint32_t) keyid,
-				(uint32_t) keyid,
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				pkalgo2char(type),
+				keyid,
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 		} else {
-			printf("pub  %5d%c/%08X %04d/%02d/%02d ",
+			printf("pub  %5d%c/0x%016" PRIX64 " %04d/%02d/%02d ",
 				length,
-				(type == 1) ? 'R' : ((type == 16) ? 'g' : 
-					((type == 17) ? 'D' : '?')),
-				(uint32_t) keyid,
-				created->tm_year + 1900,
-				created->tm_mon + 1,
-				created->tm_mday);
+				pkalgo2char(type),
+				keyid,
+				created.tm_year + 1900,
+				created.tm_mon + 1,
+				created.tm_mday);
 		}
 
 		curuid = keys->uids;
-		if (curuid != NULL && curuid->packet->tag == 13) {
+		if (curuid != NULL &&
+				curuid->packet->tag == OPENPGP_PACKET_UID) {
 			snprintf(buf, 1023, "%.*s",
 				(int) curuid->packet->length,
 				curuid->packet->data);
 			if (html) {
 				printf("<a href=\"lookup?op=vindex&"
-					"search=0x%08X\">",
-					(uint32_t) keyid);
+					"search=0x%016" PRIX64 "\">",
+					keyid);
 			}
 			printf("%s%s%s\n", 
 				(html) ? txt2html(buf) : buf,
 				(html) ? "</a>" : "",
-				(keys->revocations == NULL) ? "" :
-					" *** REVOKED ***");
+				(keys->revoked) ? " *** REVOKED ***" : "");
+			if (skshash) {
+				display_skshash(keys, html);
+			}
 			if (fingerprint) {
 				display_fingerprint(keys);
 			}
 			if (verbose) {
-				list_sigs(curuid->sigs, html);
+				list_sigs(dbctx, curuid->sigs, html);
 			}
 			curuid = curuid->next;
 		} else {
 			printf("%s\n", 
-				(keys->revocations == NULL) ? "" :
-					"*** REVOKED ***");
+				(keys->revoked) ? "*** REVOKED ***": "");
 			if (fingerprint) {
 				display_fingerprint(keys);
 			}
 		}
 
-		list_uids(keyid, curuid, verbose, html);
+		list_uids(dbctx, keyid, curuid, verbose, html);
 		if (verbose) {
-			list_subkeys(keys->subkeys, verbose, html);
+			list_subkeys(dbctx, keys->subkeys, verbose, html);
 		}
 
 		keys = keys->next;
@@ -315,8 +469,9 @@ int mrkey_index(struct openpgp_publickey *keys)
 	int					 type = 0;
 	int					 length = 0;
 	int					 i = 0;
-	size_t					 fplength = 0;
-	unsigned char				 fp[20];
+	int					 c;
+	uint64_t				 keyid;
+	struct openpgp_fingerprint fingerprint;
 
 	while (keys != NULL) {
 		created_time = (keys->publickey->data[1] << 24) +
@@ -329,40 +484,52 @@ int mrkey_index(struct openpgp_publickey *keys)
 		switch (keys->publickey->data[0]) {
 		case 2:
 		case 3:
-			printf("%016llX", get_keyid(keys));
+			if (get_keyid(keys, &keyid) != ONAK_E_OK) {
+				logthing(LOGTHING_ERROR, "Couldn't get keyid");
+			}
+			printf("%016" PRIX64, keyid);
 			type = keys->publickey->data[7];
-			length = (keys->publickey->data[8] << 8) +
-					keys->publickey->data[9];
 			break;
 		case 4:
-			(void) get_fingerprint(keys->publickey, fp, &fplength);
+		case 5:
+			(void) get_fingerprint(keys->publickey, &fingerprint);
 
-			for (i = 0; i < fplength; i++) {
-				printf("%02X", fp[i]);
+			for (i = 0; i < fingerprint.length; i++) {
+				printf("%02X", fingerprint.fp[i]);
 			}
 
 			type = keys->publickey->data[5];
-			length = (keys->publickey->data[6] << 8) +
-					keys->publickey->data[7];
 			break;
 		default:
-			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+			logthing(LOGTHING_ERROR, "Unknown key version: %d",
 				keys->publickey->data[0]);
 		}
+		length = keylength(keys->publickey);
 
 		printf(":%d:%d:%ld::%s\n",
 			type,
 			length,
 			created_time,
-			(keys->revocations == NULL) ? "" : "r");
+			(keys->revoked) ? "r" : "");
 	
 		for (curuid = keys->uids; curuid != NULL;
 			 curuid = curuid->next) {
 		
-			if (curuid->packet->tag == 13) {
-				printf("uid:%.*s\n",
-					(int) curuid->packet->length,
-					curuid->packet->data);
+			if (curuid->packet->tag == OPENPGP_PACKET_UID) {
+				printf("uid:");
+				for (i = 0; i < (int) curuid->packet->length;
+						i++) {
+					c = curuid->packet->data[i];
+					if (c == '%') {
+						putchar('%');
+						putchar(c);
+					} else if (c == ':' || c > 127) {
+						printf("%%%X", c);
+					} else {
+						putchar(c);
+					}
+				}
+				printf("\n");
 			}
 		}
 		keys = keys->next;