/*
* keyindex.c - Routines to list an OpenPGP key.
*
- * Jonathan McDowell <noodles@earth.li>
+ * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
*
- * Copyright 2002 Project Purple
+ * This program is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 51
+ * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
-#include <assert.h>
+#include <inttypes.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include "decodekey.h"
#include "getcgi.h"
#include "hash.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
#include "keystructs.h"
-#include "ll.h"
-#include "stats.h"
-
-int parse_subpackets(unsigned char *data, bool html)
-{
- int offset = 0;
- int length = 0;
- int packetlen = 0;
- char *uid;
-
- assert(data != NULL);
-
- length = (data[0] << 8) + data[1] + 2;
-
- offset = 2;
- while (offset < length) {
- packetlen = data[offset++];
- if (packetlen > 191 && packetlen < 255) {
- packetlen = ((packetlen - 192) << 8) +
- data[offset++] + 192;
- } else if (packetlen == 255) {
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- }
- switch (data[offset]) {
- case 2:
- /*
- * Signature creation time. Might want to output this?
- */
- break;
- case 16:
- uid = keyid2uid((data[offset+packetlen - 4] << 24) +
- (data[offset+packetlen - 3] << 16) +
- (data[offset+packetlen - 2] << 8) +
- data[offset+packetlen - 1]);
- if (html && uid != NULL) {
- printf("sig <a href=\"lookup?op=get&"
- "search=%02X%02X%02X%02X\">"
- "%02X%02X%02X%02X</a> "
- "<a href=\"lookup?op=vindex&"
- "search=0x%02X%02X%02X%02X\">"
- "%s</a>\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
-
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- txt2html(uid));
- } else if (html && uid == NULL) {
- printf("sig "
- "%02X%02X%02X%02X "
- "[User id not found]\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1]);
- } else {
- printf("sig %02X%02X%02X%02X"
- " %s\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- (uid != NULL) ? uid :
- "[User id not found]");
- }
- break;
- default:
- /*
- * We don't care about unrecognized packets unless bit
- * 7 is set in which case we prefer an error than
- * ignoring it.
- */
- assert(!(data[offset] & 0x80));
- }
- offset += packetlen;
- }
-
- return length;
-}
+#include "log.h"
+#include "onak-conf.h"
+#include "openpgp.h"
int list_sigs(struct openpgp_packet_list *sigs, bool html)
{
- int length = 0;
- char *uid;
+ char *uid = NULL;
+ uint64_t sigid = 0;
+ char *sig = NULL;
while (sigs != NULL) {
- switch (sigs->packet->data[0]) {
- case 2:
- case 3:
- uid = keyid2uid((sigs->packet->data[11] << 24) +
- (sigs->packet->data[12] << 16) +
- (sigs->packet->data[13] << 8) +
- sigs->packet->data[14]);
- if (html && uid != NULL) {
- printf("sig <a href=\"lookup?op=get&"
- "search=%02X%02X%02X%02X\">"
- "%02X%02X%02X%02X</a> "
- "<a href=\"lookup?op=vindex&"
- "search=0x%02X%02X%02X%02X\">"
- "%s</a>\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
-
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- txt2html(uid));
- } else if (html && uid == NULL) {
- printf("sig %02X%02X%02X%02X"
- " "
- "[User id not found]\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14]);
- } else {
- printf("sig %02X%02X%02X%02X"
- " %s\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- (uid != NULL) ? uid :
- "[User id not found]");
- }
- break;
- case 4:
- length = parse_subpackets(&sigs->packet->data[4], html);
- parse_subpackets(&sigs->packet->data[length + 4], html);
- break;
- default:
- printf("sig [Unknown packet version %d]",
- sigs->packet->data[0]);
+ sigid = sig_keyid(sigs->packet);
+ uid = config.dbbackend->keyid2uid(sigid);
+ if (sigs->packet->data[0] == 4 &&
+ sigs->packet->data[1] == 0x30) {
+ /* It's a Type 4 sig revocation */
+ sig = "rev";
+ } else {
+ sig = "sig";
+ }
+ if (html && uid != NULL) {
+ printf("%s <a href=\"lookup?op=get&"
+ "search=0x%016" PRIX64 "\">%08" PRIX64
+ "</a> "
+ "<a href=\"lookup?op=vindex&search=0x%016"
+ PRIX64 "\">%s</a>\n",
+ sig,
+ sigid,
+ sigid & 0xFFFFFFFF,
+ sigid,
+ txt2html(uid));
+ } else if (html && uid == NULL) {
+ printf("%s %08" PRIX64 " "
+ "[User id not found]\n",
+ sig,
+ sigid & 0xFFFFFFFF);
+ } else {
+ printf("%s %08" PRIX64
+ " %s\n",
+ sig,
+ sigid & 0xFFFFFFFF,
+ (uid != NULL) ? uid :
+ "[User id not found]");
+ }
+ if (uid != NULL) {
+ free(uid);
+ uid = NULL;
}
sigs = sigs->next;
}
return 0;
}
-int list_uids(struct openpgp_signedpacket_list *uids, bool verbose, bool html)
+int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
+ bool verbose, bool html)
{
char buf[1024];
+ int imgindx = 0;
while (uids != NULL) {
- if (uids->packet->tag == 13) {
+ if (uids->packet->tag == OPENPGP_PACKET_UID) {
snprintf(buf, 1023, "%.*s",
(int) uids->packet->length,
uids->packet->data);
- printf("uid %s\n",
+ printf(" %s\n",
(html) ? txt2html(buf) : buf);
- } else if (uids->packet->tag == 17) {
- printf("uid "
- "[photo id]\n");
+ } else if (uids->packet->tag == OPENPGP_PACKET_UAT) {
+ printf(" ");
+ if (html) {
+ printf("<img src=\"lookup?op=photo&search="
+ "0x%016" PRIX64 "&idx=%d\" alt=\""
+ "[photo id]\">\n",
+ keyid,
+ imgindx);
+ imgindx++;
+ } else {
+ printf("[photo id]\n");
+ }
}
if (verbose) {
list_sigs(uids->sigs, html);
return 0;
}
+int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
+ bool html)
+{
+ struct tm *created = NULL;
+ time_t created_time = 0;
+ int type = 0;
+ int length = 0;
+
+ while (subkeys != NULL) {
+ if (subkeys->packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
+
+ created_time = (subkeys->packet->data[1] << 24) +
+ (subkeys->packet->data[2] << 16) +
+ (subkeys->packet->data[3] << 8) +
+ subkeys->packet->data[4];
+ created = gmtime(&created_time);
+
+ switch (subkeys->packet->data[0]) {
+ case 2:
+ case 3:
+ type = subkeys->packet->data[7];
+ length = (subkeys->packet->data[8] << 8) +
+ subkeys->packet->data[9];
+ break;
+ case 4:
+ type = subkeys->packet->data[5];
+ length = (subkeys->packet->data[6] << 8) +
+ subkeys->packet->data[7];
+ break;
+ default:
+ logthing(LOGTHING_ERROR,
+ "Unknown key type: %d",
+ subkeys->packet->data[0]);
+ }
+
+ printf("sub %5d%c/%08X %04d/%02d/%02d\n",
+ length,
+ (type == OPENPGP_PKALGO_RSA) ? 'R' :
+ ((type == OPENPGP_PKALGO_ELGAMAL) ? 'g' :
+ ((type == OPENPGP_PKALGO_DSA) ? 'D' : '?')),
+ (uint32_t) (get_packetid(subkeys->packet) &
+ 0xFFFFFFFF),
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+
+ }
+ if (verbose) {
+ list_sigs(subkeys->sigs, html);
+ }
+ subkeys = subkeys->next;
+ }
+
+ return 0;
+}
+
+void display_fingerprint(struct openpgp_publickey *key)
+{
+ int i = 0;
+ size_t length = 0;
+ unsigned char fp[20];
+
+ get_fingerprint(key->publickey, fp, &length);
+ printf(" Key fingerprint =");
+ for (i = 0; i < length; i++) {
+ if ((length == 16) ||
+ (i % 2 == 0)) {
+ printf(" ");
+ }
+ if (length == 20 && (i * 2) == length) {
+ /* Extra space in the middle of a SHA1 fingerprint */
+ printf(" ");
+ }
+ printf("%02X", fp[i]);
+ }
+ printf("\n");
+
+ return;
+}
+
+void display_skshash(struct openpgp_publickey *key, bool html)
+{
+ int i = 0;
+ struct skshash hash;
+
+ get_skshash(key, &hash);
+ printf(" Key hash = ");
+ if (html) {
+ printf("<a href=\"lookup?op=hget&search=");
+ for (i = 0; i < sizeof(hash.hash); i++) {
+ printf("%02X", hash.hash[i]);
+ }
+ printf("\">");
+ }
+ for (i = 0; i < sizeof(hash.hash); i++) {
+ printf("%02X", hash.hash[i]);
+ }
+ if (html) {
+ printf("</a>");
+ }
+ printf("\n");
+
+ return;
+}
+
/**
* key_index - List a set of OpenPGP keys.
* @keys: The keys to display.
* of them. Useful for debugging or the keyserver Index function.
*/
int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
- bool html)
+ bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
struct tm *created = NULL;
time_t created_time = 0;
int type = 0;
+ char typech;
int length = 0;
char buf[1024];
+ uint64_t keyid;
if (html) {
puts("<pre>");
}
- puts("Type bits/keyID Date User ID");
+ puts("Type bits/keyID Date User ID");
while (keys != NULL) {
created_time = (keys->publickey->data[1] << 24) +
(keys->publickey->data[2] << 16) +
keys->publickey->data[7];
break;
default:
- fprintf(stderr, "Unknown key type: %d\n",
+ logthing(LOGTHING_ERROR, "Unknown key type: %d",
keys->publickey->data[0]);
}
- printf("pub %4d%c/%08X %04d/%02d/%02d ",
- length,
- (type == 1) ? 'R' : ((type == 17) ? 'D' : '?'),
- (uint32_t) (get_keyid(keys) & 0xFFFFFFFF),
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid = get_keyid(keys);
+
+ switch (type) {
+ case OPENPGP_PKALGO_RSA:
+ typech = 'R';
+ break;
+ case OPENPGP_PKALGO_ELGAMAL:
+ typech = 'g';
+ break;
+ case OPENPGP_PKALGO_DSA:
+ typech = 'D';
+ break;
+ case OPENPGP_PKALGO_ELGAMAL_SIGN:
+ typech = 'G';
+ break;
+ default:
+ typech = '?';
+ break;
+ }
+
+ if (html) {
+ printf("pub %5d%c/<a href=\"lookup?op=get&"
+ "search=0x%016" PRIX64 "\">%08" PRIX64
+ "</a> %04d/%02d/%02d ",
+ length,
+ typech,
+ keyid,
+ keyid & 0xFFFFFFFF,
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+ } else {
+ printf("pub %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+ length,
+ typech,
+ keyid & 0xFFFFFFFF,
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+ }
curuid = keys->uids;
- if (curuid != NULL && curuid->packet->tag == 13) {
+ if (curuid != NULL &&
+ curuid->packet->tag == OPENPGP_PACKET_UID) {
snprintf(buf, 1023, "%.*s",
(int) curuid->packet->length,
curuid->packet->data);
- printf("%s\n", (html) ? txt2html(buf) : buf);
+ if (html) {
+ printf("<a href=\"lookup?op=vindex&"
+ "search=0x%016" PRIX64 "\">",
+ keyid);
+ }
+ printf("%s%s%s\n",
+ (html) ? txt2html(buf) : buf,
+ (html) ? "</a>" : "",
+ (keys->revoked) ? " *** REVOKED ***" : "");
+ if (skshash) {
+ display_skshash(keys, html);
+ }
+ if (fingerprint) {
+ display_fingerprint(keys);
+ }
if (verbose) {
-
list_sigs(curuid->sigs, html);
}
curuid = curuid->next;
} else {
- putchar('\n');
+ printf("%s\n",
+ (keys->revoked) ? "*** REVOKED ***": "");
+ if (fingerprint) {
+ display_fingerprint(keys);
+ }
}
- list_uids(curuid, verbose, html);
-
- //TODO: List subkeys.
+ list_uids(keyid, curuid, verbose, html);
+ if (verbose) {
+ list_subkeys(keys->subkeys, verbose, html);
+ }
keys = keys->next;
}
return 0;
}
-
-int get_subpackets_keyid(unsigned char *data, uint64_t *keyid)
-{
- int offset = 0;
- int length = 0;
- int packetlen = 0;
-
- assert(data != NULL);
-
- length = (data[0] << 8) + data[1] + 2;
-
- offset = 2;
- while (offset < length) {
- packetlen = data[offset++];
- if (packetlen > 191 && packetlen < 255) {
- packetlen = ((packetlen - 192) << 8) +
- data[offset++] + 192;
- } else if (packetlen == 255) {
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- }
- switch (data[offset]) {
- case 2:
- /*
- * Signature creation time. Might want to output this?
- */
- break;
- case 16:
- *keyid = (data[offset+packetlen - 4] << 24) +
- (data[offset+packetlen - 3] << 16) +
- (data[offset+packetlen - 2] << 8) +
- data[offset+packetlen - 1];
- *keyid &= 0xFFFFFFFF;
- break;
- default:
- /*
- * We don't care about unrecognized packets unless bit
- * 7 is set in which case we prefer an error than
- * ignoring it.
- */
- assert(!(data[offset] & 0x80));
- }
- offset += packetlen;
- }
-
- return length;
-}
-
-
/**
- * keysigs - Return the sigs on a given OpenPGP signature list.
- * @curll: The current linked list. Can be NULL to create a new list.
- * @sigs: The signature list we want the sigs on.
+ * mrkey_index - List a set of OpenPGP keys in the MRHKP format.
+ * @keys: The keys to display.
*
- * Returns a linked list of stats_key elements containing the sigs on the
- * supplied OpenPGP packet list.
+ * This function takes a list of OpenPGP public keys and displays a
+ * machine readable list of them.
*/
-struct ll *keysigs(struct ll *curll,
- struct openpgp_packet_list *sigs)
+int mrkey_index(struct openpgp_publickey *keys)
{
- int length = 0;
- uint64_t keyid = 0;
-
- while (sigs != NULL) {
- keyid = 0;
- switch (sigs->packet->data[0]) {
+ struct openpgp_signedpacket_list *curuid = NULL;
+ time_t created_time = 0;
+ int type = 0;
+ int length = 0;
+ int i = 0;
+ size_t fplength = 0;
+ unsigned char fp[20];
+ int c;
+
+ while (keys != NULL) {
+ created_time = (keys->publickey->data[1] << 24) +
+ (keys->publickey->data[2] << 16) +
+ (keys->publickey->data[3] << 8) +
+ keys->publickey->data[4];
+
+ printf("pub:");
+
+ switch (keys->publickey->data[0]) {
case 2:
case 3:
- keyid = sigs->packet->data[11] << 24;
- keyid += (sigs->packet->data[12] << 16);
- keyid += (sigs->packet->data[13] << 8);
- keyid += sigs->packet->data[14];
- keyid &= 0xFFFFFFFF;
+ printf("%016" PRIX64, get_keyid(keys));
+ type = keys->publickey->data[7];
+ length = (keys->publickey->data[8] << 8) +
+ keys->publickey->data[9];
break;
case 4:
- length = get_subpackets_keyid(&sigs->packet->data[4],
- &keyid);
- get_subpackets_keyid(&sigs->packet->data[length + 4],
- &keyid);
- /*
- * Don't bother to look at the unsigned packets.
- */
+ (void) get_fingerprint(keys->publickey, fp, &fplength);
+
+ for (i = 0; i < fplength; i++) {
+ printf("%02X", fp[i]);
+ }
+
+ type = keys->publickey->data[5];
+ length = (keys->publickey->data[6] << 8) +
+ keys->publickey->data[7];
break;
default:
- break;
+ logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ keys->publickey->data[0]);
}
- sigs = sigs->next;
- curll = lladd(curll, createandaddtohash(keyid));
- }
- return curll;
+ printf(":%d:%d:%ld::%s\n",
+ type,
+ length,
+ created_time,
+ (keys->revoked) ? "r" : "");
+
+ for (curuid = keys->uids; curuid != NULL;
+ curuid = curuid->next) {
+
+ if (curuid->packet->tag == OPENPGP_PACKET_UID) {
+ printf("uid:");
+ for (i = 0; i < (int) curuid->packet->length;
+ i++) {
+ c = curuid->packet->data[i];
+ if (c == '%') {
+ putchar('%');
+ putchar(c);
+ } else if (c == ':' || c > 127) {
+ printf("%%%X", c);
+ } else {
+ putchar(c);
+ }
+ }
+ printf("\n");
+ }
+ }
+ keys = keys->next;
+ }
+ return 0;
}