/*
* keyindex.c - Routines to list an OpenPGP key.
*
- * Jonathan McDowell <noodles@earth.li>
- *
- * Copyright 2002 Project Purple
+ * Copyright 2002-2008 Jonathan McDowell <noodles@earth.li>
*/
-#include <assert.h>
+#include <inttypes.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include "decodekey.h"
#include "getcgi.h"
#include "hash.h"
#include "keydb.h"
#include "keyid.h"
#include "keyindex.h"
#include "keystructs.h"
-#include "ll.h"
-#include "stats.h"
-
-int parse_subpackets(unsigned char *data, bool html)
-{
- int offset = 0;
- int length = 0;
- int packetlen = 0;
- char *uid;
-
- assert(data != NULL);
-
- length = (data[0] << 8) + data[1] + 2;
-
- offset = 2;
- while (offset < length) {
- packetlen = data[offset++];
- if (packetlen > 191 && packetlen < 255) {
- packetlen = ((packetlen - 192) << 8) +
- data[offset++] + 192;
- } else if (packetlen == 255) {
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- }
- switch (data[offset]) {
- case 2:
- /*
- * Signature creation time. Might want to output this?
- */
- break;
- case 16:
- uid = keyid2uid(
- ((uint64_t) data[offset+packetlen - 8] << 56) +
- ((uint64_t) data[offset+packetlen - 7] << 48) +
- ((uint64_t) data[offset+packetlen - 6] << 40) +
- ((uint64_t) data[offset+packetlen - 5] << 32) +
- ((uint64_t) data[offset+packetlen - 4] << 24) +
- ((uint64_t) data[offset+packetlen - 3] << 16) +
- ((uint64_t) data[offset+packetlen - 2] << 8) +
- data[offset+packetlen - 1]);
- if (html && uid != NULL) {
- printf("sig <a href=\"lookup?op=get&"
- "search=%02X%02X%02X%02X\">"
- "%02X%02X%02X%02X</a> "
- "<a href=\"lookup?op=vindex&"
- "search=0x%02X%02X%02X%02X\">"
- "%s</a>\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
-
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- txt2html(uid));
- } else if (html && uid == NULL) {
- printf("sig "
- "%02X%02X%02X%02X "
- "[User id not found]\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1]);
- } else {
- printf("sig %02X%02X%02X%02X"
- " %s\n",
- data[offset+packetlen - 4],
- data[offset+packetlen - 3],
- data[offset+packetlen - 2],
- data[offset+packetlen - 1],
- (uid != NULL) ? uid :
- "[User id not found]");
- }
- break;
- default:
- /*
- * We don't care about unrecognized packets unless bit
- * 7 is set in which case we prefer an error than
- * ignoring it.
- */
- assert(!(data[offset] & 0x80));
- }
- offset += packetlen;
- }
-
- return length;
-}
+#include "log.h"
+#include "onak-conf.h"
int list_sigs(struct openpgp_packet_list *sigs, bool html)
{
- int length = 0;
- char *uid;
+ char *uid = NULL;
+ uint64_t sigid = 0;
+ char *sig = NULL;
while (sigs != NULL) {
- switch (sigs->packet->data[0]) {
- case 2:
- case 3:
- uid = keyid2uid(
- ((uint64_t) sigs->packet->data[7] << 56) +
- ((uint64_t) sigs->packet->data[8] << 48) +
- ((uint64_t) sigs->packet->data[9] << 40) +
- ((uint64_t) sigs->packet->data[10] << 32) +
- ((uint64_t) sigs->packet->data[11] << 24) +
- ((uint64_t) sigs->packet->data[12] << 16) +
- ((uint64_t) sigs->packet->data[13] << 8) +
- sigs->packet->data[14]);
- if (html && uid != NULL) {
- printf("sig <a href=\"lookup?op=get&"
- "search=%02X%02X%02X%02X\">"
- "%02X%02X%02X%02X</a> "
- "<a href=\"lookup?op=vindex&"
- "search=0x%02X%02X%02X%02X\">"
- "%s</a>\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
-
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- txt2html(uid));
- } else if (html && uid == NULL) {
- printf("sig %02X%02X%02X%02X"
- " "
- "[User id not found]\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14]);
- } else {
- printf("sig %02X%02X%02X%02X"
- " %s\n",
- sigs->packet->data[11],
- sigs->packet->data[12],
- sigs->packet->data[13],
- sigs->packet->data[14],
- (uid != NULL) ? uid :
- "[User id not found]");
- }
- break;
- case 4:
- length = parse_subpackets(&sigs->packet->data[4], html);
- parse_subpackets(&sigs->packet->data[length + 4], html);
- break;
- default:
- printf("sig [Unknown packet version %d]",
- sigs->packet->data[0]);
+ sigid = sig_keyid(sigs->packet);
+ uid = config.dbbackend->keyid2uid(sigid);
+ if (sigs->packet->data[0] == 4 &&
+ sigs->packet->data[1] == 0x30) {
+ /* It's a Type 4 sig revocation */
+ sig = "rev";
+ } else {
+ sig = "sig";
+ }
+ if (html && uid != NULL) {
+ printf("%s <a href=\"lookup?op=get&"
+ "search=%016" PRIX64 "\">%08" PRIX64
+ "</a> "
+ "<a href=\"lookup?op=vindex&search=0x%016"
+ PRIX64 "\">%s</a>\n",
+ sig,
+ sigid,
+ sigid & 0xFFFFFFFF,
+ sigid,
+ txt2html(uid));
+ } else if (html && uid == NULL) {
+ printf("%s %08" PRIX64 " "
+ "[User id not found]\n",
+ sig,
+ sigid & 0xFFFFFFFF);
+ } else {
+ printf("%s %08" PRIX64
+ " %s\n",
+ sig,
+ sigid & 0xFFFFFFFF,
+ (uid != NULL) ? uid :
+ "[User id not found]");
+ }
+ if (uid != NULL) {
+ free(uid);
+ uid = NULL;
}
sigs = sigs->next;
}
return 0;
}
-int list_uids(struct openpgp_signedpacket_list *uids, bool verbose, bool html)
+int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids,
+ bool verbose, bool html)
{
char buf[1024];
+ int imgindx = 0;
while (uids != NULL) {
if (uids->packet->tag == 13) {
snprintf(buf, 1023, "%.*s",
(int) uids->packet->length,
uids->packet->data);
- printf("uid %s\n",
+ printf(" %s\n",
(html) ? txt2html(buf) : buf);
} else if (uids->packet->tag == 17) {
- printf("uid "
- "[photo id]\n");
+ printf(" ");
+ if (html) {
+ printf("<img src=\"lookup?op=photo&search="
+ "0x%016" PRIX64 "&idx=%d\" alt=\""
+ "[photo id]\">\n",
+ keyid,
+ imgindx);
+ imgindx++;
+ } else {
+ printf("[photo id]\n");
+ }
}
if (verbose) {
list_sigs(uids->sigs, html);
return 0;
}
+int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose,
+ bool html)
+{
+ struct tm *created = NULL;
+ time_t created_time = 0;
+ int type = 0;
+ int length = 0;
+
+ while (subkeys != NULL) {
+ if (subkeys->packet->tag == 14) {
+
+ created_time = (subkeys->packet->data[1] << 24) +
+ (subkeys->packet->data[2] << 16) +
+ (subkeys->packet->data[3] << 8) +
+ subkeys->packet->data[4];
+ created = gmtime(&created_time);
+
+ switch (subkeys->packet->data[0]) {
+ case 2:
+ case 3:
+ type = subkeys->packet->data[7];
+ length = (subkeys->packet->data[8] << 8) +
+ subkeys->packet->data[9];
+ break;
+ case 4:
+ type = subkeys->packet->data[5];
+ length = (subkeys->packet->data[6] << 8) +
+ subkeys->packet->data[7];
+ break;
+ default:
+ logthing(LOGTHING_ERROR,
+ "Unknown key type: %d",
+ subkeys->packet->data[0]);
+ }
+
+ printf("sub %5d%c/%08X %04d/%02d/%02d\n",
+ length,
+ (type == 1) ? 'R' : ((type == 16) ? 'g' :
+ ((type == 17) ? 'D' : '?')),
+ (uint32_t) (get_packetid(subkeys->packet) &
+ 0xFFFFFFFF),
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+
+ }
+ if (verbose) {
+ list_sigs(subkeys->sigs, html);
+ }
+ subkeys = subkeys->next;
+ }
+
+ return 0;
+}
+
+void display_fingerprint(struct openpgp_publickey *key)
+{
+ int i = 0;
+ size_t length = 0;
+ unsigned char fp[20];
+
+ get_fingerprint(key->publickey, fp, &length);
+ printf(" Key fingerprint =");
+ for (i = 0; i < length; i++) {
+ if ((length == 16) ||
+ (i % 2 == 0)) {
+ printf(" ");
+ }
+ printf("%02X", fp[i]);
+ if ((i * 2) == length) {
+ printf(" ");
+ }
+ }
+ printf("\n");
+
+ return;
+}
+
+void display_skshash(struct openpgp_publickey *key, bool html)
+{
+ int i = 0;
+ struct skshash hash;
+
+ get_skshash(key, &hash);
+ printf(" Key hash = ");
+ if (html) {
+ printf("<a href=\"lookup?op=hget&search=");
+ for (i = 0; i < sizeof(hash.hash); i++) {
+ printf("%02X", hash.hash[i]);
+ }
+ printf("\">");
+ }
+ for (i = 0; i < sizeof(hash.hash); i++) {
+ printf("%02X", hash.hash[i]);
+ }
+ if (html) {
+ printf("</a>");
+ }
+ printf("\n");
+
+ return;
+}
+
/**
* key_index - List a set of OpenPGP keys.
* @keys: The keys to display.
* of them. Useful for debugging or the keyserver Index function.
*/
int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
- bool html)
+ bool skshash, bool html)
{
struct openpgp_signedpacket_list *curuid = NULL;
struct tm *created = NULL;
time_t created_time = 0;
int type = 0;
+ char typech;
int length = 0;
char buf[1024];
+ uint64_t keyid;
if (html) {
puts("<pre>");
keys->publickey->data[7];
break;
default:
- fprintf(stderr, "Unknown key type: %d\n",
+ logthing(LOGTHING_ERROR, "Unknown key type: %d",
keys->publickey->data[0]);
}
- printf("pub %5d%c/%08X %04d/%02d/%02d ",
- length,
- (type == 1) ? 'R' : ((type == 17) ? 'D' : '?'),
- (uint32_t) (get_keyid(keys) & 0xFFFFFFFF),
- created->tm_year + 1900,
- created->tm_mon + 1,
- created->tm_mday);
+ keyid = get_keyid(keys);
+
+ switch (type) {
+ case 1:
+ typech = 'R';
+ break;
+ case 16:
+ typech = 'g';
+ break;
+ case 17:
+ typech = 'D';
+ break;
+ case 20:
+ typech = 'G';
+ break;
+ default:
+ typech = '?';
+ break;
+ }
+
+ if (html) {
+ printf("pub %5d%c/<a href=\"lookup?op=get&"
+ "search=%016" PRIX64 "\">%08" PRIX64
+ "</a> %04d/%02d/%02d ",
+ length,
+ typech,
+ keyid,
+ keyid & 0xFFFFFFFF,
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+ } else {
+ printf("pub %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+ length,
+ typech,
+ keyid & 0xFFFFFFFF,
+ created->tm_year + 1900,
+ created->tm_mon + 1,
+ created->tm_mday);
+ }
curuid = keys->uids;
if (curuid != NULL && curuid->packet->tag == 13) {
snprintf(buf, 1023, "%.*s",
(int) curuid->packet->length,
curuid->packet->data);
- printf("%s\n", (html) ? txt2html(buf) : buf);
+ if (html) {
+ printf("<a href=\"lookup?op=vindex&"
+ "search=0x%016" PRIX64 "\">",
+ keyid);
+ }
+ printf("%s%s%s\n",
+ (html) ? txt2html(buf) : buf,
+ (html) ? "</a>" : "",
+ (keys->revoked) ? " *** REVOKED ***" : "");
+ if (skshash) {
+ display_skshash(keys, html);
+ }
+ if (fingerprint) {
+ display_fingerprint(keys);
+ }
if (verbose) {
list_sigs(curuid->sigs, html);
}
curuid = curuid->next;
} else {
- putchar('\n');
+ printf("%s\n",
+ (keys->revoked) ? "*** REVOKED ***": "");
+ if (fingerprint) {
+ display_fingerprint(keys);
+ }
}
- list_uids(curuid, verbose, html);
-
- //TODO: List subkeys.
+ list_uids(keyid, curuid, verbose, html);
+ if (verbose) {
+ list_subkeys(keys->subkeys, verbose, html);
+ }
keys = keys->next;
}
return 0;
}
-
-int get_subpackets_keyid(unsigned char *data, uint64_t *keyid)
-{
- int offset = 0;
- int length = 0;
- int packetlen = 0;
-
- assert(data != NULL);
-
- length = (data[0] << 8) + data[1] + 2;
-
- offset = 2;
- while (offset < length) {
- packetlen = data[offset++];
- if (packetlen > 191 && packetlen < 255) {
- packetlen = ((packetlen - 192) << 8) +
- data[offset++] + 192;
- } else if (packetlen == 255) {
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- packetlen <<= 8;
- packetlen = data[offset++];
- }
- switch (data[offset]) {
- case 2:
- /*
- * Signature creation time. Might want to output this?
- */
- break;
- case 0x83:
- /*
- * Signature expiration time. Might want to output this?
- */
- break;
- case 16:
- *keyid = data[offset+packetlen - 8];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 7];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 6];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 5];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 4];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 3];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 2];
- *keyid <<= 8;
- *keyid += data[offset+packetlen - 1];
- break;
- default:
- /*
- * We don't care about unrecognized packets unless bit
- * 7 is set in which case we prefer an error than
- * ignoring it.
- */
- assert(!(data[offset] & 0x80));
- }
- offset += packetlen;
- }
-
- return length;
-}
-
-
/**
- * keysigs - Return the sigs on a given OpenPGP signature list.
- * @curll: The current linked list. Can be NULL to create a new list.
- * @sigs: The signature list we want the sigs on.
+ * mrkey_index - List a set of OpenPGP keys in the MRHKP format.
+ * @keys: The keys to display.
*
- * Returns a linked list of stats_key elements containing the sigs on the
- * supplied OpenPGP packet list.
+ * This function takes a list of OpenPGP public keys and displays a
+ * machine readable list of them.
*/
-struct ll *keysigs(struct ll *curll,
- struct openpgp_packet_list *sigs)
+int mrkey_index(struct openpgp_publickey *keys)
{
- int length = 0;
- uint64_t keyid = 0;
-
- while (sigs != NULL) {
- keyid = 0;
- switch (sigs->packet->data[0]) {
+ struct openpgp_signedpacket_list *curuid = NULL;
+ time_t created_time = 0;
+ int type = 0;
+ int length = 0;
+ int i = 0;
+ size_t fplength = 0;
+ unsigned char fp[20];
+ int c;
+
+ while (keys != NULL) {
+ created_time = (keys->publickey->data[1] << 24) +
+ (keys->publickey->data[2] << 16) +
+ (keys->publickey->data[3] << 8) +
+ keys->publickey->data[4];
+
+ printf("pub:");
+
+ switch (keys->publickey->data[0]) {
case 2:
case 3:
- keyid = sigs->packet->data[7];
- keyid <<= 8;
- keyid += sigs->packet->data[8];
- keyid <<= 8;
- keyid += sigs->packet->data[9];
- keyid <<= 8;
- keyid += sigs->packet->data[10];
- keyid <<= 8;
- keyid += sigs->packet->data[11];
- keyid <<= 8;
- keyid += sigs->packet->data[12];
- keyid <<= 8;
- keyid += sigs->packet->data[13];
- keyid <<= 8;
- keyid += sigs->packet->data[14];
+ printf("%016" PRIX64, get_keyid(keys));
+ type = keys->publickey->data[7];
+ length = (keys->publickey->data[8] << 8) +
+ keys->publickey->data[9];
break;
case 4:
- length = get_subpackets_keyid(&sigs->packet->data[4],
- &keyid);
- get_subpackets_keyid(&sigs->packet->data[length + 4],
- &keyid);
- /*
- * Don't bother to look at the unsigned packets.
- */
+ (void) get_fingerprint(keys->publickey, fp, &fplength);
+
+ for (i = 0; i < fplength; i++) {
+ printf("%02X", fp[i]);
+ }
+
+ type = keys->publickey->data[5];
+ length = (keys->publickey->data[6] << 8) +
+ keys->publickey->data[7];
break;
default:
- break;
+ logthing(LOGTHING_ERROR, "Unknown key type: %d",
+ keys->publickey->data[0]);
}
- sigs = sigs->next;
- curll = lladd(curll, createandaddtohash(keyid));
- }
-
- return curll;
-}
-
-/*
- * TODO: Abstract out; all our linked lists should be generic and then we can
- * llsize them.
- */
-int spsize(struct openpgp_signedpacket_list *list)
-{
- int size = 0;
- struct openpgp_signedpacket_list *cur;
-
- for (cur = list; cur != NULL; cur = cur->next, size++) ;
-
- return size;
-}
-
-/**
- * keyuids - Takes a key and returns an array of its UIDs
- * @key: The key to get the uids of.
- * @primary: A pointer to store the primary UID in.
- *
- * keyuids takes a public key structure and builds an array of the UIDs
- * on the key. It also attempts to work out the primary UID and returns a
- * separate pointer to that particular element of the array.
- */
-char **keyuids(struct openpgp_publickey *key, char **primary)
-{
- struct openpgp_signedpacket_list *curuid = NULL;
- char buf[1024];
- char **uids = NULL;
- int count = 0;
- if (key != NULL && key->uids != NULL) {
- uids = malloc((spsize(key->uids) + 1) * sizeof (char *));
+ printf(":%d:%d:%ld::%s\n",
+ type,
+ length,
+ created_time,
+ (keys->revoked) ? "r" : "");
- curuid = key->uids;
- while (curuid != NULL) {
- buf[0] = 0;
+ for (curuid = keys->uids; curuid != NULL;
+ curuid = curuid->next) {
+
if (curuid->packet->tag == 13) {
- snprintf(buf, 1023, "%.*s",
- (int) curuid->packet->length,
- curuid->packet->data);
- uids[count++] = strdup(buf);
+ printf("uid:");
+ for (i = 0; i < (int) curuid->packet->length;
+ i++) {
+ c = curuid->packet->data[i];
+ if (c == '%') {
+ putchar('%');
+ putchar(c);
+ } else if (c == ':' || c > 127) {
+ printf("%%%X", c);
+ } else {
+ putchar(c);
+ }
+ }
+ printf("\n");
}
- curuid = curuid -> next;
}
- uids[count] = NULL;
- }
- /*
- * TODO: Parse subpackets for real primary ID (v4 keys)
- */
- if (primary != NULL) {
- *primary = uids[0];
+ keys = keys->next;
}
-
- return uids;
+ return 0;
}
projects / onak.git / blobdiff