X-Git-Url: https://git.sommitrealweird.co.uk/onak.git/blobdiff_plain/4b8483ae278577a3adc8d84da81d77019704466f..94ffe75fd3251c74320167cf94604e73fdb99dfc:/keyindex.c diff --git a/keyindex.c b/keyindex.c index 2c4e24c..46e778c 100644 --- a/keyindex.c +++ b/keyindex.c @@ -1,178 +1,84 @@ /* * keyindex.c - Routines to list an OpenPGP key. * - * Jonathan McDowell + * Copyright 2002-2008 Jonathan McDowell * - * Copyright 2002 Project Purple + * This program is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; version 2 of the License. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 51 + * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ -#include +#include #include #include #include #include #include +#include "decodekey.h" #include "getcgi.h" #include "hash.h" #include "keydb.h" #include "keyid.h" #include "keyindex.h" #include "keystructs.h" -#include "ll.h" -#include "stats.h" - -int parse_subpackets(unsigned char *data, bool html) -{ - int offset = 0; - int length = 0; - int packetlen = 0; - char *uid; - - assert(data != NULL); - - length = (data[0] << 8) + data[1] + 2; - - offset = 2; - while (offset < length) { - packetlen = data[offset++]; - if (packetlen > 191 && packetlen < 255) { - packetlen = ((packetlen - 192) << 8) + - data[offset++] + 192; - } else if (packetlen == 255) { - packetlen = data[offset++]; - packetlen <<= 8; - packetlen = data[offset++]; - packetlen <<= 8; - packetlen = data[offset++]; - packetlen <<= 8; - packetlen = data[offset++]; - } - switch (data[offset]) { - case 2: - /* - * Signature creation time. Might want to output this? - */ - break; - case 16: - uid = keyid2uid((data[offset+packetlen - 4] << 24) + - (data[offset+packetlen - 3] << 16) + - (data[offset+packetlen - 2] << 8) + - data[offset+packetlen - 1]); - if (html && uid != NULL) { - printf("sig " - "%02X%02X%02X%02X " - "" - "%s\n", - data[offset+packetlen - 4], - data[offset+packetlen - 3], - data[offset+packetlen - 2], - data[offset+packetlen - 1], - data[offset+packetlen - 4], - data[offset+packetlen - 3], - data[offset+packetlen - 2], - data[offset+packetlen - 1], - - data[offset+packetlen - 4], - data[offset+packetlen - 3], - data[offset+packetlen - 2], - data[offset+packetlen - 1], - txt2html(uid)); - } else if (html && uid == NULL) { - printf("sig " - "%02X%02X%02X%02X " - "[User id not found]\n", - data[offset+packetlen - 4], - data[offset+packetlen - 3], - data[offset+packetlen - 2], - data[offset+packetlen - 1]); - } else { - printf("sig %02X%02X%02X%02X" - " %s\n", - data[offset+packetlen - 4], - data[offset+packetlen - 3], - data[offset+packetlen - 2], - data[offset+packetlen - 1], - (uid != NULL) ? uid : - "[User id not found]"); - } - break; - default: - /* - * We don't care about unrecognized packets unless bit - * 7 is set in which case we prefer an error than - * ignoring it. - */ - assert(!(data[offset] & 0x80)); - } - offset += packetlen; - } - - return length; -} +#include "log.h" +#include "onak.h" +#include "onak-conf.h" +#include "openpgp.h" int list_sigs(struct openpgp_packet_list *sigs, bool html) { - int length = 0; - char *uid; + char *uid = NULL; + uint64_t sigid = 0; + char *sig = NULL; while (sigs != NULL) { - switch (sigs->packet->data[0]) { - case 2: - case 3: - uid = keyid2uid((sigs->packet->data[11] << 24) + - (sigs->packet->data[12] << 16) + - (sigs->packet->data[13] << 8) + - sigs->packet->data[14]); - if (html && uid != NULL) { - printf("sig " - "%02X%02X%02X%02X " - "" - "%s\n", - sigs->packet->data[11], - sigs->packet->data[12], - sigs->packet->data[13], - sigs->packet->data[14], - sigs->packet->data[11], - sigs->packet->data[12], - sigs->packet->data[13], - sigs->packet->data[14], - - sigs->packet->data[11], - sigs->packet->data[12], - sigs->packet->data[13], - sigs->packet->data[14], - txt2html(uid)); - } else if (html && uid == NULL) { - printf("sig %02X%02X%02X%02X" - " " - "[User id not found]\n", - sigs->packet->data[11], - sigs->packet->data[12], - sigs->packet->data[13], - sigs->packet->data[14]); - } else { - printf("sig %02X%02X%02X%02X" - " %s\n", - sigs->packet->data[11], - sigs->packet->data[12], - sigs->packet->data[13], - sigs->packet->data[14], - (uid != NULL) ? uid : - "[User id not found]"); - } - break; - case 4: - length = parse_subpackets(&sigs->packet->data[4], html); - parse_subpackets(&sigs->packet->data[length + 4], html); - break; - default: - printf("sig [Unknown packet version %d]", - sigs->packet->data[0]); + sigid = sig_keyid(sigs->packet); + uid = config.dbbackend->keyid2uid(sigid); + if (sigs->packet->data[0] == 4 && + sigs->packet->data[1] == 0x30) { + /* It's a Type 4 sig revocation */ + sig = "rev"; + } else { + sig = "sig"; + } + if (html && uid != NULL) { + printf("%s %08" PRIX64 + " " + "%s\n", + sig, + sigid, + sigid & 0xFFFFFFFF, + sigid, + txt2html(uid)); + } else if (html && uid == NULL) { + printf("%s %08" PRIX64 " " + "[User id not found]\n", + sig, + sigid & 0xFFFFFFFF); + } else { + printf("%s %08" PRIX64 + " %s\n", + sig, + sigid & 0xFFFFFFFF, + (uid != NULL) ? uid : + "[User id not found]"); + } + if (uid != NULL) { + free(uid); + uid = NULL; } sigs = sigs->next; } @@ -180,20 +86,31 @@ int list_sigs(struct openpgp_packet_list *sigs, bool html) return 0; } -int list_uids(struct openpgp_signedpacket_list *uids, bool verbose, bool html) +int list_uids(uint64_t keyid, struct openpgp_signedpacket_list *uids, + bool verbose, bool html) { char buf[1024]; + int imgindx = 0; while (uids != NULL) { - if (uids->packet->tag == 13) { + if (uids->packet->tag == OPENPGP_PACKET_UID) { snprintf(buf, 1023, "%.*s", (int) uids->packet->length, uids->packet->data); - printf("uid %s\n", + printf(" %s\n", (html) ? txt2html(buf) : buf); - } else if (uids->packet->tag == 17) { - printf("uid " - "[photo id]\n"); + } else if (uids->packet->tag == OPENPGP_PACKET_UAT) { + printf(" "); + if (html) { + printf("\""\n", + keyid, + imgindx); + imgindx++; + } else { + printf("[photo id]\n"); + } } if (verbose) { list_sigs(uids->sigs, html); @@ -204,6 +121,115 @@ int list_uids(struct openpgp_signedpacket_list *uids, bool verbose, bool html) return 0; } +int list_subkeys(struct openpgp_signedpacket_list *subkeys, bool verbose, + bool html) +{ + struct tm *created = NULL; + time_t created_time = 0; + int type = 0; + int length = 0; + uint64_t keyid = 0; + + while (subkeys != NULL) { + if (subkeys->packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) { + + created_time = (subkeys->packet->data[1] << 24) + + (subkeys->packet->data[2] << 16) + + (subkeys->packet->data[3] << 8) + + subkeys->packet->data[4]; + created = gmtime(&created_time); + + switch (subkeys->packet->data[0]) { + case 2: + case 3: + type = subkeys->packet->data[7]; + length = (subkeys->packet->data[8] << 8) + + subkeys->packet->data[9]; + break; + case 4: + type = subkeys->packet->data[5]; + length = (subkeys->packet->data[6] << 8) + + subkeys->packet->data[7]; + break; + default: + logthing(LOGTHING_ERROR, + "Unknown key type: %d", + subkeys->packet->data[0]); + } + + if (get_packetid(subkeys->packet, + &keyid) != ONAK_E_OK) { + logthing(LOGTHING_ERROR, "Couldn't get keyid."); + } + printf("sub %5d%c/%08X %04d/%02d/%02d\n", + length, + (type == OPENPGP_PKALGO_RSA) ? 'R' : + ((type == OPENPGP_PKALGO_ELGAMAL_ENC) ? 'g' : + ((type == OPENPGP_PKALGO_DSA) ? 'D' : '?')), + (uint32_t) (keyid & 0xFFFFFFFF), + created->tm_year + 1900, + created->tm_mon + 1, + created->tm_mday); + + } + if (verbose) { + list_sigs(subkeys->sigs, html); + } + subkeys = subkeys->next; + } + + return 0; +} + +void display_fingerprint(struct openpgp_publickey *key) +{ + int i = 0; + size_t length = 0; + unsigned char fp[20]; + + get_fingerprint(key->publickey, fp, &length); + printf(" Key fingerprint ="); + for (i = 0; i < length; i++) { + if ((length == 16) || + (i % 2 == 0)) { + printf(" "); + } + if (length == 20 && (i * 2) == length) { + /* Extra space in the middle of a SHA1 fingerprint */ + printf(" "); + } + printf("%02X", fp[i]); + } + printf("\n"); + + return; +} + +void display_skshash(struct openpgp_publickey *key, bool html) +{ + int i = 0; + struct skshash hash; + + get_skshash(key, &hash); + printf(" Key hash = "); + if (html) { + printf(""); + } + for (i = 0; i < sizeof(hash.hash); i++) { + printf("%02X", hash.hash[i]); + } + if (html) { + printf(""); + } + printf("\n"); + + return; +} + /** * key_index - List a set of OpenPGP keys. * @keys: The keys to display. @@ -215,19 +241,21 @@ int list_uids(struct openpgp_signedpacket_list *uids, bool verbose, bool html) * of them. Useful for debugging or the keyserver Index function. */ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint, - bool html) + bool skshash, bool html) { struct openpgp_signedpacket_list *curuid = NULL; struct tm *created = NULL; time_t created_time = 0; int type = 0; + char typech; int length = 0; char buf[1024]; + uint64_t keyid; if (html) { puts("
");
 	}
-	puts("Type  bits/keyID    Date       User ID");
+	puts("Type   bits/keyID    Date       User ID");
 	while (keys != NULL) {
 		created_time = (keys->publickey->data[1] << 24) +
 					(keys->publickey->data[2] << 16) +
@@ -248,36 +276,90 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
 					keys->publickey->data[7];
 			break;
 		default:
-			fprintf(stderr, "Unknown key type: %d\n",
+			logthing(LOGTHING_ERROR, "Unknown key type: %d",
 				keys->publickey->data[0]);
 		}
 		
-		printf("pub  %4d%c/%08X %04d/%02d/%02d ",
-			length,
-			(type == 1) ? 'R' : ((type == 17) ? 'D' : '?'),
-			(uint32_t) (get_keyid(keys) & 0xFFFFFFFF),
-			created->tm_year + 1900,
-			created->tm_mon + 1,
-			created->tm_mday);
+		if (get_keyid(keys, &keyid) != ONAK_E_OK) {
+			logthing(LOGTHING_ERROR, "Couldn't get keyid.");
+		}
+
+		switch (type) {
+		case OPENPGP_PKALGO_RSA:
+			typech = 'R';
+			break;
+		case OPENPGP_PKALGO_ELGAMAL_ENC:
+			typech = 'g';
+			break;
+		case OPENPGP_PKALGO_DSA:
+			typech = 'D';
+			break;
+		case OPENPGP_PKALGO_ELGAMAL_SIGN:
+			typech = 'G';
+			break;
+		default:
+			typech = '?';
+			break;
+		}
+
+		if (html) {
+			printf("pub  %5d%c/%08" PRIX64
+				" %04d/%02d/%02d ",
+				length,
+				typech,
+				keyid,
+				keyid & 0xFFFFFFFF,
+				created->tm_year + 1900,
+				created->tm_mon + 1,
+				created->tm_mday);
+		} else {
+			printf("pub  %5d%c/%08" PRIX64 " %04d/%02d/%02d ",
+				length,
+				typech,
+				keyid & 0xFFFFFFFF,
+				created->tm_year + 1900,
+				created->tm_mon + 1,
+				created->tm_mday);
+		}
 
 		curuid = keys->uids;
-		if (curuid != NULL && curuid->packet->tag == 13) {
+		if (curuid != NULL &&
+				curuid->packet->tag == OPENPGP_PACKET_UID) {
 			snprintf(buf, 1023, "%.*s",
 				(int) curuid->packet->length,
 				curuid->packet->data);
-			printf("%s\n", (html) ? txt2html(buf) : buf);
+			if (html) {
+				printf("",
+					keyid);
+			}
+			printf("%s%s%s\n", 
+				(html) ? txt2html(buf) : buf,
+				(html) ? "" : "",
+				(keys->revoked) ? " *** REVOKED ***" : "");
+			if (skshash) {
+				display_skshash(keys, html);
+			}
+			if (fingerprint) {
+				display_fingerprint(keys);
+			}
 			if (verbose) {
-
 				list_sigs(curuid->sigs, html);
 			}
 			curuid = curuid->next;
 		} else {
-			putchar('\n');
+			printf("%s\n", 
+				(keys->revoked) ? "*** REVOKED ***": "");
+			if (fingerprint) {
+				display_fingerprint(keys);
+			}
 		}
 
-		list_uids(curuid, verbose, html);
-
-		//TODO: List subkeys.
+		list_uids(keyid, curuid, verbose, html);
+		if (verbose) {
+			list_subkeys(keys->subkeys, verbose, html);
+		}
 
 		keys = keys->next;
 	}
@@ -289,100 +371,87 @@ int key_index(struct openpgp_publickey *keys, bool verbose, bool fingerprint,
 	return 0;
 }
 
-
-int get_subpackets_keyid(unsigned char *data, uint64_t *keyid)
-{
-	int offset = 0;
-	int length = 0;
-	int packetlen = 0;
-
-	assert(data != NULL);
-
-	length = (data[0] << 8) + data[1] + 2;
-
-	offset = 2;
-	while (offset < length) {
-		packetlen = data[offset++];
-		if (packetlen > 191 && packetlen < 255) {
-			packetlen = ((packetlen - 192) << 8) +
-					data[offset++] + 192;
-		} else if (packetlen == 255) {
-			packetlen = data[offset++];
-			packetlen <<= 8;
-			packetlen = data[offset++];
-			packetlen <<= 8;
-			packetlen = data[offset++];
-			packetlen <<= 8;
-			packetlen = data[offset++];
-		}
-		switch (data[offset]) {
-		case 2:
-			/*
-			 * Signature creation time. Might want to output this?
-			 */
-			break;
-		case 16:
-			*keyid = (data[offset+packetlen - 4] << 24) +
-				(data[offset+packetlen - 3] << 16) +
-				(data[offset+packetlen - 2] << 8) +
-				data[offset+packetlen - 1];
-			*keyid &= 0xFFFFFFFF;
-			break;
-		default:
-			/*
-			 * We don't care about unrecognized packets unless bit
-			 * 7 is set in which case we prefer an error than
-			 * ignoring it.
-			 */
-			assert(!(data[offset] & 0x80));
-		}
-		offset += packetlen;
-	}
-
-	return length;
-}
-
-
 /**
- *	keysigs - Return the sigs on a given OpenPGP signature list.
- *	@curll: The current linked list. Can be NULL to create a new list.
- *	@sigs: The signature list we want the sigs on.
+ *	mrkey_index - List a set of OpenPGP keys in the MRHKP format.
+ *	@keys: The keys to display.
  *
- *	Returns a linked list of stats_key elements containing the sigs on the
- *	supplied OpenPGP packet list.
+ *	This function takes a list of OpenPGP public keys and displays a
+ *	machine readable list of them.
  */
-struct ll *keysigs(struct ll *curll,
-		struct openpgp_packet_list *sigs)
+int mrkey_index(struct openpgp_publickey *keys)
 {
-	int length = 0;
-	uint64_t keyid = 0;
-	
-	while (sigs != NULL) {
-		keyid = 0;
-		switch (sigs->packet->data[0]) {
+	struct openpgp_signedpacket_list	*curuid = NULL;
+	time_t					 created_time = 0;
+	int					 type = 0;
+	int					 length = 0;
+	int					 i = 0;
+	size_t					 fplength = 0;
+	unsigned char				 fp[20];
+	int					 c;
+	uint64_t				 keyid;
+
+	while (keys != NULL) {
+		created_time = (keys->publickey->data[1] << 24) +
+					(keys->publickey->data[2] << 16) +
+					(keys->publickey->data[3] << 8) +
+					keys->publickey->data[4];
+
+		printf("pub:");
+
+		switch (keys->publickey->data[0]) {
 		case 2:
 		case 3:
-			keyid = sigs->packet->data[11] << 24;
-			keyid += (sigs->packet->data[12] << 16);
-			keyid += (sigs->packet->data[13] << 8);
-			keyid += sigs->packet->data[14];
-			keyid &= 0xFFFFFFFF;
+			if (get_keyid(keys, &keyid) != ONAK_E_OK) {
+				logthing(LOGTHING_ERROR, "Couldn't get keyid");
+			}
+			printf("%016" PRIX64, keyid);
+			type = keys->publickey->data[7];
+			length = (keys->publickey->data[8] << 8) +
+					keys->publickey->data[9];
 			break;
 		case 4:
-			length = get_subpackets_keyid(&sigs->packet->data[4],
-					&keyid);
-			get_subpackets_keyid(&sigs->packet->data[length + 4],
-					&keyid);
-			/*
-			 * Don't bother to look at the unsigned packets.
-			 */
+			(void) get_fingerprint(keys->publickey, fp, &fplength);
+
+			for (i = 0; i < fplength; i++) {
+				printf("%02X", fp[i]);
+			}
+
+			type = keys->publickey->data[5];
+			length = (keys->publickey->data[6] << 8) +
+					keys->publickey->data[7];
 			break;
 		default:
-			break;
+			logthing(LOGTHING_ERROR, "Unknown key type: %d",
+				keys->publickey->data[0]);
 		}
-		sigs = sigs->next;
-		curll = lladd(curll, createandaddtohash(keyid));
-	}
 
-	return curll;
+		printf(":%d:%d:%ld::%s\n",
+			type,
+			length,
+			created_time,
+			(keys->revoked) ? "r" : "");
+	
+		for (curuid = keys->uids; curuid != NULL;
+			 curuid = curuid->next) {
+		
+			if (curuid->packet->tag == OPENPGP_PACKET_UID) {
+				printf("uid:");
+				for (i = 0; i < (int) curuid->packet->length;
+						i++) {
+					c = curuid->packet->data[i];
+					if (c == '%') {
+						putchar('%');
+						putchar(c);
+					} else if (c == ':' || c > 127) {
+						printf("%%%X", c);
+					} else {
+						putchar(c);
+					}
+				}
+				printf("\n");
+			}
+		}
+		keys = keys->next;
+	}
+	return 0;
 }