diff options
| author | David Shaw <[email protected]> | 2002-02-26 01:00:12 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2002-02-26 01:00:12 +0000 |
| commit | 6deb95687de04f4ca9211777c1df474e5602bb90 (patch) | |
| tree | 1992c96621904268e01f6134e5259049ad1e08d2 | |
| parent | LDAP keyservers do not support v3 fingerprints, so error out if someone (diff) | |
| download | gnupg-6deb95687de04f4ca9211777c1df474e5602bb90.tar.gz gnupg-6deb95687de04f4ca9211777c1df474e5602bb90.zip | |
Treat key lists internally as fingerprints when possible. All this is via
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
| -rw-r--r-- | g10/ChangeLog | 17 | ||||
| -rw-r--r-- | g10/getkey.c | 28 | ||||
| -rw-r--r-- | g10/hkp.c | 18 | ||||
| -rw-r--r-- | g10/hkp.h | 2 | ||||
| -rw-r--r-- | g10/keyserver.c | 162 | ||||
| -rw-r--r-- | g10/main.h | 1 | ||||
| -rw-r--r-- | g10/misc.c | 25 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 25 |
8 files changed, 160 insertions, 118 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index bd98bbeba..ea2c0d85b 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,4 +1,19 @@ -2002-03-12 David Shaw <[email protected]> +2002-02-25 David Shaw <[email protected]> + + * hkp.c (hkp_ask_import), hkp.h, keyserver.c (all): treat key + lists internally as fingerprints when possible. All this is via + KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows + the helper program to search the keyserver by fingerprint if + desired (and the keyserver supports it). Note that automatic + fingerprint promotion during refresh only applies to v4 keys as a + v4 fingerprint can be easily changed into a long or short key id, + and a v3 cannot. + + * pubkey-enc.c, getkey.c, misc.c, main.h: Take two copies of + hextobyte() from pubkey-enc.c and getkey.c and make them into one + copy in misc.c. + +2002-02-22 David Shaw <[email protected]> * keyserver.c (keyserver_search_prompt): Detect a "no keys found" case even if the helper program does not explicitly say how many diff --git a/g10/getkey.c b/g10/getkey.c index 3821264c9..5f12040a5 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -451,34 +451,6 @@ seckey_available( u32 *keyid ) } - -static int -hextobyte( const byte *s ) -{ - int c; - - if( *s >= '0' && *s <= '9' ) - c = 16 * (*s - '0'); - else if( *s >= 'A' && *s <= 'F' ) - c = 16 * (10 + *s - 'A'); - else if( *s >= 'a' && *s <= 'f' ) - c = 16 * (10 + *s - 'a'); - else - return -1; - s++; - if( *s >= '0' && *s <= '9' ) - c += *s - '0'; - else if( *s >= 'A' && *s <= 'F' ) - c += 10 + *s - 'A'; - else if( *s >= 'a' && *s <= 'f' ) - c += 10 + *s - 'a'; - else - return -1; - return c; -} - - - /**************** * Return the type of the user id: * @@ -48,15 +48,27 @@ static int urlencode_filter( void *opaque, int control, * or other error codes. */ int -hkp_ask_import( u32 *keyid, void *stats_handle) +hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle) { struct http_context hd; char *request; int rc; unsigned int hflags = opt.honor_http_proxy? HTTP_FLAG_TRY_PROXY : 0; + u32 key[2]; + + if(desc->mode==KEYDB_SEARCH_MODE_FPR20) + keyid_from_fingerprint(desc->u.fpr,MAX_FINGERPRINT_LEN,key); + else if(desc->mode==KEYDB_SEARCH_MODE_LONG_KID || + desc->mode==KEYDB_SEARCH_MODE_SHORT_KID) + { + key[0]=desc->u.kid[0]; + key[1]=desc->u.kid[1]; + } + else + return -1; /* HKP does not support v3 fingerprints */ log_info(_("requesting key %08lX from HKP keyserver %s\n"), - (ulong)keyid[1],opt.keyserver_host ); + (ulong)key[1],opt.keyserver_host ); request = m_alloc( strlen( opt.keyserver_host ) + 100 ); /* hkp does not accept the long keyid - we should really write a * nicer one :-) @@ -72,7 +84,7 @@ hkp_ask_import( u32 *keyid, void *stats_handle) opt.keyserver_host, atoi(opt.keyserver_port)>0?":":"", atoi(opt.keyserver_port)>0?opt.keyserver_port:"", - (ulong)keyid[1] ); + (ulong)key[1] ); if(opt.keyserver_options.verbose>2) log_info("request is \"%s\"\n",request); @@ -21,7 +21,7 @@ #ifndef G10_HKP_H #define G10_HKP_H 1 -int hkp_ask_import( u32 *keyid, void *stats_handle); +int hkp_ask_import( KEYDB_SEARCH_DESC *desc, void *stats_handle); int hkp_import( STRLIST users ); int hkp_export( STRLIST users ); int hkp_search(STRLIST tokens); diff --git a/g10/keyserver.c b/g10/keyserver.c index 423c0eb45..2df47a0c5 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -177,7 +177,7 @@ printunquoted(char *string,char delim) } static int -print_keyinfo(int count,char *keystring,u32 *keyid) +print_keyinfo(int count,char *keystring,KEYDB_SEARCH_DESC *desc) { char *certid,*userid,*keytype,*tok; int flags,keysize=0; @@ -186,14 +186,12 @@ print_keyinfo(int count,char *keystring,u32 *keyid) if((certid=strsep(&keystring,":"))==NULL) return -1; - /* Ideally this is the long key ID, but HKP uses the short key - ID. */ - if(sscanf(certid,"%08lX%08lX",(ulong *)&keyid[0],(ulong *)&keyid[1])!=2) - { - keyid[0]=0; - if(sscanf(certid,"%08lX",(ulong *)&keyid[1])!=1) - return -1; - } + classify_user_id (certid, desc); + if(desc->mode!=KEYDB_SEARCH_MODE_SHORT_KID && + desc->mode!=KEYDB_SEARCH_MODE_LONG_KID && + desc->mode!=KEYDB_SEARCH_MODE_FPR16 && + desc->mode!=KEYDB_SEARCH_MODE_FPR20) + return -1; if((tok=strsep(&keystring,":"))==NULL) return -1; @@ -249,7 +247,7 @@ print_keyinfo(int count,char *keystring,u32 *keyid) if(expiretime>0) printf(" expires %s,",strtimestamp(expiretime)); - printf(" keyid %s\n",certid); + printf(" key %s\n",certid); return 0; } @@ -258,7 +256,8 @@ print_keyinfo(int count,char *keystring,u32 *keyid) #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" static int -keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog) +keyserver_spawn(int action,STRLIST list, + KEYDB_SEARCH_DESC *desc,int count,int *prog) { int ret=0,i,gotversion=0,outofband=0; STRLIST temp; @@ -333,8 +332,37 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog) /* Which keys do we want? */ for(i=0;i<count;i++) - fprintf(spawn->tochild,"0x%08lX%08lX\n", - (ulong)kidlist[i][0],(ulong)kidlist[i][1]); + { + if(desc[i].mode==KEYDB_SEARCH_MODE_FPR20) + { + int f; + + fprintf(spawn->tochild,"0x"); + + for(f=0;f<MAX_FINGERPRINT_LEN;f++) + fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]); + + fprintf(spawn->tochild,"\n"); + } + else if(desc[i].mode==KEYDB_SEARCH_MODE_FPR16) + { + int f; + + fprintf(spawn->tochild,"0x"); + + for(f=0;f<16;f++) + fprintf(spawn->tochild,"%02X",(byte)desc[i].u.fpr[f]); + + fprintf(spawn->tochild,"\n"); + } + else if(desc[i].mode==KEYDB_SEARCH_MODE_LONG_KID) + fprintf(spawn->tochild,"0x%08lX%08lX\n", + (ulong)desc[i].u.kid[0], + (ulong)desc[i].u.kid[1]); + else + fprintf(spawn->tochild,"0x%08lX\n", + (ulong)desc[i].u.kid[1]); + } fprintf(spawn->tochild,"\n"); @@ -526,7 +554,7 @@ keyserver_spawn(int action,STRLIST list,u32 (*kidlist)[2],int count,int *prog) } static int -keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count) +keyserver_work(int action,STRLIST list,KEYDB_SEARCH_DESC *desc,int count) { int rc=0,ret=0; @@ -550,7 +578,7 @@ keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count) { case GET: for(count--;count>=0;count--) - if(hkp_ask_import(kidlist[count],stats_handle)) + if(hkp_ask_import(&desc[count],stats_handle)) log_inc_errorcount(); break; case SEND: @@ -568,7 +596,7 @@ keyserver_work(int action,STRLIST list,u32 (*kidlist)[2],int count) /* It's not the internal HKP code, so try and spawn a handler for it */ - rc=keyserver_spawn(action,list,kidlist,count,&ret); + rc=keyserver_spawn(action,list,desc,count,&ret); if(ret) { switch(ret) @@ -613,42 +641,37 @@ keyserver_export(STRLIST users) int keyserver_import(STRLIST users) { - u32 (*kidlist)[2]; + KEYDB_SEARCH_DESC *desc; int num=100,count=0; int rc=0; /* Build a list of key ids */ - - kidlist=m_alloc(sizeof(u32)*2*num); + desc=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num); for(;users;users=users->next) { - KEYDB_SEARCH_DESC desc; - - classify_user_id (users->d, &desc); - if(desc.mode==KEYDB_SEARCH_MODE_SHORT_KID || - desc.mode==KEYDB_SEARCH_MODE_LONG_KID) + classify_user_id (users->d, &desc[count]); + if(desc[count].mode!=KEYDB_SEARCH_MODE_SHORT_KID && + desc[count].mode!=KEYDB_SEARCH_MODE_LONG_KID && + desc[count].mode!=KEYDB_SEARCH_MODE_FPR16 && + desc[count].mode!=KEYDB_SEARCH_MODE_FPR20) { - kidlist[count][0]=desc.u.kid[0]; - kidlist[count][1]=desc.u.kid[1]; - count++; - if(count==num) - { - num+=100; - kidlist=m_realloc(kidlist,sizeof(u32)*2*num); - } + log_error(_("skipping invalid key ID \"%s\"\n"),users->d); + continue; } - else + + count++; + if(count==num) { - log_error (_("skipping invalid key ID \"%s\"\n"), users->d ); - continue; + num+=100; + desc=m_realloc(desc,sizeof(KEYDB_SEARCH_DESC)*num); } } if(count>0) - rc=keyserver_work(GET,NULL,kidlist,count); + rc=keyserver_work(GET,NULL,desc,count); - m_free(kidlist); + m_free(desc); return rc; } @@ -673,7 +696,7 @@ keyserver_import_keyid(u32 *keyid) /* code mostly stolen from do_export_stream */ static int -keyidlist(STRLIST users,u32 (**kidlist)[2],int *count,int fakev3) +keyidlist(STRLIST users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) { int rc=0,ndesc,num=100; KBNODE keyblock=NULL,node; @@ -683,7 +706,7 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count,int fakev3) *count=0; - *kidlist=m_alloc(sizeof(u32)*2*num); + *klist=m_alloc(sizeof(KEYDB_SEARCH_DESC)*num); kdbhd=keydb_new(0); @@ -734,37 +757,56 @@ keyidlist(STRLIST users,u32 (**kidlist)[2],int *count,int fakev3) if(fakev3 && is_RSA(node->pkt->pkt.public_key->pubkey_algo) && node->pkt->pkt.public_key->version>=4) { + (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID; mpi_get_keyid(node->pkt->pkt.public_key->pkey[0], - (*kidlist)[*count]); + (*klist)[*count].u.kid); (*count)++; if(*count==num) { num+=100; - *kidlist=m_realloc(*kidlist,sizeof(u32)*2*num); + *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num); } } - keyid_from_pk(node->pkt->pkt.public_key,(*kidlist)[*count]); + /* v4 keys get full fingerprints. v3 keys get long keyids. + This is because it's easy to calculate any sort of key id + from a v4 fingerprint, but not a v3 fingerprint. */ + + if(node->pkt->pkt.public_key->version<4) + { + (*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID; + keyid_from_pk(node->pkt->pkt.public_key, + (*klist)[*count].u.kid); + } + else + { + size_t dummy; + + (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20; + fingerprint_from_pk(node->pkt->pkt.public_key, + (*klist)[*count].u.fpr,&dummy); + } (*count)++; if(*count==num) { num+=100; - *kidlist=m_realloc(*kidlist,sizeof(u32)*2*num); + *klist=m_realloc(*klist,sizeof(KEYDB_SEARCH_DESC)*num); } } } - if( rc == -1 ) - rc = 0; - - leave: - keydb_release(kdbhd); - release_kbnode(keyblock); + if(rc==-1) + rc=0; + + leave: + m_free(desc); + keydb_release(kdbhd); + release_kbnode(keyblock); - return rc; + return rc; } /* Note this is different than the original HKP refresh. It allows @@ -774,7 +816,7 @@ int keyserver_refresh(STRLIST users) { int rc,count,fakev3=0; - u32 (*kidlist)[2]; + KEYDB_SEARCH_DESC *desc; /* If refresh_add_fake_v3_keyids is on and it's a HKP scheme, then enable fake v3 keyid generation. */ @@ -785,7 +827,7 @@ keyserver_refresh(STRLIST users) strcasecmp(opt.keyserver_scheme,"x-broken-hkp")==0)) fakev3=1; - rc=keyidlist(users,&kidlist,&count,fakev3); + rc=keyidlist(users,&desc,&count,fakev3); if(rc) return rc; @@ -795,9 +837,9 @@ keyserver_refresh(STRLIST users) log_info(_("%d keys to refresh\n"),count); if(count>0) - rc=keyserver_work(GET,NULL,kidlist,count); + rc=keyserver_work(GET,NULL,desc,count); - m_free(kidlist); + m_free(desc); return 0; } @@ -819,7 +861,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) { int i=0,validcount=1; unsigned int maxlen=256,buflen=0; - u32 (*keyids)[2]; + KEYDB_SEARCH_DESC *desc; byte *line=NULL; char *answer; @@ -832,7 +874,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) count=1; } - keyids=m_alloc(count*sizeof(u32)*2); + desc=m_alloc(count*sizeof(KEYDB_SEARCH_DESC)); /* Read each line and show it to the user */ @@ -843,7 +885,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) if(i==count) { count++; - keyids=m_realloc(keyids,count*sizeof(u32)*2); + desc=m_realloc(desc,count*sizeof(KEYDB_SEARCH_DESC)); validcount=0; } @@ -861,7 +903,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) rl=iobuf_read_line(buffer,&line,&buflen,&maxlen); if(rl>0) { - if(print_keyinfo(i,line,keyids[i-1])) + if(print_keyinfo(i,line,&desc[i-1])==-1) continue; } else @@ -888,7 +930,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) while((num=strsep(&split," ,"))!=NULL) if(atoi(num)>=1 && atoi(num)<=i) - keyserver_work(GET,NULL,&keyids[atoi(num)-1],1); + keyserver_work(GET,NULL,&desc[atoi(num)-1],1); m_free(answer); break; @@ -896,7 +938,7 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr) } } - m_free(keyids); + m_free(desc); m_free(line); notfound: diff --git a/g10/main.h b/g10/main.h index cef6a8c32..5c1f34f42 100644 --- a/g10/main.h +++ b/g10/main.h @@ -68,6 +68,7 @@ int openpgp_md_test_algo( int algo ); int check_permissions(const char *path,int extension,int checkonly); void idea_cipher_warn( int show ); char *pct_expando(const char *string,PKT_public_key *pk); +int hextobyte( const char *s ); /*-- helptext.c --*/ void display_online_help( const char *keyword ); diff --git a/g10/misc.c b/g10/misc.c index 5c3ef12de..2f8d28af7 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -550,3 +550,28 @@ pct_expando(const char *string,PKT_public_key *pk) m_free(ret); return NULL; } + +int +hextobyte( const char *s ) +{ + int c; + + if( *s >= '0' && *s <= '9' ) + c = 16 * (*s - '0'); + else if( *s >= 'A' && *s <= 'F' ) + c = 16 * (10 + *s - 'A'); + else if( *s >= 'a' && *s <= 'f' ) + c = 16 * (10 + *s - 'a'); + else + return -1; + s++; + if( *s >= '0' && *s <= '9' ) + c += *s - '0'; + else if( *s >= 'A' && *s <= 'F' ) + c += 10 + *s - 'A'; + else if( *s >= 'a' && *s <= 'f' ) + c += 10 + *s - 'a'; + else + return -1; + return c; +} diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 05ba85f85..d052b3c9b 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -263,31 +263,6 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) } -static int -hextobyte( const char *s ) -{ - int c; - - if( *s >= '0' && *s <= '9' ) - c = 16 * (*s - '0'); - else if( *s >= 'A' && *s <= 'F' ) - c = 16 * (10 + *s - 'A'); - else if( *s >= 'a' && *s <= 'f' ) - c = 16 * (10 + *s - 'a'); - else - return -1; - s++; - if( *s >= '0' && *s <= '9' ) - c += *s - '0'; - else if( *s >= 'A' && *s <= 'F' ) - c += 10 + *s - 'A'; - else if( *s >= 'a' && *s <= 'f' ) - c += 10 + *s - 'a'; - else - return -1; - return c; -} - /**************** * Get the session key from the given string. * String is supposed to be formatted as this: |