aboutsummaryrefslogtreecommitdiffstats
path: root/g10/keyserver.c
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2019-03-14 07:54:59 +0000
committerWerner Koch <[email protected]>2019-03-14 10:26:54 +0000
commitf40e9d6a528521d12795e1a6cc15c849b216be92 (patch)
treebebe6f71b5d00e8dda7d67dae3b3f4e27e12a815 /g10/keyserver.c
parentgpg: Implemented latest rfc4880bis version 5 packet hashing. (diff)
downloadgnupg-f40e9d6a528521d12795e1a6cc15c849b216be92.tar.gz
gnupg-f40e9d6a528521d12795e1a6cc15c849b216be92.zip
kbx: Add support for 32 byte fingerprints.
* common/userids.c (classify_user_id): Support 32 byte fingerprints. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New. (struct keydb_search_desc): Add field fprlen. * kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field version and increase size of fpr to 32. * kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs. (struct keyboxblob_key): Add field fprlen and increase size of fpr. (pgp_create_key_part_single): Allow larger fingerprints. (create_blob_header): Implement blob version 2 and add arg want_fpr32. (_keybox_create_openpgp_blob): Detect the need for blob version 2. * kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte fingerprints. (blob_cmp_fpr): Ditto. (blob_cmp_fpr_part): Ditto. (has_fingerprint): Add arg fprlen and pass on. (keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed has_fingerprint. * kbx/keybox-openpgp.c (parse_key): Support version 5 keys. * kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2. * g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32. * g10/export.c (exact_subkey_match_p): Ditto. * g10/gpg.c (main): Ditto. * g10/getkey.c (get_pubkey_byfprint): Adjust for changed KEYDB_SEARCH_MODE_FPR. * g10/keydb.c (keydb_search_desc_dump): Support KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR. (keydb_search): Add new arg fprlen and change all callers. * g10/keyedit.c (find_by_primary_fpr): Ditto. * g10/keyid.c (keystr_from_desc): Ditto. * g10/keyring.c (keyring_search): Ditto. * g10/keyserver.c (print_keyrec): Ditto. (parse_keyrec): Ditto. (keyserver_export): Ditto. (keyserver_retrieval_screener): Ditto. (keyserver_import): Ditto. (keyserver_import_fprint): Ditto. (keyidlist): Ditto. (keyserver_get_chunk): Ditto. * g10/keydb.c (keydb_search): Add new arg fprlen and change all callers. * sm/keydb.c (keydb_search_fpr): Adjust for changed KEYDB_SEARCH_MODE_FPR. -- This prepares the support for OpenPGP v5 keys. The new version 2 blob format is needed for the longer fingerprints and we also use this opportunity to prepare for storing the keygrip in the blob for faster lookup by keygrip. Right now this is not yet functional. Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/keyserver.c')
-rw-r--r--g10/keyserver.c68
1 files changed, 56 insertions, 12 deletions
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 1ba94ed49..c414e2cb1 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -527,6 +527,25 @@ print_keyrec (ctrl_t ctrl, int number,struct keyrec *keyrec)
}
break;
+ /* If we get a modern fingerprint, we have the most
+ flexibility. */
+ case KEYDB_SEARCH_MODE_FPR32:
+ {
+ u32 kid[2];
+ keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr, 32, kid);
+ es_printf("key %s",keystr(kid));
+ }
+ break;
+
+ case KEYDB_SEARCH_MODE_FPR:
+ {
+ u32 kid[2];
+ keyid_from_fingerprint (ctrl, keyrec->desc.u.fpr, keyrec->desc.fprlen,
+ kid);
+ es_printf("key %s",keystr(kid));
+ }
+ break;
+
default:
BUG();
break;
@@ -614,7 +633,9 @@ parse_keyrec(char *keystring)
if (err || (work->desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
&& work->desc.mode != KEYDB_SEARCH_MODE_LONG_KID
&& work->desc.mode != KEYDB_SEARCH_MODE_FPR16
- && work->desc.mode != KEYDB_SEARCH_MODE_FPR20))
+ && work->desc.mode != KEYDB_SEARCH_MODE_FPR20
+ && work->desc.mode != KEYDB_SEARCH_MODE_FPR32
+ && work->desc.mode != KEYDB_SEARCH_MODE_FPR))
{
work->desc.mode=KEYDB_SEARCH_MODE_NONE;
return ret;
@@ -996,7 +1017,9 @@ keyserver_export (ctrl_t ctrl, strlist_t users)
if (err || (desc.mode != KEYDB_SEARCH_MODE_SHORT_KID
&& desc.mode != KEYDB_SEARCH_MODE_LONG_KID
&& desc.mode != KEYDB_SEARCH_MODE_FPR16
- && desc.mode != KEYDB_SEARCH_MODE_FPR20))
+ && desc.mode != KEYDB_SEARCH_MODE_FPR20
+ && desc.mode != KEYDB_SEARCH_MODE_FPR32
+ && desc.mode != KEYDB_SEARCH_MODE_FPR))
{
log_error(_("\"%s\" not a key ID: skipping\n"),users->d);
continue;
@@ -1070,6 +1093,16 @@ keyserver_retrieval_screener (kbnode_t keyblock, void *opaque)
if (fpr_len == 20 && !memcmp (fpr, desc[n].u.fpr, 20))
return 0;
}
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR32)
+ {
+ if (fpr_len == 32 && !memcmp (fpr, desc[n].u.fpr, 32))
+ return 0;
+ }
+ else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR)
+ {
+ if (fpr_len == desc[n].fprlen && !memcmp (fpr, desc[n].u.fpr, 32))
+ return 0;
+ }
else if (desc[n].mode == KEYDB_SEARCH_MODE_FPR16)
{
if (fpr_len == 16 && !memcmp (fpr, desc[n].u.fpr, 16))
@@ -1111,7 +1144,9 @@ keyserver_import (ctrl_t ctrl, strlist_t users)
if (err || (desc[count].mode != KEYDB_SEARCH_MODE_SHORT_KID
&& desc[count].mode != KEYDB_SEARCH_MODE_LONG_KID
&& desc[count].mode != KEYDB_SEARCH_MODE_FPR16
- && desc[count].mode != KEYDB_SEARCH_MODE_FPR20))
+ && desc[count].mode != KEYDB_SEARCH_MODE_FPR20
+ && desc[count].mode != KEYDB_SEARCH_MODE_FPR32
+ && desc[count].mode != KEYDB_SEARCH_MODE_FPR))
{
log_error (_("\"%s\" not a key ID: skipping\n"), users->d);
continue;
@@ -1171,10 +1206,13 @@ keyserver_import_fprint (ctrl_t ctrl, const byte *fprint,size_t fprint_len,
desc.mode=KEYDB_SEARCH_MODE_FPR16;
else if(fprint_len==20)
desc.mode=KEYDB_SEARCH_MODE_FPR20;
+ else if(fprint_len==32)
+ desc.mode=KEYDB_SEARCH_MODE_FPR32;
else
return -1;
memcpy(desc.u.fpr,fprint,fprint_len);
+ desc.fprlen = fprint_len;
/* TODO: Warn here if the fingerprint we got doesn't match the one
we asked for? */
@@ -1291,20 +1329,23 @@ keyidlist (ctrl_t ctrl, strlist_t users, KEYDB_SEARCH_DESC **klist,
This is because it's easy to calculate any sort of keyid
from a v4 fingerprint, but not a v3 fingerprint. */
- if(node->pkt->pkt.public_key->version<4)
+ if (node->pkt->pkt.public_key->version < 4)
{
(*klist)[*count].mode=KEYDB_SEARCH_MODE_LONG_KID;
keyid_from_pk(node->pkt->pkt.public_key,
(*klist)[*count].u.kid);
}
else
- {
+ {
size_t dummy;
- (*klist)[*count].mode=KEYDB_SEARCH_MODE_FPR20;
- fingerprint_from_pk(node->pkt->pkt.public_key,
- (*klist)[*count].u.fpr,&dummy);
- }
+ if (node->pkt->pkt.public_key->version == 4)
+ (*klist)[*count].mode = KEYDB_SEARCH_MODE_FPR20;
+ else
+ (*klist)[*count].mode = KEYDB_SEARCH_MODE_FPR32;
+ fingerprint_from_pk (node->pkt->pkt.public_key,
+ (*klist)[*count].u.fpr,&dummy);
+ }
/* This is a little hackish, using the skipfncvalue as a
void* pointer to the keyserver spec, but we don't need
@@ -1621,9 +1662,10 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
int quiet = 0;
if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[idx].mode == KEYDB_SEARCH_MODE_FPR32
|| desc[idx].mode == KEYDB_SEARCH_MODE_FPR16)
{
- n = 1+2+2*20;
+ n = 1+2+2*32;
if (idx && linelen + n > MAX_KS_GET_LINELEN)
break; /* Declare end of this chunk. */
linelen += n;
@@ -1635,10 +1677,12 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
{
strcpy (pattern[npat], "0x");
bin2hex (desc[idx].u.fpr,
+ desc[idx].mode == KEYDB_SEARCH_MODE_FPR32? 32 :
desc[idx].mode == KEYDB_SEARCH_MODE_FPR20? 20 : 16,
pattern[npat]+2);
npat++;
- if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20)
+ if (desc[idx].mode == KEYDB_SEARCH_MODE_FPR20
+ || desc[idx].mode == KEYDB_SEARCH_MODE_FPR32)
npat_fpr++;
}
}
@@ -1717,7 +1761,7 @@ keyserver_get_chunk (ctrl_t ctrl, KEYDB_SEARCH_DESC *desc, int ndesc,
}
}
- /* Remember now many of search items were considered. Note that
+ /* Remember how many of the search items were considered. Note that
this is different from NPAT. */
*r_ndesc_used = idx;
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 07:41:26 +0000