diff options
| author | Werner Koch <[email protected]> | 2019-11-28 08:39:35 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2019-11-28 10:16:13 +0000 |
| commit | 915297705af6f1db74dacf0d6665b83eb0a58459 (patch) | |
| tree | 7e7cdc2f55f3d7d218a90f9eada3327a4dc534ff /kbx/backend-cache.c | |
| parent | dirmngr: Replace no-strict-overflow pragma by wrapv pragma. (diff) | |
| download | gnupg-915297705af6f1db74dacf0d6665b83eb0a58459.tar.gz gnupg-915297705af6f1db74dacf0d6665b83eb0a58459.zip | |
kbx: Redefine the UBID which is now the primary fingerprint.
* common/util.h (UBID_LEN): New. Use it at all places.
* kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item.
* kbx/keybox-dump.c (print_ubib): Remove.
(_keybox_dump_blob): Do not print the now removed ubid flag.
* kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants
for the size of the ubid and grip.
* kbx/keybox-search.c (blob_cmp_ubid): New.
(has_ubid): Make it a simple wrapper around blob_cmp_ubid.
(keybox_get_data): Add arg 'r_ubid'.
* kbx/frontend.h (enum kbxd_store_modes): New.
* kbx/kbxserver.c (cmd_store): Add new option --insert.
* kbx/backend-cache.c (be_cache_initialize): New.
(be_cache_add_resource): Call it here.
* kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'.
(be_kbx_search): Get the UBID from keybox_get_data.
* kbx/backend-support.c (be_fingerprint_from_blob): Replace by ...
(be_ubid_from_blob): new. Change all callers.
* kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but
use the new cache init function.
(kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the
ubid. Take care of the mode.
--
It turned out that using the hash of the entire blob was not helpful.
Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint
of the blob. In case this is a v5 OpenPGP key a left truncated
version of the SHA-256 hash is used; in all other cases the full SHA-1
hash. Using a SHA-256 hash does not make sense because v4 keys are
and will for some time be the majority of keys and thus padding them
with zeroes won't make any difference. Even if fingerprint collisions
can eventually be created we will assume that the keys are bogus and
that it does not make sense to store its twin also in our key storage.
We can also easily extend the update code to detect a collision and
reject the update.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'kbx/backend-cache.c')
| -rw-r--r-- | kbx/backend-cache.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/kbx/backend-cache.c b/kbx/backend-cache.c index 10a6f6bd9..45e5c7158 100644 --- a/kbx/backend-cache.c +++ b/kbx/backend-cache.c @@ -63,7 +63,7 @@ typedef struct blob_s unsigned int usecount; unsigned int datalen; unsigned char *data; /* The actual data of length DATALEN. */ - unsigned char ubid[20]; + unsigned char ubid[UBID_LEN]; } *blob_t; @@ -90,7 +90,7 @@ typedef struct bloblist_s unsigned int subkey:1; /* The entry is for a subkey. */ unsigned int fprlen:8; /* The length of the fingerprint or 0. */ char fpr[32]; /* The buffer for the fingerprint. */ - unsigned char ubid[20]; /* The Unique-Blob-ID of the blob. */ + unsigned char ubid[UBID_LEN]; /* The Unique-Blob-ID of the blob. */ } *bloblist_t; static bloblist_t bloblist_attic; /* List of freed items. */ @@ -179,7 +179,7 @@ find_blob (unsigned int hash, const unsigned char *ubid, unsigned int count = 0; for (b = blob_table[hash]; b; b = b->next, count++) - if (!memcmp (b->ubid, ubid, 20)) + if (!memcmp (b->ubid, ubid, UBID_LEN)) break; if (r_count) *r_count = count; @@ -338,7 +338,7 @@ blob_table_put (const unsigned char *ubid, enum pubkey_types pktype, b->pktype = pktype; b->data = blobdatacopy; b->datalen = blobdatalen; - memcpy (b->ubid, ubid, 20); + memcpy (b->ubid, ubid, UBID_LEN); b->usecount = 1; b->refcount = 1; b->next = blob_table[hash]; @@ -532,9 +532,9 @@ new_bloblist_item (const unsigned char *fpr, unsigned int fprlen, bl->next = NULL; if (ubid) - memcpy (bl->ubid, ubid, 20); + memcpy (bl->ubid, ubid, UBID_LEN); else - memset (bl->ubid, 0, 20); + memset (bl->ubid, 0, UBID_LEN); bl->ubid_valid = 1; bl->final_kid = 0; bl->final_fpr = 0; @@ -846,6 +846,19 @@ query_by_fpr (const unsigned char *fpr, unsigned int fprlen) +/* Make sure the tables are initialized. */ +gpg_error_t +be_cache_initialize (void) +{ + gpg_error_t err; + + err = blob_table_init (); + if (!err) + err = key_table_init (); + return err; +} + + /* Install a new resource and return a handle for that backend. */ gpg_error_t be_cache_add_resource (ctrl_t ctrl, backend_handle_t *r_hd) @@ -863,11 +876,8 @@ be_cache_add_resource (ctrl_t ctrl, backend_handle_t *r_hd) hd->backend_id = be_new_backend_id (); - err = blob_table_init (); - if (err) - goto leave; - - err = key_table_init (); + /* Just in case make sure we are initialized. */ + err = be_cache_initialize (); if (err) goto leave; @@ -1030,7 +1040,7 @@ be_cache_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request, { if (bl && bl->ubid_valid) { - memcpy (request->last_cached_ubid, bl->ubid, 20); + memcpy (request->last_cached_ubid, bl->ubid, UBID_LEN); request->last_cached_valid = 1; request->last_cached_fprlen = desc[descidx].fprlen; memcpy (request->last_cached_fpr, |