2003-06-05 09:14:21 +02:00
|
|
|
|
/* keybox-search.c - Search operations
|
2013-01-07 21:14:52 +01:00
|
|
|
|
* Copyright (C) 2001, 2002, 2003, 2004, 2012,
|
|
|
|
|
* 2013 Free Software Foundation, Inc.
|
2003-06-05 09:14:21 +02:00
|
|
|
|
*
|
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
2007-07-04 21:49:40 +02:00
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2003-06-05 09:14:21 +02:00
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* GnuPG is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2007-07-04 21:49:40 +02:00
|
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2003-06-05 09:14:21 +02:00
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
|
2010-03-10 13:24:58 +01:00
|
|
|
|
#include "../common/stringhelp.h" /* ascii_xxxx() */
|
2004-02-02 18:09:35 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
#include "keybox-defs.h"
|
2006-10-20 13:38:48 +02:00
|
|
|
|
#include <gcrypt.h>
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
|
|
|
|
|
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
|
|
|
|
|
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
|
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
struct sn_array_s {
|
|
|
|
|
int snlen;
|
|
|
|
|
unsigned char *sn;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline ulong
|
2003-06-05 09:14:21 +02:00
|
|
|
|
get32 (const byte *buffer)
|
|
|
|
|
{
|
|
|
|
|
ulong a;
|
|
|
|
|
a = *buffer << 24;
|
|
|
|
|
a |= buffer[1] << 16;
|
|
|
|
|
a |= buffer[2] << 8;
|
|
|
|
|
a |= buffer[3];
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline ulong
|
2003-06-05 09:14:21 +02:00
|
|
|
|
get16 (const byte *buffer)
|
|
|
|
|
{
|
|
|
|
|
ulong a;
|
|
|
|
|
a = *buffer << 8;
|
|
|
|
|
a |= buffer[1];
|
|
|
|
|
return a;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline unsigned int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
blob_get_blob_flags (KEYBOXBLOB blob)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 8)
|
|
|
|
|
return 0; /* oops */
|
|
|
|
|
|
|
|
|
|
return get16 (buffer + 6);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2015-01-19 14:58:06 +01:00
|
|
|
|
/* Return the first keyid from the blob. Returns true if
|
|
|
|
|
available. */
|
2015-01-16 16:56:35 +01:00
|
|
|
|
static int
|
2015-01-19 14:58:06 +01:00
|
|
|
|
blob_get_first_keyid (KEYBOXBLOB blob, u32 *kid)
|
2015-01-16 16:56:35 +01:00
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
2015-01-19 14:58:06 +01:00
|
|
|
|
size_t length, nkeys, keyinfolen;
|
2015-01-16 16:56:35 +01:00
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 48)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
2015-01-19 14:58:06 +01:00
|
|
|
|
nkeys = get16 (buffer + 16);
|
2015-01-16 16:56:35 +01:00
|
|
|
|
keyinfolen = get16 (buffer + 18);
|
2015-01-19 14:58:06 +01:00
|
|
|
|
if (!nkeys || keyinfolen < 28)
|
2015-01-16 16:56:35 +01:00
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
|
|
|
|
|
kid[0] = get32 (buffer + 32);
|
|
|
|
|
kid[1] = get32 (buffer + 36);
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
/* Return information on the flag WHAT within the blob BUFFER,LENGTH.
|
|
|
|
|
Return the offset and the length (in bytes) of the flag in
|
|
|
|
|
FLAGOFF,FLAG_SIZE. */
|
|
|
|
|
gpg_err_code_t
|
|
|
|
|
_keybox_get_flag_location (const unsigned char *buffer, size_t length,
|
|
|
|
|
int what, size_t *flag_off, size_t *flag_size)
|
|
|
|
|
{
|
|
|
|
|
size_t pos;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
size_t nuids, uidinfolen;
|
|
|
|
|
size_t nserial;
|
2012-12-28 17:17:56 +01:00
|
|
|
|
size_t nsigs, siginfolen, siginfooff;
|
2004-02-02 18:09:35 +01:00
|
|
|
|
|
|
|
|
|
switch (what)
|
|
|
|
|
{
|
|
|
|
|
case KEYBOX_FLAG_BLOB:
|
|
|
|
|
if (length < 8)
|
|
|
|
|
return GPG_ERR_INV_OBJ;
|
|
|
|
|
*flag_off = 6;
|
|
|
|
|
*flag_size = 2;
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
case KEYBOX_FLAG_OWNERTRUST:
|
2004-04-26 10:09:25 +02:00
|
|
|
|
case KEYBOX_FLAG_VALIDITY:
|
|
|
|
|
case KEYBOX_FLAG_CREATED_AT:
|
2012-12-28 17:17:56 +01:00
|
|
|
|
case KEYBOX_FLAG_SIG_INFO:
|
2004-02-02 18:09:35 +01:00
|
|
|
|
if (length < 20)
|
|
|
|
|
return GPG_ERR_INV_OBJ;
|
|
|
|
|
/* Key info. */
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return GPG_ERR_INV_OBJ;
|
|
|
|
|
pos = 20 + keyinfolen*nkeys;
|
|
|
|
|
if (pos+2 > length)
|
|
|
|
|
return GPG_ERR_INV_OBJ; /* Out of bounds. */
|
|
|
|
|
/* Serial number. */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
nserial = get16 (buffer+pos);
|
2004-02-02 18:09:35 +01:00
|
|
|
|
pos += 2 + nserial;
|
|
|
|
|
if (pos+4 > length)
|
|
|
|
|
return GPG_ERR_INV_OBJ; /* Out of bounds. */
|
|
|
|
|
/* User IDs. */
|
|
|
|
|
nuids = get16 (buffer + pos); pos += 2;
|
|
|
|
|
uidinfolen = get16 (buffer + pos); pos += 2;
|
|
|
|
|
if (uidinfolen < 12 )
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return GPG_ERR_INV_OBJ;
|
2004-02-02 18:09:35 +01:00
|
|
|
|
pos += uidinfolen*nuids;
|
|
|
|
|
if (pos+4 > length)
|
|
|
|
|
return GPG_ERR_INV_OBJ ; /* Out of bounds. */
|
|
|
|
|
/* Signature info. */
|
2012-12-28 17:17:56 +01:00
|
|
|
|
siginfooff = pos;
|
2004-02-02 18:09:35 +01:00
|
|
|
|
nsigs = get16 (buffer + pos); pos += 2;
|
|
|
|
|
siginfolen = get16 (buffer + pos); pos += 2;
|
|
|
|
|
if (siginfolen < 4 )
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return GPG_ERR_INV_OBJ;
|
2004-02-02 18:09:35 +01:00
|
|
|
|
pos += siginfolen*nsigs;
|
|
|
|
|
if (pos+1+1+2+4+4+4+4 > length)
|
|
|
|
|
return GPG_ERR_INV_OBJ ; /* Out of bounds. */
|
|
|
|
|
*flag_size = 1;
|
|
|
|
|
*flag_off = pos;
|
2004-04-26 10:09:25 +02:00
|
|
|
|
switch (what)
|
|
|
|
|
{
|
|
|
|
|
case KEYBOX_FLAG_VALIDITY:
|
|
|
|
|
*flag_off += 1;
|
|
|
|
|
break;
|
|
|
|
|
case KEYBOX_FLAG_CREATED_AT:
|
|
|
|
|
*flag_size = 4;
|
|
|
|
|
*flag_off += 1+2+4+4+4;
|
|
|
|
|
break;
|
2012-12-28 17:17:56 +01:00
|
|
|
|
case KEYBOX_FLAG_SIG_INFO:
|
|
|
|
|
*flag_size = siginfolen * nsigs;
|
|
|
|
|
*flag_off = siginfooff;
|
|
|
|
|
break;
|
2004-04-26 10:09:25 +02:00
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2004-02-02 18:09:35 +01:00
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
return GPG_ERR_INV_FLAG;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
|
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
/* Return one of the flags WHAT in VALUE from teh blob BUFFER of
|
|
|
|
|
LENGTH bytes. Return 0 on success or an raw error code. */
|
|
|
|
|
static gpg_err_code_t
|
|
|
|
|
get_flag_from_image (const unsigned char *buffer, size_t length,
|
|
|
|
|
int what, unsigned int *value)
|
|
|
|
|
{
|
|
|
|
|
gpg_err_code_t ec;
|
|
|
|
|
size_t pos, size;
|
|
|
|
|
|
|
|
|
|
*value = 0;
|
|
|
|
|
ec = _keybox_get_flag_location (buffer, length, what, &pos, &size);
|
|
|
|
|
if (!ec)
|
|
|
|
|
switch (size)
|
|
|
|
|
{
|
|
|
|
|
case 1: *value = buffer[pos]; break;
|
|
|
|
|
case 2: *value = get16 (buffer + pos); break;
|
|
|
|
|
case 4: *value = get32 (buffer + pos); break;
|
|
|
|
|
default: ec = GPG_ERR_BUG; break;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
return ec;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
static int
|
|
|
|
|
blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t pos, off;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
size_t nserial;
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
|
|
|
|
/*keys*/
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
pos = 20 + keyinfolen*nkeys;
|
|
|
|
|
if (pos+2 > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
/*serial*/
|
2011-02-04 12:57:53 +01:00
|
|
|
|
nserial = get16 (buffer+pos);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
off = pos + 2;
|
|
|
|
|
if (off+nserial > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
return nserial == snlen && !memcmp (buffer+off, sn, snlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-01-07 21:14:52 +01:00
|
|
|
|
/* Returns 0 if not found or the number of the key which was found.
|
|
|
|
|
For X.509 this is always 1, for OpenPGP this is 1 for the primary
|
|
|
|
|
key and 2 and more for the subkeys. */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
static int
|
|
|
|
|
blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t pos, off;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
|
|
|
|
/*keys*/
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
pos = 20;
|
|
|
|
|
if (pos + keyinfolen*nkeys > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
for (idx=0; idx < nkeys; idx++)
|
|
|
|
|
{
|
|
|
|
|
off = pos + idx*keyinfolen;
|
|
|
|
|
if (!memcmp (buffer + off, fpr, 20))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
return 0; /* not found */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
|
|
|
|
|
int fproff, int fprlen)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t pos, off;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
|
|
|
|
/*keys*/
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
pos = 20;
|
|
|
|
|
if (pos + keyinfolen*nkeys > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
for (idx=0; idx < nkeys; idx++)
|
|
|
|
|
{
|
|
|
|
|
off = pos + idx*keyinfolen;
|
|
|
|
|
if (!memcmp (buffer + off + fproff, fpr, fprlen))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
return 0; /* not found */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
blob_cmp_name (KEYBOXBLOB blob, int idx,
|
2013-01-07 15:41:10 +01:00
|
|
|
|
const char *name, size_t namelen, int substr, int x509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t pos, off, len;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
size_t nuids, uidinfolen;
|
|
|
|
|
size_t nserial;
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
|
|
|
|
/*keys*/
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
pos = 20 + keyinfolen*nkeys;
|
|
|
|
|
if (pos+2 > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
/*serial*/
|
2011-02-04 12:57:53 +01:00
|
|
|
|
nserial = get16 (buffer+pos);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
pos += 2 + nserial;
|
|
|
|
|
if (pos+4 > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
/* user ids*/
|
|
|
|
|
nuids = get16 (buffer + pos); pos += 2;
|
|
|
|
|
uidinfolen = get16 (buffer + pos); pos += 2;
|
|
|
|
|
if (uidinfolen < 12 /* should add a: || nuidinfolen > MAX_UIDINFOLEN */)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
if (pos + uidinfolen*nuids > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
if (idx < 0)
|
2013-01-07 15:41:10 +01:00
|
|
|
|
{ /* Compare all names. Note that for X.509 we start with index 1
|
|
|
|
|
so to skip the issuer at index 0. */
|
|
|
|
|
for (idx = !!x509; idx < nuids; idx++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
size_t mypos = pos;
|
|
|
|
|
|
|
|
|
|
mypos += idx*uidinfolen;
|
|
|
|
|
off = get32 (buffer+mypos);
|
|
|
|
|
len = get32 (buffer+mypos+4);
|
|
|
|
|
if (off+len > length)
|
|
|
|
|
return 0; /* error: better stop here out of bounds */
|
|
|
|
|
if (len < 1)
|
|
|
|
|
continue; /* empty name */
|
|
|
|
|
if (substr)
|
|
|
|
|
{
|
|
|
|
|
if (ascii_memcasemem (buffer+off, len, name, namelen))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (len == namelen && !memcmp (buffer+off, name, len))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (idx > nuids)
|
|
|
|
|
return 0; /* no user ID with that idx */
|
|
|
|
|
pos += idx*uidinfolen;
|
|
|
|
|
off = get32 (buffer+pos);
|
|
|
|
|
len = get32 (buffer+pos+4);
|
|
|
|
|
if (off+len > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
if (len < 1)
|
|
|
|
|
return 0; /* empty name */
|
|
|
|
|
|
|
|
|
|
if (substr)
|
|
|
|
|
{
|
2013-01-07 21:14:52 +01:00
|
|
|
|
if (ascii_memcasemem (buffer+off, len, name, namelen))
|
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2013-01-07 21:14:52 +01:00
|
|
|
|
if (len == namelen && !memcmp (buffer+off, name, len))
|
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return 0; /* not found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-01-07 15:41:10 +01:00
|
|
|
|
/* Compare all email addresses of the subject. With SUBSTR given as
|
|
|
|
|
True a substring search is done in the mail address. If X509
|
|
|
|
|
states whether thr search is done on an X.509 blob. */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
static int
|
2013-01-07 15:41:10 +01:00
|
|
|
|
blob_cmp_mail (KEYBOXBLOB blob, const char *name, size_t namelen, int substr,
|
|
|
|
|
int x509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t pos, off, len;
|
|
|
|
|
size_t nkeys, keyinfolen;
|
|
|
|
|
size_t nuids, uidinfolen;
|
|
|
|
|
size_t nserial;
|
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
|
|
/* fixme: this code is common to blob_cmp_mail */
|
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* blob too short */
|
|
|
|
|
|
|
|
|
|
/*keys*/
|
|
|
|
|
nkeys = get16 (buffer + 16);
|
|
|
|
|
keyinfolen = get16 (buffer + 18 );
|
|
|
|
|
if (keyinfolen < 28)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
pos = 20 + keyinfolen*nkeys;
|
|
|
|
|
if (pos+2 > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
/*serial*/
|
2011-02-04 12:57:53 +01:00
|
|
|
|
nserial = get16 (buffer+pos);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
pos += 2 + nserial;
|
|
|
|
|
if (pos+4 > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
/* user ids*/
|
|
|
|
|
nuids = get16 (buffer + pos); pos += 2;
|
|
|
|
|
uidinfolen = get16 (buffer + pos); pos += 2;
|
|
|
|
|
if (uidinfolen < 12 /* should add a: || nuidinfolen > MAX_UIDINFOLEN */)
|
|
|
|
|
return 0; /* invalid blob */
|
|
|
|
|
if (pos + uidinfolen*nuids > length)
|
|
|
|
|
return 0; /* out of bounds */
|
|
|
|
|
|
|
|
|
|
if (namelen < 1)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2013-01-07 15:41:10 +01:00
|
|
|
|
/* Note that for X.509 we start at index 1 becuase index 0 is used
|
|
|
|
|
for the issuer name. */
|
|
|
|
|
for (idx=!!x509 ;idx < nuids; idx++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
size_t mypos = pos;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
mypos += idx*uidinfolen;
|
|
|
|
|
off = get32 (buffer+mypos);
|
|
|
|
|
len = get32 (buffer+mypos+4);
|
|
|
|
|
if (off+len > length)
|
|
|
|
|
return 0; /* error: better stop here out of bounds */
|
2013-01-07 15:41:10 +01:00
|
|
|
|
if (!x509)
|
|
|
|
|
{
|
|
|
|
|
/* For OpenPGP we need to forward to the mailbox part. */
|
|
|
|
|
for ( ;len && buffer[off] != '<'; len--, off++)
|
|
|
|
|
;
|
|
|
|
|
}
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (len < 2 || buffer[off] != '<')
|
|
|
|
|
continue; /* empty name or trailing 0 not stored */
|
|
|
|
|
len--; /* one back */
|
|
|
|
|
if ( len < 3 || buffer[off+len] != '>')
|
|
|
|
|
continue; /* not a proper email address */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
len--;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (substr)
|
|
|
|
|
{
|
|
|
|
|
if (ascii_memcasemem (buffer+off+1, len, name, namelen))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
if (len == namelen && !ascii_memcasecmp (buffer+off+1, name, len))
|
2013-01-07 21:14:52 +01:00
|
|
|
|
return idx+1; /* found */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0; /* not found */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2006-10-20 13:38:48 +02:00
|
|
|
|
#ifdef KEYBOX_WITH_X509
|
|
|
|
|
/* Return true if the key in BLOB matches the 20 bytes keygrip GRIP.
|
2009-03-06 18:31:27 +01:00
|
|
|
|
We don't have the keygrips as meta data, thus we need to parse the
|
2008-04-01 17:08:57 +02:00
|
|
|
|
certificate. Fixme: We might want to return proper error codes
|
2006-10-20 13:38:48 +02:00
|
|
|
|
instead of failing a search for invalid certificates etc. */
|
|
|
|
|
static int
|
|
|
|
|
blob_x509_has_grip (KEYBOXBLOB blob, const unsigned char *grip)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t cert_off, cert_len;
|
|
|
|
|
ksba_reader_t reader = NULL;
|
|
|
|
|
ksba_cert_t cert = NULL;
|
|
|
|
|
ksba_sexp_t p = NULL;
|
|
|
|
|
gcry_sexp_t s_pkey;
|
|
|
|
|
unsigned char array[20];
|
|
|
|
|
unsigned char *rcp;
|
|
|
|
|
size_t n;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2006-10-20 13:38:48 +02:00
|
|
|
|
buffer = _keybox_get_blob_image (blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return 0; /* Too short. */
|
|
|
|
|
cert_off = get32 (buffer+8);
|
|
|
|
|
cert_len = get32 (buffer+12);
|
|
|
|
|
if (cert_off+cert_len > length)
|
|
|
|
|
return 0; /* Too short. */
|
|
|
|
|
|
|
|
|
|
rc = ksba_reader_new (&reader);
|
|
|
|
|
if (rc)
|
|
|
|
|
return 0; /* Problem with ksba. */
|
|
|
|
|
rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
|
|
|
|
|
if (rc)
|
|
|
|
|
goto failed;
|
|
|
|
|
rc = ksba_cert_new (&cert);
|
|
|
|
|
if (rc)
|
|
|
|
|
goto failed;
|
|
|
|
|
rc = ksba_cert_read_der (cert, reader);
|
|
|
|
|
if (rc)
|
|
|
|
|
goto failed;
|
|
|
|
|
p = ksba_cert_get_public_key (cert);
|
|
|
|
|
if (!p)
|
|
|
|
|
goto failed;
|
|
|
|
|
n = gcry_sexp_canon_len (p, 0, NULL, NULL);
|
|
|
|
|
if (!n)
|
|
|
|
|
goto failed;
|
|
|
|
|
rc = gcry_sexp_sscan (&s_pkey, NULL, (char*)p, n);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
goto failed;
|
|
|
|
|
}
|
|
|
|
|
rcp = gcry_pk_get_keygrip (s_pkey, array);
|
|
|
|
|
gcry_sexp_release (s_pkey);
|
|
|
|
|
if (!rcp)
|
|
|
|
|
goto failed; /* Can't calculate keygrip. */
|
|
|
|
|
|
|
|
|
|
xfree (p);
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
ksba_reader_release (reader);
|
|
|
|
|
return !memcmp (array, grip, 20);
|
|
|
|
|
failed:
|
|
|
|
|
xfree (p);
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
ksba_reader_release (reader);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#endif /*KEYBOX_WITH_X509*/
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
2011-02-04 12:57:53 +01:00
|
|
|
|
The has_foo functions are used as helpers for search
|
2003-06-05 09:14:21 +02:00
|
|
|
|
*/
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2009-12-08 17:30:33 +01:00
|
|
|
|
has_short_kid (KEYBOXBLOB blob, u32 lkid)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
2009-12-08 17:30:33 +01:00
|
|
|
|
unsigned char buf[4];
|
|
|
|
|
buf[0] = lkid >> 24;
|
|
|
|
|
buf[1] = lkid >> 16;
|
|
|
|
|
buf[2] = lkid >> 8;
|
|
|
|
|
buf[3] = lkid;
|
|
|
|
|
return blob_cmp_fpr_part (blob, buf, 16, 4);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2009-12-08 17:30:33 +01:00
|
|
|
|
has_long_kid (KEYBOXBLOB blob, u32 mkid, u32 lkid)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
2009-12-08 17:30:33 +01:00
|
|
|
|
unsigned char buf[8];
|
|
|
|
|
buf[0] = mkid >> 24;
|
|
|
|
|
buf[1] = mkid >> 16;
|
|
|
|
|
buf[2] = mkid >> 8;
|
|
|
|
|
buf[3] = mkid;
|
|
|
|
|
buf[4] = lkid >> 24;
|
|
|
|
|
buf[5] = lkid >> 16;
|
|
|
|
|
buf[6] = lkid >> 8;
|
|
|
|
|
buf[7] = lkid;
|
|
|
|
|
return blob_cmp_fpr_part (blob, buf, 12, 8);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr)
|
|
|
|
|
{
|
|
|
|
|
return blob_cmp_fpr (blob, fpr);
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-20 13:38:48 +02:00
|
|
|
|
static inline int
|
|
|
|
|
has_keygrip (KEYBOXBLOB blob, const unsigned char *grip)
|
|
|
|
|
{
|
|
|
|
|
#ifdef KEYBOX_WITH_X509
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (blob) == KEYBOX_BLOBTYPE_X509)
|
2006-10-20 13:38:48 +02:00
|
|
|
|
return blob_x509_has_grip (blob, grip);
|
|
|
|
|
#endif
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_issuer (KEYBOXBLOB blob, const char *name)
|
|
|
|
|
{
|
|
|
|
|
size_t namelen;
|
|
|
|
|
|
|
|
|
|
return_val_if_fail (name, 0);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
namelen = strlen (name);
|
2013-01-07 15:41:10 +01:00
|
|
|
|
return blob_cmp_name (blob, 0 /* issuer */, name, namelen, 0, 1);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_issuer_sn (KEYBOXBLOB blob, const char *name,
|
|
|
|
|
const unsigned char *sn, int snlen)
|
|
|
|
|
{
|
|
|
|
|
size_t namelen;
|
|
|
|
|
|
|
|
|
|
return_val_if_fail (name, 0);
|
|
|
|
|
return_val_if_fail (sn, 0);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
namelen = strlen (name);
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return (blob_cmp_sn (blob, sn, snlen)
|
2013-01-07 15:41:10 +01:00
|
|
|
|
&& blob_cmp_name (blob, 0 /* issuer */, name, namelen, 0, 1));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
|
|
|
|
|
{
|
|
|
|
|
return_val_if_fail (sn, 0);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
return blob_cmp_sn (blob, sn, snlen);
|
|
|
|
|
}
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_subject (KEYBOXBLOB blob, const char *name)
|
|
|
|
|
{
|
|
|
|
|
size_t namelen;
|
|
|
|
|
|
|
|
|
|
return_val_if_fail (name, 0);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (blob) != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
namelen = strlen (name);
|
2013-01-07 15:41:10 +01:00
|
|
|
|
return blob_cmp_name (blob, 1 /* subject */, name, namelen, 0, 1);
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
2013-01-07 15:41:10 +01:00
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2013-01-07 15:41:10 +01:00
|
|
|
|
has_username (KEYBOXBLOB blob, const char *name, int substr)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
size_t namelen;
|
2013-01-07 15:41:10 +01:00
|
|
|
|
int btype;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
|
|
return_val_if_fail (name, 0);
|
|
|
|
|
|
2013-01-07 15:41:10 +01:00
|
|
|
|
btype = blob_get_type (blob);
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (btype != KEYBOX_BLOBTYPE_PGP && btype != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
namelen = strlen (name);
|
2013-01-07 15:41:10 +01:00
|
|
|
|
return blob_cmp_name (blob, -1 /* all subject/user names */, name,
|
2014-10-31 12:15:34 +01:00
|
|
|
|
namelen, substr, (btype == KEYBOX_BLOBTYPE_X509));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
static inline int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
has_mail (KEYBOXBLOB blob, const char *name, int substr)
|
|
|
|
|
{
|
|
|
|
|
size_t namelen;
|
2013-01-07 15:41:10 +01:00
|
|
|
|
int btype;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
|
|
return_val_if_fail (name, 0);
|
|
|
|
|
|
2013-01-07 15:41:10 +01:00
|
|
|
|
btype = blob_get_type (blob);
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (btype != KEYBOX_BLOBTYPE_PGP && btype != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return 0;
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (btype == KEYBOX_BLOBTYPE_PGP && *name == '<')
|
2013-01-07 15:41:10 +01:00
|
|
|
|
name++; /* Hack to remove the leading '<' for gpg. */
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
namelen = strlen (name);
|
|
|
|
|
if (namelen && name[namelen-1] == '>')
|
|
|
|
|
namelen--;
|
2014-10-31 12:15:34 +01:00
|
|
|
|
return blob_cmp_mail (blob, name, namelen, substr,
|
|
|
|
|
(btype == KEYBOX_BLOBTYPE_X509));
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
release_sn_array (struct sn_array_s *array, size_t size)
|
|
|
|
|
{
|
|
|
|
|
size_t n;
|
|
|
|
|
|
|
|
|
|
for (n=0; n < size; n++)
|
|
|
|
|
xfree (array[n].sn);
|
|
|
|
|
xfree (array);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
|
|
|
|
|
The search API
|
|
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
int
|
2003-06-05 09:14:21 +02:00
|
|
|
|
keybox_search_reset (KEYBOX_HANDLE hd)
|
|
|
|
|
{
|
|
|
|
|
if (!hd)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
if (hd->found.blob)
|
|
|
|
|
{
|
|
|
|
|
_keybox_release_blob (hd->found.blob);
|
|
|
|
|
hd->found.blob = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (hd->fp)
|
|
|
|
|
{
|
|
|
|
|
fclose (hd->fp);
|
|
|
|
|
hd->fp = NULL;
|
|
|
|
|
}
|
|
|
|
|
hd->error = 0;
|
|
|
|
|
hd->eof = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
return 0;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Note: When in ephemeral mode the search function does visit all
|
2014-10-09 21:01:49 +02:00
|
|
|
|
blobs but in standard mode, blobs flagged as ephemeral are ignored.
|
2014-10-31 12:15:34 +01:00
|
|
|
|
If WANT_BLOBTYPE is not 0 only blobs of this type are considered.
|
2014-10-09 21:01:49 +02:00
|
|
|
|
The value at R_SKIPPED is updated by the number of skipped long
|
|
|
|
|
records (counts PGP and X.509). */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
int
|
2014-05-14 16:32:49 +02:00
|
|
|
|
keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
|
2014-10-31 12:15:34 +01:00
|
|
|
|
keybox_blobtype_t want_blobtype,
|
2014-10-09 21:01:49 +02:00
|
|
|
|
size_t *r_descindex, unsigned long *r_skipped)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
int rc;
|
|
|
|
|
size_t n;
|
|
|
|
|
int need_words, any_skip;
|
|
|
|
|
KEYBOXBLOB blob = NULL;
|
|
|
|
|
struct sn_array_s *sn_array = NULL;
|
2013-01-07 21:14:52 +01:00
|
|
|
|
int pk_no, uid_no;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
|
|
if (!hd)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
|
|
/* clear last found result */
|
|
|
|
|
if (hd->found.blob)
|
|
|
|
|
{
|
|
|
|
|
_keybox_release_blob (hd->found.blob);
|
|
|
|
|
hd->found.blob = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (hd->error)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return hd->error; /* still in error state */
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (hd->eof)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return -1; /* still EOF */
|
|
|
|
|
|
|
|
|
|
/* figure out what information we need */
|
|
|
|
|
need_words = any_skip = 0;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (n=0; n < ndesc; n++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
switch (desc[n].mode)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_WORDS:
|
2003-06-05 09:14:21 +02:00
|
|
|
|
need_words = 1;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_FIRST:
|
|
|
|
|
/* always restart the search in this mode */
|
|
|
|
|
keybox_search_reset (hd);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
if (desc[n].skipfnc)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
any_skip = 1;
|
|
|
|
|
if (desc[n].snlen == -1 && !sn_array)
|
|
|
|
|
{
|
|
|
|
|
sn_array = xtrycalloc (ndesc, sizeof *sn_array);
|
|
|
|
|
if (!sn_array)
|
2008-05-06 16:03:36 +02:00
|
|
|
|
return (hd->error = gpg_error_from_syserror ());
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-06-24 16:03:09 +02:00
|
|
|
|
(void)need_words; /* Not yet implemented. */
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (!hd->fp)
|
|
|
|
|
{
|
|
|
|
|
hd->fp = fopen (hd->kb->fname, "rb");
|
|
|
|
|
if (!hd->fp)
|
|
|
|
|
{
|
2008-05-06 16:03:36 +02:00
|
|
|
|
hd->error = gpg_error_from_syserror ();
|
2003-06-05 09:14:21 +02:00
|
|
|
|
xfree (sn_array);
|
|
|
|
|
return hd->error;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-04-01 17:08:57 +02:00
|
|
|
|
/* Kludge: We need to convert an SN given as hexstring to its binary
|
|
|
|
|
representation - in some cases we are not able to store it in the
|
|
|
|
|
search descriptor, because due to the way we use it, it is not
|
|
|
|
|
possible to free allocated memory. */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (sn_array)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *s;
|
|
|
|
|
int i, odd;
|
|
|
|
|
size_t snlen;
|
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (n=0; n < ndesc; n++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
if (!desc[n].sn)
|
|
|
|
|
;
|
|
|
|
|
else if (desc[n].snlen == -1)
|
|
|
|
|
{
|
|
|
|
|
unsigned char *sn;
|
|
|
|
|
|
|
|
|
|
s = desc[n].sn;
|
|
|
|
|
for (i=0; *s && *s != '/'; s++, i++)
|
|
|
|
|
;
|
|
|
|
|
odd = (i & 1);
|
|
|
|
|
snlen = (i+1)/2;
|
|
|
|
|
sn_array[n].sn = xtrymalloc (snlen);
|
|
|
|
|
if (!sn_array[n].sn)
|
|
|
|
|
{
|
2008-05-06 16:03:36 +02:00
|
|
|
|
hd->error = gpg_error_from_syserror ();
|
2003-06-05 09:14:21 +02:00
|
|
|
|
release_sn_array (sn_array, n);
|
|
|
|
|
return hd->error;
|
|
|
|
|
}
|
|
|
|
|
sn_array[n].snlen = snlen;
|
|
|
|
|
sn = sn_array[n].sn;
|
|
|
|
|
s = desc[n].sn;
|
|
|
|
|
if (odd)
|
|
|
|
|
{
|
|
|
|
|
*sn++ = xtoi_1 (s);
|
|
|
|
|
s++;
|
|
|
|
|
}
|
|
|
|
|
for (; *s && *s != '/'; s += 2)
|
|
|
|
|
*sn++ = xtoi_2 (s);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *sn;
|
|
|
|
|
|
|
|
|
|
sn = desc[n].sn;
|
|
|
|
|
snlen = desc[n].snlen;
|
|
|
|
|
sn_array[n].sn = xtrymalloc (snlen);
|
|
|
|
|
if (!sn_array[n].sn)
|
|
|
|
|
{
|
2008-05-06 16:03:36 +02:00
|
|
|
|
hd->error = gpg_error_from_syserror ();
|
2003-06-05 09:14:21 +02:00
|
|
|
|
release_sn_array (sn_array, n);
|
|
|
|
|
return hd->error;
|
|
|
|
|
}
|
|
|
|
|
sn_array[n].snlen = snlen;
|
|
|
|
|
memcpy (sn_array[n].sn, sn, snlen);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-01-07 21:14:52 +01:00
|
|
|
|
pk_no = uid_no = 0;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
for (;;)
|
|
|
|
|
{
|
|
|
|
|
unsigned int blobflags;
|
2014-10-31 12:15:34 +01:00
|
|
|
|
int blobtype;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
|
|
|
|
_keybox_release_blob (blob); blob = NULL;
|
|
|
|
|
rc = _keybox_read_blob (&blob, hd->fp);
|
2014-10-09 21:01:49 +02:00
|
|
|
|
if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
|
|
|
|
|
&& gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
|
|
|
|
|
{
|
|
|
|
|
++*r_skipped;
|
|
|
|
|
continue; /* Skip too large records. */
|
|
|
|
|
}
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (rc)
|
|
|
|
|
break;
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
blobtype = blob_get_type (blob);
|
|
|
|
|
if (blobtype == KEYBOX_BLOBTYPE_HEADER)
|
|
|
|
|
continue;
|
|
|
|
|
if (want_blobtype && blobtype != want_blobtype)
|
2004-04-26 10:09:25 +02:00
|
|
|
|
continue;
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
blobflags = blob_get_blob_flags (blob);
|
|
|
|
|
if (!hd->ephemeral && (blobflags & 2))
|
2007-03-20 17:57:40 +01:00
|
|
|
|
continue; /* Not in ephemeral mode but blob is flagged ephemeral. */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (n=0; n < ndesc; n++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
switch (desc[n].mode)
|
|
|
|
|
{
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_NONE:
|
2003-06-05 09:14:21 +02:00
|
|
|
|
never_reached ();
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_EXACT:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
uid_no = has_username (blob, desc[n].u.name, 0);
|
|
|
|
|
if (uid_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_MAIL:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
uid_no = has_mail (blob, desc[n].u.name, 0);
|
|
|
|
|
if (uid_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_MAILSUB:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
uid_no = has_mail (blob, desc[n].u.name, 1);
|
|
|
|
|
if (uid_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_SUBSTR:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
uid_no = has_username (blob, desc[n].u.name, 1);
|
|
|
|
|
if (uid_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_MAILEND:
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_WORDS:
|
2014-11-07 18:42:37 +01:00
|
|
|
|
/* not yet implemented */
|
2003-06-05 09:14:21 +02:00
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_ISSUER:
|
|
|
|
|
if (has_issuer (blob, desc[n].u.name))
|
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_ISSUER_SN:
|
|
|
|
|
if (has_issuer_sn (blob, desc[n].u.name,
|
|
|
|
|
sn_array? sn_array[n].sn : desc[n].sn,
|
|
|
|
|
sn_array? sn_array[n].snlen : desc[n].snlen))
|
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_SN:
|
|
|
|
|
if (has_sn (blob, sn_array? sn_array[n].sn : desc[n].sn,
|
|
|
|
|
sn_array? sn_array[n].snlen : desc[n].snlen))
|
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_SUBJECT:
|
|
|
|
|
if (has_subject (blob, desc[n].u.name))
|
|
|
|
|
goto found;
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_SHORT_KID:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
pk_no = has_short_kid (blob, desc[n].u.kid[1]);
|
|
|
|
|
if (pk_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_LONG_KID:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
pk_no = has_long_kid (blob, desc[n].u.kid[0], desc[n].u.kid[1]);
|
|
|
|
|
if (pk_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
|
|
|
|
case KEYDB_SEARCH_MODE_FPR:
|
|
|
|
|
case KEYDB_SEARCH_MODE_FPR20:
|
2013-01-07 21:14:52 +01:00
|
|
|
|
pk_no = has_fingerprint (blob, desc[n].u.fpr);
|
|
|
|
|
if (pk_no)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
2006-10-20 13:38:48 +02:00
|
|
|
|
case KEYDB_SEARCH_MODE_KEYGRIP:
|
|
|
|
|
if (has_keygrip (blob, desc[n].u.grip))
|
|
|
|
|
goto found;
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_FIRST:
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
case KEYDB_SEARCH_MODE_NEXT:
|
2003-06-05 09:14:21 +02:00
|
|
|
|
goto found;
|
|
|
|
|
break;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
default:
|
2003-06-05 09:14:21 +02:00
|
|
|
|
rc = gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
goto found;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
continue;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
found:
|
2014-05-14 16:32:49 +02:00
|
|
|
|
/* Record which DESC we matched on. Note this value is only
|
|
|
|
|
meaningful if this function returns with no errors. */
|
|
|
|
|
if(r_descindex)
|
|
|
|
|
*r_descindex = n;
|
2011-02-04 12:57:53 +01:00
|
|
|
|
for (n=any_skip?0:ndesc; n < ndesc; n++)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
2015-01-16 16:56:35 +01:00
|
|
|
|
u32 kid[2];
|
|
|
|
|
|
|
|
|
|
if (desc[n].skipfnc
|
2015-01-19 14:58:06 +01:00
|
|
|
|
&& blob_get_first_keyid (blob, kid)
|
2015-01-16 16:56:35 +01:00
|
|
|
|
&& desc[n].skipfnc (desc[n].skipfncvalue, kid, NULL))
|
|
|
|
|
break;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
if (n == ndesc)
|
|
|
|
|
break; /* got it */
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
if (!rc)
|
|
|
|
|
{
|
|
|
|
|
hd->found.blob = blob;
|
2013-01-07 21:14:52 +01:00
|
|
|
|
hd->found.pk_no = pk_no;
|
|
|
|
|
hd->found.uid_no = uid_no;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
else if (rc == -1)
|
|
|
|
|
{
|
|
|
|
|
_keybox_release_blob (blob);
|
|
|
|
|
hd->eof = 1;
|
|
|
|
|
}
|
2011-02-04 12:57:53 +01:00
|
|
|
|
else
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
_keybox_release_blob (blob);
|
|
|
|
|
hd->error = rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (sn_array)
|
|
|
|
|
release_sn_array (sn_array, ndesc);
|
|
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Functions to return a certificate or a keyblock. To be used after
|
|
|
|
|
a successful search operation.
|
|
|
|
|
*/
|
2012-12-28 14:03:16 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Return the last found keyblock. Returns 0 on success and stores a
|
2012-12-28 17:17:56 +01:00
|
|
|
|
new iobuf at R_IOBUF and a signature status vector at R_SIGSTATUS
|
2013-01-07 21:14:52 +01:00
|
|
|
|
in that case. R_UID_NO and R_PK_NO are used to retun the number of
|
|
|
|
|
the key or user id which was matched the search criteria; if not
|
|
|
|
|
known they are set to 0. */
|
2012-12-28 14:03:16 +01:00
|
|
|
|
gpg_error_t
|
2013-01-07 21:14:52 +01:00
|
|
|
|
keybox_get_keyblock (KEYBOX_HANDLE hd, iobuf_t *r_iobuf,
|
|
|
|
|
int *r_pk_no, int *r_uid_no, u32 **r_sigstatus)
|
2012-12-28 14:03:16 +01:00
|
|
|
|
{
|
2012-12-28 17:17:56 +01:00
|
|
|
|
gpg_error_t err;
|
|
|
|
|
const unsigned char *buffer, *p;
|
2012-12-28 14:03:16 +01:00
|
|
|
|
size_t length;
|
|
|
|
|
size_t image_off, image_len;
|
2012-12-28 17:17:56 +01:00
|
|
|
|
size_t siginfo_off, siginfo_len;
|
|
|
|
|
u32 *sigstatus, n, n_sigs, sigilen;
|
2012-12-28 14:03:16 +01:00
|
|
|
|
|
|
|
|
|
*r_iobuf = NULL;
|
2012-12-28 17:17:56 +01:00
|
|
|
|
*r_sigstatus = NULL;
|
2012-12-28 14:03:16 +01:00
|
|
|
|
|
|
|
|
|
if (!hd)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
if (!hd->found.blob)
|
|
|
|
|
return gpg_error (GPG_ERR_NOTHING_FOUND);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (hd->found.blob) != KEYBOX_BLOBTYPE_PGP)
|
2012-12-28 14:03:16 +01:00
|
|
|
|
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (hd->found.blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return gpg_error (GPG_ERR_TOO_SHORT);
|
|
|
|
|
image_off = get32 (buffer+8);
|
|
|
|
|
image_len = get32 (buffer+12);
|
|
|
|
|
if (image_off+image_len > length)
|
|
|
|
|
return gpg_error (GPG_ERR_TOO_SHORT);
|
|
|
|
|
|
2012-12-28 17:17:56 +01:00
|
|
|
|
err = _keybox_get_flag_location (buffer, length, KEYBOX_FLAG_SIG_INFO,
|
|
|
|
|
&siginfo_off, &siginfo_len);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
n_sigs = get16 (buffer + siginfo_off);
|
|
|
|
|
sigilen = get16 (buffer + siginfo_off + 2);
|
|
|
|
|
p = buffer + siginfo_off + 4;
|
|
|
|
|
sigstatus = xtrymalloc ((1+n_sigs) * sizeof *sigstatus);
|
|
|
|
|
if (!sigstatus)
|
|
|
|
|
return gpg_error_from_syserror ();
|
|
|
|
|
sigstatus[0] = n_sigs;
|
|
|
|
|
for (n=1; n <= n_sigs; n++, p += sigilen)
|
|
|
|
|
sigstatus[n] = get32 (p);
|
|
|
|
|
|
2013-01-07 21:14:52 +01:00
|
|
|
|
*r_pk_no = hd->found.pk_no;
|
|
|
|
|
*r_uid_no = hd->found.uid_no;
|
2012-12-28 17:17:56 +01:00
|
|
|
|
*r_sigstatus = sigstatus;
|
2012-12-28 14:03:16 +01:00
|
|
|
|
*r_iobuf = iobuf_temp_with_content (buffer+image_off, image_len);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2003-06-05 09:14:21 +02:00
|
|
|
|
#ifdef KEYBOX_WITH_X509
|
|
|
|
|
/*
|
|
|
|
|
Return the last found cert. Caller must free it.
|
|
|
|
|
*/
|
|
|
|
|
int
|
2003-12-17 13:27:21 +01:00
|
|
|
|
keybox_get_cert (KEYBOX_HANDLE hd, ksba_cert_t *r_cert)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
size_t cert_off, cert_len;
|
2003-12-17 13:27:21 +01:00
|
|
|
|
ksba_reader_t reader = NULL;
|
|
|
|
|
ksba_cert_t cert = NULL;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
int rc;
|
|
|
|
|
|
|
|
|
|
if (!hd)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
if (!hd->found.blob)
|
|
|
|
|
return gpg_error (GPG_ERR_NOTHING_FOUND);
|
|
|
|
|
|
2014-10-31 12:15:34 +01:00
|
|
|
|
if (blob_get_type (hd->found.blob) != KEYBOX_BLOBTYPE_X509)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
return gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (hd->found.blob, &length);
|
|
|
|
|
if (length < 40)
|
|
|
|
|
return gpg_error (GPG_ERR_TOO_SHORT);
|
|
|
|
|
cert_off = get32 (buffer+8);
|
|
|
|
|
cert_len = get32 (buffer+12);
|
|
|
|
|
if (cert_off+cert_len > length)
|
|
|
|
|
return gpg_error (GPG_ERR_TOO_SHORT);
|
|
|
|
|
|
2003-11-12 16:17:44 +01:00
|
|
|
|
rc = ksba_reader_new (&reader);
|
|
|
|
|
if (rc)
|
|
|
|
|
return rc;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
rc = ksba_reader_set_mem (reader, buffer+cert_off, cert_len);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
ksba_reader_release (reader);
|
|
|
|
|
/* fixme: need to map the error codes */
|
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
|
|
|
|
}
|
|
|
|
|
|
2003-11-12 16:17:44 +01:00
|
|
|
|
rc = ksba_cert_new (&cert);
|
|
|
|
|
if (rc)
|
2003-06-05 09:14:21 +02:00
|
|
|
|
{
|
|
|
|
|
ksba_reader_release (reader);
|
2003-11-12 16:17:44 +01:00
|
|
|
|
return rc;
|
2003-06-05 09:14:21 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = ksba_cert_read_der (cert, reader);
|
|
|
|
|
if (rc)
|
|
|
|
|
{
|
|
|
|
|
ksba_cert_release (cert);
|
|
|
|
|
ksba_reader_release (reader);
|
|
|
|
|
/* fixme: need to map the error codes */
|
|
|
|
|
return gpg_error (GPG_ERR_GENERAL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*r_cert = cert;
|
|
|
|
|
ksba_reader_release (reader);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /*KEYBOX_WITH_X509*/
|
2004-02-02 18:09:35 +01:00
|
|
|
|
|
2004-04-26 10:09:25 +02:00
|
|
|
|
/* Return the flags named WHAT at the address of VALUE. IDX is used
|
2004-02-02 18:09:35 +01:00
|
|
|
|
only for certain flags and should be 0 if not required. */
|
|
|
|
|
int
|
|
|
|
|
keybox_get_flags (KEYBOX_HANDLE hd, int what, int idx, unsigned int *value)
|
|
|
|
|
{
|
|
|
|
|
const unsigned char *buffer;
|
|
|
|
|
size_t length;
|
|
|
|
|
gpg_err_code_t ec;
|
|
|
|
|
|
2008-10-20 15:53:23 +02:00
|
|
|
|
(void)idx; /* Not yet used. */
|
|
|
|
|
|
2004-02-02 18:09:35 +01:00
|
|
|
|
if (!hd)
|
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
if (!hd->found.blob)
|
|
|
|
|
return gpg_error (GPG_ERR_NOTHING_FOUND);
|
|
|
|
|
|
|
|
|
|
buffer = _keybox_get_blob_image (hd->found.blob, &length);
|
|
|
|
|
ec = get_flag_from_image (buffer, length, what, value);
|
|
|
|
|
return ec? gpg_error (ec):0;
|
|
|
|
|
}
|