gnupg/kbx/backend-support.c

/* backend-support.c - Supporting functions for the backend.
 * Copyright (C) 2019 g10 Code GmbH
 *
 * This file is part of GnuPG.
 *
 * GnuPG is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * GnuPG is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <https://www.gnu.org/licenses/>.
 * SPDX-License-Identifier: GPL-3.0+
 */

#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>

#include "keyboxd.h"
#include "../common/i18n.h"
#include "../common/asshelp.h"
#include "../common/tlv.h"
#include "backend.h"
#include "keybox-defs.h"


/* Common definition part of all backend handle.  All definitions of
 * this structure must start with these fields.  */
struct backend_handle_s
{
  enum database_types db_type;
  unsigned int backend_id;
};



/* Return a string with the name of the database type T.  */
const char *
strdbtype (enum database_types t)
{
  switch (t)
    {
    case DB_TYPE_NONE: return "none";
    case DB_TYPE_CACHE:return "cache";
    case DB_TYPE_KBX:  return "keybox";
    }
  return "?";
}


/* Return a new backend ID.  Backend IDs are used to identify backends
 * without using the actual object.  The number of backend resources
 * is limited because they are specified in the config file.  Thus an
 * overflow check is not required.  */
unsigned int
be_new_backend_id (void)
{
  static unsigned int last;

  return ++last;
}


/* Release the backend described by HD.  This is a generic function
 * which dispatches to the the actual backend.  */
void
be_generic_release_backend (ctrl_t ctrl, backend_handle_t hd)
{
  if (!hd)
    return;
  switch (hd->db_type)
    {
    case DB_TYPE_NONE:
      xfree (hd);
      break;
    case DB_TYPE_CACHE:
      be_cache_release_resource (ctrl, hd);
      break;
    case DB_TYPE_KBX:
      be_kbx_release_resource (ctrl, hd);
      break;
    default:
      log_error ("%s: faulty backend handle of type %d given\n",
                 __func__, hd->db_type);
    }
}


/* Release the request object REQ.  */
void
be_release_request (db_request_t req)
{
  db_request_part_t part, partn;

  if (!req)
    return;

  for (part = req->part; part; part = partn)
    {
      partn = part->next;
      be_kbx_release_kbx_hd (part->kbx_hd);
      xfree (part);
    }
}


/* Given the backend handle BACKEND_HD and the REQUEST find or
 * allocate a request part for that backend and store it at R_PART.
 * On error R_PART is set to NULL and an error returned.  */
gpg_error_t
be_find_request_part (backend_handle_t backend_hd, db_request_t request,
                      db_request_part_t *r_part)
{
  gpg_error_t err;
  db_request_part_t part;

  for (part = request->part; part; part = part->next)
    if (part->backend_id == backend_hd->backend_id)
      break;
  if (!part)
    {
      part = xtrycalloc (1, sizeof *part);
      if (!part)
        return gpg_error_from_syserror ();
      part->backend_id = backend_hd->backend_id;
      if (backend_hd->db_type == DB_TYPE_KBX)
        {
          err = be_kbx_init_request_part (backend_hd, part);
          if (err)
            {
              xfree (part);
              return err;
            }
        }
      part->next = request->part;
      request->part = part;
    }
  *r_part = part;
  return 0;
}


/* Return the public key (BUFFER,BUFLEN) which has the type
 * PUBKEY_TYPE to the caller.  */
gpg_error_t
be_return_pubkey (ctrl_t ctrl, const void *buffer, size_t buflen,
                  enum pubkey_types pubkey_type, const unsigned char *ubid)
{
  gpg_error_t err;
  char hexubid[41];

  bin2hex (ubid, 20, hexubid);
  err = status_printf (ctrl, "PUBKEY_INFO", "%d %s", pubkey_type, hexubid);
  if (err)
    goto leave;

  if (ctrl->no_data_return)
    err = 0;
  else
    err = kbxd_write_data_line(ctrl, buffer, buflen);

 leave:
  return err;
}



/* Return true if (BLOB/BLOBLEN) seems to be an X509 certificate.  */
static int
is_x509_blob (const unsigned char *blob, size_t bloblen)
{
  const unsigned char *p;
  size_t n, objlen, hdrlen;
  int class, tag, cons, ndef;

  /* An X.509 certificate can be identified by this DER encoding:
   *
   *  30 82 05 B8 30 82 04 A0 A0 03 02 01 02 02 07 15 46 A0 BF 30 07 39
   *  ----------- +++++++++++ ----- ++++++++ --------------------------
   *  SEQUENCE    SEQUENCE    [0]   INTEGER  INTEGER
   *              (tbs)            (version) (s/n)
   *
   */

  p = blob;
  n = bloblen;
  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
    return 0; /* Not a proper BER object.  */
  if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
    return 0; /* Does not start with a sequence.  */

  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
    return 0; /* Not a proper BER object.  */
  if (!(class == CLASS_UNIVERSAL && tag == TAG_SEQUENCE && cons))
    return 0; /* No TBS sequence.  */
  if (n < 7 || objlen < 7)
    return 0; /* Too short:  [0], version and min. s/n required.  */

  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
    return 0; /* Not a proper BER object.  */
  if (!(class == CLASS_CONTEXT && tag == 0 && cons))
    return 0; /* No context tag.  */

  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
    return 0; /* Not a proper BER object.  */

  if (!(class == CLASS_UNIVERSAL && tag == TAG_INTEGER
        && !cons && objlen == 1 && n && (*p == 1 || *p == 2)))
    return 0; /* Unknown X.509 version.  */
  p++;  /* Skip version number.  */
  n--;

  if (parse_ber_header (&p, &n, &class, &tag, &cons, &ndef, &objlen, &hdrlen))
    return 0; /* Not a proper BER object.  */
  if (!(class == CLASS_UNIVERSAL && tag == TAG_INTEGER && !cons))
    return 0;  /* No s/n.  */

  return 1; /* Looks like an X.509 certificate. */
}


/* Return the public key type and the (primary) fingerprint for
 * (BLOB,BLOBLEN).  R_FPR must point to a buffer of at least 32 bytes,
 * it received the fi gerprint on success with the length of that
 * fingerprint stored at R_FPRLEN.  R_PKTYPE receives the public key
 * type.  */
gpg_error_t
be_fingerprint_from_blob (const void *blob, size_t bloblen,
                          enum pubkey_types *r_pktype,
                          char *r_fpr, unsigned int *r_fprlen)
{
  gpg_error_t err;

  if (is_x509_blob (blob, bloblen))
    {
      /* Although libksba has a dedicated function to compute the
       * fingerprint we compute it here directly because we know that
       * we have the entire certificate here (we checked the start of
       * the blob and assume that the length is also okay).  */
      *r_pktype = PUBKEY_TYPE_X509;
      gcry_md_hash_buffer (GCRY_MD_SHA1, r_fpr, blob, bloblen);
      *r_fprlen = 20;

      err = 0;
    }
  else
    {
      struct _keybox_openpgp_info info;

      err = _keybox_parse_openpgp (blob, bloblen, NULL, &info);
      if (err)
        {
          log_info ("error parsing OpenPGP blob: %s\n", gpg_strerror (err));
          err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
        }
      else
        {
          *r_pktype = PUBKEY_TYPE_OPGP;
          log_assert (info.primary.fprlen <= 32);
          memcpy (r_fpr, info.primary.fpr, info.primary.fprlen);
          *r_fprlen = info.primary.fprlen;

          _keybox_destroy_openpgp_info (&info);
        }
    }

  return err;
}