mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-03 22:56:33 +02:00
kbx: First take on a cache for the keyboxd.
* kbx/backend.h (enum database_types): Add DB_TYPE_CACHE. (struct db_request_part_s): Add seqno fields. (struct db_request_s): Add infos for the cache backend. * kbx/backend-support.c (struct backend_handle_s): Add 'backend_id'. (strdbtype): Support DB_TYPE_CACHE. (be_generic_release_backend): Ditto. (be_find_request_part): New. (be_return_pubkey): New arg UBID and chnage status name. * kbx/backend-cache.c: New. * kbx/backend-kbx.c (be_kbx_init_request_part): New. (be_kbx_search): Factor some code out to a support function. (be_kbx_seek): New. * kbx/frontend.c (kbxd_add_resource): Support DB_TYPE_CACHE. (kbxd_search): Support the NEXR operation with the cache. * kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_UBID): New. (struct keydb_search_desc): Add field u.ubid. * kbx/keybox-search.c (has_ubid): New. (keybox_search): Support the UBID search. -- This adds a caching backend to the keyboxd. This tries to accommodate for duplicate use of fingerprints and thus be correct in case a fingerprint is used in several keys. It also turned out that we need to have a unique identifier (UBID) to identify a keyblock or X.509 certificate. In particular with an OpenPGP keyblob we can't easily use the primary fingerprint as an identifier because that fingerprint may also be used as subkey in another key. Thus using a hash of the entire keyblock is a better identifier to be used to address a keyblock for restarting a search or for identifying the keyblock to be updated. Note that this new UBID is not a permanent identifier because it changes with all keyblock update; it should be viewed as a handle to the keyblock or X509 cert.
This commit is contained in:
Werner Koch
parent
d38f877bd8
commit
280e9c9cfa
9 changed files with 1421 additions and 45 deletions
|
|
@ -696,6 +696,26 @@ has_keygrip (KEYBOXBLOB blob, const unsigned char *grip)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static inline int
|
||||
has_ubid (KEYBOXBLOB blob, const unsigned char *ubid)
|
||||
{
|
||||
size_t length;
|
||||
const unsigned char *buffer;
|
||||
size_t image_off, image_len;
|
||||
unsigned char ubid_blob[20];
|
||||
|
||||
buffer = _keybox_get_blob_image (blob, &length);
|
||||
if (length < 40)
|
||||
return 0; /*GPG_ERR_TOO_SHORT*/
|
||||
image_off = get32 (buffer+8);
|
||||
image_len = get32 (buffer+12);
|
||||
if ((uint64_t)image_off+(uint64_t)image_len > (uint64_t)length)
|
||||
return 0; /*GPG_ERR_TOO_SHORT*/
|
||||
|
||||
gcry_md_hash_buffer (GCRY_MD_SHA1, ubid_blob, buffer + image_off, image_len);
|
||||
|
||||
return !memcmp (ubid, ubid_blob, 20);
|
||||
}
|
||||
|
||||
static inline int
|
||||
has_issuer (KEYBOXBLOB blob, const char *name)
|
||||
|
|
@ -1119,6 +1139,10 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
|
|||
if (has_keygrip (blob, desc[n].u.grip))
|
||||
goto found;
|
||||
break;
|
||||
case KEYDB_SEARCH_MODE_UBID:
|
||||
if (has_ubid (blob, desc[n].u.ubid))
|
||||
goto found;
|
||||
break;
|
||||
case KEYDB_SEARCH_MODE_FIRST:
|
||||
goto found;
|
||||
break;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue