mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-08 12:44:23 +01:00
keyboxd: Implement lookup by short and long keyid.
* kbx/backend-sqlite.c: Change definition of column KID. (kid_from_mem): Remove. (kid_from_u32): Rewrite. (run_sql_bind_int64): Remove. (run_select_statement): Implement lookup by short keyid. Fix lookup by long keyid. (store_into_fingerprint): Adjust kid arg. -- The original idea of using an INTEGER, which has the required 64 bits, didn't worked out due to problems with signed/unsigned mismatch and the required truncation in a short keyid lookup. Thus we change the definition to a blob. For a database currently in use the change can be done by hand: alter table fingerprint rename column kid to deletedkid; alter table fingerprint add column kid not null default X'0000000000000000'; update fingerprint set kid = substr (fpr, 13); The update does only work with 20 octet fingerprints; that is not with the new v5 OpenPGP keys. Note that sqlite does not allow to drip a column, thus we rename it. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
616c60d93d
commit
9a94db1f66
@ -1,5 +1,5 @@
|
|||||||
/* backend-sqlite.c - SQLite based backend for keyboxd
|
/* backend-sqlite.c - SQLite based backend for keyboxd
|
||||||
* Copyright (C) 2019 g10 Code GmbH
|
* Copyright (C) 2019, 2020 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -130,8 +130,8 @@ static struct
|
|||||||
/* The fingerprint, for OpenPGP either 20 octets or 32 octets;
|
/* The fingerprint, for OpenPGP either 20 octets or 32 octets;
|
||||||
* for X.509 it is the same as the UBID. */
|
* for X.509 it is the same as the UBID. */
|
||||||
"fpr BLOB NOT NULL PRIMARY KEY,"
|
"fpr BLOB NOT NULL PRIMARY KEY,"
|
||||||
/* The long keyid as 64 bit integer. */
|
/* The long keyid as a 64 bit blob. */
|
||||||
"kid INTEGER NOT NULL,"
|
"kid BLOB NOT NULL,"
|
||||||
/* The keygrip for this key. */
|
/* The keygrip for this key. */
|
||||||
"keygrip BLOB NOT NULL,"
|
"keygrip BLOB NOT NULL,"
|
||||||
/* 0 = primary or X.509, > 0 = subkey. */
|
/* 0 = primary or X.509, > 0 = subkey. */
|
||||||
@ -262,29 +262,23 @@ diag_step_err (int res, sqlite3_stmt *stmt)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* We store the keyid in the database as an integer - this function
|
/* We store the keyid in the database as an 8 byte blob. This
|
||||||
* converts it from a memory buffer. */
|
* function converts it from the usual u32[2] array. BUFFER is a
|
||||||
static GPGRT_INLINE sqlite3_int64
|
* caller provided buffer of at least 8 bytes; a pointer to that
|
||||||
kid_from_mem (const unsigned char *keyid)
|
* buffer is the return value. */
|
||||||
|
static GPGRT_INLINE unsigned char *
|
||||||
|
kid_from_u32 (u32 *keyid, unsigned char *buffer)
|
||||||
{
|
{
|
||||||
return ( ((uint64_t)keyid[0] << 56)
|
buffer[0] = keyid[0] >> 24;
|
||||||
| ((uint64_t)keyid[1] << 48)
|
buffer[1] = keyid[0] >> 16;
|
||||||
| ((uint64_t)keyid[2] << 40)
|
buffer[2] = keyid[0] >> 8;
|
||||||
| ((uint64_t)keyid[3] << 32)
|
buffer[3] = keyid[0];
|
||||||
| ((uint64_t)keyid[4] << 24)
|
buffer[4] = keyid[1] >> 24;
|
||||||
| ((uint64_t)keyid[5] << 16)
|
buffer[5] = keyid[1] >> 16;
|
||||||
| ((uint64_t)keyid[6] << 8)
|
buffer[6] = keyid[1] >> 8;
|
||||||
| ((uint64_t)keyid[7])
|
buffer[7] = keyid[1];
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
return buffer;
|
||||||
/* We store the keyid in the database as an integer - this function
|
|
||||||
* converts it from the usual u32[2] array. */
|
|
||||||
static GPGRT_INLINE sqlite3_int64
|
|
||||||
kid_from_u32 (u32 *keyid)
|
|
||||||
{
|
|
||||||
return (((uint64_t)keyid[0] << 32) | ((uint64_t)keyid[1]) );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -368,22 +362,6 @@ run_sql_bind_int (sqlite3_stmt *stmt, int no, int value)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Helper to bind an INTEGER64 parameter to a statement. */
|
|
||||||
static gpg_error_t
|
|
||||||
run_sql_bind_int64 (sqlite3_stmt *stmt, int no, sqlite3_int64 value)
|
|
||||||
{
|
|
||||||
gpg_error_t err;
|
|
||||||
int res;
|
|
||||||
|
|
||||||
res = sqlite3_bind_int64 (stmt, no, value);
|
|
||||||
if (res)
|
|
||||||
err = diag_bind_err (res, stmt);
|
|
||||||
else
|
|
||||||
err = 0;
|
|
||||||
return err;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Helper to bind a string parameter to a statement. VALUE is allowed
|
/* Helper to bind a string parameter to a statement. VALUE is allowed
|
||||||
* to be NULL to bind NULL. */
|
* to be NULL to bind NULL. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
@ -698,6 +676,7 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
gpg_error_t err = 0;
|
gpg_error_t err = 0;
|
||||||
unsigned int descidx;
|
unsigned int descidx;
|
||||||
const char *extra = NULL;
|
const char *extra = NULL;
|
||||||
|
unsigned char kidbuf[8];
|
||||||
|
|
||||||
|
|
||||||
descidx = 0; /* Fixme: take from context. */
|
descidx = 0; /* Fixme: take from context. */
|
||||||
@ -862,10 +841,17 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case KEYDB_SEARCH_MODE_SHORT_KID:
|
case KEYDB_SEARCH_MODE_SHORT_KID:
|
||||||
err = gpg_error (GPG_ERR_NOT_IMPLEMENTED); /* FIXME */
|
if (!ctx->select_stmt)
|
||||||
/* pk_no = has_short_kid (blob, desc[n].u.kid[1]); */
|
err = run_sql_prepare ("SELECT p.ubid, p.type, p.ephemeral,"
|
||||||
/* if (pk_no) */
|
" p.revoked, p.keyblob"
|
||||||
/* goto found; */
|
" FROM pubkey as p, fingerprint as f"
|
||||||
|
" WHERE p.ubid = f.ubid AND"
|
||||||
|
" substr(f.kid,5) = ?1",
|
||||||
|
extra, &ctx->select_stmt);
|
||||||
|
if (!err)
|
||||||
|
err = run_sql_bind_blob (ctx->select_stmt, 1,
|
||||||
|
kid_from_u32 (desc[descidx].u.kid, kidbuf)+4,
|
||||||
|
4);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KEYDB_SEARCH_MODE_LONG_KID:
|
case KEYDB_SEARCH_MODE_LONG_KID:
|
||||||
@ -876,8 +862,9 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
" WHERE p.ubid = f.ubid AND f.kid = ?1",
|
" WHERE p.ubid = f.ubid AND f.kid = ?1",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
if (!err)
|
if (!err)
|
||||||
err = run_sql_bind_int64 (ctx->select_stmt, 1,
|
err = run_sql_bind_blob (ctx->select_stmt, 1,
|
||||||
kid_from_u32 (desc[descidx].u.kid));
|
kid_from_u32 (desc[descidx].u.kid, kidbuf),
|
||||||
|
8);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KEYDB_SEARCH_MODE_FPR:
|
case KEYDB_SEARCH_MODE_FPR:
|
||||||
@ -927,7 +914,8 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
|
|||||||
else
|
else
|
||||||
extra = " ORDER by ubid";
|
extra = " ORDER by ubid";
|
||||||
|
|
||||||
err = run_sql_prepare ("SELECT ubid, type, ephemeral, keyblob"
|
err = run_sql_prepare ("SELECT ubid, type, ephemeral, revoked,"
|
||||||
|
" keyblob"
|
||||||
" FROM pubkey as p",
|
" FROM pubkey as p",
|
||||||
extra, &ctx->select_stmt);
|
extra, &ctx->select_stmt);
|
||||||
}
|
}
|
||||||
@ -1142,7 +1130,8 @@ store_into_pubkey (enum kbxd_store_modes mode,
|
|||||||
* fingerprint table. */
|
* fingerprint table. */
|
||||||
static gpg_error_t
|
static gpg_error_t
|
||||||
store_into_fingerprint (const unsigned char *ubid, int subkey,
|
store_into_fingerprint (const unsigned char *ubid, int subkey,
|
||||||
const unsigned char *keygrip, sqlite3_int64 kid,
|
const unsigned char *keygrip,
|
||||||
|
const unsigned char *kid,
|
||||||
const unsigned char *fpr, int fprlen)
|
const unsigned char *fpr, int fprlen)
|
||||||
{
|
{
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
@ -1157,7 +1146,7 @@ store_into_fingerprint (const unsigned char *ubid, int subkey,
|
|||||||
err = run_sql_bind_blob (stmt, 1, fpr, fprlen);
|
err = run_sql_bind_blob (stmt, 1, fpr, fprlen);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
err = run_sql_bind_int64 (stmt, 2, kid);
|
err = run_sql_bind_blob (stmt, 2, kid, 8);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
err = run_sql_bind_blob (stmt, 3, keygrip, KEYGRIP_LEN);
|
err = run_sql_bind_blob (stmt, 3, keygrip, KEYGRIP_LEN);
|
||||||
@ -1370,7 +1359,7 @@ be_sqlite_store (ctrl_t ctrl, backend_handle_t backend_hd,
|
|||||||
|
|
||||||
/* Note that for X.509 the UBID is also the fingerprint. */
|
/* Note that for X.509 the UBID is also the fingerprint. */
|
||||||
err = store_into_fingerprint (ubid, 0, grip,
|
err = store_into_fingerprint (ubid, 0, grip,
|
||||||
kid_from_mem (ubid+12),
|
ubid+12,
|
||||||
ubid, UBID_LEN);
|
ubid, UBID_LEN);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -1424,7 +1413,7 @@ be_sqlite_store (ctrl_t ctrl, backend_handle_t backend_hd,
|
|||||||
|
|
||||||
kinfo = &info.primary;
|
kinfo = &info.primary;
|
||||||
err = store_into_fingerprint (ubid, 0, kinfo->grip,
|
err = store_into_fingerprint (ubid, 0, kinfo->grip,
|
||||||
kid_from_mem (kinfo->keyid),
|
kinfo->keyid,
|
||||||
kinfo->fpr, kinfo->fprlen);
|
kinfo->fpr, kinfo->fprlen);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -1435,7 +1424,7 @@ be_sqlite_store (ctrl_t ctrl, backend_handle_t backend_hd,
|
|||||||
for (kinfo = &info.subkeys; kinfo; kinfo = kinfo->next, subkey++)
|
for (kinfo = &info.subkeys; kinfo; kinfo = kinfo->next, subkey++)
|
||||||
{
|
{
|
||||||
err = store_into_fingerprint (ubid, subkey, kinfo->grip,
|
err = store_into_fingerprint (ubid, subkey, kinfo->grip,
|
||||||
kid_from_mem (kinfo->keyid),
|
kinfo->keyid,
|
||||||
kinfo->fpr, kinfo->fprlen);
|
kinfo->fpr, kinfo->fprlen);
|
||||||
if (err)
|
if (err)
|
||||||
goto leave;
|
goto leave;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user