kbx: Add first version of STORE command to keyboxd.

* kbx/Makefile.am (keyboxd_CFLAGS): -DKEYBOX_WITH_X509. (keyboxd_LDADD): Add libksba. * kbx/kbxserver.c (cmd_store): New. * kbx/frontend.c (kbxd_store): New. * kbx/backend-support.c (is_x509_blob): New. (be_fingerprint_from_blob): New. * kbx/backend-kbx.c (be_kbx_seek): Add args FPR and FPRLEN. (be_kbx_insert): New. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-03 22:56:33 +02:00 · 2019-10-01 20:09:42 +02:00 · 2019-10-01 20:09:42 +02:00 · c7293a4d12
commit c7293a4d12
parent 61765136cf
8 changed files with 324 additions and 20 deletions
--- a/kbx/backend-kbx.c
+++ b/kbx/backend-kbx.c
@ -288,13 +288,15 @@ be_kbx_search (ctrl_t ctrl, backend_handle_t backend_hd, db_request_t request,
 }


-/* Seek in the keybox to the given UBID.  BACKEND_HD is the handle for
- * this backend and REQUEST is the current database request object.
- * This does a dummy read so that the next search operation starts
- * right after that UBID. */
+/* Seek in the keybox to the given UBID (if UBID is not NULL) or to
+ * the primary fingerprint specified by (FPR,FPRLEN).  BACKEND_HD is
+ * the handle for this backend and REQUEST is the current database
+ * request object.  This does a dummy read so that the next search
+ * operation starts right after that UBID. */
 gpg_error_t
 be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
-                  db_request_t request, unsigned char *ubid)
+             db_request_t request, const unsigned char *ubid,
+             const unsigned char *fpr, unsigned int fprlen)
 {
  gpg_error_t err;
  db_request_part_t part;
@ -308,8 +310,19 @@ be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
  log_assert (request);

  memset (&desc, 0, sizeof desc);
-  desc.mode = KEYDB_SEARCH_MODE_UBID;
-  memcpy (desc.u.ubid, ubid, 20);
+  if (ubid)
+    {
+      desc.mode = KEYDB_SEARCH_MODE_FPR;
+      memcpy (desc.u.ubid, ubid, 20);
+    }
+  else
+    {
+      if (fprlen > sizeof desc.u.fpr)
+        return gpg_error (GPG_ERR_TOO_LARGE);
+      desc.mode = KEYDB_SEARCH_MODE_FPR;
+      memcpy (desc.u.fpr, fpr, fprlen);
+      desc.fprlen = fprlen;
+    }

  /* Find the specific request part or allocate it.  */
  err = be_find_request_part (backend_hd, request, &part);
@ -326,3 +339,50 @@ be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
 leave:
  return err;
 }
+
+
+/* Insert (BLOB,BLOBLEN) into the keybox.  BACKEND_HD is the handle
+ * for this backend and REQUEST is the current database request
+ * object.  */
+gpg_error_t
+be_kbx_insert (ctrl_t ctrl, backend_handle_t backend_hd,
+               db_request_t request, enum pubkey_types pktype,
+               const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  ksba_cert_t cert = NULL;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  if (pktype == PUBKEY_TYPE_OPGP)
+    err = keybox_insert_keyblock (part->kbx_hd, blob, bloblen);
+  else if (pktype == PUBKEY_TYPE_X509)
+    {
+      unsigned char sha1[20];
+
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, blob, bloblen);
+      if (err)
+        goto leave;
+      gcry_md_hash_buffer (GCRY_MD_SHA1, sha1, blob, bloblen);
+
+      err = keybox_insert_cert (part->kbx_hd, cert, sha1);
+    }
+  else
+    err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ leave:
+  ksba_cert_release (cert);
+  return err;
+}