kbx: Add support for 32 byte fingerprints.

* common/userids.c (classify_user_id): Support 32 byte fingerprints.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
(struct keydb_search_desc): Add field fprlen.
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
version and increase size of fpr to 32.
* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
(struct keyboxblob_key): Add field fprlen and increase size of fpr.
(pgp_create_key_part_single): Allow larger fingerprints.
(create_blob_header): Implement blob version 2 and add arg want_fpr32.
(_keybox_create_openpgp_blob): Detect the need for blob version 2.
* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
fingerprints.
(blob_cmp_fpr): Ditto.
(blob_cmp_fpr_part): Ditto.
(has_fingerprint): Add arg fprlen and pass on.
(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
changed has_fingerprint.
* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.

* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
* g10/export.c (exact_subkey_match_p): Ditto.
* g10/gpg.c (main): Ditto.
* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
* g10/keydb.c (keydb_search_desc_dump): Support
KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
(keydb_search): Add new arg fprlen and change all callers.
* g10/keyedit.c (find_by_primary_fpr): Ditto.
* g10/keyid.c (keystr_from_desc): Ditto.
* g10/keyring.c (keyring_search): Ditto.
* g10/keyserver.c (print_keyrec): Ditto.
(parse_keyrec): Ditto.
(keyserver_export): Ditto.
(keyserver_retrieval_screener): Ditto.
(keyserver_import): Ditto.
(keyserver_import_fprint): Ditto.
(keyidlist): Ditto.
(keyserver_get_chunk): Ditto.

* g10/keydb.c (keydb_search): Add new arg fprlen and change all
callers.

* sm/keydb.c (keydb_search_fpr): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
--

This prepares the support for OpenPGP v5 keys.  The new version 2 blob
format is needed for the longer fingerprints and we also use this
opportunity to prepare for storing the keygrip in the blob for faster
lookup by keygrip.  Right now this is not yet functional.

Signed-off-by: Werner Koch <wk@gnupg.org>

kbx/keybox-search.c

@@ -66,18 +66,31 @@ blob_get_first_keyid (KEYBOXBLOB blob, u32 *kid)
 {
   const unsigned char *buffer;
   size_t length, nkeys, keyinfolen;
+  int fpr32;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 48)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
+  if (fpr32 && length < 56)
+    return 0; /* blob to short */
 
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18);
-  if (!nkeys || keyinfolen < 28)
+  if (!nkeys || keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
 
-  kid[0] = get32 (buffer + 32);
-  kid[1] = get32 (buffer + 36);
+  if (fpr32 && (get16 (buffer + 20 + 32) & 0x80))
+    {
+      /* 32 byte fingerprint.  */
+      kid[0] = get32 (buffer + 20);
+      kid[1] = get32 (buffer + 20 + 4);
+    }
+  else /* 20 byte fingerprint.  */
+    {
+      kid[0] = get32 (buffer + 20 + 12);
+      kid[1] = get32 (buffer + 20 + 16);
+    }
 
   return 1;
 }
@@ -229,22 +242,23 @@ blob_cmp_sn (KEYBOXBLOB blob, const unsigned char *sn, int snlen)
    For X.509 this is always 1, for OpenPGP this is 1 for the primary
    key and 2 and more for the subkeys.  */
 static int
-blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
+blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr, unsigned int fprlen)
 {
   const unsigned char *buffer;
   size_t length;
   size_t pos, off;
   size_t nkeys, keyinfolen;
-  int idx;
+  int idx, fpr32, storedfprlen;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 40)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
 
   /*keys*/
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18 );
-  if (keyinfolen < 28)
+  if (keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
   pos = 20;
   if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length)
@@ -253,12 +267,19 @@ blob_cmp_fpr (KEYBOXBLOB blob, const unsigned char *fpr)
   for (idx=0; idx < nkeys; idx++)
     {
       off = pos + idx*keyinfolen;
-      if (!memcmp (buffer + off, fpr, 20))
+      if (fpr32)
+        storedfprlen = (get16 (buffer + off + 32) & 0x80)? 32:20;
+      else
+        storedfprlen = 20;
+      if (storedfprlen == fprlen
+          && !memcmp (buffer + off, fpr, storedfprlen))
         return idx+1; /* found */
     }
   return 0; /* not found */
 }
 
+
+/* Helper for has_short_kid and has_long_kid.  */
 static int
 blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
                    int fproff, int fprlen)
@@ -267,25 +288,33 @@ blob_cmp_fpr_part (KEYBOXBLOB blob, const unsigned char *fpr,
   size_t length;
   size_t pos, off;
   size_t nkeys, keyinfolen;
-  int idx;
+  int idx, fpr32, storedfprlen;
 
   buffer = _keybox_get_blob_image (blob, &length);
   if (length < 40)
     return 0; /* blob too short */
+  fpr32 = buffer[5] == 2;
 
   /*keys*/
   nkeys = get16 (buffer + 16);
   keyinfolen = get16 (buffer + 18 );
-  if (keyinfolen < 28)
+  if (keyinfolen < (fpr32?56:28))
     return 0; /* invalid blob */
   pos = 20;
   if (pos + (uint64_t)keyinfolen*nkeys > (uint64_t)length)
     return 0; /* out of bounds */
 
+  if (fpr32)
+    fproff = 0; /* keyid are the high-order bits.  */
   for (idx=0; idx < nkeys; idx++)
     {
       off = pos + idx*keyinfolen;
-      if (!memcmp (buffer + off + fproff, fpr, fprlen))
+      if (fpr32)
+        storedfprlen = (get16 (buffer + off + 32) & 0x80)? 32:20;
+      else
+        storedfprlen = 20;
+      if (storedfprlen == fproff + fprlen
+          && !memcmp (buffer + off + fproff, fpr, fprlen))
         return idx+1; /* found */
     }
   return 0; /* not found */
@@ -650,9 +679,9 @@ has_long_kid (KEYBOXBLOB blob, u32 mkid, u32 lkid)
 }
 
 static inline int
-has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr)
+has_fingerprint (KEYBOXBLOB blob, const unsigned char *fpr, unsigned int fprlen)
 {
-  return blob_cmp_fpr (blob, fpr);
+  return blob_cmp_fpr (blob, fpr, fprlen);
 }
 
 static inline int
@@ -1047,12 +1076,25 @@ keybox_search (KEYBOX_HANDLE hd, KEYBOX_SEARCH_DESC *desc, size_t ndesc,
               if (pk_no)
                 goto found;
               break;
+
             case KEYDB_SEARCH_MODE_FPR:
-            case KEYDB_SEARCH_MODE_FPR20:
-              pk_no = has_fingerprint (blob, desc[n].u.fpr);
+              pk_no = has_fingerprint (blob, desc[n].u.fpr, desc[n].fprlen);
               if (pk_no)
                 goto found;
               break;
+
+            case KEYDB_SEARCH_MODE_FPR20:
+              pk_no = has_fingerprint (blob, desc[n].u.fpr, 20);
+              if (pk_no)
+                goto found;
+              break;
+
+            case KEYDB_SEARCH_MODE_FPR32:
+              pk_no = has_fingerprint (blob, desc[n].u.fpr, 32);
+              if (pk_no)
+                goto found;
+              break;
+
             case KEYDB_SEARCH_MODE_KEYGRIP:
               if (has_keygrip (blob, desc[n].u.grip))
                 goto found;