mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-23 10:29:58 +01:00
915297705a
* common/util.h (UBID_LEN): New. Use it at all places. * kbx/keybox-blob.c (create_blob_finish): Do not write the UBID item. * kbx/keybox-dump.c (print_ubib): Remove. (_keybox_dump_blob): Do not print the now removed ubid flag. * kbx/keybox-search-desc.h (struct keydb_search_desc): Use constants for the size of the ubid and grip. * kbx/keybox-search.c (blob_cmp_ubid): New. (has_ubid): Make it a simple wrapper around blob_cmp_ubid. (keybox_get_data): Add arg 'r_ubid'. * kbx/frontend.h (enum kbxd_store_modes): New. * kbx/kbxserver.c (cmd_store): Add new option --insert. * kbx/backend-cache.c (be_cache_initialize): New. (be_cache_add_resource): Call it here. * kbx/backend-kbx.c (be_kbx_seek): Remove args 'fpr' and 'fprlen'. (be_kbx_search): Get the UBID from keybox_get_data. * kbx/backend-support.c (be_fingerprint_from_blob): Replace by ... (be_ubid_from_blob): new. Change all callers. * kbx/frontend.c (kbxd_add_resource): Temporary disable the cache but use the new cache init function. (kbxd_store): Replace arg 'only_update' by 'mode'. Seek using the ubid. Take care of the mode. -- It turned out that using the hash of the entire blob was not helpful. Thus we redefine the Unique-Blob-ID (UBID) as the primary fingerprint of the blob. In case this is a v5 OpenPGP key a left truncated version of the SHA-256 hash is used; in all other cases the full SHA-1 hash. Using a SHA-256 hash does not make sense because v4 keys are and will for some time be the majority of keys and thus padding them with zeroes won't make any difference. Even if fingerprint collisions can eventually be created we will assume that the keys are bogus and that it does not make sense to store its twin also in our key storage. We can also easily extend the update code to detect a collision and reject the update. Signed-off-by: Werner Koch <wk@gnupg.org>
823 lines
20 KiB
C
823 lines
20 KiB
C
/* keybox-dump.c - Debug helpers
|
||
* Copyright (C) 2001, 2003 Free Software Foundation, Inc.
|
||
*
|
||
* This file is part of GnuPG.
|
||
*
|
||
* GnuPG is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 3 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* GnuPG is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
||
*/
|
||
|
||
#include <config.h>
|
||
#include <stdlib.h>
|
||
#include <stdio.h>
|
||
#include <string.h>
|
||
#include <errno.h>
|
||
|
||
#include "keybox-defs.h"
|
||
#include <gcrypt.h>
|
||
#include "../common/host2net.h"
|
||
|
||
/* Argg, we can't include ../common/util.h */
|
||
char *bin2hexcolon (const void *buffer, size_t length, char *stringbuf);
|
||
|
||
#define get32(a) buf32_to_ulong ((a))
|
||
#define get16(a) buf16_to_ulong ((a))
|
||
|
||
|
||
void
|
||
print_string (FILE *fp, const byte *p, size_t n, int delim)
|
||
{
|
||
for ( ; n; n--, p++ )
|
||
{
|
||
if (*p < 0x20 || (*p >= 0x7f && *p < 0xa0) || *p == delim)
|
||
{
|
||
putc('\\', fp);
|
||
if( *p == '\n' )
|
||
putc('n', fp);
|
||
else if( *p == '\r' )
|
||
putc('r', fp);
|
||
else if( *p == '\f' )
|
||
putc('f', fp);
|
||
else if( *p == '\v' )
|
||
putc('v', fp);
|
||
else if( *p == '\b' )
|
||
putc('b', fp);
|
||
else if( !*p )
|
||
putc('0', fp);
|
||
else
|
||
fprintf(fp, "x%02x", *p );
|
||
}
|
||
else
|
||
putc(*p, fp);
|
||
}
|
||
}
|
||
|
||
|
||
static int
|
||
print_checksum (const byte *buffer, size_t length, size_t unhashed, FILE *fp)
|
||
{
|
||
const byte *p;
|
||
int i;
|
||
int hashlen;
|
||
unsigned char digest[20];
|
||
|
||
fprintf (fp, "Checksum: ");
|
||
if (unhashed && unhashed < 20)
|
||
{
|
||
fputs ("[specified unhashed sized too short]\n", fp);
|
||
return 0;
|
||
}
|
||
if (!unhashed)
|
||
{
|
||
unhashed = 16;
|
||
hashlen = 16;
|
||
}
|
||
else
|
||
hashlen = 20;
|
||
if (length < 5+unhashed)
|
||
{
|
||
fputs ("[blob too short for a checksum]\n", fp);
|
||
return 0;
|
||
}
|
||
|
||
p = buffer + length - hashlen;
|
||
for (i=0; i < hashlen; p++, i++)
|
||
fprintf (fp, "%02x", *p);
|
||
|
||
if (hashlen == 16) /* Compatibility method. */
|
||
{
|
||
gcry_md_hash_buffer (GCRY_MD_MD5, digest, buffer, length - 16);
|
||
if (!memcmp (buffer + length - 16, digest, 16))
|
||
fputs (" [valid]\n", fp);
|
||
else
|
||
fputs (" [bad]\n", fp);
|
||
}
|
||
else
|
||
{
|
||
gcry_md_hash_buffer (GCRY_MD_SHA1, digest, buffer, length - unhashed);
|
||
if (!memcmp (buffer + length - hashlen, digest, hashlen))
|
||
fputs (" [valid]\n", fp);
|
||
else
|
||
fputs (" [bad]\n", fp);
|
||
}
|
||
return 0;
|
||
}
|
||
|
||
|
||
static int
|
||
dump_header_blob (const byte *buffer, size_t length, FILE *fp)
|
||
{
|
||
unsigned long n;
|
||
|
||
if (length < 32)
|
||
{
|
||
fprintf (fp, "[blob too short]\n");
|
||
return -1;
|
||
}
|
||
fprintf (fp, "Version: %d\n", buffer[5]);
|
||
|
||
n = get16 (buffer + 6);
|
||
fprintf( fp, "Flags: %04lX", n);
|
||
if (n)
|
||
{
|
||
int any = 0;
|
||
|
||
fputs (" (", fp);
|
||
if ((n & 2))
|
||
{
|
||
if (any)
|
||
putc (',', fp);
|
||
fputs ("openpgp", fp);
|
||
any++;
|
||
}
|
||
putc (')', fp);
|
||
}
|
||
putc ('\n', fp);
|
||
|
||
if ( memcmp (buffer+8, "KBXf", 4))
|
||
fprintf (fp, "[Error: invalid magic number]\n");
|
||
|
||
n = get32 (buffer+16);
|
||
fprintf( fp, "created-at: %lu\n", n );
|
||
n = get32 (buffer+20);
|
||
fprintf( fp, "last-maint: %lu\n", n );
|
||
|
||
return 0;
|
||
}
|
||
|
||
|
||
/* Dump one block to FP */
|
||
int
|
||
_keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
|
||
{
|
||
const byte *buffer;
|
||
size_t length;
|
||
int type, i;
|
||
ulong n, nkeys, keyinfolen;
|
||
ulong nuids, uidinfolen;
|
||
ulong nsigs, siginfolen;
|
||
ulong rawdata_off, rawdata_len;
|
||
ulong nserial;
|
||
ulong unhashed;
|
||
const byte *p;
|
||
int is_fpr32; /* blob version 2 */
|
||
|
||
buffer = _keybox_get_blob_image (blob, &length);
|
||
|
||
if (length < 32)
|
||
{
|
||
fprintf (fp, "[blob too short]\n");
|
||
return -1;
|
||
}
|
||
|
||
n = get32( buffer );
|
||
if (n > length)
|
||
fprintf (fp, "[blob larger than length - output truncated]\n");
|
||
else
|
||
length = n; /* ignore the rest */
|
||
|
||
fprintf (fp, "Length: %lu\n", n );
|
||
type = buffer[4];
|
||
switch (type)
|
||
{
|
||
case KEYBOX_BLOBTYPE_EMPTY:
|
||
fprintf (fp, "Type: Empty\n");
|
||
return 0;
|
||
|
||
case KEYBOX_BLOBTYPE_HEADER:
|
||
fprintf (fp, "Type: Header\n");
|
||
return dump_header_blob (buffer, length, fp);
|
||
case KEYBOX_BLOBTYPE_PGP:
|
||
fprintf (fp, "Type: OpenPGP\n");
|
||
break;
|
||
case KEYBOX_BLOBTYPE_X509:
|
||
fprintf (fp, "Type: X.509\n");
|
||
break;
|
||
default:
|
||
fprintf (fp, "Type: %d\n", type);
|
||
fprintf (fp, "[can't dump this blob type]\n");
|
||
return 0;
|
||
}
|
||
/* Here we have either BLOGTYPE_X509 or BLOBTYPE_OPENPGP */
|
||
fprintf (fp, "Version: %d\n", buffer[5]);
|
||
is_fpr32 = buffer[5] == 2;
|
||
|
||
if (length < 40)
|
||
{
|
||
fprintf (fp, "[blob too short]\n");
|
||
return -1;
|
||
}
|
||
|
||
n = get16 (buffer + 6);
|
||
fprintf( fp, "Blob-Flags: %04lX", n);
|
||
if (n)
|
||
{
|
||
int any = 0;
|
||
|
||
fputs (" (", fp);
|
||
if ((n & 1))
|
||
{
|
||
fputs ("secret", fp);
|
||
any++;
|
||
}
|
||
if ((n & 2))
|
||
{
|
||
if (any)
|
||
putc (',', fp);
|
||
fputs ("ephemeral", fp);
|
||
any++;
|
||
}
|
||
putc (')', fp);
|
||
}
|
||
putc ('\n', fp);
|
||
|
||
rawdata_off = get32 (buffer + 8);
|
||
rawdata_len = get32 (buffer + 12);
|
||
|
||
fprintf( fp, "Data-Offset: %lu\n", rawdata_off );
|
||
fprintf( fp, "Data-Length: %lu\n", rawdata_len );
|
||
if (rawdata_off > length || rawdata_len > length
|
||
|| rawdata_off+rawdata_len > length
|
||
|| rawdata_len + 4 > length
|
||
|| rawdata_off+rawdata_len + 4 > length)
|
||
fprintf (fp, "[Error: raw data larger than blob]\n");
|
||
unhashed = length - rawdata_off - rawdata_len;
|
||
fprintf (fp, "Unhashed: %lu\n", unhashed);
|
||
|
||
nkeys = get16 (buffer + 16);
|
||
fprintf (fp, "Key-Count: %lu\n", nkeys );
|
||
if (!nkeys)
|
||
fprintf (fp, "[Error: no keys]\n");
|
||
if (nkeys > 1 && type == KEYBOX_BLOBTYPE_X509)
|
||
fprintf (fp, "[Error: only one key allowed for X509]\n");
|
||
|
||
keyinfolen = get16 (buffer + 18 );
|
||
fprintf (fp, "Key-Info-Length: %lu\n", keyinfolen);
|
||
/* fixme: check bounds */
|
||
p = buffer + 20;
|
||
for (n=0; n < nkeys; n++, p += keyinfolen)
|
||
{
|
||
ulong kidoff, kflags;
|
||
|
||
fprintf (fp, "Key-Fpr[%lu]: ", n );
|
||
if (is_fpr32)
|
||
{
|
||
kflags = get16 (p + 32 );
|
||
for (i=0; i < ((kflags & 0x80)?32:20); i++ )
|
||
fprintf (fp, "%02X", p[i]);
|
||
}
|
||
else
|
||
{
|
||
for (i=0; i < 20; i++ )
|
||
fprintf (fp, "%02X", p[i]);
|
||
kidoff = get32 (p + 20);
|
||
fprintf (fp, "\nKey-Kid-Off[%lu]: %lu\n", n, kidoff );
|
||
fprintf (fp, "Key-Kid[%lu]: ", n );
|
||
/* fixme: check bounds */
|
||
for (i=0; i < 8; i++ )
|
||
fprintf (fp, "%02X", buffer[kidoff+i] );
|
||
kflags = get16 (p + 24 );
|
||
}
|
||
fprintf( fp, "\nKey-Flags[%lu]: %04lX\n", n, kflags);
|
||
}
|
||
|
||
/* serial number */
|
||
fputs ("Serial-No: ", fp);
|
||
nserial = get16 (p);
|
||
p += 2;
|
||
if (!nserial)
|
||
fputs ("none", fp);
|
||
else
|
||
{
|
||
for (; nserial; nserial--, p++)
|
||
fprintf (fp, "%02X", *p);
|
||
}
|
||
putc ('\n', fp);
|
||
|
||
/* user IDs */
|
||
nuids = get16 (p);
|
||
fprintf (fp, "Uid-Count: %lu\n", nuids );
|
||
uidinfolen = get16 (p + 2);
|
||
fprintf (fp, "Uid-Info-Length: %lu\n", uidinfolen);
|
||
/* fixme: check bounds */
|
||
p += 4;
|
||
for (n=0; n < nuids; n++, p += uidinfolen)
|
||
{
|
||
ulong uidoff, uidlen, uflags;
|
||
|
||
uidoff = get32( p );
|
||
uidlen = get32( p+4 );
|
||
if (type == KEYBOX_BLOBTYPE_X509 && !n)
|
||
{
|
||
fprintf (fp, "Issuer-Off: %lu\n", uidoff );
|
||
fprintf (fp, "Issuer-Len: %lu\n", uidlen );
|
||
fprintf (fp, "Issuer: \"");
|
||
}
|
||
else if (type == KEYBOX_BLOBTYPE_X509 && n == 1)
|
||
{
|
||
fprintf (fp, "Subject-Off: %lu\n", uidoff );
|
||
fprintf (fp, "Subject-Len: %lu\n", uidlen );
|
||
fprintf (fp, "Subject: \"");
|
||
}
|
||
else
|
||
{
|
||
fprintf (fp, "Uid-Off[%lu]: %lu\n", n, uidoff );
|
||
fprintf (fp, "Uid-Len[%lu]: %lu\n", n, uidlen );
|
||
fprintf (fp, "Uid[%lu]: \"", n );
|
||
}
|
||
print_string (fp, buffer+uidoff, uidlen, '\"');
|
||
fputs ("\"\n", fp);
|
||
uflags = get16 (p + 8);
|
||
if (type == KEYBOX_BLOBTYPE_X509 && !n)
|
||
{
|
||
fprintf (fp, "Issuer-Flags: %04lX\n", uflags );
|
||
fprintf (fp, "Issuer-Validity: %d\n", p[10] );
|
||
}
|
||
else if (type == KEYBOX_BLOBTYPE_X509 && n == 1)
|
||
{
|
||
fprintf (fp, "Subject-Flags: %04lX\n", uflags );
|
||
fprintf (fp, "Subject-Validity: %d\n", p[10] );
|
||
}
|
||
else
|
||
{
|
||
fprintf (fp, "Uid-Flags[%lu]: %04lX\n", n, uflags );
|
||
fprintf (fp, "Uid-Validity[%lu]: %d\n", n, p[10] );
|
||
}
|
||
}
|
||
|
||
nsigs = get16 (p);
|
||
fprintf (fp, "Sig-Count: %lu\n", nsigs );
|
||
siginfolen = get16 (p + 2);
|
||
fprintf (fp, "Sig-Info-Length: %lu\n", siginfolen );
|
||
/* fixme: check bounds */
|
||
p += 4;
|
||
{
|
||
int in_range = 0;
|
||
ulong first = 0;
|
||
|
||
for (n=0; n < nsigs; n++, p += siginfolen)
|
||
{
|
||
ulong sflags;
|
||
|
||
sflags = get32 (p);
|
||
if (!in_range && !sflags)
|
||
{
|
||
in_range = 1;
|
||
first = n;
|
||
continue;
|
||
}
|
||
if (in_range && !sflags)
|
||
continue;
|
||
if (in_range)
|
||
{
|
||
fprintf (fp, "Sig-Expire[%lu-%lu]: [not checked]\n", first, n-1);
|
||
in_range = 0;
|
||
}
|
||
|
||
fprintf (fp, "Sig-Expire[%lu]: ", n );
|
||
if (!sflags)
|
||
fputs ("[not checked]", fp);
|
||
else if (sflags == 1 )
|
||
fputs ("[missing key]", fp);
|
||
else if (sflags == 2 )
|
||
fputs ("[bad signature]", fp);
|
||
else if (sflags < 0x10000000)
|
||
fprintf (fp, "[bad flag %0lx]", sflags);
|
||
else if (sflags == (ulong)(-1))
|
||
fputs ("[good - does not expire]", fp );
|
||
else
|
||
fprintf (fp, "[good - expires at %lu]", sflags);
|
||
putc ('\n', fp );
|
||
}
|
||
if (in_range)
|
||
fprintf (fp, "Sig-Expire[%lu-%lu]: [not checked]\n", first, n-1);
|
||
}
|
||
fprintf (fp, "Ownertrust: %d\n", p[0] );
|
||
fprintf (fp, "All-Validity: %d\n", p[1] );
|
||
p += 4;
|
||
n = get32 (p);
|
||
p += 4;
|
||
fprintf (fp, "Recheck-After: %lu\n", n );
|
||
n = get32 (p );
|
||
p += 4;
|
||
fprintf( fp, "Latest-Timestamp: %lu\n", n );
|
||
n = get32 (p );
|
||
p += 4;
|
||
fprintf (fp, "Created-At: %lu\n", n );
|
||
n = get32 (p );
|
||
fprintf (fp, "Reserved-Space: %lu\n", n );
|
||
|
||
if (n >= 4 && unhashed >= 24)
|
||
{
|
||
n = get32 ( buffer + length - unhashed);
|
||
fprintf (fp, "Storage-Flags: %08lx\n", n );
|
||
}
|
||
print_checksum (buffer, length, unhashed, fp);
|
||
return 0;
|
||
}
|
||
|
||
|
||
/* Compute the SHA-1 checksum of the rawdata in BLOB and put it into
|
||
DIGEST. */
|
||
static int
|
||
hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
|
||
{
|
||
const unsigned char *buffer;
|
||
size_t n, length;
|
||
int type;
|
||
ulong rawdata_off, rawdata_len;
|
||
|
||
buffer = _keybox_get_blob_image (blob, &length);
|
||
|
||
if (length < 32)
|
||
return -1;
|
||
n = get32 (buffer);
|
||
if (n < length)
|
||
length = n; /* Blob larger than length in header - ignore the rest. */
|
||
|
||
type = buffer[4];
|
||
switch (type)
|
||
{
|
||
case KEYBOX_BLOBTYPE_PGP:
|
||
case KEYBOX_BLOBTYPE_X509:
|
||
break;
|
||
|
||
case KEYBOX_BLOBTYPE_EMPTY:
|
||
case KEYBOX_BLOBTYPE_HEADER:
|
||
default:
|
||
memset (digest, 0, 20);
|
||
return 0;
|
||
}
|
||
|
||
if (length < 40)
|
||
return -1;
|
||
|
||
rawdata_off = get32 (buffer + 8);
|
||
rawdata_len = get32 (buffer + 12);
|
||
|
||
if (rawdata_off > length || rawdata_len > length
|
||
|| rawdata_off+rawdata_off > length)
|
||
return -1; /* Out of bounds. */
|
||
|
||
gcry_md_hash_buffer (GCRY_MD_SHA1, digest, buffer+rawdata_off, rawdata_len);
|
||
return 0;
|
||
}
|
||
|
||
|
||
struct file_stats_s
|
||
{
|
||
unsigned long too_short_blobs;
|
||
unsigned long too_large_blobs;
|
||
unsigned long total_blob_count;
|
||
unsigned long empty_blob_count;
|
||
unsigned long header_blob_count;
|
||
unsigned long pgp_blob_count;
|
||
unsigned long x509_blob_count;
|
||
unsigned long unknown_blob_count;
|
||
unsigned long non_flagged;
|
||
unsigned long secret_flagged;
|
||
unsigned long ephemeral_flagged;
|
||
unsigned long skipped_long_blobs;
|
||
};
|
||
|
||
static int
|
||
update_stats (KEYBOXBLOB blob, struct file_stats_s *s)
|
||
{
|
||
const unsigned char *buffer;
|
||
size_t length;
|
||
int type;
|
||
unsigned long n;
|
||
|
||
buffer = _keybox_get_blob_image (blob, &length);
|
||
if (length < 32)
|
||
{
|
||
s->too_short_blobs++;
|
||
return -1;
|
||
}
|
||
|
||
n = get32( buffer );
|
||
if (n > length)
|
||
s->too_large_blobs++;
|
||
else
|
||
length = n; /* ignore the rest */
|
||
|
||
s->total_blob_count++;
|
||
type = buffer[4];
|
||
switch (type)
|
||
{
|
||
case KEYBOX_BLOBTYPE_EMPTY:
|
||
s->empty_blob_count++;
|
||
return 0;
|
||
case KEYBOX_BLOBTYPE_HEADER:
|
||
s->header_blob_count++;
|
||
return 0;
|
||
case KEYBOX_BLOBTYPE_PGP:
|
||
s->pgp_blob_count++;
|
||
break;
|
||
case KEYBOX_BLOBTYPE_X509:
|
||
s->x509_blob_count++;
|
||
break;
|
||
default:
|
||
s->unknown_blob_count++;
|
||
return 0;
|
||
}
|
||
|
||
if (length < 40)
|
||
{
|
||
s->too_short_blobs++;
|
||
return -1;
|
||
}
|
||
|
||
n = get16 (buffer + 6);
|
||
if (n)
|
||
{
|
||
if ((n & 1))
|
||
s->secret_flagged++;
|
||
if ((n & 2))
|
||
s->ephemeral_flagged++;
|
||
}
|
||
else
|
||
s->non_flagged++;
|
||
|
||
return 0;
|
||
}
|
||
|
||
|
||
|
||
static FILE *
|
||
open_file (const char **filename, FILE *outfp)
|
||
{
|
||
FILE *fp;
|
||
|
||
if (!*filename)
|
||
{
|
||
*filename = "-";
|
||
fp = stdin;
|
||
}
|
||
else
|
||
fp = fopen (*filename, "rb");
|
||
if (!fp)
|
||
{
|
||
int save_errno = errno;
|
||
fprintf (outfp, "can't open '%s': %s\n", *filename, strerror(errno));
|
||
gpg_err_set_errno (save_errno);
|
||
}
|
||
return fp;
|
||
}
|
||
|
||
|
||
|
||
int
|
||
_keybox_dump_file (const char *filename, int stats_only, FILE *outfp)
|
||
{
|
||
FILE *fp;
|
||
KEYBOXBLOB blob;
|
||
int rc;
|
||
unsigned long count = 0;
|
||
struct file_stats_s stats;
|
||
int skipped_deleted;
|
||
|
||
memset (&stats, 0, sizeof stats);
|
||
|
||
if (!(fp = open_file (&filename, outfp)))
|
||
return gpg_error_from_syserror ();
|
||
|
||
for (;;)
|
||
{
|
||
rc = _keybox_read_blob (&blob, fp, &skipped_deleted);
|
||
if (gpg_err_code (rc) == GPG_ERR_TOO_LARGE
|
||
&& gpg_err_source (rc) == GPG_ERR_SOURCE_KEYBOX)
|
||
{
|
||
if (stats_only)
|
||
stats.skipped_long_blobs++;
|
||
else
|
||
{
|
||
fprintf (outfp, "BEGIN-RECORD: %lu\n", count );
|
||
fprintf (outfp, "# Record too large\nEND-RECORD\n");
|
||
}
|
||
count++;
|
||
continue;
|
||
}
|
||
if (rc)
|
||
break;
|
||
|
||
count += skipped_deleted;
|
||
|
||
if (stats_only)
|
||
{
|
||
stats.total_blob_count += skipped_deleted;
|
||
stats.empty_blob_count += skipped_deleted;
|
||
update_stats (blob, &stats);
|
||
}
|
||
else
|
||
{
|
||
fprintf (outfp, "BEGIN-RECORD: %lu\n", count );
|
||
_keybox_dump_blob (blob, outfp);
|
||
fprintf (outfp, "END-RECORD\n");
|
||
}
|
||
_keybox_release_blob (blob);
|
||
count++;
|
||
}
|
||
if (rc == -1)
|
||
rc = 0;
|
||
if (rc)
|
||
fprintf (outfp, "# error reading '%s': %s\n", filename, gpg_strerror (rc));
|
||
|
||
if (fp != stdin)
|
||
fclose (fp);
|
||
|
||
if (stats_only)
|
||
{
|
||
fprintf (outfp,
|
||
"Total number of blobs: %8lu\n"
|
||
" header: %8lu\n"
|
||
" empty: %8lu\n"
|
||
" openpgp: %8lu\n"
|
||
" x509: %8lu\n"
|
||
" non flagged: %8lu\n"
|
||
" secret flagged: %8lu\n"
|
||
" ephemeral flagged: %8lu\n",
|
||
stats.total_blob_count,
|
||
stats.header_blob_count,
|
||
stats.empty_blob_count,
|
||
stats.pgp_blob_count,
|
||
stats.x509_blob_count,
|
||
stats.non_flagged,
|
||
stats.secret_flagged,
|
||
stats.ephemeral_flagged);
|
||
if (stats.skipped_long_blobs)
|
||
fprintf (outfp, " skipped long blobs: %8lu\n",
|
||
stats.skipped_long_blobs);
|
||
if (stats.unknown_blob_count)
|
||
fprintf (outfp, " unknown blob types: %8lu\n",
|
||
stats.unknown_blob_count);
|
||
if (stats.too_short_blobs)
|
||
fprintf (outfp, " too short blobs: %8lu (error)\n",
|
||
stats.too_short_blobs);
|
||
if (stats.too_large_blobs)
|
||
fprintf (outfp, " too large blobs: %8lu (error)\n",
|
||
stats.too_large_blobs);
|
||
}
|
||
|
||
return rc;
|
||
}
|
||
|
||
|
||
|
||
struct dupitem_s
|
||
{
|
||
unsigned long recno;
|
||
unsigned char digest[20];
|
||
};
|
||
|
||
|
||
static int
|
||
cmp_dupitems (const void *arg_a, const void *arg_b)
|
||
{
|
||
struct dupitem_s *a = (struct dupitem_s *)arg_a;
|
||
struct dupitem_s *b = (struct dupitem_s *)arg_b;
|
||
|
||
return memcmp (a->digest, b->digest, 20);
|
||
}
|
||
|
||
|
||
int
|
||
_keybox_dump_find_dups (const char *filename, int print_them, FILE *outfp)
|
||
{
|
||
FILE *fp;
|
||
KEYBOXBLOB blob;
|
||
int rc;
|
||
unsigned long recno = 0;
|
||
unsigned char zerodigest[20];
|
||
struct dupitem_s *dupitems;
|
||
size_t dupitems_size, dupitems_count, lastn, n;
|
||
char fprbuf[3*20+1];
|
||
|
||
(void)print_them;
|
||
|
||
memset (zerodigest, 0, sizeof zerodigest);
|
||
|
||
if (!(fp = open_file (&filename, outfp)))
|
||
return gpg_error_from_syserror ();
|
||
|
||
dupitems_size = 1000;
|
||
dupitems = malloc (dupitems_size * sizeof *dupitems);
|
||
if (!dupitems)
|
||
{
|
||
gpg_error_t tmperr = gpg_error_from_syserror ();
|
||
fprintf (outfp, "error allocating array for '%s': %s\n",
|
||
filename, strerror(errno));
|
||
return tmperr;
|
||
}
|
||
dupitems_count = 0;
|
||
|
||
while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) )
|
||
{
|
||
unsigned char digest[20];
|
||
|
||
if (hash_blob_rawdata (blob, digest))
|
||
fprintf (outfp, "error in blob %ld of '%s'\n", recno, filename);
|
||
else if (memcmp (digest, zerodigest, 20))
|
||
{
|
||
if (dupitems_count >= dupitems_size)
|
||
{
|
||
struct dupitem_s *tmp;
|
||
|
||
dupitems_size += 1000;
|
||
tmp = realloc (dupitems, dupitems_size * sizeof *dupitems);
|
||
if (!tmp)
|
||
{
|
||
gpg_error_t tmperr = gpg_error_from_syserror ();
|
||
fprintf (outfp, "error reallocating array for '%s': %s\n",
|
||
filename, strerror(errno));
|
||
free (dupitems);
|
||
return tmperr;
|
||
}
|
||
dupitems = tmp;
|
||
}
|
||
dupitems[dupitems_count].recno = recno;
|
||
memcpy (dupitems[dupitems_count].digest, digest, 20);
|
||
dupitems_count++;
|
||
}
|
||
_keybox_release_blob (blob);
|
||
recno++;
|
||
}
|
||
if (rc == -1)
|
||
rc = 0;
|
||
if (rc)
|
||
fprintf (outfp, "error reading '%s': %s\n", filename, gpg_strerror (rc));
|
||
if (fp != stdin)
|
||
fclose (fp);
|
||
|
||
qsort (dupitems, dupitems_count, sizeof *dupitems, cmp_dupitems);
|
||
|
||
for (lastn=0, n=1; n < dupitems_count; lastn=n, n++)
|
||
{
|
||
if (!memcmp (dupitems[lastn].digest, dupitems[n].digest, 20))
|
||
{
|
||
bin2hexcolon (dupitems[lastn].digest, 20, fprbuf);
|
||
fprintf (outfp, "fpr=%s recno=%lu", fprbuf, dupitems[lastn].recno);
|
||
do
|
||
fprintf (outfp, " %lu", dupitems[n].recno);
|
||
while (++n < dupitems_count
|
||
&& !memcmp (dupitems[lastn].digest, dupitems[n].digest, 20));
|
||
putc ('\n', outfp);
|
||
n--;
|
||
}
|
||
}
|
||
|
||
free (dupitems);
|
||
|
||
return rc;
|
||
}
|
||
|
||
|
||
/* Print records with record numbers FROM to TO to OUTFP. */
|
||
int
|
||
_keybox_dump_cut_records (const char *filename, unsigned long from,
|
||
unsigned long to, FILE *outfp)
|
||
{
|
||
FILE *fp;
|
||
KEYBOXBLOB blob;
|
||
int rc;
|
||
unsigned long recno = 0;
|
||
|
||
if (!(fp = open_file (&filename, stderr)))
|
||
return gpg_error_from_syserror ();
|
||
|
||
while ( !(rc = _keybox_read_blob (&blob, fp, NULL)) )
|
||
{
|
||
if (recno > to)
|
||
break; /* Ready. */
|
||
if (recno >= from)
|
||
{
|
||
if ((rc = _keybox_write_blob (blob, outfp)))
|
||
{
|
||
fprintf (stderr, "error writing output: %s\n",
|
||
gpg_strerror (rc));
|
||
goto leave;
|
||
}
|
||
}
|
||
_keybox_release_blob (blob);
|
||
recno++;
|
||
}
|
||
if (rc == -1)
|
||
rc = 0;
|
||
if (rc)
|
||
fprintf (stderr, "error reading '%s': %s\n", filename, gpg_strerror (rc));
|
||
leave:
|
||
if (fp != stdin)
|
||
fclose (fp);
|
||
return rc;
|
||
}
|