1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 */ 52 #include "config.h" 53 54 #ifdef HAVE_SYS_CDEFS_H 55 #include <sys/cdefs.h> 56 #endif 57 58 #if defined(__NetBSD__) 59 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); 60 __RCSID("$NetBSD: keyring.c,v 1.22 2009/10/07 04:56:51 agc Exp $"); 61 #endif 62 63 #ifdef HAVE_FCNTL_H 64 #include <fcntl.h> 65 #endif 66 67 #include <stdlib.h> 68 #include <string.h> 69 70 #ifdef HAVE_TERMIOS_H 71 #include <termios.h> 72 #endif 73 74 #ifdef HAVE_UNISTD_H 75 #include <unistd.h> 76 #endif 77 78 #include "types.h" 79 #include "keyring.h" 80 #include "packet-parse.h" 81 #include "signature.h" 82 #include "netpgpsdk.h" 83 #include "readerwriter.h" 84 #include "netpgpdefs.h" 85 #include "packet.h" 86 #include "crypto.h" 87 #include "validate.h" 88 #include "netpgpdigest.h" 89 90 91 92 /** 93 \ingroup HighLevel_Keyring 94 95 \brief Creates a new __ops_key_t struct 96 97 \return A new __ops_key_t struct, initialised to zero. 98 99 \note The returned __ops_key_t struct must be freed after use with __ops_keydata_free. 100 */ 101 102 __ops_key_t * 103 __ops_keydata_new(void) 104 { 105 return calloc(1, sizeof(__ops_key_t)); 106 } 107 108 109 /** 110 \ingroup HighLevel_Keyring 111 112 \brief Frees keydata and its memory 113 114 \param keydata Key to be freed. 115 116 \note This frees the keydata itself, as well as any other memory alloc-ed by it. 117 */ 118 void 119 __ops_keydata_free(__ops_key_t *keydata) 120 { 121 unsigned n; 122 123 for (n = 0; n < keydata->uidc; ++n) { 124 __ops_userid_free(&keydata->uids[n]); 125 } 126 free(keydata->uids); 127 keydata->uids = NULL; 128 keydata->uidc = 0; 129 130 for (n = 0; n < keydata->packetc; ++n) { 131 __ops_subpacket_free(&keydata->packets[n]); 132 } 133 free(keydata->packets); 134 keydata->packets = NULL; 135 keydata->packetc = 0; 136 137 if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) { 138 __ops_pubkey_free(&keydata->key.pubkey); 139 } else { 140 __ops_seckey_free(&keydata->key.seckey); 141 } 142 143 free(keydata); 144 } 145 146 /** 147 \ingroup HighLevel_KeyGeneral 148 149 \brief Returns the public key in the given keydata. 150 \param keydata 151 152 \return Pointer to public key 153 154 \note This is not a copy, do not free it after use. 155 */ 156 157 const __ops_pubkey_t * 158 __ops_get_pubkey(const __ops_key_t *keydata) 159 { 160 return (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) ? 161 &keydata->key.pubkey : 162 &keydata->key.seckey.pubkey; 163 } 164 165 /** 166 \ingroup HighLevel_KeyGeneral 167 168 \brief Check whether this is a secret key or not. 169 */ 170 171 unsigned 172 __ops_is_key_secret(const __ops_key_t *data) 173 { 174 return data->type != OPS_PTAG_CT_PUBLIC_KEY; 175 } 176 177 /** 178 \ingroup HighLevel_KeyGeneral 179 180 \brief Returns the secret key in the given keydata. 181 182 \note This is not a copy, do not free it after use. 183 184 \note This returns a const. If you need to be able to write to this 185 pointer, use __ops_get_writable_seckey 186 */ 187 188 const __ops_seckey_t * 189 __ops_get_seckey(const __ops_key_t *data) 190 { 191 return (data->type == OPS_PTAG_CT_SECRET_KEY) ? 192 &data->key.seckey : NULL; 193 } 194 195 /** 196 \ingroup HighLevel_KeyGeneral 197 198 \brief Returns the secret key in the given keydata. 199 200 \note This is not a copy, do not free it after use. 201 202 \note If you do not need to be able to modify this key, there is an 203 equivalent read-only function __ops_get_seckey. 204 */ 205 206 __ops_seckey_t * 207 __ops_get_writable_seckey(__ops_key_t *data) 208 { 209 return (data->type == OPS_PTAG_CT_SECRET_KEY) ? 210 &data->key.seckey : NULL; 211 } 212 213 /* utility function to zero out memory */ 214 void 215 __ops_forget(void *vp, unsigned size) 216 { 217 (void) memset(vp, 0x0, size); 218 } 219 220 typedef struct { 221 const __ops_key_t *key; 222 char *passphrase; 223 __ops_seckey_t *seckey; 224 } decrypt_t; 225 226 static __ops_cb_ret_t 227 decrypt_cb(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) 228 { 229 const __ops_contents_t *content = &pkt->u; 230 decrypt_t *decrypt; 231 char pass[MAX_PASSPHRASE_LENGTH]; 232 233 decrypt = __ops_callback_arg(cbinfo); 234 switch (pkt->tag) { 235 case OPS_PARSER_PTAG: 236 case OPS_PTAG_CT_USER_ID: 237 case OPS_PTAG_CT_SIGNATURE: 238 case OPS_PTAG_CT_SIGNATURE_HEADER: 239 case OPS_PTAG_CT_SIGNATURE_FOOTER: 240 case OPS_PTAG_CT_TRUST: 241 break; 242 243 case OPS_GET_PASSPHRASE: 244 (void) __ops_getpassphrase(NULL, pass, sizeof(pass)); 245 *content->skey_passphrase.passphrase = strdup(pass); 246 return OPS_KEEP_MEMORY; 247 248 case OPS_PARSER_ERRCODE: 249 switch (content->errcode.errcode) { 250 case OPS_E_P_MPI_FORMAT_ERROR: 251 /* Generally this means a bad passphrase */ 252 fprintf(stderr, "Bad passphrase!\n"); 253 return OPS_RELEASE_MEMORY; 254 255 case OPS_E_P_PACKET_CONSUMED: 256 /* And this is because of an error we've accepted */ 257 return OPS_RELEASE_MEMORY; 258 default: 259 break; 260 } 261 (void) fprintf(stderr, "parse error: %s\n", 262 __ops_errcode(content->errcode.errcode)); 263 return OPS_FINISHED; 264 265 case OPS_PARSER_ERROR: 266 fprintf(stderr, "parse error: %s\n", content->error.error); 267 return OPS_FINISHED; 268 269 case OPS_PTAG_CT_SECRET_KEY: 270 if ((decrypt->seckey = calloc(1, sizeof(*decrypt->seckey))) == NULL) { 271 (void) fprintf(stderr, "decrypt_cb: bad alloc\n"); 272 return OPS_FINISHED; 273 } 274 decrypt->seckey->checkhash = calloc(1, OPS_CHECKHASH_SIZE); 275 *decrypt->seckey = content->seckey; 276 return OPS_KEEP_MEMORY; 277 278 case OPS_PARSER_PACKET_END: 279 /* nothing to do */ 280 break; 281 282 default: 283 fprintf(stderr, "Unexpected tag %d (0x%x)\n", pkt->tag, 284 pkt->tag); 285 return OPS_FINISHED; 286 } 287 288 return OPS_RELEASE_MEMORY; 289 } 290 291 /** 292 \ingroup Core_Keys 293 \brief Decrypts secret key from given keydata with given passphrase 294 \param key Key from which to get secret key 295 \param passphrase Passphrase to use to decrypt secret key 296 \return secret key 297 */ 298 __ops_seckey_t * 299 __ops_decrypt_seckey(const __ops_key_t *key) 300 { 301 __ops_stream_t *stream; 302 const int printerrors = 1; 303 decrypt_t decrypt; 304 305 (void) memset(&decrypt, 0x0, sizeof(decrypt)); 306 decrypt.key = key; 307 stream = __ops_new(sizeof(*stream)); 308 __ops_keydata_reader_set(stream, key); 309 __ops_set_callback(stream, decrypt_cb, &decrypt); 310 stream->readinfo.accumulate = 1; 311 __ops_parse(stream, !printerrors); 312 return decrypt.seckey; 313 } 314 315 /** 316 \ingroup Core_Keys 317 \brief Set secret key in content 318 \param content Content to be set 319 \param key Keydata to get secret key from 320 */ 321 void 322 __ops_set_seckey(__ops_contents_t *cont, const __ops_key_t *key) 323 { 324 *cont->get_seckey.seckey = &key->key.seckey; 325 } 326 327 /** 328 \ingroup Core_Keys 329 \brief Get Key ID from keydata 330 \param key Keydata to get Key ID from 331 \return Pointer to Key ID inside keydata 332 */ 333 const unsigned char * 334 __ops_get_key_id(const __ops_key_t *key) 335 { 336 return key->key_id; 337 } 338 339 /** 340 \ingroup Core_Keys 341 \brief How many User IDs in this key? 342 \param key Keydata to check 343 \return Num of user ids 344 */ 345 unsigned 346 __ops_get_userid_count(const __ops_key_t *key) 347 { 348 return key->uidc; 349 } 350 351 /** 352 \ingroup Core_Keys 353 \brief Get indexed user id from key 354 \param key Key to get user id from 355 \param index Which key to get 356 \return Pointer to requested user id 357 */ 358 const unsigned char * 359 __ops_get_userid(const __ops_key_t *key, unsigned subscript) 360 { 361 return key->uids[subscript].userid; 362 } 363 364 /** 365 \ingroup HighLevel_Supported 366 \brief Checks whether key's algorithm and type are supported by OpenPGP::SDK 367 \param keydata Key to be checked 368 \return 1 if key algorithm and type are supported by OpenPGP::SDK; 0 if not 369 */ 370 371 unsigned 372 __ops_is_key_supported(const __ops_key_t *key) 373 { 374 if (key->type == OPS_PTAG_CT_PUBLIC_KEY) { 375 if (key->key.pubkey.alg == OPS_PKA_RSA) { 376 return 1; 377 } 378 } else if (key->type == OPS_PTAG_CT_PUBLIC_KEY) { 379 if (key->key.pubkey.alg == OPS_PKA_DSA) { 380 return 1; 381 } 382 } 383 return 0; 384 } 385 386 /* \todo check where userid pointers are copied */ 387 /** 388 \ingroup Core_Keys 389 \brief Copy user id, including contents 390 \param dst Destination User ID 391 \param src Source User ID 392 \note If dst already has a userid, it will be freed. 393 */ 394 static __ops_userid_t * 395 __ops_copy_userid(__ops_userid_t *dst, const __ops_userid_t *src) 396 { 397 size_t len = strlen((char *) src->userid); 398 399 if (dst->userid) { 400 free(dst->userid); 401 } 402 if ((dst->userid = calloc(1, len + 1)) == NULL) { 403 (void) fprintf(stderr, "__ops_copy_userid: bad alloc\n"); 404 } else { 405 (void) memcpy(dst->userid, src->userid, len); 406 } 407 return dst; 408 } 409 410 /* \todo check where pkt pointers are copied */ 411 /** 412 \ingroup Core_Keys 413 \brief Copy packet, including contents 414 \param dst Destination packet 415 \param src Source packet 416 \note If dst already has a packet, it will be freed. 417 */ 418 static __ops_subpacket_t * 419 __ops_copy_packet(__ops_subpacket_t *dst, const __ops_subpacket_t *src) 420 { 421 if (dst->raw) { 422 free(dst->raw); 423 } 424 if ((dst->raw = calloc(1, src->length)) == NULL) { 425 (void) fprintf(stderr, "__ops_copy_packet: bad alloc\n"); 426 } else { 427 dst->length = src->length; 428 (void) memcpy(dst->raw, src->raw, src->length); 429 } 430 return dst; 431 } 432 433 /** 434 \ingroup Core_Keys 435 \brief Add User ID to key 436 \param key Key to which to add User ID 437 \param userid User ID to add 438 \return Pointer to new User ID 439 */ 440 __ops_userid_t * 441 __ops_add_userid(__ops_key_t *key, const __ops_userid_t *userid) 442 { 443 __ops_userid_t *uidp; 444 445 EXPAND_ARRAY(key, uid); 446 /* initialise new entry in array */ 447 uidp = &key->uids[key->uidc++]; 448 uidp->userid = NULL; 449 /* now copy it */ 450 return __ops_copy_userid(uidp, userid); 451 } 452 453 /** 454 \ingroup Core_Keys 455 \brief Add packet to key 456 \param keydata Key to which to add packet 457 \param packet Packet to add 458 \return Pointer to new packet 459 */ 460 __ops_subpacket_t * 461 __ops_add_subpacket(__ops_key_t *keydata, const __ops_subpacket_t *packet) 462 { 463 __ops_subpacket_t *subpktp; 464 465 EXPAND_ARRAY(keydata, packet); 466 467 /* initialise new entry in array */ 468 subpktp = &keydata->packets[keydata->packetc++]; 469 subpktp->length = 0; 470 subpktp->raw = NULL; 471 /* now copy it */ 472 return __ops_copy_packet(subpktp, packet); 473 } 474 475 /** 476 \ingroup Core_Keys 477 \brief Add signed User ID to key 478 \param keydata Key to which to add signed User ID 479 \param userid User ID to add 480 \param sigpacket Packet to add 481 */ 482 void 483 __ops_add_signed_userid(__ops_key_t *keydata, 484 const __ops_userid_t *userid, 485 const __ops_subpacket_t *sigpacket) 486 { 487 __ops_subpacket_t *pkt; 488 __ops_userid_t *uid; 489 490 uid = __ops_add_userid(keydata, userid); 491 pkt = __ops_add_subpacket(keydata, sigpacket); 492 493 /* 494 * add entry in sigs array to link the userid and sigpacket 495 * and add ptr to it from the sigs array */ 496 EXPAND_ARRAY(keydata, sig); 497 498 /**setup new entry in array */ 499 keydata->sigs[keydata->sigc].userid = uid; 500 keydata->sigs[keydata->sigc].packet = pkt; 501 502 keydata->sigc++; 503 } 504 505 /** 506 \ingroup Core_Keys 507 \brief Add selfsigned User ID to key 508 \param keydata Key to which to add user ID 509 \param userid Self-signed User ID to add 510 \return 1 if OK; else 0 511 */ 512 unsigned 513 __ops_add_selfsigned_userid(__ops_key_t *keydata, __ops_userid_t *userid) 514 { 515 __ops_create_sig_t *sig; 516 __ops_subpacket_t sigpacket; 517 __ops_memory_t *mem_userid = NULL; 518 __ops_output_t *useridoutput = NULL; 519 __ops_memory_t *mem_sig = NULL; 520 __ops_output_t *sigoutput = NULL; 521 522 /* 523 * create signature packet for this userid 524 */ 525 526 /* create userid pkt */ 527 __ops_setup_memory_write(&useridoutput, &mem_userid, 128); 528 __ops_write_struct_userid(useridoutput, userid); 529 530 /* create sig for this pkt */ 531 sig = __ops_create_sig_new(); 532 __ops_sig_start_key_sig(sig, &keydata->key.seckey.pubkey, userid, 533 OPS_CERT_POSITIVE); 534 __ops_add_birthtime(sig, time(NULL)); 535 __ops_add_issuer_keyid(sig, keydata->key_id); 536 __ops_add_primary_userid(sig, 1); 537 __ops_end_hashed_subpkts(sig); 538 539 __ops_setup_memory_write(&sigoutput, &mem_sig, 128); 540 __ops_write_sig(sigoutput, sig, &keydata->key.seckey.pubkey, 541 &keydata->key.seckey); 542 543 /* add this packet to keydata */ 544 sigpacket.length = __ops_mem_len(mem_sig); 545 sigpacket.raw = __ops_mem_data(mem_sig); 546 547 /* add userid to keydata */ 548 __ops_add_signed_userid(keydata, userid, &sigpacket); 549 550 /* cleanup */ 551 __ops_create_sig_delete(sig); 552 __ops_output_delete(useridoutput); 553 __ops_output_delete(sigoutput); 554 __ops_memory_free(mem_userid); 555 __ops_memory_free(mem_sig); 556 557 return 1; 558 } 559 560 /** 561 \ingroup Core_Keys 562 \brief Initialise __ops_key_t 563 \param keydata Keydata to initialise 564 \param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY 565 */ 566 void 567 __ops_keydata_init(__ops_key_t *keydata, const __ops_content_tag_t type) 568 { 569 if (keydata->type != OPS_PTAG_CT_RESERVED) { 570 (void) fprintf(stderr, 571 "__ops_keydata_init: wrong keydata type\n"); 572 } else if (type != OPS_PTAG_CT_PUBLIC_KEY && 573 type != OPS_PTAG_CT_SECRET_KEY) { 574 (void) fprintf(stderr, "__ops_keydata_init: wrong type\n"); 575 } else { 576 keydata->type = type; 577 } 578 } 579 580 581 static __ops_cb_ret_t 582 cb_keyring_read(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) 583 { 584 __OPS_USED(cbinfo); 585 586 switch (pkt->tag) { 587 case OPS_PARSER_PTAG: 588 case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: /* we get these because we 589 * didn't prompt */ 590 case OPS_PTAG_CT_SIGNATURE_HEADER: 591 case OPS_PTAG_CT_SIGNATURE_FOOTER: 592 case OPS_PTAG_CT_SIGNATURE: 593 case OPS_PTAG_CT_TRUST: 594 case OPS_PARSER_ERRCODE: 595 break; 596 597 default: 598 ; 599 } 600 601 return OPS_RELEASE_MEMORY; 602 } 603 604 /** 605 \ingroup HighLevel_KeyringRead 606 607 \brief Reads a keyring from a file 608 609 \param keyring Pointer to an existing __ops_keyring_t struct 610 \param armour 1 if file is armoured; else 0 611 \param filename Filename of keyring to be read 612 613 \return __ops 1 if OK; 0 on error 614 615 \note Keyring struct must already exist. 616 617 \note Can be used with either a public or secret keyring. 618 619 \note You must call __ops_keyring_free() after usage to free alloc-ed memory. 620 621 \note If you call this twice on the same keyring struct, without calling 622 __ops_keyring_free() between these calls, you will introduce a memory leak. 623 624 \sa __ops_keyring_read_from_mem() 625 \sa __ops_keyring_free() 626 627 */ 628 629 unsigned 630 __ops_keyring_fileread(__ops_keyring_t *keyring, 631 const unsigned armour, 632 const char *filename) 633 { 634 __ops_stream_t *stream; 635 unsigned res = 1; 636 int fd; 637 638 stream = __ops_new(sizeof(*stream)); 639 640 /* add this for the moment, */ 641 /* 642 * \todo need to fix the problems with reading signature subpackets 643 * later 644 */ 645 646 /* __ops_parse_options(parse,OPS_PTAG_SS_ALL,OPS_PARSE_RAW); */ 647 __ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); 648 649 #ifdef O_BINARY 650 fd = open(filename, O_RDONLY | O_BINARY); 651 #else 652 fd = open(filename, O_RDONLY); 653 #endif 654 if (fd < 0) { 655 __ops_stream_delete(stream); 656 perror(filename); 657 return 0; 658 } 659 #ifdef USE_MMAP_FOR_FILES 660 __ops_reader_set_mmap(stream, fd); 661 #else 662 __ops_reader_set_fd(stream, fd); 663 #endif 664 665 __ops_set_callback(stream, cb_keyring_read, NULL); 666 667 if (armour) { 668 __ops_reader_push_dearmour(stream); 669 } 670 if (__ops_parse_and_accumulate(keyring, stream) == 0) { 671 res = 0; 672 } else { 673 res = 1; 674 } 675 __ops_print_errors(__ops_stream_get_errors(stream)); 676 677 if (armour) 678 __ops_reader_pop_dearmour(stream); 679 680 close(fd); 681 682 __ops_stream_delete(stream); 683 684 return res; 685 } 686 687 /** 688 \ingroup HighLevel_KeyringRead 689 690 \brief Reads a keyring from memory 691 692 \param keyring Pointer to existing __ops_keyring_t struct 693 \param armour 1 if file is armoured; else 0 694 \param mem Pointer to a __ops_memory_t struct containing keyring to be read 695 696 \return __ops 1 if OK; 0 on error 697 698 \note Keyring struct must already exist. 699 700 \note Can be used with either a public or secret keyring. 701 702 \note You must call __ops_keyring_free() after usage to free alloc-ed memory. 703 704 \note If you call this twice on the same keyring struct, without calling 705 __ops_keyring_free() between these calls, you will introduce a memory leak. 706 707 \sa __ops_keyring_fileread 708 \sa __ops_keyring_free 709 */ 710 unsigned 711 __ops_keyring_read_from_mem(__ops_io_t *io, 712 __ops_keyring_t *keyring, 713 const unsigned armour, 714 __ops_memory_t *mem) 715 { 716 __ops_stream_t *stream; 717 const unsigned noaccum = 0; 718 unsigned res; 719 720 stream = __ops_new(sizeof(*stream)); 721 __ops_parse_options(stream, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); 722 __ops_setup_memory_read(io, &stream, mem, NULL, cb_keyring_read, 723 noaccum); 724 if (armour) { 725 __ops_reader_push_dearmour(stream); 726 } 727 res = (unsigned)__ops_parse_and_accumulate(keyring, stream); 728 __ops_print_errors(__ops_stream_get_errors(stream)); 729 if (armour) { 730 __ops_reader_pop_dearmour(stream); 731 } 732 /* don't call teardown_memory_read because memory was passed in */ 733 __ops_stream_delete(stream); 734 return res; 735 } 736 737 /** 738 \ingroup HighLevel_KeyringRead 739 740 \brief Frees keyring's contents (but not keyring itself) 741 742 \param keyring Keyring whose data is to be freed 743 744 \note This does not free keyring itself, just the memory alloc-ed in it. 745 */ 746 void 747 __ops_keyring_free(__ops_keyring_t *keyring) 748 { 749 (void)free(keyring->keys); 750 keyring->keys = NULL; 751 keyring->keyc = keyring->keyvsize = 0; 752 } 753 754 /** 755 \ingroup HighLevel_KeyringFind 756 757 \brief Finds key in keyring from its Key ID 758 759 \param keyring Keyring to be searched 760 \param keyid ID of required key 761 762 \return Pointer to key, if found; NULL, if not found 763 764 \note This returns a pointer to the key inside the given keyring, 765 not a copy. Do not free it after use. 766 767 */ 768 const __ops_key_t * 769 __ops_getkeybyid(__ops_io_t *io, const __ops_keyring_t *keyring, 770 const unsigned char keyid[OPS_KEY_ID_SIZE]) 771 { 772 unsigned n; 773 774 for (n = 0; keyring && n < keyring->keyc; n++) { 775 if (__ops_get_debug_level(__FILE__)) { 776 int i; 777 778 (void) fprintf(io->errs, 779 "__ops_getkeybyid: keyring keyid "); 780 for (i = 0 ; i < OPS_KEY_ID_SIZE ; i++) { 781 (void) fprintf(io->errs, "%02x", 782 keyring->keys[n].key_id[i]); 783 } 784 (void) fprintf(io->errs, ", keyid "); 785 for (i = 0 ; i < OPS_KEY_ID_SIZE ; i++) { 786 (void) fprintf(io->errs, "%02x", keyid[i]); 787 } 788 (void) fprintf(io->errs, "\n"); 789 } 790 if (memcmp(keyring->keys[n].key_id, keyid, 791 OPS_KEY_ID_SIZE) == 0) { 792 return &keyring->keys[n]; 793 } 794 if (memcmp(&keyring->keys[n].key_id[OPS_KEY_ID_SIZE / 2], 795 keyid, OPS_KEY_ID_SIZE / 2) == 0) { 796 return &keyring->keys[n]; 797 } 798 } 799 return NULL; 800 } 801 802 /* convert a string keyid into a binary keyid */ 803 static void 804 str2keyid(const char *userid, unsigned char *keyid, size_t len) 805 { 806 static const char *uppers = "0123456789ABCDEF"; 807 static const char *lowers = "0123456789abcdef"; 808 unsigned char hichar; 809 unsigned char lochar; 810 size_t j; 811 const char *hi; 812 const char *lo; 813 int i; 814 815 for (i = j = 0 ; j < len && userid[i] && userid[i + 1] ; i += 2, j++) { 816 if ((hi = strchr(uppers, userid[i])) == NULL) { 817 if ((hi = strchr(lowers, userid[i])) == NULL) { 818 break; 819 } 820 hichar = (hi - lowers); 821 } else { 822 hichar = (hi - uppers); 823 } 824 if ((lo = strchr(uppers, userid[i + 1])) == NULL) { 825 if ((lo = strchr(lowers, userid[i + 1])) == NULL) { 826 break; 827 } 828 lochar = (lo - lowers); 829 } else { 830 lochar = (lo - uppers); 831 } 832 keyid[j] = (hichar << 4) | (lochar); 833 } 834 keyid[j] = 0x0; 835 } 836 837 /** 838 \ingroup HighLevel_KeyringFind 839 840 \brief Finds key from its User ID 841 842 \param keyring Keyring to be searched 843 \param userid User ID of required key 844 845 \return Pointer to Key, if found; NULL, if not found 846 847 \note This returns a pointer to the key inside the keyring, not a 848 copy. Do not free it. 849 850 */ 851 const __ops_key_t * 852 __ops_getkeybyname(__ops_io_t *io, 853 const __ops_keyring_t *keyring, 854 const char *name) 855 { 856 const __ops_key_t *kp; 857 __ops_key_t *keyp; 858 __ops_userid_t *uidp; 859 unsigned char keyid[OPS_KEY_ID_SIZE + 1]; 860 unsigned int i = 0; 861 size_t len; 862 char *cp; 863 unsigned n; 864 865 if (!keyring) { 866 return NULL; 867 } 868 len = strlen(name); 869 n = 0; 870 for (keyp = &keyring->keys[n]; n < keyring->keyc; ++n, keyp++) { 871 for (i = 0, uidp = keyp->uids; i < keyp->uidc; i++, uidp++) { 872 if (__ops_get_debug_level(__FILE__)) { 873 (void) fprintf(io->outs, 874 "[%u][%u] name %s, last '%d'\n", 875 n, i, uidp->userid, 876 uidp->userid[len]); 877 } 878 if (strncmp((char *) uidp->userid, name, len) == 0 && 879 uidp->userid[len] == ' ') { 880 return keyp; 881 } 882 } 883 } 884 885 if (strchr(name, '@') == NULL) { 886 /* no '@' sign */ 887 /* first try name as a keyid */ 888 (void) memset(keyid, 0x0, sizeof(keyid)); 889 str2keyid(name, keyid, sizeof(keyid)); 890 if (__ops_get_debug_level(__FILE__)) { 891 (void) fprintf(io->outs, 892 "name \"%s\", keyid %02x%02x%02x%02x\n", 893 name, 894 keyid[0], keyid[1], keyid[2], keyid[3]); 895 } 896 if ((kp = __ops_getkeybyid(io, keyring, keyid)) != NULL) { 897 return kp; 898 } 899 /* match on full name */ 900 keyp = keyring->keys; 901 for (n = 0; n < keyring->keyc; ++n, keyp++) { 902 uidp = keyp->uids; 903 for (i = 0 ; i < keyp->uidc; i++, uidp++) { 904 if (__ops_get_debug_level(__FILE__)) { 905 (void) fprintf(io->outs, 906 "keyid \"%s\" len %" 907 PRIsize "u, keyid[len] '%c'\n", 908 (char *) uidp->userid, 909 len, uidp->userid[len]); 910 } 911 if (strncasecmp((char *) uidp->userid, name, 912 len) == 0 && uidp->userid[len] == ' ') { 913 return keyp; 914 } 915 } 916 } 917 } 918 /* match on <email@address> */ 919 keyp = keyring->keys; 920 for (n = 0; n < keyring->keyc; ++n, keyp++) { 921 for (i = 0, uidp = keyp->uids; i < keyp->uidc; i++, uidp++) { 922 /* 923 * look for the rightmost '<', in case there is one 924 * in the comment field 925 */ 926 cp = strrchr((char *) uidp->userid, '<'); 927 if (cp != NULL) { 928 if (__ops_get_debug_level(__FILE__)) { 929 (void) fprintf(io->errs, 930 "cp ,%s, name ,%s, len %" 931 PRIsize "u ,%c,\n", 932 cp + 1, 933 name, 934 len, 935 *(cp + len + 1)); 936 } 937 if (strncasecmp(cp + 1, name, len) == 0 && 938 *(cp + len + 1) == '>') { 939 return keyp; 940 } 941 } 942 } 943 } 944 return NULL; 945 } 946 947 /** 948 \ingroup HighLevel_KeyringList 949 950 \brief Prints all keys in keyring to stdout. 951 952 \param keyring Keyring to use 953 954 \return none 955 */ 956 int 957 __ops_keyring_list(__ops_io_t *io, const __ops_keyring_t *keyring) 958 { 959 __ops_key_t *key; 960 unsigned n; 961 962 (void) fprintf(io->res, "%u keys\n", keyring->keyc); 963 for (n = 0, key = keyring->keys; n < keyring->keyc; ++n, ++key) { 964 if (__ops_is_key_secret(key)) { 965 __ops_print_seckeydata(io, key); 966 } else { 967 __ops_print_pubkeydata(io, key); 968 } 969 (void) fputc('\n', io->res); 970 } 971 return 1; 972 } 973 974 static unsigned 975 get_contents_type(const __ops_key_t *keydata) 976 { 977 return keydata->type; 978 } 979 980 /* this interface isn't right - hook into callback for getting passphrase */ 981 int 982 __ops_export_key(const __ops_key_t *keydata, unsigned char *passphrase) 983 { 984 __ops_output_t *output; 985 __ops_memory_t *mem; 986 987 __ops_setup_memory_write(&output, &mem, 128); 988 if (get_contents_type(keydata) == OPS_PTAG_CT_PUBLIC_KEY) { 989 __ops_write_xfer_pubkey(output, keydata, 1); 990 } else { 991 __ops_write_xfer_seckey(output, keydata, passphrase, 992 strlen((char *)passphrase), 1); 993 } 994 printf("%s", (char *) __ops_mem_data(mem)); 995 __ops_teardown_memory_write(output, mem); 996 return 1; 997 } 998