1 /* keybox-blob.c - KBX Blob handling
2 * Copyright (C) 2000, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 * The keybox data format
23 The KeyBox uses an augmented OpenPGP/X.509 key format. This makes
24 random access to a keyblock/certificate easier and also gives the
25 opportunity to store additional information (e.g. the fingerprint)
26 along with the key. All integers are stored in network byte order,
27 offsets are counted from the beginning of the Blob.
29 ** Overview of blob types
31 | Byte 4 | Blob type |
32 |--------+--------------|
40 The first blob of a plain KBX file has a special format:
42 - u32 Length of this blob
44 - byte Version number (1)
47 bit 1 - Is being or has been used for OpenPGP blobs
51 - u32 last_maintenance_run
55 ** The OpenPGP and X.509 blobs
57 The OpenPGP and X.509 blobs are very similiar, things which are
58 X.509 specific are noted like [X.509: xxx]
60 - u32 Length of this blob (including these 4 bytes)
64 - byte Version number of this blob type
65 1 = The only defined value
67 bit 0 = contains secret key material (not used)
68 bit 1 = ephemeral blob (e.g. used while quering external resources)
69 - u32 Offset to the OpenPGP keyblock or the X.509 DER encoded
71 - u32 The length of the keyblock or certificate
72 - u16 [NKEYS] Number of keys (at least 1!) [X509: always 1]
73 - u16 Size of the key information structure (at least 28).
75 - b20 The fingerprint of the key.
76 Fingerprints are always 20 bytes, MD5 left padded with zeroes.
77 - u32 Offset to the n-th key's keyID (a keyID is always 8 byte)
78 or 0 if not known which is the case only for X.509.
80 bit 0 = qualified signature (not yet implemented}
82 - bN Optional filler up to the specified length of this
84 - u16 Size of the serial number (may be zero)
85 - bN The serial number. N as giiven above.
86 - u16 Number of user IDs
87 - u16 [NUIDS] Size of user ID information structure
90 For X509, the first user ID is the Issuer, the second the
91 Subject and the others are subjectAltNames. For OpenPGP we only
92 store the information from UserID packets here.
94 - u32 Blob offset to the n-th user ID
95 - u32 Length of this user ID.
101 - u16 [NSIGS] Number of signatures
102 - u16 Size of signature information (4)
104 - u32 Expiration time of signature with some special values:
105 - 0x00000000 = not checked
106 - 0x00000001 = missing key
107 - 0x00000002 = bad signature
108 - 0x10000000 = valid and expires at some date in 1978.
109 - 0xffffffff = valid and does not expire
110 - u8 Assigned ownertrust [X509: not used]
112 OpenPGP: See ../g10/trustdb/TRUST_* [not yet used]
113 X509: Bit 4 set := key has been revoked.
114 Note that this value matches TRUST_FLAG_REVOKED
117 - u32 Latest timestamp in the keyblock (useful for KS syncronsiation?)
118 - u32 Blob created at
119 - u32 [NRES] Size of reserved space (not including this field)
120 - bN Reserved space of size NRES for future use.
121 - bN Arbitrary space for example used to store data which is not
122 part of the keyblock or certificate. For example the v3 key
124 - bN Space for the keyblock or certificate.
125 - bN RFU. This is the remaining space after keyblock and before
126 the checksum. Is is not covered by the checksum.
127 - b20 SHA-1 checksum (useful for KS syncronisation?)
128 Note, that KBX versions before GnuPG 2.1 used an MD5
129 checksum. However it was only created but never checked.
130 Thus we do not expect problems if we switch to SHA-1. If
131 the checksum fails and the first 4 bytes are zero, we can
132 try again with MD5. SHA-1 has the advantage that it is
133 faster on CPUs with dedicated SHA-1 support.
147 #include "keybox-defs.h"
150 #ifdef KEYBOX_WITH_X509
155 #include "../common/gettime.h"
158 /* special values of the signature status */
159 #define SF_NONE(a) ( !(a) )
160 #define SF_NOKEY(a) ((a) & (1<<0))
161 #define SF_BAD(a) ((a) & (1<<1))
162 #define SF_VALID(a) ((a) & (1<<29))
173 /* #if MAX_FINGERPRINT_LEN < 20 */
174 /* #error fingerprints are 20 bytes */
177 struct keyboxblob_key {
183 struct keyboxblob_uid {
186 char *name; /* used only with x509 */
193 struct keyid_list *next;
199 struct fixup_list *next;
210 /* stuff used only by keybox_create_blob */
211 unsigned char *serialbuf;
212 const unsigned char *serial;
215 struct keyboxblob_key *keys;
217 struct keyboxblob_uid *uids;
220 struct fixup_list *fixups;
221 int fixup_out_of_core;
223 struct keyid_list *temp_kids;
224 struct membuf bufbuf; /* temporary store for the blob */
230 /* A simple implemention of a dynamic buffer. Use init_membuf() to
231 create a buffer, put_membuf to append bytes and get_membuf to
232 release and return the buffer. Allocation errors are detected but
233 only returned at the final get_membuf(), this helps not to clutter
234 the code with out of core checks. */
237 init_membuf (struct membuf *mb, int initiallen)
240 mb->size = initiallen;
242 mb->buf = xtrymalloc (initiallen);
248 put_membuf (struct membuf *mb, const void *buf, size_t len)
253 if (mb->len + len >= mb->size)
257 mb->size += len + 1024;
258 p = xtryrealloc (mb->buf, mb->size);
267 memcpy (mb->buf + mb->len, buf, len);
269 memset (mb->buf + mb->len, 0, len);
274 get_membuf (struct membuf *mb, size_t *len)
288 mb->out_of_core = 1; /* don't allow a reuse */
294 put8 (struct membuf *mb, byte a )
296 put_membuf (mb, &a, 1);
300 put16 (struct membuf *mb, u16 a )
302 unsigned char tmp[2];
305 put_membuf (mb, tmp, 2);
309 put32 (struct membuf *mb, u32 a )
311 unsigned char tmp[4];
316 put_membuf (mb, tmp, 4);
321 /* Store a value in the fixup list */
323 add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
325 struct fixup_list *fl;
327 if (blob->fixup_out_of_core)
330 fl = xtrycalloc(1, sizeof *fl);
332 blob->fixup_out_of_core = 1;
337 fl->next = blob->fixups;
345 OpenPGP specific stuff
349 /* We must store the keyid at some place because we can't calculate
350 the offset yet. This is only used for v3 keyIDs. Function returns
351 an index value for later fixup or -1 for out of core. The value
352 must be a non-zero value. */
354 pgp_temp_store_kid (KEYBOXBLOB blob, struct _keybox_openpgp_key_info *kinfo)
356 struct keyid_list *k, *r;
358 k = xtrymalloc (sizeof *k);
361 memcpy (k->kid, kinfo->keyid, 8);
363 k->next = blob->temp_kids;
365 for (r=k; r; r = r->next)
372 /* Helper for pgp_create_key_part. */
374 pgp_create_key_part_single (KEYBOXBLOB blob, int n,
375 struct _keybox_openpgp_key_info *kinfo)
380 fprlen = kinfo->fprlen;
383 memcpy (blob->keys[n].fpr, kinfo->fpr, fprlen);
384 if (fprlen != 20) /* v3 fpr - shift right and fill with zeroes. */
386 memmove (blob->keys[n].fpr + 20 - fprlen, blob->keys[n].fpr, fprlen);
387 memset (blob->keys[n].fpr, 0, 20 - fprlen);
388 off = pgp_temp_store_kid (blob, kinfo);
390 return gpg_error_from_syserror ();
391 blob->keys[n].off_kid = off;
394 blob->keys[n].off_kid = 0; /* Will be fixed up later */
395 blob->keys[n].flags = 0;
401 pgp_create_key_part (KEYBOXBLOB blob, keybox_openpgp_info_t info)
405 struct _keybox_openpgp_key_info *kinfo;
407 err = pgp_create_key_part_single (blob, n++, &info->primary);
411 for (kinfo = &info->subkeys; kinfo; kinfo = kinfo->next)
412 if ((err=pgp_create_key_part_single (blob, n++, kinfo)))
415 assert (n == blob->nkeys);
421 pgp_create_uid_part (KEYBOXBLOB blob, keybox_openpgp_info_t info)
424 struct _keybox_openpgp_uid_info *u;
428 for (u = &info->uids; u; u = u->next)
430 blob->uids[n].off = u->off;
431 blob->uids[n].len = u->len;
432 blob->uids[n].flags = 0;
433 blob->uids[n].validity = 0;
438 assert (n == blob->nuids);
443 pgp_create_sig_part (KEYBOXBLOB blob, u32 *sigstatus)
447 for (n=0; n < blob->nsigs; n++)
449 blob->sigs[n] = sigstatus? sigstatus[n+1] : 0;
455 pgp_create_blob_keyblock (KEYBOXBLOB blob,
456 const unsigned char *image, size_t imagelen)
458 struct membuf *a = blob->buf;
460 u32 kbstart = a->len;
462 add_fixup (blob, 8, kbstart);
464 for (n = 0; n < blob->nuids; n++)
465 add_fixup (blob, blob->uids[n].off_addr, kbstart + blob->uids[n].off);
467 put_membuf (a, image, imagelen);
469 add_fixup (blob, 12, a->len - kbstart);
475 #ifdef KEYBOX_WITH_X509
480 /* Write the raw certificate out */
482 x509_create_blob_cert (KEYBOXBLOB blob, ksba_cert_t cert)
484 struct membuf *a = blob->buf;
485 const unsigned char *image;
487 u32 kbstart = a->len;
489 /* Store our offset for later fixup */
490 add_fixup (blob, 8, kbstart);
492 image = ksba_cert_get_image (cert, &length);
494 return gpg_error (GPG_ERR_GENERAL);
495 put_membuf (a, image, length);
497 add_fixup (blob, 12, a->len - kbstart);
501 #endif /*KEYBOX_WITH_X509*/
503 /* Write a stored keyID out to the buffer */
505 write_stored_kid (KEYBOXBLOB blob, int seqno)
507 struct keyid_list *r;
509 for ( r = blob->temp_kids; r; r = r->next )
511 if (r->seqno == seqno )
513 put_membuf (blob->buf, r->kid, 8);
520 /* Release a list of key IDs */
522 release_kid_list (struct keyid_list *kl)
524 struct keyid_list *r, *r2;
526 for ( r = kl; r; r = r2 )
536 create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
538 struct membuf *a = blob->buf;
541 put32 ( a, 0 ); /* blob length, needs fixup */
543 put8 ( a, 1 ); /* blob type version */
544 put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
546 put32 ( a, 0 ); /* offset to the raw data, needs fixup */
547 put32 ( a, 0 ); /* length of the raw data, needs fixup */
549 put16 ( a, blob->nkeys );
550 put16 ( a, 20 + 4 + 2 + 2 ); /* size of key info */
551 for ( i=0; i < blob->nkeys; i++ )
553 put_membuf (a, blob->keys[i].fpr, 20);
554 blob->keys[i].off_kid_addr = a->len;
555 put32 ( a, 0 ); /* offset to keyid, fixed up later */
556 put16 ( a, blob->keys[i].flags );
557 put16 ( a, 0 ); /* reserved */
560 put16 (a, blob->seriallen); /*fixme: check that it fits into 16 bits*/
562 put_membuf (a, blob->serial, blob->seriallen);
564 put16 ( a, blob->nuids );
565 put16 ( a, 4 + 4 + 2 + 1 + 1 ); /* size of uid info */
566 for (i=0; i < blob->nuids; i++)
568 blob->uids[i].off_addr = a->len;
569 put32 ( a, 0 ); /* offset to userid, fixed up later */
570 put32 ( a, blob->uids[i].len );
571 put16 ( a, blob->uids[i].flags );
572 put8 ( a, 0 ); /* validity */
573 put8 ( a, 0 ); /* reserved */
576 put16 ( a, blob->nsigs );
577 put16 ( a, 4 ); /* size of sig info */
578 for (i=0; i < blob->nsigs; i++)
580 put32 ( a, blob->sigs[i]);
583 put8 ( a, 0 ); /* assigned ownertrust */
584 put8 ( a, 0 ); /* validity of all user IDs */
585 put16 ( a, 0 ); /* reserved */
586 put32 ( a, 0 ); /* time of next recheck */
587 put32 ( a, 0 ); /* newest timestamp (none) */
588 put32 ( a, make_timestamp() ); /* creation time */
589 put32 ( a, 0 ); /* size of reserved space */
590 /* reserved space (which is currently of size 0) */
592 /* space where we write keyIDs and and other stuff so that the
593 pointers can actually point to somewhere */
594 if (blobtype == KEYBOX_BLOBTYPE_PGP)
596 /* We need to store the keyids for all pgp v3 keys because those key
597 IDs are not part of the fingerprint. While we are doing that, we
598 fixup all the keyID offsets */
599 for (i=0; i < blob->nkeys; i++ )
601 if (blob->keys[i].off_kid)
602 { /* this is a v3 one */
603 add_fixup (blob, blob->keys[i].off_kid_addr, a->len);
604 write_stored_kid (blob, blob->keys[i].off_kid);
607 { /* the better v4 key IDs - just store an offset 8 bytes back */
608 add_fixup (blob, blob->keys[i].off_kid_addr,
609 blob->keys[i].off_kid_addr - 8);
614 if (blobtype == KEYBOX_BLOBTYPE_X509)
616 /* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
617 the utf-8 string represenation of them */
618 for (i=0; i < blob->nuids; i++ )
620 if (blob->uids[i].name)
621 { /* this is a v3 one */
622 add_fixup (blob, blob->uids[i].off_addr, a->len);
623 put_membuf (blob->buf, blob->uids[i].name, blob->uids[i].len);
634 create_blob_trailer (KEYBOXBLOB blob)
642 create_blob_finish (KEYBOXBLOB blob)
644 struct membuf *a = blob->buf;
649 /* Write a placeholder for the checksum */
650 put_membuf (a, NULL, 20);
652 /* get the memory area */
653 n = 0; /* (Just to avoid compiler warning.) */
654 p = get_membuf (a, &n);
656 return gpg_error (GPG_ERR_ENOMEM);
659 /* fixup the length */
660 add_fixup (blob, 0, n);
663 if (blob->fixup_out_of_core)
664 return gpg_error (GPG_ERR_ENOMEM);
667 struct fixup_list *fl;
668 for (fl = blob->fixups; fl; fl = fl->next)
670 assert (fl->off+4 <= n);
671 p[fl->off+0] = fl->val >> 24;
672 p[fl->off+1] = fl->val >> 16;
673 p[fl->off+2] = fl->val >> 8;
674 p[fl->off+3] = fl->val;
678 /* Compute and store the SHA-1 checksum. */
679 gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 20);
683 return gpg_error_from_syserror ();
694 _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
695 keybox_openpgp_info_t info,
696 const unsigned char *image,
706 /* If we have a signature status vector, check that the number of
707 elements matches the actual number of signatures. */
708 if (sigstatus && sigstatus[0] != info->nsigs)
709 return gpg_error (GPG_ERR_INTERNAL);
711 blob = xtrycalloc (1, sizeof *blob);
713 return gpg_error_from_syserror ();
715 blob->nkeys = 1 + info->nsubkeys;
716 blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
719 err = gpg_error_from_syserror ();
723 blob->nuids = info->nuids;
726 blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
729 err = gpg_error_from_syserror ();
734 blob->nsigs = info->nsigs;
737 blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
740 err = gpg_error_from_syserror ();
745 err = pgp_create_key_part (blob, info);
748 pgp_create_uid_part (blob, info);
749 pgp_create_sig_part (blob, sigstatus);
751 init_membuf (&blob->bufbuf, 1024);
752 blob->buf = &blob->bufbuf;
753 err = create_blob_header (blob, KEYBOX_BLOBTYPE_PGP, as_ephemeral);
756 err = pgp_create_blob_keyblock (blob, image, imagelen);
759 err = create_blob_trailer (blob);
762 err = create_blob_finish (blob);
767 release_kid_list (blob->temp_kids);
768 blob->temp_kids = NULL;
770 _keybox_release_blob (blob);
777 #ifdef KEYBOX_WITH_X509
779 /* Return an allocated string with the email address extracted from a
780 DN. Note hat we use this code also in ../sm/keylist.c. */
782 x509_email_kludge (const char *name)
784 const char *p, *string;
791 p = strstr (string, "1.2.840.113549.1.9.1=#");
794 if (p == name || (p > string+1 && p[-1] == ',' && p[-2] != '\\'))
803 /* This looks pretty much like an email address in the subject's DN
804 we use this to add an additional user ID entry. This way,
805 OpenSSL generated keys get a nicer and usable listing. */
806 for (n=0, p=name; hexdigitp (p) && hexdigitp (p+1); p +=2, n++)
810 buf = xtrymalloc (n+3);
812 return NULL; /* oops, out of core */
814 for (n=1, p=name; hexdigitp (p); p +=2, n++)
823 /* Note: We should move calculation of the digest into libksba and
824 remove that parameter */
826 _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
827 unsigned char *sha1_digest, int as_ephemeral)
837 blob = xtrycalloc (1, sizeof *blob);
839 return gpg_error_from_syserror ();
841 sn = ksba_cert_get_serial (cert);
845 n = gcry_sexp_canon_len (sn, 0, NULL, NULL);
849 return gpg_error (GPG_ERR_GENERAL);
851 blob->serialbuf = sn;
852 sn++; n--; /* skip '(' */
853 for (len=0; n && *sn && *sn != ':' && digitp (sn); n--, sn++)
854 len = len*10 + atoi_1 (sn);
857 xfree (blob->serialbuf);
858 blob->serialbuf = NULL;
859 return gpg_error (GPG_ERR_GENERAL);
863 blob->seriallen = len;
868 /* create list of names */
871 names = xtrymalloc (max_names * sizeof *names);
874 rc = gpg_error_from_syserror ();
878 p = ksba_cert_get_issuer (cert, 0);
881 rc = gpg_error (GPG_ERR_MISSING_VALUE);
884 names[blob->nuids++] = p;
885 for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
887 if (blob->nuids >= max_names)
892 tmp = xtryrealloc (names, max_names * sizeof *names);
895 rc = gpg_error_from_syserror ();
900 names[blob->nuids++] = p;
901 if (!i && (p=x509_email_kludge (p)))
902 names[blob->nuids++] = p; /* due to !i we don't need to check bounds*/
905 /* space for signature information */
908 blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
909 blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
910 blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
911 if (!blob->keys || !blob->uids || !blob->sigs)
913 rc = gpg_error (GPG_ERR_ENOMEM);
917 memcpy (blob->keys[0].fpr, sha1_digest, 20);
918 blob->keys[0].off_kid = 0; /* We don't have keyids */
919 blob->keys[0].flags = 0;
921 /* issuer and subject names */
922 for (i=0; i < blob->nuids; i++)
924 blob->uids[i].name = names[i];
925 blob->uids[i].len = strlen(names[i]);
927 blob->uids[i].flags = 0;
928 blob->uids[i].validity = 0;
934 blob->sigs[0] = 0; /* not yet checked */
936 /* Create a temporary buffer for further processing */
937 init_membuf (&blob->bufbuf, 1024);
938 blob->buf = &blob->bufbuf;
939 /* write out what we already have */
940 rc = create_blob_header (blob, KEYBOX_BLOBTYPE_X509, as_ephemeral);
943 rc = x509_create_blob_cert (blob, cert);
946 rc = create_blob_trailer (blob);
949 rc = create_blob_finish ( blob );
955 release_kid_list (blob->temp_kids);
956 blob->temp_kids = NULL;
959 for (i=0; i < blob->nuids; i++)
965 _keybox_release_blob (blob);
974 #endif /*KEYBOX_WITH_X509*/
979 _keybox_new_blob (KEYBOXBLOB *r_blob,
980 unsigned char *image, size_t imagelen, off_t off)
985 blob = xtrycalloc (1, sizeof *blob);
987 return gpg_error_from_syserror ();
990 blob->bloblen = imagelen;
991 blob->fileoffset = off;
998 _keybox_release_blob (KEYBOXBLOB blob)
1003 /* hmmm: release membuf here?*/
1004 xfree (blob->keys );
1005 xfree (blob->serialbuf);
1006 for (i=0; i < blob->nuids; i++)
1007 xfree (blob->uids[i].name);
1008 xfree (blob->uids );
1009 xfree (blob->sigs );
1010 xfree (blob->blob );
1016 const unsigned char *
1017 _keybox_get_blob_image ( KEYBOXBLOB blob, size_t *n )
1024 _keybox_get_blob_fileoffset (KEYBOXBLOB blob)
1026 return blob->fileoffset;
1032 _keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp)
1034 if (blob->bloblen >= 32 && blob->blob[4] == KEYBOX_BLOBTYPE_HEADER)
1036 u32 val = make_timestamp ();
1038 /* Update the last maintenance run times tamp. */
1039 blob->blob[20] = (val >> 24);
1040 blob->blob[20+1] = (val >> 16);
1041 blob->blob[20+2] = (val >> 8);
1042 blob->blob[20+3] = (val );
1045 blob->blob[7] |= 0x02; /* OpenPGP data may be available. */