1 /* keyid.c - key ID and fingerprint handling
2 * Copyright (C) 1998, 1999, 2000, 2001, 2003,
3 * 2004, 2006, 2010 Free Software Foundation, Inc.
4 * Copyright (C) 2014 Werner Koch
5 * Copyright (C) 2016 g10 Code GmbH
7 * This file is part of GnuPG.
9 * GnuPG is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * GnuPG is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <https://www.gnu.org/licenses/>.
41 #define KEYID_STR_SIZE 19
43 #ifdef HAVE_UNSIGNED_TIME_T
44 # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1))
46 /* Error or 32 bit time_t and value after 2038-01-19. */
47 # define IS_INVALID_TIME_T(a) ((a) < 0)
51 /* Return a letter describing the public key algorithms. */
53 pubkey_letter( int algo )
57 case PUBKEY_ALGO_RSA: return 'R' ;
58 case PUBKEY_ALGO_RSA_E: return 'r' ;
59 case PUBKEY_ALGO_RSA_S: return 's' ;
60 case PUBKEY_ALGO_ELGAMAL_E: return 'g' ;
61 case PUBKEY_ALGO_ELGAMAL: return 'G' ;
62 case PUBKEY_ALGO_DSA: return 'D' ;
63 case PUBKEY_ALGO_ECDH: return 'e' ; /* ECC DH (encrypt only) */
64 case PUBKEY_ALGO_ECDSA: return 'E' ; /* ECC DSA (sign only) */
65 case PUBKEY_ALGO_EDDSA: return 'E' ; /* ECC EdDSA (sign only) */
70 /* Return a string describing the public key algorithm and the
71 keysize. For elliptic curves the functions prints the name of the
72 curve because the keysize is a property of the curve. The string
73 is copied to the supplied buffer up a length of BUFSIZE-1.
74 Examples for the output are:
76 "rsa2048" - RSA with 2048 bit
77 "elg1024" - Elgamal with 1024 bit
78 "ed25519" - ECC using the curve Ed25519.
79 "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
80 "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
81 "unknown_N" - Unknown OpenPGP algorithm N.
83 If the option --legacy-list-mode is active, the output use the
86 "2048R" - RSA with 2048 bit
87 "1024g" - Elgamal with 1024 bit
88 "256E" - ECDSA using a curve with 256 bit
90 The macro PUBKEY_STRING_SIZE may be used to allocate a buffer with
93 pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
95 const char *prefix = NULL;
97 if (opt.legacy_list_mode)
99 snprintf (buffer, bufsize, "%4u%c",
100 nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo));
104 switch (pk->pubkey_algo)
106 case PUBKEY_ALGO_RSA:
107 case PUBKEY_ALGO_RSA_E:
108 case PUBKEY_ALGO_RSA_S: prefix = "rsa"; break;
109 case PUBKEY_ALGO_ELGAMAL_E: prefix = "elg"; break;
110 case PUBKEY_ALGO_DSA: prefix = "dsa"; break;
111 case PUBKEY_ALGO_ELGAMAL: prefix = "xxx"; break;
112 case PUBKEY_ALGO_ECDH:
113 case PUBKEY_ALGO_ECDSA:
114 case PUBKEY_ALGO_EDDSA: prefix = ""; break;
117 if (prefix && *prefix)
118 snprintf (buffer, bufsize, "%s%u", prefix, nbits_from_pk (pk));
121 char *curve = openpgp_oid_to_str (pk->pkey[0]);
122 const char *name = openpgp_oid_to_curve (curve, 0);
125 snprintf (buffer, bufsize, "%s", name);
127 snprintf (buffer, bufsize, "E_%s", curve);
129 snprintf (buffer, bufsize, "E_error");
133 snprintf (buffer, bufsize, "unknown_%u", (unsigned int)pk->pubkey_algo);
139 /* Hash a public key. This function is useful for v4 fingerprints and
140 for v3 or v4 key signing. */
142 hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
145 unsigned int nn[PUBKEY_MAX_NPKEY];
146 byte *pp[PUBKEY_MAX_NPKEY];
150 int npkey = pubkey_get_npkey (pk->pubkey_algo);
152 /* FIXME: We can avoid the extra malloc by calling only the first
153 mpi_print here which computes the required length and calling the
154 real mpi_print only at the end. The speed advantage would only be
155 for ECC (opaque MPIs) or if we could implement an mpi_print
156 variant with a callback handler to do the hashing. */
157 if (npkey==0 && pk->pkey[0]
158 && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
160 pp[0] = gcry_mpi_get_opaque (pk->pkey[0], &nbits);
166 for (i=0; i < npkey; i++ )
170 /* This case may only happen if the parsing of the MPI
171 failed but the key was anyway created. May happen
172 during "gpg KEYFILE". */
176 else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
180 p = gcry_mpi_get_opaque (pk->pkey[i], &nbits);
181 pp[i] = xmalloc ((nbits+7)/8);
183 memcpy (pp[i], p, (nbits+7)/8);
191 if (gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0,
192 &nbytes, pk->pkey[i]))
194 pp[i] = xmalloc (nbytes);
195 if (gcry_mpi_print (GCRYMPI_FMT_PGP, pp[i], nbytes,
196 &nbytes, pk->pkey[i]))
204 gcry_md_putc ( md, 0x99 ); /* ctb */
205 /* What does it mean if n is greater than than 0xFFFF ? */
206 gcry_md_putc ( md, n >> 8 ); /* 2 byte length header */
207 gcry_md_putc ( md, n );
208 gcry_md_putc ( md, pk->version );
210 gcry_md_putc ( md, pk->timestamp >> 24 );
211 gcry_md_putc ( md, pk->timestamp >> 16 );
212 gcry_md_putc ( md, pk->timestamp >> 8 );
213 gcry_md_putc ( md, pk->timestamp );
215 gcry_md_putc ( md, pk->pubkey_algo );
217 if(npkey==0 && pk->pkey[0]
218 && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
221 gcry_md_write (md, pp[0], nn[0]);
225 for(i=0; i < npkey; i++ )
228 gcry_md_write ( md, pp[i], nn[i] );
236 do_fingerprint_md( PKT_public_key *pk )
240 if (gcry_md_open (&md, DIGEST_ALGO_SHA1, 0))
242 hash_public_key(md,pk);
249 /* fixme: Check whether we can replace this function or if not
250 describe why we need it. */
252 v3_keyid (gcry_mpi_t a, u32 *ki)
257 if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, a ))
259 /* fixme: allocate it on the stack */
260 buffer = xmalloc (nbytes);
261 if (gcry_mpi_print( GCRYMPI_FMT_USG, buffer, nbytes, NULL, a ))
263 if (nbytes < 8) /* oops */
267 p = buffer + nbytes - 8;
268 ki[0] = buf32_to_u32 (p);
270 ki[1] = buf32_to_u32 (p);
277 /* Return PK's keyid. The memory is owned by PK. */
279 pk_keyid (PKT_public_key *pk)
281 keyid_from_pk (pk, NULL);
283 /* Uncomment this for help tracking down bugs related to keyid or
284 main_keyid not being set correctly. */
286 if (! (pk->main_keyid[0] || pk->main_keyid[1]))
287 log_bug ("pk->main_keyid not set!\n");
288 if (keyid_cmp (pk->keyid, pk->main_keyid) == 0
289 && ! pk->flags.primary)
290 log_bug ("keyid and main_keyid are the same, but primary flag not set!\n");
291 if (keyid_cmp (pk->keyid, pk->main_keyid) != 0
292 && pk->flags.primary)
293 log_bug ("keyid and main_keyid are different, but primary flag set!\n");
299 /* Return the keyid of the primary key associated with PK. The memory
302 pk_main_keyid (PKT_public_key *pk)
304 /* Uncomment this for help tracking down bugs related to keyid or
305 main_keyid not being set correctly. */
307 if (! (pk->main_keyid[0] || pk->main_keyid[1]))
308 log_bug ("pk->main_keyid not set!\n");
311 return pk->main_keyid;
314 /* Copy the keyid in SRC to DEST and return DEST. */
316 keyid_copy (u32 *dest, const u32 *src)
324 format_keyid (u32 *keyid, int format, char *buffer, int len)
326 char tmp[KEYID_STR_SIZE];
333 if (format == KF_DEFAULT)
334 format = opt.keyid_format;
335 if (format == KF_DEFAULT)
346 snprintf (buffer, len, "%08lX", (ulong)keyid[1]);
350 snprintf (buffer, len, "%08lX%08lX", (ulong)keyid[0], (ulong)keyid[1]);
354 snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]);
358 snprintf (buffer, len, "0x%08lX%08lX", (ulong)keyid[0],(ulong)keyid[1]);
366 return xstrdup (buffer);
373 int format = opt.keyid_format;
374 if (format == KF_DEFAULT)
403 static char keyid_str[KEYID_STR_SIZE];
404 int format = opt.keyid_format;
406 if (format == KF_DEFAULT)
408 if (format == KF_NONE)
411 return format_keyid (keyid, format, keyid_str, sizeof (keyid_str));
414 /* This function returns the key id of the main and possible the
415 * subkey as one string. It is used by error messages. */
417 keystr_with_sub (u32 *main_kid, u32 *sub_kid)
419 static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE];
421 int format = opt.keyid_format;
423 if (format == KF_NONE)
426 format_keyid (main_kid, format, buffer, KEYID_STR_SIZE);
429 p = buffer + strlen (buffer);
431 format_keyid (sub_kid, format, p, KEYID_STR_SIZE);
438 keystr_from_pk(PKT_public_key *pk)
440 keyid_from_pk(pk,NULL);
442 return keystr(pk->keyid);
447 keystr_from_pk_with_sub (PKT_public_key *main_pk, PKT_public_key *sub_pk)
449 keyid_from_pk (main_pk, NULL);
451 keyid_from_pk (sub_pk, NULL);
453 return keystr_with_sub (main_pk->keyid, sub_pk? sub_pk->keyid:NULL);
457 /* Return PK's key id as a string using the default format. PK owns
460 pk_keyid_str (PKT_public_key *pk)
462 return keystr (pk_keyid (pk));
467 keystr_from_desc(KEYDB_SEARCH_DESC *desc)
471 case KEYDB_SEARCH_MODE_LONG_KID:
472 case KEYDB_SEARCH_MODE_SHORT_KID:
473 return keystr(desc->u.kid);
475 case KEYDB_SEARCH_MODE_FPR20:
479 keyid[0] = buf32_to_u32 (desc->u.fpr+12);
480 keyid[1] = buf32_to_u32 (desc->u.fpr+16);
481 return keystr(keyid);
484 case KEYDB_SEARCH_MODE_FPR16:
494 * Get the keyid from the public key and put it into keyid
495 * if this is not NULL. Return the 32 low bits of the keyid.
498 keyid_from_pk (PKT_public_key *pk, u32 *keyid)
506 if( pk->keyid[0] || pk->keyid[1] )
508 keyid[0] = pk->keyid[0];
509 keyid[1] = pk->keyid[1];
517 md = do_fingerprint_md(pk);
520 dp = gcry_md_read ( md, 0 );
521 keyid[0] = buf32_to_u32 (dp+12);
522 keyid[1] = buf32_to_u32 (dp+16);
525 pk->keyid[0] = keyid[0];
526 pk->keyid[1] = keyid[1];
529 pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
537 * Get the keyid from the fingerprint. This function is simple for most
538 * keys, but has to do a keylookup for old stayle keys.
541 keyid_from_fingerprint( const byte *fprint, size_t fprint_len, u32 *keyid )
548 if (fprint_len != 20)
550 /* This is special as we have to lookup the key first. */
554 memset (&pk, 0, sizeof pk);
555 rc = get_pubkey_byfprint (&pk, NULL, fprint, fprint_len);
558 log_error("Oops: keyid_from_fingerprint: no pubkey\n");
563 keyid_from_pk (&pk, keyid);
567 const byte *dp = fprint;
568 keyid[0] = buf32_to_u32 (dp+12);
569 keyid[1] = buf32_to_u32 (dp+16);
577 keyid_from_sig (PKT_signature *sig, u32 *keyid)
581 keyid[0] = sig->keyid[0];
582 keyid[1] = sig->keyid[1];
584 return sig->keyid[1];
589 namehash_from_uid (PKT_user_id *uid)
593 uid->namehash = xmalloc (20);
595 if (uid->attrib_data)
596 rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len);
598 rmd160_hash_buffer (uid->namehash, uid->name, uid->len);
601 return uid->namehash;
606 * Return the number of bits used in PK.
609 nbits_from_pk (PKT_public_key *pk)
611 return pubkey_nbits (pk->pubkey_algo, pk->pkey);
616 mk_datestr (char *buffer, time_t atime)
620 if (IS_INVALID_TIME_T (atime))
621 strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */
624 tp = gmtime (&atime);
625 sprintf (buffer,"%04d-%02d-%02d",
626 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
633 * return a string with the creation date of the pk
634 * Note: this is alloced in a static buffer.
635 * Format is: yyyy-mm-dd
638 datestr_from_pk (PKT_public_key *pk)
640 static char buffer[11+5];
641 time_t atime = pk->timestamp;
643 return mk_datestr (buffer, atime);
648 datestr_from_sig (PKT_signature *sig )
650 static char buffer[11+5];
651 time_t atime = sig->timestamp;
653 return mk_datestr (buffer, atime);
658 expirestr_from_pk (PKT_public_key *pk)
660 static char buffer[11+5];
665 atime = pk->expiredate;
666 return mk_datestr (buffer, atime);
671 expirestr_from_sig (PKT_signature *sig)
673 static char buffer[11+5];
676 if (!sig->expiredate)
678 atime=sig->expiredate;
679 return mk_datestr (buffer, atime);
684 revokestr_from_pk( PKT_public_key *pk )
686 static char buffer[11+5];
689 if(!pk->revoked.date)
691 atime=pk->revoked.date;
692 return mk_datestr (buffer, atime);
697 usagestr_from_pk (PKT_public_key *pk, int fill)
699 static char buffer[10];
701 unsigned int use = pk->pubkey_usage;
703 if ( use & PUBKEY_USAGE_SIG )
706 if ( use & PUBKEY_USAGE_CERT )
709 if ( use & PUBKEY_USAGE_ENC )
712 if ( (use & PUBKEY_USAGE_AUTH) )
715 while (fill && i < 4)
724 colon_strtime (u32 t)
730 snprintf (buf, sizeof buf, "%lu", (ulong)t);
735 colon_datestr_from_pk (PKT_public_key *pk)
739 snprintf (buf, sizeof buf, "%lu", (ulong)pk->timestamp);
745 colon_datestr_from_sig (PKT_signature *sig)
749 snprintf (buf, sizeof buf, "%lu", (ulong)sig->timestamp);
754 colon_expirestr_from_sig (PKT_signature *sig)
758 if (!sig->expiredate)
761 snprintf (buf, sizeof buf,"%lu", (ulong)sig->expiredate);
767 * Return a byte array with the fingerprint for the given PK/SK
768 * The length of the array is returned in ret_len. Caller must free
769 * the array or provide an array of length MAX_FINGERPRINT_LEN.
772 fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
778 md = do_fingerprint_md(pk);
779 dp = gcry_md_read( md, 0 );
780 len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
781 log_assert( len <= MAX_FINGERPRINT_LEN );
783 array = xmalloc ( len );
784 memcpy (array, dp, len );
785 pk->keyid[0] = buf32_to_u32 (dp+12);
786 pk->keyid[1] = buf32_to_u32 (dp+16);
795 /* Return an allocated buffer with the fingerprint of PK formatted as
796 a plain hexstring. If BUFFER is NULL the result is a malloc'd
797 string. If BUFFER is not NULL the result will be copied into this
798 buffer. In the latter case BUFLEN describes the length of the
799 buffer; if this is too short the function terminates the process.
800 Returns a malloc'ed string or BUFFER. A suitable length for BUFFER
801 is (2*MAX_FINGERPRINT_LEN + 1). */
803 hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen)
805 unsigned char fpr[MAX_FINGERPRINT_LEN];
808 fingerprint_from_pk (pk, fpr, &len);
810 buffer = xmalloc (2 * len + 1);
811 else if (buflen < 2*len+1)
812 log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen);
813 bin2hex (fpr, len, buffer);
818 /* Pretty print a hex fingerprint. If BUFFER is NULL the result is a
819 malloc'd string. If BUFFER is not NULL the result will be copied
820 into this buffer. In the latter case BUFLEN describes the length
821 of the buffer; if this is too short the function terminates the
822 process. Returns a malloc'ed string or BUFFER. A suitable length
823 for BUFFER is (MAX_FORMATTED_FINGERPRINT_LEN + 1). */
825 format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
827 int hexlen = strlen (fingerprint);
831 if (hexlen == 40) /* v4 fingerprint */
833 space = (/* The characters and the NUL. */
835 /* After every fourth character, we add a space (except
838 /* Half way through we add a second space. */
841 else /* Other fingerprint versions - print as is. */
847 buffer = xmalloc (space);
848 else if (buflen < space)
849 log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen);
851 if (hexlen == 40) /* v4 fingerprint */
853 for (i = 0, j = 0; i < 40; i ++)
860 buffer[j ++] = fingerprint[i];
863 log_assert (j == space);
867 strcpy (buffer, fingerprint);
875 /* Return the so called KEYGRIP which is the SHA-1 hash of the public
876 key parameters expressed as an canoncial encoded S-Exp. ARRAY must
877 be 20 bytes long. Returns 0 on success or an error code. */
879 keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
885 log_debug ("get_keygrip for public key\n");
887 switch (pk->pubkey_algo)
890 err = gcry_sexp_build (&s_pkey, NULL,
891 "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
892 pk->pkey[0], pk->pkey[1],
893 pk->pkey[2], pk->pkey[3]);
898 err = gcry_sexp_build (&s_pkey, NULL,
899 "(public-key(elg(p%m)(g%m)(y%m)))",
900 pk->pkey[0], pk->pkey[1], pk->pkey[2]);
906 err = gcry_sexp_build (&s_pkey, NULL,
907 "(public-key(rsa(n%m)(e%m)))",
908 pk->pkey[0], pk->pkey[1]);
911 case PUBKEY_ALGO_EDDSA:
912 case PUBKEY_ALGO_ECDSA:
913 case PUBKEY_ALGO_ECDH:
915 char *curve = openpgp_oid_to_str (pk->pkey[0]);
917 err = gpg_error_from_syserror ();
920 err = gcry_sexp_build (&s_pkey, NULL,
921 pk->pubkey_algo == PUBKEY_ALGO_EDDSA?
922 "(public-key(ecc(curve%s)(flags eddsa)(q%m)))":
923 (pk->pubkey_algo == PUBKEY_ALGO_ECDH
924 && openpgp_oid_is_cv25519 (pk->pkey[0]))?
925 "(public-key(ecc(curve%s)(flags djb-tweak)(q%m)))":
926 "(public-key(ecc(curve%s)(q%m)))",
934 err = gpg_error (GPG_ERR_PUBKEY_ALGO);
941 if (!gcry_pk_get_keygrip (s_pkey, array))
943 log_info ("error computing keygrip\n");
944 memset (array, 0, 20);
945 err = gpg_error (GPG_ERR_GENERAL);
950 log_printhex ("keygrip=", array, 20);
951 /* FIXME: Save the keygrip in PK. */
953 gcry_sexp_release (s_pkey);
959 /* Store an allocated buffer with the keygrip of PK encoded as a
960 hexstring at r_GRIP. Returns 0 on success. */
962 hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip)
965 unsigned char grip[20];
968 err = keygrip_from_pk (pk, grip);
971 char * buf = xtrymalloc (20*2+1);
973 err = gpg_error_from_syserror ();
976 bin2hex (grip, 20, buf);