1 /* keybox-blob.c - KBX Blob handling
2 * Copyright (C) 2000, 2001, 2002, 2003, 2008 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <https://www.gnu.org/licenses/>.
21 * The keybox data format
23 The KeyBox uses an augmented OpenPGP/X.509 key format. This makes
24 random access to a keyblock/certificate easier and also gives the
25 opportunity to store additional information (e.g. the fingerprint)
26 along with the key. All integers are stored in network byte order,
27 offsets are counted from the beginning of the Blob.
29 ** Overview of blob types
31 | Byte 4 | Blob type |
32 |--------+--------------|
40 The first blob of a plain KBX file has a special format:
42 - u32 Length of this blob
44 - byte Version number (1)
47 bit 1 - Is being or has been used for OpenPGP blobs
51 - u32 last_maintenance_run
55 ** The OpenPGP and X.509 blobs
57 The OpenPGP and X.509 blobs are very similar, things which are
58 X.509 specific are noted like [X.509: xxx]
60 - u32 Length of this blob (including these 4 bytes)
64 - byte Version number of this blob type
65 1 = The only defined value
67 bit 0 = contains secret key material (not used)
68 bit 1 = ephemeral blob (e.g. used while quering external resources)
69 - u32 Offset to the OpenPGP keyblock or the X.509 DER encoded
71 - u32 The length of the keyblock or certificate
72 - u16 [NKEYS] Number of keys (at least 1!) [X509: always 1]
73 - u16 Size of the key information structure (at least 28).
75 - b20 The fingerprint of the key.
76 Fingerprints are always 20 bytes, MD5 left padded with zeroes.
77 - u32 Offset to the n-th key's keyID (a keyID is always 8 byte)
78 or 0 if not known which is the case only for X.509.
80 bit 0 = qualified signature (not yet implemented}
82 - bN Optional filler up to the specified length of this
84 - u16 Size of the serial number (may be zero)
85 - bN The serial number. N as giiven above.
86 - u16 Number of user IDs
87 - u16 [NUIDS] Size of user ID information structure
90 For X509, the first user ID is the Issuer, the second the
91 Subject and the others are subjectAltNames. For OpenPGP we only
92 store the information from UserID packets here.
94 - u32 Blob offset to the n-th user ID
95 - u32 Length of this user ID.
101 - u16 [NSIGS] Number of signatures
102 - u16 Size of signature information (4)
104 - u32 Expiration time of signature with some special values:
105 - 0x00000000 = not checked
106 - 0x00000001 = missing key
107 - 0x00000002 = bad signature
108 - 0x10000000 = valid and expires at some date in 1978.
109 - 0xffffffff = valid and does not expire
110 - u8 Assigned ownertrust [X509: not used]
112 OpenPGP: See ../g10/trustdb/TRUST_* [not yet used]
113 X509: Bit 4 set := key has been revoked.
114 Note that this value matches TRUST_FLAG_REVOKED
117 - u32 Latest timestamp in the keyblock (useful for KS syncronsiation?)
118 - u32 Blob created at
119 - u32 [NRES] Size of reserved space (not including this field)
120 - bN Reserved space of size NRES for future use.
121 - bN Arbitrary space for example used to store data which is not
122 part of the keyblock or certificate. For example the v3 key
124 - bN Space for the keyblock or certificate.
125 - bN RFU. This is the remaining space after keyblock and before
126 the checksum. Is is not covered by the checksum.
127 - b20 SHA-1 checksum (useful for KS syncronisation?)
128 Note, that KBX versions before GnuPG 2.1 used an MD5
129 checksum. However it was only created but never checked.
130 Thus we do not expect problems if we switch to SHA-1. If
131 the checksum fails and the first 4 bytes are zero, we can
132 try again with MD5. SHA-1 has the advantage that it is
133 faster on CPUs with dedicated SHA-1 support.
147 #include "keybox-defs.h"
150 #ifdef KEYBOX_WITH_X509
155 #include "../common/gettime.h"
158 /* special values of the signature status */
159 #define SF_NONE(a) ( !(a) )
160 #define SF_NOKEY(a) ((a) & (1<<0))
161 #define SF_BAD(a) ((a) & (1<<1))
162 #define SF_VALID(a) ((a) & (1<<29))
173 /* #if MAX_FINGERPRINT_LEN < 20 */
174 /* #error fingerprints are 20 bytes */
177 struct keyboxblob_key {
183 struct keyboxblob_uid {
186 char *name; /* used only with x509 */
193 struct keyid_list *next;
199 struct fixup_list *next;
210 /* stuff used only by keybox_create_blob */
211 unsigned char *serialbuf;
212 const unsigned char *serial;
215 struct keyboxblob_key *keys;
217 struct keyboxblob_uid *uids;
220 struct fixup_list *fixups;
221 int fixup_out_of_core;
223 struct keyid_list *temp_kids;
224 struct membuf bufbuf; /* temporary store for the blob */
230 /* A simple implemention of a dynamic buffer. Use init_membuf() to
231 create a buffer, put_membuf to append bytes and get_membuf to
232 release and return the buffer. Allocation errors are detected but
233 only returned at the final get_membuf(), this helps not to clutter
234 the code with out of core checks. */
237 init_membuf (struct membuf *mb, int initiallen)
240 mb->size = initiallen;
242 mb->buf = xtrymalloc (initiallen);
248 put_membuf (struct membuf *mb, const void *buf, size_t len)
253 if (mb->len + len >= mb->size)
257 mb->size += len + 1024;
258 p = xtryrealloc (mb->buf, mb->size);
267 memcpy (mb->buf + mb->len, buf, len);
269 memset (mb->buf + mb->len, 0, len);
274 get_membuf (struct membuf *mb, size_t *len)
288 mb->out_of_core = 1; /* don't allow a reuse */
294 put8 (struct membuf *mb, byte a )
296 put_membuf (mb, &a, 1);
300 put16 (struct membuf *mb, u16 a )
302 unsigned char tmp[2];
305 put_membuf (mb, tmp, 2);
309 put32 (struct membuf *mb, u32 a )
311 unsigned char tmp[4];
316 put_membuf (mb, tmp, 4);
321 /* Store a value in the fixup list */
323 add_fixup (KEYBOXBLOB blob, u32 off, u32 val)
325 struct fixup_list *fl;
327 if (blob->fixup_out_of_core)
330 fl = xtrycalloc(1, sizeof *fl);
332 blob->fixup_out_of_core = 1;
337 fl->next = blob->fixups;
345 OpenPGP specific stuff
349 /* We must store the keyid at some place because we can't calculate
350 the offset yet. This is only used for v3 keyIDs. Function returns
351 an index value for later fixup or -1 for out of core. The value
352 must be a non-zero value. */
354 pgp_temp_store_kid (KEYBOXBLOB blob, struct _keybox_openpgp_key_info *kinfo)
356 struct keyid_list *k, *r;
358 k = xtrymalloc (sizeof *k);
361 memcpy (k->kid, kinfo->keyid, 8);
363 k->next = blob->temp_kids;
365 for (r=k; r; r = r->next)
372 /* Helper for pgp_create_key_part. */
374 pgp_create_key_part_single (KEYBOXBLOB blob, int n,
375 struct _keybox_openpgp_key_info *kinfo)
380 fprlen = kinfo->fprlen;
383 memcpy (blob->keys[n].fpr, kinfo->fpr, fprlen);
384 if (fprlen != 20) /* v3 fpr - shift right and fill with zeroes. */
386 memmove (blob->keys[n].fpr + 20 - fprlen, blob->keys[n].fpr, fprlen);
387 memset (blob->keys[n].fpr, 0, 20 - fprlen);
388 off = pgp_temp_store_kid (blob, kinfo);
390 return gpg_error_from_syserror ();
391 blob->keys[n].off_kid = off;
394 blob->keys[n].off_kid = 0; /* Will be fixed up later */
395 blob->keys[n].flags = 0;
401 pgp_create_key_part (KEYBOXBLOB blob, keybox_openpgp_info_t info)
405 struct _keybox_openpgp_key_info *kinfo;
407 err = pgp_create_key_part_single (blob, n++, &info->primary);
411 for (kinfo = &info->subkeys; kinfo; kinfo = kinfo->next)
412 if ((err=pgp_create_key_part_single (blob, n++, kinfo)))
415 assert (n == blob->nkeys);
421 pgp_create_uid_part (KEYBOXBLOB blob, keybox_openpgp_info_t info)
424 struct _keybox_openpgp_uid_info *u;
428 for (u = &info->uids; u; u = u->next)
430 blob->uids[n].off = u->off;
431 blob->uids[n].len = u->len;
432 blob->uids[n].flags = 0;
433 blob->uids[n].validity = 0;
438 assert (n == blob->nuids);
443 pgp_create_sig_part (KEYBOXBLOB blob, u32 *sigstatus)
447 for (n=0; n < blob->nsigs; n++)
449 blob->sigs[n] = sigstatus? sigstatus[n+1] : 0;
455 pgp_create_blob_keyblock (KEYBOXBLOB blob,
456 const unsigned char *image, size_t imagelen)
458 struct membuf *a = blob->buf;
460 u32 kbstart = a->len;
462 add_fixup (blob, 8, kbstart);
464 for (n = 0; n < blob->nuids; n++)
465 add_fixup (blob, blob->uids[n].off_addr, kbstart + blob->uids[n].off);
467 put_membuf (a, image, imagelen);
469 add_fixup (blob, 12, a->len - kbstart);
475 #ifdef KEYBOX_WITH_X509
480 /* Write the raw certificate out */
482 x509_create_blob_cert (KEYBOXBLOB blob, ksba_cert_t cert)
484 struct membuf *a = blob->buf;
485 const unsigned char *image;
487 u32 kbstart = a->len;
489 /* Store our offset for later fixup */
490 add_fixup (blob, 8, kbstart);
492 image = ksba_cert_get_image (cert, &length);
494 return gpg_error (GPG_ERR_GENERAL);
495 put_membuf (a, image, length);
497 add_fixup (blob, 12, a->len - kbstart);
501 #endif /*KEYBOX_WITH_X509*/
503 /* Write a stored keyID out to the buffer */
505 write_stored_kid (KEYBOXBLOB blob, int seqno)
507 struct keyid_list *r;
509 for ( r = blob->temp_kids; r; r = r->next )
511 if (r->seqno == seqno )
513 put_membuf (blob->buf, r->kid, 8);
520 /* Release a list of key IDs */
522 release_kid_list (struct keyid_list *kl)
524 struct keyid_list *r, *r2;
526 for ( r = kl; r; r = r2 )
536 create_blob_header (KEYBOXBLOB blob, int blobtype, int as_ephemeral)
538 struct membuf *a = blob->buf;
541 put32 ( a, 0 ); /* blob length, needs fixup */
543 put8 ( a, 1 ); /* blob type version */
544 put16 ( a, as_ephemeral? 2:0 ); /* blob flags */
546 put32 ( a, 0 ); /* offset to the raw data, needs fixup */
547 put32 ( a, 0 ); /* length of the raw data, needs fixup */
549 put16 ( a, blob->nkeys );
550 put16 ( a, 20 + 4 + 2 + 2 ); /* size of key info */
551 for ( i=0; i < blob->nkeys; i++ )
553 put_membuf (a, blob->keys[i].fpr, 20);
554 blob->keys[i].off_kid_addr = a->len;
555 put32 ( a, 0 ); /* offset to keyid, fixed up later */
556 put16 ( a, blob->keys[i].flags );
557 put16 ( a, 0 ); /* reserved */
560 put16 (a, blob->seriallen); /*fixme: check that it fits into 16 bits*/
562 put_membuf (a, blob->serial, blob->seriallen);
564 put16 ( a, blob->nuids );
565 put16 ( a, 4 + 4 + 2 + 1 + 1 ); /* size of uid info */
566 for (i=0; i < blob->nuids; i++)
568 blob->uids[i].off_addr = a->len;
569 put32 ( a, 0 ); /* offset to userid, fixed up later */
570 put32 ( a, blob->uids[i].len );
571 put16 ( a, blob->uids[i].flags );
572 put8 ( a, 0 ); /* validity */
573 put8 ( a, 0 ); /* reserved */
576 put16 ( a, blob->nsigs );
577 put16 ( a, 4 ); /* size of sig info */
578 for (i=0; i < blob->nsigs; i++)
580 put32 ( a, blob->sigs[i]);
583 put8 ( a, 0 ); /* assigned ownertrust */
584 put8 ( a, 0 ); /* validity of all user IDs */
585 put16 ( a, 0 ); /* reserved */
586 put32 ( a, 0 ); /* time of next recheck */
587 put32 ( a, 0 ); /* newest timestamp (none) */
588 put32 ( a, make_timestamp() ); /* creation time */
589 put32 ( a, 0 ); /* size of reserved space */
590 /* reserved space (which is currently of size 0) */
592 /* space where we write keyIDs and and other stuff so that the
593 pointers can actually point to somewhere */
594 if (blobtype == KEYBOX_BLOBTYPE_PGP)
596 /* We need to store the keyids for all pgp v3 keys because those key
597 IDs are not part of the fingerprint. While we are doing that, we
598 fixup all the keyID offsets */
599 for (i=0; i < blob->nkeys; i++ )
601 if (blob->keys[i].off_kid)
602 { /* this is a v3 one */
603 add_fixup (blob, blob->keys[i].off_kid_addr, a->len);
604 write_stored_kid (blob, blob->keys[i].off_kid);
607 { /* the better v4 key IDs - just store an offset 8 bytes back */
608 add_fixup (blob, blob->keys[i].off_kid_addr,
609 blob->keys[i].off_kid_addr - 8);
614 if (blobtype == KEYBOX_BLOBTYPE_X509)
616 /* We don't want to point to ASN.1 encoded UserIDs (DNs) but to
617 the utf-8 string represenation of them */
618 for (i=0; i < blob->nuids; i++ )
620 if (blob->uids[i].name)
621 { /* this is a v3 one */
622 add_fixup (blob, blob->uids[i].off_addr, a->len);
623 put_membuf (blob->buf, blob->uids[i].name, blob->uids[i].len);
634 create_blob_trailer (KEYBOXBLOB blob)
642 create_blob_finish (KEYBOXBLOB blob)
644 struct membuf *a = blob->buf;
649 /* Write a placeholder for the checksum */
650 put_membuf (a, NULL, 20);
652 /* get the memory area */
653 n = 0; /* (Just to avoid compiler warning.) */
654 p = get_membuf (a, &n);
656 return gpg_error (GPG_ERR_ENOMEM);
659 /* fixup the length */
660 add_fixup (blob, 0, n);
663 if (blob->fixup_out_of_core)
666 return gpg_error (GPG_ERR_ENOMEM);
670 struct fixup_list *fl, *next;
671 for (fl = blob->fixups; fl; fl = next)
673 assert (fl->off+4 <= n);
674 p[fl->off+0] = fl->val >> 24;
675 p[fl->off+1] = fl->val >> 16;
676 p[fl->off+2] = fl->val >> 8;
677 p[fl->off+3] = fl->val;
684 /* Compute and store the SHA-1 checksum. */
685 gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 20);
691 return gpg_error_from_syserror ();
704 _keybox_create_openpgp_blob (KEYBOXBLOB *r_blob,
705 keybox_openpgp_info_t info,
706 const unsigned char *image,
716 /* If we have a signature status vector, check that the number of
717 elements matches the actual number of signatures. */
718 if (sigstatus && sigstatus[0] != info->nsigs)
719 return gpg_error (GPG_ERR_INTERNAL);
721 blob = xtrycalloc (1, sizeof *blob);
723 return gpg_error_from_syserror ();
725 blob->nkeys = 1 + info->nsubkeys;
726 blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
729 err = gpg_error_from_syserror ();
733 blob->nuids = info->nuids;
736 blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
739 err = gpg_error_from_syserror ();
744 blob->nsigs = info->nsigs;
747 blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
750 err = gpg_error_from_syserror ();
755 err = pgp_create_key_part (blob, info);
758 pgp_create_uid_part (blob, info);
759 pgp_create_sig_part (blob, sigstatus);
761 init_membuf (&blob->bufbuf, 1024);
762 blob->buf = &blob->bufbuf;
763 err = create_blob_header (blob, KEYBOX_BLOBTYPE_PGP, as_ephemeral);
766 err = pgp_create_blob_keyblock (blob, image, imagelen);
769 err = create_blob_trailer (blob);
772 err = create_blob_finish (blob);
777 release_kid_list (blob->temp_kids);
778 blob->temp_kids = NULL;
780 _keybox_release_blob (blob);
787 #ifdef KEYBOX_WITH_X509
789 /* Return an allocated string with the email address extracted from a
790 DN. Note hat we use this code also in ../sm/keylist.c. */
792 x509_email_kludge (const char *name)
794 const char *p, *string;
801 p = strstr (string, "1.2.840.113549.1.9.1=#");
804 if (p == name || (p > string+1 && p[-1] == ',' && p[-2] != '\\'))
813 /* This looks pretty much like an email address in the subject's DN
814 we use this to add an additional user ID entry. This way,
815 OpenSSL generated keys get a nicer and usable listing. */
816 for (n=0, p=name; hexdigitp (p) && hexdigitp (p+1); p +=2, n++)
820 buf = xtrymalloc (n+3);
822 return NULL; /* oops, out of core */
824 for (n=1, p=name; hexdigitp (p); p +=2, n++)
833 /* Note: We should move calculation of the digest into libksba and
834 remove that parameter */
836 _keybox_create_x509_blob (KEYBOXBLOB *r_blob, ksba_cert_t cert,
837 unsigned char *sha1_digest, int as_ephemeral)
847 blob = xtrycalloc (1, sizeof *blob);
849 return gpg_error_from_syserror ();
851 sn = ksba_cert_get_serial (cert);
855 n = gcry_sexp_canon_len (sn, 0, NULL, NULL);
859 return gpg_error (GPG_ERR_GENERAL);
861 blob->serialbuf = sn;
862 sn++; n--; /* skip '(' */
863 for (len=0; n && *sn && *sn != ':' && digitp (sn); n--, sn++)
864 len = len*10 + atoi_1 (sn);
867 xfree (blob->serialbuf);
868 blob->serialbuf = NULL;
869 return gpg_error (GPG_ERR_GENERAL);
873 blob->seriallen = len;
878 /* create list of names */
881 names = xtrymalloc (max_names * sizeof *names);
884 rc = gpg_error_from_syserror ();
888 p = ksba_cert_get_issuer (cert, 0);
891 rc = gpg_error (GPG_ERR_MISSING_VALUE);
894 names[blob->nuids++] = p;
895 for (i=0; (p = ksba_cert_get_subject (cert, i)); i++)
897 if (blob->nuids >= max_names)
902 tmp = xtryrealloc (names, max_names * sizeof *names);
905 rc = gpg_error_from_syserror ();
910 names[blob->nuids++] = p;
911 if (!i && (p=x509_email_kludge (p)))
912 names[blob->nuids++] = p; /* due to !i we don't need to check bounds*/
915 /* space for signature information */
918 blob->keys = xtrycalloc (blob->nkeys, sizeof *blob->keys );
919 blob->uids = xtrycalloc (blob->nuids, sizeof *blob->uids );
920 blob->sigs = xtrycalloc (blob->nsigs, sizeof *blob->sigs );
921 if (!blob->keys || !blob->uids || !blob->sigs)
923 rc = gpg_error (GPG_ERR_ENOMEM);
927 memcpy (blob->keys[0].fpr, sha1_digest, 20);
928 blob->keys[0].off_kid = 0; /* We don't have keyids */
929 blob->keys[0].flags = 0;
931 /* issuer and subject names */
932 for (i=0; i < blob->nuids; i++)
934 blob->uids[i].name = names[i];
935 blob->uids[i].len = strlen(names[i]);
937 blob->uids[i].flags = 0;
938 blob->uids[i].validity = 0;
944 blob->sigs[0] = 0; /* not yet checked */
946 /* Create a temporary buffer for further processing */
947 init_membuf (&blob->bufbuf, 1024);
948 blob->buf = &blob->bufbuf;
949 /* write out what we already have */
950 rc = create_blob_header (blob, KEYBOX_BLOBTYPE_X509, as_ephemeral);
953 rc = x509_create_blob_cert (blob, cert);
956 rc = create_blob_trailer (blob);
959 rc = create_blob_finish ( blob );
965 release_kid_list (blob->temp_kids);
966 blob->temp_kids = NULL;
969 for (i=0; i < blob->nuids; i++)
975 _keybox_release_blob (blob);
984 #endif /*KEYBOX_WITH_X509*/
989 _keybox_new_blob (KEYBOXBLOB *r_blob,
990 unsigned char *image, size_t imagelen, off_t off)
995 blob = xtrycalloc (1, sizeof *blob);
997 return gpg_error_from_syserror ();
1000 blob->bloblen = imagelen;
1001 blob->fileoffset = off;
1008 _keybox_release_blob (KEYBOXBLOB blob)
1016 xfree (get_membuf (blob->buf, &len));
1018 xfree (blob->keys );
1019 xfree (blob->serialbuf);
1020 for (i=0; i < blob->nuids; i++)
1021 xfree (blob->uids[i].name);
1022 xfree (blob->uids );
1023 xfree (blob->sigs );
1024 xfree (blob->blob );
1030 const unsigned char *
1031 _keybox_get_blob_image ( KEYBOXBLOB blob, size_t *n )
1038 _keybox_get_blob_fileoffset (KEYBOXBLOB blob)
1040 return blob->fileoffset;
1046 _keybox_update_header_blob (KEYBOXBLOB blob, int for_openpgp)
1048 if (blob->bloblen >= 32 && blob->blob[4] == KEYBOX_BLOBTYPE_HEADER)
1050 u32 val = make_timestamp ();
1052 /* Update the last maintenance run times tamp. */
1053 blob->blob[20] = (val >> 24);
1054 blob->blob[20+1] = (val >> 16);
1055 blob->blob[20+2] = (val >> 8);
1056 blob->blob[20+3] = (val );
1059 blob->blob[7] |= 0x02; /* OpenPGP data may be available. */