search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Improved detection of bad/invalid signer keys.
[gnupg.git] / kbx / kbxutil.c
blob459281110d2d5a1f5f3b0f484dac10b66aad4264
1 /* kbxutil.c - The Keybox utility
2 * Copyright (C) 2000, 2001, 2004, 2007 Free Software Foundation, Inc.
3 *
4 * This file is part of GnuPG.
5 *
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #include <config.h>
21 #include <errno.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <ctype.h>
26 #include <sys/stat.h>
27 #include <unistd.h>
28 #include <limits.h>
29 #include <assert.h>
30
31 #define JNLIB_NEED_LOG_LOGV
32 #include "../jnlib/logging.h"
33 #include "../jnlib/argparse.h"
34 #include "../jnlib/stringhelp.h"
35 #include "../jnlib/utf8conv.h"
36 #include "i18n.h"
37 #include "init.h"
38 #include "keybox-defs.h"
39
40 #include <gcrypt.h>
41
42 enum cmd_and_opt_values {
43 aNull = 0,
44 oArmor = 'a',
45 oDryRun = 'n',
46 oOutput = 'o',
47 oQuiet = 'q',
48 oVerbose = 'v',
49
50 aNoSuchCmd = 500, /* force other values not to be a letter */
51 aFindByFpr,
52 aFindByKid,
53 aFindByUid,
54 aStats,
55 aImportOpenPGP,
56 aFindDups,
57 aCut,
58
59 oDebug,
60 oDebugAll,
61
62 oNoArmor,
63 oFrom,
64 oTo,
65
66 aTest
67 };
68
69
70 static ARGPARSE_OPTS opts[] = {
71 { 300, NULL, 0, N_("@Commands:\n ") },
72
73 /* { aFindByFpr, "find-by-fpr", 0, "|FPR| find key using it's fingerprnt" }, */
74 /* { aFindByKid, "find-by-kid", 0, "|KID| find key using it's keyid" }, */
75 /* { aFindByUid, "find-by-uid", 0, "|NAME| find key by user name" }, */
76 { aStats, "stats", 0, "show key statistics" },
77 { aImportOpenPGP, "import-openpgp", 0, "import OpenPGP keyblocks"},
78 { aFindDups, "find-dups", 0, "find duplicates" },
79 { aCut, "cut", 0, "export records" },
80
81 { 301, NULL, 0, N_("@\nOptions:\n ") },
82
83 { oFrom, "from", 4, "|N|first record to export" },
84 { oTo, "to", 4, "|N|last record to export" },
85 /* { oArmor, "armor", 0, N_("create ascii armored output")}, */
86 /* { oArmor, "armour", 0, "@" }, */
87 /* { oOutput, "output", 2, N_("use as output file")}, */
88 { oVerbose, "verbose", 0, N_("verbose") },
89 { oQuiet, "quiet", 0, N_("be somewhat more quiet") },
90 { oDryRun, "dry-run", 0, N_("do not make any changes") },
91
92 { oDebug, "debug" ,4|16, N_("set debugging flags")},
93 { oDebugAll, "debug-all" ,0, N_("enable full debugging")},
94
95 {0} /* end of list */
96 };
97
98
99 void myexit (int rc);
100
101 int keybox_errors_seen = 0;
102
103
104 static const char *
105 my_strusage( int level )
106 {
107 const char *p;
108 switch( level ) {
109 case 11: p = "kbxutil (GnuPG)";
110 break;
111 case 13: p = VERSION; break;
112 case 17: p = PRINTABLE_OS_NAME; break;
113 case 19: p = _("Please report bugs to <@EMAIL@>.\n"); break;
114
115 case 1:
116 case 40: p =
117 _("Usage: kbxutil [options] [files] (-h for help)");
118 break;
119 case 41: p =
120 _("Syntax: kbxutil [options] [files]\n"
121 "list, export, import Keybox data\n");
122 break;
123
124
125 default: p = NULL;
126 }
127 return p;
128 }
129
130
131 /* Used by gcry for logging */
132 static void
133 my_gcry_logger (void *dummy, int level, const char *fmt, va_list arg_ptr)
134 {
135 (void)dummy;
136
137 /* Map the log levels. */
138 switch (level)
139 {
140 case GCRY_LOG_CONT: level = JNLIB_LOG_CONT; break;
141 case GCRY_LOG_INFO: level = JNLIB_LOG_INFO; break;
142 case GCRY_LOG_WARN: level = JNLIB_LOG_WARN; break;
143 case GCRY_LOG_ERROR:level = JNLIB_LOG_ERROR; break;
144 case GCRY_LOG_FATAL:level = JNLIB_LOG_FATAL; break;
145 case GCRY_LOG_BUG: level = JNLIB_LOG_BUG; break;
146 case GCRY_LOG_DEBUG:level = JNLIB_LOG_DEBUG; break;
147 default: level = JNLIB_LOG_ERROR; break;
148 }
149 log_logv (level, fmt, arg_ptr);
150 }
151
152
153
154 /* static void */
155 /* wrong_args( const char *text ) */
156 /* { */
157 /* log_error("usage: kbxutil %s\n", text); */
158 /* myexit ( 1 ); */
159 /* } */
160
161
162 #if 0
163 static int
164 hextobyte( const byte *s )
165 {
166 int c;
167
168 if( *s >= '0' && *s <= '9' )
169 c = 16 * (*s - '0');
170 else if( *s >= 'A' && *s <= 'F' )
171 c = 16 * (10 + *s - 'A');
172 else if( *s >= 'a' && *s <= 'f' )
173 c = 16 * (10 + *s - 'a');
174 else
175 return -1;
176 s++;
177 if( *s >= '0' && *s <= '9' )
178 c += *s - '0';
179 else if( *s >= 'A' && *s <= 'F' )
180 c += 10 + *s - 'A';
181 else if( *s >= 'a' && *s <= 'f' )
182 c += 10 + *s - 'a';
183 else
184 return -1;
185 return c;
186 }
187 #endif
188
189 #if 0
190 static char *
191 format_fingerprint ( const char *s )
192 {
193 int i, c;
194 byte fpr[20];
195
196 for (i=0; i < 20 && *s; ) {
197 if ( *s == ' ' || *s == '\t' ) {
198 s++;
199 continue;
200 }
201 c = hextobyte(s);
202 if (c == -1) {
203 return NULL;
204 }
205 fpr[i++] = c;
206 s += 2;
207 }
208 return gcry_xstrdup ( fpr );
209 }
210 #endif
211
212 #if 0
213 static int
214 format_keyid ( const char *s, u32 *kid )
215 {
216 char helpbuf[9];
217 switch ( strlen ( s ) ) {
218 case 8:
219 kid[0] = 0;
220 kid[1] = strtoul( s, NULL, 16 );
221 return 10;
222
223 case 16:
224 mem2str( helpbuf, s, 9 );
225 kid[0] = strtoul( helpbuf, NULL, 16 );
226 kid[1] = strtoul( s+8, NULL, 16 );
227 return 11;
228 }
229 return 0; /* error */
230 }
231 #endif
232
233 static char *
234 read_file (const char *fname, size_t *r_length)
235 {
236 FILE *fp;
237 char *buf;
238 size_t buflen;
239
240 if (!strcmp (fname, "-"))
241 {
242 size_t nread, bufsize = 0;
243
244 fp = stdin;
245 buf = NULL;
246 buflen = 0;
247 #define NCHUNK 8192
248 do
249 {
250 bufsize += NCHUNK;
251 if (!buf)
252 buf = xtrymalloc (bufsize);
253 else
254 buf = xtryrealloc (buf, bufsize);
255 if (!buf)
256 log_fatal ("can't allocate buffer: %s\n", strerror (errno));
257
258 nread = fread (buf+buflen, 1, NCHUNK, fp);
259 if (nread < NCHUNK && ferror (fp))
260 {
261 log_error ("error reading `[stdin]': %s\n", strerror (errno));
262 xfree (buf);
263 return NULL;
264 }
265 buflen += nread;
266 }
267 while (nread == NCHUNK);
268 #undef NCHUNK
269
270 }
271 else
272 {
273 struct stat st;
274
275 fp = fopen (fname, "rb");
276 if (!fp)
277 {
278 log_error ("can't open `%s': %s\n", fname, strerror (errno));
279 return NULL;
280 }
281
282 if (fstat (fileno(fp), &st))
283 {
284 log_error ("can't stat `%s': %s\n", fname, strerror (errno));
285 fclose (fp);
286 return NULL;
287 }
288
289 buflen = st.st_size;
290 buf = xtrymalloc (buflen+1);
291 if (!buf)
292 log_fatal ("can't allocate buffer: %s\n", strerror (errno));
293 if (fread (buf, buflen, 1, fp) != 1)
294 {
295 log_error ("error reading `%s': %s\n", fname, strerror (errno));
296 fclose (fp);
297 xfree (buf);
298 return NULL;
299 }
300 fclose (fp);
301 }
302
303 *r_length = buflen;
304 return buf;
305 }
306
307
308 static void
309 dump_fpr (const unsigned char *buffer, size_t len)
310 {
311 int i;
312
313 for (i=0; i < len; i++, buffer++)
314 {
315 if (len == 20)
316 {
317 if (i == 10)
318 putchar (' ');
319 printf (" %02X%02X", buffer[0], buffer[1]);
320 i++; buffer++;
321 }
322 else
323 {
324 if (i && !(i % 8))
325 putchar (' ');
326 printf (" %02X", buffer[0]);
327 }
328 }
329 }
330
331
332 static void
333 dump_openpgp_key (keybox_openpgp_info_t info, const unsigned char *image)
334 {
335 printf ("pub %02X%02X%02X%02X",
336 info->primary.keyid[4], info->primary.keyid[5],
337 info->primary.keyid[6], info->primary.keyid[7] );
338 dump_fpr (info->primary.fpr, info->primary.fprlen);
339 putchar ('\n');
340 if (info->nsubkeys)
341 {
342 struct _keybox_openpgp_key_info *k;
343
344 k = &info->subkeys;
345 do
346 {
347 printf ("sub %02X%02X%02X%02X",
348 k->keyid[4], k->keyid[5],
349 k->keyid[6], k->keyid[7] );
350 dump_fpr (k->fpr, k->fprlen);
351 putchar ('\n');
352 k = k->next;
353 }
354 while (k);
355 }
356 if (info->nuids)
357 {
358 struct _keybox_openpgp_uid_info *u;
359
360 u = &info->uids;
361 do
362 {
363 printf ("uid\t\t%.*s\n", (int)u->len, image + u->off);
364 u = u->next;
365 }
366 while (u);
367 }
368 }
369
370
371 static void
372 import_openpgp (const char *filename)
373 {
374 gpg_error_t err;
375 char *buffer;
376 size_t buflen, nparsed;
377 unsigned char *p;
378 struct _keybox_openpgp_info info;
379
380 buffer = read_file (filename, &buflen);
381 if (!buffer)
382 return;
383 p = (unsigned char *)buffer;
384 for (;;)
385 {
386 err = _keybox_parse_openpgp (p, buflen, &nparsed, &info);
387 assert (nparsed <= buflen);
388 if (err)
389 {
390 if (gpg_err_code (err) == GPG_ERR_NO_DATA)
391 break;
392 log_info ("%s: failed to parse OpenPGP keyblock: %s\n",
393 filename, gpg_strerror (err));
394 }
395 else
396 {
397 dump_openpgp_key (&info, p);
398 _keybox_destroy_openpgp_info (&info);
399 }
400 p += nparsed;
401 buflen -= nparsed;
402 }
403 xfree (buffer);
404 }
405
406
407
408
409 int
410 main( int argc, char **argv )
411 {
412 ARGPARSE_ARGS pargs;
413 enum cmd_and_opt_values cmd = 0;
414 unsigned long from = 0, to = ULONG_MAX;
415
416 set_strusage( my_strusage );
417 gcry_control (GCRYCTL_DISABLE_SECMEM);
418 log_set_prefix ("kbxutil", 1);
419
420 /* Make sure that our subsystems are ready. */
421 i18n_init ();
422 init_common_subsystems ();
423
424 /* Check that the libraries are suitable. Do it here because
425 the option parsing may need services of the library. */
426 if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
427 {
428 log_fatal (_("%s is too old (need %s, have %s)\n"), "libgcrypt",
429 NEED_LIBGCRYPT_VERSION, gcry_check_version (NULL) );
430 }
431
432 gcry_set_log_handler (my_gcry_logger, NULL);
433
434 /*create_dotlock(NULL); register locking cleanup */
435
436 /* We need to use the gcry malloc function because jnlib does use them */
437 keybox_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free);
438 ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
439
440
441 pargs.argc = &argc;
442 pargs.argv = &argv;
443 pargs.flags= 1; /* do not remove the args */
444 while (arg_parse( &pargs, opts) )
445 {
446 switch (pargs.r_opt)
447 {
448 case oVerbose:
449 /*opt.verbose++;*/
450 /*gcry_control( GCRYCTL_SET_VERBOSITY, (int)opt.verbose );*/
451 break;
452 case oDebug:
453 /*opt.debug |= pargs.r.ret_ulong; */
454 break;
455 case oDebugAll:
456 /*opt.debug = ~0;*/
457 break;
458
459 case aFindByFpr:
460 case aFindByKid:
461 case aFindByUid:
462 case aStats:
463 case aImportOpenPGP:
464 case aFindDups:
465 case aCut:
466 cmd = pargs.r_opt;
467 break;
468
469 case oFrom: from = pargs.r.ret_ulong; break;
470 case oTo: to = pargs.r.ret_ulong; break;
471
472 default:
473 pargs.err = 2;
474 break;
475 }
476 }
477
478 if (to < from)
479 log_error ("record number of \"--to\" is lower than \"--from\" one\n");
480
481
482 if (log_get_errorcount(0) )
483 myexit(2);
484
485 if (!cmd)
486 { /* Default is to list a KBX file */
487 if (!argc)
488 _keybox_dump_file (NULL, 0, stdout);
489 else
490 {
491 for (; argc; argc--, argv++)
492 _keybox_dump_file (*argv, 0, stdout);
493 }
494 }
495 else if (cmd == aStats )
496 {
497 if (!argc)
498 _keybox_dump_file (NULL, 1, stdout);
499 else
500 {
501 for (; argc; argc--, argv++)
502 _keybox_dump_file (*argv, 1, stdout);
503 }
504 }
505 else if (cmd == aFindDups )
506 {
507 if (!argc)
508 _keybox_dump_find_dups (NULL, 0, stdout);
509 else
510 {
511 for (; argc; argc--, argv++)
512 _keybox_dump_find_dups (*argv, 0, stdout);
513 }
514 }
515 else if (cmd == aCut )
516 {
517 if (!argc)
518 _keybox_dump_cut_records (NULL, from, to, stdout);
519 else
520 {
521 for (; argc; argc--, argv++)
522 _keybox_dump_cut_records (*argv, from, to, stdout);
523 }
524 }
525 else if (cmd == aImportOpenPGP)
526 {
527 if (!argc)
528 import_openpgp ("-");
529 else
530 {
531 for (; argc; argc--, argv++)
532 import_openpgp (*argv);
533 }
534 }
535 #if 0
536 else if ( cmd == aFindByFpr )
537 {
538 char *fpr;
539 if ( argc != 2 )
540 wrong_args ("kbxfile foingerprint");
541 fpr = format_fingerprint ( argv[1] );
542 if ( !fpr )
543 log_error ("invalid formatted fingerprint\n");
544 else
545 {
546 kbxfile_search_by_fpr ( argv[0], fpr );
547 gcry_free ( fpr );
548 }
549 }
550 else if ( cmd == aFindByKid )
551 {
552 u32 kid[2];
553 int mode;
554
555 if ( argc != 2 )
556 wrong_args ("kbxfile short-or-long-keyid");
557 mode = format_keyid ( argv[1], kid );
558 if ( !mode )
559 log_error ("invalid formatted keyID\n");
560 else
561 {
562 kbxfile_search_by_kid ( argv[0], kid, mode );
563 }
564 }
565 else if ( cmd == aFindByUid )
566 {
567 if ( argc != 2 )
568 wrong_args ("kbxfile userID");
569 kbxfile_search_by_uid ( argv[0], argv[1] );
570 }
571 #endif
572 else
573 log_error ("unsupported action\n");
574
575 myexit(0);
576 return 8; /*NEVER REACHED*/
577 }
578
579
580 void
581 myexit( int rc )
582 {
583 /* if( opt.debug & DBG_MEMSTAT_VALUE ) {*/
584 /* gcry_control( GCRYCTL_DUMP_MEMORY_STATS ); */
585 /* gcry_control( GCRYCTL_DUMP_RANDOM_STATS ); */
586 /* }*/
587 /* if( opt.debug ) */
588 /* gcry_control( GCRYCTL_DUMP_SECMEM_STATS ); */
589 rc = rc? rc : log_get_errorcount(0)? 2 :
590 keybox_errors_seen? 1 : 0;
591 exit(rc );
592 }
593
594
gnupg svn clone