2 * Copyright (C) 1997-2001 Thomas Roessler <roessler@does-not-exist.org>
4 * This program is free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License as published by the Free Software Foundation; either
7 * version 2 of the License, or (at your option) any later
10 * This program is distributed in the hope that it will be
11 * useful, but WITHOUT ANY WARRANTY; without even the implied
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
13 * PURPOSE. See the GNU General Public License for more
16 * You should have received a copy of the GNU General Public
17 * License along with this program; if not, write to the Free
18 * Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111, USA.
23 * This is a "simple" PGP key ring dumper.
25 * The output format is supposed to be compatible to the one GnuPG
26 * emits and Mutt expects.
28 * Note that the code of this program could be considerably less
29 * complex, but most of it was taken from mutt's second generation
32 * You can actually use this to put together some fairly general
33 * PGP key management applications.
54 short Umask; /* dirty hack because we need Umask in lib.c but don't want globals.h there */
60 #include "pgppacket.h"
62 #define MD5_DIGEST_LENGTH 16
65 #define FGETPOS(fp,pos) fgetpos((fp),&(pos))
66 #define FSETPOS(fp,pos) fsetpos((fp),&(pos))
68 #define FGETPOS(fp,pos) pos=ftell((fp));
69 #define FSETPOS(fp,pos) fseek((fp),(pos),SEEK_SET)
73 static short dump_signatures = 0;
74 static short dump_fingerprints = 0;
77 static void pgpring_find_candidates (char *ringfile, const char *hints[], int nhints);
78 static void pgpring_dump_keyblock (pgp_key_t p);
80 int main (int argc, char * const argv[])
87 const char *_kring = NULL;
88 char *env_pgppath, *env_home;
90 char pgppath[_POSIX_PATH_MAX];
91 char kring[_POSIX_PATH_MAX];
93 while ((c = getopt (argc, argv, "f25sk:S")) != EOF)
105 dump_fingerprints = 1;
129 fprintf (stderr, "usage: %s [-k <key ring> | [-2 | -5] [ -s] [-S] [-f]] [hints]\n",
137 strfcpy (kring, _kring, sizeof (kring));
140 if ((env_pgppath = getenv ("PGPPATH")))
141 strfcpy (pgppath, env_pgppath, sizeof (pgppath));
142 else if ((env_home = getenv ("HOME")))
143 snprintf (pgppath, sizeof (pgppath), "%s/.pgp", env_home);
146 fprintf (stderr, "%s: Can't determine your PGPPATH.\n", argv[0]);
151 snprintf (kring, sizeof (kring), "%s/secring.%s", pgppath, version == 2 ? "pgp" : "skr");
153 snprintf (kring, sizeof (kring), "%s/pubring.%s", pgppath, version == 2 ? "pgp" : "pkr");
156 pgpring_find_candidates (kring, (const char**) argv + optind, argc - optind);
162 /* The actual key ring parser */
164 static void pgp_make_pgp2_fingerprint (unsigned char *buff,
165 unsigned char *digest)
169 unsigned int size = 0;
174 size = (buff[0] << 8) + buff[1];
175 size = ((size + 7) / 8);
178 MD5Update (&context, buff, size);
181 size = (buff[0] << 8) + buff[1];
182 size = ((size + 7) / 8);
185 MD5Update (&context, buff, size);
187 MD5Final (digest, &context);
189 } /* pgp_make_pgp2_fingerprint() */
191 static pgp_key_t pgp_parse_pgp2_key (unsigned char *buff, size_t l)
195 unsigned char digest[MD5_DIGEST_LENGTH];
199 unsigned short exp_days = 0;
202 unsigned char scratch[LONG_STRING];
207 p = pgp_new_keyinfo();
209 for (i = 0, j = 2; i < 4; i++)
210 gen_time = (gen_time << 8) + buff[j++];
212 p->gen_time = gen_time;
214 for (i = 0; i < 2; i++)
215 exp_days = (exp_days << 8) + buff[j++];
217 if (exp_days && time (NULL) > gen_time + exp_days * 24 * 3600)
218 p->flags |= KEYFLAG_EXPIRED;
223 p->algorithm = pgp_pkalgbytype (alg);
224 p->flags |= pgp_get_abilities (alg);
226 if (dump_fingerprints)
228 /* j now points to the key material, which we need for the fingerprint */
229 p->fp_len = MD5_DIGEST_LENGTH;
230 pgp_make_pgp2_fingerprint (&buff[j], digest);
231 memcpy (p->fingerprint, digest, MD5_DIGEST_LENGTH);
233 else /* just to be usre */
234 memset (p->fingerprint, 0, MD5_DIGEST_LENGTH);
237 for (i = 0; i < 2; i++)
238 expl = (expl << 8) + buff[j++];
242 expl = (expl + 7) / 8;
249 for (k = 0; k < 2; k++)
251 for (id = 0, i = 0; i < 4; i++)
252 id = (id << 8) + buff[j++];
254 snprintf ((char *) scratch + k * 8, sizeof (scratch) - k * 8,
258 p->keyid = safe_strdup ((char *) scratch);
268 static void pgp_make_pgp3_fingerprint (unsigned char *buff, size_t l,
269 unsigned char *digest)
274 SHA1_Init (&context);
276 dummy = buff[0] & 0x3f;
278 if (dummy == PT_SUBSECKEY || dummy == PT_SUBKEY || dummy == PT_SECKEY)
281 dummy = (dummy << 2) | 0x81;
282 SHA1_Update (&context, &dummy, 1);
283 dummy = ((l - 1) >> 8) & 0xff;
284 SHA1_Update (&context, &dummy, 1);
285 dummy = (l - 1) & 0xff;
286 SHA1_Update (&context, &dummy, 1);
287 SHA1_Update (&context, buff + 1, l - 1);
288 SHA1_Final (digest, &context);
292 static void skip_bignum (unsigned char *buff, size_t l, size_t j,
293 size_t * toff, size_t n)
299 len = (buff[j] << 8) + buff[j + 1];
300 j += (len + 7) / 8 + 2;
302 while (j <= l && --n > 0);
309 static pgp_key_t pgp_parse_pgp3_key (unsigned char *buff, size_t l)
313 unsigned char digest[SHA_DIGEST_LENGTH];
314 unsigned char scratch[LONG_STRING];
321 p = pgp_new_keyinfo ();
324 for (i = 0; i < 4; i++)
325 gen_time = (gen_time << 8) + buff[j++];
327 p->gen_time = gen_time;
332 p->algorithm = pgp_pkalgbytype (alg);
333 p->flags |= pgp_get_abilities (alg);
336 skip_bignum (buff, l, j, &j, 3);
337 else if (alg == 16 || alg == 20)
338 skip_bignum (buff, l, j, &j, 2);
340 len = (buff[j] << 8) + buff[j + 1];
344 if (alg >= 1 && alg <= 3)
345 skip_bignum (buff, l, j, &j, 2);
346 else if (alg == 17 || alg == 16 || alg == 20)
347 skip_bignum (buff, l, j, &j, 1);
349 pgp_make_pgp3_fingerprint (buff, j, digest);
350 p->fp_len = SHA_DIGEST_LENGTH;
352 for (k = 0; k < 2; k++)
354 for (id = 0, i = SHA_DIGEST_LENGTH - 8 + k * 4;
355 i < SHA_DIGEST_LENGTH + (k - 1) * 4; i++)
356 id = (id << 8) + digest[i];
358 snprintf ((char *) scratch + k * 8, sizeof (scratch) - k * 8, "%08lX", id);
361 p->keyid = safe_strdup ((char *) scratch);
366 static pgp_key_t pgp_parse_keyinfo (unsigned char *buff, size_t l)
375 return pgp_parse_pgp2_key (buff, l);
377 return pgp_parse_pgp3_key (buff, l);
383 static int pgp_parse_pgp2_sig (unsigned char *buff, size_t l,
384 pgp_key_t p, pgp_sig_t *s)
386 unsigned char sigtype;
388 unsigned long signerid1;
389 unsigned long signerid2;
400 for (i = 0; i < 4; i++)
401 sig_gen_time = (sig_gen_time << 8) + buff[j++];
403 signerid1 = signerid2 = 0;
404 for (i = 0; i < 4; i++)
405 signerid1 = (signerid1 << 8) + buff[j++];
407 for (i = 0; i < 4; i++)
408 signerid2 = (signerid2 << 8) + buff[j++];
411 if (sigtype == 0x20 || sigtype == 0x28)
412 p->flags |= KEYFLAG_REVOKED;
416 s->sigtype = sigtype;
424 static int pgp_parse_pgp3_sig (unsigned char *buff, size_t l,
425 pgp_key_t p, pgp_sig_t *s)
427 unsigned char sigtype;
429 unsigned char hashalg;
431 time_t sig_gen_time = -1;
433 long key_validity = -1;
434 unsigned long signerid1 = 0;
435 unsigned long signerid2 = 0;
440 short have_critical_spks = 0;
451 for (ii = 0; ii < 2; ii++)
456 ml = (buff[j] << 8) + buff[j + 1];
472 skl = (skl - 192) * 256 + buff[j++] + 192;
477 if ((int) ml - (int) skl < 0)
486 case 2: /* creation time */
491 for (i = 0; i < 4; i++)
492 sig_gen_time = (sig_gen_time << 8) + buff[j++];
496 case 3: /* expiration time */
501 for (i = 0; i < 4; i++)
502 validity = (validity << 8) + buff[j++];
505 case 9: /* key expiration time */
510 for (i = 0; i < 4; i++)
511 key_validity = (key_validity << 8) + buff[j++];
514 case 16: /* issuer key ID */
518 signerid2 = signerid1 = 0;
519 for (i = 0; i < 4; i++)
520 signerid1 = (signerid1 << 8) + buff[j++];
521 for (i = 0; i < 4; i++)
522 signerid2 = (signerid2 << 8) + buff[j++];
526 case 10: /* CMR key */
528 case 4: /* exportable */
531 case 7: /* revocable */
532 case 11: /* Pref. symm. alg. */
533 case 12: /* revocation key */
534 case 20: /* notation data */
535 case 21: /* pref. hash */
536 case 22: /* pref. comp.alg. */
537 case 23: /* key server prefs. */
538 case 24: /* pref. key server */
542 have_critical_spks = 1;
549 if (sigtype == 0x20 || sigtype == 0x28)
550 p->flags |= KEYFLAG_REVOKED;
551 if (key_validity != -1 && time (NULL) > p->gen_time + key_validity)
552 p->flags |= KEYFLAG_EXPIRED;
553 if (have_critical_spks)
554 p->flags |= KEYFLAG_CRITICAL;
558 s->sigtype = sigtype;
569 static int pgp_parse_sig (unsigned char *buff, size_t l,
570 pgp_key_t p, pgp_sig_t *sig)
572 if (!buff || l < 2 || !p)
579 return pgp_parse_pgp2_sig (buff, l, p, sig);
581 return pgp_parse_pgp3_sig (buff, l, p, sig);
587 /* parse one key block, including all subkeys. */
589 static pgp_key_t pgp_parse_keyblock (FILE * fp)
592 unsigned char pt = 0;
593 unsigned char last_pt;
603 pgp_key_t root = NULL;
604 pgp_key_t *last = &root;
606 pgp_uid_t *uid = NULL;
607 pgp_uid_t **addr = NULL;
608 pgp_sig_t **lsig = NULL;
612 while (!err && (buff = pgp_read_packet (fp, &l)) != NULL)
617 /* check if we have read the complete key block. */
619 if ((pt == PT_SECKEY || pt == PT_PUBKEY) && root)
632 if (!(*last = p = pgp_parse_keyinfo (buff, l)))
642 if (pt == PT_SUBKEY || pt == PT_SUBSECKEY)
644 p->flags |= KEYFLAG_SUBKEY;
648 p->address = pgp_copy_uids (root->address, p);
649 while (*addr) addr = &(*addr)->next;
653 if (pt == PT_SECKEY || pt == PT_SUBSECKEY)
654 p->flags |= KEYFLAG_SECRET;
663 pgp_sig_t *signature = safe_calloc (sizeof (pgp_sig_t), 1);
665 lsig = &signature->next;
667 pgp_parse_sig (buff, l, p, signature);
674 if (p && (last_pt == PT_SECKEY || last_pt == PT_PUBKEY ||
675 last_pt == PT_SUBKEY || last_pt == PT_SUBSECKEY))
679 p->flags |= KEYFLAG_DISABLED;
682 else if (last_pt == PT_NAME && uid)
684 uid->trust = buff[1];
696 chr = safe_malloc (l);
697 memcpy (chr, buff + 1, l - 1);
701 *addr = uid = safe_calloc (1, sizeof (pgp_uid_t)); /* XXX */
708 /* the following tags are generated by
712 if (strstr (chr, "ENCR"))
713 p->flags |= KEYFLAG_PREFER_ENCRYPTION;
714 if (strstr (chr, "SIGN"))
715 p->flags |= KEYFLAG_PREFER_SIGNING;
725 pgp_free_key (&root);
730 static int pgpring_string_matches_hint (const char *s, const char *hints[], int nhints)
734 if (!hints || !nhints)
737 for (i = 0; i < nhints; i++)
739 if (mutt_stristr (s, hints[i]) != NULL)
747 * Go through the key ring file and look for keys with
751 static void pgpring_find_candidates (char *ringfile, const char *hints[], int nhints)
760 unsigned char *buff = NULL;
761 unsigned char pt = 0;
766 if ((rfp = fopen (ringfile, "r")) == NULL)
769 size_t error_buf_len;
771 error_buf_len = sizeof ("fopen: ") - 1 + strlen (ringfile) + 1;
772 error_buf = safe_malloc (error_buf_len);
773 snprintf (error_buf, error_buf_len, "fopen: %s", ringfile);
782 while (!err && (buff = pgp_read_packet (rfp, &l)) != NULL)
789 if ((pt == PT_SECKEY) || (pt == PT_PUBKEY))
793 else if (pt == PT_NAME)
795 char *tmp = safe_malloc (l);
797 memcpy (tmp, buff + 1, l - 1);
800 /* mutt_decode_utf8_string (tmp, chs); */
802 if (pgpring_string_matches_hint (tmp, hints, nhints))
806 FSETPOS(rfp, keypos);
808 /* Not bailing out here would lead us into an endless loop. */
810 if ((p = pgp_parse_keyblock (rfp)) == NULL)
813 pgpring_dump_keyblock (p);
827 static void print_userid (const char *id)
829 for (; id && *id; id++)
831 if (*id >= ' ' && *id <= 'z' && *id != ':')
834 printf ("\\x%02x", (*id) & 0xff);
838 static void print_fingerprint (pgp_key_t p)
842 printf ("fpr:::::::::");
843 for (i = 0; i < p->fp_len; i++)
844 printf ("%02X", p->fingerprint[i]);
847 } /* print_fingerprint() */
850 static void pgpring_dump_signatures (pgp_sig_t *sig)
852 for (; sig; sig = sig->next)
854 if (sig->sigtype == 0x10 || sig->sigtype == 0x11 ||
855 sig->sigtype == 0x12 || sig->sigtype == 0x13)
856 printf ("sig::::%08lX%08lX::::::%X:\n",
857 sig->sid1, sig->sid2, sig->sigtype);
858 else if (sig->sigtype == 0x20)
859 printf ("rev::::%08lX%08lX::::::%X:\n",
860 sig->sid1, sig->sid2, sig->sigtype);
865 static char gnupg_trustletter (int t)
876 static void pgpring_dump_keyblock (pgp_key_t p)
883 for (; p; p = p->next)
887 if (p->flags & KEYFLAG_SECRET)
889 if (p->flags & KEYFLAG_SUBKEY)
896 if (p->flags & KEYFLAG_SUBKEY)
902 if (p->flags & KEYFLAG_REVOKED)
904 if (p->flags & KEYFLAG_EXPIRED)
906 if (p->flags & KEYFLAG_DISABLED)
909 for (uid = p->address; uid; uid = uid->next, first = 0)
913 printf ("uid:%c::::::::", gnupg_trustletter (uid->trust));
914 print_userid (uid->addr);
919 if (p->flags & KEYFLAG_SECRET)
922 putchar (gnupg_trustletter (uid->trust));
927 printf (":%d:%d:%s:%04d-%02d-%02d::::", p->keylen, p->numalg, p->keyid,
928 1900 + tp->tm_year, tp->tm_mon + 1, tp->tm_mday);
930 print_userid (uid->addr);
933 if(pgp_canencrypt(p->numalg))
935 if(pgp_cansign(p->numalg))
937 if (p->flags & KEYFLAG_DISABLED)
941 if (dump_fingerprints)
942 print_fingerprint (p);
947 if (first) pgpring_dump_signatures (p->sigs);
948 pgpring_dump_signatures (uid->sigs);
955 * The mutt_gettext () defined in gettext.c requires iconv,
956 * so we do without charset conversion here.
959 char *mutt_gettext (const char *message)
961 return (char *)message;