"Fossies" - the Fresh Open Source Software Archive

Member "gnupg-2.2.17/g10/keyid.c" (9 Jul 2019, 23488 Bytes) of package /linux/misc/gnupg-2.2.17.tar.bz2:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "keyid.c" see the Fossies "Dox" file reference documentation.

    1 /* keyid.c - key ID and fingerprint handling
    2  * Copyright (C) 1998, 1999, 2000, 2001, 2003,
    3  *               2004, 2006, 2010 Free Software Foundation, Inc.
    4  * Copyright (C) 2014 Werner Koch
    5  * Copyright (C) 2016 g10 Code GmbH
    6  *
    7  * This file is part of GnuPG.
    8  *
    9  * GnuPG is free software; you can redistribute it and/or modify
   10  * it under the terms of the GNU General Public License as published by
   11  * the Free Software Foundation; either version 3 of the License, or
   12  * (at your option) any later version.
   13  *
   14  * GnuPG is distributed in the hope that it will be useful,
   15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
   16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   17  * GNU General Public License for more details.
   18  *
   19  * You should have received a copy of the GNU General Public License
   20  * along with this program; if not, see <https://www.gnu.org/licenses/>.
   21  */
   22 
   23 #include <config.h>
   24 #include <stdio.h>
   25 #include <stdlib.h>
   26 #include <string.h>
   27 #include <errno.h>
   28 #include <time.h>
   29 
   30 #include "gpg.h"
   31 #include "../common/util.h"
   32 #include "main.h"
   33 #include "packet.h"
   34 #include "options.h"
   35 #include "keydb.h"
   36 #include "../common/i18n.h"
   37 #include "rmd160.h"
   38 #include "../common/host2net.h"
   39 
   40 
   41 #define KEYID_STR_SIZE 19
   42 
   43 #ifdef HAVE_UNSIGNED_TIME_T
   44 # define IS_INVALID_TIME_T(a) ((a) == (time_t)(-1))
   45 #else
   46   /* Error or 32 bit time_t and value after 2038-01-19.  */
   47 # define IS_INVALID_TIME_T(a) ((a) < 0)
   48 #endif
   49 
   50 
   51 /* Return a letter describing the public key algorithms.  */
   52 int
   53 pubkey_letter( int algo )
   54 {
   55   switch (algo)
   56     {
   57     case PUBKEY_ALGO_RSA:   return 'R' ;
   58     case PUBKEY_ALGO_RSA_E: return 'r' ;
   59     case PUBKEY_ALGO_RSA_S: return 's' ;
   60     case PUBKEY_ALGO_ELGAMAL_E: return 'g' ;
   61     case PUBKEY_ALGO_ELGAMAL:   return 'G' ;
   62     case PUBKEY_ALGO_DSA:   return 'D' ;
   63     case PUBKEY_ALGO_ECDH:  return 'e' ;    /* ECC DH (encrypt only) */
   64     case PUBKEY_ALGO_ECDSA: return 'E' ;    /* ECC DSA (sign only)   */
   65     case PUBKEY_ALGO_EDDSA: return 'E' ;    /* ECC EdDSA (sign only) */
   66     default: return '?';
   67     }
   68 }
   69 
   70 /* Return a string describing the public key algorithm and the
   71    keysize.  For elliptic curves the functions prints the name of the
   72    curve because the keysize is a property of the curve.  The string
   73    is copied to the supplied buffer up a length of BUFSIZE-1.
   74    Examples for the output are:
   75 
   76    "rsa2048"  - RSA with 2048 bit
   77    "elg1024"  - Elgamal with 1024 bit
   78    "ed25519"  - ECC using the curve Ed25519.
   79    "E_1.2.3.4"  - ECC using the unsupported curve with OID "1.2.3.4".
   80    "E_1.3.6.1.4.1.11591.2.12242973" ECC with a bogus OID.
   81    "unknown_N"  - Unknown OpenPGP algorithm N.
   82 
   83    If the option --legacy-list-mode is active, the output use the
   84    legacy format:
   85 
   86    "2048R" - RSA with 2048 bit
   87    "1024g" - Elgamal with 1024 bit
   88    "256E"  - ECDSA using a curve with 256 bit
   89 
   90    The macro PUBKEY_STRING_SIZE may be used to allocate a buffer with
   91    a suitable size.*/
   92 char *
   93 pubkey_string (PKT_public_key *pk, char *buffer, size_t bufsize)
   94 {
   95   const char *prefix = NULL;
   96 
   97   if (opt.legacy_list_mode)
   98     {
   99       snprintf (buffer, bufsize, "%4u%c",
  100                 nbits_from_pk (pk), pubkey_letter (pk->pubkey_algo));
  101       return buffer;
  102     }
  103 
  104   switch (pk->pubkey_algo)
  105     {
  106     case PUBKEY_ALGO_RSA:
  107     case PUBKEY_ALGO_RSA_E:
  108     case PUBKEY_ALGO_RSA_S: prefix = "rsa"; break;
  109     case PUBKEY_ALGO_ELGAMAL_E: prefix = "elg"; break;
  110     case PUBKEY_ALGO_DSA:   prefix = "dsa"; break;
  111     case PUBKEY_ALGO_ELGAMAL:   prefix = "xxx"; break;
  112     case PUBKEY_ALGO_ECDH:
  113     case PUBKEY_ALGO_ECDSA:
  114     case PUBKEY_ALGO_EDDSA:     prefix = "";    break;
  115     }
  116 
  117   if (prefix && *prefix)
  118     snprintf (buffer, bufsize, "%s%u", prefix, nbits_from_pk (pk));
  119   else if (prefix)
  120     {
  121       char *curve = openpgp_oid_to_str (pk->pkey[0]);
  122       const char *name = openpgp_oid_to_curve (curve, 0);
  123 
  124       if (name)
  125         snprintf (buffer, bufsize, "%s", name);
  126       else if (curve)
  127         snprintf (buffer, bufsize, "E_%s", curve);
  128       else
  129         snprintf (buffer, bufsize, "E_error");
  130       xfree (curve);
  131     }
  132   else
  133     snprintf (buffer, bufsize, "unknown_%u", (unsigned int)pk->pubkey_algo);
  134 
  135   return buffer;
  136 }
  137 
  138 
  139 /* Hash a public key.  This function is useful for v4 fingerprints and
  140    for v3 or v4 key signing. */
  141 void
  142 hash_public_key (gcry_md_hd_t md, PKT_public_key *pk)
  143 {
  144   unsigned int n = 6;
  145   unsigned int nn[PUBKEY_MAX_NPKEY];
  146   byte *pp[PUBKEY_MAX_NPKEY];
  147   int i;
  148   unsigned int nbits;
  149   size_t nbytes;
  150   int npkey = pubkey_get_npkey (pk->pubkey_algo);
  151 
  152   /* FIXME: We can avoid the extra malloc by calling only the first
  153      mpi_print here which computes the required length and calling the
  154      real mpi_print only at the end.  The speed advantage would only be
  155      for ECC (opaque MPIs) or if we could implement an mpi_print
  156      variant with a callback handler to do the hashing.  */
  157   if (npkey==0 && pk->pkey[0]
  158       && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
  159     {
  160       pp[0] = gcry_mpi_get_opaque (pk->pkey[0], &nbits);
  161       nn[0] = (nbits+7)/8;
  162       n+=nn[0];
  163     }
  164   else
  165     {
  166       for (i=0; i < npkey; i++ )
  167         {
  168           if (!pk->pkey[i])
  169             {
  170               /* This case may only happen if the parsing of the MPI
  171                  failed but the key was anyway created.  May happen
  172                  during "gpg KEYFILE".  */
  173               pp[i] = NULL;
  174               nn[i] = 0;
  175             }
  176           else if (gcry_mpi_get_flag (pk->pkey[i], GCRYMPI_FLAG_OPAQUE))
  177             {
  178               const void *p;
  179 
  180               p = gcry_mpi_get_opaque (pk->pkey[i], &nbits);
  181               pp[i] = xmalloc ((nbits+7)/8);
  182               if (p)
  183                 memcpy (pp[i], p, (nbits+7)/8);
  184               else
  185                 pp[i] = NULL;
  186               nn[i] = (nbits+7)/8;
  187               n += nn[i];
  188             }
  189           else
  190             {
  191               if (gcry_mpi_print (GCRYMPI_FMT_PGP, NULL, 0,
  192                                   &nbytes, pk->pkey[i]))
  193                 BUG ();
  194               pp[i] = xmalloc (nbytes);
  195               if (gcry_mpi_print (GCRYMPI_FMT_PGP, pp[i], nbytes,
  196                                   &nbytes, pk->pkey[i]))
  197                 BUG ();
  198               nn[i] = nbytes;
  199               n += nn[i];
  200             }
  201         }
  202     }
  203 
  204   gcry_md_putc ( md, 0x99 );     /* ctb */
  205   /* What does it mean if n is greater than 0xFFFF ? */
  206   gcry_md_putc ( md, n >> 8 );   /* 2 byte length header */
  207   gcry_md_putc ( md, n );
  208   gcry_md_putc ( md, pk->version );
  209 
  210   gcry_md_putc ( md, pk->timestamp >> 24 );
  211   gcry_md_putc ( md, pk->timestamp >> 16 );
  212   gcry_md_putc ( md, pk->timestamp >>  8 );
  213   gcry_md_putc ( md, pk->timestamp       );
  214 
  215   gcry_md_putc ( md, pk->pubkey_algo );
  216 
  217   if(npkey==0 && pk->pkey[0]
  218      && gcry_mpi_get_flag (pk->pkey[0], GCRYMPI_FLAG_OPAQUE))
  219     {
  220       if (pp[0])
  221         gcry_md_write (md, pp[0], nn[0]);
  222     }
  223   else
  224     {
  225       for(i=0; i < npkey; i++ )
  226         {
  227           if (pp[i])
  228             gcry_md_write ( md, pp[i], nn[i] );
  229           xfree(pp[i]);
  230         }
  231     }
  232 }
  233 
  234 
  235 static gcry_md_hd_t
  236 do_fingerprint_md( PKT_public_key *pk )
  237 {
  238   gcry_md_hd_t md;
  239 
  240   if (gcry_md_open (&md, DIGEST_ALGO_SHA1, 0))
  241     BUG ();
  242   hash_public_key(md,pk);
  243   gcry_md_final( md );
  244 
  245   return md;
  246 }
  247 
  248 
  249 /* fixme: Check whether we can replace this function or if not
  250    describe why we need it.  */
  251 u32
  252 v3_keyid (gcry_mpi_t a, u32 *ki)
  253 {
  254   byte *buffer, *p;
  255   size_t nbytes;
  256 
  257   if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &nbytes, a ))
  258     BUG ();
  259   /* fixme: allocate it on the stack */
  260   buffer = xmalloc (nbytes);
  261   if (gcry_mpi_print( GCRYMPI_FMT_USG, buffer, nbytes, NULL, a ))
  262     BUG ();
  263   if (nbytes < 8) /* oops */
  264     ki[0] = ki[1] = 0;
  265   else
  266     {
  267       p = buffer + nbytes - 8;
  268       ki[0] = buf32_to_u32 (p);
  269       p += 4;
  270       ki[1] = buf32_to_u32 (p);
  271     }
  272   xfree (buffer);
  273   return ki[1];
  274 }
  275 
  276 
  277 /* Return PK's keyid.  The memory is owned by PK.  */
  278 u32 *
  279 pk_keyid (PKT_public_key *pk)
  280 {
  281   keyid_from_pk (pk, NULL);
  282 
  283   /* Uncomment this for help tracking down bugs related to keyid or
  284      main_keyid not being set correctly.  */
  285 #if 0
  286   if (! (pk->main_keyid[0] || pk->main_keyid[1]))
  287     log_bug ("pk->main_keyid not set!\n");
  288   if (keyid_cmp (pk->keyid, pk->main_keyid) == 0
  289       && ! pk->flags.primary)
  290     log_bug ("keyid and main_keyid are the same, but primary flag not set!\n");
  291   if (keyid_cmp (pk->keyid, pk->main_keyid) != 0
  292       && pk->flags.primary)
  293     log_bug ("keyid and main_keyid are different, but primary flag set!\n");
  294 #endif
  295 
  296   return pk->keyid;
  297 }
  298 
  299 /* Return the keyid of the primary key associated with PK.  The memory
  300    is owned by PK.  */
  301 u32 *
  302 pk_main_keyid (PKT_public_key *pk)
  303 {
  304   /* Uncomment this for help tracking down bugs related to keyid or
  305      main_keyid not being set correctly.  */
  306 #if 0
  307   if (! (pk->main_keyid[0] || pk->main_keyid[1]))
  308     log_bug ("pk->main_keyid not set!\n");
  309 #endif
  310 
  311   return pk->main_keyid;
  312 }
  313 
  314 /* Copy the keyid in SRC to DEST and return DEST.  */
  315 u32 *
  316 keyid_copy (u32 *dest, const u32 *src)
  317 {
  318   dest[0] = src[0];
  319   dest[1] = src[1];
  320   return dest;
  321 }
  322 
  323 char *
  324 format_keyid (u32 *keyid, int format, char *buffer, int len)
  325 {
  326   char tmp[KEYID_STR_SIZE];
  327   if (! buffer)
  328     {
  329       buffer = tmp;
  330       len = sizeof (tmp);
  331     }
  332 
  333   if (format == KF_DEFAULT)
  334     format = opt.keyid_format;
  335   if (format == KF_DEFAULT)
  336     format = KF_NONE;
  337 
  338   switch (format)
  339     {
  340     case KF_NONE:
  341       if (len)
  342         *buffer = 0;
  343       break;
  344 
  345     case KF_SHORT:
  346       snprintf (buffer, len, "%08lX", (ulong)keyid[1]);
  347       break;
  348 
  349     case KF_LONG:
  350       snprintf (buffer, len, "%08lX%08lX", (ulong)keyid[0], (ulong)keyid[1]);
  351       break;
  352 
  353     case KF_0xSHORT:
  354       snprintf (buffer, len, "0x%08lX", (ulong)keyid[1]);
  355       break;
  356 
  357     case KF_0xLONG:
  358       snprintf (buffer, len, "0x%08lX%08lX", (ulong)keyid[0],(ulong)keyid[1]);
  359       break;
  360 
  361     default:
  362       BUG();
  363     }
  364 
  365   if (buffer == tmp)
  366     return xstrdup (buffer);
  367   return buffer;
  368 }
  369 
  370 size_t
  371 keystrlen(void)
  372 {
  373   int format = opt.keyid_format;
  374   if (format == KF_DEFAULT)
  375     format = KF_NONE;
  376 
  377   switch(format)
  378     {
  379     case KF_NONE:
  380       return 0;
  381 
  382     case KF_SHORT:
  383       return 8;
  384 
  385     case KF_LONG:
  386       return 16;
  387 
  388     case KF_0xSHORT:
  389       return 10;
  390 
  391     case KF_0xLONG:
  392       return 18;
  393 
  394     default:
  395       BUG();
  396     }
  397 }
  398 
  399 
  400 const char *
  401 keystr (u32 *keyid)
  402 {
  403   static char keyid_str[KEYID_STR_SIZE];
  404   int format = opt.keyid_format;
  405 
  406   if (format == KF_DEFAULT)
  407     format = KF_NONE;
  408   if (format == KF_NONE)
  409     format = KF_LONG;
  410 
  411   return format_keyid (keyid, format, keyid_str, sizeof (keyid_str));
  412 }
  413 
  414 /* This function returns the key id of the main and possible the
  415  * subkey as one string.  It is used by error messages.  */
  416 const char *
  417 keystr_with_sub (u32 *main_kid, u32 *sub_kid)
  418 {
  419   static char buffer[KEYID_STR_SIZE+1+KEYID_STR_SIZE];
  420   char *p;
  421   int format = opt.keyid_format;
  422 
  423   if (format == KF_NONE)
  424     format = KF_LONG;
  425 
  426   format_keyid (main_kid, format, buffer, KEYID_STR_SIZE);
  427   if (sub_kid)
  428     {
  429       p = buffer + strlen (buffer);
  430       *p++ = '/';
  431       format_keyid (sub_kid, format, p, KEYID_STR_SIZE);
  432     }
  433   return buffer;
  434 }
  435 
  436 
  437 const char *
  438 keystr_from_pk(PKT_public_key *pk)
  439 {
  440   keyid_from_pk(pk,NULL);
  441 
  442   return keystr(pk->keyid);
  443 }
  444 
  445 
  446 const char *
  447 keystr_from_pk_with_sub (PKT_public_key *main_pk, PKT_public_key *sub_pk)
  448 {
  449   keyid_from_pk (main_pk, NULL);
  450   if (sub_pk)
  451     keyid_from_pk (sub_pk, NULL);
  452 
  453   return keystr_with_sub (main_pk->keyid, sub_pk? sub_pk->keyid:NULL);
  454 }
  455 
  456 
  457 /* Return PK's key id as a string using the default format.  PK owns
  458    the storage.  */
  459 const char *
  460 pk_keyid_str (PKT_public_key *pk)
  461 {
  462   return keystr (pk_keyid (pk));
  463 }
  464 
  465 
  466 const char *
  467 keystr_from_desc(KEYDB_SEARCH_DESC *desc)
  468 {
  469   switch(desc->mode)
  470     {
  471     case KEYDB_SEARCH_MODE_LONG_KID:
  472     case KEYDB_SEARCH_MODE_SHORT_KID:
  473       return keystr(desc->u.kid);
  474 
  475     case KEYDB_SEARCH_MODE_FPR20:
  476       {
  477     u32 keyid[2];
  478 
  479     keyid[0] = buf32_to_u32 (desc->u.fpr+12);
  480     keyid[1] = buf32_to_u32 (desc->u.fpr+16);
  481     return keystr(keyid);
  482       }
  483 
  484     case KEYDB_SEARCH_MODE_FPR16:
  485       return "?v3 fpr?";
  486 
  487     default:
  488       BUG();
  489     }
  490 }
  491 
  492 
  493 /*
  494  * Get the keyid from the public key and put it into keyid
  495  * if this is not NULL. Return the 32 low bits of the keyid.
  496  */
  497 u32
  498 keyid_from_pk (PKT_public_key *pk, u32 *keyid)
  499 {
  500   u32 lowbits;
  501   u32 dummy_keyid[2];
  502 
  503   if (!keyid)
  504     keyid = dummy_keyid;
  505 
  506   if( pk->keyid[0] || pk->keyid[1] )
  507     {
  508       keyid[0] = pk->keyid[0];
  509       keyid[1] = pk->keyid[1];
  510       lowbits = keyid[1];
  511     }
  512   else
  513     {
  514       const byte *dp;
  515       gcry_md_hd_t md;
  516 
  517       md = do_fingerprint_md(pk);
  518       if(md)
  519     {
  520       dp = gcry_md_read ( md, 0 );
  521       keyid[0] = buf32_to_u32 (dp+12);
  522       keyid[1] = buf32_to_u32 (dp+16);
  523       lowbits = keyid[1];
  524       gcry_md_close (md);
  525       pk->keyid[0] = keyid[0];
  526       pk->keyid[1] = keyid[1];
  527     }
  528       else
  529     pk->keyid[0]=pk->keyid[1]=keyid[0]=keyid[1]=lowbits=0xFFFFFFFF;
  530     }
  531 
  532   return lowbits;
  533 }
  534 
  535 
  536 /*
  537  * Get the keyid from the fingerprint.  This function is simple for most
  538  * keys, but has to do a keylookup for old stayle keys.
  539  */
  540 u32
  541 keyid_from_fingerprint (ctrl_t ctrl, const byte *fprint,
  542                         size_t fprint_len, u32 *keyid)
  543 {
  544   u32 dummy_keyid[2];
  545 
  546   if( !keyid )
  547     keyid = dummy_keyid;
  548 
  549   if (fprint_len != 20)
  550     {
  551       /* This is special as we have to lookup the key first.  */
  552       PKT_public_key pk;
  553       int rc;
  554 
  555       memset (&pk, 0, sizeof pk);
  556       rc = get_pubkey_byfprint (ctrl, &pk, NULL, fprint, fprint_len);
  557       if( rc )
  558         {
  559           log_error("Oops: keyid_from_fingerprint: no pubkey\n");
  560           keyid[0] = 0;
  561           keyid[1] = 0;
  562         }
  563       else
  564         keyid_from_pk (&pk, keyid);
  565     }
  566   else
  567     {
  568       const byte *dp = fprint;
  569       keyid[0] = buf32_to_u32 (dp+12);
  570       keyid[1] = buf32_to_u32 (dp+16);
  571     }
  572 
  573   return keyid[1];
  574 }
  575 
  576 
  577 u32
  578 keyid_from_sig (PKT_signature *sig, u32 *keyid)
  579 {
  580   if( keyid )
  581     {
  582       keyid[0] = sig->keyid[0];
  583       keyid[1] = sig->keyid[1];
  584     }
  585   return sig->keyid[1];
  586 }
  587 
  588 
  589 byte *
  590 namehash_from_uid (PKT_user_id *uid)
  591 {
  592   if (!uid->namehash)
  593     {
  594       uid->namehash = xmalloc (20);
  595 
  596       if (uid->attrib_data)
  597     rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len);
  598       else
  599     rmd160_hash_buffer (uid->namehash, uid->name, uid->len);
  600     }
  601 
  602   return uid->namehash;
  603 }
  604 
  605 
  606 /*
  607  * Return the number of bits used in PK.
  608  */
  609 unsigned int
  610 nbits_from_pk (PKT_public_key *pk)
  611 {
  612     return pubkey_nbits (pk->pubkey_algo, pk->pkey);
  613 }
  614 
  615 
  616 /* Convert an UTC TIMESTAMP into an UTC yyyy-mm-dd string.  Return
  617  * that string.  The caller should pass a buffer with at least a size
  618  * of MK_DATESTR_SIZE.  */
  619 char *
  620 mk_datestr (char *buffer, size_t bufsize, u32 timestamp)
  621 {
  622   time_t atime = timestamp;
  623   struct tm *tp;
  624 
  625   if (IS_INVALID_TIME_T (atime))
  626     strcpy (buffer, "????" "-??" "-??"); /* Mark this as invalid. */
  627   else
  628     {
  629       tp = gmtime (&atime);
  630       snprintf (buffer, bufsize, "%04d-%02d-%02d",
  631                 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday );
  632     }
  633   return buffer;
  634 }
  635 
  636 
  637 /*
  638  * return a string with the creation date of the pk
  639  * Note: this is alloced in a static buffer.
  640  *    Format is: yyyy-mm-dd
  641  */
  642 const char *
  643 datestr_from_pk (PKT_public_key *pk)
  644 {
  645   static char buffer[MK_DATESTR_SIZE];
  646 
  647   return mk_datestr (buffer, sizeof buffer, pk->timestamp);
  648 }
  649 
  650 
  651 const char *
  652 datestr_from_sig (PKT_signature *sig )
  653 {
  654   static char buffer[MK_DATESTR_SIZE];
  655 
  656   return mk_datestr (buffer, sizeof buffer, sig->timestamp);
  657 }
  658 
  659 
  660 const char *
  661 expirestr_from_pk (PKT_public_key *pk)
  662 {
  663   static char buffer[MK_DATESTR_SIZE];
  664 
  665   if (!pk->expiredate)
  666     return _("never     ");
  667   return mk_datestr (buffer, sizeof buffer, pk->expiredate);
  668 }
  669 
  670 
  671 const char *
  672 expirestr_from_sig (PKT_signature *sig)
  673 {
  674   static char buffer[MK_DATESTR_SIZE];
  675 
  676   if (!sig->expiredate)
  677     return _("never     ");
  678   return mk_datestr (buffer, sizeof buffer, sig->expiredate);
  679 }
  680 
  681 
  682 const char *
  683 revokestr_from_pk( PKT_public_key *pk )
  684 {
  685   static char buffer[MK_DATESTR_SIZE];
  686 
  687   if(!pk->revoked.date)
  688     return _("never     ");
  689   return mk_datestr (buffer, sizeof buffer, pk->revoked.date);
  690 }
  691 
  692 
  693 const char *
  694 usagestr_from_pk (PKT_public_key *pk, int fill)
  695 {
  696   static char buffer[10];
  697   int i = 0;
  698   unsigned int use = pk->pubkey_usage;
  699 
  700   if ( use & PUBKEY_USAGE_SIG )
  701     buffer[i++] = 'S';
  702 
  703   if ( use & PUBKEY_USAGE_CERT )
  704     buffer[i++] = 'C';
  705 
  706   if ( use & PUBKEY_USAGE_ENC )
  707     buffer[i++] = 'E';
  708 
  709   if ( (use & PUBKEY_USAGE_AUTH) )
  710     buffer[i++] = 'A';
  711 
  712   while (fill && i < 4)
  713     buffer[i++] = ' ';
  714 
  715   buffer[i] = 0;
  716   return buffer;
  717 }
  718 
  719 
  720 const char *
  721 colon_strtime (u32 t)
  722 {
  723   static char buf[20];
  724 
  725   if (!t)
  726     return "";
  727   snprintf (buf, sizeof buf, "%lu", (ulong)t);
  728   return buf;
  729 }
  730 
  731 const char *
  732 colon_datestr_from_pk (PKT_public_key *pk)
  733 {
  734   static char buf[20];
  735 
  736   snprintf (buf, sizeof buf, "%lu", (ulong)pk->timestamp);
  737   return buf;
  738 }
  739 
  740 
  741 const char *
  742 colon_datestr_from_sig (PKT_signature *sig)
  743 {
  744   static char buf[20];
  745 
  746   snprintf (buf, sizeof buf, "%lu", (ulong)sig->timestamp);
  747   return buf;
  748 }
  749 
  750 const char *
  751 colon_expirestr_from_sig (PKT_signature *sig)
  752 {
  753   static char buf[20];
  754 
  755   if (!sig->expiredate)
  756     return "";
  757 
  758   snprintf (buf, sizeof buf,"%lu", (ulong)sig->expiredate);
  759   return buf;
  760 }
  761 
  762 
  763 /*
  764  * Return a byte array with the fingerprint for the given PK/SK
  765  * The length of the array is returned in ret_len. Caller must free
  766  * the array or provide an array of length MAX_FINGERPRINT_LEN.
  767  */
  768 byte *
  769 fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
  770 {
  771   const byte *dp;
  772   size_t len;
  773   gcry_md_hd_t md;
  774 
  775   md = do_fingerprint_md(pk);
  776   dp = gcry_md_read( md, 0 );
  777   len = gcry_md_get_algo_dlen (gcry_md_get_algo (md));
  778   log_assert( len <= MAX_FINGERPRINT_LEN );
  779   if (!array)
  780     array = xmalloc ( len );
  781   memcpy (array, dp, len );
  782   pk->keyid[0] = buf32_to_u32 (dp+12);
  783   pk->keyid[1] = buf32_to_u32 (dp+16);
  784   gcry_md_close( md);
  785 
  786   if (ret_len)
  787     *ret_len = len;
  788   return array;
  789 }
  790 
  791 
  792 /* Return an allocated buffer with the fingerprint of PK formatted as
  793  * a plain hexstring.  If BUFFER is NULL the result is a malloc'd
  794  * string.  If BUFFER is not NULL the result will be copied into this
  795  * buffer.  In the latter case BUFLEN describes the length of the
  796  * buffer; if this is too short the function terminates the process.
  797  * Returns a malloc'ed string or BUFFER.  A suitable length for BUFFER
  798  * is (2*MAX_FINGERPRINT_LEN + 1). */
  799 char *
  800 hexfingerprint (PKT_public_key *pk, char *buffer, size_t buflen)
  801 {
  802   unsigned char fpr[MAX_FINGERPRINT_LEN];
  803   size_t len;
  804 
  805   fingerprint_from_pk (pk, fpr, &len);
  806   if (!buffer)
  807     {
  808       buffer = xtrymalloc (2 * len + 1);
  809       if (!buffer)
  810         return NULL;
  811     }
  812   else if (buflen < 2*len+1)
  813     log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen);
  814   bin2hex (fpr, len, buffer);
  815   return buffer;
  816 }
  817 
  818 
  819 /* Pretty print a hex fingerprint.  If BUFFER is NULL the result is a
  820    malloc'd string.  If BUFFER is not NULL the result will be copied
  821    into this buffer.  In the latter case BUFLEN describes the length
  822    of the buffer; if this is too short the function terminates the
  823    process.  Returns a malloc'ed string or BUFFER.  A suitable length
  824    for BUFFER is (MAX_FORMATTED_FINGERPRINT_LEN + 1).  */
  825 char *
  826 format_hexfingerprint (const char *fingerprint, char *buffer, size_t buflen)
  827 {
  828   int hexlen = strlen (fingerprint);
  829   int space;
  830   int i, j;
  831 
  832   if (hexlen == 40)  /* v4 fingerprint */
  833     {
  834       space = (/* The characters and the NUL.  */
  835            40 + 1
  836            /* After every fourth character, we add a space (except
  837           the last).  */
  838            + 40 / 4 - 1
  839            /* Half way through we add a second space.  */
  840            + 1);
  841     }
  842   else  /* Other fingerprint versions - print as is.  */
  843     {
  844       space = hexlen + 1;
  845     }
  846 
  847   if (!buffer)
  848     buffer = xmalloc (space);
  849   else if (buflen < space)
  850     log_fatal ("%s: buffer too short (%zu)\n", __func__, buflen);
  851 
  852   if (hexlen == 40)  /* v4 fingerprint */
  853     {
  854       for (i = 0, j = 0; i < 40; i ++)
  855         {
  856           if (i && i % 4 == 0)
  857             buffer[j ++] = ' ';
  858           if (i == 40 / 2)
  859             buffer[j ++] = ' ';
  860 
  861           buffer[j ++] = fingerprint[i];
  862         }
  863       buffer[j ++] = 0;
  864       log_assert (j == space);
  865     }
  866   else
  867     {
  868       strcpy (buffer, fingerprint);
  869     }
  870 
  871   return buffer;
  872 }
  873 
  874 
  875 
  876 /* Return the so called KEYGRIP which is the SHA-1 hash of the public
  877    key parameters expressed as an canoncial encoded S-Exp.  ARRAY must
  878    be 20 bytes long.  Returns 0 on success or an error code.  */
  879 gpg_error_t
  880 keygrip_from_pk (PKT_public_key *pk, unsigned char *array)
  881 {
  882   gpg_error_t err;
  883   gcry_sexp_t s_pkey;
  884 
  885   if (DBG_PACKET)
  886     log_debug ("get_keygrip for public key\n");
  887 
  888   switch (pk->pubkey_algo)
  889     {
  890     case GCRY_PK_DSA:
  891       err = gcry_sexp_build (&s_pkey, NULL,
  892                              "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
  893                              pk->pkey[0], pk->pkey[1],
  894                              pk->pkey[2], pk->pkey[3]);
  895       break;
  896 
  897     case GCRY_PK_ELG:
  898     case GCRY_PK_ELG_E:
  899       err = gcry_sexp_build (&s_pkey, NULL,
  900                              "(public-key(elg(p%m)(g%m)(y%m)))",
  901                              pk->pkey[0], pk->pkey[1], pk->pkey[2]);
  902       break;
  903 
  904     case GCRY_PK_RSA:
  905     case GCRY_PK_RSA_S:
  906     case GCRY_PK_RSA_E:
  907       err = gcry_sexp_build (&s_pkey, NULL,
  908                              "(public-key(rsa(n%m)(e%m)))",
  909                              pk->pkey[0], pk->pkey[1]);
  910       break;
  911 
  912     case PUBKEY_ALGO_EDDSA:
  913     case PUBKEY_ALGO_ECDSA:
  914     case PUBKEY_ALGO_ECDH:
  915       {
  916         char *curve = openpgp_oid_to_str (pk->pkey[0]);
  917         if (!curve)
  918           err = gpg_error_from_syserror ();
  919         else
  920           {
  921             err = gcry_sexp_build (&s_pkey, NULL,
  922                                    pk->pubkey_algo == PUBKEY_ALGO_EDDSA?
  923                                    "(public-key(ecc(curve%s)(flags eddsa)(q%m)))":
  924                                    (pk->pubkey_algo == PUBKEY_ALGO_ECDH
  925                                     && openpgp_oid_is_cv25519 (pk->pkey[0]))?
  926                                    "(public-key(ecc(curve%s)(flags djb-tweak)(q%m)))":
  927                                    "(public-key(ecc(curve%s)(q%m)))",
  928                                    curve, pk->pkey[1]);
  929             xfree (curve);
  930           }
  931       }
  932       break;
  933 
  934     default:
  935       err = gpg_error (GPG_ERR_PUBKEY_ALGO);
  936       break;
  937     }
  938 
  939   if (err)
  940     return err;
  941 
  942   if (!gcry_pk_get_keygrip (s_pkey, array))
  943     {
  944       char *hexfpr;
  945 
  946       hexfpr = hexfingerprint (pk, NULL, 0);
  947       log_info ("error computing keygrip (fpr=%s)\n", hexfpr);
  948       xfree (hexfpr);
  949 
  950       memset (array, 0, 20);
  951       err = gpg_error (GPG_ERR_GENERAL);
  952     }
  953   else
  954     {
  955       if (DBG_PACKET)
  956         log_printhex ("keygrip=", array, 20);
  957       /* FIXME: Save the keygrip in PK.  */
  958     }
  959   gcry_sexp_release (s_pkey);
  960 
  961   return err;
  962 }
  963 
  964 
  965 /* Store an allocated buffer with the keygrip of PK encoded as a
  966    hexstring at r_GRIP.  Returns 0 on success.  */
  967 gpg_error_t
  968 hexkeygrip_from_pk (PKT_public_key *pk, char **r_grip)
  969 {
  970   gpg_error_t err;
  971   unsigned char grip[20];
  972 
  973   *r_grip = NULL;
  974   err = keygrip_from_pk (pk, grip);
  975   if (!err)
  976     {
  977       char * buf = xtrymalloc (20*2+1);
  978       if (!buf)
  979         err = gpg_error_from_syserror ();
  980       else
  981         {
  982           bin2hex (grip, 20, buf);
  983           *r_grip = buf;
  984         }
  985     }
  986   return err;
  987 }