Refactor pgp_key_search_t

include/rekey/rnp_key_store.h

@@ -247,7 +247,7 @@ class KeyStore {
      */
     pgp_key_t *primary_key(const pgp_key_t &subkey);
 
-    pgp_key_t *search(const pgp_key_search_t &search, pgp_key_t *after = nullptr);
+    pgp_key_t *search(const KeySearch &search, pgp_key_t *after = nullptr);
 };
 } // namespace rnp
 

include/repgp/repgp_def.h

@@ -95,6 +95,7 @@
 #define PGP_KEY_ID_SIZE 8
 
 /* Size of the fingerprint */
+#define PGP_FINGERPRINT_V3_SIZE 16
 #define PGP_FINGERPRINT_V4_SIZE 20
 #define PGP_FINGERPRINT_V5_SIZE 32
 #define PGP_MAX_FINGERPRINT_SIZE 32
@@ -105,6 +106,7 @@ static_assert(PGP_MAX_FINGERPRINT_SIZE >= PGP_FINGERPRINT_V5_SIZE, "FP size mism
 #if defined(ENABLE_CRYPTO_REFRESH)
 #define PGP_FINGERPRINT_V6_SIZE 32
 static_assert(PGP_MAX_FINGERPRINT_SIZE >= PGP_FINGERPRINT_V6_SIZE, "FP size mismatch.");
+static_assert(PGP_FINGERPRINT_V5_SIZE == PGP_FINGERPRINT_V6_SIZE, "FP size mismatch.");
 #endif
 
 /* SEIPDv2 salt length */

src/lib/crypto/mem.h

@@ -36,6 +36,7 @@
 #elif defined(CRYPTO_BACKEND_OPENSSL)
 #include <openssl/crypto.h>
 #endif
+#include "str-utils.h"
 
 namespace rnp {
 
@@ -159,6 +160,27 @@ bool   hex_encode(const uint8_t *buf,
                   HexFormat      format = HexFormat::Uppercase);
 size_t hex_decode(const char *hex, uint8_t *buf, size_t buf_len);
 
+inline std::string
+bin_to_hex(const uint8_t *data, size_t len, HexFormat format = rnp::HexFormat::Uppercase)
+{
+    std::string res(len * 2 + 1, '\0');
+    hex_encode(data, len, &res.front(), res.size(), format);
+    return res;
+}
+
+inline std::vector<uint8_t>
+hex_to_bin(const std::string &str)
+{
+    if (str.empty() || !rnp::is_hex(str)) {
+        return {};
+    }
+    /* 1 extra char for case of non-even input , 1 for terminating zero */
+    std::vector<uint8_t> res(str.size() / 2 + 2);
+    size_t               len = rnp::hex_decode(str.c_str(), res.data(), res.size());
+    res.resize(len);
+    return res;
+}
+
 } // namespace rnp
 
 void secure_clear(void *vp, size_t size);

src/lib/crypto/mem_ossl.cpp

@@ -93,7 +93,8 @@ hex_decode(const char *hex, uint8_t *buf, size_t buf_len)
             hex++;
             continue;
         }
-        if (hexlen < 2) {
+        /* We assume that spaces/tabs divide hex string between even groups of hex chars */
+        if (hex + 2 > end) {
             RNP_LOG("Invalid hex string length.");
             return 0;
         }

src/lib/ffi-priv-types.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2019 Ribose Inc.
+ * Copyright (c) 2019-2024 Ribose Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29,14 +29,19 @@
 #include <json.h>
 #include "utils.h"
 #include <list>
+#include <unordered_set>
 #include <crypto/mem.h>
 #include "sec_profile.hpp"
 
 struct rnp_key_handle_st {
-    rnp_ffi_t        ffi;
-    pgp_key_search_t locator;
-    pgp_key_t *      pub;
-    pgp_key_t *      sec;
+    rnp_ffi_t  ffi;
+    pgp_key_t *pub;
+    pgp_key_t *sec;
+
+    rnp_key_handle_st(rnp_ffi_t affi, pgp_key_t *apub = nullptr, pgp_key_t *asec = nullptr)
+        : ffi(affi), pub(apub), sec(asec)
+    {
+    }
 };
 
 struct rnp_uid_handle_st {
@@ -219,12 +224,25 @@ static_assert(RNP_LOCATOR_MAX_SIZE > MAX_ID_LENGTH, "Locator size mismatch.");
 
 struct rnp_identifier_iterator_st {
     rnp_ffi_t                       ffi;
-    pgp_key_search_type_t           type;
+    rnp::KeySearch::Type            type;
     rnp::KeyStore *                 store;
     std::list<pgp_key_t>::iterator *keyp;
-    unsigned                        uididx;
-    json_object *                   tbl;
-    char                            buf[RNP_LOCATOR_MAX_SIZE];
+    size_t                          uididx;
+    std::unordered_set<std::string> tbl;
+    std::string                     item;
+
+    rnp_identifier_iterator_st(rnp_ffi_t affi, rnp::KeySearch::Type atype)
+        : ffi(affi), type(atype)
+    {
+        store = nullptr;
+        keyp = new std::list<pgp_key_t>::iterator();
+        uididx = 0;
+    }
+
+    ~rnp_identifier_iterator_st()
+    {
+        delete keyp;
+    }
 };
 
 struct rnp_decryption_kp_param_t {

src/lib/key-provider.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, [Ribose Inc](https://www.ribose.com).
+ * Copyright (c) 2017-2024 [Ribose Inc](https://www.ribose.com).
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without modification,
@@ -24,28 +24,221 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <assert.h>
-#include <string.h>
+#include <string>
+#include <map>
 #include "key-provider.h"
 #include "pgp-key.h"
 #include "fingerprint.h"
 #include "types.h"
 #include "utils.h"
+#include "str-utils.h"
+#include "crypto/mem.h"
 #include <rekey/rnp_key_store.h>
 
 namespace rnp {
+
+KeySearch::Type
+KeySearch::find_type(const std::string &name)
+{
+    static const std::map<const std::string, KeySearch::Type> types = {
+      {"keyid", Type::KeyID},
+      {"fingerprint", Type::Fingerprint},
+      {"grip", Type::Grip},
+      {"userid", Type::UserID}};
+    if (types.find(name) == types.end()) {
+        return Type::Unknown;
+    }
+    return types.at(name);
+}
+
+std::unique_ptr<KeySearch>
+KeySearch::create(const pgp_key_id_t &keyid)
+{
+    return std::unique_ptr<KeySearch>(new KeyIDSearch(keyid));
+}
+
+std::unique_ptr<KeySearch>
+KeySearch::create(const pgp_fingerprint_t &fp)
+{
+    return std::unique_ptr<KeySearch>(new KeyFingerprintSearch(fp));
+}
+
+std::unique_ptr<KeySearch>
+KeySearch::create(const pgp_key_grip_t &grip)
+{
+    return std::unique_ptr<KeySearch>(new KeyGripSearch(grip));
+}
+
+std::unique_ptr<KeySearch>
+KeySearch::create(const std::string &uid)
+{
+    return std::unique_ptr<KeySearch>(new KeyUIDSearch(uid));
+}
+
+std::unique_ptr<KeySearch>
+KeySearch::create(const std::string &name, const std::string &value)
+{
+    auto type = find_type(name);
+    if (type == Type::Unknown) {
+        return nullptr;
+    }
+    if (type == Type::UserID) {
+        return create(value);
+    }
+    /* All the rest values are hex-encoded */
+    auto binval = hex_to_bin(value);
+    if (binval.empty()) {
+        return nullptr;
+    }
+    switch (type) {
+    case Type::Fingerprint:
+        if (!pgp_fingerprint_t::size_valid(binval.size())) {
+            RNP_LOG("Invalid fingerprint: %s", value.c_str());
+            return nullptr;
+        }
+        return create(pgp_fingerprint_t(binval));
+    case Type::KeyID:
+        if (binval.size() != PGP_KEY_ID_SIZE) {
+            RNP_LOG("Invalid keyid: %s", value.c_str());
+            return nullptr;
+        }
+        pgp_key_id_t keyid;
+        memcpy(keyid.data(), binval.data(), keyid.size());
+        return create(keyid);
+    case Type::Grip:
+        if (binval.size() != PGP_KEY_GRIP_SIZE) {
+            RNP_LOG("Invalid grip: %s", value.c_str());
+            return nullptr;
+        }
+        pgp_key_grip_t grip;
+        memcpy(grip.data(), binval.data(), grip.size());
+        return create(grip);
+    default:
+        return nullptr;
+    }
+}
+
+bool
+KeyIDSearch::matches(const pgp_key_t &key) const
+{
+    return (key.keyid() == keyid_) || (keyid_ == pgp_key_id_t({}));
+}
+
+const std::string
+KeyIDSearch::name() const
+{
+    return "keyid";
+}
+
+std::string
+KeyIDSearch::value() const
+{
+    return bin_to_hex(keyid_.data(), keyid_.size());
+}
+
+bool
+KeyIDSearch::hidden() const
+{
+    return keyid_ == pgp_key_id_t({});
+}
+
+KeyIDSearch::KeyIDSearch(const pgp_key_id_t &keyid)
+{
+    type_ = Type::KeyID;
+    keyid_ = keyid;
+}
+
+bool
+KeyFingerprintSearch::matches(const pgp_key_t &key) const
+{
+    return key.fp() == fp_;
+}
+
+const std::string
+KeyFingerprintSearch::name() const
+{
+    return "fingerprint";
+}
+
+std::string
+KeyFingerprintSearch::value() const
+{
+    return bin_to_hex(fp_.fingerprint, fp_.length);
+}
+
+KeyFingerprintSearch::KeyFingerprintSearch(const pgp_fingerprint_t &fp)
+{
+    type_ = Type::Fingerprint;
+    fp_ = fp;
+}
+
+const pgp_fingerprint_t &
+KeyFingerprintSearch::get_fp() const
+{
+    return fp_;
+}
+
+bool
+KeyGripSearch::matches(const pgp_key_t &key) const
+{
+    return key.grip() == grip_;
+}
+
+const std::string
+KeyGripSearch::name() const
+{
+    return "grip";
+}
+
+std::string
+KeyGripSearch::value() const
+{
+    return bin_to_hex(grip_.data(), grip_.size());
+}
+
+KeyGripSearch::KeyGripSearch(const pgp_key_grip_t &grip)
+{
+    type_ = Type::Grip;
+    grip_ = grip;
+}
+
+bool
+KeyUIDSearch::matches(const pgp_key_t &key) const
+{
+    return key.has_uid(uid_);
+}
+
+const std::string
+KeyUIDSearch::name() const
+{
+    return "userid";
+}
+
+std::string
+KeyUIDSearch::value() const
+{
+    return uid_;
+}
+
+KeyUIDSearch::KeyUIDSearch(const std::string &uid)
+{
+    type_ = Type::UserID;
+    uid_ = uid;
+}
+
 pgp_key_t *
-KeyProvider::request_key(const pgp_key_request_ctx_t &ctx) const
+KeyProvider::request_key(const KeySearch &search, pgp_op_t op, bool secret) const
 {
     pgp_key_t *key = nullptr;
     if (!callback) {
         return key;
     }
+    pgp_key_request_ctx_t ctx(op, secret, search);
     if (!(key = callback(&ctx, userdata))) {
         return nullptr;
     }
     // confirm that the key actually matches the search criteria
-    if (!key->matches(ctx.search) || (key->is_secret() != ctx.secret)) {
+    if (!search.matches(*key) || (key->is_secret() != secret)) {
         return nullptr;
     }
     return key;
@@ -57,7 +250,7 @@
 {
     std::vector<pgp_key_t *> *key_list = (std::vector<pgp_key_t *> *) userdata;
     for (auto key : *key_list) {
-        if (key->matches(ctx->search) && (key->is_secret() == ctx->secret)) {
+        if (ctx->search.matches(*key) && (key->is_secret() == ctx->secret)) {
             return key;
         }
     }