1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc (at) NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * \brief Parser for OpenPGP packets 52 */ 53 #include "config.h" 54 55 #ifdef HAVE_SYS_CDEFS_H 56 #include <sys/cdefs.h> 57 #endif 58 59 #if defined(__NetBSD__) 60 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); 61 __RCSID("$NetBSD: packet-parse.c,v 1.54 2022/08/26 19:18:38 jhigh Exp $"); 62 #endif 63 64 #include <sys/types.h> 65 #include <sys/param.h> 66 67 #ifdef HAVE_OPENSSL_CAST_H 68 #include <openssl/cast.h> 69 #endif 70 71 #include <stdarg.h> 72 #include <stdlib.h> 73 #include <string.h> 74 75 #ifdef HAVE_UNISTD_H 76 #include <unistd.h> 77 #endif 78 79 #ifdef HAVE_LIMITS_H 80 #include <limits.h> 81 #endif 82 83 #include "packet.h" 84 #include "packet-parse.h" 85 #include "keyring.h" 86 #include "errors.h" 87 #include "packet-show.h" 88 #include "create.h" 89 #include "readerwriter.h" 90 #include "netpgpdefs.h" 91 #include "crypto.h" 92 #include "netpgpdigest.h" 93 94 #define ERRP(cbinfo, cont, err) do { \ 95 cont.u.error = err; \ 96 CALLBACK(PGP_PARSER_ERROR, cbinfo, &cont); \ 97 return 0; \ 98 /*NOTREACHED*/ \ 99 } while(/*CONSTCOND*/0) 100 101 /** 102 * limread_data reads the specified amount of the subregion's data 103 * into a data_t structure 104 * 105 * \param data Empty structure which will be filled with data 106 * \param len Number of octets to read 107 * \param subregion 108 * \param stream How to parse 109 * 110 * \return 1 on success, 0 on failure 111 */ 112 static int 113 limread_data(pgp_data_t *data, unsigned len, 114 pgp_region_t *subregion, pgp_stream_t *stream) 115 { 116 data->len = len; 117 118 if (subregion->length - subregion->readc < len) { 119 (void) fprintf(stderr, "limread_data: bad length\n"); 120 return 0; 121 } 122 123 data->contents = calloc(1, data->len); 124 if (!data->contents) { 125 return 0; 126 } 127 128 return pgp_limited_read(stream, data->contents, data->len, subregion, 129 &stream->errors, &stream->readinfo, &stream->cbinfo); 130 } 131 132 /** 133 * read_data reads the remainder of the subregion's data 134 * into a data_t structure 135 * 136 * \param data 137 * \param subregion 138 * \param stream 139 * 140 * \return 1 on success, 0 on failure 141 */ 142 static int 143 read_data(pgp_data_t *data, pgp_region_t *region, pgp_stream_t *stream) 144 { 145 int cc; 146 147 cc = region->length - region->readc; 148 return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0; 149 } 150 151 /** 152 * Reads the remainder of the subregion as a string. 153 * It is the user's responsibility to free the memory allocated here. 154 */ 155 156 static int 157 read_unsig_str(uint8_t **str, pgp_region_t *subregion, 158 pgp_stream_t *stream) 159 { 160 size_t len; 161 162 len = subregion->length - subregion->readc; 163 if ((*str = calloc(1, len + 1)) == NULL) { 164 return 0; 165 } 166 if (len && 167 !pgp_limited_read(stream, *str, len, subregion, &stream->errors, 168 &stream->readinfo, &stream->cbinfo)) { 169 return 0; 170 } 171 (*str)[len] = '\0'; 172 return 1; 173 } 174 175 static int 176 read_string(char **str, pgp_region_t *subregion, pgp_stream_t *stream) 177 { 178 return read_unsig_str((uint8_t **) str, subregion, stream); 179 } 180 181 void 182 pgp_init_subregion(pgp_region_t *subregion, pgp_region_t *region) 183 { 184 (void) memset(subregion, 0x0, sizeof(*subregion)); 185 subregion->parent = region; 186 } 187 188 /* 189 * XXX: replace pgp_ptag_t with something more appropriate for limiting reads 190 */ 191 192 /** 193 * low-level function to read data from reader function 194 * 195 * Use this function, rather than calling the reader directly. 196 * 197 * If the accumulate flag is set in *stream, the function 198 * adds the read data to the accumulated data, and updates 199 * the accumulated length. This is useful if, for example, 200 * the application wants access to the raw data as well as the 201 * parsed data. 202 * 203 * This function will also try to read the entire amount asked for, but not 204 * if it is over INT_MAX. Obviously many callers will know that they 205 * never ask for that much and so can avoid the extra complexity of 206 * dealing with return codes and filled-in lengths. 207 * 208 * \param *dest 209 * \param *plength 210 * \param flags 211 * \param *stream 212 * 213 * \return PGP_R_OK 214 * \return PGP_R_PARTIAL_READ 215 * \return PGP_R_EOF 216 * \return PGP_R_EARLY_EOF 217 * 218 * \sa #pgp_reader_ret_t for details of return codes 219 */ 220 221 static int 222 sub_base_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors, 223 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo) 224 { 225 size_t n; 226 227 /* reading more than this would look like an error */ 228 if (length > INT_MAX) 229 length = INT_MAX; 230 231 for (n = 0; n < length;) { 232 int r; 233 234 r = readinfo->reader(stream, (char *) dest + n, length - n, errors, 235 readinfo, cbinfo); 236 if (r > (int)(length - n)) { 237 (void) fprintf(stderr, "sub_base_read: bad read\n"); 238 return 0; 239 } 240 if (r < 0) { 241 return r; 242 } 243 if (r == 0) { 244 break; 245 } 246 n += (unsigned)r; 247 } 248 249 if (n == 0) { 250 return 0; 251 } 252 if (readinfo->accumulate) { 253 if (readinfo->asize < readinfo->alength) { 254 (void) fprintf(stderr, "sub_base_read: bad size\n"); 255 return 0; 256 } 257 if (readinfo->alength + n > readinfo->asize) { 258 uint8_t *temp; 259 260 readinfo->asize = (readinfo->asize * 2) + (unsigned)n; 261 temp = realloc(readinfo->accumulated, readinfo->asize); 262 if (temp == NULL) { 263 (void) fprintf(stderr, 264 "sub_base_read: bad alloc\n"); 265 return 0; 266 } 267 readinfo->accumulated = temp; 268 } 269 if (readinfo->asize < readinfo->alength + n) { 270 (void) fprintf(stderr, "sub_base_read: bad realloc\n"); 271 return 0; 272 } 273 (void) memcpy(readinfo->accumulated + readinfo->alength, dest, 274 n); 275 } 276 /* we track length anyway, because it is used for packet offsets */ 277 readinfo->alength += (unsigned)n; 278 /* and also the position */ 279 readinfo->position += (unsigned)n; 280 281 return (int)n; 282 } 283 284 int 285 pgp_stacked_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors, 286 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo) 287 { 288 return sub_base_read(stream, dest, length, errors, readinfo->next, cbinfo); 289 } 290 291 /* This will do a full read so long as length < MAX_INT */ 292 static int 293 base_read(uint8_t *dest, size_t length, pgp_stream_t *stream) 294 { 295 return sub_base_read(stream, dest, length, &stream->errors, &stream->readinfo, 296 &stream->cbinfo); 297 } 298 299 /* 300 * Read a full size_t's worth. If the return is < than length, then 301 * *last_read tells you why - < 0 for an error, == 0 for EOF 302 */ 303 304 static size_t 305 full_read(pgp_stream_t *stream, uint8_t *dest, 306 size_t length, 307 int *last_read, 308 pgp_error_t **errors, 309 pgp_reader_t *readinfo, 310 pgp_cbdata_t *cbinfo) 311 { 312 size_t t; 313 int r = 0; /* preset in case some loon calls with length 314 * == 0 */ 315 316 for (t = 0; t < length;) { 317 r = sub_base_read(stream, dest + t, length - t, errors, readinfo, 318 cbinfo); 319 if (r <= 0) { 320 *last_read = r; 321 return t; 322 } 323 t += (size_t)r; 324 } 325 326 *last_read = r; 327 328 return t; 329 } 330 331 332 333 /** Read a scalar value of selected length from reader. 334 * 335 * Read an unsigned scalar value from reader in Big Endian representation. 336 * 337 * This function does not know or care about packet boundaries. It 338 * also assumes that an EOF is an error. 339 * 340 * \param *result The scalar value is stored here 341 * \param *reader Our reader 342 * \param length How many bytes to read 343 * \return 1 on success, 0 on failure 344 */ 345 static unsigned 346 _read_scalar(unsigned *result, unsigned length, 347 pgp_stream_t *stream) 348 { 349 unsigned t = 0; 350 351 if (length > sizeof(*result)) { 352 (void) fprintf(stderr, "_read_scalar: bad length\n"); 353 return 0; 354 } 355 356 while (length--) { 357 uint8_t c; 358 int r; 359 360 r = base_read(&c, 1, stream); 361 if (r != 1) 362 return 0; 363 t = (t << 8) + c; 364 } 365 366 *result = t; 367 return 1; 368 } 369 370 /** 371 * \ingroup Core_ReadPackets 372 * \brief Read bytes from a region within the packet. 373 * 374 * Read length bytes into the buffer pointed to by *dest. 375 * Make sure we do not read over the packet boundary. 376 * Updates the Packet Tag's pgp_ptag_t::readc. 377 * 378 * If length would make us read over the packet boundary, or if 379 * reading fails, we call the callback with an error. 380 * 381 * Note that if the region is indeterminate, this can return a short 382 * read - check region->last_read for the length. EOF is indicated by 383 * a success return and region->last_read == 0 in this case (for a 384 * region of known length, EOF is an error). 385 * 386 * This function makes sure to respect packet boundaries. 387 * 388 * \param dest The destination buffer 389 * \param length How many bytes to read 390 * \param region Pointer to packet region 391 * \param errors Error stack 392 * \param readinfo Reader info 393 * \param cbinfo Callback info 394 * \return 1 on success, 0 on error 395 */ 396 unsigned 397 pgp_limited_read(pgp_stream_t *stream, uint8_t *dest, 398 size_t length, 399 pgp_region_t *region, 400 pgp_error_t **errors, 401 pgp_reader_t *readinfo, 402 pgp_cbdata_t *cbinfo) 403 { 404 size_t r; 405 int lr; 406 407 if (!region->indeterminate && 408 region->readc + length > region->length) { 409 PGP_ERROR_1(errors, PGP_E_P_NOT_ENOUGH_DATA, "%s", 410 "Not enough data"); 411 return 0; 412 } 413 r = full_read(stream, dest, length, &lr, errors, readinfo, cbinfo); 414 if (lr < 0) { 415 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed"); 416 return 0; 417 } 418 if (!region->indeterminate && r != length) { 419 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed"); 420 return 0; 421 } 422 region->last_read = (unsigned)r; 423 do { 424 region->readc += (unsigned)r; 425 if (region->parent && region->length > region->parent->length) { 426 (void) fprintf(stderr, 427 "ops_limited_read: bad length\n"); 428 return 0; 429 } 430 } while ((region = region->parent) != NULL); 431 return 1; 432 } 433 434 /** 435 \ingroup Core_ReadPackets 436 \brief Call pgp_limited_read on next in stack 437 */ 438 unsigned 439 pgp_stacked_limited_read(pgp_stream_t *stream, uint8_t *dest, unsigned length, 440 pgp_region_t *region, 441 pgp_error_t **errors, 442 pgp_reader_t *readinfo, 443 pgp_cbdata_t *cbinfo) 444 { 445 return pgp_limited_read(stream, dest, length, region, errors, 446 readinfo->next, cbinfo); 447 } 448 449 static unsigned 450 limread(uint8_t *dest, unsigned length, 451 pgp_region_t *region, pgp_stream_t *info) 452 { 453 return pgp_limited_read(info, dest, length, region, &info->errors, 454 &info->readinfo, &info->cbinfo); 455 } 456 457 static unsigned 458 exact_limread(uint8_t *dest, unsigned len, 459 pgp_region_t *region, 460 pgp_stream_t *stream) 461 { 462 unsigned ret; 463 464 stream->exact_read = 1; 465 ret = limread(dest, len, region, stream); 466 stream->exact_read = 0; 467 return ret; 468 } 469 470 /** Skip over length bytes of this packet. 471 * 472 * Calls limread() to skip over some data. 473 * 474 * This function makes sure to respect packet boundaries. 475 * 476 * \param length How many bytes to skip 477 * \param *region Pointer to packet region 478 * \param *stream How to parse 479 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 480 */ 481 static int 482 limskip(unsigned length, pgp_region_t *region, pgp_stream_t *stream) 483 { 484 uint8_t buf[NETPGP_BUFSIZ]; 485 486 while (length > 0) { 487 unsigned n = length % NETPGP_BUFSIZ; 488 489 if (!limread(buf, n, region, stream)) { 490 return 0; 491 } 492 length -= n; 493 } 494 return 1; 495 } 496 497 /** Read a scalar. 498 * 499 * Read a big-endian scalar of length bytes, respecting packet 500 * boundaries (by calling limread() to read the raw data). 501 * 502 * This function makes sure to respect packet boundaries. 503 * 504 * \param *dest The scalar value is stored here 505 * \param length How many bytes make up this scalar (at most 4) 506 * \param *region Pointer to current packet region 507 * \param *stream How to parse 508 * \param *cb The callback 509 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 510 * 511 * \see RFC4880 3.1 512 */ 513 static int 514 limread_scalar(unsigned *dest, 515 unsigned len, 516 pgp_region_t *region, 517 pgp_stream_t *stream) 518 { 519 uint8_t c[4] = ""; 520 unsigned t; 521 unsigned n; 522 523 if (len > 4) { 524 (void) fprintf(stderr, "limread_scalar: bad length\n"); 525 return 0; 526 } 527 /*LINTED*/ 528 if (/*CONSTCOND*/sizeof(*dest) < 4) { 529 (void) fprintf(stderr, "limread_scalar: bad dest\n"); 530 return 0; 531 } 532 if (!limread(c, len, region, stream)) { 533 return 0; 534 } 535 for (t = 0, n = 0; n < len; ++n) { 536 t = (t << 8) + c[n]; 537 } 538 *dest = t; 539 return 1; 540 } 541 542 /** Read a scalar. 543 * 544 * Read a big-endian scalar of length bytes, respecting packet 545 * boundaries (by calling limread() to read the raw data). 546 * 547 * The value read is stored in a size_t, which is a different size 548 * from an unsigned on some platforms. 549 * 550 * This function makes sure to respect packet boundaries. 551 * 552 * \param *dest The scalar value is stored here 553 * \param length How many bytes make up this scalar (at most 4) 554 * \param *region Pointer to current packet region 555 * \param *stream How to parse 556 * \param *cb The callback 557 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 558 * 559 * \see RFC4880 3.1 560 */ 561 static int 562 limread_size_t(size_t *dest, 563 unsigned length, 564 pgp_region_t *region, 565 pgp_stream_t *stream) 566 { 567 unsigned tmp; 568 569 /* 570 * Note that because the scalar is at most 4 bytes, we don't care if 571 * size_t is bigger than usigned 572 */ 573 if (!limread_scalar(&tmp, length, region, stream)) 574 return 0; 575 576 *dest = tmp; 577 return 1; 578 } 579 580 /** Read a timestamp. 581 * 582 * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar 583 * of 4 bytes. 584 * 585 * This function reads the timestamp using limread_scalar(). 586 * 587 * This function makes sure to respect packet boundaries. 588 * 589 * \param *dest The timestamp is stored here 590 * \param *ptag Pointer to current packet's Packet Tag. 591 * \param *reader Our reader 592 * \param *cb The callback 593 * \return see limread_scalar() 594 * 595 * \see RFC4880 3.5 596 */ 597 static int 598 limited_read_time(time_t *dest, pgp_region_t *region, 599 pgp_stream_t *stream) 600 { 601 uint8_t c; 602 time_t mytime = 0; 603 int i; 604 605 /* 606 * Cannot assume that time_t is 4 octets long - 607 * SunOS 5.10 and NetBSD both have 64-bit time_ts. 608 */ 609 if (/* CONSTCOND */sizeof(time_t) == 4) { 610 return limread_scalar((unsigned *)(void *)dest, 4, region, stream); 611 } 612 for (i = 0; i < 4; i++) { 613 if (!limread(&c, 1, region, stream)) { 614 return 0; 615 } 616 mytime = (mytime << 8) + c; 617 } 618 *dest = mytime; 619 return 1; 620 } 621 622 /** 623 * \ingroup Core_MPI 624 * Read a multiprecision integer. 625 * 626 * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar 627 * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most 628 * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is 629 * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted). 630 * 631 * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are 632 * supposed to be cleared - I guess. XXX - does anything actually say so? 633 * 634 * This function makes sure to respect packet boundaries. 635 * 636 * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed 637 * by the caller XXX right ben? 638 * \param *ptag Pointer to current packet's Packet Tag. 639 * \param *reader Our reader 640 * \param *cb The callback 641 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 642 * see comment below - the callback is called with a PGP_PARSER_ERROR in case of an error) 643 * 644 * \see RFC4880 3.2 645 */ 646 static int 647 limread_mpi(BIGNUM **pbn, pgp_region_t *region, pgp_stream_t *stream) 648 { 649 uint8_t buf[NETPGP_BUFSIZ] = ""; 650 /* an MPI has a 2 byte length part. 651 * Length is given in bits, so the 652 * largest we should ever need for 653 * the buffer is NETPGP_BUFSIZ bytes. */ 654 unsigned length; 655 unsigned nonzero; 656 unsigned ret; 657 658 stream->reading_mpi_len = 1; 659 ret = (unsigned)limread_scalar(&length, 2, region, stream); 660 661 stream->reading_mpi_len = 0; 662 if (!ret) 663 return 0; 664 665 nonzero = length & 7; /* there should be this many zero bits in the 666 * MS byte */ 667 if (!nonzero) 668 nonzero = 8; 669 length = (length + 7) / 8; 670 671 if (length == 0) { 672 /* if we try to read a length of 0, then fail */ 673 if (pgp_get_debug_level(__FILE__)) { 674 (void) fprintf(stderr, "limread_mpi: 0 length\n"); 675 } 676 return 0; 677 } 678 if (length > NETPGP_BUFSIZ) { 679 (void) fprintf(stderr, "limread_mpi: bad length\n"); 680 return 0; 681 } 682 if (!limread(buf, length, region, stream)) { 683 return 0; 684 } 685 if (((unsigned)buf[0] >> nonzero) != 0 || 686 !((unsigned)buf[0] & (1U << (nonzero - 1U)))) { 687 PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR, 688 "%s", "MPI Format error"); 689 /* XXX: Ben, one part of 690 * this constraint does 691 * not apply to 692 * encrypted MPIs the 693 * draft says. -- peter */ 694 return 0; 695 } 696 *pbn = BN_bin2bn(buf, (int)length, NULL); 697 return 1; 698 } 699 700 static unsigned read_new_length(unsigned *, pgp_stream_t *); 701 702 /* allocate space, read, and stash data away in a virtual pkt */ 703 static void 704 streamread(pgp_stream_t *stream, unsigned c) 705 { 706 int cc; 707 708 stream->virtualpkt = realloc(stream->virtualpkt, stream->virtualc + c); 709 cc = stream->readinfo.reader(stream, &stream->virtualpkt[stream->virtualc], 710 c, &stream->errors, &stream->readinfo, &stream->cbinfo); 711 stream->virtualc += cc; 712 } 713 714 /* coalesce all the partial blocks together */ 715 static int 716 coalesce_blocks(pgp_stream_t *stream, unsigned length) 717 { 718 unsigned c; 719 720 stream->coalescing = 1; 721 /* already read a partial block length - prime the array */ 722 streamread(stream, length); 723 while (read_new_length(&c, stream) && stream->partial_read) { 724 /* length we read is partial - add to end of array */ 725 streamread(stream, c); 726 } 727 /* not partial - add the last extent to the end of the array */ 728 streamread(stream, c); 729 stream->coalescing = 0; 730 return 1; 731 } 732 733 /** Read some data with a New-Format length from reader. 734 * 735 * \sa Internet-Draft RFC4880.txt Section 4.2.2 736 * 737 * \param *length Where the decoded length will be put 738 * \param *stream How to parse 739 * \return 1 if OK, else 0 740 * 741 */ 742 743 static unsigned 744 read_new_length(unsigned *length, pgp_stream_t *stream) 745 { 746 uint8_t c; 747 748 stream->partial_read = 0; 749 if (base_read(&c, 1, stream) != 1) { 750 return 0; 751 } 752 if (c < 192) { 753 /* 1. One-octet packet */ 754 *length = c; 755 return 1; 756 } 757 if (c < 224) { 758 /* 2. Two-octet packet */ 759 unsigned t = (c - 192) << 8; 760 761 if (base_read(&c, 1, stream) != 1) { 762 return 0; 763 } 764 *length = t + c + 192; 765 return 1; 766 } 767 if (c < 255) { 768 /* 3. Partial Body Length */ 769 stream->partial_read = 1; 770 *length = 1 << (c & 0x1f); 771 if (!stream->coalescing) { 772 /* we have been called from coalesce_blocks - 773 * just return with the partial length */ 774 coalesce_blocks(stream, *length); 775 *length = stream->virtualc; 776 } 777 return 1; 778 } 779 /* 4. Five-Octet packet */ 780 return _read_scalar(length, 4, stream); 781 } 782 783 /** Read the length information for a new format Packet Tag. 784 * 785 * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and 786 * decodes it to the proper length information. 787 * 788 * This function makes sure to respect packet boundaries. 789 * 790 * \param *length return the length here 791 * \param *ptag Pointer to current packet's Packet Tag. 792 * \param *reader Our reader 793 * \param *cb The callback 794 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 795 * see comment below) 796 * 797 * \see RFC4880 4.2.2 798 * \see pgp_ptag_t 799 */ 800 static int 801 limited_read_new_length(unsigned *length, pgp_region_t *region, 802 pgp_stream_t *stream) 803 { 804 uint8_t c = 0x0; 805 806 if (!limread(&c, 1, region, stream)) { 807 return 0; 808 } 809 if (c < 192) { 810 *length = c; 811 return 1; 812 } 813 if (c < 224) { 814 unsigned t = (c - 192) << 8; 815 816 if (!limread(&c, 1, region, stream)) { 817 return 0; 818 } 819 *length = t + c + 192; 820 return 1; 821 } 822 if (c < 255) { 823 stream->partial_read = 1; 824 *length = 1 << (c & 0x1f); 825 if (!stream->coalescing) { 826 /* we have been called from coalesce_blocks - 827 * just return with the partial length */ 828 coalesce_blocks(stream, *length); 829 *length = stream->virtualc; 830 } 831 return 1; 832 } 833 return limread_scalar(length, 4, region, stream); 834 } 835 836 /** 837 \ingroup Core_Create 838 \brief Free allocated memory 839 */ 840 void 841 pgp_data_free(pgp_data_t *data) 842 { 843 free(data->contents); 844 data->contents = NULL; 845 data->len = 0; 846 } 847 848 /** 849 \ingroup Core_Create 850 \brief Free allocated memory 851 */ 852 static void 853 string_free(char **str) 854 { 855 free(*str); 856 *str = NULL; 857 } 858 859 /** 860 \ingroup Core_Create 861 \brief Free allocated memory 862 */ 863 /* ! Free packet memory, set pointer to NULL */ 864 void 865 pgp_subpacket_free(pgp_subpacket_t *packet) 866 { 867 free(packet->raw); 868 packet->raw = NULL; 869 packet->tag = PGP_PTAG_CT_RESERVED; 870 } 871 872 /** 873 \ingroup Core_Create 874 \brief Free allocated memory 875 */ 876 static void 877 headers_free(pgp_headers_t *headers) 878 { 879 unsigned n; 880 881 for (n = 0; n < headers->headerc; ++n) { 882 free(headers->headers[n].key); 883 free(headers->headers[n].value); 884 } 885 free(headers->headers); 886 headers->headers = NULL; 887 } 888 889 /** 890 \ingroup Core_Create 891 \brief Free allocated memory 892 */ 893 static void 894 cleartext_trailer_free(struct pgp_hash_t **trailer) 895 { 896 free(*trailer); 897 *trailer = NULL; 898 } 899 900 /** 901 \ingroup Core_Create 902 \brief Free allocated memory 903 */ 904 static void 905 cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp) 906 { 907 if (skp->passphrase && *skp->passphrase) { 908 free(*skp->passphrase); 909 *skp->passphrase = NULL; 910 } 911 } 912 913 /** 914 \ingroup Core_Create 915 \brief Free allocated memory 916 */ 917 static void 918 free_BN(BIGNUM **pp) 919 { 920 BN_free(*pp); 921 *pp = NULL; 922 } 923 924 /** 925 * \ingroup Core_Create 926 * \brief Free the memory used when parsing a signature 927 * \param sig 928 */ 929 static void 930 sig_free(pgp_sig_t *sig) 931 { 932 switch (sig->info.key_alg) { 933 case PGP_PKA_RSA: 934 case PGP_PKA_RSA_SIGN_ONLY: 935 free_BN(&sig->info.sig.rsa.sig); 936 break; 937 938 case PGP_PKA_DSA: 939 free_BN(&sig->info.sig.dsa.r); 940 free_BN(&sig->info.sig.dsa.s); 941 break; 942 943 case PGP_PKA_ECDSA: 944 free_BN(&sig->info.sig.ecdsa.r); 945 free_BN(&sig->info.sig.ecdsa.s); 946 break; 947 948 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 949 free_BN(&sig->info.sig.elgamal.r); 950 free_BN(&sig->info.sig.elgamal.s); 951 break; 952 953 case PGP_PKA_PRIVATE00: 954 case PGP_PKA_PRIVATE01: 955 case PGP_PKA_PRIVATE02: 956 case PGP_PKA_PRIVATE03: 957 case PGP_PKA_PRIVATE04: 958 case PGP_PKA_PRIVATE05: 959 case PGP_PKA_PRIVATE06: 960 case PGP_PKA_PRIVATE07: 961 case PGP_PKA_PRIVATE08: 962 case PGP_PKA_PRIVATE09: 963 case PGP_PKA_PRIVATE10: 964 pgp_data_free(&sig->info.sig.unknown); 965 break; 966 967 default: 968 (void) fprintf(stderr, "sig_free: bad sig type\n"); 969 } 970 } 971 972 /** 973 \ingroup Core_Create 974 \brief Free allocated memory 975 */ 976 /* ! Free any memory allocated when parsing the packet content */ 977 void 978 pgp_parser_content_free(pgp_packet_t *c) 979 { 980 switch (c->tag) { 981 case PGP_PARSER_PTAG: 982 case PGP_PTAG_CT_COMPRESSED: 983 case PGP_PTAG_SS_CREATION_TIME: 984 case PGP_PTAG_SS_EXPIRATION_TIME: 985 case PGP_PTAG_SS_KEY_EXPIRY: 986 case PGP_PTAG_SS_TRUST: 987 case PGP_PTAG_SS_ISSUER_KEY_ID: 988 case PGP_PTAG_CT_1_PASS_SIG: 989 case PGP_PTAG_SS_PRIMARY_USER_ID: 990 case PGP_PTAG_SS_REVOCABLE: 991 case PGP_PTAG_SS_REVOCATION_KEY: 992 case PGP_PTAG_SS_ISSUER_FINGERPRINT: 993 case PGP_PTAG_CT_LITDATA_HEADER: 994 case PGP_PTAG_CT_LITDATA_BODY: 995 case PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY: 996 case PGP_PTAG_CT_UNARMOURED_TEXT: 997 case PGP_PTAG_CT_ARMOUR_TRAILER: 998 case PGP_PTAG_CT_SIGNATURE_HEADER: 999 case PGP_PTAG_CT_SE_DATA_HEADER: 1000 case PGP_PTAG_CT_SE_IP_DATA_HEADER: 1001 case PGP_PTAG_CT_SE_IP_DATA_BODY: 1002 case PGP_PTAG_CT_MDC: 1003 case PGP_GET_SECKEY: 1004 break; 1005 1006 case PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER: 1007 headers_free(&c->u.cleartext_head); 1008 break; 1009 1010 case PGP_PTAG_CT_ARMOUR_HEADER: 1011 headers_free(&c->u.armour_header.headers); 1012 break; 1013 1014 case PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: 1015 cleartext_trailer_free(&c->u.cleartext_trailer); 1016 break; 1017 1018 case PGP_PTAG_CT_TRUST: 1019 pgp_data_free(&c->u.trust); 1020 break; 1021 1022 case PGP_PTAG_CT_SIGNATURE: 1023 case PGP_PTAG_CT_SIGNATURE_FOOTER: 1024 sig_free(&c->u.sig); 1025 break; 1026 1027 case PGP_PTAG_CT_PUBLIC_KEY: 1028 case PGP_PTAG_CT_PUBLIC_SUBKEY: 1029 pgp_pubkey_free(&c->u.pubkey); 1030 break; 1031 1032 case PGP_PTAG_CT_USER_ID: 1033 pgp_userid_free(&c->u.userid); 1034 break; 1035 1036 case PGP_PTAG_SS_SIGNERS_USER_ID: 1037 pgp_userid_free(&c->u.ss_signer); 1038 break; 1039 1040 case PGP_PTAG_CT_USER_ATTR: 1041 pgp_data_free(&c->u.userattr); 1042 break; 1043 1044 case PGP_PTAG_SS_PREFERRED_SKA: 1045 pgp_data_free(&c->u.ss_skapref); 1046 break; 1047 1048 case PGP_PTAG_SS_PREFERRED_HASH: 1049 pgp_data_free(&c->u.ss_hashpref); 1050 break; 1051 1052 case PGP_PTAG_SS_PREF_COMPRESS: 1053 pgp_data_free(&c->u.ss_zpref); 1054 break; 1055 1056 case PGP_PTAG_SS_KEY_FLAGS: 1057 pgp_data_free(&c->u.ss_key_flags); 1058 break; 1059 1060 case PGP_PTAG_SS_KEYSERV_PREFS: 1061 pgp_data_free(&c->u.ss_key_server_prefs); 1062 break; 1063 1064 case PGP_PTAG_SS_FEATURES: 1065 pgp_data_free(&c->u.ss_features); 1066 break; 1067 1068 case PGP_PTAG_SS_NOTATION_DATA: 1069 pgp_data_free(&c->u.ss_notation.name); 1070 pgp_data_free(&c->u.ss_notation.value); 1071 break; 1072 1073 case PGP_PTAG_SS_REGEXP: 1074 string_free(&c->u.ss_regexp); 1075 break; 1076 1077 case PGP_PTAG_SS_POLICY_URI: 1078 string_free(&c->u.ss_policy); 1079 break; 1080 1081 case PGP_PTAG_SS_PREF_KEYSERV: 1082 string_free(&c->u.ss_keyserv); 1083 break; 1084 1085 case PGP_PTAG_SS_USERDEFINED00: 1086 case PGP_PTAG_SS_USERDEFINED01: 1087 case PGP_PTAG_SS_USERDEFINED02: 1088 case PGP_PTAG_SS_USERDEFINED03: 1089 case PGP_PTAG_SS_USERDEFINED04: 1090 case PGP_PTAG_SS_USERDEFINED05: 1091 case PGP_PTAG_SS_USERDEFINED06: 1092 case PGP_PTAG_SS_USERDEFINED07: 1093 case PGP_PTAG_SS_USERDEFINED08: 1094 case PGP_PTAG_SS_USERDEFINED09: 1095 case PGP_PTAG_SS_USERDEFINED10: 1096 pgp_data_free(&c->u.ss_userdef); 1097 break; 1098 1099 case PGP_PTAG_SS_RESERVED: 1100 pgp_data_free(&c->u.ss_unknown); 1101 break; 1102 1103 case PGP_PTAG_SS_REVOCATION_REASON: 1104 string_free(&c->u.ss_revocation.reason); 1105 break; 1106 1107 case PGP_PTAG_SS_EMBEDDED_SIGNATURE: 1108 pgp_data_free(&c->u.ss_embedded_sig); 1109 break; 1110 1111 case PGP_PARSER_PACKET_END: 1112 pgp_subpacket_free(&c->u.packet); 1113 break; 1114 1115 case PGP_PARSER_ERROR: 1116 case PGP_PARSER_ERRCODE: 1117 break; 1118 1119 case PGP_PTAG_CT_SECRET_KEY: 1120 case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY: 1121 pgp_seckey_free(&c->u.seckey); 1122 break; 1123 1124 case PGP_PTAG_CT_PK_SESSION_KEY: 1125 case PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: 1126 pgp_pk_sesskey_free(&c->u.pk_sesskey); 1127 break; 1128 1129 case PGP_GET_PASSPHRASE: 1130 cmd_get_passphrase_free(&c->u.skey_passphrase); 1131 break; 1132 1133 default: 1134 fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); 1135 } 1136 } 1137 1138 /** 1139 \ingroup Core_Create 1140 \brief Free allocated memory 1141 */ 1142 void 1143 pgp_pk_sesskey_free(pgp_pk_sesskey_t *sk) 1144 { 1145 switch (sk->alg) { 1146 case PGP_PKA_RSA: 1147 free_BN(&sk->params.rsa.encrypted_m); 1148 break; 1149 1150 case PGP_PKA_ELGAMAL: 1151 free_BN(&sk->params.elgamal.g_to_k); 1152 free_BN(&sk->params.elgamal.encrypted_m); 1153 break; 1154 1155 default: 1156 (void) fprintf(stderr, "pgp_pk_sesskey_free: bad alg\n"); 1157 break; 1158 } 1159 } 1160 1161 /** 1162 \ingroup Core_Create 1163 \brief Free allocated memory 1164 */ 1165 /* ! Free the memory used when parsing a public key */ 1166 void 1167 pgp_pubkey_free(pgp_pubkey_t *p) 1168 { 1169 switch (p->alg) { 1170 case PGP_PKA_RSA: 1171 case PGP_PKA_RSA_ENCRYPT_ONLY: 1172 case PGP_PKA_RSA_SIGN_ONLY: 1173 free_BN(&p->key.rsa.n); 1174 free_BN(&p->key.rsa.e); 1175 break; 1176 1177 case PGP_PKA_DSA: 1178 free_BN(&p->key.dsa.p); 1179 free_BN(&p->key.dsa.q); 1180 free_BN(&p->key.dsa.g); 1181 free_BN(&p->key.dsa.y); 1182 break; 1183 1184 case PGP_PKA_ECDSA: 1185 free_BN(&p->key.ecdsa.p); 1186 break; 1187 1188 case PGP_PKA_ELGAMAL: 1189 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1190 free_BN(&p->key.elgamal.p); 1191 free_BN(&p->key.elgamal.g); 1192 free_BN(&p->key.elgamal.y); 1193 break; 1194 1195 case PGP_PKA_NOTHING: 1196 /* nothing to free */ 1197 break; 1198 1199 default: 1200 (void) fprintf(stderr, "pgp_pubkey_free: bad alg\n"); 1201 } 1202 } 1203 1204 /** 1205 \ingroup Core_ReadPackets 1206 */ 1207 static int 1208 parse_pubkey_data(pgp_pubkey_t *key, pgp_region_t *region, 1209 pgp_stream_t *stream) 1210 { 1211 uint8_t c = 0x0; 1212 1213 if (region->readc != 0) { 1214 /* We should not have read anything so far */ 1215 (void) fprintf(stderr, "parse_pubkey_data: bad length\n"); 1216 return 0; 1217 } 1218 if (!limread(&c, 1, region, stream)) { 1219 return 0; 1220 } 1221 key->version = (pgp_version_t)c; 1222 switch (key->version) { 1223 case PGP_V2: 1224 case PGP_V3: 1225 case PGP_V4: 1226 break; 1227 default: 1228 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PUBLIC_KEY_VRSN, 1229 "Bad public key version (0x%02x)", key->version); 1230 return 0; 1231 } 1232 if (!limited_read_time(&key->birthtime, region, stream)) { 1233 return 0; 1234 } 1235 1236 key->days_valid = 0; 1237 if ((key->version == 2 || key->version == 3) && 1238 !limread_scalar(&key->days_valid, 2, region, stream)) { 1239 return 0; 1240 } 1241 1242 if (!limread(&c, 1, region, stream)) { 1243 return 0; 1244 } 1245 key->alg = c; 1246 1247 switch (key->alg) { 1248 case PGP_PKA_DSA: 1249 if (!limread_mpi(&key->key.dsa.p, region, stream) || 1250 !limread_mpi(&key->key.dsa.q, region, stream) || 1251 !limread_mpi(&key->key.dsa.g, region, stream) || 1252 !limread_mpi(&key->key.dsa.y, region, stream)) { 1253 return 0; 1254 } 1255 break; 1256 1257 case PGP_PKA_ECDSA: 1258 if (!limread(&key->key.ecdsa.len, 1, region, stream) || 1259 !limread(key->key.ecdsa.oid, key->key.ecdsa.len, region, stream) || 1260 !limread_mpi(&key->key.ecdsa.p, region, stream)) { 1261 return 0; 1262 } 1263 break; 1264 1265 case PGP_PKA_RSA: 1266 case PGP_PKA_RSA_ENCRYPT_ONLY: 1267 case PGP_PKA_RSA_SIGN_ONLY: 1268 if (!limread_mpi(&key->key.rsa.n, region, stream) || 1269 !limread_mpi(&key->key.rsa.e, region, stream)) { 1270 return 0; 1271 } 1272 break; 1273 1274 case PGP_PKA_ELGAMAL: 1275 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1276 if (!limread_mpi(&key->key.elgamal.p, region, stream) || 1277 !limread_mpi(&key->key.elgamal.g, region, stream) || 1278 !limread_mpi(&key->key.elgamal.y, region, stream)) { 1279 return 0; 1280 } 1281 break; 1282 1283 default: 1284 PGP_ERROR_1(&stream->errors, 1285 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 1286 "Unsupported Public Key algorithm (%s)", 1287 pgp_show_pka(key->alg)); 1288 return 0; 1289 } 1290 1291 return 1; 1292 } 1293 1294 1295 /** 1296 * \ingroup Core_ReadPackets 1297 * \brief Parse a public key packet. 1298 * 1299 * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. 1300 * 1301 * Once the key has been parsed successfully, it is passed to the callback. 1302 * 1303 * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. 1304 * \param *reader Our reader 1305 * \param *cb The callback 1306 * \return 1 on success, 0 on error 1307 * 1308 * \see RFC4880 5.5.2 1309 */ 1310 static int 1311 parse_pubkey(pgp_content_enum tag, pgp_region_t *region, 1312 pgp_stream_t *stream) 1313 { 1314 pgp_packet_t pkt; 1315 1316 if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) { 1317 (void) fprintf(stderr, "parse_pubkey: parse_pubkey_data failed\n"); 1318 return 0; 1319 } 1320 1321 /* XXX: this test should be done for all packets, surely? */ 1322 if (region->readc != region->length) { 1323 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1324 "Unconsumed data (%d)", region->length - region->readc); 1325 return 0; 1326 } 1327 CALLBACK(tag, &stream->cbinfo, &pkt); 1328 1329 return 1; 1330 } 1331 1332 /** 1333 * \ingroup Core_ReadPackets 1334 * \brief Parse one user attribute packet. 1335 * 1336 * User attribute packets contain one or more attribute subpackets. 1337 * For now, handle the whole packet as raw data. 1338 */ 1339 1340 static int 1341 parse_userattr(pgp_region_t *region, pgp_stream_t *stream) 1342 { 1343 1344 pgp_packet_t pkt; 1345 1346 /* 1347 * xxx- treat as raw data for now. Could break down further into 1348 * attribute sub-packets later - rachel 1349 */ 1350 if (region->readc != 0) { 1351 /* We should not have read anything so far */ 1352 (void) fprintf(stderr, "parse_userattr: bad length\n"); 1353 return 0; 1354 } 1355 if (!read_data(&pkt.u.userattr, region, stream)) { 1356 return 0; 1357 } 1358 CALLBACK(PGP_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt); 1359 return 1; 1360 } 1361 1362 /** 1363 \ingroup Core_Create 1364 \brief Free allocated memory 1365 */ 1366 /* ! Free the memory used when parsing this packet type */ 1367 void 1368 pgp_userid_free(uint8_t **id) 1369 { 1370 free(*id); 1371 *id = NULL; 1372 } 1373 1374 /** 1375 * \ingroup Core_ReadPackets 1376 * \brief Parse a user id. 1377 * 1378 * This function parses an user id packet, which is basically just a char array the size of the packet. 1379 * 1380 * The char array is to be treated as an UTF-8 string. 1381 * 1382 * The userid gets null terminated by this function. Freeing it is the responsibility of the caller. 1383 * 1384 * Once the userid has been parsed successfully, it is passed to the callback. 1385 * 1386 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1387 * \param *reader Our reader 1388 * \param *cb The callback 1389 * \return 1 on success, 0 on error 1390 * 1391 * \see RFC4880 5.11 1392 */ 1393 static int 1394 parse_userid(pgp_region_t *region, pgp_stream_t *stream) 1395 { 1396 pgp_packet_t pkt; 1397 1398 if (region->readc != 0) { 1399 /* We should not have read anything so far */ 1400 (void) fprintf(stderr, "parse_userid: bad length\n"); 1401 return 0; 1402 } 1403 1404 if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) { 1405 (void) fprintf(stderr, "parse_userid: bad alloc\n"); 1406 return 0; 1407 } 1408 1409 if (region->length && 1410 !limread(pkt.u.userid, region->length, region, 1411 stream)) { 1412 return 0; 1413 } 1414 pkt.u.userid[region->length] = 0x0; 1415 CALLBACK(PGP_PTAG_CT_USER_ID, &stream->cbinfo, &pkt); 1416 return 1; 1417 } 1418 1419 static pgp_hash_t * 1420 parse_hash_find(pgp_stream_t *stream, const uint8_t *keyid) 1421 { 1422 pgp_hashtype_t *hp; 1423 size_t n; 1424 1425 for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) { 1426 if (memcmp(hp->keyid, keyid, PGP_KEY_ID_SIZE) == 0) { 1427 return &hp->hash; 1428 } 1429 } 1430 return NULL; 1431 } 1432 1433 /** 1434 * \ingroup Core_Parse 1435 * \brief Parse a version 3 signature. 1436 * 1437 * This function parses an version 3 signature packet, handling RSA and DSA signatures. 1438 * 1439 * Once the signature has been parsed successfully, it is passed to the callback. 1440 * 1441 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1442 * \param *reader Our reader 1443 * \param *cb The callback 1444 * \return 1 on success, 0 on error 1445 * 1446 * \see RFC4880 5.2.2 1447 */ 1448 static int 1449 parse_v3_sig(pgp_region_t *region, 1450 pgp_stream_t *stream) 1451 { 1452 pgp_packet_t pkt; 1453 uint8_t c = 0x0; 1454 1455 /* clear signature */ 1456 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1457 1458 pkt.u.sig.info.version = PGP_V3; 1459 1460 /* hash info length */ 1461 if (!limread(&c, 1, region, stream)) { 1462 return 0; 1463 } 1464 if (c != 5) { 1465 ERRP(&stream->cbinfo, pkt, "bad hash info length"); 1466 } 1467 1468 if (!limread(&c, 1, region, stream)) { 1469 return 0; 1470 } 1471 pkt.u.sig.info.type = (pgp_sig_type_t)c; 1472 /* XXX: check signature type */ 1473 1474 if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) { 1475 return 0; 1476 } 1477 pkt.u.sig.info.birthtime_set = 1; 1478 1479 if (!limread(pkt.u.sig.info.signer_id, PGP_KEY_ID_SIZE, region, 1480 stream)) { 1481 return 0; 1482 } 1483 pkt.u.sig.info.signer_id_set = 1; 1484 1485 if (!limread(&c, 1, region, stream)) { 1486 return 0; 1487 } 1488 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c; 1489 /* XXX: check algorithm */ 1490 1491 if (!limread(&c, 1, region, stream)) { 1492 return 0; 1493 } 1494 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c; 1495 /* XXX: check algorithm */ 1496 1497 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 1498 return 0; 1499 } 1500 1501 switch (pkt.u.sig.info.key_alg) { 1502 case PGP_PKA_RSA: 1503 case PGP_PKA_RSA_SIGN_ONLY: 1504 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 1505 return 0; 1506 } 1507 break; 1508 1509 case PGP_PKA_DSA: 1510 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) || 1511 !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 1512 return 0; 1513 } 1514 break; 1515 1516 case PGP_PKA_ECDSA: 1517 if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) || 1518 !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) { 1519 return 0; 1520 } 1521 break; 1522 1523 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1524 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 1525 stream) || 1526 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 1527 stream)) { 1528 return 0; 1529 } 1530 break; 1531 1532 default: 1533 PGP_ERROR_1(&stream->errors, 1534 PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 1535 "Unsupported signature key algorithm (%s)", 1536 pgp_show_pka(pkt.u.sig.info.key_alg)); 1537 return 0; 1538 } 1539 1540 if (region->readc != region->length) { 1541 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1542 "Unconsumed data (%d)", 1543 region->length - region->readc); 1544 return 0; 1545 } 1546 if (pkt.u.sig.info.signer_id_set) { 1547 pkt.u.sig.hash = parse_hash_find(stream, 1548 pkt.u.sig.info.signer_id); 1549 } 1550 CALLBACK(PGP_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt); 1551 return 1; 1552 } 1553 1554 /** 1555 * \ingroup Core_ReadPackets 1556 * \brief Parse one signature sub-packet. 1557 * 1558 * Version 4 signatures can have an arbitrary amount of (hashed and 1559 * unhashed) subpackets. Subpackets are used to hold optional 1560 * attributes of subpackets. 1561 * 1562 * This function parses one such signature subpacket. 1563 * 1564 * Once the subpacket has been parsed successfully, it is passed to the callback. 1565 * 1566 * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket. 1567 * \param *reader Our reader 1568 * \param *cb The callback 1569 * \return 1 on success, 0 on error 1570 * 1571 * \see RFC4880 5.2.3 1572 */ 1573 static int 1574 parse_one_sig_subpacket(pgp_sig_t *sig, 1575 pgp_region_t *region, 1576 pgp_stream_t *stream) 1577 { 1578 pgp_region_t subregion; 1579 pgp_packet_t pkt; 1580 uint8_t bools = 0x0; 1581 uint8_t c = 0x0; 1582 uint8_t temp = 0x0; 1583 unsigned doread = 1; 1584 unsigned t8; 1585 unsigned t7; 1586 1587 pgp_init_subregion(&subregion, region); 1588 if (!limited_read_new_length(&subregion.length, region, stream)) { 1589 return 0; 1590 } 1591 1592 if (subregion.length > region->length) { 1593 ERRP(&stream->cbinfo, pkt, "Subpacket too long"); 1594 } 1595 1596 if (!limread(&c, 1, &subregion, stream)) { 1597 return 0; 1598 } 1599 1600 t8 = (c & 0x7f) / 8; 1601 t7 = 1 << (c & 7); 1602 1603 pkt.critical = (unsigned)c >> 7; 1604 pkt.tag = (pgp_content_enum)(PGP_PTAG_SIG_SUBPKT_BASE + (c & 0x7f)); 1605 1606 /* Application wants it delivered raw */ 1607 if (stream->ss_raw[t8] & t7) { 1608 pkt.u.ss_raw.tag = pkt.tag; 1609 pkt.u.ss_raw.length = subregion.length - 1; 1610 pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length); 1611 if (pkt.u.ss_raw.raw == NULL) { 1612 (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n"); 1613 return 0; 1614 } 1615 if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length, 1616 &subregion, stream)) { 1617 return 0; 1618 } 1619 CALLBACK(PGP_PTAG_RAW_SS, &stream->cbinfo, &pkt); 1620 return 1; 1621 } 1622 switch (pkt.tag) { 1623 case PGP_PTAG_SS_CREATION_TIME: 1624 case PGP_PTAG_SS_EXPIRATION_TIME: 1625 case PGP_PTAG_SS_KEY_EXPIRY: 1626 if (!limited_read_time(&pkt.u.ss_time, &subregion, stream)) 1627 return 0; 1628 if (pkt.tag == PGP_PTAG_SS_CREATION_TIME) { 1629 sig->info.birthtime = pkt.u.ss_time; 1630 sig->info.birthtime_set = 1; 1631 } 1632 if (pkt.tag == PGP_PTAG_SS_EXPIRATION_TIME) { 1633 sig->info.duration = pkt.u.ss_time; 1634 sig->info.duration_set = 1; 1635 } 1636 break; 1637 1638 case PGP_PTAG_SS_TRUST: 1639 if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) || 1640 !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) { 1641 return 0; 1642 } 1643 break; 1644 1645 case PGP_PTAG_SS_REVOCABLE: 1646 if (!limread(&bools, 1, &subregion, stream)) { 1647 return 0; 1648 } 1649 pkt.u.ss_revocable = !!bools; 1650 break; 1651 1652 case PGP_PTAG_SS_ISSUER_KEY_ID: 1653 if (!limread(pkt.u.ss_issuer, PGP_KEY_ID_SIZE, &subregion, stream)) { 1654 return 0; 1655 } 1656 (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, PGP_KEY_ID_SIZE); 1657 sig->info.signer_id_set = 1; 1658 break; 1659 1660 case PGP_PTAG_SS_PREFERRED_SKA: 1661 if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) { 1662 return 0; 1663 } 1664 break; 1665 1666 case PGP_PTAG_SS_PREFERRED_HASH: 1667 if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) { 1668 return 0; 1669 } 1670 break; 1671 1672 case PGP_PTAG_SS_PREF_COMPRESS: 1673 if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) { 1674 return 0; 1675 } 1676 break; 1677 1678 case PGP_PTAG_SS_PRIMARY_USER_ID: 1679 if (!limread(&bools, 1, &subregion, stream)) { 1680 return 0; 1681 } 1682 pkt.u.ss_primary_userid = !!bools; 1683 break; 1684 1685 case PGP_PTAG_SS_KEY_FLAGS: 1686 if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) { 1687 return 0; 1688 } 1689 break; 1690 1691 case PGP_PTAG_SS_KEYSERV_PREFS: 1692 if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) { 1693 return 0; 1694 } 1695 break; 1696 1697 case PGP_PTAG_SS_FEATURES: 1698 if (!read_data(&pkt.u.ss_features, &subregion, stream)) { 1699 return 0; 1700 } 1701 break; 1702 1703 case PGP_PTAG_SS_SIGNERS_USER_ID: 1704 if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) { 1705 return 0; 1706 } 1707 break; 1708 1709 case PGP_PTAG_SS_EMBEDDED_SIGNATURE: 1710 /* \todo should do something with this sig? */ 1711 if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) { 1712 return 0; 1713 } 1714 break; 1715 1716 case PGP_PTAG_SS_NOTATION_DATA: 1717 if (!limread_data(&pkt.u.ss_notation.flags, 4, 1718 &subregion, stream)) { 1719 return 0; 1720 } 1721 if (!limread_size_t(&pkt.u.ss_notation.name.len, 2, 1722 &subregion, stream)) { 1723 return 0; 1724 } 1725 if (!limread_size_t(&pkt.u.ss_notation.value.len, 2, 1726 &subregion, stream)) { 1727 return 0; 1728 } 1729 if (!limread_data(&pkt.u.ss_notation.name, 1730 (unsigned)pkt.u.ss_notation.name.len, 1731 &subregion, stream)) { 1732 return 0; 1733 } 1734 if (!limread_data(&pkt.u.ss_notation.value, 1735 (unsigned)pkt.u.ss_notation.value.len, 1736 &subregion, stream)) { 1737 return 0; 1738 } 1739 break; 1740 1741 case PGP_PTAG_SS_POLICY_URI: 1742 if (!read_string(&pkt.u.ss_policy, &subregion, stream)) { 1743 return 0; 1744 } 1745 break; 1746 1747 case PGP_PTAG_SS_REGEXP: 1748 if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) { 1749 return 0; 1750 } 1751 break; 1752 1753 case PGP_PTAG_SS_PREF_KEYSERV: 1754 if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) { 1755 return 0; 1756 } 1757 break; 1758 1759 case PGP_PTAG_SS_USERDEFINED00: 1760 case PGP_PTAG_SS_USERDEFINED01: 1761 case PGP_PTAG_SS_USERDEFINED02: 1762 case PGP_PTAG_SS_USERDEFINED03: 1763 case PGP_PTAG_SS_USERDEFINED04: 1764 case PGP_PTAG_SS_USERDEFINED05: 1765 case PGP_PTAG_SS_USERDEFINED06: 1766 case PGP_PTAG_SS_USERDEFINED07: 1767 case PGP_PTAG_SS_USERDEFINED08: 1768 case PGP_PTAG_SS_USERDEFINED09: 1769 case PGP_PTAG_SS_USERDEFINED10: 1770 if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) { 1771 return 0; 1772 } 1773 break; 1774 1775 case PGP_PTAG_SS_RESERVED: 1776 if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) { 1777 return 0; 1778 } 1779 break; 1780 1781 case PGP_PTAG_SS_REVOCATION_REASON: 1782 /* first byte is the machine-readable code */ 1783 if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) { 1784 return 0; 1785 } 1786 /* the rest is a human-readable UTF-8 string */ 1787 if (!read_string(&pkt.u.ss_revocation.reason, &subregion, 1788 stream)) { 1789 return 0; 1790 } 1791 break; 1792 1793 case PGP_PTAG_SS_ISSUER_FINGERPRINT: 1794 /* octet 0: version */ 1795 /* 0x04:20 bytes, 0x05:32 bytes */ 1796 if (!limread(&temp, 1, &subregion, stream)) { 1797 return 0; 1798 } 1799 1800 switch (temp) { 1801 case 0x04: pkt.u.ss_issuer_fingerprint.len = 20; break; 1802 case 0x05: pkt.u.ss_issuer_fingerprint.len = 32; break; 1803 default: 1804 return 0; 1805 } 1806 1807 if (!limread(pkt.u.ss_issuer_fingerprint.fingerprint, 1808 pkt.u.ss_issuer_fingerprint.len, &subregion, stream)) { 1809 return 0; 1810 } 1811 break; 1812 1813 case PGP_PTAG_SS_REVOCATION_KEY: 1814 /* octet 0 = class. Bit 0x80 must be set */ 1815 if (!limread(&pkt.u.ss_revocation_key.class, 1, 1816 &subregion, stream)) { 1817 return 0; 1818 } 1819 if (!(pkt.u.ss_revocation_key.class & 0x80)) { 1820 printf("Warning: PGP_PTAG_SS_REVOCATION_KEY class: " 1821 "Bit 0x80 should be set\n"); 1822 return 0; 1823 } 1824 /* octet 1 = algid */ 1825 if (!limread(&pkt.u.ss_revocation_key.algid, 1, 1826 &subregion, stream)) { 1827 return 0; 1828 } 1829 /* octets 2-21 = fingerprint */ 1830 if (!limread(&pkt.u.ss_revocation_key.fingerprint[0], 1831 PGP_FINGERPRINT_SIZE, &subregion, stream)) { 1832 return 0; 1833 } 1834 break; 1835 1836 default: 1837 if (stream->ss_parsed[t8] & t7) { 1838 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_UNKNOWN_SS, 1839 "Unknown signature subpacket type (%d)", 1840 c & 0x7f); 1841 } 1842 doread = 0; 1843 break; 1844 } 1845 1846 /* Application doesn't want it delivered parsed */ 1847 if (!(stream->ss_parsed[t8] & t7)) { 1848 if (pkt.critical) { 1849 PGP_ERROR_1(&stream->errors, 1850 PGP_E_PROTO_CRITICAL_SS_IGNORED, 1851 "Critical signature subpacket ignored (%d)", 1852 c & 0x7f); 1853 } 1854 if (!doread && 1855 !limskip(subregion.length - 1, &subregion, stream)) { 1856 return 0; 1857 } 1858 if (doread) { 1859 pgp_parser_content_free(&pkt); 1860 } 1861 return 1; 1862 } 1863 if (doread && subregion.readc != subregion.length) { 1864 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1865 "Unconsumed data (%d)", 1866 subregion.length - subregion.readc); 1867 return 0; 1868 } 1869 CALLBACK(pkt.tag, &stream->cbinfo, &pkt); 1870 return 1; 1871 } 1872 1873 /** 1874 * \ingroup Core_ReadPackets 1875 * \brief Parse several signature subpackets. 1876 * 1877 * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. 1878 * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the 1879 * entire set is consumed. 1880 * 1881 * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket. 1882 * 1883 * \param *ptag Pointer to the Packet Tag. 1884 * \param *reader Our reader 1885 * \param *cb The callback 1886 * \return 1 on success, 0 on error 1887 * 1888 * \see RFC4880 5.2.3 1889 */ 1890 static int 1891 parse_sig_subpkts(pgp_sig_t *sig, 1892 pgp_region_t *region, 1893 pgp_stream_t *stream) 1894 { 1895 pgp_region_t subregion; 1896 pgp_packet_t pkt; 1897 1898 pgp_init_subregion(&subregion, region); 1899 if (!limread_scalar(&subregion.length, 2, region, stream)) { 1900 return 0; 1901 } 1902 1903 if (subregion.length > region->length) { 1904 ERRP(&stream->cbinfo, pkt, "Subpacket set too long"); 1905 } 1906 1907 while (subregion.readc < subregion.length) { 1908 if (!parse_one_sig_subpacket(sig, &subregion, stream)) { 1909 return 0; 1910 } 1911 } 1912 1913 if (subregion.readc != subregion.length) { 1914 if (!limskip(subregion.length - subregion.readc, 1915 &subregion, stream)) { 1916 ERRP(&stream->cbinfo, pkt, 1917 "parse_sig_subpkts: subpacket length read mismatch"); 1918 } 1919 ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch"); 1920 } 1921 return 1; 1922 } 1923 1924 /** 1925 * \ingroup Core_ReadPackets 1926 * \brief Parse a version 4 signature. 1927 * 1928 * This function parses a version 4 signature including all its hashed and unhashed subpackets. 1929 * 1930 * Once the signature packet has been parsed successfully, it is passed to the callback. 1931 * 1932 * \param *ptag Pointer to the Packet Tag. 1933 * \param *reader Our reader 1934 * \param *cb The callback 1935 * \return 1 on success, 0 on error 1936 * 1937 * \see RFC4880 5.2.3 1938 */ 1939 static int 1940 parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream) 1941 { 1942 pgp_packet_t pkt; 1943 uint8_t c = 0x0; 1944 1945 if (pgp_get_debug_level(__FILE__)) { 1946 fprintf(stderr, "\nparse_v4_sig\n"); 1947 } 1948 /* clear signature */ 1949 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1950 1951 /* 1952 * We need to hash the packet data from version through the hashed 1953 * subpacket data 1954 */ 1955 1956 pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1; 1957 1958 /* Set version,type,algorithms */ 1959 1960 pkt.u.sig.info.version = PGP_V4; 1961 1962 if (!limread(&c, 1, region, stream)) { 1963 return 0; 1964 } 1965 pkt.u.sig.info.type = (pgp_sig_type_t)c; 1966 if (pgp_get_debug_level(__FILE__)) { 1967 fprintf(stderr, "signature type=%d (%s)\n", 1968 pkt.u.sig.info.type, 1969 pgp_show_sig_type(pkt.u.sig.info.type)); 1970 } 1971 /* XXX: check signature type */ 1972 1973 if (!limread(&c, 1, region, stream)) { 1974 return 0; 1975 } 1976 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c; 1977 /* XXX: check key algorithm */ 1978 if (pgp_get_debug_level(__FILE__)) { 1979 (void) fprintf(stderr, "key_alg=%d (%s)\n", 1980 pkt.u.sig.info.key_alg, 1981 pgp_show_pka(pkt.u.sig.info.key_alg)); 1982 } 1983 if (!limread(&c, 1, region, stream)) { 1984 return 0; 1985 } 1986 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c; 1987 /* XXX: check hash algorithm */ 1988 if (pgp_get_debug_level(__FILE__)) { 1989 fprintf(stderr, "hash_alg=%d %s\n", 1990 pkt.u.sig.info.hash_alg, 1991 pgp_show_hash_alg(pkt.u.sig.info.hash_alg)); 1992 } 1993 CALLBACK(PGP_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt); 1994 1995 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 1996 return 0; 1997 } 1998 1999 pkt.u.sig.info.v4_hashlen = stream->readinfo.alength 2000 - pkt.u.sig.v4_hashstart; 2001 if (pgp_get_debug_level(__FILE__)) { 2002 fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen); 2003 } 2004 2005 /* copy hashed subpackets */ 2006 if (pkt.u.sig.info.v4_hashed) { 2007 free(pkt.u.sig.info.v4_hashed); 2008 } 2009 pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen); 2010 if (pkt.u.sig.info.v4_hashed == NULL) { 2011 (void) fprintf(stderr, "parse_v4_sig: bad alloc\n"); 2012 return 0; 2013 } 2014 2015 if (!stream->readinfo.accumulate) { 2016 /* We must accumulate, else we can't check the signature */ 2017 fprintf(stderr, "*** ERROR: must set accumulate to 1\n"); 2018 return 0; 2019 } 2020 (void) memcpy(pkt.u.sig.info.v4_hashed, 2021 stream->readinfo.accumulated + pkt.u.sig.v4_hashstart, 2022 pkt.u.sig.info.v4_hashlen); 2023 2024 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 2025 return 0; 2026 } 2027 2028 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 2029 return 0; 2030 } 2031 2032 switch (pkt.u.sig.info.key_alg) { 2033 case PGP_PKA_RSA: 2034 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 2035 return 0; 2036 } 2037 if (pgp_get_debug_level(__FILE__)) { 2038 (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n"); 2039 BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig); 2040 (void) fprintf(stderr, "\n"); 2041 } 2042 break; 2043 2044 case PGP_PKA_DSA: 2045 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) { 2046 /* 2047 * usually if this fails, it just means we've reached 2048 * the end of the keyring 2049 */ 2050 if (pgp_get_debug_level(__FILE__)) { 2051 (void) fprintf(stderr, 2052 "Error reading DSA r field in signature"); 2053 } 2054 return 0; 2055 } 2056 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 2057 ERRP(&stream->cbinfo, pkt, 2058 "Error reading DSA s field in signature"); 2059 } 2060 break; 2061 2062 case PGP_PKA_ECDSA: 2063 if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) || 2064 !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) { 2065 return 0; 2066 } 2067 break; 2068 2069 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 2070 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 2071 stream) || 2072 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 2073 stream)) { 2074 return 0; 2075 } 2076 break; 2077 2078 case PGP_PKA_PRIVATE00: 2079 case PGP_PKA_PRIVATE01: 2080 case PGP_PKA_PRIVATE02: 2081 case PGP_PKA_PRIVATE03: 2082 case PGP_PKA_PRIVATE04: 2083 case PGP_PKA_PRIVATE05: 2084 case PGP_PKA_PRIVATE06: 2085 case PGP_PKA_PRIVATE07: 2086 case PGP_PKA_PRIVATE08: 2087 case PGP_PKA_PRIVATE09: 2088 case PGP_PKA_PRIVATE10: 2089 if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) { 2090 return 0; 2091 } 2092 break; 2093 2094 default: 2095 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 2096 "Bad v4 signature key algorithm (%s)", 2097 pgp_show_pka(pkt.u.sig.info.key_alg)); 2098 return 0; 2099 } 2100 if (region->readc != region->length) { 2101 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 2102 "Unconsumed data (%d)", 2103 region->length - region->readc); 2104 return 0; 2105 } 2106 CALLBACK(PGP_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt); 2107 return 1; 2108 } 2109 2110 /** 2111 * \ingroup Core_ReadPackets 2112 * \brief Parse a signature subpacket. 2113 * 2114 * This function calls the appropriate function to handle v3 or v4 signatures. 2115 * 2116 * Once the signature packet has been parsed successfully, it is passed to the callback. 2117 * 2118 * \param *ptag Pointer to the Packet Tag. 2119 * \param *reader Our reader 2120 * \param *cb The callback 2121 * \return 1 on success, 0 on error 2122 */ 2123 static int 2124 parse_sig(pgp_region_t *region, pgp_stream_t *stream) 2125 { 2126 pgp_packet_t pkt; 2127 uint8_t c = 0x0; 2128 2129 if (region->readc != 0) { 2130 /* We should not have read anything so far */ 2131 (void) fprintf(stderr, "parse_sig: bad length\n"); 2132 return 0; 2133 } 2134 2135 (void) memset(&pkt, 0x0, sizeof(pkt)); 2136 if (!limread(&c, 1, region, stream)) { 2137 return 0; 2138 } 2139 if (c == 2 || c == 3) { 2140 return parse_v3_sig(region, stream); 2141 } 2142 if (c == 4) { 2143 return parse_v4_sig(region, stream); 2144 } 2145 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_SIGNATURE_VRSN, 2146 "Bad signature version (%d)", c); 2147 return 0; 2148 } 2149 2150 /** 2151 \ingroup Core_ReadPackets 2152 \brief Parse Compressed packet 2153 */ 2154 static int 2155 parse_compressed(pgp_region_t *region, pgp_stream_t *stream) 2156 { 2157 pgp_packet_t pkt; 2158 uint8_t c = 0x0; 2159 2160 if (!limread(&c, 1, region, stream)) { 2161 return 0; 2162 } 2163 2164 pkt.u.compressed = (pgp_compression_type_t)c; 2165 2166 CALLBACK(PGP_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt); 2167 2168 /* 2169 * The content of a compressed data packet is more OpenPGP packets 2170 * once decompressed, so recursively handle them 2171 */ 2172 2173 return pgp_decompress(region, stream, pkt.u.compressed); 2174 } 2175 2176 /* XXX: this could be improved by sharing all hashes that are the */ 2177 /* same, then duping them just before checking the signature. */ 2178 static void 2179 parse_hash_init(pgp_stream_t *stream, pgp_hash_alg_t type, 2180 const uint8_t *keyid) 2181 { 2182 pgp_hashtype_t *hash; 2183 2184 hash = realloc(stream->hashes, 2185 (stream->hashc + 1) * sizeof(*stream->hashes)); 2186 if (hash == NULL) { 2187 (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n"); 2188 /* just continue and die here */ 2189 /* XXX - agc - no way to return failure */ 2190 } else { 2191 stream->hashes = hash; 2192 } 2193 hash = &stream->hashes[stream->hashc++]; 2194 2195 pgp_hash_any(&hash->hash, type); 2196 if (!hash->hash.init(&hash->hash)) { 2197 (void) fprintf(stderr, "parse_hash_init: bad alloc\n"); 2198 /* just continue and die here */ 2199 /* XXX - agc - no way to return failure */ 2200 } 2201 (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); 2202 } 2203 2204 /** 2205 \ingroup Core_ReadPackets 2206 \brief Parse a One Pass Signature packet 2207 */ 2208 static int 2209 parse_one_pass(pgp_region_t * region, pgp_stream_t * stream) 2210 { 2211 pgp_packet_t pkt; 2212 uint8_t c = 0x0; 2213 2214 if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) { 2215 return 0; 2216 } 2217 if (pkt.u.one_pass_sig.version != 3) { 2218 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_ONE_PASS_SIG_VRSN, 2219 "Bad one-pass signature version (%d)", 2220 pkt.u.one_pass_sig.version); 2221 return 0; 2222 } 2223 if (!limread(&c, 1, region, stream)) { 2224 return 0; 2225 } 2226 pkt.u.one_pass_sig.sig_type = (pgp_sig_type_t)c; 2227 2228 if (!limread(&c, 1, region, stream)) { 2229 return 0; 2230 } 2231 pkt.u.one_pass_sig.hash_alg = (pgp_hash_alg_t)c; 2232 2233 if (!limread(&c, 1, region, stream)) { 2234 return 0; 2235 } 2236 pkt.u.one_pass_sig.key_alg = (pgp_pubkey_alg_t)c; 2237 2238 if (!limread(pkt.u.one_pass_sig.keyid, 2239 (unsigned)sizeof(pkt.u.one_pass_sig.keyid), 2240 region, stream)) { 2241 return 0; 2242 } 2243 2244 if (!limread(&c, 1, region, stream)) { 2245 return 0; 2246 } 2247 pkt.u.one_pass_sig.nested = !!c; 2248 CALLBACK(PGP_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt); 2249 /* XXX: we should, perhaps, let the app choose whether to hash or not */ 2250 parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg, 2251 pkt.u.one_pass_sig.keyid); 2252 return 1; 2253 } 2254 2255 /** 2256 \ingroup Core_ReadPackets 2257 \brief Parse a Trust packet 2258 */ 2259 static int 2260 parse_trust(pgp_region_t *region, pgp_stream_t *stream) 2261 { 2262 pgp_packet_t pkt; 2263 2264 if (!read_data(&pkt.u.trust, region, stream)) { 2265 return 0; 2266 } 2267 CALLBACK(PGP_PTAG_CT_TRUST, &stream->cbinfo, &pkt); 2268 return 1; 2269 } 2270 2271 static void 2272 parse_hash_data(pgp_stream_t *stream, const void *data, 2273 size_t length) 2274 { 2275 size_t n; 2276 2277 for (n = 0; n < stream->hashc; ++n) { 2278 stream->hashes[n].hash.add(&stream->hashes[n].hash, data, (unsigned)length); 2279 } 2280 } 2281 2282 /** 2283 \ingroup Core_ReadPackets 2284 \brief Parse a Literal Data packet 2285 */ 2286 static int 2287 parse_litdata(pgp_region_t *region, pgp_stream_t *stream) 2288 { 2289 pgp_memory_t *mem; 2290 pgp_packet_t pkt; 2291 uint8_t c = 0x0; 2292 2293 if (!limread(&c, 1, region, stream)) { 2294 return 0; 2295 } 2296 pkt.u.litdata_header.format = (pgp_litdata_enum)c; 2297 if (!limread(&c, 1, region, stream)) { 2298 return 0; 2299 } 2300 if (!limread((uint8_t *)pkt.u.litdata_header.filename, 2301 (unsigned)c, region, stream)) { 2302 return 0; 2303 } 2304 pkt.u.litdata_header.filename[c] = '\0'; 2305 if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) { 2306 return 0; 2307 } 2308 CALLBACK(PGP_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt); 2309 mem = pkt.u.litdata_body.mem = pgp_memory_new(); 2310 pgp_memory_init(pkt.u.litdata_body.mem, 2311 (unsigned)((region->length * 101) / 100) + 12); 2312 pkt.u.litdata_body.data = mem->buf; 2313 2314 while (region->readc < region->length) { 2315 unsigned readc = region->length - region->readc; 2316 2317 if (!limread(mem->buf, readc, region, stream)) { 2318 return 0; 2319 } 2320 pkt.u.litdata_body.length = readc; 2321 parse_hash_data(stream, pkt.u.litdata_body.data, region->length); 2322 CALLBACK(PGP_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt); 2323 } 2324 2325 /* XXX - get rid of mem here? */ 2326 2327 return 1; 2328 } 2329 2330 /** 2331 * \ingroup Core_Create 2332 * 2333 * pgp_seckey_free() frees the memory associated with "key". Note that 2334 * the key itself is not freed. 2335 * 2336 * \param key 2337 */ 2338 2339 void 2340 pgp_seckey_free(pgp_seckey_t *key) 2341 { 2342 switch (key->pubkey.alg) { 2343 case PGP_PKA_RSA: 2344 case PGP_PKA_RSA_ENCRYPT_ONLY: 2345 case PGP_PKA_RSA_SIGN_ONLY: 2346 free_BN(&key->key.rsa.d); 2347 free_BN(&key->key.rsa.p); 2348 free_BN(&key->key.rsa.q); 2349 free_BN(&key->key.rsa.u); 2350 break; 2351 2352 case PGP_PKA_DSA: 2353 free_BN(&key->key.dsa.x); 2354 break; 2355 2356 case PGP_PKA_ECDSA: 2357 free_BN(&key->key.ecdsa.x); 2358 break; 2359 2360 default: 2361 (void) fprintf(stderr, 2362 "pgp_seckey_free: Unknown algorithm: %d (%s)\n", 2363 key->pubkey.alg, 2364 pgp_show_pka(key->pubkey.alg)); 2365 } 2366 free(key->checkhash); 2367 } 2368 2369 static int 2370 consume_packet(pgp_region_t *region, pgp_stream_t *stream, unsigned warn) 2371 { 2372 pgp_packet_t pkt; 2373 pgp_data_t remainder; 2374 2375 if (region->indeterminate) { 2376 ERRP(&stream->cbinfo, pkt, 2377 "Can't consume indeterminate packets"); 2378 } 2379 2380 if (read_data(&remainder, region, stream)) { 2381 /* now throw it away */ 2382 pgp_data_free(&remainder); 2383 if (warn) { 2384 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_CONSUMED, 2385 "%s", "Warning: packet consumer"); 2386 } 2387 return 1; 2388 } 2389 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_NOT_CONSUMED, 2390 "%s", (warn) ? "Warning: Packet was not consumed" : 2391 "Packet was not consumed"); 2392 return warn; 2393 } 2394 2395 /** 2396 * \ingroup Core_ReadPackets 2397 * \brief Parse a secret key 2398 */ 2399 static int 2400 parse_seckey(pgp_region_t *region, pgp_stream_t *stream) 2401 { 2402 pgp_packet_t pkt; 2403 pgp_region_t encregion; 2404 pgp_region_t *saved_region = NULL; 2405 pgp_crypt_t decrypt; 2406 pgp_hash_t checkhash; 2407 unsigned blocksize; 2408 unsigned crypted; 2409 uint8_t c = 0x0; 2410 int ret = 1; 2411 2412 if (pgp_get_debug_level(__FILE__)) { 2413 fprintf(stderr, "\n---------\nparse_seckey:\n"); 2414 fprintf(stderr, 2415 "region length=%u, readc=%u, remainder=%u\n", 2416 region->length, region->readc, 2417 region->length - region->readc); 2418 } 2419 (void) memset(&pkt, 0x0, sizeof(pkt)); 2420 if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) { 2421 return 0; 2422 } 2423 if (pgp_get_debug_level(__FILE__)) { 2424 fprintf(stderr, "parse_seckey: public key parsed\n"); 2425 pgp_print_pubkey(&pkt.u.seckey.pubkey); 2426 } 2427 stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != PGP_V4); 2428 2429 if (!limread(&c, 1, region, stream)) { 2430 return 0; 2431 } 2432 pkt.u.seckey.s2k_usage = (pgp_s2k_usage_t)c; 2433 2434 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED || 2435 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2436 if (!limread(&c, 1, region, stream)) { 2437 return 0; 2438 } 2439 pkt.u.seckey.alg = (pgp_symm_alg_t)c; 2440 if (!limread(&c, 1, region, stream)) { 2441 return 0; 2442 } 2443 pkt.u.seckey.s2k_specifier = (pgp_s2k_specifier_t)c; 2444 switch (pkt.u.seckey.s2k_specifier) { 2445 case PGP_S2KS_SIMPLE: 2446 case PGP_S2KS_SALTED: 2447 case PGP_S2KS_ITERATED_AND_SALTED: 2448 break; 2449 default: 2450 (void) fprintf(stderr, 2451 "parse_seckey: bad seckey\n"); 2452 return 0; 2453 } 2454 if (!limread(&c, 1, region, stream)) { 2455 return 0; 2456 } 2457 pkt.u.seckey.hash_alg = (pgp_hash_alg_t)c; 2458 if (pkt.u.seckey.s2k_specifier != PGP_S2KS_SIMPLE && 2459 !limread(pkt.u.seckey.salt, 8, region, stream)) { 2460 return 0; 2461 } 2462 if (pkt.u.seckey.s2k_specifier == 2463 PGP_S2KS_ITERATED_AND_SALTED) { 2464 if (!limread(&c, 1, region, stream)) { 2465 return 0; 2466 } 2467 pkt.u.seckey.octetc = 2468 (16 + ((unsigned)c & 15)) << 2469 (((unsigned)c >> 4) + 6); 2470 } 2471 } else if (pkt.u.seckey.s2k_usage != PGP_S2KU_NONE) { 2472 /* this is V3 style, looks just like a V4 simple hash */ 2473 pkt.u.seckey.alg = (pgp_symm_alg_t)c; 2474 pkt.u.seckey.s2k_usage = PGP_S2KU_ENCRYPTED; 2475 pkt.u.seckey.s2k_specifier = PGP_S2KS_SIMPLE; 2476 pkt.u.seckey.hash_alg = PGP_HASH_MD5; 2477 } 2478 crypted = pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED || 2479 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED; 2480 2481 if (crypted) { 2482 pgp_packet_t seckey; 2483 pgp_hash_t hashes[(PGP_MAX_KEY_SIZE + PGP_MIN_HASH_SIZE - 1) / PGP_MIN_HASH_SIZE]; 2484 unsigned passlen; 2485 uint8_t key[PGP_MAX_KEY_SIZE + PGP_MAX_HASH_SIZE]; 2486 char *passphrase; 2487 int hashsize; 2488 int keysize; 2489 int n; 2490 2491 if (pgp_get_debug_level(__FILE__)) { 2492 (void) fprintf(stderr, "crypted seckey\n"); 2493 } 2494 blocksize = pgp_block_size(pkt.u.seckey.alg); 2495 if (blocksize == 0 || blocksize > PGP_MAX_BLOCK_SIZE) { 2496 (void) fprintf(stderr, 2497 "parse_seckey: bad blocksize\n"); 2498 return 0; 2499 } 2500 2501 if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) { 2502 return 0; 2503 } 2504 (void) memset(&seckey, 0x0, sizeof(seckey)); 2505 passphrase = NULL; 2506 seckey.u.skey_passphrase.passphrase = &passphrase; 2507 seckey.u.skey_passphrase.seckey = &pkt.u.seckey; 2508 CALLBACK(PGP_GET_PASSPHRASE, &stream->cbinfo, &seckey); 2509 if (!passphrase) { 2510 if (pgp_get_debug_level(__FILE__)) { 2511 /* \todo make into proper error */ 2512 (void) fprintf(stderr, 2513 "parse_seckey: can't get passphrase\n"); 2514 } 2515 if (!consume_packet(region, stream, 0)) { 2516 return 0; 2517 } 2518 2519 CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY, 2520 &stream->cbinfo, &pkt); 2521 2522 return 1; 2523 } 2524 keysize = pgp_key_size(pkt.u.seckey.alg); 2525 if (keysize == 0 || keysize > PGP_MAX_KEY_SIZE) { 2526 (void) fprintf(stderr, 2527 "parse_seckey: bad keysize\n"); 2528 return 0; 2529 } 2530 2531 /* Hardcoded SHA1 for just now */ 2532 pkt.u.seckey.hash_alg = PGP_HASH_SHA1; 2533 hashsize = pgp_hash_size(pkt.u.seckey.hash_alg); 2534 if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) { 2535 (void) fprintf(stderr, 2536 "parse_seckey: bad hashsize\n"); 2537 return 0; 2538 } 2539 2540 for (n = 0; n * hashsize < keysize; ++n) { 2541 int i; 2542 2543 pgp_hash_any(&hashes[n], 2544 pkt.u.seckey.hash_alg); 2545 if (!hashes[n].init(&hashes[n])) { 2546 (void) fprintf(stderr, 2547 "parse_seckey: bad alloc\n"); 2548 return 0; 2549 } 2550 /* preload hashes with zeroes... */ 2551 for (i = 0; i < n; ++i) { 2552 hashes[n].add(&hashes[n], 2553 (const uint8_t *) "", 1); 2554 } 2555 } 2556 passlen = (unsigned)strlen(passphrase); 2557 for (n = 0; n * hashsize < keysize; ++n) { 2558 unsigned i; 2559 2560 switch (pkt.u.seckey.s2k_specifier) { 2561 case PGP_S2KS_SALTED: 2562 hashes[n].add(&hashes[n], 2563 pkt.u.seckey.salt, 2564 PGP_SALT_SIZE); 2565 /* FALLTHROUGH */ 2566 case PGP_S2KS_SIMPLE: 2567 hashes[n].add(&hashes[n], 2568 (uint8_t *)passphrase, (unsigned)passlen); 2569 break; 2570 2571 case PGP_S2KS_ITERATED_AND_SALTED: 2572 for (i = 0; i < pkt.u.seckey.octetc; 2573 i += passlen + PGP_SALT_SIZE) { 2574 unsigned j; 2575 2576 j = passlen + PGP_SALT_SIZE; 2577 if (i + j > pkt.u.seckey.octetc && i != 0) { 2578 j = pkt.u.seckey.octetc - i; 2579 } 2580 hashes[n].add(&hashes[n], 2581 pkt.u.seckey.salt, 2582 (unsigned)(j > PGP_SALT_SIZE) ? 2583 PGP_SALT_SIZE : j); 2584 if (j > PGP_SALT_SIZE) { 2585 hashes[n].add(&hashes[n], 2586 (uint8_t *) passphrase, 2587 j - PGP_SALT_SIZE); 2588 } 2589 } 2590 break; 2591 default: 2592 break; 2593 } 2594 } 2595 2596 for (n = 0; n * hashsize < keysize; ++n) { 2597 int r; 2598 2599 r = hashes[n].finish(&hashes[n], key + n * hashsize); 2600 if (r != hashsize) { 2601 (void) fprintf(stderr, 2602 "parse_seckey: bad r\n"); 2603 return 0; 2604 } 2605 } 2606 2607 pgp_forget(passphrase, passlen); 2608 2609 pgp_crypt_any(&decrypt, pkt.u.seckey.alg); 2610 if (pgp_get_debug_level(__FILE__)) { 2611 hexdump(stderr, "input iv", pkt.u.seckey.iv, pgp_block_size(pkt.u.seckey.alg)); 2612 hexdump(stderr, "key", key, CAST_KEY_LENGTH); 2613 } 2614 decrypt.set_iv(&decrypt, pkt.u.seckey.iv); 2615 decrypt.set_crypt_key(&decrypt, key); 2616 2617 /* now read encrypted data */ 2618 2619 pgp_reader_push_decrypt(stream, &decrypt, region); 2620 2621 /* 2622 * Since all known encryption for PGP doesn't compress, we 2623 * can limit to the same length as the current region (for 2624 * now). 2625 */ 2626 pgp_init_subregion(&encregion, NULL); 2627 encregion.length = region->length - region->readc; 2628 if (pkt.u.seckey.pubkey.version != PGP_V4) { 2629 encregion.length -= 2; 2630 } 2631 saved_region = region; 2632 region = &encregion; 2633 } 2634 if (pgp_get_debug_level(__FILE__)) { 2635 fprintf(stderr, "parse_seckey: end of crypted passphrase\n"); 2636 } 2637 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2638 /* XXX - Hard-coded SHA1 here ?? Check */ 2639 pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE); 2640 if (pkt.u.seckey.checkhash == NULL) { 2641 (void) fprintf(stderr, "parse_seckey: bad alloc\n"); 2642 return 0; 2643 } 2644 pgp_hash_sha1(&checkhash); 2645 pgp_reader_push_hash(stream, &checkhash); 2646 } else { 2647 pgp_reader_push_sum16(stream); 2648 } 2649 if (pgp_get_debug_level(__FILE__)) { 2650 fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n"); 2651 } 2652 switch (pkt.u.seckey.pubkey.alg) { 2653 case PGP_PKA_RSA: 2654 case PGP_PKA_RSA_ENCRYPT_ONLY: 2655 case PGP_PKA_RSA_SIGN_ONLY: 2656 if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) || 2657 !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) || 2658 !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) || 2659 !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) { 2660 ret = 0; 2661 } 2662 break; 2663 2664 case PGP_PKA_DSA: 2665 if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) { 2666 ret = 0; 2667 } 2668 break; 2669 2670 case PGP_PKA_ECDSA: 2671 if (!limread_mpi(&pkt.u.seckey.key.ecdsa.x, region, stream)) { 2672 ret = 0; 2673 } 2674 break; 2675 2676 case PGP_PKA_ELGAMAL: 2677 if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) { 2678 ret = 0; 2679 } 2680 break; 2681 2682 default: 2683 PGP_ERROR_2(&stream->errors, 2684 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2685 "Unsupported Public Key algorithm %d (%s)", 2686 pkt.u.seckey.pubkey.alg, 2687 pgp_show_pka(pkt.u.seckey.pubkey.alg)); 2688 ret = 0; 2689 } 2690 2691 if (pgp_get_debug_level(__FILE__)) { 2692 (void) fprintf(stderr, "4 MPIs read\n"); 2693 } 2694 stream->reading_v3_secret = 0; 2695 2696 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2697 uint8_t hash[PGP_CHECKHASH_SIZE]; 2698 2699 pgp_reader_pop_hash(stream); 2700 checkhash.finish(&checkhash, hash); 2701 2702 if (crypted && 2703 pkt.u.seckey.pubkey.version != PGP_V4) { 2704 pgp_reader_pop_decrypt(stream); 2705 region = saved_region; 2706 } 2707 if (ret) { 2708 if (!limread(pkt.u.seckey.checkhash, 2709 PGP_CHECKHASH_SIZE, region, stream)) { 2710 return 0; 2711 } 2712 2713 if (memcmp(hash, pkt.u.seckey.checkhash, 2714 PGP_CHECKHASH_SIZE) != 0) { 2715 ERRP(&stream->cbinfo, pkt, 2716 "Hash mismatch in secret key"); 2717 } 2718 } 2719 } else { 2720 uint16_t sum; 2721 2722 sum = pgp_reader_pop_sum16(stream); 2723 if (crypted && 2724 pkt.u.seckey.pubkey.version != PGP_V4) { 2725 pgp_reader_pop_decrypt(stream); 2726 region = saved_region; 2727 } 2728 if (ret) { 2729 if (!limread_scalar(&pkt.u.seckey.checksum, 2, 2730 region, stream)) 2731 return 0; 2732 2733 if (sum != pkt.u.seckey.checksum) { 2734 ERRP(&stream->cbinfo, pkt, 2735 "Checksum mismatch in secret key"); 2736 } 2737 } 2738 } 2739 2740 if (crypted && pkt.u.seckey.pubkey.version == PGP_V4) { 2741 pgp_reader_pop_decrypt(stream); 2742 } 2743 if (region == NULL) { 2744 (void) fprintf(stderr, "parse_seckey: NULL region\n"); 2745 return 0; 2746 } 2747 if (ret && region->readc != region->length) { 2748 (void) fprintf(stderr, "parse_seckey: bad length\n"); 2749 return 0; 2750 } 2751 if (!ret) { 2752 return 0; 2753 } 2754 CALLBACK(PGP_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt); 2755 if (pgp_get_debug_level(__FILE__)) { 2756 (void) fprintf(stderr, "--- end of parse_seckey\n\n"); 2757 } 2758 return 1; 2759 } 2760 2761 /** 2762 \ingroup Core_ReadPackets 2763 \brief Parse a Public Key Session Key packet 2764 */ 2765 static int 2766 parse_pk_sesskey(pgp_region_t *region, 2767 pgp_stream_t *stream) 2768 { 2769 const pgp_seckey_t *secret; 2770 pgp_packet_t sesskey; 2771 pgp_packet_t pkt; 2772 uint8_t *iv; 2773 uint8_t c = 0x0; 2774 uint8_t cs[2]; 2775 unsigned k; 2776 BIGNUM *g_to_k; 2777 BIGNUM *enc_m; 2778 int n; 2779 uint8_t unencoded_m_buf[1024]; 2780 2781 if (!limread(&c, 1, region, stream)) { 2782 (void) fprintf(stderr, "parse_pk_sesskey - can't read char in region\n"); 2783 return 0; 2784 } 2785 pkt.u.pk_sesskey.version = c; 2786 if (pkt.u.pk_sesskey.version != 3) { 2787 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PKSK_VRSN, 2788 "Bad public-key encrypted session key version (%d)", 2789 pkt.u.pk_sesskey.version); 2790 return 0; 2791 } 2792 if (!limread(pkt.u.pk_sesskey.key_id, 2793 (unsigned)sizeof(pkt.u.pk_sesskey.key_id), region, stream)) { 2794 return 0; 2795 } 2796 if (pgp_get_debug_level(__FILE__)) { 2797 hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id)); 2798 } 2799 if (!limread(&c, 1, region, stream)) { 2800 return 0; 2801 } 2802 pkt.u.pk_sesskey.alg = (pgp_pubkey_alg_t)c; 2803 switch (pkt.u.pk_sesskey.alg) { 2804 case PGP_PKA_RSA: 2805 if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m, 2806 region, stream)) { 2807 return 0; 2808 } 2809 enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m; 2810 g_to_k = NULL; 2811 break; 2812 2813 case PGP_PKA_DSA: 2814 case PGP_PKA_ELGAMAL: 2815 if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k, 2816 region, stream) || 2817 !limread_mpi( 2818 &pkt.u.pk_sesskey.params.elgamal.encrypted_m, 2819 region, stream)) { 2820 return 0; 2821 } 2822 g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k; 2823 enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m; 2824 break; 2825 2826 default: 2827 PGP_ERROR_1(&stream->errors, 2828 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2829 "Unknown public key algorithm in session key (%s)", 2830 pgp_show_pka(pkt.u.pk_sesskey.alg)); 2831 return 0; 2832 } 2833 2834 (void) memset(&sesskey, 0x0, sizeof(sesskey)); 2835 secret = NULL; 2836 sesskey.u.get_seckey.seckey = &secret; 2837 sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey; 2838 2839 if (pgp_get_debug_level(__FILE__)) { 2840 (void) fprintf(stderr, "getting secret key via callback\n"); 2841 } 2842 2843 CALLBACK(PGP_GET_SECKEY, &stream->cbinfo, &sesskey); 2844 2845 if (pgp_get_debug_level(__FILE__)) { 2846 (void) fprintf(stderr, "got secret key via callback\n"); 2847 } 2848 if (!secret) { 2849 CALLBACK(PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo, 2850 &pkt); 2851 return 1; 2852 } 2853 n = pgp_decrypt_decode_mpi(unencoded_m_buf, 2854 (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret); 2855 2856 if (n < 1) { 2857 ERRP(&stream->cbinfo, pkt, "decrypted message too short"); 2858 return 0; 2859 } 2860 2861 /* PKA */ 2862 pkt.u.pk_sesskey.symm_alg = (pgp_symm_alg_t)unencoded_m_buf[0]; 2863 if (pgp_get_debug_level(__FILE__)) { 2864 (void) fprintf(stderr, "symm alg %d\n", pkt.u.pk_sesskey.symm_alg); 2865 } 2866 2867 if (!pgp_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) { 2868 /* ERR1P */ 2869 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, 2870 "Symmetric algorithm %s not supported", 2871 pgp_show_symm_alg( 2872 pkt.u.pk_sesskey.symm_alg)); 2873 return 0; 2874 } 2875 k = pgp_key_size(pkt.u.pk_sesskey.symm_alg); 2876 if (pgp_get_debug_level(__FILE__)) { 2877 (void) fprintf(stderr, "key size %d\n", k); 2878 } 2879 2880 if ((unsigned) n != k + 3) { 2881 PGP_ERROR_2(&stream->errors, PGP_E_PROTO_DECRYPTED_MSG_WRONG_LEN, 2882 "decrypted message wrong length (got %d expected %d)", 2883 n, k + 3); 2884 return 0; 2885 } 2886 if (k > sizeof(pkt.u.pk_sesskey.key)) { 2887 (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n"); 2888 return 0; 2889 } 2890 2891 (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k); 2892 2893 if (pgp_get_debug_level(__FILE__)) { 2894 hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k); 2895 } 2896 pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] + 2897 (unencoded_m_buf[k + 2] << 8); 2898 if (pgp_get_debug_level(__FILE__)) { 2899 (void) fprintf(stderr, "session key checksum: %2x %2x\n", 2900 unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); 2901 } 2902 2903 /* Check checksum */ 2904 pgp_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]); 2905 if (unencoded_m_buf[k + 1] != cs[0] || 2906 unencoded_m_buf[k + 2] != cs[1]) { 2907 PGP_ERROR_4(&stream->errors, PGP_E_PROTO_BAD_SK_CHECKSUM, 2908 "Session key checksum wrong: expected %2x %2x, got %2x %2x", 2909 cs[0], cs[1], unencoded_m_buf[k + 1], 2910 unencoded_m_buf[k + 2]); 2911 return 0; 2912 } 2913 2914 if (pgp_get_debug_level(__FILE__)) { 2915 (void) fprintf(stderr, "getting pk session key via callback\n"); 2916 } 2917 /* all is well */ 2918 CALLBACK(PGP_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt); 2919 if (pgp_get_debug_level(__FILE__)) { 2920 (void) fprintf(stderr, "got pk session key via callback\n"); 2921 } 2922 2923 pgp_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg); 2924 iv = calloc(1, stream->decrypt.blocksize); 2925 if (iv == NULL) { 2926 (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n"); 2927 return 0; 2928 } 2929 stream->decrypt.set_iv(&stream->decrypt, iv); 2930 stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key); 2931 pgp_encrypt_init(&stream->decrypt); 2932 free(iv); 2933 return 1; 2934 } 2935 2936 static int 2937 decrypt_se_data(pgp_content_enum tag, pgp_region_t *region, 2938 pgp_stream_t *stream) 2939 { 2940 pgp_crypt_t *decrypt; 2941 const int printerrors = 1; 2942 int r = 1; 2943 2944 decrypt = pgp_get_decrypt(stream); 2945 if (decrypt) { 2946 pgp_region_t encregion; 2947 unsigned b = (unsigned)decrypt->blocksize; 2948 uint8_t buf[PGP_MAX_BLOCK_SIZE + 2] = ""; 2949 2950 pgp_reader_push_decrypt(stream, decrypt, region); 2951 2952 pgp_init_subregion(&encregion, NULL); 2953 encregion.length = b + 2; 2954 2955 if (!exact_limread(buf, b + 2, &encregion, stream)) { 2956 return 0; 2957 } 2958 if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { 2959 pgp_reader_pop_decrypt(stream); 2960 PGP_ERROR_4(&stream->errors, 2961 PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT, 2962 "Bad symmetric decrypt (%02x%02x vs %02x%02x)", 2963 buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); 2964 return 0; 2965 } 2966 if (tag == PGP_PTAG_CT_SE_DATA_BODY) { 2967 decrypt->decrypt_resync(decrypt); 2968 decrypt->block_encrypt(decrypt, decrypt->civ, 2969 decrypt->civ); 2970 } 2971 r = pgp_parse(stream, !printerrors); 2972 2973 pgp_reader_pop_decrypt(stream); 2974 } else { 2975 pgp_packet_t pkt; 2976 2977 while (region->readc < region->length) { 2978 unsigned len; 2979 2980 len = region->length - region->readc; 2981 if (len > sizeof(pkt.u.se_data_body.data)) 2982 len = sizeof(pkt.u.se_data_body.data); 2983 2984 if (!limread(pkt.u.se_data_body.data, len, 2985 region, stream)) { 2986 return 0; 2987 } 2988 pkt.u.se_data_body.length = len; 2989 CALLBACK(tag, &stream->cbinfo, &pkt); 2990 } 2991 } 2992 2993 return r; 2994 } 2995 2996 static int 2997 decrypt_se_ip_data(pgp_content_enum tag, pgp_region_t *region, 2998 pgp_stream_t *stream) 2999 { 3000 pgp_crypt_t *decrypt; 3001 const int printerrors = 1; 3002 int r = 1; 3003 3004 decrypt = pgp_get_decrypt(stream); 3005 if (decrypt) { 3006 if (pgp_get_debug_level(__FILE__)) { 3007 (void) fprintf(stderr, "decrypt_se_ip_data: decrypt\n"); 3008 } 3009 pgp_reader_push_decrypt(stream, decrypt, region); 3010 pgp_reader_push_se_ip_data(stream, decrypt, region); 3011 3012 r = pgp_parse(stream, !printerrors); 3013 3014 pgp_reader_pop_se_ip_data(stream); 3015 pgp_reader_pop_decrypt(stream); 3016 } else { 3017 pgp_packet_t pkt; 3018 3019 if (pgp_get_debug_level(__FILE__)) { 3020 (void) fprintf(stderr, "decrypt_se_ip_data: no decrypt\n"); 3021 } 3022 while (region->readc < region->length) { 3023 unsigned len; 3024 3025 len = region->length - region->readc; 3026 if (len > sizeof(pkt.u.se_data_body.data)) { 3027 len = sizeof(pkt.u.se_data_body.data); 3028 } 3029 3030 if (!limread(pkt.u.se_data_body.data, 3031 len, region, stream)) { 3032 return 0; 3033 } 3034 3035 pkt.u.se_data_body.length = len; 3036 3037 CALLBACK(tag, &stream->cbinfo, &pkt); 3038 } 3039 } 3040 3041 return r; 3042 } 3043 3044 /** 3045 \ingroup Core_ReadPackets 3046 \brief Read a Symmetrically Encrypted packet 3047 */ 3048 static int 3049 parse_se_data(pgp_region_t *region, pgp_stream_t *stream) 3050 { 3051 pgp_packet_t pkt; 3052 3053 /* there's no info to go with this, so just announce it */ 3054 CALLBACK(PGP_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt); 3055 3056 /* 3057 * The content of an encrypted data packet is more OpenPGP packets 3058 * once decrypted, so recursively handle them 3059 */ 3060 return decrypt_se_data(PGP_PTAG_CT_SE_DATA_BODY, region, stream); 3061 } 3062 3063 /** 3064 \ingroup Core_ReadPackets 3065 \brief Read a Symmetrically Encrypted Integrity Protected packet 3066 */ 3067 static int 3068 parse_se_ip_data(pgp_region_t *region, pgp_stream_t *stream) 3069 { 3070 pgp_packet_t pkt; 3071 uint8_t c = 0x0; 3072 3073 if (!limread(&c, 1, region, stream)) { 3074 return 0; 3075 } 3076 pkt.u.se_ip_data_header = c; 3077 if (pgp_get_debug_level(__FILE__)) { 3078 (void) fprintf(stderr, "parse_se_ip_data: data header %d\n", c); 3079 } 3080 if (pkt.u.se_ip_data_header != PGP_SE_IP_DATA_VERSION) { 3081 (void) fprintf(stderr, "parse_se_ip_data: bad version\n"); 3082 return 0; 3083 } 3084 3085 if (pgp_get_debug_level(__FILE__)) { 3086 (void) fprintf(stderr, "parse_se_ip_data: region %d,%d\n", 3087 region->readc, region->length); 3088 hexdump(stderr, "compressed region", stream->virtualpkt, stream->virtualc); 3089 } 3090 /* 3091 * The content of an encrypted data packet is more OpenPGP packets 3092 * once decrypted, so recursively handle them 3093 */ 3094 return decrypt_se_ip_data(PGP_PTAG_CT_SE_IP_DATA_BODY, region, stream); 3095 } 3096 3097 /** 3098 \ingroup Core_ReadPackets 3099 \brief Read a MDC packet 3100 */ 3101 static int 3102 parse_mdc(pgp_region_t *region, pgp_stream_t *stream) 3103 { 3104 pgp_packet_t pkt; 3105 3106 pkt.u.mdc.length = PGP_SHA1_HASH_SIZE; 3107 if ((pkt.u.mdc.data = calloc(1, PGP_SHA1_HASH_SIZE)) == NULL) { 3108 (void) fprintf(stderr, "parse_mdc: bad alloc\n"); 3109 return 0; 3110 } 3111 if (!limread(pkt.u.mdc.data, PGP_SHA1_HASH_SIZE, region, stream)) { 3112 return 0; 3113 } 3114 CALLBACK(PGP_PTAG_CT_MDC, &stream->cbinfo, &pkt); 3115 free(pkt.u.mdc.data); 3116 return 1; 3117 } 3118 3119 /** 3120 * \ingroup Core_ReadPackets 3121 * \brief Parse one packet. 3122 * 3123 * This function parses the packet tag. It computes the value of the 3124 * content tag and then calls the appropriate function to handle the 3125 * content. 3126 * 3127 * \param *stream How to parse 3128 * \param *pktlen On return, will contain number of bytes in packet 3129 * \return 1 on success, 0 on error, -1 on EOF */ 3130 static int 3131 parse_packet(pgp_stream_t *stream, uint32_t *pktlen) 3132 { 3133 pgp_packet_t pkt; 3134 pgp_region_t region; 3135 pgp_content_enum tag; 3136 uint8_t ptag; 3137 unsigned indeterminate = 0; 3138 int ret; 3139 3140 pkt.u.ptag.position = stream->readinfo.position; 3141 3142 ret = base_read(&ptag, 1, stream); 3143 3144 if (pgp_get_debug_level(__FILE__)) { 3145 (void) fprintf(stderr, 3146 "parse_packet: base_read returned %d, ptag %d\n", 3147 ret, ptag); 3148 } 3149 3150 /* errors in the base read are effectively EOF. */ 3151 if (ret <= 0) { 3152 return -1; 3153 } 3154 3155 *pktlen = 0; 3156 3157 if (!(ptag & PGP_PTAG_ALWAYS_SET)) { 3158 pkt.u.error = "Format error (ptag bit not set)"; 3159 CALLBACK(PGP_PARSER_ERROR, &stream->cbinfo, &pkt); 3160 return 0; 3161 } 3162 pkt.u.ptag.new_format = !!(ptag & PGP_PTAG_NEW_FORMAT); 3163 if (pkt.u.ptag.new_format) { 3164 pkt.u.ptag.type = (ptag & PGP_PTAG_NF_CONTENT_TAG_MASK); 3165 pkt.u.ptag.length_type = 0; 3166 if (!read_new_length(&pkt.u.ptag.length, stream)) { 3167 return 0; 3168 } 3169 } else { 3170 unsigned rb; 3171 3172 rb = 0; 3173 pkt.u.ptag.type = ((unsigned)ptag & 3174 PGP_PTAG_OF_CONTENT_TAG_MASK) 3175 >> PGP_PTAG_OF_CONTENT_TAG_SHIFT; 3176 pkt.u.ptag.length_type = ptag & PGP_PTAG_OF_LENGTH_TYPE_MASK; 3177 switch (pkt.u.ptag.length_type) { 3178 case PGP_PTAG_OLD_LEN_1: 3179 rb = _read_scalar(&pkt.u.ptag.length, 1, stream); 3180 break; 3181 3182 case PGP_PTAG_OLD_LEN_2: 3183 rb = _read_scalar(&pkt.u.ptag.length, 2, stream); 3184 break; 3185 3186 case PGP_PTAG_OLD_LEN_4: 3187 rb = _read_scalar(&pkt.u.ptag.length, 4, stream); 3188 break; 3189 3190 case PGP_PTAG_OLD_LEN_INDETERMINATE: 3191 pkt.u.ptag.length = 0; 3192 indeterminate = 1; 3193 rb = 1; 3194 break; 3195 } 3196 if (!rb) { 3197 return 0; 3198 } 3199 } 3200 3201 CALLBACK(PGP_PARSER_PTAG, &stream->cbinfo, &pkt); 3202 3203 pgp_init_subregion(®ion, NULL); 3204 region.length = pkt.u.ptag.length; 3205 region.indeterminate = indeterminate; 3206 if (pgp_get_debug_level(__FILE__)) { 3207 (void) fprintf(stderr, "parse_packet: type %u\n", 3208 pkt.u.ptag.type); 3209 } 3210 3211 /* save tag for accumulator */ 3212 tag = pkt.u.ptag.type; 3213 switch (pkt.u.ptag.type) { 3214 case PGP_PTAG_CT_SIGNATURE: 3215 ret = parse_sig(®ion, stream); 3216 break; 3217 3218 case PGP_PTAG_CT_PUBLIC_KEY: 3219 case PGP_PTAG_CT_PUBLIC_SUBKEY: 3220 ret = parse_pubkey((pgp_content_enum)pkt.u.ptag.type, ®ion, stream); 3221 break; 3222 3223 case PGP_PTAG_CT_TRUST: 3224 ret = parse_trust(®ion, stream); 3225 break; 3226 3227 case PGP_PTAG_CT_USER_ID: 3228 ret = parse_userid(®ion, stream); 3229 break; 3230 3231 case PGP_PTAG_CT_COMPRESSED: 3232 ret = parse_compressed(®ion, stream); 3233 break; 3234 3235 case PGP_PTAG_CT_1_PASS_SIG: 3236 ret = parse_one_pass(®ion, stream); 3237 break; 3238 3239 case PGP_PTAG_CT_LITDATA: 3240 ret = parse_litdata(®ion, stream); 3241 break; 3242 3243 case PGP_PTAG_CT_USER_ATTR: 3244 ret = parse_userattr(®ion, stream); 3245 break; 3246 3247 case PGP_PTAG_CT_SECRET_KEY: 3248 ret = parse_seckey(®ion, stream); 3249 break; 3250 3251 case PGP_PTAG_CT_SECRET_SUBKEY: 3252 ret = parse_seckey(®ion, stream); 3253 break; 3254 3255 case PGP_PTAG_CT_PK_SESSION_KEY: 3256 ret = parse_pk_sesskey(®ion, stream); 3257 break; 3258 3259 case PGP_PTAG_CT_SE_DATA: 3260 ret = parse_se_data(®ion, stream); 3261 break; 3262 3263 case PGP_PTAG_CT_SE_IP_DATA: 3264 ret = parse_se_ip_data(®ion, stream); 3265 break; 3266 3267 case PGP_PTAG_CT_MDC: 3268 ret = parse_mdc(®ion, stream); 3269 break; 3270 3271 default: 3272 PGP_ERROR_1(&stream->errors, PGP_E_P_UNKNOWN_TAG, 3273 "Unknown content tag 0x%x", 3274 pkt.u.ptag.type); 3275 ret = 0; 3276 } 3277 3278 /* Ensure that the entire packet has been consumed */ 3279 3280 if (region.length != region.readc && !region.indeterminate) { 3281 if (!consume_packet(®ion, stream, 0)) { 3282 ret = -1; 3283 } 3284 } 3285 3286 /* also consume it if there's been an error? */ 3287 /* \todo decide what to do about an error on an */ 3288 /* indeterminate packet */ 3289 if (ret == 0) { 3290 if (!consume_packet(®ion, stream, 0)) { 3291 ret = -1; 3292 } 3293 } 3294 /* set pktlen */ 3295 3296 *pktlen = stream->readinfo.alength; 3297 3298 /* do callback on entire packet, if desired and there was no error */ 3299 3300 if (ret > 0 && stream->readinfo.accumulate) { 3301 pkt.u.packet.length = stream->readinfo.alength; 3302 pkt.u.packet.raw = stream->readinfo.accumulated; 3303 pkt.u.packet.tag = tag; 3304 stream->readinfo.accumulated = NULL; 3305 stream->readinfo.asize = 0; 3306 CALLBACK(PGP_PARSER_PACKET_END, &stream->cbinfo, &pkt); 3307 } 3308 stream->readinfo.alength = 0; 3309 3310 return (ret < 0) ? -1 : (ret) ? 1 : 0; 3311 } 3312 3313 /** 3314 * \ingroup Core_ReadPackets 3315 * 3316 * \brief Parse packets from an input stream until EOF or error. 3317 * 3318 * \details Setup the necessary parsing configuration in "stream" 3319 * before calling pgp_parse(). 3320 * 3321 * That information includes : 3322 * 3323 * - a "reader" function to be used to get the data to be parsed 3324 * 3325 * - a "callback" function to be called when this library has identified 3326 * a parseable object within the data 3327 * 3328 * - whether the calling function wants the signature subpackets 3329 * returned raw, parsed or not at all. 3330 * 3331 * After returning, stream->errors holds any errors encountered while parsing. 3332 * 3333 * \param stream Parsing configuration 3334 * \return 1 on success in all packets, 0 on error in any packet 3335 * 3336 * \sa CoreAPI Overview 3337 * 3338 * \sa pgp_print_errors() 3339 * 3340 */ 3341 3342 int 3343 pgp_parse(pgp_stream_t *stream, const int perrors) 3344 { 3345 uint32_t pktlen; 3346 int r; 3347 3348 do { 3349 r = parse_packet(stream, &pktlen); 3350 } while (r != -1); 3351 if (perrors) { 3352 pgp_print_errors(stream->errors); 3353 } 3354 return (stream->errors == NULL); 3355 } 3356 3357 /** 3358 * \ingroup Core_ReadPackets 3359 * 3360 * \brief Specifies whether one or more signature 3361 * subpacket types should be returned parsed; or raw; or ignored. 3362 * 3363 * \param stream Pointer to previously allocated structure 3364 * \param tag Packet tag. PGP_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag 3365 * \param type Parse type 3366 * \todo Make all packet types optional, not just subpackets */ 3367 void 3368 pgp_parse_options(pgp_stream_t *stream, 3369 pgp_content_enum tag, 3370 pgp_parse_type_t type) 3371 { 3372 unsigned t7; 3373 unsigned t8; 3374 3375 if (tag == PGP_PTAG_SS_ALL) { 3376 int n; 3377 3378 for (n = 0; n < 256; ++n) { 3379 pgp_parse_options(stream, 3380 PGP_PTAG_SIG_SUBPKT_BASE + n, 3381 type); 3382 } 3383 return; 3384 } 3385 if (tag < PGP_PTAG_SIG_SUBPKT_BASE || 3386 tag > PGP_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) { 3387 (void) fprintf(stderr, "pgp_parse_options: bad tag\n"); 3388 return; 3389 } 3390 t8 = (tag - PGP_PTAG_SIG_SUBPKT_BASE) / 8; 3391 t7 = 1 << ((tag - PGP_PTAG_SIG_SUBPKT_BASE) & 7); 3392 switch (type) { 3393 case PGP_PARSE_RAW: 3394 stream->ss_raw[t8] |= t7; 3395 stream->ss_parsed[t8] &= ~t7; 3396 break; 3397 3398 case PGP_PARSE_PARSED: 3399 stream->ss_raw[t8] &= ~t7; 3400 stream->ss_parsed[t8] |= t7; 3401 break; 3402 3403 case PGP_PARSE_IGNORE: 3404 stream->ss_raw[t8] &= ~t7; 3405 stream->ss_parsed[t8] &= ~t7; 3406 break; 3407 } 3408 } 3409 3410 /** 3411 \ingroup Core_ReadPackets 3412 \brief Free pgp_stream_t struct and its contents 3413 */ 3414 void 3415 pgp_stream_delete(pgp_stream_t *stream) 3416 { 3417 pgp_cbdata_t *cbinfo; 3418 pgp_cbdata_t *next; 3419 3420 for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) { 3421 next = cbinfo->next; 3422 free(cbinfo); 3423 } 3424 if (stream->readinfo.destroyer) { 3425 stream->readinfo.destroyer(&stream->readinfo); 3426 } 3427 pgp_free_errors(stream->errors); 3428 if (stream->readinfo.accumulated) { 3429 free(stream->readinfo.accumulated); 3430 } 3431 free(stream); 3432 } 3433 3434 /** 3435 \ingroup Core_ReadPackets 3436 \brief Returns the parse_info's reader_info 3437 \return Pointer to the reader_info inside the parse_info 3438 */ 3439 pgp_reader_t * 3440 pgp_readinfo(pgp_stream_t *stream) 3441 { 3442 return &stream->readinfo; 3443 } 3444 3445 /** 3446 \ingroup Core_ReadPackets 3447 \brief Sets the parse_info's callback 3448 This is used when adding the first callback in a stack of callbacks. 3449 \sa pgp_callback_push() 3450 */ 3451 3452 void 3453 pgp_set_callback(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg) 3454 { 3455 stream->cbinfo.cbfunc = cb; 3456 stream->cbinfo.arg = arg; 3457 stream->cbinfo.errors = &stream->errors; 3458 } 3459 3460 /** 3461 \ingroup Core_ReadPackets 3462 \brief Adds a further callback to a stack of callbacks 3463 \sa pgp_set_callback() 3464 */ 3465 void 3466 pgp_callback_push(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg) 3467 { 3468 pgp_cbdata_t *cbinfo; 3469 3470 if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) { 3471 (void) fprintf(stderr, "pgp_callback_push: bad alloc\n"); 3472 return; 3473 } 3474 (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo)); 3475 cbinfo->io = stream->io; 3476 stream->cbinfo.next = cbinfo; 3477 pgp_set_callback(stream, cb, arg); 3478 } 3479 3480 /** 3481 \ingroup Core_ReadPackets 3482 \brief Returns callback's arg 3483 */ 3484 void * 3485 pgp_callback_arg(pgp_cbdata_t *cbinfo) 3486 { 3487 return cbinfo->arg; 3488 } 3489 3490 /** 3491 \ingroup Core_ReadPackets 3492 \brief Returns callback's errors 3493 */ 3494 void * 3495 pgp_callback_errors(pgp_cbdata_t *cbinfo) 3496 { 3497 return cbinfo->errors; 3498 } 3499 3500 /** 3501 \ingroup Core_ReadPackets 3502 \brief Calls the parse_cb_info's callback if present 3503 \return Return value from callback, if present; else PGP_FINISHED 3504 */ 3505 pgp_cb_ret_t 3506 pgp_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) 3507 { 3508 return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : PGP_FINISHED; 3509 } 3510 3511 /** 3512 \ingroup Core_ReadPackets 3513 \brief Calls the next callback in the stack 3514 \return Return value from callback 3515 */ 3516 pgp_cb_ret_t 3517 pgp_stacked_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) 3518 { 3519 return pgp_callback(pkt, cbinfo->next); 3520 } 3521 3522 /** 3523 \ingroup Core_ReadPackets 3524 \brief Returns the parse_info's errors 3525 \return parse_info's errors 3526 */ 3527 pgp_error_t * 3528 pgp_stream_get_errors(pgp_stream_t *stream) 3529 { 3530 return stream->errors; 3531 } 3532 3533 pgp_crypt_t * 3534 pgp_get_decrypt(pgp_stream_t *stream) 3535 { 3536 return (stream->decrypt.alg) ? &stream->decrypt : NULL; 3537 } 3538
Indexes created Thu Jun 11 00:25:07 UTC 2026