1 /*-
2 * Copyright (c) 2009 The NetBSD Foundation, Inc.
3 * All rights reserved.
4 *
5 * This code is derived from software contributed to The NetBSD Foundation
6 * by Alistair Crooks (agc@NetBSD.org)
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29 /*
30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
31 * All rights reserved.
32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
33 * their moral rights under the UK Copyright Design and Patents Act 1988 to
34 * be recorded as the authors of this copyright work.
35 *
36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
37 * use this file except in compliance with the License.
38 *
39 * You may obtain a copy of the License at
40 * http://www.apache.org/licenses/LICENSE-2.0
41 *
42 * Unless required by applicable law or agreed to in writing, software
43 * distributed under the License is distributed on an "AS IS" BASIS,
44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45 *
46 * See the License for the specific language governing permissions and
47 * limitations under the License.
48 */
49
50 /** \file
51 * \brief Parser for OpenPGP packets
52 */
53 #include "config.h"
54
55 #ifdef HAVE_SYS_CDEFS_H
56 #include <sys/cdefs.h>
57 #endif
58
59 #if defined(__NetBSD__)
60 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
61 __RCSID("$NetBSD: packet-parse.c,v 1.54 2022/08/26 19:18:38 jhigh Exp $");
62 #endif
63
64 #include <sys/types.h>
65 #include <sys/param.h>
66
67 #ifdef HAVE_OPENSSL_CAST_H
68 #include <openssl/cast.h>
69 #endif
70
71 #include <stdarg.h>
72 #include <stdlib.h>
73 #include <string.h>
74
75 #ifdef HAVE_UNISTD_H
76 #include <unistd.h>
77 #endif
78
79 #ifdef HAVE_LIMITS_H
80 #include <limits.h>
81 #endif
82
83 #include "packet.h"
84 #include "packet-parse.h"
85 #include "keyring.h"
86 #include "errors.h"
87 #include "packet-show.h"
88 #include "create.h"
89 #include "readerwriter.h"
90 #include "netpgpdefs.h"
91 #include "crypto.h"
92 #include "netpgpdigest.h"
93
94 #define ERRP(cbinfo, cont, err) do { \
95 cont.u.error = err; \
96 CALLBACK(PGP_PARSER_ERROR, cbinfo, &cont); \
97 return 0; \
98 /*NOTREACHED*/ \
99 } while(/*CONSTCOND*/0)
100
101 /**
102 * limread_data reads the specified amount of the subregion's data
103 * into a data_t structure
104 *
105 * \param data Empty structure which will be filled with data
106 * \param len Number of octets to read
107 * \param subregion
108 * \param stream How to parse
109 *
110 * \return 1 on success, 0 on failure
111 */
112 static int
limread_data(pgp_data_t * data,unsigned len,pgp_region_t * subregion,pgp_stream_t * stream)113 limread_data(pgp_data_t *data, unsigned len,
114 pgp_region_t *subregion, pgp_stream_t *stream)
115 {
116 data->len = len;
117
118 if (subregion->length - subregion->readc < len) {
119 (void) fprintf(stderr, "limread_data: bad length\n");
120 return 0;
121 }
122
123 data->contents = calloc(1, data->len);
124 if (!data->contents) {
125 return 0;
126 }
127
128 return pgp_limited_read(stream, data->contents, data->len, subregion,
129 &stream->errors, &stream->readinfo, &stream->cbinfo);
130 }
131
132 /**
133 * read_data reads the remainder of the subregion's data
134 * into a data_t structure
135 *
136 * \param data
137 * \param subregion
138 * \param stream
139 *
140 * \return 1 on success, 0 on failure
141 */
142 static int
read_data(pgp_data_t * data,pgp_region_t * region,pgp_stream_t * stream)143 read_data(pgp_data_t *data, pgp_region_t *region, pgp_stream_t *stream)
144 {
145 int cc;
146
147 cc = region->length - region->readc;
148 return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0;
149 }
150
151 /**
152 * Reads the remainder of the subregion as a string.
153 * It is the user's responsibility to free the memory allocated here.
154 */
155
156 static int
read_unsig_str(uint8_t ** str,pgp_region_t * subregion,pgp_stream_t * stream)157 read_unsig_str(uint8_t **str, pgp_region_t *subregion,
158 pgp_stream_t *stream)
159 {
160 size_t len;
161
162 len = subregion->length - subregion->readc;
163 if ((*str = calloc(1, len + 1)) == NULL) {
164 return 0;
165 }
166 if (len &&
167 !pgp_limited_read(stream, *str, len, subregion, &stream->errors,
168 &stream->readinfo, &stream->cbinfo)) {
169 return 0;
170 }
171 (*str)[len] = '\0';
172 return 1;
173 }
174
175 static int
read_string(char ** str,pgp_region_t * subregion,pgp_stream_t * stream)176 read_string(char **str, pgp_region_t *subregion, pgp_stream_t *stream)
177 {
178 return read_unsig_str((uint8_t **) str, subregion, stream);
179 }
180
181 void
pgp_init_subregion(pgp_region_t * subregion,pgp_region_t * region)182 pgp_init_subregion(pgp_region_t *subregion, pgp_region_t *region)
183 {
184 (void) memset(subregion, 0x0, sizeof(*subregion));
185 subregion->parent = region;
186 }
187
188 /*
189 * XXX: replace pgp_ptag_t with something more appropriate for limiting reads
190 */
191
192 /**
193 * low-level function to read data from reader function
194 *
195 * Use this function, rather than calling the reader directly.
196 *
197 * If the accumulate flag is set in *stream, the function
198 * adds the read data to the accumulated data, and updates
199 * the accumulated length. This is useful if, for example,
200 * the application wants access to the raw data as well as the
201 * parsed data.
202 *
203 * This function will also try to read the entire amount asked for, but not
204 * if it is over INT_MAX. Obviously many callers will know that they
205 * never ask for that much and so can avoid the extra complexity of
206 * dealing with return codes and filled-in lengths.
207 *
208 * \param *dest
209 * \param *plength
210 * \param flags
211 * \param *stream
212 *
213 * \return PGP_R_OK
214 * \return PGP_R_PARTIAL_READ
215 * \return PGP_R_EOF
216 * \return PGP_R_EARLY_EOF
217 *
218 * \sa #pgp_reader_ret_t for details of return codes
219 */
220
221 static int
sub_base_read(pgp_stream_t * stream,void * dest,size_t length,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)222 sub_base_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors,
223 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo)
224 {
225 size_t n;
226
227 /* reading more than this would look like an error */
228 if (length > INT_MAX)
229 length = INT_MAX;
230
231 for (n = 0; n < length;) {
232 int r;
233
234 r = readinfo->reader(stream, (char *) dest + n, length - n, errors,
235 readinfo, cbinfo);
236 if (r > (int)(length - n)) {
237 (void) fprintf(stderr, "sub_base_read: bad read\n");
238 return 0;
239 }
240 if (r < 0) {
241 return r;
242 }
243 if (r == 0) {
244 break;
245 }
246 n += (unsigned)r;
247 }
248
249 if (n == 0) {
250 return 0;
251 }
252 if (readinfo->accumulate) {
253 if (readinfo->asize < readinfo->alength) {
254 (void) fprintf(stderr, "sub_base_read: bad size\n");
255 return 0;
256 }
257 if (readinfo->alength + n > readinfo->asize) {
258 uint8_t *temp;
259
260 readinfo->asize = (readinfo->asize * 2) + (unsigned)n;
261 temp = realloc(readinfo->accumulated, readinfo->asize);
262 if (temp == NULL) {
263 (void) fprintf(stderr,
264 "sub_base_read: bad alloc\n");
265 return 0;
266 }
267 readinfo->accumulated = temp;
268 }
269 if (readinfo->asize < readinfo->alength + n) {
270 (void) fprintf(stderr, "sub_base_read: bad realloc\n");
271 return 0;
272 }
273 (void) memcpy(readinfo->accumulated + readinfo->alength, dest,
274 n);
275 }
276 /* we track length anyway, because it is used for packet offsets */
277 readinfo->alength += (unsigned)n;
278 /* and also the position */
279 readinfo->position += (unsigned)n;
280
281 return (int)n;
282 }
283
284 int
pgp_stacked_read(pgp_stream_t * stream,void * dest,size_t length,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)285 pgp_stacked_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors,
286 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo)
287 {
288 return sub_base_read(stream, dest, length, errors, readinfo->next, cbinfo);
289 }
290
291 /* This will do a full read so long as length < MAX_INT */
292 static int
base_read(uint8_t * dest,size_t length,pgp_stream_t * stream)293 base_read(uint8_t *dest, size_t length, pgp_stream_t *stream)
294 {
295 return sub_base_read(stream, dest, length, &stream->errors, &stream->readinfo,
296 &stream->cbinfo);
297 }
298
299 /*
300 * Read a full size_t's worth. If the return is < than length, then
301 * *last_read tells you why - < 0 for an error, == 0 for EOF
302 */
303
304 static size_t
full_read(pgp_stream_t * stream,uint8_t * dest,size_t length,int * last_read,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)305 full_read(pgp_stream_t *stream, uint8_t *dest,
306 size_t length,
307 int *last_read,
308 pgp_error_t **errors,
309 pgp_reader_t *readinfo,
310 pgp_cbdata_t *cbinfo)
311 {
312 size_t t;
313 int r = 0; /* preset in case some loon calls with length
314 * == 0 */
315
316 for (t = 0; t < length;) {
317 r = sub_base_read(stream, dest + t, length - t, errors, readinfo,
318 cbinfo);
319 if (r <= 0) {
320 *last_read = r;
321 return t;
322 }
323 t += (size_t)r;
324 }
325
326 *last_read = r;
327
328 return t;
329 }
330
331
332
333 /** Read a scalar value of selected length from reader.
334 *
335 * Read an unsigned scalar value from reader in Big Endian representation.
336 *
337 * This function does not know or care about packet boundaries. It
338 * also assumes that an EOF is an error.
339 *
340 * \param *result The scalar value is stored here
341 * \param *reader Our reader
342 * \param length How many bytes to read
343 * \return 1 on success, 0 on failure
344 */
345 static unsigned
_read_scalar(unsigned * result,unsigned length,pgp_stream_t * stream)346 _read_scalar(unsigned *result, unsigned length,
347 pgp_stream_t *stream)
348 {
349 unsigned t = 0;
350
351 if (length > sizeof(*result)) {
352 (void) fprintf(stderr, "_read_scalar: bad length\n");
353 return 0;
354 }
355
356 while (length--) {
357 uint8_t c;
358 int r;
359
360 r = base_read(&c, 1, stream);
361 if (r != 1)
362 return 0;
363 t = (t << 8) + c;
364 }
365
366 *result = t;
367 return 1;
368 }
369
370 /**
371 * \ingroup Core_ReadPackets
372 * \brief Read bytes from a region within the packet.
373 *
374 * Read length bytes into the buffer pointed to by *dest.
375 * Make sure we do not read over the packet boundary.
376 * Updates the Packet Tag's pgp_ptag_t::readc.
377 *
378 * If length would make us read over the packet boundary, or if
379 * reading fails, we call the callback with an error.
380 *
381 * Note that if the region is indeterminate, this can return a short
382 * read - check region->last_read for the length. EOF is indicated by
383 * a success return and region->last_read == 0 in this case (for a
384 * region of known length, EOF is an error).
385 *
386 * This function makes sure to respect packet boundaries.
387 *
388 * \param dest The destination buffer
389 * \param length How many bytes to read
390 * \param region Pointer to packet region
391 * \param errors Error stack
392 * \param readinfo Reader info
393 * \param cbinfo Callback info
394 * \return 1 on success, 0 on error
395 */
396 unsigned
pgp_limited_read(pgp_stream_t * stream,uint8_t * dest,size_t length,pgp_region_t * region,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)397 pgp_limited_read(pgp_stream_t *stream, uint8_t *dest,
398 size_t length,
399 pgp_region_t *region,
400 pgp_error_t **errors,
401 pgp_reader_t *readinfo,
402 pgp_cbdata_t *cbinfo)
403 {
404 size_t r;
405 int lr;
406
407 if (!region->indeterminate &&
408 region->readc + length > region->length) {
409 PGP_ERROR_1(errors, PGP_E_P_NOT_ENOUGH_DATA, "%s",
410 "Not enough data");
411 return 0;
412 }
413 r = full_read(stream, dest, length, &lr, errors, readinfo, cbinfo);
414 if (lr < 0) {
415 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed");
416 return 0;
417 }
418 if (!region->indeterminate && r != length) {
419 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed");
420 return 0;
421 }
422 region->last_read = (unsigned)r;
423 do {
424 region->readc += (unsigned)r;
425 if (region->parent && region->length > region->parent->length) {
426 (void) fprintf(stderr,
427 "ops_limited_read: bad length\n");
428 return 0;
429 }
430 } while ((region = region->parent) != NULL);
431 return 1;
432 }
433
434 /**
435 \ingroup Core_ReadPackets
436 \brief Call pgp_limited_read on next in stack
437 */
438 unsigned
pgp_stacked_limited_read(pgp_stream_t * stream,uint8_t * dest,unsigned length,pgp_region_t * region,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)439 pgp_stacked_limited_read(pgp_stream_t *stream, uint8_t *dest, unsigned length,
440 pgp_region_t *region,
441 pgp_error_t **errors,
442 pgp_reader_t *readinfo,
443 pgp_cbdata_t *cbinfo)
444 {
445 return pgp_limited_read(stream, dest, length, region, errors,
446 readinfo->next, cbinfo);
447 }
448
449 static unsigned
limread(uint8_t * dest,unsigned length,pgp_region_t * region,pgp_stream_t * info)450 limread(uint8_t *dest, unsigned length,
451 pgp_region_t *region, pgp_stream_t *info)
452 {
453 return pgp_limited_read(info, dest, length, region, &info->errors,
454 &info->readinfo, &info->cbinfo);
455 }
456
457 static unsigned
exact_limread(uint8_t * dest,unsigned len,pgp_region_t * region,pgp_stream_t * stream)458 exact_limread(uint8_t *dest, unsigned len,
459 pgp_region_t *region,
460 pgp_stream_t *stream)
461 {
462 unsigned ret;
463
464 stream->exact_read = 1;
465 ret = limread(dest, len, region, stream);
466 stream->exact_read = 0;
467 return ret;
468 }
469
470 /** Skip over length bytes of this packet.
471 *
472 * Calls limread() to skip over some data.
473 *
474 * This function makes sure to respect packet boundaries.
475 *
476 * \param length How many bytes to skip
477 * \param *region Pointer to packet region
478 * \param *stream How to parse
479 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
480 */
481 static int
limskip(unsigned length,pgp_region_t * region,pgp_stream_t * stream)482 limskip(unsigned length, pgp_region_t *region, pgp_stream_t *stream)
483 {
484 uint8_t buf[NETPGP_BUFSIZ];
485
486 while (length > 0) {
487 unsigned n = length % NETPGP_BUFSIZ;
488
489 if (!limread(buf, n, region, stream)) {
490 return 0;
491 }
492 length -= n;
493 }
494 return 1;
495 }
496
497 /** Read a scalar.
498 *
499 * Read a big-endian scalar of length bytes, respecting packet
500 * boundaries (by calling limread() to read the raw data).
501 *
502 * This function makes sure to respect packet boundaries.
503 *
504 * \param *dest The scalar value is stored here
505 * \param length How many bytes make up this scalar (at most 4)
506 * \param *region Pointer to current packet region
507 * \param *stream How to parse
508 * \param *cb The callback
509 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
510 *
511 * \see RFC4880 3.1
512 */
513 static int
limread_scalar(unsigned * dest,unsigned len,pgp_region_t * region,pgp_stream_t * stream)514 limread_scalar(unsigned *dest,
515 unsigned len,
516 pgp_region_t *region,
517 pgp_stream_t *stream)
518 {
519 uint8_t c[4] = "";
520 unsigned t;
521 unsigned n;
522
523 if (len > 4) {
524 (void) fprintf(stderr, "limread_scalar: bad length\n");
525 return 0;
526 }
527 /*LINTED*/
528 if (/*CONSTCOND*/sizeof(*dest) < 4) {
529 (void) fprintf(stderr, "limread_scalar: bad dest\n");
530 return 0;
531 }
532 if (!limread(c, len, region, stream)) {
533 return 0;
534 }
535 for (t = 0, n = 0; n < len; ++n) {
536 t = (t << 8) + c[n];
537 }
538 *dest = t;
539 return 1;
540 }
541
542 /** Read a scalar.
543 *
544 * Read a big-endian scalar of length bytes, respecting packet
545 * boundaries (by calling limread() to read the raw data).
546 *
547 * The value read is stored in a size_t, which is a different size
548 * from an unsigned on some platforms.
549 *
550 * This function makes sure to respect packet boundaries.
551 *
552 * \param *dest The scalar value is stored here
553 * \param length How many bytes make up this scalar (at most 4)
554 * \param *region Pointer to current packet region
555 * \param *stream How to parse
556 * \param *cb The callback
557 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
558 *
559 * \see RFC4880 3.1
560 */
561 static int
limread_size_t(size_t * dest,unsigned length,pgp_region_t * region,pgp_stream_t * stream)562 limread_size_t(size_t *dest,
563 unsigned length,
564 pgp_region_t *region,
565 pgp_stream_t *stream)
566 {
567 unsigned tmp;
568
569 /*
570 * Note that because the scalar is at most 4 bytes, we don't care if
571 * size_t is bigger than usigned
572 */
573 if (!limread_scalar(&tmp, length, region, stream))
574 return 0;
575
576 *dest = tmp;
577 return 1;
578 }
579
580 /** Read a timestamp.
581 *
582 * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar
583 * of 4 bytes.
584 *
585 * This function reads the timestamp using limread_scalar().
586 *
587 * This function makes sure to respect packet boundaries.
588 *
589 * \param *dest The timestamp is stored here
590 * \param *ptag Pointer to current packet's Packet Tag.
591 * \param *reader Our reader
592 * \param *cb The callback
593 * \return see limread_scalar()
594 *
595 * \see RFC4880 3.5
596 */
597 static int
limited_read_time(time_t * dest,pgp_region_t * region,pgp_stream_t * stream)598 limited_read_time(time_t *dest, pgp_region_t *region,
599 pgp_stream_t *stream)
600 {
601 uint8_t c;
602 time_t mytime = 0;
603 int i;
604
605 /*
606 * Cannot assume that time_t is 4 octets long -
607 * SunOS 5.10 and NetBSD both have 64-bit time_ts.
608 */
609 if (/* CONSTCOND */sizeof(time_t) == 4) {
610 return limread_scalar((unsigned *)(void *)dest, 4, region, stream);
611 }
612 for (i = 0; i < 4; i++) {
613 if (!limread(&c, 1, region, stream)) {
614 return 0;
615 }
616 mytime = (mytime << 8) + c;
617 }
618 *dest = mytime;
619 return 1;
620 }
621
622 /**
623 * \ingroup Core_MPI
624 * Read a multiprecision integer.
625 *
626 * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar
627 * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most
628 * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is
629 * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted).
630 *
631 * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are
632 * supposed to be cleared - I guess. XXX - does anything actually say so?
633 *
634 * This function makes sure to respect packet boundaries.
635 *
636 * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed
637 * by the caller XXX right ben?
638 * \param *ptag Pointer to current packet's Packet Tag.
639 * \param *reader Our reader
640 * \param *cb The callback
641 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX
642 * see comment below - the callback is called with a PGP_PARSER_ERROR in case of an error)
643 *
644 * \see RFC4880 3.2
645 */
646 static int
limread_mpi(BIGNUM ** pbn,pgp_region_t * region,pgp_stream_t * stream)647 limread_mpi(BIGNUM **pbn, pgp_region_t *region, pgp_stream_t *stream)
648 {
649 uint8_t buf[NETPGP_BUFSIZ] = "";
650 /* an MPI has a 2 byte length part.
651 * Length is given in bits, so the
652 * largest we should ever need for
653 * the buffer is NETPGP_BUFSIZ bytes. */
654 unsigned length;
655 unsigned nonzero;
656 unsigned ret;
657
658 stream->reading_mpi_len = 1;
659 ret = (unsigned)limread_scalar(&length, 2, region, stream);
660
661 stream->reading_mpi_len = 0;
662 if (!ret)
663 return 0;
664
665 nonzero = length & 7; /* there should be this many zero bits in the
666 * MS byte */
667 if (!nonzero)
668 nonzero = 8;
669 length = (length + 7) / 8;
670
671 if (length == 0) {
672 /* if we try to read a length of 0, then fail */
673 if (pgp_get_debug_level(__FILE__)) {
674 (void) fprintf(stderr, "limread_mpi: 0 length\n");
675 }
676 return 0;
677 }
678 if (length > NETPGP_BUFSIZ) {
679 (void) fprintf(stderr, "limread_mpi: bad length\n");
680 return 0;
681 }
682 if (!limread(buf, length, region, stream)) {
683 return 0;
684 }
685 if (((unsigned)buf[0] >> nonzero) != 0 ||
686 !((unsigned)buf[0] & (1U << (nonzero - 1U)))) {
687 PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR,
688 "%s", "MPI Format error");
689 /* XXX: Ben, one part of
690 * this constraint does
691 * not apply to
692 * encrypted MPIs the
693 * draft says. -- peter */
694 return 0;
695 }
696 *pbn = BN_bin2bn(buf, (int)length, NULL);
697 return 1;
698 }
699
700 static unsigned read_new_length(unsigned *, pgp_stream_t *);
701
702 /* allocate space, read, and stash data away in a virtual pkt */
703 static void
streamread(pgp_stream_t * stream,unsigned c)704 streamread(pgp_stream_t *stream, unsigned c)
705 {
706 int cc;
707
708 stream->virtualpkt = realloc(stream->virtualpkt, stream->virtualc + c);
709 cc = stream->readinfo.reader(stream, &stream->virtualpkt[stream->virtualc],
710 c, &stream->errors, &stream->readinfo, &stream->cbinfo);
711 stream->virtualc += cc;
712 }
713
714 /* coalesce all the partial blocks together */
715 static int
coalesce_blocks(pgp_stream_t * stream,unsigned length)716 coalesce_blocks(pgp_stream_t *stream, unsigned length)
717 {
718 unsigned c;
719
720 stream->coalescing = 1;
721 /* already read a partial block length - prime the array */
722 streamread(stream, length);
723 while (read_new_length(&c, stream) && stream->partial_read) {
724 /* length we read is partial - add to end of array */
725 streamread(stream, c);
726 }
727 /* not partial - add the last extent to the end of the array */
728 streamread(stream, c);
729 stream->coalescing = 0;
730 return 1;
731 }
732
733 /** Read some data with a New-Format length from reader.
734 *
735 * \sa Internet-Draft RFC4880.txt Section 4.2.2
736 *
737 * \param *length Where the decoded length will be put
738 * \param *stream How to parse
739 * \return 1 if OK, else 0
740 *
741 */
742
743 static unsigned
read_new_length(unsigned * length,pgp_stream_t * stream)744 read_new_length(unsigned *length, pgp_stream_t *stream)
745 {
746 uint8_t c;
747
748 stream->partial_read = 0;
749 if (base_read(&c, 1, stream) != 1) {
750 return 0;
751 }
752 if (c < 192) {
753 /* 1. One-octet packet */
754 *length = c;
755 return 1;
756 }
757 if (c < 224) {
758 /* 2. Two-octet packet */
759 unsigned t = (c - 192) << 8;
760
761 if (base_read(&c, 1, stream) != 1) {
762 return 0;
763 }
764 *length = t + c + 192;
765 return 1;
766 }
767 if (c < 255) {
768 /* 3. Partial Body Length */
769 stream->partial_read = 1;
770 *length = 1 << (c & 0x1f);
771 if (!stream->coalescing) {
772 /* we have been called from coalesce_blocks -
773 * just return with the partial length */
774 coalesce_blocks(stream, *length);
775 *length = stream->virtualc;
776 }
777 return 1;
778 }
779 /* 4. Five-Octet packet */
780 return _read_scalar(length, 4, stream);
781 }
782
783 /** Read the length information for a new format Packet Tag.
784 *
785 * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and
786 * decodes it to the proper length information.
787 *
788 * This function makes sure to respect packet boundaries.
789 *
790 * \param *length return the length here
791 * \param *ptag Pointer to current packet's Packet Tag.
792 * \param *reader Our reader
793 * \param *cb The callback
794 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX
795 * see comment below)
796 *
797 * \see RFC4880 4.2.2
798 * \see pgp_ptag_t
799 */
800 static int
limited_read_new_length(unsigned * length,pgp_region_t * region,pgp_stream_t * stream)801 limited_read_new_length(unsigned *length, pgp_region_t *region,
802 pgp_stream_t *stream)
803 {
804 uint8_t c = 0x0;
805
806 if (!limread(&c, 1, region, stream)) {
807 return 0;
808 }
809 if (c < 192) {
810 *length = c;
811 return 1;
812 }
813 if (c < 224) {
814 unsigned t = (c - 192) << 8;
815
816 if (!limread(&c, 1, region, stream)) {
817 return 0;
818 }
819 *length = t + c + 192;
820 return 1;
821 }
822 if (c < 255) {
823 stream->partial_read = 1;
824 *length = 1 << (c & 0x1f);
825 if (!stream->coalescing) {
826 /* we have been called from coalesce_blocks -
827 * just return with the partial length */
828 coalesce_blocks(stream, *length);
829 *length = stream->virtualc;
830 }
831 return 1;
832 }
833 return limread_scalar(length, 4, region, stream);
834 }
835
836 /**
837 \ingroup Core_Create
838 \brief Free allocated memory
839 */
840 void
pgp_data_free(pgp_data_t * data)841 pgp_data_free(pgp_data_t *data)
842 {
843 free(data->contents);
844 data->contents = NULL;
845 data->len = 0;
846 }
847
848 /**
849 \ingroup Core_Create
850 \brief Free allocated memory
851 */
852 static void
string_free(char ** str)853 string_free(char **str)
854 {
855 free(*str);
856 *str = NULL;
857 }
858
859 /**
860 \ingroup Core_Create
861 \brief Free allocated memory
862 */
863 /* ! Free packet memory, set pointer to NULL */
864 void
pgp_subpacket_free(pgp_subpacket_t * packet)865 pgp_subpacket_free(pgp_subpacket_t *packet)
866 {
867 free(packet->raw);
868 packet->raw = NULL;
869 packet->tag = PGP_PTAG_CT_RESERVED;
870 }
871
872 /**
873 \ingroup Core_Create
874 \brief Free allocated memory
875 */
876 static void
headers_free(pgp_headers_t * headers)877 headers_free(pgp_headers_t *headers)
878 {
879 unsigned n;
880
881 for (n = 0; n < headers->headerc; ++n) {
882 free(headers->headers[n].key);
883 free(headers->headers[n].value);
884 }
885 free(headers->headers);
886 headers->headers = NULL;
887 }
888
889 /**
890 \ingroup Core_Create
891 \brief Free allocated memory
892 */
893 static void
cleartext_trailer_free(struct pgp_hash_t ** trailer)894 cleartext_trailer_free(struct pgp_hash_t **trailer)
895 {
896 free(*trailer);
897 *trailer = NULL;
898 }
899
900 /**
901 \ingroup Core_Create
902 \brief Free allocated memory
903 */
904 static void
cmd_get_passphrase_free(pgp_seckey_passphrase_t * skp)905 cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp)
906 {
907 if (skp->passphrase && *skp->passphrase) {
908 free(*skp->passphrase);
909 *skp->passphrase = NULL;
910 }
911 }
912
913 /**
914 \ingroup Core_Create
915 \brief Free allocated memory
916 */
917 static void
free_BN(BIGNUM ** pp)918 free_BN(BIGNUM **pp)
919 {
920 BN_free(*pp);
921 *pp = NULL;
922 }
923
924 /**
925 * \ingroup Core_Create
926 * \brief Free the memory used when parsing a signature
927 * \param sig
928 */
929 static void
sig_free(pgp_sig_t * sig)930 sig_free(pgp_sig_t *sig)
931 {
932 switch (sig->info.key_alg) {
933 case PGP_PKA_RSA:
934 case PGP_PKA_RSA_SIGN_ONLY:
935 free_BN(&sig->info.sig.rsa.sig);
936 break;
937
938 case PGP_PKA_DSA:
939 free_BN(&sig->info.sig.dsa.r);
940 free_BN(&sig->info.sig.dsa.s);
941 break;
942
943 case PGP_PKA_ECDSA:
944 free_BN(&sig->info.sig.ecdsa.r);
945 free_BN(&sig->info.sig.ecdsa.s);
946 break;
947
948 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
949 free_BN(&sig->info.sig.elgamal.r);
950 free_BN(&sig->info.sig.elgamal.s);
951 break;
952
953 case PGP_PKA_PRIVATE00:
954 case PGP_PKA_PRIVATE01:
955 case PGP_PKA_PRIVATE02:
956 case PGP_PKA_PRIVATE03:
957 case PGP_PKA_PRIVATE04:
958 case PGP_PKA_PRIVATE05:
959 case PGP_PKA_PRIVATE06:
960 case PGP_PKA_PRIVATE07:
961 case PGP_PKA_PRIVATE08:
962 case PGP_PKA_PRIVATE09:
963 case PGP_PKA_PRIVATE10:
964 pgp_data_free(&sig->info.sig.unknown);
965 break;
966
967 default:
968 (void) fprintf(stderr, "sig_free: bad sig type\n");
969 }
970 }
971
972 /**
973 \ingroup Core_Create
974 \brief Free allocated memory
975 */
976 /* ! Free any memory allocated when parsing the packet content */
977 void
pgp_parser_content_free(pgp_packet_t * c)978 pgp_parser_content_free(pgp_packet_t *c)
979 {
980 switch (c->tag) {
981 case PGP_PARSER_PTAG:
982 case PGP_PTAG_CT_COMPRESSED:
983 case PGP_PTAG_SS_CREATION_TIME:
984 case PGP_PTAG_SS_EXPIRATION_TIME:
985 case PGP_PTAG_SS_KEY_EXPIRY:
986 case PGP_PTAG_SS_TRUST:
987 case PGP_PTAG_SS_ISSUER_KEY_ID:
988 case PGP_PTAG_CT_1_PASS_SIG:
989 case PGP_PTAG_SS_PRIMARY_USER_ID:
990 case PGP_PTAG_SS_REVOCABLE:
991 case PGP_PTAG_SS_REVOCATION_KEY:
992 case PGP_PTAG_SS_ISSUER_FINGERPRINT:
993 case PGP_PTAG_CT_LITDATA_HEADER:
994 case PGP_PTAG_CT_LITDATA_BODY:
995 case PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY:
996 case PGP_PTAG_CT_UNARMOURED_TEXT:
997 case PGP_PTAG_CT_ARMOUR_TRAILER:
998 case PGP_PTAG_CT_SIGNATURE_HEADER:
999 case PGP_PTAG_CT_SE_DATA_HEADER:
1000 case PGP_PTAG_CT_SE_IP_DATA_HEADER:
1001 case PGP_PTAG_CT_SE_IP_DATA_BODY:
1002 case PGP_PTAG_CT_MDC:
1003 case PGP_GET_SECKEY:
1004 break;
1005
1006 case PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER:
1007 headers_free(&c->u.cleartext_head);
1008 break;
1009
1010 case PGP_PTAG_CT_ARMOUR_HEADER:
1011 headers_free(&c->u.armour_header.headers);
1012 break;
1013
1014 case PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER:
1015 cleartext_trailer_free(&c->u.cleartext_trailer);
1016 break;
1017
1018 case PGP_PTAG_CT_TRUST:
1019 pgp_data_free(&c->u.trust);
1020 break;
1021
1022 case PGP_PTAG_CT_SIGNATURE:
1023 case PGP_PTAG_CT_SIGNATURE_FOOTER:
1024 sig_free(&c->u.sig);
1025 break;
1026
1027 case PGP_PTAG_CT_PUBLIC_KEY:
1028 case PGP_PTAG_CT_PUBLIC_SUBKEY:
1029 pgp_pubkey_free(&c->u.pubkey);
1030 break;
1031
1032 case PGP_PTAG_CT_USER_ID:
1033 pgp_userid_free(&c->u.userid);
1034 break;
1035
1036 case PGP_PTAG_SS_SIGNERS_USER_ID:
1037 pgp_userid_free(&c->u.ss_signer);
1038 break;
1039
1040 case PGP_PTAG_CT_USER_ATTR:
1041 pgp_data_free(&c->u.userattr);
1042 break;
1043
1044 case PGP_PTAG_SS_PREFERRED_SKA:
1045 pgp_data_free(&c->u.ss_skapref);
1046 break;
1047
1048 case PGP_PTAG_SS_PREFERRED_HASH:
1049 pgp_data_free(&c->u.ss_hashpref);
1050 break;
1051
1052 case PGP_PTAG_SS_PREF_COMPRESS:
1053 pgp_data_free(&c->u.ss_zpref);
1054 break;
1055
1056 case PGP_PTAG_SS_KEY_FLAGS:
1057 pgp_data_free(&c->u.ss_key_flags);
1058 break;
1059
1060 case PGP_PTAG_SS_KEYSERV_PREFS:
1061 pgp_data_free(&c->u.ss_key_server_prefs);
1062 break;
1063
1064 case PGP_PTAG_SS_FEATURES:
1065 pgp_data_free(&c->u.ss_features);
1066 break;
1067
1068 case PGP_PTAG_SS_NOTATION_DATA:
1069 pgp_data_free(&c->u.ss_notation.name);
1070 pgp_data_free(&c->u.ss_notation.value);
1071 break;
1072
1073 case PGP_PTAG_SS_REGEXP:
1074 string_free(&c->u.ss_regexp);
1075 break;
1076
1077 case PGP_PTAG_SS_POLICY_URI:
1078 string_free(&c->u.ss_policy);
1079 break;
1080
1081 case PGP_PTAG_SS_PREF_KEYSERV:
1082 string_free(&c->u.ss_keyserv);
1083 break;
1084
1085 case PGP_PTAG_SS_USERDEFINED00:
1086 case PGP_PTAG_SS_USERDEFINED01:
1087 case PGP_PTAG_SS_USERDEFINED02:
1088 case PGP_PTAG_SS_USERDEFINED03:
1089 case PGP_PTAG_SS_USERDEFINED04:
1090 case PGP_PTAG_SS_USERDEFINED05:
1091 case PGP_PTAG_SS_USERDEFINED06:
1092 case PGP_PTAG_SS_USERDEFINED07:
1093 case PGP_PTAG_SS_USERDEFINED08:
1094 case PGP_PTAG_SS_USERDEFINED09:
1095 case PGP_PTAG_SS_USERDEFINED10:
1096 pgp_data_free(&c->u.ss_userdef);
1097 break;
1098
1099 case PGP_PTAG_SS_RESERVED:
1100 pgp_data_free(&c->u.ss_unknown);
1101 break;
1102
1103 case PGP_PTAG_SS_REVOCATION_REASON:
1104 string_free(&c->u.ss_revocation.reason);
1105 break;
1106
1107 case PGP_PTAG_SS_EMBEDDED_SIGNATURE:
1108 pgp_data_free(&c->u.ss_embedded_sig);
1109 break;
1110
1111 case PGP_PARSER_PACKET_END:
1112 pgp_subpacket_free(&c->u.packet);
1113 break;
1114
1115 case PGP_PARSER_ERROR:
1116 case PGP_PARSER_ERRCODE:
1117 break;
1118
1119 case PGP_PTAG_CT_SECRET_KEY:
1120 case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY:
1121 pgp_seckey_free(&c->u.seckey);
1122 break;
1123
1124 case PGP_PTAG_CT_PK_SESSION_KEY:
1125 case PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY:
1126 pgp_pk_sesskey_free(&c->u.pk_sesskey);
1127 break;
1128
1129 case PGP_GET_PASSPHRASE:
1130 cmd_get_passphrase_free(&c->u.skey_passphrase);
1131 break;
1132
1133 default:
1134 fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag);
1135 }
1136 }
1137
1138 /**
1139 \ingroup Core_Create
1140 \brief Free allocated memory
1141 */
1142 void
pgp_pk_sesskey_free(pgp_pk_sesskey_t * sk)1143 pgp_pk_sesskey_free(pgp_pk_sesskey_t *sk)
1144 {
1145 switch (sk->alg) {
1146 case PGP_PKA_RSA:
1147 free_BN(&sk->params.rsa.encrypted_m);
1148 break;
1149
1150 case PGP_PKA_ELGAMAL:
1151 free_BN(&sk->params.elgamal.g_to_k);
1152 free_BN(&sk->params.elgamal.encrypted_m);
1153 break;
1154
1155 default:
1156 (void) fprintf(stderr, "pgp_pk_sesskey_free: bad alg\n");
1157 break;
1158 }
1159 }
1160
1161 /**
1162 \ingroup Core_Create
1163 \brief Free allocated memory
1164 */
1165 /* ! Free the memory used when parsing a public key */
1166 void
pgp_pubkey_free(pgp_pubkey_t * p)1167 pgp_pubkey_free(pgp_pubkey_t *p)
1168 {
1169 switch (p->alg) {
1170 case PGP_PKA_RSA:
1171 case PGP_PKA_RSA_ENCRYPT_ONLY:
1172 case PGP_PKA_RSA_SIGN_ONLY:
1173 free_BN(&p->key.rsa.n);
1174 free_BN(&p->key.rsa.e);
1175 break;
1176
1177 case PGP_PKA_DSA:
1178 free_BN(&p->key.dsa.p);
1179 free_BN(&p->key.dsa.q);
1180 free_BN(&p->key.dsa.g);
1181 free_BN(&p->key.dsa.y);
1182 break;
1183
1184 case PGP_PKA_ECDSA:
1185 free_BN(&p->key.ecdsa.p);
1186 break;
1187
1188 case PGP_PKA_ELGAMAL:
1189 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1190 free_BN(&p->key.elgamal.p);
1191 free_BN(&p->key.elgamal.g);
1192 free_BN(&p->key.elgamal.y);
1193 break;
1194
1195 case PGP_PKA_NOTHING:
1196 /* nothing to free */
1197 break;
1198
1199 default:
1200 (void) fprintf(stderr, "pgp_pubkey_free: bad alg\n");
1201 }
1202 }
1203
1204 /**
1205 \ingroup Core_ReadPackets
1206 */
1207 static int
parse_pubkey_data(pgp_pubkey_t * key,pgp_region_t * region,pgp_stream_t * stream)1208 parse_pubkey_data(pgp_pubkey_t *key, pgp_region_t *region,
1209 pgp_stream_t *stream)
1210 {
1211 uint8_t c = 0x0;
1212
1213 if (region->readc != 0) {
1214 /* We should not have read anything so far */
1215 (void) fprintf(stderr, "parse_pubkey_data: bad length\n");
1216 return 0;
1217 }
1218 if (!limread(&c, 1, region, stream)) {
1219 return 0;
1220 }
1221 key->version = (pgp_version_t)c;
1222 switch (key->version) {
1223 case PGP_V2:
1224 case PGP_V3:
1225 case PGP_V4:
1226 break;
1227 default:
1228 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PUBLIC_KEY_VRSN,
1229 "Bad public key version (0x%02x)", key->version);
1230 return 0;
1231 }
1232 if (!limited_read_time(&key->birthtime, region, stream)) {
1233 return 0;
1234 }
1235
1236 key->days_valid = 0;
1237 if ((key->version == 2 || key->version == 3) &&
1238 !limread_scalar(&key->days_valid, 2, region, stream)) {
1239 return 0;
1240 }
1241
1242 if (!limread(&c, 1, region, stream)) {
1243 return 0;
1244 }
1245 key->alg = c;
1246
1247 switch (key->alg) {
1248 case PGP_PKA_DSA:
1249 if (!limread_mpi(&key->key.dsa.p, region, stream) ||
1250 !limread_mpi(&key->key.dsa.q, region, stream) ||
1251 !limread_mpi(&key->key.dsa.g, region, stream) ||
1252 !limread_mpi(&key->key.dsa.y, region, stream)) {
1253 return 0;
1254 }
1255 break;
1256
1257 case PGP_PKA_ECDSA:
1258 if (!limread(&key->key.ecdsa.len, 1, region, stream) ||
1259 !limread(key->key.ecdsa.oid, key->key.ecdsa.len, region, stream) ||
1260 !limread_mpi(&key->key.ecdsa.p, region, stream)) {
1261 return 0;
1262 }
1263 break;
1264
1265 case PGP_PKA_RSA:
1266 case PGP_PKA_RSA_ENCRYPT_ONLY:
1267 case PGP_PKA_RSA_SIGN_ONLY:
1268 if (!limread_mpi(&key->key.rsa.n, region, stream) ||
1269 !limread_mpi(&key->key.rsa.e, region, stream)) {
1270 return 0;
1271 }
1272 break;
1273
1274 case PGP_PKA_ELGAMAL:
1275 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1276 if (!limread_mpi(&key->key.elgamal.p, region, stream) ||
1277 !limread_mpi(&key->key.elgamal.g, region, stream) ||
1278 !limread_mpi(&key->key.elgamal.y, region, stream)) {
1279 return 0;
1280 }
1281 break;
1282
1283 default:
1284 PGP_ERROR_1(&stream->errors,
1285 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
1286 "Unsupported Public Key algorithm (%s)",
1287 pgp_show_pka(key->alg));
1288 return 0;
1289 }
1290
1291 return 1;
1292 }
1293
1294
1295 /**
1296 * \ingroup Core_ReadPackets
1297 * \brief Parse a public key packet.
1298 *
1299 * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys.
1300 *
1301 * Once the key has been parsed successfully, it is passed to the callback.
1302 *
1303 * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet.
1304 * \param *reader Our reader
1305 * \param *cb The callback
1306 * \return 1 on success, 0 on error
1307 *
1308 * \see RFC4880 5.5.2
1309 */
1310 static int
parse_pubkey(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)1311 parse_pubkey(pgp_content_enum tag, pgp_region_t *region,
1312 pgp_stream_t *stream)
1313 {
1314 pgp_packet_t pkt;
1315
1316 if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) {
1317 (void) fprintf(stderr, "parse_pubkey: parse_pubkey_data failed\n");
1318 return 0;
1319 }
1320
1321 /* XXX: this test should be done for all packets, surely? */
1322 if (region->readc != region->length) {
1323 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1324 "Unconsumed data (%d)", region->length - region->readc);
1325 return 0;
1326 }
1327 CALLBACK(tag, &stream->cbinfo, &pkt);
1328
1329 return 1;
1330 }
1331
1332 /**
1333 * \ingroup Core_ReadPackets
1334 * \brief Parse one user attribute packet.
1335 *
1336 * User attribute packets contain one or more attribute subpackets.
1337 * For now, handle the whole packet as raw data.
1338 */
1339
1340 static int
parse_userattr(pgp_region_t * region,pgp_stream_t * stream)1341 parse_userattr(pgp_region_t *region, pgp_stream_t *stream)
1342 {
1343
1344 pgp_packet_t pkt;
1345
1346 /*
1347 * xxx- treat as raw data for now. Could break down further into
1348 * attribute sub-packets later - rachel
1349 */
1350 if (region->readc != 0) {
1351 /* We should not have read anything so far */
1352 (void) fprintf(stderr, "parse_userattr: bad length\n");
1353 return 0;
1354 }
1355 if (!read_data(&pkt.u.userattr, region, stream)) {
1356 return 0;
1357 }
1358 CALLBACK(PGP_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt);
1359 return 1;
1360 }
1361
1362 /**
1363 \ingroup Core_Create
1364 \brief Free allocated memory
1365 */
1366 /* ! Free the memory used when parsing this packet type */
1367 void
pgp_userid_free(uint8_t ** id)1368 pgp_userid_free(uint8_t **id)
1369 {
1370 free(*id);
1371 *id = NULL;
1372 }
1373
1374 /**
1375 * \ingroup Core_ReadPackets
1376 * \brief Parse a user id.
1377 *
1378 * This function parses an user id packet, which is basically just a char array the size of the packet.
1379 *
1380 * The char array is to be treated as an UTF-8 string.
1381 *
1382 * The userid gets null terminated by this function. Freeing it is the responsibility of the caller.
1383 *
1384 * Once the userid has been parsed successfully, it is passed to the callback.
1385 *
1386 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1387 * \param *reader Our reader
1388 * \param *cb The callback
1389 * \return 1 on success, 0 on error
1390 *
1391 * \see RFC4880 5.11
1392 */
1393 static int
parse_userid(pgp_region_t * region,pgp_stream_t * stream)1394 parse_userid(pgp_region_t *region, pgp_stream_t *stream)
1395 {
1396 pgp_packet_t pkt;
1397
1398 if (region->readc != 0) {
1399 /* We should not have read anything so far */
1400 (void) fprintf(stderr, "parse_userid: bad length\n");
1401 return 0;
1402 }
1403
1404 if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) {
1405 (void) fprintf(stderr, "parse_userid: bad alloc\n");
1406 return 0;
1407 }
1408
1409 if (region->length &&
1410 !limread(pkt.u.userid, region->length, region,
1411 stream)) {
1412 return 0;
1413 }
1414 pkt.u.userid[region->length] = 0x0;
1415 CALLBACK(PGP_PTAG_CT_USER_ID, &stream->cbinfo, &pkt);
1416 return 1;
1417 }
1418
1419 static pgp_hash_t *
parse_hash_find(pgp_stream_t * stream,const uint8_t * keyid)1420 parse_hash_find(pgp_stream_t *stream, const uint8_t *keyid)
1421 {
1422 pgp_hashtype_t *hp;
1423 size_t n;
1424
1425 for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) {
1426 if (memcmp(hp->keyid, keyid, PGP_KEY_ID_SIZE) == 0) {
1427 return &hp->hash;
1428 }
1429 }
1430 return NULL;
1431 }
1432
1433 /**
1434 * \ingroup Core_Parse
1435 * \brief Parse a version 3 signature.
1436 *
1437 * This function parses an version 3 signature packet, handling RSA and DSA signatures.
1438 *
1439 * Once the signature has been parsed successfully, it is passed to the callback.
1440 *
1441 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1442 * \param *reader Our reader
1443 * \param *cb The callback
1444 * \return 1 on success, 0 on error
1445 *
1446 * \see RFC4880 5.2.2
1447 */
1448 static int
parse_v3_sig(pgp_region_t * region,pgp_stream_t * stream)1449 parse_v3_sig(pgp_region_t *region,
1450 pgp_stream_t *stream)
1451 {
1452 pgp_packet_t pkt;
1453 uint8_t c = 0x0;
1454
1455 /* clear signature */
1456 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig));
1457
1458 pkt.u.sig.info.version = PGP_V3;
1459
1460 /* hash info length */
1461 if (!limread(&c, 1, region, stream)) {
1462 return 0;
1463 }
1464 if (c != 5) {
1465 ERRP(&stream->cbinfo, pkt, "bad hash info length");
1466 }
1467
1468 if (!limread(&c, 1, region, stream)) {
1469 return 0;
1470 }
1471 pkt.u.sig.info.type = (pgp_sig_type_t)c;
1472 /* XXX: check signature type */
1473
1474 if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) {
1475 return 0;
1476 }
1477 pkt.u.sig.info.birthtime_set = 1;
1478
1479 if (!limread(pkt.u.sig.info.signer_id, PGP_KEY_ID_SIZE, region,
1480 stream)) {
1481 return 0;
1482 }
1483 pkt.u.sig.info.signer_id_set = 1;
1484
1485 if (!limread(&c, 1, region, stream)) {
1486 return 0;
1487 }
1488 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c;
1489 /* XXX: check algorithm */
1490
1491 if (!limread(&c, 1, region, stream)) {
1492 return 0;
1493 }
1494 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c;
1495 /* XXX: check algorithm */
1496
1497 if (!limread(pkt.u.sig.hash2, 2, region, stream)) {
1498 return 0;
1499 }
1500
1501 switch (pkt.u.sig.info.key_alg) {
1502 case PGP_PKA_RSA:
1503 case PGP_PKA_RSA_SIGN_ONLY:
1504 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) {
1505 return 0;
1506 }
1507 break;
1508
1509 case PGP_PKA_DSA:
1510 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) ||
1511 !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) {
1512 return 0;
1513 }
1514 break;
1515
1516 case PGP_PKA_ECDSA:
1517 if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) ||
1518 !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) {
1519 return 0;
1520 }
1521 break;
1522
1523 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1524 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
1525 stream) ||
1526 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region,
1527 stream)) {
1528 return 0;
1529 }
1530 break;
1531
1532 default:
1533 PGP_ERROR_1(&stream->errors,
1534 PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
1535 "Unsupported signature key algorithm (%s)",
1536 pgp_show_pka(pkt.u.sig.info.key_alg));
1537 return 0;
1538 }
1539
1540 if (region->readc != region->length) {
1541 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1542 "Unconsumed data (%d)",
1543 region->length - region->readc);
1544 return 0;
1545 }
1546 if (pkt.u.sig.info.signer_id_set) {
1547 pkt.u.sig.hash = parse_hash_find(stream,
1548 pkt.u.sig.info.signer_id);
1549 }
1550 CALLBACK(PGP_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt);
1551 return 1;
1552 }
1553
1554 /**
1555 * \ingroup Core_ReadPackets
1556 * \brief Parse one signature sub-packet.
1557 *
1558 * Version 4 signatures can have an arbitrary amount of (hashed and
1559 * unhashed) subpackets. Subpackets are used to hold optional
1560 * attributes of subpackets.
1561 *
1562 * This function parses one such signature subpacket.
1563 *
1564 * Once the subpacket has been parsed successfully, it is passed to the callback.
1565 *
1566 * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket.
1567 * \param *reader Our reader
1568 * \param *cb The callback
1569 * \return 1 on success, 0 on error
1570 *
1571 * \see RFC4880 5.2.3
1572 */
1573 static int
parse_one_sig_subpacket(pgp_sig_t * sig,pgp_region_t * region,pgp_stream_t * stream)1574 parse_one_sig_subpacket(pgp_sig_t *sig,
1575 pgp_region_t *region,
1576 pgp_stream_t *stream)
1577 {
1578 pgp_region_t subregion;
1579 pgp_packet_t pkt;
1580 uint8_t bools = 0x0;
1581 uint8_t c = 0x0;
1582 uint8_t temp = 0x0;
1583 unsigned doread = 1;
1584 unsigned t8;
1585 unsigned t7;
1586
1587 pgp_init_subregion(&subregion, region);
1588 if (!limited_read_new_length(&subregion.length, region, stream)) {
1589 return 0;
1590 }
1591
1592 if (subregion.length > region->length) {
1593 ERRP(&stream->cbinfo, pkt, "Subpacket too long");
1594 }
1595
1596 if (!limread(&c, 1, &subregion, stream)) {
1597 return 0;
1598 }
1599
1600 t8 = (c & 0x7f) / 8;
1601 t7 = 1 << (c & 7);
1602
1603 pkt.critical = (unsigned)c >> 7;
1604 pkt.tag = (pgp_content_enum)(PGP_PTAG_SIG_SUBPKT_BASE + (c & 0x7f));
1605
1606 /* Application wants it delivered raw */
1607 if (stream->ss_raw[t8] & t7) {
1608 pkt.u.ss_raw.tag = pkt.tag;
1609 pkt.u.ss_raw.length = subregion.length - 1;
1610 pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length);
1611 if (pkt.u.ss_raw.raw == NULL) {
1612 (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n");
1613 return 0;
1614 }
1615 if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length,
1616 &subregion, stream)) {
1617 return 0;
1618 }
1619 CALLBACK(PGP_PTAG_RAW_SS, &stream->cbinfo, &pkt);
1620 return 1;
1621 }
1622 switch (pkt.tag) {
1623 case PGP_PTAG_SS_CREATION_TIME:
1624 case PGP_PTAG_SS_EXPIRATION_TIME:
1625 case PGP_PTAG_SS_KEY_EXPIRY:
1626 if (!limited_read_time(&pkt.u.ss_time, &subregion, stream))
1627 return 0;
1628 if (pkt.tag == PGP_PTAG_SS_CREATION_TIME) {
1629 sig->info.birthtime = pkt.u.ss_time;
1630 sig->info.birthtime_set = 1;
1631 }
1632 if (pkt.tag == PGP_PTAG_SS_EXPIRATION_TIME) {
1633 sig->info.duration = pkt.u.ss_time;
1634 sig->info.duration_set = 1;
1635 }
1636 break;
1637
1638 case PGP_PTAG_SS_TRUST:
1639 if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) ||
1640 !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) {
1641 return 0;
1642 }
1643 break;
1644
1645 case PGP_PTAG_SS_REVOCABLE:
1646 if (!limread(&bools, 1, &subregion, stream)) {
1647 return 0;
1648 }
1649 pkt.u.ss_revocable = !!bools;
1650 break;
1651
1652 case PGP_PTAG_SS_ISSUER_KEY_ID:
1653 if (!limread(pkt.u.ss_issuer, PGP_KEY_ID_SIZE, &subregion, stream)) {
1654 return 0;
1655 }
1656 (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, PGP_KEY_ID_SIZE);
1657 sig->info.signer_id_set = 1;
1658 break;
1659
1660 case PGP_PTAG_SS_PREFERRED_SKA:
1661 if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) {
1662 return 0;
1663 }
1664 break;
1665
1666 case PGP_PTAG_SS_PREFERRED_HASH:
1667 if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) {
1668 return 0;
1669 }
1670 break;
1671
1672 case PGP_PTAG_SS_PREF_COMPRESS:
1673 if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) {
1674 return 0;
1675 }
1676 break;
1677
1678 case PGP_PTAG_SS_PRIMARY_USER_ID:
1679 if (!limread(&bools, 1, &subregion, stream)) {
1680 return 0;
1681 }
1682 pkt.u.ss_primary_userid = !!bools;
1683 break;
1684
1685 case PGP_PTAG_SS_KEY_FLAGS:
1686 if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) {
1687 return 0;
1688 }
1689 break;
1690
1691 case PGP_PTAG_SS_KEYSERV_PREFS:
1692 if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) {
1693 return 0;
1694 }
1695 break;
1696
1697 case PGP_PTAG_SS_FEATURES:
1698 if (!read_data(&pkt.u.ss_features, &subregion, stream)) {
1699 return 0;
1700 }
1701 break;
1702
1703 case PGP_PTAG_SS_SIGNERS_USER_ID:
1704 if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) {
1705 return 0;
1706 }
1707 break;
1708
1709 case PGP_PTAG_SS_EMBEDDED_SIGNATURE:
1710 /* \todo should do something with this sig? */
1711 if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) {
1712 return 0;
1713 }
1714 break;
1715
1716 case PGP_PTAG_SS_NOTATION_DATA:
1717 if (!limread_data(&pkt.u.ss_notation.flags, 4,
1718 &subregion, stream)) {
1719 return 0;
1720 }
1721 if (!limread_size_t(&pkt.u.ss_notation.name.len, 2,
1722 &subregion, stream)) {
1723 return 0;
1724 }
1725 if (!limread_size_t(&pkt.u.ss_notation.value.len, 2,
1726 &subregion, stream)) {
1727 return 0;
1728 }
1729 if (!limread_data(&pkt.u.ss_notation.name,
1730 (unsigned)pkt.u.ss_notation.name.len,
1731 &subregion, stream)) {
1732 return 0;
1733 }
1734 if (!limread_data(&pkt.u.ss_notation.value,
1735 (unsigned)pkt.u.ss_notation.value.len,
1736 &subregion, stream)) {
1737 return 0;
1738 }
1739 break;
1740
1741 case PGP_PTAG_SS_POLICY_URI:
1742 if (!read_string(&pkt.u.ss_policy, &subregion, stream)) {
1743 return 0;
1744 }
1745 break;
1746
1747 case PGP_PTAG_SS_REGEXP:
1748 if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) {
1749 return 0;
1750 }
1751 break;
1752
1753 case PGP_PTAG_SS_PREF_KEYSERV:
1754 if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) {
1755 return 0;
1756 }
1757 break;
1758
1759 case PGP_PTAG_SS_USERDEFINED00:
1760 case PGP_PTAG_SS_USERDEFINED01:
1761 case PGP_PTAG_SS_USERDEFINED02:
1762 case PGP_PTAG_SS_USERDEFINED03:
1763 case PGP_PTAG_SS_USERDEFINED04:
1764 case PGP_PTAG_SS_USERDEFINED05:
1765 case PGP_PTAG_SS_USERDEFINED06:
1766 case PGP_PTAG_SS_USERDEFINED07:
1767 case PGP_PTAG_SS_USERDEFINED08:
1768 case PGP_PTAG_SS_USERDEFINED09:
1769 case PGP_PTAG_SS_USERDEFINED10:
1770 if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) {
1771 return 0;
1772 }
1773 break;
1774
1775 case PGP_PTAG_SS_RESERVED:
1776 if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) {
1777 return 0;
1778 }
1779 break;
1780
1781 case PGP_PTAG_SS_REVOCATION_REASON:
1782 /* first byte is the machine-readable code */
1783 if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) {
1784 return 0;
1785 }
1786 /* the rest is a human-readable UTF-8 string */
1787 if (!read_string(&pkt.u.ss_revocation.reason, &subregion,
1788 stream)) {
1789 return 0;
1790 }
1791 break;
1792
1793 case PGP_PTAG_SS_ISSUER_FINGERPRINT:
1794 /* octet 0: version */
1795 /* 0x04:20 bytes, 0x05:32 bytes */
1796 if (!limread(&temp, 1, &subregion, stream)) {
1797 return 0;
1798 }
1799
1800 switch (temp) {
1801 case 0x04: pkt.u.ss_issuer_fingerprint.len = 20; break;
1802 case 0x05: pkt.u.ss_issuer_fingerprint.len = 32; break;
1803 default:
1804 return 0;
1805 }
1806
1807 if (!limread(pkt.u.ss_issuer_fingerprint.fingerprint,
1808 pkt.u.ss_issuer_fingerprint.len, &subregion, stream)) {
1809 return 0;
1810 }
1811 break;
1812
1813 case PGP_PTAG_SS_REVOCATION_KEY:
1814 /* octet 0 = class. Bit 0x80 must be set */
1815 if (!limread(&pkt.u.ss_revocation_key.class, 1,
1816 &subregion, stream)) {
1817 return 0;
1818 }
1819 if (!(pkt.u.ss_revocation_key.class & 0x80)) {
1820 printf("Warning: PGP_PTAG_SS_REVOCATION_KEY class: "
1821 "Bit 0x80 should be set\n");
1822 return 0;
1823 }
1824 /* octet 1 = algid */
1825 if (!limread(&pkt.u.ss_revocation_key.algid, 1,
1826 &subregion, stream)) {
1827 return 0;
1828 }
1829 /* octets 2-21 = fingerprint */
1830 if (!limread(&pkt.u.ss_revocation_key.fingerprint[0],
1831 PGP_FINGERPRINT_SIZE, &subregion, stream)) {
1832 return 0;
1833 }
1834 break;
1835
1836 default:
1837 if (stream->ss_parsed[t8] & t7) {
1838 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_UNKNOWN_SS,
1839 "Unknown signature subpacket type (%d)",
1840 c & 0x7f);
1841 }
1842 doread = 0;
1843 break;
1844 }
1845
1846 /* Application doesn't want it delivered parsed */
1847 if (!(stream->ss_parsed[t8] & t7)) {
1848 if (pkt.critical) {
1849 PGP_ERROR_1(&stream->errors,
1850 PGP_E_PROTO_CRITICAL_SS_IGNORED,
1851 "Critical signature subpacket ignored (%d)",
1852 c & 0x7f);
1853 }
1854 if (!doread &&
1855 !limskip(subregion.length - 1, &subregion, stream)) {
1856 return 0;
1857 }
1858 if (doread) {
1859 pgp_parser_content_free(&pkt);
1860 }
1861 return 1;
1862 }
1863 if (doread && subregion.readc != subregion.length) {
1864 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1865 "Unconsumed data (%d)",
1866 subregion.length - subregion.readc);
1867 return 0;
1868 }
1869 CALLBACK(pkt.tag, &stream->cbinfo, &pkt);
1870 return 1;
1871 }
1872
1873 /**
1874 * \ingroup Core_ReadPackets
1875 * \brief Parse several signature subpackets.
1876 *
1877 * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set.
1878 * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the
1879 * entire set is consumed.
1880 *
1881 * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket.
1882 *
1883 * \param *ptag Pointer to the Packet Tag.
1884 * \param *reader Our reader
1885 * \param *cb The callback
1886 * \return 1 on success, 0 on error
1887 *
1888 * \see RFC4880 5.2.3
1889 */
1890 static int
parse_sig_subpkts(pgp_sig_t * sig,pgp_region_t * region,pgp_stream_t * stream)1891 parse_sig_subpkts(pgp_sig_t *sig,
1892 pgp_region_t *region,
1893 pgp_stream_t *stream)
1894 {
1895 pgp_region_t subregion;
1896 pgp_packet_t pkt;
1897
1898 pgp_init_subregion(&subregion, region);
1899 if (!limread_scalar(&subregion.length, 2, region, stream)) {
1900 return 0;
1901 }
1902
1903 if (subregion.length > region->length) {
1904 ERRP(&stream->cbinfo, pkt, "Subpacket set too long");
1905 }
1906
1907 while (subregion.readc < subregion.length) {
1908 if (!parse_one_sig_subpacket(sig, &subregion, stream)) {
1909 return 0;
1910 }
1911 }
1912
1913 if (subregion.readc != subregion.length) {
1914 if (!limskip(subregion.length - subregion.readc,
1915 &subregion, stream)) {
1916 ERRP(&stream->cbinfo, pkt,
1917 "parse_sig_subpkts: subpacket length read mismatch");
1918 }
1919 ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch");
1920 }
1921 return 1;
1922 }
1923
1924 /**
1925 * \ingroup Core_ReadPackets
1926 * \brief Parse a version 4 signature.
1927 *
1928 * This function parses a version 4 signature including all its hashed and unhashed subpackets.
1929 *
1930 * Once the signature packet has been parsed successfully, it is passed to the callback.
1931 *
1932 * \param *ptag Pointer to the Packet Tag.
1933 * \param *reader Our reader
1934 * \param *cb The callback
1935 * \return 1 on success, 0 on error
1936 *
1937 * \see RFC4880 5.2.3
1938 */
1939 static int
parse_v4_sig(pgp_region_t * region,pgp_stream_t * stream)1940 parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream)
1941 {
1942 pgp_packet_t pkt;
1943 uint8_t c = 0x0;
1944
1945 if (pgp_get_debug_level(__FILE__)) {
1946 fprintf(stderr, "\nparse_v4_sig\n");
1947 }
1948 /* clear signature */
1949 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig));
1950
1951 /*
1952 * We need to hash the packet data from version through the hashed
1953 * subpacket data
1954 */
1955
1956 pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1;
1957
1958 /* Set version,type,algorithms */
1959
1960 pkt.u.sig.info.version = PGP_V4;
1961
1962 if (!limread(&c, 1, region, stream)) {
1963 return 0;
1964 }
1965 pkt.u.sig.info.type = (pgp_sig_type_t)c;
1966 if (pgp_get_debug_level(__FILE__)) {
1967 fprintf(stderr, "signature type=%d (%s)\n",
1968 pkt.u.sig.info.type,
1969 pgp_show_sig_type(pkt.u.sig.info.type));
1970 }
1971 /* XXX: check signature type */
1972
1973 if (!limread(&c, 1, region, stream)) {
1974 return 0;
1975 }
1976 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c;
1977 /* XXX: check key algorithm */
1978 if (pgp_get_debug_level(__FILE__)) {
1979 (void) fprintf(stderr, "key_alg=%d (%s)\n",
1980 pkt.u.sig.info.key_alg,
1981 pgp_show_pka(pkt.u.sig.info.key_alg));
1982 }
1983 if (!limread(&c, 1, region, stream)) {
1984 return 0;
1985 }
1986 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c;
1987 /* XXX: check hash algorithm */
1988 if (pgp_get_debug_level(__FILE__)) {
1989 fprintf(stderr, "hash_alg=%d %s\n",
1990 pkt.u.sig.info.hash_alg,
1991 pgp_show_hash_alg(pkt.u.sig.info.hash_alg));
1992 }
1993 CALLBACK(PGP_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt);
1994
1995 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) {
1996 return 0;
1997 }
1998
1999 pkt.u.sig.info.v4_hashlen = stream->readinfo.alength
2000 - pkt.u.sig.v4_hashstart;
2001 if (pgp_get_debug_level(__FILE__)) {
2002 fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen);
2003 }
2004
2005 /* copy hashed subpackets */
2006 if (pkt.u.sig.info.v4_hashed) {
2007 free(pkt.u.sig.info.v4_hashed);
2008 }
2009 pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen);
2010 if (pkt.u.sig.info.v4_hashed == NULL) {
2011 (void) fprintf(stderr, "parse_v4_sig: bad alloc\n");
2012 return 0;
2013 }
2014
2015 if (!stream->readinfo.accumulate) {
2016 /* We must accumulate, else we can't check the signature */
2017 fprintf(stderr, "*** ERROR: must set accumulate to 1\n");
2018 return 0;
2019 }
2020 (void) memcpy(pkt.u.sig.info.v4_hashed,
2021 stream->readinfo.accumulated + pkt.u.sig.v4_hashstart,
2022 pkt.u.sig.info.v4_hashlen);
2023
2024 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) {
2025 return 0;
2026 }
2027
2028 if (!limread(pkt.u.sig.hash2, 2, region, stream)) {
2029 return 0;
2030 }
2031
2032 switch (pkt.u.sig.info.key_alg) {
2033 case PGP_PKA_RSA:
2034 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) {
2035 return 0;
2036 }
2037 if (pgp_get_debug_level(__FILE__)) {
2038 (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n");
2039 BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig);
2040 (void) fprintf(stderr, "\n");
2041 }
2042 break;
2043
2044 case PGP_PKA_DSA:
2045 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) {
2046 /*
2047 * usually if this fails, it just means we've reached
2048 * the end of the keyring
2049 */
2050 if (pgp_get_debug_level(__FILE__)) {
2051 (void) fprintf(stderr,
2052 "Error reading DSA r field in signature");
2053 }
2054 return 0;
2055 }
2056 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) {
2057 ERRP(&stream->cbinfo, pkt,
2058 "Error reading DSA s field in signature");
2059 }
2060 break;
2061
2062 case PGP_PKA_ECDSA:
2063 if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) ||
2064 !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) {
2065 return 0;
2066 }
2067 break;
2068
2069 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
2070 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
2071 stream) ||
2072 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region,
2073 stream)) {
2074 return 0;
2075 }
2076 break;
2077
2078 case PGP_PKA_PRIVATE00:
2079 case PGP_PKA_PRIVATE01:
2080 case PGP_PKA_PRIVATE02:
2081 case PGP_PKA_PRIVATE03:
2082 case PGP_PKA_PRIVATE04:
2083 case PGP_PKA_PRIVATE05:
2084 case PGP_PKA_PRIVATE06:
2085 case PGP_PKA_PRIVATE07:
2086 case PGP_PKA_PRIVATE08:
2087 case PGP_PKA_PRIVATE09:
2088 case PGP_PKA_PRIVATE10:
2089 if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) {
2090 return 0;
2091 }
2092 break;
2093
2094 default:
2095 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
2096 "Bad v4 signature key algorithm (%s)",
2097 pgp_show_pka(pkt.u.sig.info.key_alg));
2098 return 0;
2099 }
2100 if (region->readc != region->length) {
2101 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
2102 "Unconsumed data (%d)",
2103 region->length - region->readc);
2104 return 0;
2105 }
2106 CALLBACK(PGP_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt);
2107 return 1;
2108 }
2109
2110 /**
2111 * \ingroup Core_ReadPackets
2112 * \brief Parse a signature subpacket.
2113 *
2114 * This function calls the appropriate function to handle v3 or v4 signatures.
2115 *
2116 * Once the signature packet has been parsed successfully, it is passed to the callback.
2117 *
2118 * \param *ptag Pointer to the Packet Tag.
2119 * \param *reader Our reader
2120 * \param *cb The callback
2121 * \return 1 on success, 0 on error
2122 */
2123 static int
parse_sig(pgp_region_t * region,pgp_stream_t * stream)2124 parse_sig(pgp_region_t *region, pgp_stream_t *stream)
2125 {
2126 pgp_packet_t pkt;
2127 uint8_t c = 0x0;
2128
2129 if (region->readc != 0) {
2130 /* We should not have read anything so far */
2131 (void) fprintf(stderr, "parse_sig: bad length\n");
2132 return 0;
2133 }
2134
2135 (void) memset(&pkt, 0x0, sizeof(pkt));
2136 if (!limread(&c, 1, region, stream)) {
2137 return 0;
2138 }
2139 if (c == 2 || c == 3) {
2140 return parse_v3_sig(region, stream);
2141 }
2142 if (c == 4) {
2143 return parse_v4_sig(region, stream);
2144 }
2145 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_SIGNATURE_VRSN,
2146 "Bad signature version (%d)", c);
2147 return 0;
2148 }
2149
2150 /**
2151 \ingroup Core_ReadPackets
2152 \brief Parse Compressed packet
2153 */
2154 static int
parse_compressed(pgp_region_t * region,pgp_stream_t * stream)2155 parse_compressed(pgp_region_t *region, pgp_stream_t *stream)
2156 {
2157 pgp_packet_t pkt;
2158 uint8_t c = 0x0;
2159
2160 if (!limread(&c, 1, region, stream)) {
2161 return 0;
2162 }
2163
2164 pkt.u.compressed = (pgp_compression_type_t)c;
2165
2166 CALLBACK(PGP_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt);
2167
2168 /*
2169 * The content of a compressed data packet is more OpenPGP packets
2170 * once decompressed, so recursively handle them
2171 */
2172
2173 return pgp_decompress(region, stream, pkt.u.compressed);
2174 }
2175
2176 /* XXX: this could be improved by sharing all hashes that are the */
2177 /* same, then duping them just before checking the signature. */
2178 static void
parse_hash_init(pgp_stream_t * stream,pgp_hash_alg_t type,const uint8_t * keyid)2179 parse_hash_init(pgp_stream_t *stream, pgp_hash_alg_t type,
2180 const uint8_t *keyid)
2181 {
2182 pgp_hashtype_t *hash;
2183
2184 hash = realloc(stream->hashes,
2185 (stream->hashc + 1) * sizeof(*stream->hashes));
2186 if (hash == NULL) {
2187 (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n");
2188 /* just continue and die here */
2189 /* XXX - agc - no way to return failure */
2190 } else {
2191 stream->hashes = hash;
2192 }
2193 hash = &stream->hashes[stream->hashc++];
2194
2195 pgp_hash_any(&hash->hash, type);
2196 if (!hash->hash.init(&hash->hash)) {
2197 (void) fprintf(stderr, "parse_hash_init: bad alloc\n");
2198 /* just continue and die here */
2199 /* XXX - agc - no way to return failure */
2200 }
2201 (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid));
2202 }
2203
2204 /**
2205 \ingroup Core_ReadPackets
2206 \brief Parse a One Pass Signature packet
2207 */
2208 static int
parse_one_pass(pgp_region_t * region,pgp_stream_t * stream)2209 parse_one_pass(pgp_region_t * region, pgp_stream_t * stream)
2210 {
2211 pgp_packet_t pkt;
2212 uint8_t c = 0x0;
2213
2214 if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) {
2215 return 0;
2216 }
2217 if (pkt.u.one_pass_sig.version != 3) {
2218 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_ONE_PASS_SIG_VRSN,
2219 "Bad one-pass signature version (%d)",
2220 pkt.u.one_pass_sig.version);
2221 return 0;
2222 }
2223 if (!limread(&c, 1, region, stream)) {
2224 return 0;
2225 }
2226 pkt.u.one_pass_sig.sig_type = (pgp_sig_type_t)c;
2227
2228 if (!limread(&c, 1, region, stream)) {
2229 return 0;
2230 }
2231 pkt.u.one_pass_sig.hash_alg = (pgp_hash_alg_t)c;
2232
2233 if (!limread(&c, 1, region, stream)) {
2234 return 0;
2235 }
2236 pkt.u.one_pass_sig.key_alg = (pgp_pubkey_alg_t)c;
2237
2238 if (!limread(pkt.u.one_pass_sig.keyid,
2239 (unsigned)sizeof(pkt.u.one_pass_sig.keyid),
2240 region, stream)) {
2241 return 0;
2242 }
2243
2244 if (!limread(&c, 1, region, stream)) {
2245 return 0;
2246 }
2247 pkt.u.one_pass_sig.nested = !!c;
2248 CALLBACK(PGP_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt);
2249 /* XXX: we should, perhaps, let the app choose whether to hash or not */
2250 parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg,
2251 pkt.u.one_pass_sig.keyid);
2252 return 1;
2253 }
2254
2255 /**
2256 \ingroup Core_ReadPackets
2257 \brief Parse a Trust packet
2258 */
2259 static int
parse_trust(pgp_region_t * region,pgp_stream_t * stream)2260 parse_trust(pgp_region_t *region, pgp_stream_t *stream)
2261 {
2262 pgp_packet_t pkt;
2263
2264 if (!read_data(&pkt.u.trust, region, stream)) {
2265 return 0;
2266 }
2267 CALLBACK(PGP_PTAG_CT_TRUST, &stream->cbinfo, &pkt);
2268 return 1;
2269 }
2270
2271 static void
parse_hash_data(pgp_stream_t * stream,const void * data,size_t length)2272 parse_hash_data(pgp_stream_t *stream, const void *data,
2273 size_t length)
2274 {
2275 size_t n;
2276
2277 for (n = 0; n < stream->hashc; ++n) {
2278 stream->hashes[n].hash.add(&stream->hashes[n].hash, data, (unsigned)length);
2279 }
2280 }
2281
2282 /**
2283 \ingroup Core_ReadPackets
2284 \brief Parse a Literal Data packet
2285 */
2286 static int
parse_litdata(pgp_region_t * region,pgp_stream_t * stream)2287 parse_litdata(pgp_region_t *region, pgp_stream_t *stream)
2288 {
2289 pgp_memory_t *mem;
2290 pgp_packet_t pkt;
2291 uint8_t c = 0x0;
2292
2293 if (!limread(&c, 1, region, stream)) {
2294 return 0;
2295 }
2296 pkt.u.litdata_header.format = (pgp_litdata_enum)c;
2297 if (!limread(&c, 1, region, stream)) {
2298 return 0;
2299 }
2300 if (!limread((uint8_t *)pkt.u.litdata_header.filename,
2301 (unsigned)c, region, stream)) {
2302 return 0;
2303 }
2304 pkt.u.litdata_header.filename[c] = '\0';
2305 if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) {
2306 return 0;
2307 }
2308 CALLBACK(PGP_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt);
2309 mem = pkt.u.litdata_body.mem = pgp_memory_new();
2310 pgp_memory_init(pkt.u.litdata_body.mem,
2311 (unsigned)((region->length * 101) / 100) + 12);
2312 pkt.u.litdata_body.data = mem->buf;
2313
2314 while (region->readc < region->length) {
2315 unsigned readc = region->length - region->readc;
2316
2317 if (!limread(mem->buf, readc, region, stream)) {
2318 return 0;
2319 }
2320 pkt.u.litdata_body.length = readc;
2321 parse_hash_data(stream, pkt.u.litdata_body.data, region->length);
2322 CALLBACK(PGP_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt);
2323 }
2324
2325 /* XXX - get rid of mem here? */
2326
2327 return 1;
2328 }
2329
2330 /**
2331 * \ingroup Core_Create
2332 *
2333 * pgp_seckey_free() frees the memory associated with "key". Note that
2334 * the key itself is not freed.
2335 *
2336 * \param key
2337 */
2338
2339 void
pgp_seckey_free(pgp_seckey_t * key)2340 pgp_seckey_free(pgp_seckey_t *key)
2341 {
2342 switch (key->pubkey.alg) {
2343 case PGP_PKA_RSA:
2344 case PGP_PKA_RSA_ENCRYPT_ONLY:
2345 case PGP_PKA_RSA_SIGN_ONLY:
2346 free_BN(&key->key.rsa.d);
2347 free_BN(&key->key.rsa.p);
2348 free_BN(&key->key.rsa.q);
2349 free_BN(&key->key.rsa.u);
2350 break;
2351
2352 case PGP_PKA_DSA:
2353 free_BN(&key->key.dsa.x);
2354 break;
2355
2356 case PGP_PKA_ECDSA:
2357 free_BN(&key->key.ecdsa.x);
2358 break;
2359
2360 default:
2361 (void) fprintf(stderr,
2362 "pgp_seckey_free: Unknown algorithm: %d (%s)\n",
2363 key->pubkey.alg,
2364 pgp_show_pka(key->pubkey.alg));
2365 }
2366 free(key->checkhash);
2367 }
2368
2369 static int
consume_packet(pgp_region_t * region,pgp_stream_t * stream,unsigned warn)2370 consume_packet(pgp_region_t *region, pgp_stream_t *stream, unsigned warn)
2371 {
2372 pgp_packet_t pkt;
2373 pgp_data_t remainder;
2374
2375 if (region->indeterminate) {
2376 ERRP(&stream->cbinfo, pkt,
2377 "Can't consume indeterminate packets");
2378 }
2379
2380 if (read_data(&remainder, region, stream)) {
2381 /* now throw it away */
2382 pgp_data_free(&remainder);
2383 if (warn) {
2384 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_CONSUMED,
2385 "%s", "Warning: packet consumer");
2386 }
2387 return 1;
2388 }
2389 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_NOT_CONSUMED,
2390 "%s", (warn) ? "Warning: Packet was not consumed" :
2391 "Packet was not consumed");
2392 return warn;
2393 }
2394
2395 /**
2396 * \ingroup Core_ReadPackets
2397 * \brief Parse a secret key
2398 */
2399 static int
parse_seckey(pgp_region_t * region,pgp_stream_t * stream)2400 parse_seckey(pgp_region_t *region, pgp_stream_t *stream)
2401 {
2402 pgp_packet_t pkt;
2403 pgp_region_t encregion;
2404 pgp_region_t *saved_region = NULL;
2405 pgp_crypt_t decrypt;
2406 pgp_hash_t checkhash;
2407 unsigned blocksize;
2408 unsigned crypted;
2409 uint8_t c = 0x0;
2410 int ret = 1;
2411
2412 if (pgp_get_debug_level(__FILE__)) {
2413 fprintf(stderr, "\n---------\nparse_seckey:\n");
2414 fprintf(stderr,
2415 "region length=%u, readc=%u, remainder=%u\n",
2416 region->length, region->readc,
2417 region->length - region->readc);
2418 }
2419 (void) memset(&pkt, 0x0, sizeof(pkt));
2420 if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) {
2421 return 0;
2422 }
2423 if (pgp_get_debug_level(__FILE__)) {
2424 fprintf(stderr, "parse_seckey: public key parsed\n");
2425 pgp_print_pubkey(&pkt.u.seckey.pubkey);
2426 }
2427 stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != PGP_V4);
2428
2429 if (!limread(&c, 1, region, stream)) {
2430 return 0;
2431 }
2432 pkt.u.seckey.s2k_usage = (pgp_s2k_usage_t)c;
2433
2434 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED ||
2435 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2436 if (!limread(&c, 1, region, stream)) {
2437 return 0;
2438 }
2439 pkt.u.seckey.alg = (pgp_symm_alg_t)c;
2440 if (!limread(&c, 1, region, stream)) {
2441 return 0;
2442 }
2443 pkt.u.seckey.s2k_specifier = (pgp_s2k_specifier_t)c;
2444 switch (pkt.u.seckey.s2k_specifier) {
2445 case PGP_S2KS_SIMPLE:
2446 case PGP_S2KS_SALTED:
2447 case PGP_S2KS_ITERATED_AND_SALTED:
2448 break;
2449 default:
2450 (void) fprintf(stderr,
2451 "parse_seckey: bad seckey\n");
2452 return 0;
2453 }
2454 if (!limread(&c, 1, region, stream)) {
2455 return 0;
2456 }
2457 pkt.u.seckey.hash_alg = (pgp_hash_alg_t)c;
2458 if (pkt.u.seckey.s2k_specifier != PGP_S2KS_SIMPLE &&
2459 !limread(pkt.u.seckey.salt, 8, region, stream)) {
2460 return 0;
2461 }
2462 if (pkt.u.seckey.s2k_specifier ==
2463 PGP_S2KS_ITERATED_AND_SALTED) {
2464 if (!limread(&c, 1, region, stream)) {
2465 return 0;
2466 }
2467 pkt.u.seckey.octetc =
2468 (16 + ((unsigned)c & 15)) <<
2469 (((unsigned)c >> 4) + 6);
2470 }
2471 } else if (pkt.u.seckey.s2k_usage != PGP_S2KU_NONE) {
2472 /* this is V3 style, looks just like a V4 simple hash */
2473 pkt.u.seckey.alg = (pgp_symm_alg_t)c;
2474 pkt.u.seckey.s2k_usage = PGP_S2KU_ENCRYPTED;
2475 pkt.u.seckey.s2k_specifier = PGP_S2KS_SIMPLE;
2476 pkt.u.seckey.hash_alg = PGP_HASH_MD5;
2477 }
2478 crypted = pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED ||
2479 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED;
2480
2481 if (crypted) {
2482 pgp_packet_t seckey;
2483 pgp_hash_t hashes[(PGP_MAX_KEY_SIZE + PGP_MIN_HASH_SIZE - 1) / PGP_MIN_HASH_SIZE];
2484 unsigned passlen;
2485 uint8_t key[PGP_MAX_KEY_SIZE + PGP_MAX_HASH_SIZE];
2486 char *passphrase;
2487 int hashsize;
2488 int keysize;
2489 int n;
2490
2491 if (pgp_get_debug_level(__FILE__)) {
2492 (void) fprintf(stderr, "crypted seckey\n");
2493 }
2494 blocksize = pgp_block_size(pkt.u.seckey.alg);
2495 if (blocksize == 0 || blocksize > PGP_MAX_BLOCK_SIZE) {
2496 (void) fprintf(stderr,
2497 "parse_seckey: bad blocksize\n");
2498 return 0;
2499 }
2500
2501 if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) {
2502 return 0;
2503 }
2504 (void) memset(&seckey, 0x0, sizeof(seckey));
2505 passphrase = NULL;
2506 seckey.u.skey_passphrase.passphrase = &passphrase;
2507 seckey.u.skey_passphrase.seckey = &pkt.u.seckey;
2508 CALLBACK(PGP_GET_PASSPHRASE, &stream->cbinfo, &seckey);
2509 if (!passphrase) {
2510 if (pgp_get_debug_level(__FILE__)) {
2511 /* \todo make into proper error */
2512 (void) fprintf(stderr,
2513 "parse_seckey: can't get passphrase\n");
2514 }
2515 if (!consume_packet(region, stream, 0)) {
2516 return 0;
2517 }
2518
2519 CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY,
2520 &stream->cbinfo, &pkt);
2521
2522 return 1;
2523 }
2524 keysize = pgp_key_size(pkt.u.seckey.alg);
2525 if (keysize == 0 || keysize > PGP_MAX_KEY_SIZE) {
2526 (void) fprintf(stderr,
2527 "parse_seckey: bad keysize\n");
2528 return 0;
2529 }
2530
2531 /* Hardcoded SHA1 for just now */
2532 pkt.u.seckey.hash_alg = PGP_HASH_SHA1;
2533 hashsize = pgp_hash_size(pkt.u.seckey.hash_alg);
2534 if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) {
2535 (void) fprintf(stderr,
2536 "parse_seckey: bad hashsize\n");
2537 return 0;
2538 }
2539
2540 for (n = 0; n * hashsize < keysize; ++n) {
2541 int i;
2542
2543 pgp_hash_any(&hashes[n],
2544 pkt.u.seckey.hash_alg);
2545 if (!hashes[n].init(&hashes[n])) {
2546 (void) fprintf(stderr,
2547 "parse_seckey: bad alloc\n");
2548 return 0;
2549 }
2550 /* preload hashes with zeroes... */
2551 for (i = 0; i < n; ++i) {
2552 hashes[n].add(&hashes[n],
2553 (const uint8_t *) "", 1);
2554 }
2555 }
2556 passlen = (unsigned)strlen(passphrase);
2557 for (n = 0; n * hashsize < keysize; ++n) {
2558 unsigned i;
2559
2560 switch (pkt.u.seckey.s2k_specifier) {
2561 case PGP_S2KS_SALTED:
2562 hashes[n].add(&hashes[n],
2563 pkt.u.seckey.salt,
2564 PGP_SALT_SIZE);
2565 /* FALLTHROUGH */
2566 case PGP_S2KS_SIMPLE:
2567 hashes[n].add(&hashes[n],
2568 (uint8_t *)passphrase, (unsigned)passlen);
2569 break;
2570
2571 case PGP_S2KS_ITERATED_AND_SALTED:
2572 for (i = 0; i < pkt.u.seckey.octetc;
2573 i += passlen + PGP_SALT_SIZE) {
2574 unsigned j;
2575
2576 j = passlen + PGP_SALT_SIZE;
2577 if (i + j > pkt.u.seckey.octetc && i != 0) {
2578 j = pkt.u.seckey.octetc - i;
2579 }
2580 hashes[n].add(&hashes[n],
2581 pkt.u.seckey.salt,
2582 (unsigned)(j > PGP_SALT_SIZE) ?
2583 PGP_SALT_SIZE : j);
2584 if (j > PGP_SALT_SIZE) {
2585 hashes[n].add(&hashes[n],
2586 (uint8_t *) passphrase,
2587 j - PGP_SALT_SIZE);
2588 }
2589 }
2590 break;
2591 default:
2592 break;
2593 }
2594 }
2595
2596 for (n = 0; n * hashsize < keysize; ++n) {
2597 int r;
2598
2599 r = hashes[n].finish(&hashes[n], key + n * hashsize);
2600 if (r != hashsize) {
2601 (void) fprintf(stderr,
2602 "parse_seckey: bad r\n");
2603 return 0;
2604 }
2605 }
2606
2607 pgp_forget(passphrase, passlen);
2608
2609 pgp_crypt_any(&decrypt, pkt.u.seckey.alg);
2610 if (pgp_get_debug_level(__FILE__)) {
2611 hexdump(stderr, "input iv", pkt.u.seckey.iv, pgp_block_size(pkt.u.seckey.alg));
2612 hexdump(stderr, "key", key, CAST_KEY_LENGTH);
2613 }
2614 decrypt.set_iv(&decrypt, pkt.u.seckey.iv);
2615 decrypt.set_crypt_key(&decrypt, key);
2616
2617 /* now read encrypted data */
2618
2619 pgp_reader_push_decrypt(stream, &decrypt, region);
2620
2621 /*
2622 * Since all known encryption for PGP doesn't compress, we
2623 * can limit to the same length as the current region (for
2624 * now).
2625 */
2626 pgp_init_subregion(&encregion, NULL);
2627 encregion.length = region->length - region->readc;
2628 if (pkt.u.seckey.pubkey.version != PGP_V4) {
2629 encregion.length -= 2;
2630 }
2631 saved_region = region;
2632 region = &encregion;
2633 }
2634 if (pgp_get_debug_level(__FILE__)) {
2635 fprintf(stderr, "parse_seckey: end of crypted passphrase\n");
2636 }
2637 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2638 /* XXX - Hard-coded SHA1 here ?? Check */
2639 pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE);
2640 if (pkt.u.seckey.checkhash == NULL) {
2641 (void) fprintf(stderr, "parse_seckey: bad alloc\n");
2642 return 0;
2643 }
2644 pgp_hash_sha1(&checkhash);
2645 pgp_reader_push_hash(stream, &checkhash);
2646 } else {
2647 pgp_reader_push_sum16(stream);
2648 }
2649 if (pgp_get_debug_level(__FILE__)) {
2650 fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n");
2651 }
2652 switch (pkt.u.seckey.pubkey.alg) {
2653 case PGP_PKA_RSA:
2654 case PGP_PKA_RSA_ENCRYPT_ONLY:
2655 case PGP_PKA_RSA_SIGN_ONLY:
2656 if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) ||
2657 !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) ||
2658 !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) ||
2659 !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) {
2660 ret = 0;
2661 }
2662 break;
2663
2664 case PGP_PKA_DSA:
2665 if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) {
2666 ret = 0;
2667 }
2668 break;
2669
2670 case PGP_PKA_ECDSA:
2671 if (!limread_mpi(&pkt.u.seckey.key.ecdsa.x, region, stream)) {
2672 ret = 0;
2673 }
2674 break;
2675
2676 case PGP_PKA_ELGAMAL:
2677 if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) {
2678 ret = 0;
2679 }
2680 break;
2681
2682 default:
2683 PGP_ERROR_2(&stream->errors,
2684 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
2685 "Unsupported Public Key algorithm %d (%s)",
2686 pkt.u.seckey.pubkey.alg,
2687 pgp_show_pka(pkt.u.seckey.pubkey.alg));
2688 ret = 0;
2689 }
2690
2691 if (pgp_get_debug_level(__FILE__)) {
2692 (void) fprintf(stderr, "4 MPIs read\n");
2693 }
2694 stream->reading_v3_secret = 0;
2695
2696 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2697 uint8_t hash[PGP_CHECKHASH_SIZE];
2698
2699 pgp_reader_pop_hash(stream);
2700 checkhash.finish(&checkhash, hash);
2701
2702 if (crypted &&
2703 pkt.u.seckey.pubkey.version != PGP_V4) {
2704 pgp_reader_pop_decrypt(stream);
2705 region = saved_region;
2706 }
2707 if (ret) {
2708 if (!limread(pkt.u.seckey.checkhash,
2709 PGP_CHECKHASH_SIZE, region, stream)) {
2710 return 0;
2711 }
2712
2713 if (memcmp(hash, pkt.u.seckey.checkhash,
2714 PGP_CHECKHASH_SIZE) != 0) {
2715 ERRP(&stream->cbinfo, pkt,
2716 "Hash mismatch in secret key");
2717 }
2718 }
2719 } else {
2720 uint16_t sum;
2721
2722 sum = pgp_reader_pop_sum16(stream);
2723 if (crypted &&
2724 pkt.u.seckey.pubkey.version != PGP_V4) {
2725 pgp_reader_pop_decrypt(stream);
2726 region = saved_region;
2727 }
2728 if (ret) {
2729 if (!limread_scalar(&pkt.u.seckey.checksum, 2,
2730 region, stream))
2731 return 0;
2732
2733 if (sum != pkt.u.seckey.checksum) {
2734 ERRP(&stream->cbinfo, pkt,
2735 "Checksum mismatch in secret key");
2736 }
2737 }
2738 }
2739
2740 if (crypted && pkt.u.seckey.pubkey.version == PGP_V4) {
2741 pgp_reader_pop_decrypt(stream);
2742 }
2743 if (region == NULL) {
2744 (void) fprintf(stderr, "parse_seckey: NULL region\n");
2745 return 0;
2746 }
2747 if (ret && region->readc != region->length) {
2748 (void) fprintf(stderr, "parse_seckey: bad length\n");
2749 return 0;
2750 }
2751 if (!ret) {
2752 return 0;
2753 }
2754 CALLBACK(PGP_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt);
2755 if (pgp_get_debug_level(__FILE__)) {
2756 (void) fprintf(stderr, "--- end of parse_seckey\n\n");
2757 }
2758 return 1;
2759 }
2760
2761 /**
2762 \ingroup Core_ReadPackets
2763 \brief Parse a Public Key Session Key packet
2764 */
2765 static int
parse_pk_sesskey(pgp_region_t * region,pgp_stream_t * stream)2766 parse_pk_sesskey(pgp_region_t *region,
2767 pgp_stream_t *stream)
2768 {
2769 const pgp_seckey_t *secret;
2770 pgp_packet_t sesskey;
2771 pgp_packet_t pkt;
2772 uint8_t *iv;
2773 uint8_t c = 0x0;
2774 uint8_t cs[2];
2775 unsigned k;
2776 BIGNUM *g_to_k;
2777 BIGNUM *enc_m;
2778 int n;
2779 uint8_t unencoded_m_buf[1024];
2780
2781 if (!limread(&c, 1, region, stream)) {
2782 (void) fprintf(stderr, "parse_pk_sesskey - can't read char in region\n");
2783 return 0;
2784 }
2785 pkt.u.pk_sesskey.version = c;
2786 if (pkt.u.pk_sesskey.version != 3) {
2787 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PKSK_VRSN,
2788 "Bad public-key encrypted session key version (%d)",
2789 pkt.u.pk_sesskey.version);
2790 return 0;
2791 }
2792 if (!limread(pkt.u.pk_sesskey.key_id,
2793 (unsigned)sizeof(pkt.u.pk_sesskey.key_id), region, stream)) {
2794 return 0;
2795 }
2796 if (pgp_get_debug_level(__FILE__)) {
2797 hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id));
2798 }
2799 if (!limread(&c, 1, region, stream)) {
2800 return 0;
2801 }
2802 pkt.u.pk_sesskey.alg = (pgp_pubkey_alg_t)c;
2803 switch (pkt.u.pk_sesskey.alg) {
2804 case PGP_PKA_RSA:
2805 if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m,
2806 region, stream)) {
2807 return 0;
2808 }
2809 enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m;
2810 g_to_k = NULL;
2811 break;
2812
2813 case PGP_PKA_DSA:
2814 case PGP_PKA_ELGAMAL:
2815 if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k,
2816 region, stream) ||
2817 !limread_mpi(
2818 &pkt.u.pk_sesskey.params.elgamal.encrypted_m,
2819 region, stream)) {
2820 return 0;
2821 }
2822 g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k;
2823 enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m;
2824 break;
2825
2826 default:
2827 PGP_ERROR_1(&stream->errors,
2828 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
2829 "Unknown public key algorithm in session key (%s)",
2830 pgp_show_pka(pkt.u.pk_sesskey.alg));
2831 return 0;
2832 }
2833
2834 (void) memset(&sesskey, 0x0, sizeof(sesskey));
2835 secret = NULL;
2836 sesskey.u.get_seckey.seckey = &secret;
2837 sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey;
2838
2839 if (pgp_get_debug_level(__FILE__)) {
2840 (void) fprintf(stderr, "getting secret key via callback\n");
2841 }
2842
2843 CALLBACK(PGP_GET_SECKEY, &stream->cbinfo, &sesskey);
2844
2845 if (pgp_get_debug_level(__FILE__)) {
2846 (void) fprintf(stderr, "got secret key via callback\n");
2847 }
2848 if (!secret) {
2849 CALLBACK(PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo,
2850 &pkt);
2851 return 1;
2852 }
2853 n = pgp_decrypt_decode_mpi(unencoded_m_buf,
2854 (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret);
2855
2856 if (n < 1) {
2857 ERRP(&stream->cbinfo, pkt, "decrypted message too short");
2858 return 0;
2859 }
2860
2861 /* PKA */
2862 pkt.u.pk_sesskey.symm_alg = (pgp_symm_alg_t)unencoded_m_buf[0];
2863 if (pgp_get_debug_level(__FILE__)) {
2864 (void) fprintf(stderr, "symm alg %d\n", pkt.u.pk_sesskey.symm_alg);
2865 }
2866
2867 if (!pgp_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) {
2868 /* ERR1P */
2869 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SYMMETRIC_ALG,
2870 "Symmetric algorithm %s not supported",
2871 pgp_show_symm_alg(
2872 pkt.u.pk_sesskey.symm_alg));
2873 return 0;
2874 }
2875 k = pgp_key_size(pkt.u.pk_sesskey.symm_alg);
2876 if (pgp_get_debug_level(__FILE__)) {
2877 (void) fprintf(stderr, "key size %d\n", k);
2878 }
2879
2880 if ((unsigned) n != k + 3) {
2881 PGP_ERROR_2(&stream->errors, PGP_E_PROTO_DECRYPTED_MSG_WRONG_LEN,
2882 "decrypted message wrong length (got %d expected %d)",
2883 n, k + 3);
2884 return 0;
2885 }
2886 if (k > sizeof(pkt.u.pk_sesskey.key)) {
2887 (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n");
2888 return 0;
2889 }
2890
2891 (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k);
2892
2893 if (pgp_get_debug_level(__FILE__)) {
2894 hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k);
2895 }
2896 pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] +
2897 (unencoded_m_buf[k + 2] << 8);
2898 if (pgp_get_debug_level(__FILE__)) {
2899 (void) fprintf(stderr, "session key checksum: %2x %2x\n",
2900 unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]);
2901 }
2902
2903 /* Check checksum */
2904 pgp_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]);
2905 if (unencoded_m_buf[k + 1] != cs[0] ||
2906 unencoded_m_buf[k + 2] != cs[1]) {
2907 PGP_ERROR_4(&stream->errors, PGP_E_PROTO_BAD_SK_CHECKSUM,
2908 "Session key checksum wrong: expected %2x %2x, got %2x %2x",
2909 cs[0], cs[1], unencoded_m_buf[k + 1],
2910 unencoded_m_buf[k + 2]);
2911 return 0;
2912 }
2913
2914 if (pgp_get_debug_level(__FILE__)) {
2915 (void) fprintf(stderr, "getting pk session key via callback\n");
2916 }
2917 /* all is well */
2918 CALLBACK(PGP_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt);
2919 if (pgp_get_debug_level(__FILE__)) {
2920 (void) fprintf(stderr, "got pk session key via callback\n");
2921 }
2922
2923 pgp_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg);
2924 iv = calloc(1, stream->decrypt.blocksize);
2925 if (iv == NULL) {
2926 (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n");
2927 return 0;
2928 }
2929 stream->decrypt.set_iv(&stream->decrypt, iv);
2930 stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key);
2931 pgp_encrypt_init(&stream->decrypt);
2932 free(iv);
2933 return 1;
2934 }
2935
2936 static int
decrypt_se_data(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)2937 decrypt_se_data(pgp_content_enum tag, pgp_region_t *region,
2938 pgp_stream_t *stream)
2939 {
2940 pgp_crypt_t *decrypt;
2941 const int printerrors = 1;
2942 int r = 1;
2943
2944 decrypt = pgp_get_decrypt(stream);
2945 if (decrypt) {
2946 pgp_region_t encregion;
2947 unsigned b = (unsigned)decrypt->blocksize;
2948 uint8_t buf[PGP_MAX_BLOCK_SIZE + 2] = "";
2949
2950 pgp_reader_push_decrypt(stream, decrypt, region);
2951
2952 pgp_init_subregion(&encregion, NULL);
2953 encregion.length = b + 2;
2954
2955 if (!exact_limread(buf, b + 2, &encregion, stream)) {
2956 return 0;
2957 }
2958 if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) {
2959 pgp_reader_pop_decrypt(stream);
2960 PGP_ERROR_4(&stream->errors,
2961 PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT,
2962 "Bad symmetric decrypt (%02x%02x vs %02x%02x)",
2963 buf[b - 2], buf[b - 1], buf[b], buf[b + 1]);
2964 return 0;
2965 }
2966 if (tag == PGP_PTAG_CT_SE_DATA_BODY) {
2967 decrypt->decrypt_resync(decrypt);
2968 decrypt->block_encrypt(decrypt, decrypt->civ,
2969 decrypt->civ);
2970 }
2971 r = pgp_parse(stream, !printerrors);
2972
2973 pgp_reader_pop_decrypt(stream);
2974 } else {
2975 pgp_packet_t pkt;
2976
2977 while (region->readc < region->length) {
2978 unsigned len;
2979
2980 len = region->length - region->readc;
2981 if (len > sizeof(pkt.u.se_data_body.data))
2982 len = sizeof(pkt.u.se_data_body.data);
2983
2984 if (!limread(pkt.u.se_data_body.data, len,
2985 region, stream)) {
2986 return 0;
2987 }
2988 pkt.u.se_data_body.length = len;
2989 CALLBACK(tag, &stream->cbinfo, &pkt);
2990 }
2991 }
2992
2993 return r;
2994 }
2995
2996 static int
decrypt_se_ip_data(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)2997 decrypt_se_ip_data(pgp_content_enum tag, pgp_region_t *region,
2998 pgp_stream_t *stream)
2999 {
3000 pgp_crypt_t *decrypt;
3001 const int printerrors = 1;
3002 int r = 1;
3003
3004 decrypt = pgp_get_decrypt(stream);
3005 if (decrypt) {
3006 if (pgp_get_debug_level(__FILE__)) {
3007 (void) fprintf(stderr, "decrypt_se_ip_data: decrypt\n");
3008 }
3009 pgp_reader_push_decrypt(stream, decrypt, region);
3010 pgp_reader_push_se_ip_data(stream, decrypt, region);
3011
3012 r = pgp_parse(stream, !printerrors);
3013
3014 pgp_reader_pop_se_ip_data(stream);
3015 pgp_reader_pop_decrypt(stream);
3016 } else {
3017 pgp_packet_t pkt;
3018
3019 if (pgp_get_debug_level(__FILE__)) {
3020 (void) fprintf(stderr, "decrypt_se_ip_data: no decrypt\n");
3021 }
3022 while (region->readc < region->length) {
3023 unsigned len;
3024
3025 len = region->length - region->readc;
3026 if (len > sizeof(pkt.u.se_data_body.data)) {
3027 len = sizeof(pkt.u.se_data_body.data);
3028 }
3029
3030 if (!limread(pkt.u.se_data_body.data,
3031 len, region, stream)) {
3032 return 0;
3033 }
3034
3035 pkt.u.se_data_body.length = len;
3036
3037 CALLBACK(tag, &stream->cbinfo, &pkt);
3038 }
3039 }
3040
3041 return r;
3042 }
3043
3044 /**
3045 \ingroup Core_ReadPackets
3046 \brief Read a Symmetrically Encrypted packet
3047 */
3048 static int
parse_se_data(pgp_region_t * region,pgp_stream_t * stream)3049 parse_se_data(pgp_region_t *region, pgp_stream_t *stream)
3050 {
3051 pgp_packet_t pkt;
3052
3053 /* there's no info to go with this, so just announce it */
3054 CALLBACK(PGP_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt);
3055
3056 /*
3057 * The content of an encrypted data packet is more OpenPGP packets
3058 * once decrypted, so recursively handle them
3059 */
3060 return decrypt_se_data(PGP_PTAG_CT_SE_DATA_BODY, region, stream);
3061 }
3062
3063 /**
3064 \ingroup Core_ReadPackets
3065 \brief Read a Symmetrically Encrypted Integrity Protected packet
3066 */
3067 static int
parse_se_ip_data(pgp_region_t * region,pgp_stream_t * stream)3068 parse_se_ip_data(pgp_region_t *region, pgp_stream_t *stream)
3069 {
3070 pgp_packet_t pkt;
3071 uint8_t c = 0x0;
3072
3073 if (!limread(&c, 1, region, stream)) {
3074 return 0;
3075 }
3076 pkt.u.se_ip_data_header = c;
3077 if (pgp_get_debug_level(__FILE__)) {
3078 (void) fprintf(stderr, "parse_se_ip_data: data header %d\n", c);
3079 }
3080 if (pkt.u.se_ip_data_header != PGP_SE_IP_DATA_VERSION) {
3081 (void) fprintf(stderr, "parse_se_ip_data: bad version\n");
3082 return 0;
3083 }
3084
3085 if (pgp_get_debug_level(__FILE__)) {
3086 (void) fprintf(stderr, "parse_se_ip_data: region %d,%d\n",
3087 region->readc, region->length);
3088 hexdump(stderr, "compressed region", stream->virtualpkt, stream->virtualc);
3089 }
3090 /*
3091 * The content of an encrypted data packet is more OpenPGP packets
3092 * once decrypted, so recursively handle them
3093 */
3094 return decrypt_se_ip_data(PGP_PTAG_CT_SE_IP_DATA_BODY, region, stream);
3095 }
3096
3097 /**
3098 \ingroup Core_ReadPackets
3099 \brief Read a MDC packet
3100 */
3101 static int
parse_mdc(pgp_region_t * region,pgp_stream_t * stream)3102 parse_mdc(pgp_region_t *region, pgp_stream_t *stream)
3103 {
3104 pgp_packet_t pkt;
3105
3106 pkt.u.mdc.length = PGP_SHA1_HASH_SIZE;
3107 if ((pkt.u.mdc.data = calloc(1, PGP_SHA1_HASH_SIZE)) == NULL) {
3108 (void) fprintf(stderr, "parse_mdc: bad alloc\n");
3109 return 0;
3110 }
3111 if (!limread(pkt.u.mdc.data, PGP_SHA1_HASH_SIZE, region, stream)) {
3112 return 0;
3113 }
3114 CALLBACK(PGP_PTAG_CT_MDC, &stream->cbinfo, &pkt);
3115 free(pkt.u.mdc.data);
3116 return 1;
3117 }
3118
3119 /**
3120 * \ingroup Core_ReadPackets
3121 * \brief Parse one packet.
3122 *
3123 * This function parses the packet tag. It computes the value of the
3124 * content tag and then calls the appropriate function to handle the
3125 * content.
3126 *
3127 * \param *stream How to parse
3128 * \param *pktlen On return, will contain number of bytes in packet
3129 * \return 1 on success, 0 on error, -1 on EOF */
3130 static int
parse_packet(pgp_stream_t * stream,uint32_t * pktlen)3131 parse_packet(pgp_stream_t *stream, uint32_t *pktlen)
3132 {
3133 pgp_packet_t pkt;
3134 pgp_region_t region;
3135 pgp_content_enum tag;
3136 uint8_t ptag;
3137 unsigned indeterminate = 0;
3138 int ret;
3139
3140 pkt.u.ptag.position = stream->readinfo.position;
3141
3142 ret = base_read(&ptag, 1, stream);
3143
3144 if (pgp_get_debug_level(__FILE__)) {
3145 (void) fprintf(stderr,
3146 "parse_packet: base_read returned %d, ptag %d\n",
3147 ret, ptag);
3148 }
3149
3150 /* errors in the base read are effectively EOF. */
3151 if (ret <= 0) {
3152 return -1;
3153 }
3154
3155 *pktlen = 0;
3156
3157 if (!(ptag & PGP_PTAG_ALWAYS_SET)) {
3158 pkt.u.error = "Format error (ptag bit not set)";
3159 CALLBACK(PGP_PARSER_ERROR, &stream->cbinfo, &pkt);
3160 return 0;
3161 }
3162 pkt.u.ptag.new_format = !!(ptag & PGP_PTAG_NEW_FORMAT);
3163 if (pkt.u.ptag.new_format) {
3164 pkt.u.ptag.type = (ptag & PGP_PTAG_NF_CONTENT_TAG_MASK);
3165 pkt.u.ptag.length_type = 0;
3166 if (!read_new_length(&pkt.u.ptag.length, stream)) {
3167 return 0;
3168 }
3169 } else {
3170 unsigned rb;
3171
3172 rb = 0;
3173 pkt.u.ptag.type = ((unsigned)ptag &
3174 PGP_PTAG_OF_CONTENT_TAG_MASK)
3175 >> PGP_PTAG_OF_CONTENT_TAG_SHIFT;
3176 pkt.u.ptag.length_type = ptag & PGP_PTAG_OF_LENGTH_TYPE_MASK;
3177 switch (pkt.u.ptag.length_type) {
3178 case PGP_PTAG_OLD_LEN_1:
3179 rb = _read_scalar(&pkt.u.ptag.length, 1, stream);
3180 break;
3181
3182 case PGP_PTAG_OLD_LEN_2:
3183 rb = _read_scalar(&pkt.u.ptag.length, 2, stream);
3184 break;
3185
3186 case PGP_PTAG_OLD_LEN_4:
3187 rb = _read_scalar(&pkt.u.ptag.length, 4, stream);
3188 break;
3189
3190 case PGP_PTAG_OLD_LEN_INDETERMINATE:
3191 pkt.u.ptag.length = 0;
3192 indeterminate = 1;
3193 rb = 1;
3194 break;
3195 }
3196 if (!rb) {
3197 return 0;
3198 }
3199 }
3200
3201 CALLBACK(PGP_PARSER_PTAG, &stream->cbinfo, &pkt);
3202
3203 pgp_init_subregion(®ion, NULL);
3204 region.length = pkt.u.ptag.length;
3205 region.indeterminate = indeterminate;
3206 if (pgp_get_debug_level(__FILE__)) {
3207 (void) fprintf(stderr, "parse_packet: type %u\n",
3208 pkt.u.ptag.type);
3209 }
3210
3211 /* save tag for accumulator */
3212 tag = pkt.u.ptag.type;
3213 switch (pkt.u.ptag.type) {
3214 case PGP_PTAG_CT_SIGNATURE:
3215 ret = parse_sig(®ion, stream);
3216 break;
3217
3218 case PGP_PTAG_CT_PUBLIC_KEY:
3219 case PGP_PTAG_CT_PUBLIC_SUBKEY:
3220 ret = parse_pubkey((pgp_content_enum)pkt.u.ptag.type, ®ion, stream);
3221 break;
3222
3223 case PGP_PTAG_CT_TRUST:
3224 ret = parse_trust(®ion, stream);
3225 break;
3226
3227 case PGP_PTAG_CT_USER_ID:
3228 ret = parse_userid(®ion, stream);
3229 break;
3230
3231 case PGP_PTAG_CT_COMPRESSED:
3232 ret = parse_compressed(®ion, stream);
3233 break;
3234
3235 case PGP_PTAG_CT_1_PASS_SIG:
3236 ret = parse_one_pass(®ion, stream);
3237 break;
3238
3239 case PGP_PTAG_CT_LITDATA:
3240 ret = parse_litdata(®ion, stream);
3241 break;
3242
3243 case PGP_PTAG_CT_USER_ATTR:
3244 ret = parse_userattr(®ion, stream);
3245 break;
3246
3247 case PGP_PTAG_CT_SECRET_KEY:
3248 ret = parse_seckey(®ion, stream);
3249 break;
3250
3251 case PGP_PTAG_CT_SECRET_SUBKEY:
3252 ret = parse_seckey(®ion, stream);
3253 break;
3254
3255 case PGP_PTAG_CT_PK_SESSION_KEY:
3256 ret = parse_pk_sesskey(®ion, stream);
3257 break;
3258
3259 case PGP_PTAG_CT_SE_DATA:
3260 ret = parse_se_data(®ion, stream);
3261 break;
3262
3263 case PGP_PTAG_CT_SE_IP_DATA:
3264 ret = parse_se_ip_data(®ion, stream);
3265 break;
3266
3267 case PGP_PTAG_CT_MDC:
3268 ret = parse_mdc(®ion, stream);
3269 break;
3270
3271 default:
3272 PGP_ERROR_1(&stream->errors, PGP_E_P_UNKNOWN_TAG,
3273 "Unknown content tag 0x%x",
3274 pkt.u.ptag.type);
3275 ret = 0;
3276 }
3277
3278 /* Ensure that the entire packet has been consumed */
3279
3280 if (region.length != region.readc && !region.indeterminate) {
3281 if (!consume_packet(®ion, stream, 0)) {
3282 ret = -1;
3283 }
3284 }
3285
3286 /* also consume it if there's been an error? */
3287 /* \todo decide what to do about an error on an */
3288 /* indeterminate packet */
3289 if (ret == 0) {
3290 if (!consume_packet(®ion, stream, 0)) {
3291 ret = -1;
3292 }
3293 }
3294 /* set pktlen */
3295
3296 *pktlen = stream->readinfo.alength;
3297
3298 /* do callback on entire packet, if desired and there was no error */
3299
3300 if (ret > 0 && stream->readinfo.accumulate) {
3301 pkt.u.packet.length = stream->readinfo.alength;
3302 pkt.u.packet.raw = stream->readinfo.accumulated;
3303 pkt.u.packet.tag = tag;
3304 stream->readinfo.accumulated = NULL;
3305 stream->readinfo.asize = 0;
3306 CALLBACK(PGP_PARSER_PACKET_END, &stream->cbinfo, &pkt);
3307 }
3308 stream->readinfo.alength = 0;
3309
3310 return (ret < 0) ? -1 : (ret) ? 1 : 0;
3311 }
3312
3313 /**
3314 * \ingroup Core_ReadPackets
3315 *
3316 * \brief Parse packets from an input stream until EOF or error.
3317 *
3318 * \details Setup the necessary parsing configuration in "stream"
3319 * before calling pgp_parse().
3320 *
3321 * That information includes :
3322 *
3323 * - a "reader" function to be used to get the data to be parsed
3324 *
3325 * - a "callback" function to be called when this library has identified
3326 * a parseable object within the data
3327 *
3328 * - whether the calling function wants the signature subpackets
3329 * returned raw, parsed or not at all.
3330 *
3331 * After returning, stream->errors holds any errors encountered while parsing.
3332 *
3333 * \param stream Parsing configuration
3334 * \return 1 on success in all packets, 0 on error in any packet
3335 *
3336 * \sa CoreAPI Overview
3337 *
3338 * \sa pgp_print_errors()
3339 *
3340 */
3341
3342 int
pgp_parse(pgp_stream_t * stream,const int perrors)3343 pgp_parse(pgp_stream_t *stream, const int perrors)
3344 {
3345 uint32_t pktlen;
3346 int r;
3347
3348 do {
3349 r = parse_packet(stream, &pktlen);
3350 } while (r != -1);
3351 if (perrors) {
3352 pgp_print_errors(stream->errors);
3353 }
3354 return (stream->errors == NULL);
3355 }
3356
3357 /**
3358 * \ingroup Core_ReadPackets
3359 *
3360 * \brief Specifies whether one or more signature
3361 * subpacket types should be returned parsed; or raw; or ignored.
3362 *
3363 * \param stream Pointer to previously allocated structure
3364 * \param tag Packet tag. PGP_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag
3365 * \param type Parse type
3366 * \todo Make all packet types optional, not just subpackets */
3367 void
pgp_parse_options(pgp_stream_t * stream,pgp_content_enum tag,pgp_parse_type_t type)3368 pgp_parse_options(pgp_stream_t *stream,
3369 pgp_content_enum tag,
3370 pgp_parse_type_t type)
3371 {
3372 unsigned t7;
3373 unsigned t8;
3374
3375 if (tag == PGP_PTAG_SS_ALL) {
3376 int n;
3377
3378 for (n = 0; n < 256; ++n) {
3379 pgp_parse_options(stream,
3380 PGP_PTAG_SIG_SUBPKT_BASE + n,
3381 type);
3382 }
3383 return;
3384 }
3385 if (tag < PGP_PTAG_SIG_SUBPKT_BASE ||
3386 tag > PGP_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) {
3387 (void) fprintf(stderr, "pgp_parse_options: bad tag\n");
3388 return;
3389 }
3390 t8 = (tag - PGP_PTAG_SIG_SUBPKT_BASE) / 8;
3391 t7 = 1 << ((tag - PGP_PTAG_SIG_SUBPKT_BASE) & 7);
3392 switch (type) {
3393 case PGP_PARSE_RAW:
3394 stream->ss_raw[t8] |= t7;
3395 stream->ss_parsed[t8] &= ~t7;
3396 break;
3397
3398 case PGP_PARSE_PARSED:
3399 stream->ss_raw[t8] &= ~t7;
3400 stream->ss_parsed[t8] |= t7;
3401 break;
3402
3403 case PGP_PARSE_IGNORE:
3404 stream->ss_raw[t8] &= ~t7;
3405 stream->ss_parsed[t8] &= ~t7;
3406 break;
3407 }
3408 }
3409
3410 /**
3411 \ingroup Core_ReadPackets
3412 \brief Free pgp_stream_t struct and its contents
3413 */
3414 void
pgp_stream_delete(pgp_stream_t * stream)3415 pgp_stream_delete(pgp_stream_t *stream)
3416 {
3417 pgp_cbdata_t *cbinfo;
3418 pgp_cbdata_t *next;
3419
3420 for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) {
3421 next = cbinfo->next;
3422 free(cbinfo);
3423 }
3424 if (stream->readinfo.destroyer) {
3425 stream->readinfo.destroyer(&stream->readinfo);
3426 }
3427 pgp_free_errors(stream->errors);
3428 if (stream->readinfo.accumulated) {
3429 free(stream->readinfo.accumulated);
3430 }
3431 free(stream);
3432 }
3433
3434 /**
3435 \ingroup Core_ReadPackets
3436 \brief Returns the parse_info's reader_info
3437 \return Pointer to the reader_info inside the parse_info
3438 */
3439 pgp_reader_t *
pgp_readinfo(pgp_stream_t * stream)3440 pgp_readinfo(pgp_stream_t *stream)
3441 {
3442 return &stream->readinfo;
3443 }
3444
3445 /**
3446 \ingroup Core_ReadPackets
3447 \brief Sets the parse_info's callback
3448 This is used when adding the first callback in a stack of callbacks.
3449 \sa pgp_callback_push()
3450 */
3451
3452 void
pgp_set_callback(pgp_stream_t * stream,pgp_cbfunc_t * cb,void * arg)3453 pgp_set_callback(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg)
3454 {
3455 stream->cbinfo.cbfunc = cb;
3456 stream->cbinfo.arg = arg;
3457 stream->cbinfo.errors = &stream->errors;
3458 }
3459
3460 /**
3461 \ingroup Core_ReadPackets
3462 \brief Adds a further callback to a stack of callbacks
3463 \sa pgp_set_callback()
3464 */
3465 void
pgp_callback_push(pgp_stream_t * stream,pgp_cbfunc_t * cb,void * arg)3466 pgp_callback_push(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg)
3467 {
3468 pgp_cbdata_t *cbinfo;
3469
3470 if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) {
3471 (void) fprintf(stderr, "pgp_callback_push: bad alloc\n");
3472 return;
3473 }
3474 (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo));
3475 cbinfo->io = stream->io;
3476 stream->cbinfo.next = cbinfo;
3477 pgp_set_callback(stream, cb, arg);
3478 }
3479
3480 /**
3481 \ingroup Core_ReadPackets
3482 \brief Returns callback's arg
3483 */
3484 void *
pgp_callback_arg(pgp_cbdata_t * cbinfo)3485 pgp_callback_arg(pgp_cbdata_t *cbinfo)
3486 {
3487 return cbinfo->arg;
3488 }
3489
3490 /**
3491 \ingroup Core_ReadPackets
3492 \brief Returns callback's errors
3493 */
3494 void *
pgp_callback_errors(pgp_cbdata_t * cbinfo)3495 pgp_callback_errors(pgp_cbdata_t *cbinfo)
3496 {
3497 return cbinfo->errors;
3498 }
3499
3500 /**
3501 \ingroup Core_ReadPackets
3502 \brief Calls the parse_cb_info's callback if present
3503 \return Return value from callback, if present; else PGP_FINISHED
3504 */
3505 pgp_cb_ret_t
pgp_callback(const pgp_packet_t * pkt,pgp_cbdata_t * cbinfo)3506 pgp_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
3507 {
3508 return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : PGP_FINISHED;
3509 }
3510
3511 /**
3512 \ingroup Core_ReadPackets
3513 \brief Calls the next callback in the stack
3514 \return Return value from callback
3515 */
3516 pgp_cb_ret_t
pgp_stacked_callback(const pgp_packet_t * pkt,pgp_cbdata_t * cbinfo)3517 pgp_stacked_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
3518 {
3519 return pgp_callback(pkt, cbinfo->next);
3520 }
3521
3522 /**
3523 \ingroup Core_ReadPackets
3524 \brief Returns the parse_info's errors
3525 \return parse_info's errors
3526 */
3527 pgp_error_t *
pgp_stream_get_errors(pgp_stream_t * stream)3528 pgp_stream_get_errors(pgp_stream_t *stream)
3529 {
3530 return stream->errors;
3531 }
3532
3533 pgp_crypt_t *
pgp_get_decrypt(pgp_stream_t * stream)3534 pgp_get_decrypt(pgp_stream_t *stream)
3535 {
3536 return (stream->decrypt.alg) ? &stream->decrypt : NULL;
3537 }
3538