1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * \brief Parser for OpenPGP packets 52 */ 53 #include "config.h" 54 55 #ifdef HAVE_SYS_CDEFS_H 56 #include <sys/cdefs.h> 57 #endif 58 59 #if defined(__NetBSD__) 60 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); 61 __RCSID("$NetBSD: packet-parse.c,v 1.36 2010/06/01 03:19:26 agc Exp $"); 62 #endif 63 64 #ifdef HAVE_OPENSSL_CAST_H 65 #include <openssl/cast.h> 66 #endif 67 68 #include <stdarg.h> 69 #include <stdlib.h> 70 #include <string.h> 71 72 #ifdef HAVE_UNISTD_H 73 #include <unistd.h> 74 #endif 75 76 #ifdef HAVE_LIMITS_H 77 #include <limits.h> 78 #endif 79 80 #include "packet.h" 81 #include "packet-parse.h" 82 #include "keyring.h" 83 #include "errors.h" 84 #include "packet-show.h" 85 #include "create.h" 86 #include "readerwriter.h" 87 #include "netpgpdefs.h" 88 #include "crypto.h" 89 #include "netpgpdigest.h" 90 91 #define ERRP(cbinfo, cont, err) do { \ 92 cont.u.error = err; \ 93 CALLBACK(OPS_PARSER_ERROR, cbinfo, &cont); \ 94 return 0; \ 95 /*NOTREACHED*/ \ 96 } while(/*CONSTCOND*/0) 97 98 /** 99 * limread_data reads the specified amount of the subregion's data 100 * into a data_t structure 101 * 102 * \param data Empty structure which will be filled with data 103 * \param len Number of octets to read 104 * \param subregion 105 * \param stream How to parse 106 * 107 * \return 1 on success, 0 on failure 108 */ 109 static int 110 limread_data(__ops_data_t *data, unsigned len, 111 __ops_region_t *subregion, __ops_stream_t *stream) 112 { 113 data->len = len; 114 115 if (subregion->length - subregion->readc < len) { 116 (void) fprintf(stderr, "limread_data: bad length\n"); 117 return 0; 118 } 119 120 data->contents = calloc(1, data->len); 121 if (!data->contents) { 122 return 0; 123 } 124 125 return __ops_limited_read(data->contents, data->len, subregion, 126 &stream->errors, &stream->readinfo, &stream->cbinfo); 127 } 128 129 /** 130 * read_data reads the remainder of the subregion's data 131 * into a data_t structure 132 * 133 * \param data 134 * \param subregion 135 * \param stream 136 * 137 * \return 1 on success, 0 on failure 138 */ 139 static int 140 read_data(__ops_data_t *data, __ops_region_t *region, __ops_stream_t *stream) 141 { 142 int cc; 143 144 cc = region->length - region->readc; 145 return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0; 146 } 147 148 /** 149 * Reads the remainder of the subregion as a string. 150 * It is the user's responsibility to free the memory allocated here. 151 */ 152 153 static int 154 read_unsig_str(uint8_t **str, __ops_region_t *subregion, 155 __ops_stream_t *stream) 156 { 157 size_t len; 158 159 len = subregion->length - subregion->readc; 160 if ((*str = calloc(1, len + 1)) == NULL) { 161 return 0; 162 } 163 if (len && 164 !__ops_limited_read(*str, len, subregion, &stream->errors, 165 &stream->readinfo, &stream->cbinfo)) { 166 return 0; 167 } 168 (*str)[len] = '\0'; 169 return 1; 170 } 171 172 static int 173 read_string(char **str, __ops_region_t *subregion, __ops_stream_t *stream) 174 { 175 return read_unsig_str((uint8_t **) str, subregion, stream); 176 } 177 178 void 179 __ops_init_subregion(__ops_region_t *subregion, __ops_region_t *region) 180 { 181 (void) memset(subregion, 0x0, sizeof(*subregion)); 182 subregion->parent = region; 183 } 184 185 /* 186 * XXX: replace __ops_ptag_t with something more appropriate for limiting reads 187 */ 188 189 /** 190 * low-level function to read data from reader function 191 * 192 * Use this function, rather than calling the reader directly. 193 * 194 * If the accumulate flag is set in *stream, the function 195 * adds the read data to the accumulated data, and updates 196 * the accumulated length. This is useful if, for example, 197 * the application wants access to the raw data as well as the 198 * parsed data. 199 * 200 * This function will also try to read the entire amount asked for, but not 201 * if it is over INT_MAX. Obviously many callers will know that they 202 * never ask for that much and so can avoid the extra complexity of 203 * dealing with return codes and filled-in lengths. 204 * 205 * \param *dest 206 * \param *plength 207 * \param flags 208 * \param *stream 209 * 210 * \return OPS_R_OK 211 * \return OPS_R_PARTIAL_READ 212 * \return OPS_R_EOF 213 * \return OPS_R_EARLY_EOF 214 * 215 * \sa #__ops_reader_ret_t for details of return codes 216 */ 217 218 static int 219 sub_base_read(void *dest, size_t length, __ops_error_t **errors, 220 __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) 221 { 222 size_t n; 223 224 /* reading more than this would look like an error */ 225 if (length > INT_MAX) 226 length = INT_MAX; 227 228 for (n = 0; n < length;) { 229 int r; 230 231 r = readinfo->reader((char *) dest + n, length - n, errors, 232 readinfo, cbinfo); 233 if (r > (int)(length - n)) { 234 (void) fprintf(stderr, "sub_base_read: bad read\n"); 235 return 0; 236 } 237 if (r < 0) { 238 return r; 239 } 240 if (r == 0) { 241 break; 242 } 243 n += (unsigned)r; 244 } 245 246 if (n == 0) { 247 return 0; 248 } 249 if (readinfo->accumulate) { 250 if (readinfo->asize < readinfo->alength) { 251 (void) fprintf(stderr, "sub_base_read: bad size\n"); 252 return 0; 253 } 254 if (readinfo->alength + n > readinfo->asize) { 255 uint8_t *temp; 256 257 readinfo->asize = (readinfo->asize * 2) + n; 258 temp = realloc(readinfo->accumulated, readinfo->asize); 259 if (temp == NULL) { 260 (void) fprintf(stderr, 261 "sub_base_read: bad alloc\n"); 262 return 0; 263 } 264 readinfo->accumulated = temp; 265 } 266 if (readinfo->asize < readinfo->alength + n) { 267 (void) fprintf(stderr, "sub_base_read: bad realloc\n"); 268 return 0; 269 } 270 (void) memcpy(readinfo->accumulated + readinfo->alength, dest, 271 n); 272 } 273 /* we track length anyway, because it is used for packet offsets */ 274 readinfo->alength += n; 275 /* and also the position */ 276 readinfo->position += n; 277 278 return n; 279 } 280 281 int 282 __ops_stacked_read(void *dest, size_t length, __ops_error_t **errors, 283 __ops_reader_t *readinfo, __ops_cbdata_t *cbinfo) 284 { 285 return sub_base_read(dest, length, errors, readinfo->next, cbinfo); 286 } 287 288 /* This will do a full read so long as length < MAX_INT */ 289 static int 290 base_read(uint8_t *dest, size_t length, __ops_stream_t *stream) 291 { 292 return sub_base_read(dest, length, &stream->errors, &stream->readinfo, 293 &stream->cbinfo); 294 } 295 296 /* 297 * Read a full size_t's worth. If the return is < than length, then 298 * *last_read tells you why - < 0 for an error, == 0 for EOF 299 */ 300 301 static size_t 302 full_read(uint8_t *dest, 303 size_t length, 304 int *last_read, 305 __ops_error_t **errors, 306 __ops_reader_t *readinfo, 307 __ops_cbdata_t *cbinfo) 308 { 309 size_t t; 310 int r = 0; /* preset in case some loon calls with length 311 * == 0 */ 312 313 for (t = 0; t < length;) { 314 r = sub_base_read(dest + t, length - t, errors, readinfo, 315 cbinfo); 316 if (r <= 0) { 317 *last_read = r; 318 return t; 319 } 320 t += (size_t)r; 321 } 322 323 *last_read = r; 324 325 return t; 326 } 327 328 329 330 /** Read a scalar value of selected length from reader. 331 * 332 * Read an unsigned scalar value from reader in Big Endian representation. 333 * 334 * This function does not know or care about packet boundaries. It 335 * also assumes that an EOF is an error. 336 * 337 * \param *result The scalar value is stored here 338 * \param *reader Our reader 339 * \param length How many bytes to read 340 * \return 1 on success, 0 on failure 341 */ 342 static unsigned 343 _read_scalar(unsigned *result, unsigned length, 344 __ops_stream_t *stream) 345 { 346 unsigned t = 0; 347 348 if (length > sizeof(*result)) { 349 (void) fprintf(stderr, "_read_scalar: bad length\n"); 350 return 0; 351 } 352 353 while (length--) { 354 uint8_t c; 355 int r; 356 357 r = base_read(&c, 1, stream); 358 if (r != 1) 359 return 0; 360 t = (t << 8) + c; 361 } 362 363 *result = t; 364 return 1; 365 } 366 367 /** 368 * \ingroup Core_ReadPackets 369 * \brief Read bytes from a region within the packet. 370 * 371 * Read length bytes into the buffer pointed to by *dest. 372 * Make sure we do not read over the packet boundary. 373 * Updates the Packet Tag's __ops_ptag_t::readc. 374 * 375 * If length would make us read over the packet boundary, or if 376 * reading fails, we call the callback with an error. 377 * 378 * Note that if the region is indeterminate, this can return a short 379 * read - check region->last_read for the length. EOF is indicated by 380 * a success return and region->last_read == 0 in this case (for a 381 * region of known length, EOF is an error). 382 * 383 * This function makes sure to respect packet boundaries. 384 * 385 * \param dest The destination buffer 386 * \param length How many bytes to read 387 * \param region Pointer to packet region 388 * \param errors Error stack 389 * \param readinfo Reader info 390 * \param cbinfo Callback info 391 * \return 1 on success, 0 on error 392 */ 393 unsigned 394 __ops_limited_read(uint8_t *dest, 395 size_t length, 396 __ops_region_t *region, 397 __ops_error_t **errors, 398 __ops_reader_t *readinfo, 399 __ops_cbdata_t *cbinfo) 400 { 401 size_t r; 402 int lr; 403 404 if (!region->indeterminate && 405 region->readc + length > region->length) { 406 OPS_ERROR(errors, OPS_E_P_NOT_ENOUGH_DATA, "Not enough data"); 407 return 0; 408 } 409 r = full_read(dest, length, &lr, errors, readinfo, cbinfo); 410 if (lr < 0) { 411 OPS_ERROR(errors, OPS_E_R_READ_FAILED, "Read failed"); 412 return 0; 413 } 414 if (!region->indeterminate && r != length) { 415 OPS_ERROR(errors, OPS_E_R_READ_FAILED, "Read failed"); 416 return 0; 417 } 418 region->last_read = r; 419 do { 420 region->readc += r; 421 if (region->parent && region->length > region->parent->length) { 422 (void) fprintf(stderr, 423 "ops_limited_read: bad length\n"); 424 return 0; 425 } 426 } while ((region = region->parent) != NULL); 427 return 1; 428 } 429 430 /** 431 \ingroup Core_ReadPackets 432 \brief Call __ops_limited_read on next in stack 433 */ 434 unsigned 435 __ops_stacked_limited_read(uint8_t *dest, unsigned length, 436 __ops_region_t *region, 437 __ops_error_t **errors, 438 __ops_reader_t *readinfo, 439 __ops_cbdata_t *cbinfo) 440 { 441 return __ops_limited_read(dest, length, region, errors, 442 readinfo->next, cbinfo); 443 } 444 445 static unsigned 446 limread(uint8_t *dest, unsigned length, 447 __ops_region_t *region, __ops_stream_t *info) 448 { 449 return __ops_limited_read(dest, length, region, &info->errors, 450 &info->readinfo, &info->cbinfo); 451 } 452 453 static unsigned 454 exact_limread(uint8_t *dest, unsigned len, 455 __ops_region_t *region, 456 __ops_stream_t *stream) 457 { 458 unsigned ret; 459 460 stream->exact_read = 1; 461 ret = limread(dest, len, region, stream); 462 stream->exact_read = 0; 463 return ret; 464 } 465 466 /** Skip over length bytes of this packet. 467 * 468 * Calls limread() to skip over some data. 469 * 470 * This function makes sure to respect packet boundaries. 471 * 472 * \param length How many bytes to skip 473 * \param *region Pointer to packet region 474 * \param *stream How to parse 475 * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). 476 */ 477 static int 478 limskip(unsigned length, __ops_region_t *region, __ops_stream_t *stream) 479 { 480 uint8_t buf[NETPGP_BUFSIZ]; 481 482 while (length > 0) { 483 unsigned n = length % NETPGP_BUFSIZ; 484 485 if (!limread(buf, n, region, stream)) { 486 return 0; 487 } 488 length -= n; 489 } 490 return 1; 491 } 492 493 /** Read a scalar. 494 * 495 * Read a big-endian scalar of length bytes, respecting packet 496 * boundaries (by calling limread() to read the raw data). 497 * 498 * This function makes sure to respect packet boundaries. 499 * 500 * \param *dest The scalar value is stored here 501 * \param length How many bytes make up this scalar (at most 4) 502 * \param *region Pointer to current packet region 503 * \param *stream How to parse 504 * \param *cb The callback 505 * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). 506 * 507 * \see RFC4880 3.1 508 */ 509 static int 510 limread_scalar(unsigned *dest, 511 unsigned len, 512 __ops_region_t *region, 513 __ops_stream_t *stream) 514 { 515 uint8_t c[4] = ""; 516 unsigned t; 517 unsigned n; 518 519 if (len > 4) { 520 (void) fprintf(stderr, "limread_scalar: bad length\n"); 521 return 0; 522 } 523 /*LINTED*/ 524 if (/*CONSTCOND*/sizeof(*dest) < 4) { 525 (void) fprintf(stderr, "limread_scalar: bad dest\n"); 526 return 0; 527 } 528 if (!limread(c, len, region, stream)) { 529 return 0; 530 } 531 for (t = 0, n = 0; n < len; ++n) { 532 t = (t << 8) + c[n]; 533 } 534 *dest = t; 535 return 1; 536 } 537 538 /** Read a scalar. 539 * 540 * Read a big-endian scalar of length bytes, respecting packet 541 * boundaries (by calling limread() to read the raw data). 542 * 543 * The value read is stored in a size_t, which is a different size 544 * from an unsigned on some platforms. 545 * 546 * This function makes sure to respect packet boundaries. 547 * 548 * \param *dest The scalar value is stored here 549 * \param length How many bytes make up this scalar (at most 4) 550 * \param *region Pointer to current packet region 551 * \param *stream How to parse 552 * \param *cb The callback 553 * \return 1 on success, 0 on error (calls the cb with OPS_PARSER_ERROR in limread()). 554 * 555 * \see RFC4880 3.1 556 */ 557 static int 558 limread_size_t(size_t *dest, 559 unsigned length, 560 __ops_region_t *region, 561 __ops_stream_t *stream) 562 { 563 unsigned tmp; 564 565 /* 566 * Note that because the scalar is at most 4 bytes, we don't care if 567 * size_t is bigger than usigned 568 */ 569 if (!limread_scalar(&tmp, length, region, stream)) 570 return 0; 571 572 *dest = tmp; 573 return 1; 574 } 575 576 /** Read a timestamp. 577 * 578 * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar 579 * of 4 bytes. 580 * 581 * This function reads the timestamp using limread_scalar(). 582 * 583 * This function makes sure to respect packet boundaries. 584 * 585 * \param *dest The timestamp is stored here 586 * \param *ptag Pointer to current packet's Packet Tag. 587 * \param *reader Our reader 588 * \param *cb The callback 589 * \return see limread_scalar() 590 * 591 * \see RFC4880 3.5 592 */ 593 static int 594 limited_read_time(time_t *dest, __ops_region_t *region, 595 __ops_stream_t *stream) 596 { 597 uint8_t c; 598 time_t mytime = 0; 599 int i; 600 601 /* 602 * Cannot assume that time_t is 4 octets long - 603 * SunOS 5.10 and NetBSD both have 64-bit time_ts. 604 */ 605 if (/* CONSTCOND */sizeof(time_t) == 4) { 606 return limread_scalar((unsigned *)(void *)dest, 4, region, stream); 607 } 608 for (i = 0; i < 4; i++) { 609 if (!limread(&c, 1, region, stream)) { 610 return 0; 611 } 612 mytime = (mytime << 8) + c; 613 } 614 *dest = mytime; 615 return 1; 616 } 617 618 /** 619 * \ingroup Core_MPI 620 * Read a multiprecision integer. 621 * 622 * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar 623 * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most 624 * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is 625 * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted). 626 * 627 * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are 628 * supposed to be cleared - I guess. XXX - does anything actually say so? 629 * 630 * This function makes sure to respect packet boundaries. 631 * 632 * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed 633 * by the caller XXX right ben? 634 * \param *ptag Pointer to current packet's Packet Tag. 635 * \param *reader Our reader 636 * \param *cb The callback 637 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 638 * see comment below - the callback is called with a OPS_PARSER_ERROR in case of an error) 639 * 640 * \see RFC4880 3.2 641 */ 642 static int 643 limread_mpi(BIGNUM **pbn, __ops_region_t *region, __ops_stream_t *stream) 644 { 645 uint8_t buf[NETPGP_BUFSIZ] = ""; 646 /* an MPI has a 2 byte length part. 647 * Length is given in bits, so the 648 * largest we should ever need for 649 * the buffer is NETPGP_BUFSIZ bytes. */ 650 unsigned length; 651 unsigned nonzero; 652 unsigned ret; 653 654 stream->reading_mpi_len = 1; 655 ret = (unsigned)limread_scalar(&length, 2, region, stream); 656 657 stream->reading_mpi_len = 0; 658 if (!ret) 659 return 0; 660 661 nonzero = length & 7; /* there should be this many zero bits in the 662 * MS byte */ 663 if (!nonzero) 664 nonzero = 8; 665 length = (length + 7) / 8; 666 667 if (length == 0) { 668 /* if we try to read a length of 0, then fail */ 669 if (__ops_get_debug_level(__FILE__)) { 670 (void) fprintf(stderr, "limread_mpi: 0 length\n"); 671 } 672 return 0; 673 } 674 if (length > NETPGP_BUFSIZ) { 675 (void) fprintf(stderr, "limread_mpi: bad length\n"); 676 return 0; 677 } 678 if (!limread(buf, length, region, stream)) { 679 return 0; 680 } 681 if (((unsigned)buf[0] >> nonzero) != 0 || 682 !((unsigned)buf[0] & (1U << (nonzero - 1U)))) { 683 OPS_ERROR(&stream->errors, OPS_E_P_MPI_FORMAT_ERROR, "MPI Format error"); 684 /* XXX: Ben, one part of 685 * this constraint does 686 * not apply to 687 * encrypted MPIs the 688 * draft says. -- peter */ 689 return 0; 690 } 691 *pbn = BN_bin2bn(buf, (int)length, NULL); 692 return 1; 693 } 694 695 /** Read some data with a New-Format length from reader. 696 * 697 * \sa Internet-Draft RFC4880.txt Section 4.2.2 698 * 699 * \param *length Where the decoded length will be put 700 * \param *stream How to parse 701 * \return 1 if OK, else 0 702 * 703 */ 704 705 static unsigned 706 read_new_length(unsigned *length, __ops_stream_t *stream) 707 { 708 uint8_t c; 709 710 if (base_read(&c, 1, stream) != 1) 711 return 0; 712 if (c < 192) { 713 /* 1. One-octet packet */ 714 *length = c; 715 return 1; 716 } else if (c >= 192 && c <= 223) { 717 /* 2. Two-octet packet */ 718 unsigned t = (c - 192) << 8; 719 720 if (base_read(&c, 1, stream) != 1) 721 return 0; 722 *length = t + c + 192; 723 return 1; 724 } else if (c == 255) { 725 /* 3. Five-Octet packet */ 726 return _read_scalar(length, 4, stream); 727 } else if (c >= 224 && c < 255) { 728 /* 4. Partial Body Length */ 729 /* XXX - agc - gpg multi-recipient encryption uses this */ 730 OPS_ERROR(&stream->errors, OPS_E_UNIMPLEMENTED, 731 "New format Partial Body Length fields not yet implemented"); 732 return 0; 733 } 734 return 0; 735 } 736 737 /** Read the length information for a new format Packet Tag. 738 * 739 * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and 740 * decodes it to the proper length information. 741 * 742 * This function makes sure to respect packet boundaries. 743 * 744 * \param *length return the length here 745 * \param *ptag Pointer to current packet's Packet Tag. 746 * \param *reader Our reader 747 * \param *cb The callback 748 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 749 * see comment below) 750 * 751 * \see RFC4880 4.2.2 752 * \see __ops_ptag_t 753 */ 754 static int 755 limited_read_new_length(unsigned *length, __ops_region_t *region, 756 __ops_stream_t *stream) 757 { 758 uint8_t c = 0x0; 759 760 if (!limread(&c, 1, region, stream)) { 761 return 0; 762 } 763 if (c < 192) { 764 *length = c; 765 return 1; 766 } 767 if (c < 255) { 768 unsigned t = (c - 192) << 8; 769 770 if (!limread(&c, 1, region, stream)) { 771 return 0; 772 } 773 *length = t + c + 192; 774 return 1; 775 } 776 return limread_scalar(length, 4, region, stream); 777 } 778 779 /** 780 \ingroup Core_Create 781 \brief Free allocated memory 782 */ 783 void 784 __ops_data_free(__ops_data_t *data) 785 { 786 free(data->contents); 787 data->contents = NULL; 788 data->len = 0; 789 } 790 791 /** 792 \ingroup Core_Create 793 \brief Free allocated memory 794 */ 795 static void 796 string_free(char **str) 797 { 798 free(*str); 799 *str = NULL; 800 } 801 802 /** 803 \ingroup Core_Create 804 \brief Free allocated memory 805 */ 806 /* ! Free packet memory, set pointer to NULL */ 807 void 808 __ops_subpacket_free(__ops_subpacket_t *packet) 809 { 810 free(packet->raw); 811 packet->raw = NULL; 812 } 813 814 /** 815 \ingroup Core_Create 816 \brief Free allocated memory 817 */ 818 static void 819 __ops_headers_free(__ops_headers_t *headers) 820 { 821 unsigned n; 822 823 for (n = 0; n < headers->headerc; ++n) { 824 free(headers->headers[n].key); 825 free(headers->headers[n].value); 826 } 827 free(headers->headers); 828 headers->headers = NULL; 829 } 830 831 /** 832 \ingroup Core_Create 833 \brief Free allocated memory 834 */ 835 static void 836 cleartext_trailer_free(struct _ops_hash_t **trailer) 837 { 838 free(*trailer); 839 *trailer = NULL; 840 } 841 842 /** 843 \ingroup Core_Create 844 \brief Free allocated memory 845 */ 846 static void 847 __ops_cmd_get_passphrase_free(__ops_seckey_passphrase_t *skp) 848 { 849 if (skp->passphrase && *skp->passphrase) { 850 free(*skp->passphrase); 851 *skp->passphrase = NULL; 852 } 853 } 854 855 /** 856 \ingroup Core_Create 857 \brief Free allocated memory 858 */ 859 static void 860 free_BN(BIGNUM **pp) 861 { 862 BN_free(*pp); 863 *pp = NULL; 864 } 865 866 /** 867 * \ingroup Core_Create 868 * \brief Free the memory used when parsing a signature 869 * \param sig 870 */ 871 static void 872 sig_free(__ops_sig_t *sig) 873 { 874 switch (sig->info.key_alg) { 875 case OPS_PKA_RSA: 876 case OPS_PKA_RSA_SIGN_ONLY: 877 free_BN(&sig->info.sig.rsa.sig); 878 break; 879 880 case OPS_PKA_DSA: 881 free_BN(&sig->info.sig.dsa.r); 882 free_BN(&sig->info.sig.dsa.s); 883 break; 884 885 case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 886 free_BN(&sig->info.sig.elgamal.r); 887 free_BN(&sig->info.sig.elgamal.s); 888 break; 889 890 case OPS_PKA_PRIVATE00: 891 case OPS_PKA_PRIVATE01: 892 case OPS_PKA_PRIVATE02: 893 case OPS_PKA_PRIVATE03: 894 case OPS_PKA_PRIVATE04: 895 case OPS_PKA_PRIVATE05: 896 case OPS_PKA_PRIVATE06: 897 case OPS_PKA_PRIVATE07: 898 case OPS_PKA_PRIVATE08: 899 case OPS_PKA_PRIVATE09: 900 case OPS_PKA_PRIVATE10: 901 __ops_data_free(&sig->info.sig.unknown); 902 break; 903 904 default: 905 (void) fprintf(stderr, "sig_free: bad sig type\n"); 906 } 907 } 908 909 /** 910 \ingroup Core_Create 911 \brief Free allocated memory 912 */ 913 /* ! Free any memory allocated when parsing the packet content */ 914 void 915 __ops_parser_content_free(__ops_packet_t *c) 916 { 917 switch (c->tag) { 918 case OPS_PARSER_PTAG: 919 case OPS_PTAG_CT_COMPRESSED: 920 case OPS_PTAG_SS_CREATION_TIME: 921 case OPS_PTAG_SS_EXPIRATION_TIME: 922 case OPS_PTAG_SS_KEY_EXPIRY: 923 case OPS_PTAG_SS_TRUST: 924 case OPS_PTAG_SS_ISSUER_KEY_ID: 925 case OPS_PTAG_CT_1_PASS_SIG: 926 case OPS_PTAG_SS_PRIMARY_USER_ID: 927 case OPS_PTAG_SS_REVOCABLE: 928 case OPS_PTAG_SS_REVOCATION_KEY: 929 case OPS_PTAG_CT_LITDATA_HEADER: 930 case OPS_PTAG_CT_LITDATA_BODY: 931 case OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY: 932 case OPS_PTAG_CT_UNARMOURED_TEXT: 933 case OPS_PTAG_CT_ARMOUR_TRAILER: 934 case OPS_PTAG_CT_SIGNATURE_HEADER: 935 case OPS_PTAG_CT_SE_DATA_HEADER: 936 case OPS_PTAG_CT_SE_IP_DATA_HEADER: 937 case OPS_PTAG_CT_SE_IP_DATA_BODY: 938 case OPS_PTAG_CT_MDC: 939 case OPS_GET_SECKEY: 940 break; 941 942 case OPS_PTAG_CT_SIGNED_CLEARTEXT_HEADER: 943 __ops_headers_free(&c->u.cleartext_head); 944 break; 945 946 case OPS_PTAG_CT_ARMOUR_HEADER: 947 __ops_headers_free(&c->u.armour_header.headers); 948 break; 949 950 case OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: 951 cleartext_trailer_free(&c->u.cleartext_trailer); 952 break; 953 954 case OPS_PTAG_CT_TRUST: 955 __ops_data_free(&c->u.trust); 956 break; 957 958 case OPS_PTAG_CT_SIGNATURE: 959 case OPS_PTAG_CT_SIGNATURE_FOOTER: 960 sig_free(&c->u.sig); 961 break; 962 963 case OPS_PTAG_CT_PUBLIC_KEY: 964 case OPS_PTAG_CT_PUBLIC_SUBKEY: 965 __ops_pubkey_free(&c->u.pubkey); 966 break; 967 968 case OPS_PTAG_CT_USER_ID: 969 __ops_userid_free(&c->u.userid); 970 break; 971 972 case OPS_PTAG_SS_SIGNERS_USER_ID: 973 __ops_userid_free(&c->u.ss_signer); 974 break; 975 976 case OPS_PTAG_CT_USER_ATTR: 977 __ops_data_free(&c->u.userattr); 978 break; 979 980 case OPS_PTAG_SS_PREFERRED_SKA: 981 __ops_data_free(&c->u.ss_skapref); 982 break; 983 984 case OPS_PTAG_SS_PREFERRED_HASH: 985 __ops_data_free(&c->u.ss_hashpref); 986 break; 987 988 case OPS_PTAG_SS_PREF_COMPRESS: 989 __ops_data_free(&c->u.ss_zpref); 990 break; 991 992 case OPS_PTAG_SS_KEY_FLAGS: 993 __ops_data_free(&c->u.ss_key_flags); 994 break; 995 996 case OPS_PTAG_SS_KEYSERV_PREFS: 997 __ops_data_free(&c->u.ss_key_server_prefs); 998 break; 999 1000 case OPS_PTAG_SS_FEATURES: 1001 __ops_data_free(&c->u.ss_features); 1002 break; 1003 1004 case OPS_PTAG_SS_NOTATION_DATA: 1005 __ops_data_free(&c->u.ss_notation.name); 1006 __ops_data_free(&c->u.ss_notation.value); 1007 break; 1008 1009 case OPS_PTAG_SS_REGEXP: 1010 string_free(&c->u.ss_regexp); 1011 break; 1012 1013 case OPS_PTAG_SS_POLICY_URI: 1014 string_free(&c->u.ss_policy); 1015 break; 1016 1017 case OPS_PTAG_SS_PREF_KEYSERV: 1018 string_free(&c->u.ss_keyserv); 1019 break; 1020 1021 case OPS_PTAG_SS_USERDEFINED00: 1022 case OPS_PTAG_SS_USERDEFINED01: 1023 case OPS_PTAG_SS_USERDEFINED02: 1024 case OPS_PTAG_SS_USERDEFINED03: 1025 case OPS_PTAG_SS_USERDEFINED04: 1026 case OPS_PTAG_SS_USERDEFINED05: 1027 case OPS_PTAG_SS_USERDEFINED06: 1028 case OPS_PTAG_SS_USERDEFINED07: 1029 case OPS_PTAG_SS_USERDEFINED08: 1030 case OPS_PTAG_SS_USERDEFINED09: 1031 case OPS_PTAG_SS_USERDEFINED10: 1032 __ops_data_free(&c->u.ss_userdef); 1033 break; 1034 1035 case OPS_PTAG_SS_RESERVED: 1036 __ops_data_free(&c->u.ss_unknown); 1037 break; 1038 1039 case OPS_PTAG_SS_REVOCATION_REASON: 1040 string_free(&c->u.ss_revocation.reason); 1041 break; 1042 1043 case OPS_PTAG_SS_EMBEDDED_SIGNATURE: 1044 __ops_data_free(&c->u.ss_embedded_sig); 1045 break; 1046 1047 case OPS_PARSER_PACKET_END: 1048 __ops_subpacket_free(&c->u.packet); 1049 break; 1050 1051 case OPS_PARSER_ERROR: 1052 case OPS_PARSER_ERRCODE: 1053 break; 1054 1055 case OPS_PTAG_CT_SECRET_KEY: 1056 case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: 1057 __ops_seckey_free(&c->u.seckey); 1058 break; 1059 1060 case OPS_PTAG_CT_PK_SESSION_KEY: 1061 case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: 1062 __ops_pk_sesskey_free(&c->u.pk_sesskey); 1063 break; 1064 1065 case OPS_GET_PASSPHRASE: 1066 __ops_cmd_get_passphrase_free(&c->u.skey_passphrase); 1067 break; 1068 1069 default: 1070 fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); 1071 } 1072 } 1073 1074 /** 1075 \ingroup Core_Create 1076 \brief Free allocated memory 1077 */ 1078 void 1079 __ops_pk_sesskey_free(__ops_pk_sesskey_t *sk) 1080 { 1081 switch (sk->alg) { 1082 case OPS_PKA_RSA: 1083 free_BN(&sk->params.rsa.encrypted_m); 1084 break; 1085 1086 case OPS_PKA_ELGAMAL: 1087 free_BN(&sk->params.elgamal.g_to_k); 1088 free_BN(&sk->params.elgamal.encrypted_m); 1089 break; 1090 1091 default: 1092 (void) fprintf(stderr, "__ops_pk_sesskey_free: bad alg\n"); 1093 break; 1094 } 1095 } 1096 1097 /** 1098 \ingroup Core_Create 1099 \brief Free allocated memory 1100 */ 1101 /* ! Free the memory used when parsing a public key */ 1102 void 1103 __ops_pubkey_free(__ops_pubkey_t *p) 1104 { 1105 switch (p->alg) { 1106 case OPS_PKA_RSA: 1107 case OPS_PKA_RSA_ENCRYPT_ONLY: 1108 case OPS_PKA_RSA_SIGN_ONLY: 1109 free_BN(&p->key.rsa.n); 1110 free_BN(&p->key.rsa.e); 1111 break; 1112 1113 case OPS_PKA_DSA: 1114 free_BN(&p->key.dsa.p); 1115 free_BN(&p->key.dsa.q); 1116 free_BN(&p->key.dsa.g); 1117 free_BN(&p->key.dsa.y); 1118 break; 1119 1120 case OPS_PKA_ELGAMAL: 1121 case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1122 free_BN(&p->key.elgamal.p); 1123 free_BN(&p->key.elgamal.g); 1124 free_BN(&p->key.elgamal.y); 1125 break; 1126 1127 case OPS_PKA_NOTHING: 1128 /* nothing to free */ 1129 break; 1130 1131 default: 1132 (void) fprintf(stderr, "__ops_pubkey_free: bad alg\n"); 1133 } 1134 } 1135 1136 /** 1137 \ingroup Core_ReadPackets 1138 */ 1139 static int 1140 parse_pubkey_data(__ops_pubkey_t *key, __ops_region_t *region, 1141 __ops_stream_t *stream) 1142 { 1143 uint8_t c = 0x0; 1144 1145 if (region->readc != 0) { 1146 /* We should not have read anything so far */ 1147 (void) fprintf(stderr, "parse_pubkey_data: bad length\n"); 1148 return 0; 1149 } 1150 if (!limread(&c, 1, region, stream)) { 1151 return 0; 1152 } 1153 key->version = (__ops_version_t)c; 1154 switch (key->version) { 1155 case OPS_V2: 1156 case OPS_V3: 1157 case OPS_V4: 1158 break; 1159 default: 1160 OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN, 1161 "Bad public key version (0x%02x)", key->version); 1162 return 0; 1163 } 1164 if (!limited_read_time(&key->birthtime, region, stream)) { 1165 return 0; 1166 } 1167 1168 key->days_valid = 0; 1169 if ((key->version == 2 || key->version == 3) && 1170 !limread_scalar(&key->days_valid, 2, region, stream)) { 1171 return 0; 1172 } 1173 1174 if (!limread(&c, 1, region, stream)) { 1175 return 0; 1176 } 1177 key->alg = c; 1178 1179 switch (key->alg) { 1180 case OPS_PKA_DSA: 1181 if (!limread_mpi(&key->key.dsa.p, region, stream) || 1182 !limread_mpi(&key->key.dsa.q, region, stream) || 1183 !limread_mpi(&key->key.dsa.g, region, stream) || 1184 !limread_mpi(&key->key.dsa.y, region, stream)) { 1185 return 0; 1186 } 1187 break; 1188 1189 case OPS_PKA_RSA: 1190 case OPS_PKA_RSA_ENCRYPT_ONLY: 1191 case OPS_PKA_RSA_SIGN_ONLY: 1192 if (!limread_mpi(&key->key.rsa.n, region, stream) || 1193 !limread_mpi(&key->key.rsa.e, region, stream)) { 1194 return 0; 1195 } 1196 break; 1197 1198 case OPS_PKA_ELGAMAL: 1199 case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1200 if (!limread_mpi(&key->key.elgamal.p, region, stream) || 1201 !limread_mpi(&key->key.elgamal.g, region, stream) || 1202 !limread_mpi(&key->key.elgamal.y, region, stream)) { 1203 return 0; 1204 } 1205 break; 1206 1207 default: 1208 OPS_ERROR_1(&stream->errors, 1209 OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 1210 "Unsupported Public Key algorithm (%s)", 1211 __ops_show_pka(key->alg)); 1212 return 0; 1213 } 1214 1215 return 1; 1216 } 1217 1218 1219 /** 1220 * \ingroup Core_ReadPackets 1221 * \brief Parse a public key packet. 1222 * 1223 * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. 1224 * 1225 * Once the key has been parsed successfully, it is passed to the callback. 1226 * 1227 * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. 1228 * \param *reader Our reader 1229 * \param *cb The callback 1230 * \return 1 on success, 0 on error 1231 * 1232 * \see RFC4880 5.5.2 1233 */ 1234 static int 1235 parse_pubkey(__ops_content_enum tag, __ops_region_t *region, 1236 __ops_stream_t *stream) 1237 { 1238 __ops_packet_t pkt; 1239 1240 if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) 1241 return 0; 1242 1243 /* XXX: this test should be done for all packets, surely? */ 1244 if (region->readc != region->length) { 1245 OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, 1246 "Unconsumed data (%d)", region->length - region->readc); 1247 return 0; 1248 } 1249 CALLBACK(tag, &stream->cbinfo, &pkt); 1250 1251 return 1; 1252 } 1253 1254 /** 1255 * \ingroup Core_ReadPackets 1256 * \brief Parse one user attribute packet. 1257 * 1258 * User attribute packets contain one or more attribute subpackets. 1259 * For now, handle the whole packet as raw data. 1260 */ 1261 1262 static int 1263 parse_userattr(__ops_region_t *region, __ops_stream_t *stream) 1264 { 1265 1266 __ops_packet_t pkt; 1267 1268 /* 1269 * xxx- treat as raw data for now. Could break down further into 1270 * attribute sub-packets later - rachel 1271 */ 1272 if (region->readc != 0) { 1273 /* We should not have read anything so far */ 1274 (void) fprintf(stderr, "parse_userattr: bad length\n"); 1275 return 0; 1276 } 1277 if (!read_data(&pkt.u.userattr, region, stream)) { 1278 return 0; 1279 } 1280 CALLBACK(OPS_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt); 1281 return 1; 1282 } 1283 1284 /** 1285 \ingroup Core_Create 1286 \brief Free allocated memory 1287 */ 1288 /* ! Free the memory used when parsing this packet type */ 1289 void 1290 __ops_userid_free(uint8_t **id) 1291 { 1292 free(*id); 1293 *id = NULL; 1294 } 1295 1296 /** 1297 * \ingroup Core_ReadPackets 1298 * \brief Parse a user id. 1299 * 1300 * This function parses an user id packet, which is basically just a char array the size of the packet. 1301 * 1302 * The char array is to be treated as an UTF-8 string. 1303 * 1304 * The userid gets null terminated by this function. Freeing it is the responsibility of the caller. 1305 * 1306 * Once the userid has been parsed successfully, it is passed to the callback. 1307 * 1308 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1309 * \param *reader Our reader 1310 * \param *cb The callback 1311 * \return 1 on success, 0 on error 1312 * 1313 * \see RFC4880 5.11 1314 */ 1315 static int 1316 parse_userid(__ops_region_t *region, __ops_stream_t *stream) 1317 { 1318 __ops_packet_t pkt; 1319 1320 if (region->readc != 0) { 1321 /* We should not have read anything so far */ 1322 (void) fprintf(stderr, "parse_userid: bad length\n"); 1323 return 0; 1324 } 1325 1326 if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) { 1327 (void) fprintf(stderr, "parse_userid: bad alloc\n"); 1328 return 0; 1329 } 1330 1331 if (region->length && 1332 !limread(pkt.u.userid, region->length, region, 1333 stream)) { 1334 return 0; 1335 } 1336 pkt.u.userid[region->length] = 0x0; 1337 CALLBACK(OPS_PTAG_CT_USER_ID, &stream->cbinfo, &pkt); 1338 return 1; 1339 } 1340 1341 static __ops_hash_t * 1342 parse_hash_find(__ops_stream_t *stream, const uint8_t *keyid) 1343 { 1344 __ops_hashtype_t *hp; 1345 size_t n; 1346 1347 for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) { 1348 if (memcmp(hp->keyid, keyid, OPS_KEY_ID_SIZE) == 0) { 1349 return &hp->hash; 1350 } 1351 } 1352 return NULL; 1353 } 1354 1355 /** 1356 * \ingroup Core_Parse 1357 * \brief Parse a version 3 signature. 1358 * 1359 * This function parses an version 3 signature packet, handling RSA and DSA signatures. 1360 * 1361 * Once the signature has been parsed successfully, it is passed to the callback. 1362 * 1363 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1364 * \param *reader Our reader 1365 * \param *cb The callback 1366 * \return 1 on success, 0 on error 1367 * 1368 * \see RFC4880 5.2.2 1369 */ 1370 static int 1371 parse_v3_sig(__ops_region_t *region, 1372 __ops_stream_t *stream) 1373 { 1374 __ops_packet_t pkt; 1375 uint8_t c = 0x0; 1376 1377 /* clear signature */ 1378 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1379 1380 pkt.u.sig.info.version = OPS_V3; 1381 1382 /* hash info length */ 1383 if (!limread(&c, 1, region, stream)) { 1384 return 0; 1385 } 1386 if (c != 5) { 1387 ERRP(&stream->cbinfo, pkt, "bad hash info length"); 1388 } 1389 1390 if (!limread(&c, 1, region, stream)) { 1391 return 0; 1392 } 1393 pkt.u.sig.info.type = (__ops_sig_type_t)c; 1394 /* XXX: check signature type */ 1395 1396 if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) { 1397 return 0; 1398 } 1399 pkt.u.sig.info.birthtime_set = 1; 1400 1401 if (!limread(pkt.u.sig.info.signer_id, OPS_KEY_ID_SIZE, region, 1402 stream)) { 1403 return 0; 1404 } 1405 pkt.u.sig.info.signer_id_set = 1; 1406 1407 if (!limread(&c, 1, region, stream)) { 1408 return 0; 1409 } 1410 pkt.u.sig.info.key_alg = (__ops_pubkey_alg_t)c; 1411 /* XXX: check algorithm */ 1412 1413 if (!limread(&c, 1, region, stream)) { 1414 return 0; 1415 } 1416 pkt.u.sig.info.hash_alg = (__ops_hash_alg_t)c; 1417 /* XXX: check algorithm */ 1418 1419 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 1420 return 0; 1421 } 1422 1423 switch (pkt.u.sig.info.key_alg) { 1424 case OPS_PKA_RSA: 1425 case OPS_PKA_RSA_SIGN_ONLY: 1426 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 1427 return 0; 1428 } 1429 break; 1430 1431 case OPS_PKA_DSA: 1432 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) || 1433 !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 1434 return 0; 1435 } 1436 break; 1437 1438 case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1439 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 1440 stream) || 1441 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 1442 stream)) { 1443 return 0; 1444 } 1445 break; 1446 1447 default: 1448 OPS_ERROR_1(&stream->errors, 1449 OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 1450 "Unsupported signature key algorithm (%s)", 1451 __ops_show_pka(pkt.u.sig.info.key_alg)); 1452 return 0; 1453 } 1454 1455 if (region->readc != region->length) { 1456 OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, 1457 "Unconsumed data (%d)", 1458 region->length - region->readc); 1459 return 0; 1460 } 1461 if (pkt.u.sig.info.signer_id_set) { 1462 pkt.u.sig.hash = parse_hash_find(stream, 1463 pkt.u.sig.info.signer_id); 1464 } 1465 CALLBACK(OPS_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt); 1466 return 1; 1467 } 1468 1469 /** 1470 * \ingroup Core_ReadPackets 1471 * \brief Parse one signature sub-packet. 1472 * 1473 * Version 4 signatures can have an arbitrary amount of (hashed and 1474 * unhashed) subpackets. Subpackets are used to hold optional 1475 * attributes of subpackets. 1476 * 1477 * This function parses one such signature subpacket. 1478 * 1479 * Once the subpacket has been parsed successfully, it is passed to the callback. 1480 * 1481 * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket. 1482 * \param *reader Our reader 1483 * \param *cb The callback 1484 * \return 1 on success, 0 on error 1485 * 1486 * \see RFC4880 5.2.3 1487 */ 1488 static int 1489 parse_one_sig_subpacket(__ops_sig_t *sig, 1490 __ops_region_t *region, 1491 __ops_stream_t *stream) 1492 { 1493 __ops_region_t subregion; 1494 __ops_packet_t pkt; 1495 uint8_t bools = 0x0; 1496 uint8_t c = 0x0; 1497 unsigned doread = 1; 1498 unsigned t8; 1499 unsigned t7; 1500 1501 __ops_init_subregion(&subregion, region); 1502 if (!limited_read_new_length(&subregion.length, region, stream)) { 1503 return 0; 1504 } 1505 1506 if (subregion.length > region->length) { 1507 ERRP(&stream->cbinfo, pkt, "Subpacket too long"); 1508 } 1509 1510 if (!limread(&c, 1, &subregion, stream)) { 1511 return 0; 1512 } 1513 1514 t8 = (c & 0x7f) / 8; 1515 t7 = 1 << (c & 7); 1516 1517 pkt.critical = (unsigned)c >> 7; 1518 pkt.tag = (__ops_content_enum)(OPS_PTAG_SIG_SUBPKT_BASE + (c & 0x7f)); 1519 1520 /* Application wants it delivered raw */ 1521 if (stream->ss_raw[t8] & t7) { 1522 pkt.u.ss_raw.tag = pkt.tag; 1523 pkt.u.ss_raw.length = subregion.length - 1; 1524 pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length); 1525 if (pkt.u.ss_raw.raw == NULL) { 1526 (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n"); 1527 return 0; 1528 } 1529 if (!limread(pkt.u.ss_raw.raw, pkt.u.ss_raw.length, 1530 &subregion, stream)) { 1531 return 0; 1532 } 1533 CALLBACK(OPS_PTAG_RAW_SS, &stream->cbinfo, &pkt); 1534 return 1; 1535 } 1536 switch (pkt.tag) { 1537 case OPS_PTAG_SS_CREATION_TIME: 1538 case OPS_PTAG_SS_EXPIRATION_TIME: 1539 case OPS_PTAG_SS_KEY_EXPIRY: 1540 if (!limited_read_time(&pkt.u.ss_time, &subregion, stream)) 1541 return 0; 1542 if (pkt.tag == OPS_PTAG_SS_CREATION_TIME) { 1543 sig->info.birthtime = pkt.u.ss_time; 1544 sig->info.birthtime_set = 1; 1545 } 1546 if (pkt.tag == OPS_PTAG_SS_EXPIRATION_TIME) { 1547 sig->info.duration = pkt.u.ss_time; 1548 sig->info.duration_set = 1; 1549 } 1550 break; 1551 1552 case OPS_PTAG_SS_TRUST: 1553 if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) || 1554 !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) { 1555 return 0; 1556 } 1557 break; 1558 1559 case OPS_PTAG_SS_REVOCABLE: 1560 if (!limread(&bools, 1, &subregion, stream)) { 1561 return 0; 1562 } 1563 pkt.u.ss_revocable = !!bools; 1564 break; 1565 1566 case OPS_PTAG_SS_ISSUER_KEY_ID: 1567 if (!limread(pkt.u.ss_issuer, OPS_KEY_ID_SIZE, &subregion, stream)) { 1568 return 0; 1569 } 1570 (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, OPS_KEY_ID_SIZE); 1571 sig->info.signer_id_set = 1; 1572 break; 1573 1574 case OPS_PTAG_SS_PREFERRED_SKA: 1575 if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) { 1576 return 0; 1577 } 1578 break; 1579 1580 case OPS_PTAG_SS_PREFERRED_HASH: 1581 if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) { 1582 return 0; 1583 } 1584 break; 1585 1586 case OPS_PTAG_SS_PREF_COMPRESS: 1587 if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) { 1588 return 0; 1589 } 1590 break; 1591 1592 case OPS_PTAG_SS_PRIMARY_USER_ID: 1593 if (!limread(&bools, 1, &subregion, stream)) { 1594 return 0; 1595 } 1596 pkt.u.ss_primary_userid = !!bools; 1597 break; 1598 1599 case OPS_PTAG_SS_KEY_FLAGS: 1600 if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) { 1601 return 0; 1602 } 1603 break; 1604 1605 case OPS_PTAG_SS_KEYSERV_PREFS: 1606 if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) { 1607 return 0; 1608 } 1609 break; 1610 1611 case OPS_PTAG_SS_FEATURES: 1612 if (!read_data(&pkt.u.ss_features, &subregion, stream)) { 1613 return 0; 1614 } 1615 break; 1616 1617 case OPS_PTAG_SS_SIGNERS_USER_ID: 1618 if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) { 1619 return 0; 1620 } 1621 break; 1622 1623 case OPS_PTAG_SS_EMBEDDED_SIGNATURE: 1624 /* \todo should do something with this sig? */ 1625 if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) { 1626 return 0; 1627 } 1628 break; 1629 1630 case OPS_PTAG_SS_NOTATION_DATA: 1631 if (!limread_data(&pkt.u.ss_notation.flags, 4, 1632 &subregion, stream)) { 1633 return 0; 1634 } 1635 if (!limread_size_t(&pkt.u.ss_notation.name.len, 2, 1636 &subregion, stream)) { 1637 return 0; 1638 } 1639 if (!limread_size_t(&pkt.u.ss_notation.value.len, 2, 1640 &subregion, stream)) { 1641 return 0; 1642 } 1643 if (!limread_data(&pkt.u.ss_notation.name, 1644 pkt.u.ss_notation.name.len, 1645 &subregion, stream)) { 1646 return 0; 1647 } 1648 if (!limread_data(&pkt.u.ss_notation.value, 1649 pkt.u.ss_notation.value.len, 1650 &subregion, stream)) { 1651 return 0; 1652 } 1653 break; 1654 1655 case OPS_PTAG_SS_POLICY_URI: 1656 if (!read_string(&pkt.u.ss_policy, &subregion, stream)) { 1657 return 0; 1658 } 1659 break; 1660 1661 case OPS_PTAG_SS_REGEXP: 1662 if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) { 1663 return 0; 1664 } 1665 break; 1666 1667 case OPS_PTAG_SS_PREF_KEYSERV: 1668 if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) { 1669 return 0; 1670 } 1671 break; 1672 1673 case OPS_PTAG_SS_USERDEFINED00: 1674 case OPS_PTAG_SS_USERDEFINED01: 1675 case OPS_PTAG_SS_USERDEFINED02: 1676 case OPS_PTAG_SS_USERDEFINED03: 1677 case OPS_PTAG_SS_USERDEFINED04: 1678 case OPS_PTAG_SS_USERDEFINED05: 1679 case OPS_PTAG_SS_USERDEFINED06: 1680 case OPS_PTAG_SS_USERDEFINED07: 1681 case OPS_PTAG_SS_USERDEFINED08: 1682 case OPS_PTAG_SS_USERDEFINED09: 1683 case OPS_PTAG_SS_USERDEFINED10: 1684 if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) { 1685 return 0; 1686 } 1687 break; 1688 1689 case OPS_PTAG_SS_RESERVED: 1690 if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) { 1691 return 0; 1692 } 1693 break; 1694 1695 case OPS_PTAG_SS_REVOCATION_REASON: 1696 /* first byte is the machine-readable code */ 1697 if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) { 1698 return 0; 1699 } 1700 /* the rest is a human-readable UTF-8 string */ 1701 if (!read_string(&pkt.u.ss_revocation.reason, &subregion, 1702 stream)) { 1703 return 0; 1704 } 1705 break; 1706 1707 case OPS_PTAG_SS_REVOCATION_KEY: 1708 /* octet 0 = class. Bit 0x80 must be set */ 1709 if (!limread(&pkt.u.ss_revocation_key.class, 1, 1710 &subregion, stream)) { 1711 return 0; 1712 } 1713 if (!(pkt.u.ss_revocation_key.class & 0x80)) { 1714 printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: " 1715 "Bit 0x80 should be set\n"); 1716 return 0; 1717 } 1718 /* octet 1 = algid */ 1719 if (!limread(&pkt.u.ss_revocation_key.algid, 1, 1720 &subregion, stream)) { 1721 return 0; 1722 } 1723 /* octets 2-21 = fingerprint */ 1724 if (!limread(&pkt.u.ss_revocation_key.fingerprint[0], 1725 OPS_FINGERPRINT_SIZE, &subregion, stream)) { 1726 return 0; 1727 } 1728 break; 1729 1730 default: 1731 if (stream->ss_parsed[t8] & t7) { 1732 OPS_ERROR_1(&stream->errors, OPS_E_PROTO_UNKNOWN_SS, 1733 "Unknown signature subpacket type (%d)", 1734 c & 0x7f); 1735 } 1736 doread = 0; 1737 break; 1738 } 1739 1740 /* Application doesn't want it delivered parsed */ 1741 if (!(stream->ss_parsed[t8] & t7)) { 1742 if (pkt.critical) { 1743 OPS_ERROR_1(&stream->errors, 1744 OPS_E_PROTO_CRITICAL_SS_IGNORED, 1745 "Critical signature subpacket ignored (%d)", 1746 c & 0x7f); 1747 } 1748 if (!doread && 1749 !limskip(subregion.length - 1, &subregion, stream)) { 1750 return 0; 1751 } 1752 if (doread) { 1753 __ops_parser_content_free(&pkt); 1754 } 1755 return 1; 1756 } 1757 if (doread && subregion.readc != subregion.length) { 1758 OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, 1759 "Unconsumed data (%d)", 1760 subregion.length - subregion.readc); 1761 return 0; 1762 } 1763 CALLBACK(pkt.tag, &stream->cbinfo, &pkt); 1764 return 1; 1765 } 1766 1767 /** 1768 * \ingroup Core_ReadPackets 1769 * \brief Parse several signature subpackets. 1770 * 1771 * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. 1772 * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the 1773 * entire set is consumed. 1774 * 1775 * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket. 1776 * 1777 * \param *ptag Pointer to the Packet Tag. 1778 * \param *reader Our reader 1779 * \param *cb The callback 1780 * \return 1 on success, 0 on error 1781 * 1782 * \see RFC4880 5.2.3 1783 */ 1784 static int 1785 parse_sig_subpkts(__ops_sig_t *sig, 1786 __ops_region_t *region, 1787 __ops_stream_t *stream) 1788 { 1789 __ops_region_t subregion; 1790 __ops_packet_t pkt; 1791 1792 __ops_init_subregion(&subregion, region); 1793 if (!limread_scalar(&subregion.length, 2, region, stream)) { 1794 return 0; 1795 } 1796 1797 if (subregion.length > region->length) { 1798 ERRP(&stream->cbinfo, pkt, "Subpacket set too long"); 1799 } 1800 1801 while (subregion.readc < subregion.length) { 1802 if (!parse_one_sig_subpacket(sig, &subregion, stream)) { 1803 return 0; 1804 } 1805 } 1806 1807 if (subregion.readc != subregion.length) { 1808 if (!limskip(subregion.length - subregion.readc, 1809 &subregion, stream)) { 1810 ERRP(&stream->cbinfo, pkt, 1811 "parse_sig_subpkts: subpacket length read mismatch"); 1812 } 1813 ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch"); 1814 } 1815 return 1; 1816 } 1817 1818 /** 1819 * \ingroup Core_ReadPackets 1820 * \brief Parse a version 4 signature. 1821 * 1822 * This function parses a version 4 signature including all its hashed and unhashed subpackets. 1823 * 1824 * Once the signature packet has been parsed successfully, it is passed to the callback. 1825 * 1826 * \param *ptag Pointer to the Packet Tag. 1827 * \param *reader Our reader 1828 * \param *cb The callback 1829 * \return 1 on success, 0 on error 1830 * 1831 * \see RFC4880 5.2.3 1832 */ 1833 static int 1834 parse_v4_sig(__ops_region_t *region, __ops_stream_t *stream) 1835 { 1836 __ops_packet_t pkt; 1837 uint8_t c = 0x0; 1838 1839 if (__ops_get_debug_level(__FILE__)) { 1840 fprintf(stderr, "\nparse_v4_sig\n"); 1841 } 1842 /* clear signature */ 1843 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1844 1845 /* 1846 * We need to hash the packet data from version through the hashed 1847 * subpacket data 1848 */ 1849 1850 pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1; 1851 1852 /* Set version,type,algorithms */ 1853 1854 pkt.u.sig.info.version = OPS_V4; 1855 1856 if (!limread(&c, 1, region, stream)) { 1857 return 0; 1858 } 1859 pkt.u.sig.info.type = (__ops_sig_type_t)c; 1860 if (__ops_get_debug_level(__FILE__)) { 1861 fprintf(stderr, "signature type=%d (%s)\n", 1862 pkt.u.sig.info.type, 1863 __ops_show_sig_type(pkt.u.sig.info.type)); 1864 } 1865 /* XXX: check signature type */ 1866 1867 if (!limread(&c, 1, region, stream)) { 1868 return 0; 1869 } 1870 pkt.u.sig.info.key_alg = (__ops_pubkey_alg_t)c; 1871 /* XXX: check key algorithm */ 1872 if (__ops_get_debug_level(__FILE__)) { 1873 (void) fprintf(stderr, "key_alg=%d (%s)\n", 1874 pkt.u.sig.info.key_alg, 1875 __ops_show_pka(pkt.u.sig.info.key_alg)); 1876 } 1877 if (!limread(&c, 1, region, stream)) { 1878 return 0; 1879 } 1880 pkt.u.sig.info.hash_alg = (__ops_hash_alg_t)c; 1881 /* XXX: check hash algorithm */ 1882 if (__ops_get_debug_level(__FILE__)) { 1883 fprintf(stderr, "hash_alg=%d %s\n", 1884 pkt.u.sig.info.hash_alg, 1885 __ops_show_hash_alg(pkt.u.sig.info.hash_alg)); 1886 } 1887 CALLBACK(OPS_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt); 1888 1889 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 1890 return 0; 1891 } 1892 1893 pkt.u.sig.info.v4_hashlen = stream->readinfo.alength 1894 - pkt.u.sig.v4_hashstart; 1895 if (__ops_get_debug_level(__FILE__)) { 1896 fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen); 1897 } 1898 1899 /* copy hashed subpackets */ 1900 if (pkt.u.sig.info.v4_hashed) { 1901 free(pkt.u.sig.info.v4_hashed); 1902 } 1903 pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen); 1904 if (pkt.u.sig.info.v4_hashed == NULL) { 1905 (void) fprintf(stderr, "parse_v4_sig: bad alloc\n"); 1906 return 0; 1907 } 1908 1909 if (!stream->readinfo.accumulate) { 1910 /* We must accumulate, else we can't check the signature */ 1911 fprintf(stderr, "*** ERROR: must set accumulate to 1\n"); 1912 return 0; 1913 } 1914 (void) memcpy(pkt.u.sig.info.v4_hashed, 1915 stream->readinfo.accumulated + pkt.u.sig.v4_hashstart, 1916 pkt.u.sig.info.v4_hashlen); 1917 1918 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 1919 return 0; 1920 } 1921 1922 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 1923 return 0; 1924 } 1925 1926 switch (pkt.u.sig.info.key_alg) { 1927 case OPS_PKA_RSA: 1928 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 1929 return 0; 1930 } 1931 if (__ops_get_debug_level(__FILE__)) { 1932 (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n"); 1933 BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig); 1934 (void) fprintf(stderr, "\n"); 1935 } 1936 break; 1937 1938 case OPS_PKA_DSA: 1939 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) { 1940 /* 1941 * usually if this fails, it just means we've reached 1942 * the end of the keyring 1943 */ 1944 if (__ops_get_debug_level(__FILE__)) { 1945 (void) fprintf(stderr, 1946 "Error reading DSA r field in signature"); 1947 } 1948 return 0; 1949 } 1950 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 1951 ERRP(&stream->cbinfo, pkt, 1952 "Error reading DSA s field in signature"); 1953 } 1954 break; 1955 1956 case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1957 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 1958 stream) || 1959 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 1960 stream)) { 1961 return 0; 1962 } 1963 break; 1964 1965 case OPS_PKA_PRIVATE00: 1966 case OPS_PKA_PRIVATE01: 1967 case OPS_PKA_PRIVATE02: 1968 case OPS_PKA_PRIVATE03: 1969 case OPS_PKA_PRIVATE04: 1970 case OPS_PKA_PRIVATE05: 1971 case OPS_PKA_PRIVATE06: 1972 case OPS_PKA_PRIVATE07: 1973 case OPS_PKA_PRIVATE08: 1974 case OPS_PKA_PRIVATE09: 1975 case OPS_PKA_PRIVATE10: 1976 if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) { 1977 return 0; 1978 } 1979 break; 1980 1981 default: 1982 OPS_ERROR_1(&stream->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 1983 "Bad v4 signature key algorithm (%s)", 1984 __ops_show_pka(pkt.u.sig.info.key_alg)); 1985 return 0; 1986 } 1987 if (region->readc != region->length) { 1988 OPS_ERROR_1(&stream->errors, OPS_E_R_UNCONSUMED_DATA, 1989 "Unconsumed data (%d)", 1990 region->length - region->readc); 1991 return 0; 1992 } 1993 CALLBACK(OPS_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt); 1994 return 1; 1995 } 1996 1997 /** 1998 * \ingroup Core_ReadPackets 1999 * \brief Parse a signature subpacket. 2000 * 2001 * This function calls the appropriate function to handle v3 or v4 signatures. 2002 * 2003 * Once the signature packet has been parsed successfully, it is passed to the callback. 2004 * 2005 * \param *ptag Pointer to the Packet Tag. 2006 * \param *reader Our reader 2007 * \param *cb The callback 2008 * \return 1 on success, 0 on error 2009 */ 2010 static int 2011 parse_sig(__ops_region_t *region, __ops_stream_t *stream) 2012 { 2013 __ops_packet_t pkt; 2014 uint8_t c = 0x0; 2015 2016 if (region->readc != 0) { 2017 /* We should not have read anything so far */ 2018 (void) fprintf(stderr, "parse_sig: bad length\n"); 2019 return 0; 2020 } 2021 2022 (void) memset(&pkt, 0x0, sizeof(pkt)); 2023 if (!limread(&c, 1, region, stream)) { 2024 return 0; 2025 } 2026 if (c == 2 || c == 3) { 2027 return parse_v3_sig(region, stream); 2028 } 2029 if (c == 4) { 2030 return parse_v4_sig(region, stream); 2031 } 2032 OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_SIGNATURE_VRSN, 2033 "Bad signature version (%d)", c); 2034 return 0; 2035 } 2036 2037 /** 2038 \ingroup Core_ReadPackets 2039 \brief Parse Compressed packet 2040 */ 2041 static int 2042 parse_compressed(__ops_region_t *region, __ops_stream_t *stream) 2043 { 2044 __ops_packet_t pkt; 2045 uint8_t c = 0x0; 2046 2047 if (!limread(&c, 1, region, stream)) { 2048 return 0; 2049 } 2050 2051 pkt.u.compressed = (__ops_compression_type_t)c; 2052 2053 CALLBACK(OPS_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt); 2054 2055 /* 2056 * The content of a compressed data packet is more OpenPGP packets 2057 * once decompressed, so recursively handle them 2058 */ 2059 2060 return __ops_decompress(region, stream, pkt.u.compressed); 2061 } 2062 2063 /* XXX: this could be improved by sharing all hashes that are the */ 2064 /* same, then duping them just before checking the signature. */ 2065 static void 2066 parse_hash_init(__ops_stream_t *stream, __ops_hash_alg_t type, 2067 const uint8_t *keyid) 2068 { 2069 __ops_hashtype_t *hash; 2070 2071 hash = realloc(stream->hashes, 2072 (stream->hashc + 1) * sizeof(*stream->hashes)); 2073 if (hash == NULL) { 2074 (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n"); 2075 /* just continue and die here */ 2076 /* XXX - agc - no way to return failure */ 2077 } else { 2078 stream->hashes = hash; 2079 } 2080 hash = &stream->hashes[stream->hashc++]; 2081 2082 __ops_hash_any(&hash->hash, type); 2083 if (!hash->hash.init(&hash->hash)) { 2084 (void) fprintf(stderr, "parse_hash_init: bad alloc\n"); 2085 /* just continue and die here */ 2086 /* XXX - agc - no way to return failure */ 2087 } 2088 (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); 2089 } 2090 2091 /** 2092 \ingroup Core_ReadPackets 2093 \brief Parse a One Pass Signature packet 2094 */ 2095 static int 2096 parse_one_pass(__ops_region_t * region, __ops_stream_t * stream) 2097 { 2098 __ops_packet_t pkt; 2099 uint8_t c = 0x0; 2100 2101 if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) { 2102 return 0; 2103 } 2104 if (pkt.u.one_pass_sig.version != 3) { 2105 OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN, 2106 "Bad one-pass signature version (%d)", 2107 pkt.u.one_pass_sig.version); 2108 return 0; 2109 } 2110 if (!limread(&c, 1, region, stream)) { 2111 return 0; 2112 } 2113 pkt.u.one_pass_sig.sig_type = (__ops_sig_type_t)c; 2114 2115 if (!limread(&c, 1, region, stream)) { 2116 return 0; 2117 } 2118 pkt.u.one_pass_sig.hash_alg = (__ops_hash_alg_t)c; 2119 2120 if (!limread(&c, 1, region, stream)) { 2121 return 0; 2122 } 2123 pkt.u.one_pass_sig.key_alg = (__ops_pubkey_alg_t)c; 2124 2125 if (!limread(pkt.u.one_pass_sig.keyid, 2126 sizeof(pkt.u.one_pass_sig.keyid), region, stream)) { 2127 return 0; 2128 } 2129 2130 if (!limread(&c, 1, region, stream)) { 2131 return 0; 2132 } 2133 pkt.u.one_pass_sig.nested = !!c; 2134 CALLBACK(OPS_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt); 2135 /* XXX: we should, perhaps, let the app choose whether to hash or not */ 2136 parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg, 2137 pkt.u.one_pass_sig.keyid); 2138 return 1; 2139 } 2140 2141 /** 2142 \ingroup Core_ReadPackets 2143 \brief Parse a Trust packet 2144 */ 2145 static int 2146 parse_trust(__ops_region_t *region, __ops_stream_t *stream) 2147 { 2148 __ops_packet_t pkt; 2149 2150 if (!read_data(&pkt.u.trust, region, stream)) { 2151 return 0; 2152 } 2153 CALLBACK(OPS_PTAG_CT_TRUST, &stream->cbinfo, &pkt); 2154 return 1; 2155 } 2156 2157 static void 2158 parse_hash_data(__ops_stream_t *stream, const void *data, 2159 size_t length) 2160 { 2161 size_t n; 2162 2163 for (n = 0; n < stream->hashc; ++n) { 2164 stream->hashes[n].hash.add(&stream->hashes[n].hash, data, length); 2165 } 2166 } 2167 2168 /** 2169 \ingroup Core_ReadPackets 2170 \brief Parse a Literal Data packet 2171 */ 2172 static int 2173 parse_litdata(__ops_region_t *region, __ops_stream_t *stream) 2174 { 2175 __ops_memory_t *mem; 2176 __ops_packet_t pkt; 2177 uint8_t c = 0x0; 2178 2179 if (!limread(&c, 1, region, stream)) { 2180 return 0; 2181 } 2182 pkt.u.litdata_header.format = (__ops_litdata_enum)c; 2183 if (!limread(&c, 1, region, stream)) { 2184 return 0; 2185 } 2186 if (!limread((uint8_t *)pkt.u.litdata_header.filename, 2187 (unsigned)c, region, stream)) { 2188 return 0; 2189 } 2190 pkt.u.litdata_header.filename[c] = '\0'; 2191 if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) { 2192 return 0; 2193 } 2194 CALLBACK(OPS_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt); 2195 mem = pkt.u.litdata_body.mem = __ops_memory_new(); 2196 __ops_memory_init(pkt.u.litdata_body.mem, 2197 (unsigned)((region->length * 101) / 100) + 12); 2198 pkt.u.litdata_body.data = mem->buf; 2199 2200 while (region->readc < region->length) { 2201 unsigned readc = region->length - region->readc; 2202 2203 if (!limread(mem->buf, readc, region, stream)) { 2204 return 0; 2205 } 2206 pkt.u.litdata_body.length = readc; 2207 parse_hash_data(stream, pkt.u.litdata_body.data, region->length); 2208 CALLBACK(OPS_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt); 2209 } 2210 2211 /* XXX - get rid of mem here? */ 2212 2213 return 1; 2214 } 2215 2216 /** 2217 * \ingroup Core_Create 2218 * 2219 * __ops_seckey_free() frees the memory associated with "key". Note that 2220 * the key itself is not freed. 2221 * 2222 * \param key 2223 */ 2224 2225 void 2226 __ops_seckey_free(__ops_seckey_t *key) 2227 { 2228 switch (key->pubkey.alg) { 2229 case OPS_PKA_RSA: 2230 case OPS_PKA_RSA_ENCRYPT_ONLY: 2231 case OPS_PKA_RSA_SIGN_ONLY: 2232 free_BN(&key->key.rsa.d); 2233 free_BN(&key->key.rsa.p); 2234 free_BN(&key->key.rsa.q); 2235 free_BN(&key->key.rsa.u); 2236 break; 2237 2238 case OPS_PKA_DSA: 2239 free_BN(&key->key.dsa.x); 2240 break; 2241 2242 default: 2243 (void) fprintf(stderr, 2244 "__ops_seckey_free: Unknown algorithm: %d (%s)\n", 2245 key->pubkey.alg, 2246 __ops_show_pka(key->pubkey.alg)); 2247 } 2248 free(key->checkhash); 2249 } 2250 2251 static int 2252 consume_packet(__ops_region_t *region, __ops_stream_t *stream, unsigned warn) 2253 { 2254 __ops_packet_t pkt; 2255 __ops_data_t remainder; 2256 2257 if (region->indeterminate) { 2258 ERRP(&stream->cbinfo, pkt, 2259 "Can't consume indeterminate packets"); 2260 } 2261 2262 if (read_data(&remainder, region, stream)) { 2263 /* now throw it away */ 2264 __ops_data_free(&remainder); 2265 if (warn) { 2266 OPS_ERROR(&stream->errors, OPS_E_P_PACKET_CONSUMED, 2267 "Warning: packet consumer"); 2268 } 2269 return 1; 2270 } 2271 OPS_ERROR(&stream->errors, OPS_E_P_PACKET_NOT_CONSUMED, 2272 (warn) ? "Warning: Packet was not consumed" : 2273 "Packet was not consumed"); 2274 return warn; 2275 } 2276 2277 /** 2278 * \ingroup Core_ReadPackets 2279 * \brief Parse a secret key 2280 */ 2281 static int 2282 parse_seckey(__ops_region_t *region, __ops_stream_t *stream) 2283 { 2284 __ops_packet_t pkt; 2285 __ops_region_t encregion; 2286 __ops_region_t *saved_region = NULL; 2287 __ops_crypt_t decrypt; 2288 __ops_hash_t checkhash; 2289 unsigned blocksize; 2290 unsigned crypted; 2291 uint8_t c = 0x0; 2292 int ret = 1; 2293 2294 if (__ops_get_debug_level(__FILE__)) { 2295 fprintf(stderr, "\n---------\nparse_seckey:\n"); 2296 fprintf(stderr, 2297 "region length=%u, readc=%u, remainder=%u\n", 2298 region->length, region->readc, 2299 region->length - region->readc); 2300 } 2301 (void) memset(&pkt, 0x0, sizeof(pkt)); 2302 if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) { 2303 return 0; 2304 } 2305 if (__ops_get_debug_level(__FILE__)) { 2306 fprintf(stderr, "parse_seckey: public key parsed\n"); 2307 __ops_print_pubkey(&pkt.u.seckey.pubkey); 2308 } 2309 stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != OPS_V4); 2310 2311 if (!limread(&c, 1, region, stream)) { 2312 return 0; 2313 } 2314 pkt.u.seckey.s2k_usage = (__ops_s2k_usage_t)c; 2315 2316 if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED || 2317 pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { 2318 if (!limread(&c, 1, region, stream)) { 2319 return 0; 2320 } 2321 pkt.u.seckey.alg = (__ops_symm_alg_t)c; 2322 if (!limread(&c, 1, region, stream)) { 2323 return 0; 2324 } 2325 pkt.u.seckey.s2k_specifier = (__ops_s2k_specifier_t)c; 2326 switch (pkt.u.seckey.s2k_specifier) { 2327 case OPS_S2KS_SIMPLE: 2328 case OPS_S2KS_SALTED: 2329 case OPS_S2KS_ITERATED_AND_SALTED: 2330 break; 2331 default: 2332 (void) fprintf(stderr, 2333 "parse_seckey: bad seckey\n"); 2334 return 0; 2335 } 2336 if (!limread(&c, 1, region, stream)) { 2337 return 0; 2338 } 2339 pkt.u.seckey.hash_alg = (__ops_hash_alg_t)c; 2340 if (pkt.u.seckey.s2k_specifier != OPS_S2KS_SIMPLE && 2341 !limread(pkt.u.seckey.salt, 8, region, stream)) { 2342 return 0; 2343 } 2344 if (pkt.u.seckey.s2k_specifier == 2345 OPS_S2KS_ITERATED_AND_SALTED) { 2346 if (!limread(&c, 1, region, stream)) { 2347 return 0; 2348 } 2349 pkt.u.seckey.octetc = 2350 (16 + ((unsigned)c & 15)) << 2351 (((unsigned)c >> 4) + 6); 2352 } 2353 } else if (pkt.u.seckey.s2k_usage != OPS_S2KU_NONE) { 2354 /* this is V3 style, looks just like a V4 simple hash */ 2355 pkt.u.seckey.alg = (__ops_symm_alg_t)c; 2356 pkt.u.seckey.s2k_usage = OPS_S2KU_ENCRYPTED; 2357 pkt.u.seckey.s2k_specifier = OPS_S2KS_SIMPLE; 2358 pkt.u.seckey.hash_alg = OPS_HASH_MD5; 2359 } 2360 crypted = pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED || 2361 pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED; 2362 2363 if (crypted) { 2364 __ops_packet_t seckey; 2365 __ops_hash_t hashes[(OPS_MAX_KEY_SIZE + OPS_MIN_HASH_SIZE - 1) / OPS_MIN_HASH_SIZE]; 2366 uint8_t key[OPS_MAX_KEY_SIZE + OPS_MAX_HASH_SIZE]; 2367 size_t passlen; 2368 char *passphrase; 2369 int hashsize; 2370 int keysize; 2371 int n; 2372 2373 blocksize = __ops_block_size(pkt.u.seckey.alg); 2374 if (blocksize == 0 || blocksize > OPS_MAX_BLOCK_SIZE) { 2375 (void) fprintf(stderr, 2376 "parse_seckey: bad blocksize\n"); 2377 return 0; 2378 } 2379 2380 if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) { 2381 return 0; 2382 } 2383 (void) memset(&seckey, 0x0, sizeof(seckey)); 2384 passphrase = NULL; 2385 seckey.u.skey_passphrase.passphrase = &passphrase; 2386 seckey.u.skey_passphrase.seckey = &pkt.u.seckey; 2387 CALLBACK(OPS_GET_PASSPHRASE, &stream->cbinfo, &seckey); 2388 if (!passphrase) { 2389 if (__ops_get_debug_level(__FILE__)) { 2390 /* \todo make into proper error */ 2391 (void) fprintf(stderr, 2392 "parse_seckey: can't get passphrase\n"); 2393 } 2394 if (!consume_packet(region, stream, 0)) { 2395 return 0; 2396 } 2397 2398 CALLBACK(OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, 2399 &stream->cbinfo, &pkt); 2400 2401 return 1; 2402 } 2403 keysize = __ops_key_size(pkt.u.seckey.alg); 2404 if (keysize == 0 || keysize > OPS_MAX_KEY_SIZE) { 2405 (void) fprintf(stderr, 2406 "parse_seckey: bad keysize\n"); 2407 return 0; 2408 } 2409 2410 hashsize = __ops_hash_size(pkt.u.seckey.hash_alg); 2411 if (hashsize == 0 || hashsize > OPS_MAX_HASH_SIZE) { 2412 (void) fprintf(stderr, 2413 "parse_seckey: bad hashsize\n"); 2414 return 0; 2415 } 2416 2417 for (n = 0; n * hashsize < keysize; ++n) { 2418 int i; 2419 2420 __ops_hash_any(&hashes[n], 2421 pkt.u.seckey.hash_alg); 2422 if (!hashes[n].init(&hashes[n])) { 2423 (void) fprintf(stderr, 2424 "parse_seckey: bad alloc\n"); 2425 return 0; 2426 } 2427 /* preload hashes with zeroes... */ 2428 for (i = 0; i < n; ++i) { 2429 hashes[n].add(&hashes[n], 2430 (const uint8_t *) "", 1); 2431 } 2432 } 2433 passlen = strlen(passphrase); 2434 for (n = 0; n * hashsize < keysize; ++n) { 2435 unsigned i; 2436 2437 switch (pkt.u.seckey.s2k_specifier) { 2438 case OPS_S2KS_SALTED: 2439 hashes[n].add(&hashes[n], 2440 pkt.u.seckey.salt, 2441 OPS_SALT_SIZE); 2442 /* FALLTHROUGH */ 2443 case OPS_S2KS_SIMPLE: 2444 hashes[n].add(&hashes[n], 2445 (uint8_t *) passphrase, passlen); 2446 break; 2447 2448 case OPS_S2KS_ITERATED_AND_SALTED: 2449 for (i = 0; i < pkt.u.seckey.octetc; 2450 i += passlen + OPS_SALT_SIZE) { 2451 unsigned j; 2452 2453 j = passlen + OPS_SALT_SIZE; 2454 if (i + j > pkt.u.seckey.octetc && i != 0) { 2455 j = pkt.u.seckey.octetc - i; 2456 } 2457 hashes[n].add(&hashes[n], 2458 pkt.u.seckey.salt, 2459 (unsigned)(j > OPS_SALT_SIZE) ? 2460 OPS_SALT_SIZE : j); 2461 if (j > OPS_SALT_SIZE) { 2462 hashes[n].add(&hashes[n], 2463 (uint8_t *) passphrase, 2464 j - OPS_SALT_SIZE); 2465 } 2466 } 2467 break; 2468 default: 2469 break; 2470 } 2471 } 2472 2473 for (n = 0; n * hashsize < keysize; ++n) { 2474 int r; 2475 2476 r = hashes[n].finish(&hashes[n], key + n * hashsize); 2477 if (r != hashsize) { 2478 (void) fprintf(stderr, 2479 "parse_seckey: bad r\n"); 2480 return 0; 2481 } 2482 } 2483 2484 __ops_forget(passphrase, passlen); 2485 2486 __ops_crypt_any(&decrypt, pkt.u.seckey.alg); 2487 if (__ops_get_debug_level(__FILE__)) { 2488 fprintf(stderr, "\nREADING:\niv="); 2489 hexdump(stderr, pkt.u.seckey.iv, __ops_block_size(pkt.u.seckey.alg), " "); 2490 fprintf(stderr, "\nkey="); 2491 hexdump(stderr, key, CAST_KEY_LENGTH, " "); 2492 fprintf(stderr, "\n"); 2493 } 2494 decrypt.set_iv(&decrypt, pkt.u.seckey.iv); 2495 decrypt.set_crypt_key(&decrypt, key); 2496 2497 /* now read encrypted data */ 2498 2499 __ops_reader_push_decrypt(stream, &decrypt, region); 2500 2501 /* 2502 * Since all known encryption for PGP doesn't compress, we 2503 * can limit to the same length as the current region (for 2504 * now). 2505 */ 2506 __ops_init_subregion(&encregion, NULL); 2507 encregion.length = region->length - region->readc; 2508 if (pkt.u.seckey.pubkey.version != OPS_V4) { 2509 encregion.length -= 2; 2510 } 2511 saved_region = region; 2512 region = &encregion; 2513 } 2514 if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { 2515 pkt.u.seckey.checkhash = calloc(1, OPS_CHECKHASH_SIZE); 2516 if (pkt.u.seckey.checkhash == NULL) { 2517 (void) fprintf(stderr, "parse_seckey: bad alloc\n"); 2518 return 0; 2519 } 2520 __ops_hash_sha1(&checkhash); 2521 __ops_reader_push_hash(stream, &checkhash); 2522 } else { 2523 __ops_reader_push_sum16(stream); 2524 } 2525 2526 switch (pkt.u.seckey.pubkey.alg) { 2527 case OPS_PKA_RSA: 2528 case OPS_PKA_RSA_ENCRYPT_ONLY: 2529 case OPS_PKA_RSA_SIGN_ONLY: 2530 if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) || 2531 !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) || 2532 !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) || 2533 !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) { 2534 ret = 0; 2535 } 2536 break; 2537 2538 case OPS_PKA_DSA: 2539 if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) { 2540 ret = 0; 2541 } 2542 break; 2543 2544 default: 2545 OPS_ERROR_2(&stream->errors, 2546 OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2547 "Unsupported Public Key algorithm %d (%s)", 2548 pkt.u.seckey.pubkey.alg, 2549 __ops_show_pka(pkt.u.seckey.pubkey.alg)); 2550 ret = 0; 2551 } 2552 2553 if (__ops_get_debug_level(__FILE__)) { 2554 (void) fprintf(stderr, "4 MPIs read\n"); 2555 } 2556 stream->reading_v3_secret = 0; 2557 2558 if (pkt.u.seckey.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { 2559 uint8_t hash[OPS_CHECKHASH_SIZE]; 2560 2561 __ops_reader_pop_hash(stream); 2562 checkhash.finish(&checkhash, hash); 2563 2564 if (crypted && 2565 pkt.u.seckey.pubkey.version != OPS_V4) { 2566 __ops_reader_pop_decrypt(stream); 2567 region = saved_region; 2568 } 2569 if (ret) { 2570 if (!limread(pkt.u.seckey.checkhash, 2571 OPS_CHECKHASH_SIZE, region, stream)) { 2572 return 0; 2573 } 2574 2575 if (memcmp(hash, pkt.u.seckey.checkhash, 2576 OPS_CHECKHASH_SIZE) != 0) { 2577 ERRP(&stream->cbinfo, pkt, 2578 "Hash mismatch in secret key"); 2579 } 2580 } 2581 } else { 2582 uint16_t sum; 2583 2584 sum = __ops_reader_pop_sum16(stream); 2585 if (crypted && 2586 pkt.u.seckey.pubkey.version != OPS_V4) { 2587 __ops_reader_pop_decrypt(stream); 2588 region = saved_region; 2589 } 2590 if (ret) { 2591 if (!limread_scalar(&pkt.u.seckey.checksum, 2, 2592 region, stream)) 2593 return 0; 2594 2595 if (sum != pkt.u.seckey.checksum) { 2596 ERRP(&stream->cbinfo, pkt, 2597 "Checksum mismatch in secret key"); 2598 } 2599 } 2600 } 2601 2602 if (crypted && pkt.u.seckey.pubkey.version == OPS_V4) { 2603 __ops_reader_pop_decrypt(stream); 2604 } 2605 if (region == NULL) { 2606 (void) fprintf(stderr, "parse_seckey: NULL region\n"); 2607 return 0; 2608 } 2609 if (ret && region->readc != region->length) { 2610 (void) fprintf(stderr, "parse_seckey: bad length\n"); 2611 return 0; 2612 } 2613 if (!ret) { 2614 return 0; 2615 } 2616 CALLBACK(OPS_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt); 2617 if (__ops_get_debug_level(__FILE__)) { 2618 (void) fprintf(stderr, "--- end of parse_seckey\n\n"); 2619 } 2620 return 1; 2621 } 2622 2623 /** 2624 \ingroup Core_ReadPackets 2625 \brief Parse a Public Key Session Key packet 2626 */ 2627 static int 2628 parse_pk_sesskey(__ops_region_t *region, 2629 __ops_stream_t *stream) 2630 { 2631 const __ops_seckey_t *secret; 2632 __ops_packet_t sesskey; 2633 __ops_packet_t pkt; 2634 uint8_t *iv; 2635 uint8_t c = 0x0; 2636 uint8_t cs[2]; 2637 unsigned k; 2638 BIGNUM *enc_m; 2639 int n; 2640 2641 /* Can't rely on it being CAST5 */ 2642 /* \todo FIXME RW */ 2643 /* const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; */ 2644 uint8_t unencoded_m_buf[1024]; 2645 2646 if (!limread(&c, 1, region, stream)) { 2647 return 0; 2648 } 2649 pkt.u.pk_sesskey.version = c; 2650 if (pkt.u.pk_sesskey.version != 3) { 2651 OPS_ERROR_1(&stream->errors, OPS_E_PROTO_BAD_PKSK_VRSN, 2652 "Bad public-key encrypted session key version (%d)", 2653 pkt.u.pk_sesskey.version); 2654 return 0; 2655 } 2656 if (!limread(pkt.u.pk_sesskey.key_id, 2657 sizeof(pkt.u.pk_sesskey.key_id), region, stream)) { 2658 return 0; 2659 } 2660 if (__ops_get_debug_level(__FILE__)) { 2661 fprintf(stderr, "session key: public key id: x=%" PRIsize "d\n", sizeof(pkt.u.pk_sesskey.key_id)); 2662 hexdump(stderr, pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id), " "); 2663 fprintf(stderr, "\n"); 2664 } 2665 if (!limread(&c, 1, region, stream)) { 2666 return 0; 2667 } 2668 pkt.u.pk_sesskey.alg = (__ops_pubkey_alg_t)c; 2669 switch (pkt.u.pk_sesskey.alg) { 2670 case OPS_PKA_RSA: 2671 if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m, 2672 region, stream)) { 2673 return 0; 2674 } 2675 enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m; 2676 break; 2677 2678 case OPS_PKA_ELGAMAL: 2679 if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k, 2680 region, stream) || 2681 !limread_mpi( 2682 &pkt.u.pk_sesskey.params.elgamal.encrypted_m, 2683 region, stream)) { 2684 return 0; 2685 } 2686 enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m; 2687 break; 2688 2689 default: 2690 OPS_ERROR_1(&stream->errors, 2691 OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2692 "Unknown public key algorithm in session key (%s)", 2693 __ops_show_pka(pkt.u.pk_sesskey.alg)); 2694 return 0; 2695 } 2696 2697 (void) memset(&sesskey, 0x0, sizeof(sesskey)); 2698 secret = NULL; 2699 sesskey.u.get_seckey.seckey = &secret; 2700 sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey; 2701 2702 CALLBACK(OPS_GET_SECKEY, &stream->cbinfo, &sesskey); 2703 2704 if (!secret) { 2705 CALLBACK(OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo, 2706 &pkt); 2707 return 1; 2708 } 2709 n = __ops_decrypt_decode_mpi(unencoded_m_buf, sizeof(unencoded_m_buf), 2710 enc_m, secret); 2711 if (n < 1) { 2712 ERRP(&stream->cbinfo, pkt, "decrypted message too short"); 2713 return 0; 2714 } 2715 2716 /* PKA */ 2717 pkt.u.pk_sesskey.symm_alg = (__ops_symm_alg_t)unencoded_m_buf[0]; 2718 2719 if (!__ops_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) { 2720 /* ERR1P */ 2721 OPS_ERROR_1(&stream->errors, OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, 2722 "Symmetric algorithm %s not supported", 2723 __ops_show_symm_alg( 2724 pkt.u.pk_sesskey.symm_alg)); 2725 return 0; 2726 } 2727 k = __ops_key_size(pkt.u.pk_sesskey.symm_alg); 2728 2729 if ((unsigned) n != k + 3) { 2730 OPS_ERROR_2(&stream->errors, OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN, 2731 "decrypted message wrong length (got %d expected %d)", 2732 n, k + 3); 2733 return 0; 2734 } 2735 if (k > sizeof(pkt.u.pk_sesskey.key)) { 2736 (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n"); 2737 return 0; 2738 } 2739 2740 (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k); 2741 2742 if (__ops_get_debug_level(__FILE__)) { 2743 fprintf(stderr, "session key recovered (len=%u):\n", k); 2744 hexdump(stderr, pkt.u.pk_sesskey.key, k, " "); 2745 fprintf(stderr, "\n"); 2746 } 2747 pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] + 2748 (unencoded_m_buf[k + 2] << 8); 2749 if (__ops_get_debug_level(__FILE__)) { 2750 printf("session key checksum: %2x %2x\n", 2751 unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); 2752 } 2753 2754 /* Check checksum */ 2755 __ops_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]); 2756 if (unencoded_m_buf[k + 1] != cs[0] || 2757 unencoded_m_buf[k + 2] != cs[1]) { 2758 OPS_ERROR_4(&stream->errors, OPS_E_PROTO_BAD_SK_CHECKSUM, 2759 "Session key checksum wrong: expected %2x %2x, got %2x %2x", 2760 cs[0], cs[1], unencoded_m_buf[k + 1], 2761 unencoded_m_buf[k + 2]); 2762 return 0; 2763 } 2764 /* all is well */ 2765 CALLBACK(OPS_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt); 2766 2767 __ops_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg); 2768 iv = calloc(1, stream->decrypt.blocksize); 2769 if (iv == NULL) { 2770 (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n"); 2771 return 0; 2772 } 2773 stream->decrypt.set_iv(&stream->decrypt, iv); 2774 stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key); 2775 __ops_encrypt_init(&stream->decrypt); 2776 free(iv); 2777 return 1; 2778 } 2779 2780 static int 2781 __ops_decrypt_se_data(__ops_content_enum tag, __ops_region_t *region, 2782 __ops_stream_t *stream) 2783 { 2784 __ops_crypt_t *decrypt; 2785 const int printerrors = 1; 2786 int r = 1; 2787 2788 decrypt = __ops_get_decrypt(stream); 2789 if (decrypt) { 2790 uint8_t buf[OPS_MAX_BLOCK_SIZE + 2] = ""; 2791 size_t b = decrypt->blocksize; 2792 /* __ops_packet_t pkt; */ 2793 __ops_region_t encregion; 2794 2795 2796 __ops_reader_push_decrypt(stream, decrypt, region); 2797 2798 __ops_init_subregion(&encregion, NULL); 2799 encregion.length = b + 2; 2800 2801 if (!exact_limread(buf, b + 2, &encregion, stream)) { 2802 return 0; 2803 } 2804 if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { 2805 __ops_reader_pop_decrypt(stream); 2806 OPS_ERROR_4(&stream->errors, 2807 OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT, 2808 "Bad symmetric decrypt (%02x%02x vs %02x%02x)", 2809 buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); 2810 return 0; 2811 } 2812 if (tag == OPS_PTAG_CT_SE_DATA_BODY) { 2813 decrypt->decrypt_resync(decrypt); 2814 decrypt->block_encrypt(decrypt, decrypt->civ, 2815 decrypt->civ); 2816 } 2817 r = __ops_parse(stream, !printerrors); 2818 2819 __ops_reader_pop_decrypt(stream); 2820 } else { 2821 __ops_packet_t pkt; 2822 2823 while (region->readc < region->length) { 2824 unsigned len; 2825 2826 len = region->length - region->readc; 2827 if (len > sizeof(pkt.u.se_data_body.data)) 2828 len = sizeof(pkt.u.se_data_body.data); 2829 2830 if (!limread(pkt.u.se_data_body.data, len, 2831 region, stream)) { 2832 return 0; 2833 } 2834 pkt.u.se_data_body.length = len; 2835 CALLBACK(tag, &stream->cbinfo, &pkt); 2836 } 2837 } 2838 2839 return r; 2840 } 2841 2842 static int 2843 __ops_decrypt_se_ip_data(__ops_content_enum tag, __ops_region_t *region, 2844 __ops_stream_t *stream) 2845 { 2846 __ops_crypt_t *decrypt; 2847 const int printerrors = 1; 2848 int r = 1; 2849 2850 decrypt = __ops_get_decrypt(stream); 2851 if (decrypt) { 2852 __ops_reader_push_decrypt(stream, decrypt, region); 2853 __ops_reader_push_se_ip_data(stream, decrypt, region); 2854 2855 r = __ops_parse(stream, !printerrors); 2856 2857 __ops_reader_pop_se_ip_data(stream); 2858 __ops_reader_pop_decrypt(stream); 2859 } else { 2860 __ops_packet_t pkt; 2861 2862 while (region->readc < region->length) { 2863 unsigned len; 2864 2865 len = region->length - region->readc; 2866 if (len > sizeof(pkt.u.se_data_body.data)) { 2867 len = sizeof(pkt.u.se_data_body.data); 2868 } 2869 2870 if (!limread(pkt.u.se_data_body.data, 2871 len, region, stream)) { 2872 return 0; 2873 } 2874 2875 pkt.u.se_data_body.length = len; 2876 2877 CALLBACK(tag, &stream->cbinfo, &pkt); 2878 } 2879 } 2880 2881 return r; 2882 } 2883 2884 /** 2885 \ingroup Core_ReadPackets 2886 \brief Read a Symmetrically Encrypted packet 2887 */ 2888 static int 2889 parse_se_data(__ops_region_t *region, __ops_stream_t *stream) 2890 { 2891 __ops_packet_t pkt; 2892 2893 /* there's no info to go with this, so just announce it */ 2894 CALLBACK(OPS_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt); 2895 2896 /* 2897 * The content of an encrypted data packet is more OpenPGP packets 2898 * once decrypted, so recursively handle them 2899 */ 2900 return __ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY, region, stream); 2901 } 2902 2903 /** 2904 \ingroup Core_ReadPackets 2905 \brief Read a Symmetrically Encrypted Integrity Protected packet 2906 */ 2907 static int 2908 parse_se_ip_data(__ops_region_t *region, __ops_stream_t *stream) 2909 { 2910 __ops_packet_t pkt; 2911 uint8_t c = 0x0; 2912 2913 if (!limread(&c, 1, region, stream)) { 2914 return 0; 2915 } 2916 pkt.u.se_ip_data_header = c; 2917 2918 if (pkt.u.se_ip_data_header != OPS_SE_IP_DATA_VERSION) { 2919 (void) fprintf(stderr, "parse_se_ip_data: bad version\n"); 2920 return 0; 2921 } 2922 2923 /* 2924 * The content of an encrypted data packet is more OpenPGP packets 2925 * once decrypted, so recursively handle them 2926 */ 2927 return __ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY, region, 2928 stream); 2929 } 2930 2931 /** 2932 \ingroup Core_ReadPackets 2933 \brief Read a MDC packet 2934 */ 2935 static int 2936 parse_mdc(__ops_region_t *region, __ops_stream_t *stream) 2937 { 2938 __ops_packet_t pkt; 2939 2940 pkt.u.mdc.length = OPS_SHA1_HASH_SIZE; 2941 if ((pkt.u.mdc.data = calloc(1, OPS_SHA1_HASH_SIZE)) == NULL) { 2942 (void) fprintf(stderr, "parse_mdc: bad alloc\n"); 2943 return 0; 2944 } 2945 if (!limread(pkt.u.mdc.data, OPS_SHA1_HASH_SIZE, region, stream)) { 2946 return 0; 2947 } 2948 CALLBACK(OPS_PTAG_CT_MDC, &stream->cbinfo, &pkt); 2949 free(pkt.u.mdc.data); 2950 return 1; 2951 } 2952 2953 /** 2954 * \ingroup Core_ReadPackets 2955 * \brief Parse one packet. 2956 * 2957 * This function parses the packet tag. It computes the value of the 2958 * content tag and then calls the appropriate function to handle the 2959 * content. 2960 * 2961 * \param *stream How to parse 2962 * \param *pktlen On return, will contain number of bytes in packet 2963 * \return 1 on success, 0 on error, -1 on EOF */ 2964 static int 2965 __ops_parse_packet(__ops_stream_t *stream, uint32_t *pktlen) 2966 { 2967 __ops_packet_t pkt; 2968 __ops_region_t region; 2969 uint8_t ptag; 2970 unsigned indeterminate = 0; 2971 int ret; 2972 2973 pkt.u.ptag.position = stream->readinfo.position; 2974 2975 ret = base_read(&ptag, 1, stream); 2976 2977 if (__ops_get_debug_level(__FILE__)) { 2978 (void) fprintf(stderr, 2979 "__ops_parse_packet: base_read returned %d\n", 2980 ret); 2981 } 2982 2983 /* errors in the base read are effectively EOF. */ 2984 if (ret <= 0) { 2985 return -1; 2986 } 2987 2988 *pktlen = 0; 2989 2990 if (!(ptag & OPS_PTAG_ALWAYS_SET)) { 2991 pkt.u.error = "Format error (ptag bit not set)"; 2992 CALLBACK(OPS_PARSER_ERROR, &stream->cbinfo, &pkt); 2993 return 0; 2994 } 2995 pkt.u.ptag.new_format = !!(ptag & OPS_PTAG_NEW_FORMAT); 2996 if (pkt.u.ptag.new_format) { 2997 pkt.u.ptag.type = (ptag & OPS_PTAG_NF_CONTENT_TAG_MASK); 2998 pkt.u.ptag.length_type = 0; 2999 if (!read_new_length(&pkt.u.ptag.length, stream)) { 3000 return 0; 3001 } 3002 } else { 3003 unsigned rb; 3004 3005 rb = 0; 3006 pkt.u.ptag.type = ((unsigned)ptag & 3007 OPS_PTAG_OF_CONTENT_TAG_MASK) 3008 >> OPS_PTAG_OF_CONTENT_TAG_SHIFT; 3009 pkt.u.ptag.length_type = ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK; 3010 switch (pkt.u.ptag.length_type) { 3011 case OPS_PTAG_OLD_LEN_1: 3012 rb = _read_scalar(&pkt.u.ptag.length, 1, stream); 3013 break; 3014 3015 case OPS_PTAG_OLD_LEN_2: 3016 rb = _read_scalar(&pkt.u.ptag.length, 2, stream); 3017 break; 3018 3019 case OPS_PTAG_OLD_LEN_4: 3020 rb = _read_scalar(&pkt.u.ptag.length, 4, stream); 3021 break; 3022 3023 case OPS_PTAG_OLD_LEN_INDETERMINATE: 3024 pkt.u.ptag.length = 0; 3025 indeterminate = 1; 3026 rb = 1; 3027 break; 3028 } 3029 if (!rb) { 3030 return 0; 3031 } 3032 } 3033 3034 CALLBACK(OPS_PARSER_PTAG, &stream->cbinfo, &pkt); 3035 3036 __ops_init_subregion(®ion, NULL); 3037 region.length = pkt.u.ptag.length; 3038 region.indeterminate = indeterminate; 3039 if (__ops_get_debug_level(__FILE__)) { 3040 (void) fprintf(stderr, "__ops_parse_packet: type %u\n", 3041 pkt.u.ptag.type); 3042 } 3043 switch (pkt.u.ptag.type) { 3044 case OPS_PTAG_CT_SIGNATURE: 3045 ret = parse_sig(®ion, stream); 3046 break; 3047 3048 case OPS_PTAG_CT_PUBLIC_KEY: 3049 case OPS_PTAG_CT_PUBLIC_SUBKEY: 3050 ret = parse_pubkey(pkt.u.ptag.type, ®ion, stream); 3051 break; 3052 3053 case OPS_PTAG_CT_TRUST: 3054 ret = parse_trust(®ion, stream); 3055 break; 3056 3057 case OPS_PTAG_CT_USER_ID: 3058 ret = parse_userid(®ion, stream); 3059 break; 3060 3061 case OPS_PTAG_CT_COMPRESSED: 3062 ret = parse_compressed(®ion, stream); 3063 break; 3064 3065 case OPS_PTAG_CT_1_PASS_SIG: 3066 ret = parse_one_pass(®ion, stream); 3067 break; 3068 3069 case OPS_PTAG_CT_LITDATA: 3070 ret = parse_litdata(®ion, stream); 3071 break; 3072 3073 case OPS_PTAG_CT_USER_ATTR: 3074 ret = parse_userattr(®ion, stream); 3075 break; 3076 3077 case OPS_PTAG_CT_SECRET_KEY: 3078 ret = parse_seckey(®ion, stream); 3079 break; 3080 3081 case OPS_PTAG_CT_SECRET_SUBKEY: 3082 ret = parse_seckey(®ion, stream); 3083 break; 3084 3085 case OPS_PTAG_CT_PK_SESSION_KEY: 3086 ret = parse_pk_sesskey(®ion, stream); 3087 break; 3088 3089 case OPS_PTAG_CT_SE_DATA: 3090 ret = parse_se_data(®ion, stream); 3091 break; 3092 3093 case OPS_PTAG_CT_SE_IP_DATA: 3094 ret = parse_se_ip_data(®ion, stream); 3095 break; 3096 3097 case OPS_PTAG_CT_MDC: 3098 ret = parse_mdc(®ion, stream); 3099 break; 3100 3101 default: 3102 OPS_ERROR_1(&stream->errors, OPS_E_P_UNKNOWN_TAG, 3103 "Unknown content tag 0x%x", 3104 pkt.u.ptag.type); 3105 ret = 0; 3106 } 3107 3108 /* Ensure that the entire packet has been consumed */ 3109 3110 if (region.length != region.readc && !region.indeterminate) { 3111 if (!consume_packet(®ion, stream, 0)) { 3112 ret = -1; 3113 } 3114 } 3115 3116 /* also consume it if there's been an error? */ 3117 /* \todo decide what to do about an error on an */ 3118 /* indeterminate packet */ 3119 if (ret == 0) { 3120 if (!consume_packet(®ion, stream, 0)) { 3121 ret = -1; 3122 } 3123 } 3124 /* set pktlen */ 3125 3126 *pktlen = stream->readinfo.alength; 3127 3128 /* do callback on entire packet, if desired and there was no error */ 3129 3130 if (ret > 0 && stream->readinfo.accumulate) { 3131 pkt.u.packet.length = stream->readinfo.alength; 3132 pkt.u.packet.raw = stream->readinfo.accumulated; 3133 stream->readinfo.accumulated = NULL; 3134 stream->readinfo.asize = 0; 3135 CALLBACK(OPS_PARSER_PACKET_END, &stream->cbinfo, &pkt); 3136 } 3137 stream->readinfo.alength = 0; 3138 3139 return (ret < 0) ? -1 : (ret) ? 1 : 0; 3140 } 3141 3142 /** 3143 * \ingroup Core_ReadPackets 3144 * 3145 * \brief Parse packets from an input stream until EOF or error. 3146 * 3147 * \details Setup the necessary parsing configuration in "stream" 3148 * before calling __ops_parse(). 3149 * 3150 * That information includes : 3151 * 3152 * - a "reader" function to be used to get the data to be parsed 3153 * 3154 * - a "callback" function to be called when this library has identified 3155 * a parseable object within the data 3156 * 3157 * - whether the calling function wants the signature subpackets 3158 * returned raw, parsed or not at all. 3159 * 3160 * After returning, stream->errors holds any errors encountered while parsing. 3161 * 3162 * \param stream Parsing configuration 3163 * \return 1 on success in all packets, 0 on error in any packet 3164 * 3165 * \sa CoreAPI Overview 3166 * 3167 * \sa __ops_print_errors() 3168 * 3169 */ 3170 3171 int 3172 __ops_parse(__ops_stream_t *stream, const int perrors) 3173 { 3174 uint32_t pktlen; 3175 int r; 3176 3177 do { 3178 r = __ops_parse_packet(stream, &pktlen); 3179 } while (r != -1); 3180 if (perrors) { 3181 __ops_print_errors(stream->errors); 3182 } 3183 return (stream->errors == NULL); 3184 } 3185 3186 /** 3187 * \ingroup Core_ReadPackets 3188 * 3189 * \brief Specifies whether one or more signature 3190 * subpacket types should be returned parsed; or raw; or ignored. 3191 * 3192 * \param stream Pointer to previously allocated structure 3193 * \param tag Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag 3194 * \param type Parse type 3195 * \todo Make all packet types optional, not just subpackets */ 3196 void 3197 __ops_parse_options(__ops_stream_t *stream, 3198 __ops_content_enum tag, 3199 __ops_parse_type_t type) 3200 { 3201 unsigned t7; 3202 unsigned t8; 3203 3204 if (tag == OPS_PTAG_SS_ALL) { 3205 int n; 3206 3207 for (n = 0; n < 256; ++n) { 3208 __ops_parse_options(stream, 3209 OPS_PTAG_SIG_SUBPKT_BASE + n, 3210 type); 3211 } 3212 return; 3213 } 3214 if (tag < OPS_PTAG_SIG_SUBPKT_BASE || 3215 tag > OPS_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) { 3216 (void) fprintf(stderr, "__ops_parse_options: bad tag\n"); 3217 return; 3218 } 3219 t8 = (tag - OPS_PTAG_SIG_SUBPKT_BASE) / 8; 3220 t7 = 1 << ((tag - OPS_PTAG_SIG_SUBPKT_BASE) & 7); 3221 switch (type) { 3222 case OPS_PARSE_RAW: 3223 stream->ss_raw[t8] |= t7; 3224 stream->ss_parsed[t8] &= ~t7; 3225 break; 3226 3227 case OPS_PARSE_PARSED: 3228 stream->ss_raw[t8] &= ~t7; 3229 stream->ss_parsed[t8] |= t7; 3230 break; 3231 3232 case OPS_PARSE_IGNORE: 3233 stream->ss_raw[t8] &= ~t7; 3234 stream->ss_parsed[t8] &= ~t7; 3235 break; 3236 } 3237 } 3238 3239 /** 3240 \ingroup Core_ReadPackets 3241 \brief Free __ops_stream_t struct and its contents 3242 */ 3243 void 3244 __ops_stream_delete(__ops_stream_t *stream) 3245 { 3246 __ops_cbdata_t *cbinfo; 3247 __ops_cbdata_t *next; 3248 3249 for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) { 3250 next = cbinfo->next; 3251 free(cbinfo); 3252 } 3253 if (stream->readinfo.destroyer) { 3254 stream->readinfo.destroyer(&stream->readinfo); 3255 } 3256 __ops_free_errors(stream->errors); 3257 if (stream->readinfo.accumulated) { 3258 free(stream->readinfo.accumulated); 3259 } 3260 free(stream); 3261 } 3262 3263 /** 3264 \ingroup Core_ReadPackets 3265 \brief Returns the parse_info's reader_info 3266 \return Pointer to the reader_info inside the parse_info 3267 */ 3268 __ops_reader_t * 3269 __ops_readinfo(__ops_stream_t *stream) 3270 { 3271 return &stream->readinfo; 3272 } 3273 3274 /** 3275 \ingroup Core_ReadPackets 3276 \brief Sets the parse_info's callback 3277 This is used when adding the first callback in a stack of callbacks. 3278 \sa __ops_callback_push() 3279 */ 3280 3281 void 3282 __ops_set_callback(__ops_stream_t *stream, __ops_cbfunc_t *cb, void *arg) 3283 { 3284 stream->cbinfo.cbfunc = cb; 3285 stream->cbinfo.arg = arg; 3286 stream->cbinfo.errors = &stream->errors; 3287 } 3288 3289 /** 3290 \ingroup Core_ReadPackets 3291 \brief Adds a further callback to a stack of callbacks 3292 \sa __ops_set_callback() 3293 */ 3294 void 3295 __ops_callback_push(__ops_stream_t *stream, __ops_cbfunc_t *cb, void *arg) 3296 { 3297 __ops_cbdata_t *cbinfo; 3298 3299 if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) { 3300 (void) fprintf(stderr, "__ops_callback_push: bad alloc\n"); 3301 return; 3302 } 3303 (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo)); 3304 cbinfo->io = stream->io; 3305 stream->cbinfo.next = cbinfo; 3306 __ops_set_callback(stream, cb, arg); 3307 } 3308 3309 /** 3310 \ingroup Core_ReadPackets 3311 \brief Returns callback's arg 3312 */ 3313 void * 3314 __ops_callback_arg(__ops_cbdata_t *cbinfo) 3315 { 3316 return cbinfo->arg; 3317 } 3318 3319 /** 3320 \ingroup Core_ReadPackets 3321 \brief Returns callback's errors 3322 */ 3323 void * 3324 __ops_callback_errors(__ops_cbdata_t *cbinfo) 3325 { 3326 return cbinfo->errors; 3327 } 3328 3329 /** 3330 \ingroup Core_ReadPackets 3331 \brief Calls the parse_cb_info's callback if present 3332 \return Return value from callback, if present; else OPS_FINISHED 3333 */ 3334 __ops_cb_ret_t 3335 __ops_callback(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) 3336 { 3337 return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : OPS_FINISHED; 3338 } 3339 3340 /** 3341 \ingroup Core_ReadPackets 3342 \brief Calls the next callback in the stack 3343 \return Return value from callback 3344 */ 3345 __ops_cb_ret_t 3346 __ops_stacked_callback(const __ops_packet_t *pkt, __ops_cbdata_t *cbinfo) 3347 { 3348 return __ops_callback(pkt, cbinfo->next); 3349 } 3350 3351 /** 3352 \ingroup Core_ReadPackets 3353 \brief Returns the parse_info's errors 3354 \return parse_info's errors 3355 */ 3356 __ops_error_t * 3357 __ops_stream_get_errors(__ops_stream_t *stream) 3358 { 3359 return stream->errors; 3360 } 3361 3362 __ops_crypt_t * 3363 __ops_get_decrypt(__ops_stream_t *stream) 3364 { 3365 return (stream->decrypt.alg) ? &stream->decrypt : NULL; 3366 } 3367