1 /*- 2 * Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 #include "config.h" 26 27 #include <sys/types.h> 28 #include <sys/stat.h> 29 #include <sys/param.h> 30 #include <sys/mman.h> 31 32 #include <arpa/inet.h> 33 34 #include <inttypes.h> 35 #include <limits.h> 36 #include <stdbool.h> 37 #include <stdarg.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <time.h> 42 #include <unistd.h> 43 44 #include "bzlib.h" 45 #include "zlib.h" 46 47 #include "array.h" 48 #include "b64.h" 49 #include "bn.h" 50 #include "bufgap.h" 51 #include "digest.h" 52 #include "misc.h" 53 #include "pgpsum.h" 54 #include "rsa.h" 55 #include "verify.h" 56 57 #ifndef USE_ARG 58 #define USE_ARG(x) /*LINTED*/(void)&(x) 59 #endif 60 61 #ifndef __dead 62 #define __dead __attribute__((__noreturn__)) 63 #endif 64 65 #ifndef __printflike 66 #define __printflike(n, m) __attribute__((format(printf,n,m))) 67 #endif 68 69 #ifndef MIN 70 #define MIN(a,b) (((a)<(b))?(a):(b)) 71 #endif 72 73 #define BITS_TO_BYTES(b) (((b) + (CHAR_BIT - 1)) / CHAR_BIT) 74 75 /* packet types */ 76 #define SIGNATURE_PKT 2 77 #define ONEPASS_SIGNATURE_PKT 4 78 #define PUBKEY_PKT 6 79 #define COMPRESSED_DATA_PKT 8 80 #define MARKER_PKT 10 81 #define LITDATA_PKT 11 82 #define TRUST_PKT 12 83 #define USERID_PKT 13 84 #define PUB_SUBKEY_PKT 14 85 #define USER_ATTRIBUTE_PKT 17 86 87 /* only allow certain packets at certain times */ 88 #define PUBRING_ALLOWED "\002\006\014\015\016\021" 89 #define SIGNATURE_ALLOWED "\002\004\010\013" 90 91 /* actions to do on close */ 92 #define FREE_MEM 0x01 93 #define UNMAP_MEM 0x02 94 95 /* types of pubkey we encounter */ 96 #define PUBKEY_RSA_ENCRYPT_OR_SIGN 1 97 #define PUBKEY_RSA_ENCRYPT 2 98 #define PUBKEY_RSA_SIGN 3 99 #define PUBKEY_ELGAMAL_ENCRYPT 16 100 #define PUBKEY_DSA 17 101 #define PUBKEY_ELLIPTIC_CURVE 18 102 #define PUBKEY_ECDSA 19 103 #define PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN 20 104 105 /* hash algorithm definitions */ 106 #define PGPV_HASH_MD5 1 107 #define PGPV_HASH_SHA1 2 108 #define PGPV_HASH_RIPEMD 3 109 #define PGPV_HASH_SHA256 8 110 #define PGPV_HASH_SHA384 9 111 #define PGPV_HASH_SHA512 10 112 113 /* pubkey defs for bignums */ 114 #define RSA_N 0 115 #define RSA_E 1 116 #define DSA_P 0 117 #define DSA_Q 1 118 #define DSA_G 2 119 #define DSA_Y 3 120 #define ELGAMAL_P 0 121 #define ELGAMAL_G 1 122 #define ELGAMAL_Y 2 123 124 /* sesskey indices */ 125 #define RSA_SESSKEY_ENCRYPTED_M 0 126 #define RSA_SESSKEY_M 1 127 #define ELGAMAL_SESSKEY_G_TO_K 0 128 #define ELGAMAL_SESSKEY_ENCRYPTED_M 1 129 130 /* seckey indices */ 131 #define RSA_SECKEY_D 0 132 #define RSA_SECKEY_P 1 133 #define RSA_SECKEY_Q 2 134 #define RSA_SECKEY_U 3 135 #define DSA_SECKEY_X 0 136 #define ELGAMAL_SECKEY_X 0 137 138 /* signature mpi indices in bignumber array */ 139 #define RSA_SIG 0 140 #define DSA_R 0 141 #define DSA_S 1 142 #define ELGAMAL_SIG_R 0 143 #define ELGAMAL_SIG_S 1 144 145 /* signature types */ 146 #define SIGTYPE_BINARY_DOC 0x00 /* Signature of a binary document */ 147 #define SIGTYPE_TEXT 0x01 /* Signature of a canonical text document */ 148 #define SIGTYPE_STANDALONE 0x02 /* Standalone signature */ 149 150 #define SIGTYPE_GENERIC_USERID 0x10 /* Generic certification of a User ID and Public Key packet */ 151 #define SIGTYPE_PERSONA_USERID 0x11 /* Persona certification of a User ID and Public Key packet */ 152 #define SIGTYPE_CASUAL_USERID 0x12 /* Casual certification of a User ID and Public Key packet */ 153 #define SIGTYPE_POSITIVE_USERID 0x13 /* Positive certification of a User ID and Public Key packet */ 154 155 #define SIGTYPE_SUBKEY_BINDING 0x18 /* Subkey Binding Signature */ 156 #define SIGTYPE_PRIMARY_KEY_BINDING 0x19 /* Primary Key Binding Signature */ 157 #define SIGTYPE_DIRECT_KEY 0x1f /* Signature directly on a key */ 158 159 #define SIGTYPE_KEY_REVOCATION 0x20 /* Key revocation signature */ 160 #define SIGTYPE_SUBKEY_REVOCATION 0x28 /* Subkey revocation signature */ 161 #define SIGTYPE_CERT_REVOCATION 0x30 /* Certification revocation signature */ 162 163 #define SIGTYPE_TIMESTAMP_SIG 0x40 /* Timestamp signature */ 164 #define SIGTYPE_3RDPARTY 0x50 /* Third-Party Confirmation signature */ 165 166 /* Forward declarations */ 167 static int read_all_packets(pgpv_t */*pgp*/, pgpv_mem_t */*mem*/, const char */*op*/); 168 static int read_binary_file(pgpv_t */*pgp*/, const char */*op*/, const char */*fmt*/, ...) __printflike(3, 4); 169 static int read_binary_memory(pgpv_t */*pgp*/, const char */*op*/, const void */*memory*/, size_t /*size*/); 170 171 /* output buffer structure */ 172 typedef struct obuf_t { 173 size_t alloc; /* amount of memory allocated */ 174 size_t c; /* # of chars used so far */ 175 uint8_t *v; /* array of bytes */ 176 uint32_t endian; /* byte order of output stream */ 177 } obuf_t; 178 179 /* grow the buffer, if needed */ 180 static bool 181 growbuf(obuf_t *obuf, size_t cc) 182 { 183 size_t newalloc; 184 uint8_t *newv; 185 186 if (obuf->c + cc > obuf->alloc) { 187 newalloc = howmany(obuf->alloc + cc, 128) * 128; 188 newv = realloc(obuf->v, newalloc); 189 if (newv == NULL) { 190 return false; 191 } 192 obuf->v = newv; 193 obuf->alloc = newalloc; 194 } 195 return true; 196 } 197 198 /* add a fixed-length area of memory */ 199 static bool 200 obuf_add_mem(obuf_t *obuf, const char *s, size_t len) 201 { 202 if (obuf && s && len > 0) { 203 if (!growbuf(obuf, len)) { 204 return false; 205 } 206 memcpy(&obuf->v[obuf->c], s, len); 207 obuf->c += len; 208 return true; 209 } 210 return false; 211 } 212 213 /* varargs-based printf to string */ 214 __printflike(2, 3) 215 static bool 216 obuf_printf(obuf_t *obuf, const char *fmt, ...) 217 { 218 va_list args; 219 char *cp; 220 bool ret; 221 int cc; 222 223 if (obuf && fmt) { 224 ret = true; 225 va_start(args, fmt); 226 cc = vasprintf(&cp, fmt, args); 227 va_end(args); 228 if (cc > 0) { 229 ret = obuf_add_mem(obuf, cp, (size_t)cc); 230 free(cp); 231 } 232 return ret; 233 } 234 return false; 235 } 236 237 /* read a file into the pgpv_mem_t struct */ 238 static int 239 read_file(pgpv_t *pgp, const char *f) 240 { 241 struct stat st; 242 pgpv_mem_t *mem; 243 244 ARRAY_EXPAND(pgp->areas); 245 ARRAY_COUNT(pgp->areas) += 1; 246 mem = &ARRAY_LAST(pgp->areas); 247 memset(mem, 0x0, sizeof(*mem)); 248 if ((mem->fp = fopen(f, "r")) == NULL) { 249 fprintf(stderr, "can't read '%s'", f); 250 return 0; 251 } 252 fstat(fileno(mem->fp), &st); 253 mem->size = (size_t)st.st_size; 254 mem->mem = mmap(NULL, mem->size, PROT_READ, MAP_SHARED, fileno(mem->fp), 0); 255 mem->dealloc = UNMAP_MEM; 256 return 1; 257 } 258 259 /* DTRT and free resources */ 260 static int 261 closemem(pgpv_mem_t *mem) 262 { 263 switch(mem->dealloc) { 264 case FREE_MEM: 265 free(mem->mem); 266 mem->size = 0; 267 break; 268 case UNMAP_MEM: 269 munmap(mem->mem, mem->size); 270 fclose(mem->fp); 271 break; 272 } 273 return 1; 274 } 275 276 /* make a reference to a memory area, and its offset */ 277 static void 278 make_ref(pgpv_t *pgp, uint8_t mement, pgpv_ref_t *ref) 279 { 280 ref->mem = mement; 281 ref->offset = ARRAY_ELEMENT(pgp->areas, ref->mem).cc; 282 ref->vp = pgp; 283 } 284 285 /* return the pointer we wanted originally */ 286 static uint8_t * 287 get_ref(pgpv_ref_t *ref) 288 { 289 pgpv_mem_t *mem; 290 pgpv_t *pgp = (pgpv_t *)ref->vp;; 291 292 mem = &ARRAY_ELEMENT(pgp->areas, ref->mem); 293 return &mem->mem[ref->offset]; 294 } 295 296 #define IS_PARTIAL(x) ((x) >= 224 && (x) < 255) 297 #define DECODE_PARTIAL(x) (1 << ((x) & 0x1f)) 298 299 #define PKT_LENGTH(m, off) \ 300 ((m[off] < 192) ? (m[off]) : \ 301 (m[off] < 224) ? ((m[off] - 192) << 8) + (m[off + 1]) + 192 : \ 302 (m[off + 1] << 24) | ((m[off + 2]) << 16) | ((m[off + 3]) << 8) | (m[off + 4])) 303 304 #define PKT_LENGTH_LENGTH(m, off) \ 305 ((m[off] < 192) ? 1 : (m[off] < 224) ? 2 : 5) 306 307 /* fix up partial body lengths, return new size */ 308 static size_t 309 fixup_partials(pgpv_t *pgp, uint8_t *p, size_t totlen, size_t filesize, size_t *cc) 310 { 311 pgpv_mem_t *mem; 312 size_t partial; 313 size_t newcc; 314 315 if (totlen > filesize) { 316 printf("fixup_partial: filesize %zu is less than encoded size %zu\n", filesize, totlen); 317 return 0; 318 } 319 ARRAY_EXPAND(pgp->areas); 320 ARRAY_COUNT(pgp->areas) += 1; 321 mem = &ARRAY_LAST(pgp->areas); 322 mem->size = totlen; 323 if ((mem->mem = calloc(1, mem->size + 5)) == NULL) { 324 printf("fixup_partial: can't allocate %zu length\n", totlen); 325 return 0; 326 } 327 newcc = 0; 328 mem->dealloc = FREE_MEM; 329 for (*cc = 0 ; *cc < totlen ; newcc += partial, *cc += partial + 1) { 330 if (IS_PARTIAL(p[*cc])) { 331 partial = DECODE_PARTIAL(p[*cc]); 332 memcpy(&mem->mem[newcc], &p[*cc + 1], partial); 333 } else { 334 partial = PKT_LENGTH(p, *cc); 335 *cc += PKT_LENGTH_LENGTH(p, *cc); 336 memcpy(&mem->mem[newcc], &p[*cc], partial); 337 newcc += partial; 338 *cc += partial; 339 break; 340 } 341 } 342 return newcc; 343 } 344 345 /* get the weirdo packet length */ 346 static size_t 347 get_pkt_len(uint8_t newfmt, uint8_t *p, size_t filesize, int isprimary) 348 { 349 size_t lenbytes; 350 size_t len; 351 352 if (newfmt) { 353 if (IS_PARTIAL(*p)) { 354 if (!isprimary) { 355 /* for sub-packets, only 1, 2 or 4 byte sizes allowed */ 356 return ((*p - 192) << 8) + *(p + 1) + 192; 357 } 358 lenbytes = 1; 359 for (len = DECODE_PARTIAL(*p) ; IS_PARTIAL(p[len + lenbytes]) ; lenbytes++) { 360 len += DECODE_PARTIAL(p[len + lenbytes]); 361 } 362 len += get_pkt_len(newfmt, &p[len + lenbytes], filesize, 1); 363 return len; 364 } 365 return PKT_LENGTH(p, 0); 366 } else { 367 switch(*--p & 0x3) { 368 case 0: 369 return *(p + 1); 370 case 1: 371 return (*(p + 1) << 8) | *(p + 2); 372 case 2: 373 return (*(p + 1) << 24) | (*(p + 2) << 16) | (*(p + 3) << 8) | *(p + 4); 374 default: 375 return filesize; 376 } 377 } 378 } 379 380 static const uint8_t base64s[] = 381 /* 000 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 382 /* 016 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 383 /* 032 */ "\0\0\0\0\0\0\0\0\0\0\0?\0\0\0@" 384 /* 048 */ "56789:;<=>\0\0\0\0\0\0" 385 /* 064 */ "\0\1\2\3\4\5\6\7\10\11\12\13\14\15\16\17" 386 /* 080 */ "\20\21\22\23\24\25\26\27\30\31\32\0\0\0\0\0" 387 /* 096 */ "\0\33\34\35\36\37 !\"#$%&'()" 388 /* 112 */ "*+,-./01234\0\0\0\0\0" 389 /* 128 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 390 /* 144 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 391 /* 160 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 392 /* 176 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 393 /* 192 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 394 /* 208 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 395 /* 224 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" 396 /* 240 */ "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; 397 398 399 /* short function to decode from base64 */ 400 /* inspired by an ancient copy of b64.c, then rewritten, the bugs are all mine */ 401 static int 402 frombase64(char *dst, const char *src, size_t size, int flag) 403 { 404 uint8_t out[3]; 405 uint8_t in[4]; 406 uint8_t b; 407 size_t srcc; 408 int dstc; 409 int gotc; 410 int i; 411 412 USE_ARG(flag); 413 for (dstc = 0, srcc = 0 ; srcc < size; ) { 414 for (gotc = 0, i = 0; i < 4 && srcc < size; i++) { 415 for (b = 0x0; srcc < size && b == 0x0 ; ) { 416 b = base64s[(unsigned)src[srcc++]]; 417 } 418 if (srcc < size) { 419 gotc += 1; 420 if (b) { 421 in[i] = (uint8_t)(b - 1); 422 } 423 } else { 424 in[i] = 0x0; 425 } 426 } 427 if (gotc) { 428 out[0] = (uint8_t)((unsigned)in[0] << 2 | 429 (unsigned)in[1] >> 4); 430 out[1] = (uint8_t)((unsigned)in[1] << 4 | 431 (unsigned)in[2] >> 2); 432 out[2] = (uint8_t)(((in[2] << 6) & 0xc0) | in[3]); 433 for (i = 0; i < gotc - 1; i++) { 434 *dst++ = out[i]; 435 } 436 dstc += gotc - 1; 437 } 438 } 439 return dstc; 440 } 441 442 /* get the length of the packet length field */ 443 static unsigned 444 get_pkt_len_len(uint8_t newfmt, uint8_t *p, int isprimary) 445 { 446 if (newfmt) { 447 if (IS_PARTIAL(*p)) { 448 return (isprimary) ? 1 : 2; 449 } 450 return PKT_LENGTH_LENGTH(p, 0); 451 } else { 452 switch(*--p & 0x3) { 453 case 0: 454 return 1; 455 case 1: 456 return 2; 457 case 2: 458 return 4; 459 default: 460 return 0; 461 } 462 } 463 } 464 465 /* copy the 32bit integer in memory in network order */ 466 static unsigned 467 fmt_32(uint8_t *p, uint32_t a) 468 { 469 a = pgp_hton32(a); 470 memcpy(p, &a, sizeof(a)); 471 return sizeof(a); 472 } 473 474 /* copy the 16bit integer in memory in network order */ 475 static unsigned 476 fmt_16(uint8_t *p, uint16_t a) 477 { 478 a = pgp_hton16(a); 479 memcpy(p, &a, sizeof(a)); 480 return sizeof(a); 481 } 482 483 /* format a binary string in memory */ 484 static size_t 485 fmt_binary(obuf_t *obuf, const uint8_t *bin, unsigned len) 486 { 487 unsigned i; 488 489 for (i = 0 ; i < len ; i++) { 490 if (!obuf_printf(obuf, "%02hhx", bin[i])) { 491 return false; 492 } 493 } 494 return true; 495 } 496 497 /* format an mpi into memory */ 498 static unsigned 499 fmt_binary_mpi(pgpv_bignum_t *mpi, uint8_t *p, size_t size) 500 { 501 unsigned bytes; 502 PGPV_BIGNUM *bn; 503 504 bytes = BITS_TO_BYTES(mpi->bits); 505 if ((size_t)bytes + 2 + 1 > size) { 506 fprintf(stderr, "truncated mpi"); 507 return 0; 508 } 509 bn = (PGPV_BIGNUM *)mpi->bn; 510 if (bn == NULL || PGPV_BN_is_zero(bn)) { 511 fmt_32(p, 0); 512 return 2 + 1; 513 } 514 fmt_16(p, mpi->bits); 515 PGPV_BN_bn2bin(bn, &p[2]); 516 return bytes + 2; 517 } 518 519 /* dump an mpi value onto stdout */ 520 static size_t 521 fmt_mpi(char *s, size_t size, pgpv_bignum_t *bn, const char *name, int pbits) 522 { 523 size_t cc; 524 char *buf; 525 526 cc = snprintf(s, size, "%s=", name); 527 if (pbits) { 528 cc += snprintf(&s[cc], size - cc, "[%u bits] ", bn->bits); 529 } 530 buf = PGPV_BN_bn2hex(bn->bn); 531 cc += snprintf(&s[cc], size - cc, "%s\n", buf); 532 free(buf); 533 return cc; 534 } 535 536 #define ALG_IS_RSA(alg) (((alg) == PUBKEY_RSA_ENCRYPT_OR_SIGN) || \ 537 ((alg) == PUBKEY_RSA_ENCRYPT) || \ 538 ((alg) == PUBKEY_RSA_SIGN)) 539 540 #define ALG_IS_DSA(alg) ((alg) == PUBKEY_DSA) 541 542 /* format key mpis into memory */ 543 static unsigned 544 fmt_key_mpis(pgpv_pubkey_t *pubkey, uint8_t *buf, size_t size) 545 { 546 size_t cc; 547 548 cc = 0; 549 buf[cc++] = pubkey->version; 550 cc += fmt_32(&buf[cc], (uint32_t)pubkey->birth); /* XXX - do this portably! */ 551 buf[cc++] = pubkey->keyalg; /* XXX - sign, or encrypt and sign? */ 552 switch(pubkey->keyalg) { 553 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 554 case PUBKEY_RSA_ENCRYPT: 555 case PUBKEY_RSA_SIGN: 556 cc += fmt_binary_mpi(&pubkey->bn[RSA_N], &buf[cc], size - cc); 557 cc += fmt_binary_mpi(&pubkey->bn[RSA_E], &buf[cc], size - cc); 558 break; 559 case PUBKEY_DSA: 560 cc += fmt_binary_mpi(&pubkey->bn[DSA_P], &buf[cc], size - cc); 561 cc += fmt_binary_mpi(&pubkey->bn[DSA_Q], &buf[cc], size - cc); 562 cc += fmt_binary_mpi(&pubkey->bn[DSA_G], &buf[cc], size - cc); 563 cc += fmt_binary_mpi(&pubkey->bn[DSA_Y], &buf[cc], size - cc); 564 break; 565 default: 566 cc += fmt_binary_mpi(&pubkey->bn[ELGAMAL_P], &buf[cc], size - cc); 567 cc += fmt_binary_mpi(&pubkey->bn[ELGAMAL_G], &buf[cc], size - cc); 568 cc += fmt_binary_mpi(&pubkey->bn[ELGAMAL_Y], &buf[cc], size - cc); 569 break; 570 } 571 return (unsigned)cc; 572 } 573 574 /* calculate the fingerprint, RFC 4880, section 12.2 */ 575 static int 576 pgpv_calc_fingerprint(pgpv_fingerprint_t *fingerprint, pgpv_pubkey_t *pubkey, const char *hashtype) 577 { 578 digest_t fphash; 579 uint16_t cc; 580 uint8_t ch = 0x99; 581 uint8_t buf[8192 + 2 + 1]; 582 uint8_t len[2]; 583 584 memset(&fphash, 0x0, sizeof(fphash)); 585 if (pubkey->version == 4) { 586 /* v4 keys */ 587 fingerprint->hashalg = digest_get_alg(hashtype); 588 digest_init(&fphash, (unsigned)fingerprint->hashalg); 589 cc = fmt_key_mpis(pubkey, buf, sizeof(buf)); 590 digest_update(&fphash, &ch, 1); 591 fmt_16(len, cc); 592 digest_update(&fphash, len, 2); 593 digest_update(&fphash, buf, (unsigned)cc); 594 fingerprint->len = digest_final(fingerprint->v, &fphash); 595 return 1; 596 } 597 if (ALG_IS_RSA(pubkey->keyalg)) { 598 /* v3 keys are RSA */ 599 fingerprint->hashalg = digest_get_alg("md5"); 600 digest_init(&fphash, (unsigned)fingerprint->hashalg); 601 if (pubkey->bn[RSA_N].bn && pubkey->bn[RSA_E].bn) { 602 cc = fmt_binary_mpi(&pubkey->bn[RSA_N], buf, sizeof(buf)); 603 digest_update(&fphash, &buf[2], (unsigned)(cc - 2)); 604 cc = fmt_binary_mpi(&pubkey->bn[RSA_E], buf, sizeof(buf)); 605 digest_update(&fphash, &buf[2], (unsigned)(cc - 2)); 606 fingerprint->len = digest_final(fingerprint->v, &fphash); 607 return 1; 608 } 609 } 610 if (pubkey->bn[RSA_N].bn) { 611 if ((cc = fmt_binary_mpi(&pubkey->bn[RSA_N], buf, sizeof(buf))) >= PGPV_KEYID_LEN) { 612 memcpy(fingerprint->v, &buf[cc - PGPV_KEYID_LEN], PGPV_KEYID_LEN); 613 fingerprint->len = PGPV_KEYID_LEN; 614 return 1; 615 } 616 } 617 /* exhausted all avenues, really */ 618 memset(fingerprint->v, 0xff, fingerprint->len = PGPV_KEYID_LEN); 619 return 1; 620 } 621 622 /* format a fingerprint into memory */ 623 static bool 624 fmt_fingerprint(obuf_t *obuf, pgpv_fingerprint_t *fingerprint, const char *name) 625 { 626 unsigned i; 627 628 if (!obuf_printf(obuf, "%s ", name)) { 629 return false; 630 } 631 for (i = 0 ; i < fingerprint->len ; i++) { 632 if (!obuf_printf(obuf, "%02hhx%s", 633 fingerprint->v[i], (i % 2 == 1) ? " " : "")) { 634 return false; 635 } 636 } 637 return obuf_printf(obuf, "\n"); 638 } 639 640 /* calculate keyid from a pubkey */ 641 static int 642 calc_keyid(pgpv_pubkey_t *key, const char *hashtype) 643 { 644 pgpv_calc_fingerprint(&key->fingerprint, key, hashtype); 645 memcpy(key->keyid, &key->fingerprint.v[key->fingerprint.len - PGPV_KEYID_LEN], PGPV_KEYID_LEN); 646 return 1; 647 } 648 649 /* convert a hex string to a 64bit key id (in big endian byte order */ 650 static void 651 str_to_keyid(const char *s, uint8_t *keyid) 652 { 653 uint64_t u64; 654 655 u64 = (uint64_t)strtoull(s, NULL, 16); 656 u64 = ((u64 & 0x00000000000000FFUL) << 56) | 657 ((u64 & 0x000000000000FF00UL) << 40) | 658 ((u64 & 0x0000000000FF0000UL) << 24) | 659 ((u64 & 0x00000000FF000000UL) << 8) | 660 ((u64 & 0x000000FF00000000UL) >> 8) | 661 ((u64 & 0x0000FF0000000000UL) >> 24) | 662 ((u64 & 0x00FF000000000000UL) >> 40) | 663 ((u64 & 0xFF00000000000000UL) >> 56); 664 memcpy(keyid, &u64, PGPV_KEYID_LEN); 665 } 666 667 #define PKT_ALWAYS_ON 0x80 668 #define PKT_NEWFMT_MASK 0x40 669 #define PKT_NEWFMT_TAG_MASK 0x3f 670 #define PKT_OLDFMT_TAG_MASK 0x3c 671 672 #define SUBPKT_CRITICAL_MASK 0x80 673 #define SUBPKT_TAG_MASK 0x7f 674 675 #define SUBPKT_SIG_BIRTH 2 676 #define SUBPKT_SIG_EXPIRY 3 677 #define SUBPKT_EXPORT_CERT 4 678 #define SUBPKT_TRUST_SIG 5 679 #define SUBPKT_REGEXP 6 680 #define SUBPKT_REVOCABLE 7 681 #define SUBPKT_KEY_EXPIRY 9 682 #define SUBPKT_BWD_COMPAT 10 683 #define SUBPKT_PREF_SYMMETRIC_ALG 11 684 #define SUBPKT_REVOCATION_KEY 12 685 #define SUBPKT_ISSUER 16 686 #define SUBPKT_NOTATION 20 687 #define SUBPKT_PREF_HASH_ALG 21 688 #define SUBPKT_PREF_COMPRESS_ALG 22 689 #define SUBPKT_KEY_SERVER_PREFS 23 690 #define SUBPKT_PREF_KEY_SERVER 24 691 #define SUBPKT_PRIMARY_USER_ID 25 692 #define SUBPKT_POLICY_URI 26 693 #define SUBPKT_KEY_FLAGS 27 694 #define SUBPKT_SIGNER_ID 28 695 #define SUBPKT_REVOCATION_REASON 29 696 #define SUBPKT_FEATURES 30 697 #define SUBPKT_SIGNATURE_TARGET 31 698 #define SUBPKT_EMBEDDED_SIGNATURE 32 699 700 #define UNCOMPRESSED 0 701 #define ZIP_COMPRESSION 1 702 #define ZLIB_COMPRESSION 2 703 #define BZIP2_COMPRESSION 3 704 705 /* get a 16 bit integer, in host order */ 706 static uint16_t 707 get_16(uint8_t *p) 708 { 709 uint16_t u16; 710 711 memcpy(&u16, p, sizeof(u16)); 712 return pgp_ntoh16(u16); 713 } 714 715 /* get a 32 bit integer, in host order */ 716 static uint32_t 717 get_32(uint8_t *p) 718 { 719 uint32_t u32; 720 721 memcpy(&u32, p, sizeof(u32)); 722 return pgp_ntoh32(u32); 723 } 724 725 #define HOURSECS (int64_t)(60 * 60) 726 #define DAYSECS (int64_t)(24 * 60 * 60) 727 #define MONSECS (int64_t)(30 * DAYSECS) 728 #define YEARSECS (int64_t)(365 * DAYSECS) 729 730 /* format (human readable) time into memory */ 731 static size_t 732 fmt_time(obuf_t *obuf, const char *header, int64_t n, const char *trailer, int relative) 733 { 734 struct tm tm; 735 time_t elapsed; 736 time_t now; 737 time_t t; 738 739 t = (time_t)n; 740 now = time(NULL); 741 elapsed = now - t; 742 gmtime_r(&t, &tm); 743 if (!obuf_printf(obuf, "%s%04d-%02d-%02d", header, 744 tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday)) { 745 return false; 746 } 747 if (relative) { 748 if (!obuf_printf(obuf, " (%lldy %lldm %lldd %lldh %s)", 749 llabs((long long)elapsed / YEARSECS), 750 llabs(((long long)elapsed % YEARSECS) / MONSECS), 751 llabs(((long long)elapsed % MONSECS) / DAYSECS), 752 llabs(((long long)elapsed % DAYSECS) / HOURSECS), 753 (now > t) ? "ago" : "ahead")) { 754 return false; 755 } 756 } 757 return obuf_printf(obuf, "%s", trailer); 758 } 759 760 /* dump key mpis to stdout */ 761 static void 762 print_key_mpis(pgpv_bignum_t *v, uint8_t keyalg) 763 { 764 char s[8192]; 765 766 switch(keyalg) { 767 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 768 case PUBKEY_RSA_ENCRYPT: 769 case PUBKEY_RSA_SIGN: 770 fmt_mpi(s, sizeof(s), &v[RSA_N], "rsa.n", 1); 771 printf("%s", s); 772 fmt_mpi(s, sizeof(s), &v[RSA_E], "rsa.e", 1); 773 printf("%s", s); 774 break; 775 case PUBKEY_ELGAMAL_ENCRYPT: 776 fmt_mpi(s, sizeof(s), &v[ELGAMAL_P], "elgamal.p", 1); 777 printf("%s", s); 778 fmt_mpi(s, sizeof(s), &v[ELGAMAL_Y], "elgamal.y", 1); 779 printf("%s", s); 780 break; 781 case PUBKEY_DSA: 782 fmt_mpi(s, sizeof(s), &v[DSA_P], "dsa.p", 1); 783 printf("%s", s); 784 fmt_mpi(s, sizeof(s), &v[DSA_Q], "dsa.q", 1); 785 printf("%s", s); 786 fmt_mpi(s, sizeof(s), &v[DSA_G], "dsa.g", 1); 787 printf("%s", s); 788 fmt_mpi(s, sizeof(s), &v[DSA_Y], "dsa.y", 1); 789 printf("%s", s); 790 break; 791 default: 792 printf("hi, unusual keyalg %u\n", keyalg); 793 break; 794 } 795 } 796 797 /* get an mpi, including 2 byte length */ 798 static int 799 get_mpi(pgpv_bignum_t *mpi, uint8_t *p, size_t pktlen, size_t *off) 800 { 801 size_t bytes; 802 803 mpi->bits = get_16(p); 804 if ((bytes = (size_t)BITS_TO_BYTES(mpi->bits)) > pktlen) { 805 return 0; 806 } 807 *off += sizeof(mpi->bits); 808 mpi->bn = PGPV_BN_bin2bn(&p[sizeof(mpi->bits)], (int)bytes, NULL); 809 *off += bytes; 810 return 1; 811 } 812 813 /* read mpis in signature */ 814 static int 815 read_signature_mpis(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen) 816 { 817 size_t off; 818 819 off = 0; 820 switch(sigpkt->sig.keyalg) { 821 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 822 case PUBKEY_RSA_SIGN: 823 case PUBKEY_RSA_ENCRYPT: 824 if (!get_mpi(&sigpkt->sig.bn[RSA_SIG], p, pktlen, &off)) { 825 printf("sigpkt->version %d, rsa sig weird\n", sigpkt->sig.version); 826 return 0; 827 } 828 break; 829 case PUBKEY_DSA: 830 case PUBKEY_ECDSA: 831 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: /* deprecated */ 832 if (!get_mpi(&sigpkt->sig.bn[DSA_R], p, pktlen, &off) || 833 !get_mpi(&sigpkt->sig.bn[DSA_S], &p[off], pktlen, &off)) { 834 printf("sigpkt->version %d, dsa/elgamal sig weird\n", sigpkt->sig.version); 835 return 0; 836 } 837 break; 838 default: 839 printf("weird type of sig! %d\n", sigpkt->sig.keyalg); 840 return 0; 841 } 842 return 1; 843 } 844 845 /* add the signature sub packet to the signature packet */ 846 static int 847 add_subpacket(pgpv_sigpkt_t *sigpkt, uint8_t tag, uint8_t *p, uint16_t len) 848 { 849 pgpv_sigsubpkt_t subpkt; 850 851 memset(&subpkt, 0x0, sizeof(subpkt)); 852 subpkt.s.size = len; 853 subpkt.critical = 0; 854 subpkt.tag = tag; 855 subpkt.s.data = p; 856 ARRAY_APPEND(sigpkt->subpkts, subpkt); 857 return 1; 858 } 859 860 /* read the subpackets in the signature */ 861 static int 862 read_sig_subpackets(pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen) 863 { 864 pgpv_sigsubpkt_t subpkt; 865 const int is_subpkt = 0; 866 unsigned lenlen; 867 unsigned i; 868 uint8_t *start; 869 870 start = p; 871 for (i = 0 ; (unsigned)(p - start) < sigpkt->subslen ; i++) { 872 memset(&subpkt, 0x0, sizeof(subpkt)); 873 subpkt.s.size = get_pkt_len(1, p, 0, is_subpkt); 874 lenlen = get_pkt_len_len(1, p, is_subpkt); 875 if (lenlen > pktlen) { 876 printf("weird lenlen %u\n", lenlen); 877 return 0; 878 } 879 p += lenlen; 880 subpkt.critical = (*p & SUBPKT_CRITICAL_MASK); 881 subpkt.tag = (*p & SUBPKT_TAG_MASK); 882 p += 1; 883 switch(subpkt.tag) { 884 case SUBPKT_SIG_BIRTH: 885 sigpkt->sig.birth = (int64_t)get_32(p); 886 break; 887 case SUBPKT_SIG_EXPIRY: 888 sigpkt->sig.expiry = (int64_t)get_32(p); 889 break; 890 case SUBPKT_KEY_EXPIRY: 891 sigpkt->sig.keyexpiry = (int64_t)get_32(p); 892 break; 893 case SUBPKT_ISSUER: 894 sigpkt->sig.signer = p; 895 break; 896 case SUBPKT_SIGNER_ID: 897 sigpkt->sig.signer = p; 898 break; 899 case SUBPKT_TRUST_SIG: 900 sigpkt->sig.trustsig = *p; 901 break; 902 case SUBPKT_REGEXP: 903 sigpkt->sig.regexp = (char *)(void *)p; 904 break; 905 case SUBPKT_REVOCABLE: 906 sigpkt->sig.revocable = *p; 907 break; 908 case SUBPKT_PREF_SYMMETRIC_ALG: 909 sigpkt->sig.pref_symm_alg = *p; 910 break; 911 case SUBPKT_REVOCATION_KEY: 912 sigpkt->sig.revoke_sensitive = (*p & 0x40); 913 sigpkt->sig.revoke_alg = p[1]; 914 sigpkt->sig.revoke_fingerprint = &p[2]; 915 break; 916 case SUBPKT_NOTATION: 917 sigpkt->sig.notation = *p; 918 break; 919 case SUBPKT_PREF_HASH_ALG: 920 sigpkt->sig.pref_hash_alg = *p; 921 break; 922 case SUBPKT_PREF_COMPRESS_ALG: 923 sigpkt->sig.pref_compress_alg = *p; 924 break; 925 case SUBPKT_PREF_KEY_SERVER: 926 sigpkt->sig.pref_key_server = (char *)(void *)p; 927 break; 928 case SUBPKT_KEY_SERVER_PREFS: 929 sigpkt->sig.key_server_modify = *p; 930 break; 931 case SUBPKT_KEY_FLAGS: 932 sigpkt->sig.type_key = *p; 933 break; 934 case SUBPKT_PRIMARY_USER_ID: 935 sigpkt->sig.primary_userid = *p; 936 break; 937 case SUBPKT_POLICY_URI: 938 sigpkt->sig.policy = (char *)(void *)p; 939 break; 940 case SUBPKT_FEATURES: 941 sigpkt->sig.features = (char *)(void *)p; 942 break; 943 case SUBPKT_REVOCATION_REASON: 944 sigpkt->sig.revoked = *p++ + 1; 945 sigpkt->sig.why_revoked = (char *)(void *)p; 946 break; 947 default: 948 printf("Ignoring unusual/reserved signature subpacket %d\n", subpkt.tag); 949 break; 950 } 951 subpkt.s.data = p; 952 p += subpkt.s.size - 1; 953 ARRAY_APPEND(sigpkt->subpkts, subpkt); 954 } 955 return 1; 956 } 957 958 /* parse signature packet */ 959 static int 960 read_sigpkt(pgpv_t *pgp, uint8_t mement, pgpv_sigpkt_t *sigpkt, uint8_t *p, size_t pktlen) 961 { 962 unsigned lenlen; 963 uint8_t *base; 964 965 make_ref(pgp, mement, &sigpkt->sig.hashstart); 966 base = p; 967 switch(sigpkt->sig.version = *p++) { 968 case 2: 969 case 3: 970 if ((lenlen = *p++) != 5) { 971 printf("read_sigpkt: hashed length not 5\n"); 972 return 0; 973 } 974 sigpkt->sig.hashlen = lenlen; 975 /* put birthtime into a subpacket */ 976 sigpkt->sig.type = *p++; 977 add_subpacket(sigpkt, SUBPKT_SIG_BIRTH, p, sizeof(uint32_t)); 978 sigpkt->sig.birth = (int64_t)get_32(p); 979 p += sizeof(uint32_t); 980 sigpkt->sig.signer = p; 981 add_subpacket(sigpkt, SUBPKT_SIGNER_ID, p, PGPV_KEYID_LEN); 982 p += PGPV_KEYID_LEN; 983 sigpkt->sig.keyalg = *p++; 984 sigpkt->sig.hashalg = *p++; 985 sigpkt->sig.hash2 = p; 986 if (!read_signature_mpis(sigpkt, sigpkt->sig.mpi = p + 2, pktlen)) { 987 printf("read_sigpkt: can't read sigs v3\n"); 988 return 0; 989 } 990 break; 991 case 4: 992 sigpkt->sig.type = *p++; 993 sigpkt->sig.keyalg = *p++; 994 sigpkt->sig.hashalg = *p++; 995 sigpkt->subslen = get_16(p); 996 p += sizeof(sigpkt->subslen); 997 if (!read_sig_subpackets(sigpkt, p, pktlen)) { 998 printf("read_sigpkt: can't read sig subpackets, v4\n"); 999 return 0; 1000 } 1001 if (!sigpkt->sig.signer) { 1002 sigpkt->sig.signer = get_ref(&sigpkt->sig.hashstart) + 16; 1003 } 1004 p += sigpkt->subslen; 1005 sigpkt->sig.hashlen = (unsigned)(p - base); 1006 sigpkt->unhashlen = get_16(p); 1007 p += sizeof(sigpkt->unhashlen) + sigpkt->unhashlen; 1008 sigpkt->sig.hash2 = p; 1009 if (!read_signature_mpis(sigpkt, sigpkt->sig.mpi = p + 2, pktlen)) { 1010 printf("read_sigpkt: can't read sigs, v4\n"); 1011 return 0; 1012 } 1013 break; 1014 default: 1015 printf("read_sigpkt: unusual signature version (%u)\n", sigpkt->sig.version); 1016 break; 1017 } 1018 return 1; 1019 } 1020 1021 1022 /* this parses compressed data, decompresses it, and calls the parser again */ 1023 static int 1024 read_compressed(pgpv_t *pgp, pgpv_compress_t *compressed, uint8_t *p, size_t len) 1025 { 1026 pgpv_mem_t *unzmem; 1027 bz_stream bz; 1028 z_stream z; 1029 int ok = 0; 1030 1031 compressed->compalg = *p; 1032 compressed->s.size = len; 1033 if ((compressed->s.data = calloc(1, len)) == NULL) { 1034 printf("read_compressed: can't allocate %zu length\n", len); 1035 return 0; 1036 } 1037 switch(compressed->compalg) { 1038 case UNCOMPRESSED: 1039 printf("not implemented %d compression yet\n", compressed->compalg); 1040 return 0; 1041 default: 1042 break; 1043 } 1044 ARRAY_EXPAND(pgp->areas); 1045 ARRAY_COUNT(pgp->areas) += 1; 1046 unzmem = &ARRAY_LAST(pgp->areas); 1047 unzmem->size = len * 10; 1048 unzmem->dealloc = FREE_MEM; 1049 if ((unzmem->mem = calloc(1, unzmem->size)) == NULL) { 1050 printf("read_compressed: calloc failed!\n"); 1051 return 0; 1052 } 1053 switch(compressed->compalg) { 1054 case ZIP_COMPRESSION: 1055 case ZLIB_COMPRESSION: 1056 memset(&z, 0x0, sizeof(z)); 1057 z.next_in = p + 1; 1058 z.avail_in = (unsigned)(len - 1); 1059 z.total_in = (unsigned)(len - 1); 1060 z.next_out = unzmem->mem; 1061 z.avail_out = (unsigned)unzmem->size; 1062 z.total_out = (unsigned)unzmem->size; 1063 break; 1064 case BZIP2_COMPRESSION: 1065 memset(&bz, 0x0, sizeof(bz)); 1066 bz.avail_in = (unsigned)(len - 1); 1067 bz.next_in = (char *)(void *)p + 1; 1068 bz.next_out = (char *)(void *)unzmem->mem; 1069 bz.avail_out = (unsigned)unzmem->size; 1070 break; 1071 } 1072 switch(compressed->compalg) { 1073 case ZIP_COMPRESSION: 1074 ok = (inflateInit2(&z, -15) == Z_OK); 1075 break; 1076 case ZLIB_COMPRESSION: 1077 ok = (inflateInit(&z) == Z_OK); 1078 break; 1079 case BZIP2_COMPRESSION: 1080 ok = (BZ2_bzDecompressInit(&bz, 1, 0) == BZ_OK); 1081 break; 1082 } 1083 if (!ok) { 1084 printf("read_compressed: initialisation failed!\n"); 1085 return 0; 1086 } 1087 switch(compressed->compalg) { 1088 case ZIP_COMPRESSION: 1089 case ZLIB_COMPRESSION: 1090 ok = (inflate(&z, Z_FINISH) == Z_STREAM_END); 1091 unzmem->size = z.total_out; 1092 break; 1093 case BZIP2_COMPRESSION: 1094 ok = (BZ2_bzDecompress(&bz) == BZ_STREAM_END); 1095 unzmem->size = ((uint64_t)bz.total_out_hi32 << 32) | bz.total_out_lo32; 1096 break; 1097 } 1098 if (!ok) { 1099 printf("read_compressed: inflate failed!\n"); 1100 return 0; 1101 } 1102 return 1; 1103 } 1104 1105 /* parse one pass signature packet */ 1106 static int 1107 read_onepass_sig(pgpv_onepass_t *onepasspkt, uint8_t *mem) 1108 { 1109 onepasspkt->version = mem[0]; 1110 onepasspkt->type = mem[1]; 1111 onepasspkt->hashalg = mem[2]; 1112 onepasspkt->keyalg = mem[3]; 1113 memcpy(onepasspkt->keyid, &mem[4], sizeof(onepasspkt->keyid)); 1114 onepasspkt->nested = mem[12]; 1115 return 1; 1116 } 1117 1118 /* parse public key packet */ 1119 static int 1120 read_pubkey(pgpv_pubkey_t *pubkey, uint8_t *mem, size_t pktlen, int pbn) 1121 { 1122 size_t off; 1123 1124 off = 0; 1125 pubkey->version = mem[off++]; 1126 pubkey->birth = get_32(&mem[off]); 1127 off += 4; 1128 if (pubkey->version == 2 || pubkey->version == 3) { 1129 pubkey->expiry = get_16(&mem[off]) * DAYSECS; 1130 off += 2; 1131 } 1132 if ((pubkey->keyalg = mem[off++]) == 0) { 1133 pubkey->keyalg = PUBKEY_RSA_ENCRYPT_OR_SIGN; 1134 printf("got unusual pubkey keyalg %u\n", mem[off - 1]); 1135 } 1136 switch(pubkey->keyalg) { 1137 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 1138 case PUBKEY_RSA_ENCRYPT: 1139 case PUBKEY_RSA_SIGN: 1140 if (!get_mpi(&pubkey->bn[RSA_N], &mem[off], pktlen, &off) || 1141 !get_mpi(&pubkey->bn[RSA_E], &mem[off], pktlen, &off)) { 1142 return 0; 1143 } 1144 break; 1145 case PUBKEY_ELGAMAL_ENCRYPT: 1146 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: 1147 if (!get_mpi(&pubkey->bn[ELGAMAL_P], &mem[off], pktlen, &off) || 1148 !get_mpi(&pubkey->bn[ELGAMAL_Y], &mem[off], pktlen, &off)) { 1149 return 0; 1150 } 1151 break; 1152 case PUBKEY_DSA: 1153 if (!get_mpi(&pubkey->bn[DSA_P], &mem[off], pktlen, &off) || 1154 !get_mpi(&pubkey->bn[DSA_Q], &mem[off], pktlen, &off) || 1155 !get_mpi(&pubkey->bn[DSA_G], &mem[off], pktlen, &off) || 1156 !get_mpi(&pubkey->bn[DSA_Y], &mem[off], pktlen, &off)) { 1157 return 0; 1158 } 1159 break; 1160 default: 1161 printf("hi, different type of pubkey here %u\n", pubkey->keyalg); 1162 break; 1163 } 1164 if (pbn) { 1165 print_key_mpis(pubkey->bn, pubkey->keyalg); 1166 } 1167 return 1; 1168 } 1169 1170 /* parse a user attribute */ 1171 static int 1172 read_userattr(pgpv_userattr_t *userattr, uint8_t *p, size_t pktlen) 1173 { 1174 pgpv_string_t subattr; 1175 const int is_subpkt = 0; 1176 const int indian = 1; 1177 unsigned lenlen; 1178 uint16_t imagelen; 1179 size_t cc; 1180 1181 userattr->len = pktlen; 1182 for (cc = 0 ; cc < pktlen ; cc += subattr.size + lenlen + 1) { 1183 subattr.size = get_pkt_len(1, p, 0, is_subpkt); 1184 lenlen = get_pkt_len_len(1, p, is_subpkt); 1185 if (lenlen > pktlen) { 1186 printf("weird lenlen %u\n", lenlen); 1187 return 0; 1188 } 1189 p += lenlen; 1190 if (*p++ != 1) { 1191 printf("image type (%u) != 1. weird packet\n", *(p - 1)); 1192 } 1193 memcpy(&imagelen, p, sizeof(imagelen)); 1194 if (!*(const char *)(const void *)&indian) { 1195 /* big endian - byteswap length */ 1196 imagelen = (((unsigned)imagelen & 0xff) << 8) | (((unsigned)imagelen >> 8) & 0xff); 1197 } 1198 subattr.data = p + 3; 1199 p += subattr.size; 1200 ARRAY_APPEND(userattr->subattrs, subattr); 1201 } 1202 return 1; 1203 } 1204 1205 #define LITDATA_BINARY 'b' 1206 #define LITDATA_TEXT 't' 1207 #define LITDATA_UTF8 'u' 1208 1209 /* parse literal packet */ 1210 static int 1211 read_litdata(pgpv_t *pgp, pgpv_litdata_t *litdata, uint8_t *p, size_t size) 1212 { 1213 size_t cc; 1214 1215 cc = 0; 1216 switch(litdata->format = p[cc++]) { 1217 case LITDATA_BINARY: 1218 case LITDATA_TEXT: 1219 case LITDATA_UTF8: 1220 litdata->namelen = 0; 1221 break; 1222 default: 1223 printf("weird litdata format %u\n", litdata->format); 1224 break; 1225 } 1226 litdata->namelen = p[cc++]; 1227 litdata->filename = &p[cc]; 1228 cc += litdata->namelen; 1229 litdata->secs = get_32(&p[cc]); 1230 cc += 4; 1231 litdata->s.data = &p[cc]; 1232 litdata->len = litdata->s.size = size - cc; 1233 litdata->mem = ARRAY_COUNT(pgp->areas) - 1; 1234 litdata->offset = cc; 1235 return 1; 1236 } 1237 1238 /* parse a single packet */ 1239 static int 1240 read_pkt(pgpv_t *pgp, pgpv_mem_t *mem) 1241 { 1242 const int isprimary = 1; 1243 pgpv_pkt_t pkt; 1244 pgpv_mem_t *newmem; 1245 unsigned lenlen; 1246 uint8_t ispartial; 1247 size_t size; 1248 1249 memset(&pkt, 0x0, sizeof(pkt)); 1250 pkt.tag = mem->mem[mem->cc++]; 1251 if (!(pkt.tag & PKT_ALWAYS_ON)) { 1252 printf("BAD PACKET - bit 7 not 1, offset %zu!\n", mem->cc - 1); 1253 } 1254 pkt.newfmt = (pkt.tag & PKT_NEWFMT_MASK); 1255 pkt.tag = (pkt.newfmt) ? 1256 (pkt.tag & PKT_NEWFMT_TAG_MASK) : 1257 (((unsigned)pkt.tag & PKT_OLDFMT_TAG_MASK) >> 2); 1258 ispartial = (pkt.newfmt && IS_PARTIAL(mem->mem[mem->cc])); 1259 pkt.s.size = get_pkt_len(pkt.newfmt, &mem->mem[mem->cc], mem->size - mem->cc, isprimary); 1260 lenlen = get_pkt_len_len(pkt.newfmt, &mem->mem[mem->cc], isprimary); 1261 pkt.offset = mem->cc; 1262 mem->cc += lenlen; 1263 pkt.mement = (uint8_t)(mem - ARRAY_ARRAY(pgp->areas)); 1264 pkt.s.data = &mem->mem[mem->cc]; 1265 if (strchr(mem->allowed, pkt.tag) == NULL) { 1266 printf("packet %d not allowed for operation %s\n", pkt.tag, pgp->op); 1267 return 0; 1268 } 1269 size = pkt.s.size; 1270 if (ispartial) { 1271 pkt.s.size = fixup_partials(pgp, &mem->mem[mem->cc - lenlen], pkt.s.size, mem->size, &size); 1272 newmem = &ARRAY_LAST(pgp->areas); 1273 pkt.mement = (uint8_t)(newmem - ARRAY_ARRAY(pgp->areas)); 1274 pkt.s.data = newmem->mem; 1275 size -= 1; 1276 } 1277 switch(pkt.tag) { 1278 case SIGNATURE_PKT: 1279 if (!read_sigpkt(pgp, pkt.mement, &pkt.u.sigpkt, pkt.s.data, pkt.s.size)) { 1280 return 0; 1281 } 1282 break; 1283 case ONEPASS_SIGNATURE_PKT: 1284 read_onepass_sig(&pkt.u.onepass, pkt.s.data); 1285 break; 1286 case PUBKEY_PKT: 1287 case PUB_SUBKEY_PKT: 1288 break; 1289 case LITDATA_PKT: 1290 read_litdata(pgp, &pkt.u.litdata, pkt.s.data, pkt.s.size); 1291 break; 1292 case TRUST_PKT: 1293 pkt.u.trust.level = pkt.s.data[0]; 1294 pkt.u.trust.amount = pkt.s.data[1]; 1295 break; 1296 case USERID_PKT: 1297 pkt.u.userid.size = pkt.s.size; 1298 pkt.u.userid.data = pkt.s.data; 1299 break; 1300 case COMPRESSED_DATA_PKT: 1301 read_compressed(pgp, &pkt.u.compressed, pkt.s.data, pkt.s.size); 1302 ARRAY_APPEND(pgp->pkts, pkt); 1303 read_all_packets(pgp, &ARRAY_LAST(pgp->areas), pgp->op); 1304 break; 1305 case USER_ATTRIBUTE_PKT: 1306 read_userattr(&pkt.u.userattr, pkt.s.data, pkt.s.size); 1307 break; 1308 default: 1309 printf("hi, need to implement %d, offset %zu\n", pkt.tag, mem->cc); 1310 break; 1311 } 1312 mem->cc += size; 1313 if (pkt.tag != COMPRESSED_DATA_PKT) { 1314 /* compressed was added earlier to preserve pkt ordering */ 1315 ARRAY_APPEND(pgp->pkts, pkt); 1316 } 1317 return 1; 1318 } 1319 1320 /* checks the tag type of a packet */ 1321 static int 1322 pkt_is(pgpv_t *pgp, int wanted) 1323 { 1324 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag == wanted); 1325 } 1326 1327 /* checks the packet is a signature packet, and the signature type is the expected one */ 1328 static int 1329 pkt_sigtype_is(pgpv_t *pgp, int wanted) 1330 { 1331 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1332 return 0; 1333 } 1334 return (ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig.type == wanted); 1335 } 1336 1337 /* check for expected type of packet, and move to the next */ 1338 static int 1339 pkt_accept(pgpv_t *pgp, int expected) 1340 { 1341 int got; 1342 1343 if ((got = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).tag) == expected) { 1344 pgp->pkt += 1; 1345 return 1; 1346 } 1347 printf("problem at token %zu, expcted %d, got %d\n", pgp->pkt, expected, got); 1348 return 0; 1349 } 1350 1351 /* recognise signature (and trust) packet */ 1352 static int 1353 recog_signature(pgpv_t *pgp, pgpv_signature_t *signature) 1354 { 1355 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1356 printf("recog_signature: not a signature packet\n"); 1357 return 0; 1358 } 1359 memcpy(signature, &ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.sigpkt.sig, sizeof(*signature)); 1360 pgp->pkt += 1; 1361 if (pkt_is(pgp, TRUST_PKT)) { 1362 pkt_accept(pgp, TRUST_PKT); 1363 } 1364 return 1; 1365 } 1366 1367 /* recognise user id packet */ 1368 static int 1369 recog_userid(pgpv_t *pgp, pgpv_signed_userid_t *userid) 1370 { 1371 pgpv_signature_t signature; 1372 pgpv_pkt_t *pkt; 1373 1374 memset(userid, 0x0, sizeof(*userid)); 1375 if (!pkt_is(pgp, USERID_PKT)) { 1376 printf("recog_userid: not %d\n", USERID_PKT); 1377 return 0; 1378 } 1379 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 1380 userid->userid.size = pkt->s.size; 1381 userid->userid.data = pkt->s.data; 1382 pgp->pkt += 1; 1383 while (pkt_is(pgp, SIGNATURE_PKT)) { 1384 if (!recog_signature(pgp, &signature)) { 1385 printf("recog_userid: can't recognise signature/trust\n"); 1386 return 0; 1387 } 1388 ARRAY_APPEND(userid->sigs, signature); 1389 if (signature.primary_userid) { 1390 userid->primary_userid = signature.primary_userid; 1391 } 1392 if (signature.revoked) { 1393 userid->revoked = signature.revoked; 1394 } 1395 } 1396 return 1; 1397 } 1398 1399 /* recognise user attributes packet */ 1400 static int 1401 recog_userattr(pgpv_t *pgp, pgpv_signed_userattr_t *userattr) 1402 { 1403 pgpv_signature_t signature; 1404 1405 memset(userattr, 0x0, sizeof(*userattr)); 1406 if (!pkt_is(pgp, USER_ATTRIBUTE_PKT)) { 1407 printf("recog_userattr: not %d\n", USER_ATTRIBUTE_PKT); 1408 return 0; 1409 } 1410 userattr->userattr = ARRAY_ELEMENT(pgp->pkts, pgp->pkt).u.userattr; 1411 pgp->pkt += 1; 1412 while (pkt_is(pgp, SIGNATURE_PKT)) { 1413 if (!recog_signature(pgp, &signature)) { 1414 printf("recog_userattr: can't recognise signature/trust\n"); 1415 return 0; 1416 } 1417 ARRAY_APPEND(userattr->sigs, signature); 1418 if (signature.revoked) { 1419 userattr->revoked = signature.revoked; 1420 } 1421 } 1422 return 1; 1423 } 1424 1425 /* recognise a sub key */ 1426 static int 1427 recog_subkey(pgpv_t *pgp, pgpv_signed_subkey_t *subkey) 1428 { 1429 pgpv_signature_t signature; 1430 pgpv_pkt_t *pkt; 1431 1432 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 1433 memset(subkey, 0x0, sizeof(*subkey)); 1434 read_pubkey(&subkey->subkey, pkt->s.data, pkt->s.size, 0); 1435 pgp->pkt += 1; 1436 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION) || 1437 pkt_sigtype_is(pgp, SIGTYPE_SUBKEY_REVOCATION) || 1438 pkt_sigtype_is(pgp, SIGTYPE_CERT_REVOCATION)) { 1439 recog_signature(pgp, &signature); 1440 subkey->revoc_self_sig = signature; 1441 } 1442 do { 1443 if (!pkt_is(pgp, SIGNATURE_PKT)) { 1444 printf("recog_subkey: not signature packet at %zu\n", pgp->pkt); 1445 return 0; 1446 } 1447 if (!recog_signature(pgp, &signature)) { 1448 printf("recog_subkey: bad signature/trust at %zu\n", pgp->pkt); 1449 return 0; 1450 } 1451 ARRAY_APPEND(subkey->sigs, signature); 1452 if (signature.keyexpiry) { 1453 /* XXX - check it's a good key expiry */ 1454 subkey->subkey.expiry = signature.keyexpiry; 1455 } 1456 } while (pkt_is(pgp, SIGNATURE_PKT)); 1457 return 1; 1458 } 1459 1460 /* use a sparse map for the text strings here to save space */ 1461 static const char *keyalgs[] = { 1462 "[Unknown]", 1463 "RSA (Encrypt or Sign)", 1464 "RSA (Encrypt Only)", 1465 "RSA (Sign Only)", 1466 "Elgamal (Encrypt Only)", 1467 "DSA", 1468 "Elliptic Curve", 1469 "ECDSA", 1470 "Elgamal (Encrypt or Sign)" 1471 }; 1472 1473 #define MAX_KEYALG 21 1474 1475 static const char *keyalgmap = "\0\01\02\03\0\0\0\0\0\0\0\0\0\0\0\0\04\05\06\07\010\011"; 1476 1477 /* return human readable name for key algorithm */ 1478 static const char * 1479 fmtkeyalg(uint8_t keyalg) 1480 { 1481 return keyalgs[(uint8_t)keyalgmap[(keyalg >= MAX_KEYALG) ? 0 : keyalg]]; 1482 } 1483 1484 /* return the number of bits in the public key */ 1485 static unsigned 1486 numkeybits(const pgpv_pubkey_t *pubkey) 1487 { 1488 switch(pubkey->keyalg) { 1489 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 1490 case PUBKEY_RSA_ENCRYPT: 1491 case PUBKEY_RSA_SIGN: 1492 return pubkey->bn[RSA_N].bits; 1493 case PUBKEY_DSA: 1494 case PUBKEY_ECDSA: 1495 return pubkey->bn[DSA_P].bits; 1496 //return BITS_TO_BYTES(pubkey->bn[DSA_Q].bits) * 64; 1497 case PUBKEY_ELGAMAL_ENCRYPT: 1498 case PUBKEY_ELGAMAL_ENCRYPT_OR_SIGN: 1499 return pubkey->bn[ELGAMAL_P].bits; 1500 default: 1501 return 0; 1502 } 1503 } 1504 1505 /* print a public key */ 1506 static bool 1507 fmt_pubkey(obuf_t *obuf, pgpv_pubkey_t *pubkey, const char *leader) 1508 { 1509 if (!obuf_printf(obuf, "%s %u/%s ", leader, numkeybits(pubkey), fmtkeyalg(pubkey->keyalg))) { 1510 return false; 1511 } 1512 if (!fmt_binary(obuf, pubkey->keyid, PGPV_KEYID_LEN)) { 1513 return false; 1514 } 1515 if (!fmt_time(obuf, " ", pubkey->birth, "", 0)) { 1516 return false; 1517 } 1518 if (pubkey->expiry) { 1519 if (!fmt_time(obuf, " [Expiry ", pubkey->birth + pubkey->expiry, "]", 0)) { 1520 return false; 1521 } 1522 } 1523 if (!obuf_printf(obuf, "\n")) { 1524 return false; 1525 } 1526 return fmt_fingerprint(obuf, &pubkey->fingerprint, "fingerprint "); 1527 } 1528 1529 /* we add 1 to revocation value to denote compromised */ 1530 #define COMPROMISED (0x02 + 1) 1531 1532 /* format a userid - used to order the userids when formatting */ 1533 static bool 1534 fmt_userid(obuf_t *obuf, pgpv_primarykey_t *primary, uint8_t u) 1535 { 1536 pgpv_signed_userid_t *userid; 1537 1538 userid = &ARRAY_ELEMENT(primary->signed_userids, u); 1539 return obuf_printf(obuf, "uid %.*s%s\n", 1540 (int)userid->userid.size, userid->userid.data, 1541 (userid->revoked == COMPROMISED) ? " [COMPROMISED AND REVOKED]" : 1542 (userid->revoked) ? " [REVOKED]" : ""); 1543 } 1544 1545 /* format a trust sig - used to order the userids when formatting */ 1546 static bool 1547 fmt_trust(obuf_t *obuf, pgpv_signed_userid_t *userid, uint32_t u) 1548 { 1549 pgpv_signature_t *sig; 1550 1551 sig = &ARRAY_ELEMENT(userid->sigs, u); 1552 if (!obuf_printf(obuf, "trust ")) { 1553 return false; 1554 } 1555 if (!fmt_binary(obuf, sig->signer, 8)) { 1556 return false; 1557 } 1558 return obuf_printf(obuf, "\n"); 1559 } 1560 1561 /* print a primary key, per RFC 4880 */ 1562 static bool 1563 fmt_primary(obuf_t *obuf, pgpv_primarykey_t *primary, unsigned subkey, const char *modifiers) 1564 { 1565 pgpv_signed_userid_t *userid; 1566 pgpv_pubkey_t *pubkey; 1567 unsigned i; 1568 unsigned j; 1569 1570 pubkey = (subkey == 0) ? &primary->primary : &ARRAY_ELEMENT(primary->signed_subkeys, subkey - 1).subkey; 1571 if (!fmt_pubkey(obuf, pubkey, "signature ")) { 1572 return false; 1573 } 1574 if (!fmt_userid(obuf, primary, primary->primary_userid)) { 1575 return false; 1576 } 1577 for (i = 0 ; i < ARRAY_COUNT(primary->signed_userids) ; i++) { 1578 if (i != primary->primary_userid) { 1579 if (!fmt_userid(obuf, primary, i)) { 1580 return false; 1581 } 1582 if (strcasecmp(modifiers, "trust") == 0) { 1583 userid = &ARRAY_ELEMENT(primary->signed_userids, i); 1584 for (j = 0 ; j < ARRAY_COUNT(userid->sigs) ; j++) { 1585 if (!fmt_trust(obuf, userid, j)) { 1586 return false; 1587 } 1588 } 1589 } 1590 } 1591 } 1592 if (strcasecmp(modifiers, "subkeys") == 0) { 1593 for (i = 0 ; i < ARRAY_COUNT(primary->signed_subkeys) ; i++) { 1594 if (!fmt_pubkey(obuf, &ARRAY_ELEMENT(primary->signed_subkeys, i).subkey, "encryption")) { 1595 return false; 1596 } 1597 } 1598 } 1599 return obuf_printf(obuf, "\n"); 1600 } 1601 1602 1603 /* check the padding on the signature */ 1604 static int 1605 rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) 1606 { 1607 USE_ARG(num); 1608 if (flen > tlen) { 1609 printf("from length larger than to length\n"); 1610 return -1; 1611 } 1612 (void) memset(to, 0x0, (size_t)(tlen - flen)); 1613 (void) memcpy(to + tlen - flen, from, (size_t)flen); 1614 return tlen; 1615 } 1616 1617 #define RSA_MAX_MODULUS_BITS 16384 1618 #define RSA_SMALL_MODULUS_BITS 3072 1619 #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ 1620 1621 /* check against the exponent/moudulo operation */ 1622 static int 1623 lowlevel_rsa_public_check(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) 1624 { 1625 uint8_t *decbuf; 1626 PGPV_BIGNUM *decbn; 1627 PGPV_BIGNUM *encbn; 1628 int decbytes; 1629 int nbytes; 1630 int r; 1631 1632 nbytes = 0; 1633 r = -1; 1634 decbuf = NULL; 1635 decbn = encbn = NULL; 1636 if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { 1637 printf("rsa r modulus too large\n"); 1638 goto err; 1639 } 1640 if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) { 1641 printf("rsa r bad n value\n"); 1642 goto err; 1643 } 1644 if (PGPV_BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && 1645 PGPV_BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { 1646 printf("rsa r bad exponent limit\n"); 1647 goto err; 1648 } 1649 nbytes = PGPV_BN_num_bytes(rsa->n); 1650 if ((encbn = PGPV_BN_new()) == NULL || 1651 (decbn = PGPV_BN_new()) == NULL || 1652 (decbuf = calloc(1, (size_t)nbytes)) == NULL) { 1653 printf("allocation failure\n"); 1654 goto err; 1655 } 1656 if (enclen > nbytes) { 1657 printf("rsa r > mod len\n"); 1658 goto err; 1659 } 1660 if (PGPV_BN_bin2bn(encbuf, enclen, encbn) == NULL) { 1661 printf("null encrypted BN\n"); 1662 goto err; 1663 } 1664 if (PGPV_BN_cmp(encbn, rsa->n) >= 0) { 1665 printf("rsa r data too large for modulus\n"); 1666 goto err; 1667 } 1668 if (PGPV_BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { 1669 printf("PGPV_BN_mod_exp < 0\n"); 1670 goto err; 1671 } 1672 decbytes = PGPV_BN_num_bytes(decbn); 1673 (void) PGPV_BN_bn2bin(decbn, decbuf); 1674 if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { 1675 printf("rsa r padding check failed\n"); 1676 } 1677 err: 1678 PGPV_BN_free(encbn); 1679 PGPV_BN_free(decbn); 1680 if (decbuf != NULL) { 1681 (void) memset(decbuf, 0x0, nbytes); 1682 free(decbuf); 1683 } 1684 return r; 1685 } 1686 1687 /* verify */ 1688 static int 1689 rsa_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) 1690 { 1691 rsa_pubkey_t pub; 1692 int ret; 1693 1694 if (enc == NULL || dec == NULL || rsa == NULL) { 1695 return 0; 1696 } 1697 USE_ARG(padding); 1698 (void) memset(&pub, 0x0, sizeof(pub)); 1699 pub.n = PGPV_BN_dup(rsa->n); 1700 pub.e = PGPV_BN_dup(rsa->e); 1701 ret = lowlevel_rsa_public_check(enc, enclen, dec, &pub); 1702 PGPV_BN_free(pub.n); 1703 PGPV_BN_free(pub.e); 1704 return ret; 1705 } 1706 1707 #define SUBKEY_LEN(x) (80 + 80) 1708 #define SIG_LEN 80 1709 #define UID_LEN 80 1710 1711 /* return worst case number of bytes needed to format a primary key */ 1712 static size_t 1713 estimate_primarykey_size(pgpv_primarykey_t *primary) 1714 { 1715 size_t cc; 1716 1717 cc = SUBKEY_LEN("signature") + 1718 (ARRAY_COUNT(primary->signed_userids) * UID_LEN) + 1719 (ARRAY_COUNT(primary->signed_subkeys) * SUBKEY_LEN("encrypt uids")); 1720 return cc; 1721 } 1722 1723 /* use public decrypt to verify a signature */ 1724 static int 1725 pgpv_rsa_public_decrypt(uint8_t *out, const uint8_t *in, size_t length, const pgpv_pubkey_t *pubkey) 1726 { 1727 RSA *orsa; 1728 int n; 1729 1730 if ((orsa = calloc(1, sizeof(*orsa))) == NULL) { 1731 return 0; 1732 } 1733 orsa->n = pubkey->bn[RSA_N].bn; 1734 orsa->e = pubkey->bn[RSA_E].bn; 1735 n = rsa_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); 1736 orsa->n = orsa->e = NULL; 1737 free(orsa); 1738 return n; 1739 } 1740 1741 /* verify rsa signature */ 1742 static int 1743 rsa_verify(uint8_t *calculated, unsigned calclen, uint8_t hashalg, pgpv_bignum_t *bn, pgpv_pubkey_t *pubkey) 1744 { 1745 unsigned prefixlen; 1746 unsigned decryptc; 1747 unsigned i; 1748 uint8_t decrypted[8192]; 1749 uint8_t sigbn[8192]; 1750 uint8_t prefix[64]; 1751 size_t keysize; 1752 1753 keysize = BITS_TO_BYTES(pubkey->bn[RSA_N].bits); 1754 PGPV_BN_bn2bin(bn[RSA_SIG].bn, sigbn); 1755 decryptc = pgpv_rsa_public_decrypt(decrypted, sigbn, BITS_TO_BYTES(bn[RSA_SIG].bits), pubkey); 1756 if (decryptc != keysize || (decrypted[0] != 0 || decrypted[1] != 1)) { 1757 return 0; 1758 } 1759 if ((prefixlen = digest_get_prefix((unsigned)hashalg, prefix, sizeof(prefix))) == 0) { 1760 printf("rsa_verify: unknown hash algorithm: %d\n", hashalg); 1761 return 0; 1762 } 1763 for (i = 2 ; i < keysize - prefixlen - calclen - 1 ; i++) { 1764 if (decrypted[i] != 0xff) { 1765 return 0; 1766 } 1767 } 1768 if (decrypted[i++] != 0x0) { 1769 return 0; 1770 } 1771 if (memcmp(&decrypted[i], prefix, prefixlen) != 0) { 1772 printf("rsa_verify: wrong hash algorithm\n"); 1773 return 0; 1774 } 1775 return memcmp(&decrypted[i + prefixlen], calculated, calclen) == 0; 1776 } 1777 1778 /* return 1 if bn <= 0 */ 1779 static int 1780 bignum_is_bad(PGPV_BIGNUM *bn) 1781 { 1782 return PGPV_BN_is_zero(bn) || PGPV_BN_is_negative(bn); 1783 } 1784 1785 #define BAD_BIGNUM(s, k) \ 1786 (bignum_is_bad((s)->bn) || PGPV_BN_cmp((s)->bn, (k)->bn) >= 0) 1787 1788 #ifndef DSA_MAX_MODULUS_BITS 1789 #define DSA_MAX_MODULUS_BITS 10000 1790 #endif 1791 1792 /* verify DSA signature */ 1793 static int 1794 verify_dsa_sig(uint8_t *calculated, unsigned calclen, pgpv_bignum_t *sig, pgpv_pubkey_t *pubkey) 1795 { 1796 unsigned qbits; 1797 uint8_t calcnum[128]; 1798 uint8_t signum[128]; 1799 PGPV_BIGNUM *M; 1800 PGPV_BIGNUM *W; 1801 PGPV_BIGNUM *t1; 1802 int ret; 1803 1804 if (pubkey->bn[DSA_P].bn == NULL || 1805 pubkey->bn[DSA_Q].bn == NULL || 1806 pubkey->bn[DSA_G].bn == NULL) { 1807 return 0; 1808 } 1809 M = W = t1 = NULL; 1810 qbits = pubkey->bn[DSA_Q].bits; 1811 switch(qbits) { 1812 case 160: 1813 case 224: 1814 case 256: 1815 break; 1816 default: 1817 printf("dsa: bad # of Q bits\n"); 1818 return 0; 1819 } 1820 if (pubkey->bn[DSA_P].bits > DSA_MAX_MODULUS_BITS) { 1821 printf("dsa: p too large\n"); 1822 return 0; 1823 } 1824 if (calclen > SHA256_DIGEST_LENGTH) { 1825 printf("dsa: digest too long\n"); 1826 return 0; 1827 } 1828 ret = 0; 1829 if ((M = PGPV_BN_new()) == NULL || (W = PGPV_BN_new()) == NULL || (t1 = PGPV_BN_new()) == NULL || 1830 BAD_BIGNUM(&sig[DSA_R], &pubkey->bn[DSA_Q]) || 1831 BAD_BIGNUM(&sig[DSA_S], &pubkey->bn[DSA_Q]) || 1832 PGPV_BN_mod_inverse(W, sig[DSA_S].bn, pubkey->bn[DSA_Q].bn, NULL) == NULL) { 1833 goto done; 1834 } 1835 if (calclen > qbits / 8) { 1836 calclen = qbits / 8; 1837 } 1838 if (PGPV_BN_bin2bn(calculated, (int)calclen, M) == NULL || 1839 !PGPV_BN_mod_mul(M, M, W, pubkey->bn[DSA_Q].bn, NULL) || 1840 !PGPV_BN_mod_mul(W, sig[DSA_R].bn, W, pubkey->bn[DSA_Q].bn, NULL) || 1841 !PGPV_BN_mod_exp(t1, pubkey->bn[DSA_G].bn, M, pubkey->bn[DSA_P].bn, NULL) || 1842 !PGPV_BN_mod_exp(W, pubkey->bn[DSA_Y].bn, W, pubkey->bn[DSA_P].bn, NULL) || 1843 !PGPV_BN_mod_mul(t1, t1, W, pubkey->bn[DSA_P].bn, NULL) || 1844 !PGPV_BN_div(NULL, t1, t1, pubkey->bn[DSA_Q].bn, NULL)) { 1845 goto done; 1846 } 1847 /* only compare the first q bits */ 1848 PGPV_BN_bn2bin(t1, calcnum); 1849 PGPV_BN_bn2bin(sig[DSA_R].bn, signum); 1850 ret = memcmp(calcnum, signum, BITS_TO_BYTES(qbits)) == 0; 1851 done: 1852 if (M) { 1853 PGPV_BN_free(M); 1854 } 1855 if (W) { 1856 PGPV_BN_free(W); 1857 } 1858 if (t1) { 1859 PGPV_BN_free(t1); 1860 } 1861 return ret; 1862 } 1863 1864 #define TIME_SNPRINTF(_cc, _buf, _size, _fmt, _val) do { \ 1865 time_t _t; \ 1866 char *_s; \ 1867 \ 1868 _t = _val; \ 1869 _s = ctime(&_t); \ 1870 _cc += snprintf(_buf, _size, _fmt, _s); \ 1871 } while(/*CONSTCOND*/0) 1872 1873 /* check dates on signature and key are valid */ 1874 static size_t 1875 valid_dates(pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, char *buf, size_t size) 1876 { 1877 time_t now; 1878 time_t t; 1879 size_t cc; 1880 1881 cc = 0; 1882 if (signature->birth < pubkey->birth) { 1883 TIME_SNPRINTF(cc, buf, size, "Signature time (%.24s) was before pubkey creation ", signature->birth); 1884 TIME_SNPRINTF(cc, &buf[cc], size - cc, "(%s)\n", pubkey->birth); 1885 return cc; 1886 } 1887 now = time(NULL); 1888 if (signature->expiry != 0) { 1889 if ((t = signature->birth + signature->expiry) < now) { 1890 TIME_SNPRINTF(cc, buf, size, "Signature expired on %.24s\n", t); 1891 return cc; 1892 } 1893 } 1894 if (now < signature->birth) { 1895 TIME_SNPRINTF(cc, buf, size, "Signature not valid before %.24s\n", signature->birth); 1896 return cc; 1897 } 1898 return 0; 1899 } 1900 1901 /* check if the signing key has expired */ 1902 static int 1903 key_expired(pgpv_pubkey_t *pubkey, char *buf, size_t size) 1904 { 1905 time_t now; 1906 time_t t; 1907 size_t cc; 1908 1909 now = time(NULL); 1910 cc = 0; 1911 if (pubkey->expiry != 0) { 1912 if ((t = pubkey->birth + pubkey->expiry) < now) { 1913 TIME_SNPRINTF(cc, buf, size, "Pubkey expired on %.24s\n", t); 1914 return (int)cc; 1915 } 1916 } 1917 if (now < pubkey->birth) { 1918 TIME_SNPRINTF(cc, buf, size, "Pubkey not valid before %.24s\n", pubkey->birth); 1919 return (int)cc; 1920 } 1921 return 0; 1922 } 1923 1924 /* find the leading onepass packet */ 1925 static size_t 1926 find_onepass(pgpv_cursor_t *cursor, size_t datastart) 1927 { 1928 size_t pkt; 1929 1930 for (pkt = datastart ; pkt < ARRAY_COUNT(cursor->pgp->pkts) ; pkt++) { 1931 if (ARRAY_ELEMENT(cursor->pgp->pkts, pkt).tag == ONEPASS_SIGNATURE_PKT) { 1932 return pkt + 1; 1933 } 1934 } 1935 snprintf(cursor->why, sizeof(cursor->why), "No signature to verify"); 1936 return 0; 1937 } 1938 1939 static const char *armor_begins[] = { 1940 "-----BEGIN PGP SIGNED MESSAGE-----\n", 1941 "-----BEGIN PGP MESSAGE-----\n", 1942 NULL 1943 }; 1944 1945 /* return non-zero if the buf introduces an armored message */ 1946 static int 1947 is_armored(const char *buf, size_t size) 1948 { 1949 const char **arm; 1950 const char *nl; 1951 size_t n; 1952 1953 if ((nl = memchr(buf, '\n', size)) == NULL) { 1954 return 0; 1955 } 1956 n = (size_t)(nl - buf); 1957 for (arm = armor_begins ; *arm ; arm++) { 1958 if (strncmp(buf, *arm, n) == 0) { 1959 return 1; 1960 } 1961 } 1962 return 0; 1963 } 1964 1965 /* find first occurrence of pat binary string in block */ 1966 static void * 1967 find_bin_string(const void *blockarg, size_t blen, const void *pat, size_t plen) 1968 { 1969 const uint8_t *block; 1970 const uint8_t *bp; 1971 1972 if (plen == 0) { 1973 return __UNCONST(blockarg); 1974 } 1975 if (blen < plen) { 1976 return NULL; 1977 } 1978 for (bp = block = blockarg ; (size_t)(bp - block) < blen - plen + 1 ; bp++) { 1979 if (memcmp(bp, pat, plen) == 0) { 1980 return __UNCONST(bp); 1981 } 1982 } 1983 return NULL; 1984 } 1985 1986 #define SIGSTART "-----BEGIN PGP SIGNATURE-----\n" 1987 #define SIGEND "-----END PGP SIGNATURE-----\n" 1988 1989 /* for ascii armor, we don't get a onepass packet - make one */ 1990 static const char *cons_onepass = "\304\015\003\0\0\0\0\377\377\377\377\377\377\377\377\1"; 1991 1992 /* read ascii armor */ 1993 static int 1994 read_ascii_armor(pgpv_cursor_t *cursor, pgpv_mem_t *mem, const char *filename) 1995 { 1996 pgpv_onepass_t *onepass; 1997 pgpv_sigpkt_t *sigpkt; 1998 pgpv_pkt_t litdata; 1999 uint8_t binsig[8192]; 2000 uint8_t *datastart; 2001 uint8_t *sigend; 2002 uint8_t *p; 2003 size_t binsigsize; 2004 2005 /* cons up litdata pkt */ 2006 memset(&litdata, 0x0, sizeof(litdata)); 2007 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; 2008 p = mem->mem; 2009 /* jump over signed message line */ 2010 if ((p = find_bin_string(mem->mem, mem->size, "\n\n", 2)) == NULL) { 2011 snprintf(cursor->why, sizeof(cursor->why), "malformed armor at offset 0"); 2012 return 0; 2013 } 2014 p += 2; 2015 litdata.tag = LITDATA_PKT; 2016 litdata.s.data = p; 2017 litdata.u.litdata.offset = (size_t)(p - mem->mem); 2018 litdata.u.litdata.filename = (uint8_t *)strdup(filename); 2019 if ((p = find_bin_string(datastart = p, mem->size - litdata.offset, SIGSTART, sizeof(SIGSTART) - 1)) == NULL) { 2020 snprintf(cursor->why, sizeof(cursor->why), 2021 "malformed armor - no sig - at %zu", (size_t)(p - mem->mem)); 2022 return 0; 2023 } 2024 litdata.u.litdata.len = litdata.s.size = (size_t)(p - datastart); 2025 /* this puts p at the newline character, so it will find \n\n if no version */ 2026 p += strlen(SIGSTART) - 1; 2027 if ((p = find_bin_string(p, mem->size, "\n\n", 2)) == NULL) { 2028 snprintf(cursor->why, sizeof(cursor->why), 2029 "malformed armed signature at %zu", (size_t)(p - mem->mem)); 2030 return 0; 2031 } 2032 p += 2; 2033 sigend = find_bin_string(p, mem->size, SIGEND, sizeof(SIGEND) - 1); 2034 if (sigend == NULL) { 2035 snprintf(cursor->why, sizeof(cursor->why), 2036 "malformed armor - no end sig - at %zu", 2037 (size_t)(p - mem->mem)); 2038 return 0; 2039 } 2040 binsigsize = b64decode((char *)p, (size_t)(sigend - p), binsig, sizeof(binsig)); 2041 2042 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); 2043 ARRAY_APPEND(cursor->pgp->pkts, litdata); 2044 read_binary_memory(cursor->pgp, "signature", binsig, binsigsize - 3); 2045 /* XXX - hardwired - 3 is format and length */ 2046 2047 /* fix up packets in the packet array now we have them there */ 2048 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, ARRAY_COUNT(cursor->pgp->pkts) - 1 - 2).u.onepass; 2049 sigpkt = &ARRAY_LAST(cursor->pgp->pkts).u.sigpkt; 2050 memcpy(onepass->keyid, sigpkt->sig.signer, sizeof(onepass->keyid)); 2051 onepass->hashalg = sigpkt->sig.hashalg; 2052 onepass->keyalg = sigpkt->sig.keyalg; 2053 return 1; 2054 } 2055 2056 /* read ascii armor from a file */ 2057 static int 2058 read_ascii_armor_file(pgpv_cursor_t *cursor, const char *filename) 2059 { 2060 /* cons up litdata pkt */ 2061 read_file(cursor->pgp, filename); 2062 return read_ascii_armor(cursor, &ARRAY_LAST(cursor->pgp->areas), filename); 2063 } 2064 2065 /* read ascii armor from memory */ 2066 static int 2067 read_ascii_armor_memory(pgpv_cursor_t *cursor, const void *p, size_t size) 2068 { 2069 pgpv_mem_t *mem; 2070 2071 /* cons up litdata pkt */ 2072 ARRAY_EXPAND(cursor->pgp->areas); 2073 ARRAY_COUNT(cursor->pgp->areas) += 1; 2074 mem = &ARRAY_LAST(cursor->pgp->areas); 2075 memset(mem, 0x0, sizeof(*mem)); 2076 mem->size = size; 2077 mem->mem = __UNCONST(p); 2078 mem->dealloc = 0; 2079 return read_ascii_armor(cursor, mem, "[stdin]"); 2080 } 2081 2082 /* set up the data to verify */ 2083 static int 2084 setup_data(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) 2085 { 2086 FILE *fp; 2087 char buf[BUFSIZ]; 2088 int rv; 2089 2090 if (cursor == NULL || pgp == NULL || p == NULL) { 2091 snprintf(cursor->why, sizeof(cursor->why), "No input data"); 2092 return 0; 2093 } 2094 memset(cursor, 0x0, sizeof(*cursor)); 2095 ARRAY_APPEND(pgp->datastarts, pgp->pkt); 2096 cursor->pgp = pgp; 2097 if (size < 0) { 2098 /* we have a file name in p */ 2099 if ((fp = fopen(p, "r")) == NULL) { 2100 snprintf(cursor->why, sizeof(cursor->why), "No such file '%s'", (const char *)p); 2101 return 0; 2102 } 2103 if (fgets(buf, (int)sizeof(buf), fp) == NULL) { 2104 fclose(fp); 2105 snprintf(cursor->why, sizeof(cursor->why), "can't read file '%s'", (const char *)p); 2106 return 0; 2107 } 2108 if (is_armored(buf, sizeof(buf))) { 2109 rv = read_ascii_armor_file(cursor, p); 2110 } else { 2111 rv = read_binary_file(pgp, "signature", "%s", (const char *)p); 2112 } 2113 fclose(fp); 2114 } else { 2115 if (is_armored(p, (size_t)size)) { 2116 rv = read_ascii_armor_memory(cursor, p, (size_t)size); 2117 } else { 2118 rv = read_binary_memory(pgp, "signature", p, (size_t)size); 2119 } 2120 } 2121 return rv; 2122 } 2123 2124 /* get the data and size from litdata packet */ 2125 static uint8_t * 2126 get_literal_data(pgpv_cursor_t *cursor, pgpv_litdata_t *litdata, size_t *size) 2127 { 2128 pgpv_mem_t *mem; 2129 2130 if (litdata->s.data == NULL && litdata->s.size == 0) { 2131 mem = &ARRAY_ELEMENT(cursor->pgp->areas, litdata->mem); 2132 *size = litdata->len; 2133 return &mem->mem[litdata->offset]; 2134 } 2135 *size = litdata->s.size; 2136 return litdata->s.data; 2137 } 2138 2139 /* 2140 RFC 4880 describes the structure of v4 keys as: 2141 2142 Primary-Key 2143 [Revocation Self Signature] 2144 [Direct Key Signature...] 2145 User ID [Signature ...] 2146 [User ID [Signature ...] ...] 2147 [User Attribute [Signature ...] ...] 2148 [[Subkey [Binding-Signature-Revocation] 2149 Primary-Key-Binding-Signature] ...] 2150 2151 and that's implemented below as a recursive descent parser. 2152 It has had to be modified, though: see the comment 2153 2154 some keys out there have user ids where they shouldn't 2155 2156 to look like: 2157 2158 Primary-Key 2159 [Revocation Self Signature] 2160 [Direct Key Signature...] 2161 [User ID [Signature ...] 2162 [User ID [Signature ...] ...] 2163 [User Attribute [Signature ...] ...] 2164 [Subkey [Binding-Signature-Revocation] 2165 Primary-Key-Binding-Signature] ...] 2166 2167 to accommodate keyrings set up by gpg 2168 */ 2169 2170 /* recognise a primary key */ 2171 static int 2172 recog_primary_key(pgpv_t *pgp, pgpv_primarykey_t *primary) 2173 { 2174 pgpv_signed_userattr_t userattr; 2175 pgpv_signed_userid_t userid; 2176 pgpv_signed_subkey_t subkey; 2177 pgpv_signature_t signature; 2178 pgpv_pkt_t *pkt; 2179 2180 pkt = &ARRAY_ELEMENT(pgp->pkts, pgp->pkt); 2181 memset(primary, 0x0, sizeof(*primary)); 2182 read_pubkey(&primary->primary, pkt->s.data, pkt->s.size, 0); 2183 pgp->pkt += 1; 2184 if (pkt_sigtype_is(pgp, SIGTYPE_KEY_REVOCATION)) { 2185 if (!recog_signature(pgp, &primary->revoc_self_sig)) { 2186 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_KEY_REVOCATION\n"); 2187 return 0; 2188 } 2189 } 2190 while (pkt_sigtype_is(pgp, SIGTYPE_DIRECT_KEY)) { 2191 if (!recog_signature(pgp, &signature)) { 2192 printf("recog_primary_key: no signature/trust at PGPV_SIGTYPE_DIRECT_KEY\n"); 2193 return 0; 2194 } 2195 if (signature.keyexpiry) { 2196 /* XXX - check it's a good key expiry */ 2197 primary->primary.expiry = signature.keyexpiry; 2198 } 2199 ARRAY_APPEND(primary->direct_sigs, signature); 2200 } 2201 /* some keys out there have user ids where they shouldn't */ 2202 do { 2203 if (!recog_userid(pgp, &userid)) { 2204 printf("recog_primary_key: not userid\n"); 2205 return 0; 2206 } 2207 ARRAY_APPEND(primary->signed_userids, userid); 2208 if (userid.primary_userid) { 2209 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; 2210 } 2211 while (pkt_is(pgp, USERID_PKT)) { 2212 if (!recog_userid(pgp, &userid)) { 2213 printf("recog_primary_key: not signed secondary userid\n"); 2214 return 0; 2215 } 2216 ARRAY_APPEND(primary->signed_userids, userid); 2217 if (userid.primary_userid) { 2218 primary->primary_userid = ARRAY_COUNT(primary->signed_userids) - 1; 2219 } 2220 } 2221 while (pkt_is(pgp, USER_ATTRIBUTE_PKT)) { 2222 if (!recog_userattr(pgp, &userattr)) { 2223 printf("recog_primary_key: not signed user attribute\n"); 2224 return 0; 2225 } 2226 ARRAY_APPEND(primary->signed_userattrs, userattr); 2227 } 2228 while (pkt_is(pgp, PUB_SUBKEY_PKT)) { 2229 if (!recog_subkey(pgp, &subkey)) { 2230 printf("recog_primary_key: not signed public subkey\n"); 2231 return 0; 2232 } 2233 calc_keyid(&subkey.subkey, "sha1"); 2234 ARRAY_APPEND(primary->signed_subkeys, subkey); 2235 } 2236 } while (pgp->pkt < ARRAY_COUNT(pgp->pkts) && pkt_is(pgp, USERID_PKT)); 2237 primary->fmtsize = estimate_primarykey_size(primary); 2238 return 1; 2239 } 2240 2241 /* parse all of the packets for a given operation */ 2242 static int 2243 read_all_packets(pgpv_t *pgp, pgpv_mem_t *mem, const char *op) 2244 { 2245 pgpv_primarykey_t primary; 2246 2247 if (op == NULL) { 2248 return 0; 2249 } 2250 if (strcmp(pgp->op = op, "pubring") == 0) { 2251 mem->allowed = PUBRING_ALLOWED; 2252 /* pubrings have thousands of small packets */ 2253 ARRAY_EXPAND_SIZED(pgp->pkts, 0, 5000); 2254 } else if (strcmp(op, "signature") == 0) { 2255 mem->allowed = SIGNATURE_ALLOWED; 2256 } else { 2257 mem->allowed = ""; 2258 } 2259 for (mem->cc = 0; mem->cc < mem->size ; ) { 2260 if (!read_pkt(pgp, mem)) { 2261 return 0; 2262 } 2263 } 2264 if (strcmp(op, "pubring") == 0) { 2265 for (pgp->pkt = 0; pgp->pkt < ARRAY_COUNT(pgp->pkts) && recog_primary_key(pgp, &primary) ; ) { 2266 calc_keyid(&primary.primary, "sha1"); 2267 ARRAY_APPEND(pgp->primaries, primary); 2268 } 2269 if (pgp->pkt < ARRAY_COUNT(pgp->pkts)) { 2270 printf("short pubring recognition???\n"); 2271 } 2272 } 2273 pgp->pkt = ARRAY_COUNT(pgp->pkts); 2274 return 1; 2275 } 2276 2277 /* create a filename, read it, and then parse according to "op" */ 2278 static int 2279 read_binary_file(pgpv_t *pgp, const char *op, const char *fmt, ...) 2280 { 2281 va_list args; 2282 char buf[1024]; 2283 2284 va_start(args, fmt); 2285 vsnprintf(buf, sizeof(buf), fmt, args); 2286 va_end(args); 2287 if (!read_file(pgp, buf)) { 2288 return 0; 2289 } 2290 return read_all_packets(pgp, &ARRAY_LAST(pgp->areas), op); 2291 } 2292 2293 /* get a bignum from the buffer gap */ 2294 static int 2295 getbignum(pgpv_bignum_t *bignum, bufgap_t *bg, char *buf, const char *header) 2296 { 2297 uint32_t len; 2298 2299 USE_ARG(header); 2300 (void) bufgap_getbin(bg, &len, sizeof(len)); 2301 len = pgp_ntoh32(len); 2302 (void) bufgap_seek(bg, sizeof(len), BGFromHere, BGByte); 2303 (void) bufgap_getbin(bg, buf, len); 2304 bignum->bn = PGPV_BN_bin2bn((const uint8_t *)buf, (int)len, NULL); 2305 bignum->bits = PGPV_BN_num_bits(bignum->bn); 2306 (void) bufgap_seek(bg, len, BGFromHere, BGByte); 2307 return 1; 2308 } 2309 2310 /* structure for searching for constant strings */ 2311 typedef struct str_t { 2312 const char *s; /* string */ 2313 size_t len; /* its length */ 2314 int type; /* return type */ 2315 } str_t; 2316 2317 static str_t pkatypes[] = { 2318 { "ssh-rsa", 7, PUBKEY_RSA_SIGN }, 2319 { "ssh-dss", 7, PUBKEY_DSA }, 2320 { "ssh-dsa", 7, PUBKEY_DSA }, 2321 { NULL, 0, 0 } 2322 }; 2323 2324 /* look for a string in the given array */ 2325 static int 2326 findstr(str_t *array, const char *name) 2327 { 2328 str_t *sp; 2329 2330 for (sp = array ; sp->s ; sp++) { 2331 if (strncmp(name, sp->s, sp->len) == 0) { 2332 return sp->type; 2333 } 2334 } 2335 return -1; 2336 } 2337 2338 /* read public key from the ssh pubkey file */ 2339 static __printflike(3, 4) int 2340 read_ssh_file(pgpv_t *pgp, pgpv_primarykey_t *primary, const char *fmt, ...) 2341 { 2342 pgpv_signed_userid_t userid; 2343 pgpv_pubkey_t *pubkey; 2344 struct stat st; 2345 bufgap_t bg; 2346 uint32_t len; 2347 int64_t off; 2348 va_list args; 2349 char hostname[256]; 2350 char owner[256]; 2351 char *space; 2352 char *buf; 2353 char *bin; 2354 char f[1024]; 2355 int ok; 2356 int cc; 2357 2358 USE_ARG(pgp); 2359 memset(primary, 0x0, sizeof(*primary)); 2360 (void) memset(&bg, 0x0, sizeof(bg)); 2361 va_start(args, fmt); 2362 vsnprintf(f, sizeof(f), fmt, args); 2363 va_end(args); 2364 if (!bufgap_open(&bg, f)) { 2365 (void) fprintf(stderr, "pgp_ssh2pubkey: can't open '%s'\n", f); 2366 return 0; 2367 } 2368 (void)stat(f, &st); 2369 if ((buf = calloc(1, (size_t)st.st_size)) == NULL) { 2370 (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); 2371 bufgap_close(&bg); 2372 return 0; 2373 } 2374 if ((bin = calloc(1, (size_t)st.st_size)) == NULL) { 2375 (void) fprintf(stderr, "can't calloc %zu bytes for '%s'\n", (size_t)st.st_size, f); 2376 (void) free(buf); 2377 bufgap_close(&bg); 2378 return 0; 2379 } 2380 2381 /* move past ascii type of key */ 2382 while (bufgap_peek(&bg, 0) != ' ') { 2383 if (!bufgap_seek(&bg, 1, BGFromHere, BGByte)) { 2384 (void) fprintf(stderr, "bad key file '%s'\n", f); 2385 (void) free(buf); 2386 bufgap_close(&bg); 2387 return 0; 2388 } 2389 } 2390 if (!bufgap_seek(&bg, 1, BGFromHere, BGByte)) { 2391 (void) fprintf(stderr, "bad key file '%s'\n", f); 2392 (void) free(buf); 2393 bufgap_close(&bg); 2394 return 0; 2395 } 2396 off = bufgap_tell(&bg, BGFromBOF, BGByte); 2397 2398 if (bufgap_size(&bg, BGByte) - off < 10) { 2399 (void) fprintf(stderr, "bad key file '%s'\n", f); 2400 (void) free(buf); 2401 bufgap_close(&bg); 2402 return 0; 2403 } 2404 2405 /* convert from base64 to binary */ 2406 cc = bufgap_getbin(&bg, buf, (size_t)bg.bcc); 2407 if ((space = strchr(buf, ' ')) != NULL) { 2408 cc = (int)(space - buf); 2409 } 2410 cc = frombase64(bin, buf, (size_t)cc, 0); 2411 bufgap_delete(&bg, (uint64_t)bufgap_tell(&bg, BGFromEOF, BGByte)); 2412 bufgap_insert(&bg, bin, cc); 2413 bufgap_seek(&bg, off, BGFromBOF, BGByte); 2414 2415 /* get the type of key */ 2416 (void) bufgap_getbin(&bg, &len, sizeof(len)); 2417 len = pgp_ntoh32(len); 2418 if (len >= st.st_size) { 2419 (void) fprintf(stderr, "bad public key file '%s'\n", f); 2420 return 0; 2421 } 2422 (void) bufgap_seek(&bg, sizeof(len), BGFromHere, BGByte); 2423 (void) bufgap_getbin(&bg, buf, len); 2424 (void) bufgap_seek(&bg, len, BGFromHere, BGByte); 2425 2426 pubkey = &primary->primary; 2427 pubkey->hashalg = digest_get_alg("sha256"); /* gets fixed up later */ 2428 pubkey->version = 4; 2429 pubkey->birth = 0; /* gets fixed up later */ 2430 /* get key type */ 2431 ok = 1; 2432 switch (pubkey->keyalg = findstr(pkatypes, buf)) { 2433 case PUBKEY_RSA_ENCRYPT_OR_SIGN: 2434 case PUBKEY_RSA_SIGN: 2435 getbignum(&pubkey->bn[RSA_E], &bg, buf, "RSA E"); 2436 getbignum(&pubkey->bn[RSA_N], &bg, buf, "RSA N"); 2437 break; 2438 case PUBKEY_DSA: 2439 getbignum(&pubkey->bn[DSA_P], &bg, buf, "DSA P"); 2440 getbignum(&pubkey->bn[DSA_Q], &bg, buf, "DSA Q"); 2441 getbignum(&pubkey->bn[DSA_G], &bg, buf, "DSA G"); 2442 getbignum(&pubkey->bn[DSA_Y], &bg, buf, "DSA Y"); 2443 break; 2444 default: 2445 (void) fprintf(stderr, "Unrecognised pubkey type %d for '%s'\n", 2446 pubkey->keyalg, f); 2447 ok = 0; 2448 break; 2449 } 2450 2451 /* check for stragglers */ 2452 if (ok && bufgap_tell(&bg, BGFromEOF, BGByte) > 0) { 2453 printf("%"PRIi64" bytes left\n", bufgap_tell(&bg, BGFromEOF, BGByte)); 2454 printf("[%s]\n", bufgap_getstr(&bg)); 2455 ok = 0; 2456 } 2457 if (ok) { 2458 memset(&userid, 0x0, sizeof(userid)); 2459 (void) gethostname(hostname, sizeof(hostname)); 2460 if (strlen(space + 1) - 1 == 0) { 2461 (void) snprintf(owner, sizeof(owner), "<root@%s>", 2462 hostname); 2463 } else { 2464 (void) snprintf(owner, sizeof(owner), "<%.*s>", 2465 (int)strlen(space + 1) - 1, 2466 space + 1); 2467 } 2468 calc_keyid(pubkey, "sha1"); 2469 userid.userid.size = asprintf((char **)(void *)&userid.userid.data, 2470 "%s (%s) %s", 2471 hostname, 2472 f, 2473 owner); 2474 ARRAY_APPEND(primary->signed_userids, userid); 2475 primary->fmtsize = estimate_primarykey_size(primary) + 1024; 2476 } 2477 (void) free(bin); 2478 (void) free(buf); 2479 bufgap_close(&bg); 2480 return ok; 2481 } 2482 2483 /* parse memory according to "op" */ 2484 static int 2485 read_binary_memory(pgpv_t *pgp, const char *op, const void *memory, size_t size) 2486 { 2487 pgpv_mem_t *mem; 2488 2489 ARRAY_EXPAND(pgp->areas); 2490 ARRAY_COUNT(pgp->areas) += 1; 2491 mem = &ARRAY_LAST(pgp->areas); 2492 memset(mem, 0x0, sizeof(*mem)); 2493 mem->size = size; 2494 mem->mem = __UNCONST(memory); 2495 mem->dealloc = 0; 2496 return read_all_packets(pgp, mem, op); 2497 } 2498 2499 /* fixup the detached signature packets */ 2500 static int 2501 fixup_detached(pgpv_cursor_t *cursor, const char *f) 2502 { 2503 pgpv_onepass_t *onepass; 2504 const char *dot; 2505 pgpv_pkt_t sigpkt; 2506 pgpv_pkt_t litdata; 2507 pgpv_mem_t *mem; 2508 size_t el; 2509 char original[MAXPATHLEN]; 2510 2511 /* cons up litdata pkt */ 2512 if ((dot = strrchr(f, '.')) == NULL || strcasecmp(dot, ".sig") != 0) { 2513 printf("weird filename '%s'\n", f); 2514 return 0; 2515 } 2516 /* hold sigpkt in a temp var while we insert onepass and litdata */ 2517 el = ARRAY_COUNT(cursor->pgp->pkts) - 1; 2518 sigpkt = ARRAY_ELEMENT(cursor->pgp->pkts, el); 2519 ARRAY_DELETE(cursor->pgp->pkts, el); 2520 ARRAY_EXPAND(cursor->pgp->pkts); 2521 /* get onepass packet, append to packets */ 2522 read_binary_memory(cursor->pgp, "signature", cons_onepass, 15); 2523 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, el).u.onepass; 2524 /* read the original file into litdata */ 2525 snprintf(original, sizeof(original), "%.*s", (int)(dot - f), f); 2526 if (!read_file(cursor->pgp, original)) { 2527 printf("can't read file '%s'\n", original); 2528 return 0; 2529 } 2530 memset(&litdata, 0x0, sizeof(litdata)); 2531 mem = &ARRAY_LAST(cursor->pgp->areas); 2532 litdata.tag = LITDATA_PKT; 2533 litdata.s.data = mem->mem; 2534 litdata.u.litdata.format = LITDATA_BINARY; 2535 litdata.u.litdata.offset = 0; 2536 litdata.u.litdata.filename = (uint8_t *)strdup(original); 2537 litdata.u.litdata.mem = ARRAY_COUNT(cursor->pgp->areas) - 1; 2538 litdata.u.litdata.len = litdata.s.size = mem->size; 2539 ARRAY_APPEND(cursor->pgp->pkts, litdata); 2540 ARRAY_APPEND(cursor->pgp->pkts, sigpkt); 2541 memcpy(onepass->keyid, sigpkt.u.sigpkt.sig.signer, sizeof(onepass->keyid)); 2542 onepass->hashalg = sigpkt.u.sigpkt.sig.hashalg; 2543 onepass->keyalg = sigpkt.u.sigpkt.sig.keyalg; 2544 return 1; 2545 } 2546 2547 /* match the calculated signature against the one in the signature packet */ 2548 static int 2549 match_sig(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_pubkey_t *pubkey, uint8_t *data, size_t size) 2550 { 2551 unsigned calclen; 2552 uint8_t calculated[64]; 2553 int match; 2554 2555 calclen = pgpv_digest_memory(calculated, sizeof(calculated), 2556 data, size, 2557 get_ref(&signature->hashstart), signature->hashlen, 2558 (signature->type == SIGTYPE_TEXT) ? 't' : 'b'); 2559 if (ALG_IS_RSA(signature->keyalg)) { 2560 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); 2561 } else if (ALG_IS_DSA(signature->keyalg)) { 2562 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); 2563 } else { 2564 snprintf(cursor->why, sizeof(cursor->why), "Signature type %u not recognised", signature->keyalg); 2565 return 0; 2566 } 2567 if (!match && signature->type == SIGTYPE_TEXT) { 2568 /* second try for cleartext data, ignoring trailing whitespace */ 2569 calclen = pgpv_digest_memory(calculated, sizeof(calculated), 2570 data, size, 2571 get_ref(&signature->hashstart), signature->hashlen, 'w'); 2572 if (ALG_IS_RSA(signature->keyalg)) { 2573 match = rsa_verify(calculated, calclen, signature->hashalg, signature->bn, pubkey); 2574 } else if (ALG_IS_DSA(signature->keyalg)) { 2575 match = verify_dsa_sig(calculated, calclen, signature->bn, pubkey); 2576 } 2577 } 2578 if (!match) { 2579 snprintf(cursor->why, sizeof(cursor->why), "Signature on data did not match"); 2580 return 0; 2581 } 2582 if (valid_dates(signature, pubkey, cursor->why, sizeof(cursor->why)) > 0) { 2583 return 0; 2584 } 2585 if (key_expired(pubkey, cursor->why, sizeof(cursor->why))) { 2586 return 0; 2587 } 2588 if (signature->revoked) { 2589 snprintf(cursor->why, sizeof(cursor->why), "Signature was revoked"); 2590 return 0; 2591 } 2592 return 1; 2593 } 2594 2595 /* check return value from getenv */ 2596 static const char * 2597 nonnull_getenv(const char *key) 2598 { 2599 char *value; 2600 2601 return ((value = getenv(key)) == NULL) ? "" : value; 2602 } 2603 2604 /************************************************************************/ 2605 /* start of exported functions */ 2606 /************************************************************************/ 2607 2608 /* close all stuff */ 2609 int 2610 pgpv_close(pgpv_t *pgp) 2611 { 2612 unsigned i; 2613 2614 if (pgp == NULL) { 2615 return 0; 2616 } 2617 for (i = 0 ; i < ARRAY_COUNT(pgp->areas) ; i++) { 2618 if (ARRAY_ELEMENT(pgp->areas, i).size > 0) { 2619 closemem(&ARRAY_ELEMENT(pgp->areas, i)); 2620 } 2621 } 2622 return 1; 2623 } 2624 2625 #define NO_SUBKEYS 0 2626 2627 /* return the formatted entry for the primary key desired */ 2628 size_t 2629 pgpv_get_entry(pgpv_t *pgp, unsigned ent, char **s, const char *modifiers) 2630 { 2631 unsigned subkey; 2632 unsigned prim; 2633 obuf_t obuf; 2634 2635 prim = ((ent >> 8) & 0xffffff); 2636 subkey = (ent & 0xff); 2637 if (s == NULL || pgp == NULL || prim >= ARRAY_COUNT(pgp->primaries)) { 2638 return 0; 2639 } 2640 *s = NULL; 2641 if (modifiers == NULL || (strcasecmp(modifiers, "trust") != 0 && strcasecmp(modifiers, "subkeys") != 0)) { 2642 modifiers = "no-subkeys"; 2643 } 2644 memset(&obuf, 0x0, sizeof(obuf)); 2645 if (!fmt_primary(&obuf, &ARRAY_ELEMENT(pgp->primaries, prim), subkey, modifiers)) { 2646 return 0; 2647 } 2648 *s = (char *)obuf.v; 2649 return obuf.c; 2650 } 2651 2652 /* fixup key id, with birth, keyalg and hashalg value from signature */ 2653 static int 2654 fixup_ssh_keyid(pgpv_t *pgp, pgpv_signature_t *signature, const char *hashtype) 2655 { 2656 pgpv_pubkey_t *pubkey; 2657 unsigned i; 2658 2659 for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) { 2660 pubkey = &ARRAY_ELEMENT(pgp->primaries, i).primary; 2661 pubkey->keyalg = signature->keyalg; 2662 calc_keyid(pubkey, hashtype); 2663 } 2664 return 1; 2665 } 2666 2667 /* find key id */ 2668 static int 2669 find_keyid(pgpv_t *pgp, const char *strkeyid, uint8_t *keyid, unsigned *sub) 2670 { 2671 pgpv_signed_subkey_t *subkey; 2672 pgpv_primarykey_t *prim; 2673 unsigned i; 2674 unsigned j; 2675 uint8_t binkeyid[PGPV_KEYID_LEN]; 2676 size_t off; 2677 size_t cmp; 2678 2679 if (strkeyid == NULL && keyid == NULL) { 2680 return 0; 2681 } 2682 if (strkeyid) { 2683 str_to_keyid(strkeyid, binkeyid); 2684 cmp = strlen(strkeyid) / 2; 2685 } else { 2686 memcpy(binkeyid, keyid, sizeof(binkeyid)); 2687 cmp = PGPV_KEYID_LEN; 2688 } 2689 *sub = 0; 2690 off = PGPV_KEYID_LEN - cmp; 2691 for (i = 0 ; i < ARRAY_COUNT(pgp->primaries) ; i++) { 2692 prim = &ARRAY_ELEMENT(pgp->primaries, i); 2693 if (memcmp(&prim->primary.keyid[off], &binkeyid[off], cmp) == 0) { 2694 return i; 2695 } 2696 for (j = 0 ; j < ARRAY_COUNT(prim->signed_subkeys) ; j++) { 2697 subkey = &ARRAY_ELEMENT(prim->signed_subkeys, j); 2698 if (memcmp(&subkey->subkey.keyid[off], &binkeyid[off], cmp) == 0) { 2699 *sub = j + 1; 2700 return i; 2701 } 2702 } 2703 2704 } 2705 return -1; 2706 } 2707 2708 /* match the signature with the id indexed by 'primary' */ 2709 static int 2710 match_sig_id(pgpv_cursor_t *cursor, pgpv_signature_t *signature, pgpv_litdata_t *litdata, unsigned primary, unsigned sub) 2711 { 2712 pgpv_primarykey_t *prim; 2713 pgpv_pubkey_t *pubkey; 2714 uint8_t *data; 2715 size_t insize; 2716 2717 cursor->sigtime = signature->birth; 2718 /* calc hash on data packet */ 2719 data = get_literal_data(cursor, litdata, &insize); 2720 if (sub == 0) { 2721 pubkey = &ARRAY_ELEMENT(cursor->pgp->primaries, primary).primary; 2722 return match_sig(cursor, signature, pubkey, data, insize); 2723 } 2724 prim = &ARRAY_ELEMENT(cursor->pgp->primaries, primary); 2725 pubkey = &ARRAY_ELEMENT(prim->signed_subkeys, sub - 1).subkey; 2726 return match_sig(cursor, signature, pubkey, data, insize); 2727 } 2728 2729 /* return the packet type */ 2730 static const char * 2731 get_packet_type(uint8_t tag) 2732 { 2733 switch(tag) { 2734 case SIGNATURE_PKT: 2735 return "signature packet"; 2736 case ONEPASS_SIGNATURE_PKT: 2737 return "onepass signature packet"; 2738 case PUBKEY_PKT: 2739 return "pubkey packet"; 2740 case COMPRESSED_DATA_PKT: 2741 return "compressed data packet"; 2742 case MARKER_PKT: 2743 return "marker packet"; 2744 case LITDATA_PKT: 2745 return "litdata packet"; 2746 case TRUST_PKT: 2747 return "trust packet"; 2748 case USERID_PKT: 2749 return "userid packet"; 2750 case PUB_SUBKEY_PKT: 2751 return "public subkey packet"; 2752 case USER_ATTRIBUTE_PKT: 2753 return "user attribute packet"; 2754 default: 2755 return "[UNKNOWN]"; 2756 } 2757 } 2758 2759 /* get an element from the found array */ 2760 int 2761 pgpv_get_cursor_element(pgpv_cursor_t *cursor, size_t element) 2762 { 2763 if (cursor && element < ARRAY_COUNT(cursor->found)) { 2764 return (int)ARRAY_ELEMENT(cursor->found, element); 2765 } 2766 return -1; 2767 } 2768 2769 /* verify the signed packets we have */ 2770 size_t 2771 pgpv_verify(pgpv_cursor_t *cursor, pgpv_t *pgp, const void *p, ssize_t size) 2772 { 2773 pgpv_signature_t *signature; 2774 pgpv_onepass_t *onepass; 2775 pgpv_litdata_t *litdata; 2776 unsigned sub; 2777 size_t pkt; 2778 obuf_t obuf; 2779 int j; 2780 2781 if (cursor == NULL || pgp == NULL || p == NULL) { 2782 return 0; 2783 } 2784 if (!setup_data(cursor, pgp, p, size)) { 2785 return 0; 2786 } 2787 if (ARRAY_COUNT(cursor->pgp->pkts) == ARRAY_LAST(cursor->pgp->datastarts) + 1) { 2788 /* got detached signature here */ 2789 if (!fixup_detached(cursor, p)) { 2790 snprintf(cursor->why, sizeof(cursor->why), "Can't read signed file '%s'", (const char *)p); 2791 return 0; 2792 } 2793 } 2794 if ((pkt = find_onepass(cursor, ARRAY_LAST(cursor->pgp->datastarts))) == 0) { 2795 snprintf(cursor->why, sizeof(cursor->why), "No signature found"); 2796 return 0; 2797 } 2798 pkt -= 1; 2799 onepass = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.onepass; 2800 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 1).u.litdata; 2801 signature = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt + 2).u.sigpkt.sig; 2802 /* sanity check values in signature and onepass agree */ 2803 if (signature->birth == 0) { 2804 if (!fmt_time(&obuf, "Signature creation time [", 2805 signature->birth, "] out of range", 0)) { 2806 } 2807 snprintf(cursor->why, sizeof(cursor->why), "%.*s", (int)obuf.c, (char *)obuf.v); 2808 return 0; 2809 } 2810 memset(&obuf, 0x0, sizeof(obuf)); 2811 if (memcmp(onepass->keyid, signature->signer, PGPV_KEYID_LEN) != 0) { 2812 if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) { 2813 snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure"); 2814 return 0; 2815 } 2816 snprintf(cursor->why, sizeof(cursor->why), 2817 "Signature key id %.*s does not match onepass keyid", 2818 (int)obuf.c, (char *)obuf.v); 2819 return 0; 2820 } 2821 if (onepass->hashalg != signature->hashalg) { 2822 snprintf(cursor->why, sizeof(cursor->why), 2823 "Signature hashalg %u does not match onepass hashalg %u", 2824 signature->hashalg, onepass->hashalg); 2825 return 0; 2826 } 2827 if (onepass->keyalg != signature->keyalg) { 2828 snprintf(cursor->why, sizeof(cursor->why), 2829 "Signature keyalg %u does not match onepass keyalg %u", 2830 signature->keyalg, onepass->keyalg); 2831 return 0; 2832 } 2833 if (cursor->pgp->ssh) { 2834 fixup_ssh_keyid(cursor->pgp, signature, "sha1"); 2835 } 2836 sub = 0; 2837 if ((j = find_keyid(cursor->pgp, NULL, onepass->keyid, &sub)) < 0) { 2838 if (!fmt_binary(&obuf, onepass->keyid, (unsigned)sizeof(onepass->keyid))) { 2839 snprintf(cursor->why, sizeof(cursor->why), "Memory allocation failure"); 2840 return 0; 2841 } 2842 snprintf(cursor->why, sizeof(cursor->why), 2843 "Signature key id %.*s not found ", 2844 (int)obuf.c, (char *)obuf.v); 2845 return 0; 2846 } 2847 if (!match_sig_id(cursor, signature, litdata, (unsigned)j, sub)) { 2848 snprintf(cursor->why, sizeof(cursor->why), 2849 "Signature does not match %.*s", 2850 (int)obuf.c, (char *)obuf.v); 2851 return 0; 2852 } 2853 ARRAY_APPEND(cursor->datacookies, pkt); 2854 j = ((j & 0xffffff) << 8) | (sub & 0xff); 2855 ARRAY_APPEND(cursor->found, j); 2856 return pkt + 1; 2857 } 2858 2859 /* set up the pubkey keyring */ 2860 int 2861 pgpv_read_pubring(pgpv_t *pgp, const void *keyring, ssize_t size) 2862 { 2863 if (pgp == NULL) { 2864 return 0; 2865 } 2866 if (keyring) { 2867 return (size > 0) ? 2868 read_binary_memory(pgp, "pubring", keyring, (size_t)size) : 2869 read_binary_file(pgp, "pubring", "%s", (const char *)keyring); 2870 } 2871 return read_binary_file(pgp, "pubring", "%s/%s", nonnull_getenv("HOME"), ".gnupg/pubring.gpg"); 2872 } 2873 2874 /* set up the pubkey keyring from ssh pub key */ 2875 int 2876 pgpv_read_ssh_pubkeys(pgpv_t *pgp, const void *keyring, ssize_t size) 2877 { 2878 pgpv_primarykey_t primary; 2879 2880 USE_ARG(size); 2881 if (pgp == NULL) { 2882 return 0; 2883 } 2884 if (keyring) { 2885 if (!read_ssh_file(pgp, &primary, "%s", (const char *)keyring)) { 2886 return 0; 2887 } 2888 } else if (!read_ssh_file(pgp, &primary, "%s/%s", nonnull_getenv("HOME"), ".ssh/id_rsa.pub")) { 2889 return 0; 2890 } 2891 ARRAY_APPEND(pgp->primaries, primary); 2892 pgp->ssh = 1; 2893 return 1; 2894 } 2895 2896 /* get verified data as a string, return its size */ 2897 size_t 2898 pgpv_get_verified(pgpv_cursor_t *cursor, size_t cookie, char **ret) 2899 { 2900 pgpv_litdata_t *litdata; 2901 uint8_t *data; 2902 size_t size; 2903 size_t pkt; 2904 2905 if (ret == NULL || cursor == NULL || cookie == 0) { 2906 return 0; 2907 } 2908 *ret = NULL; 2909 if ((pkt = find_onepass(cursor, cookie - 1)) == 0) { 2910 return 0; 2911 } 2912 litdata = &ARRAY_ELEMENT(cursor->pgp->pkts, pkt).u.litdata; 2913 data = get_literal_data(cursor, litdata, &size); 2914 if ((*ret = calloc(1, size)) == NULL) { 2915 return 0; 2916 } 2917 memcpy(*ret, data, size); 2918 return size; 2919 } 2920 2921 #define KB(x) ((x) * 1024) 2922 2923 /* dump all packets */ 2924 size_t 2925 pgpv_dump(pgpv_t *pgp, char **data) 2926 { 2927 ssize_t dumpc; 2928 size_t alloc; 2929 size_t pkt; 2930 size_t cc; 2931 size_t n; 2932 char buf[800]; 2933 char *newdata; 2934 2935 cc = alloc = 0; 2936 *data = NULL; 2937 for (pkt = 0 ; pkt < ARRAY_COUNT(pgp->pkts) ; pkt++) { 2938 if (cc + KB(64) >= alloc) { 2939 if ((newdata = realloc(*data, alloc + KB(64))) == NULL) { 2940 return cc; 2941 } 2942 alloc += KB(64); 2943 *data = newdata; 2944 } 2945 memset(buf, 0x0, sizeof(buf)); 2946 dumpc = netpgp_hexdump(ARRAY_ELEMENT(pgp->pkts, pkt).s.data, 2947 MIN((sizeof(buf) / 80) * 16, 2948 ARRAY_ELEMENT(pgp->pkts, pkt).s.size), 2949 buf, sizeof(buf)); 2950 n = snprintf(&(*data)[cc], alloc - cc, 2951 "[%zu] off %zu, len %zu, tag %u, %s\n%.*s", 2952 pkt, 2953 ARRAY_ELEMENT(pgp->pkts, pkt).offset, 2954 ARRAY_ELEMENT(pgp->pkts, pkt).s.size, 2955 ARRAY_ELEMENT(pgp->pkts, pkt).tag, 2956 get_packet_type(ARRAY_ELEMENT(pgp->pkts, pkt).tag), 2957 (int)dumpc, buf); 2958 cc += n; 2959 } 2960 return cc; 2961 } 2962