search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2009-10-16 Marcus Brinkmann <marcus@g10code.com>
[gnupg.git] / g10 / parse-packet.c
blobe2a5ea39da8c758d0cf5d33c26603600f5dfd2a1
1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007, 2009 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26
27 #include "gpg.h"
28 #include "packet.h"
29 #include "iobuf.h"
30 #include "util.h"
31 #include "cipher.h"
32 #include "filter.h"
33 #include "photoid.h"
34 #include "options.h"
35 #include "main.h"
36 #include "i18n.h"
37
38 static int mpi_print_mode;
39 static int list_mode;
40 static FILE *listfp;
41
42 static int parse (IOBUF inp, PACKET * pkt, int onlykeypkts,
43 off_t * retpos, int *skip, IOBUF out, int do_skip
44 #ifdef DEBUG_PARSE_PACKET
45 , const char *dbg_w, const char *dbg_f, int dbg_l
46 #endif
47 );
48 static int copy_packet (IOBUF inp, IOBUF out, int pkttype,
49 unsigned long pktlen, int partial);
50 static void skip_packet (IOBUF inp, int pkttype,
51 unsigned long pktlen, int partial);
52 static void *read_rest (IOBUF inp, size_t pktlen, int partial);
53 static int parse_marker (IOBUF inp, int pkttype, unsigned long pktlen);
54 static int parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
55 PACKET * packet);
56 static int parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
57 PACKET * packet);
58 static int parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
59 PKT_onepass_sig * ops);
60 static int parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
61 byte * hdr, int hdrlen, PACKET * packet);
62 static int parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen,
63 PACKET * packet);
64 static int parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
65 PACKET * packet);
66 static int parse_comment (IOBUF inp, int pkttype, unsigned long pktlen,
67 PACKET * packet);
68 static void parse_trust (IOBUF inp, int pkttype, unsigned long pktlen,
69 PACKET * packet);
70 static int parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
71 PACKET * packet, int new_ctb, int partial);
72 static int parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
73 PACKET * packet, int new_ctb);
74 static int parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
75 PACKET * packet, int new_ctb, int partial);
76 static int parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
77 PACKET * packet, int new_ctb);
78 static int parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
79 PACKET * packet, int partial);
80
81 static unsigned short
82 read_16 (IOBUF inp)
83 {
84 unsigned short a;
85 a = iobuf_get_noeof (inp) << 8;
86 a |= iobuf_get_noeof (inp);
87 return a;
88 }
89
90
91 static unsigned long
92 read_32 (IOBUF inp)
93 {
94 unsigned long a;
95 a = iobuf_get_noeof (inp) << 24;
96 a |= iobuf_get_noeof (inp) << 16;
97 a |= iobuf_get_noeof (inp) << 8;
98 a |= iobuf_get_noeof (inp);
99 return a;
100 }
101
102
103 /* Read an external representation of an mpi and return the MPI. The
104 * external format is a 16 bit unsigned value stored in network byte
105 * order, giving the number of bits for the following integer. The
106 * integer is stored with MSB first (left padded with zeroes to align
107 * on a byte boundary). */
108 static gcry_mpi_t
109 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
110 {
111 /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c */
112
113 int c, c1, c2, i;
114 unsigned int nbits, nbytes;
115 size_t nread = 0;
116 gcry_mpi_t a = NULL;
117 byte *buf = NULL;
118 byte *p;
119
120 if ((c = c1 = iobuf_get (inp)) == -1)
121 goto leave;
122 nbits = c << 8;
123 if ((c = c2 = iobuf_get (inp)) == -1)
124 goto leave;
125 nbits |= c;
126 if (nbits > MAX_EXTERN_MPI_BITS)
127 {
128 log_error ("mpi too large (%u bits)\n", nbits);
129 goto leave;
130 }
131 nread = 2;
132 nbytes = (nbits + 7) / 8;
133 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
134 p = buf;
135 p[0] = c1;
136 p[1] = c2;
137 for (i = 0; i < nbytes; i++)
138 {
139 p[i + 2] = iobuf_get (inp) & 0xff;
140 nread++;
141 }
142
143 if (nread >= 2 && !(buf[0] << 8 | buf[1]))
144 {
145 /* Libgcrypt < 1.5.0 accidently rejects zero-length (i.e. zero)
146 MPIs. We fix this here. */
147 a = gcry_mpi_new (0);
148 }
149 else
150 {
151 if (gcry_mpi_scan (&a, GCRYMPI_FMT_PGP, buf, nread, &nread))
152 a = NULL;
153 }
154
155 leave:
156 gcry_free (buf);
157 if (nread > *ret_nread)
158 log_bug ("mpi larger than packet");
159 else
160 *ret_nread = nread;
161 return a;
162 }
163
164
165 int
166 set_packet_list_mode (int mode)
167 {
168 int old = list_mode;
169 list_mode = mode;
170 /* FIXME(gcrypt) mpi_print_mode = DBG_MPI; */
171 /* We use stdout print only if invoked by the --list-packets command
172 but switch to stderr in all otehr cases. This breaks the
173 previous behaviour but that seems to be more of a bug than
174 intentional. I don't believe that any application makes use of
175 this long standing annoying way of printing to stdout except when
176 doing a --list-packets. If this assumption fails, it will be easy
177 to add an option for the listing stream. Note that we initialize
178 it only once; mainly because some code may switch the option
179 value later back to 1 and we want to have all output to the same
180 stream.
181
182 Using stderr is not actually very clean because it bypasses the
183 logging code but it is a special thing anyay. I am not sure
184 whether using log_stream() would be better. Perhaps we should
185 enable the list mdoe only with a special option. */
186 if (!listfp)
187 listfp = opt.list_packets == 2 ? stdout : stderr;
188 return old;
189 }
190
191
192 static void
193 unknown_pubkey_warning (int algo)
194 {
195 static byte unknown_pubkey_algos[256];
196
197 algo &= 0xff;
198 if (!unknown_pubkey_algos[algo])
199 {
200 if (opt.verbose)
201 log_info (_("can't handle public key algorithm %d\n"), algo);
202 unknown_pubkey_algos[algo] = 1;
203 }
204 }
205
206
207 /* Parse a packet and return it in packet structure.
208 * Returns: 0 := valid packet in pkt
209 * -1 := no more packets
210 * >0 := error
211 * Note: The function may return an error and a partly valid packet;
212 * caller must free this packet. */
213 #ifdef DEBUG_PARSE_PACKET
214 int
215 dbg_parse_packet (IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l)
216 {
217 int skip, rc;
218
219 do
220 {
221 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l);
222 }
223 while (skip);
224 return rc;
225 }
226 #else /*!DEBUG_PARSE_PACKET*/
227 int
228 parse_packet (IOBUF inp, PACKET * pkt)
229 {
230 int skip, rc;
231
232 do
233 {
234 rc = parse (inp, pkt, 0, NULL, &skip, NULL, 0);
235 }
236 while (skip);
237 return rc;
238 }
239 #endif /*!DEBUG_PARSE_PACKET*/
240
241
242 /*
243 * Like parse packet, but only return secret or public (sub)key
244 * packets.
245 */
246 #ifdef DEBUG_PARSE_PACKET
247 int
248 dbg_search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid,
249 const char *dbg_f, int dbg_l)
250 {
251 int skip, rc;
252
253 do
254 {
255 rc =
256 parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0, "search",
257 dbg_f, dbg_l);
258 }
259 while (skip);
260 return rc;
261 }
262 #else /*!DEBUG_PARSE_PACKET*/
263 int
264 search_packet (IOBUF inp, PACKET * pkt, off_t * retpos, int with_uid)
265 {
266 int skip, rc;
267
268 do
269 {
270 rc = parse (inp, pkt, with_uid ? 2 : 1, retpos, &skip, NULL, 0);
271 }
272 while (skip);
273 return rc;
274 }
275 #endif /*!DEBUG_PARSE_PACKET*/
276
277
278 /*
279 * Copy all packets from INP to OUT, thereby removing unused spaces.
280 */
281 #ifdef DEBUG_PARSE_PACKET
282 int
283 dbg_copy_all_packets (IOBUF inp, IOBUF out, const char *dbg_f, int dbg_l)
284 {
285 PACKET pkt;
286 int skip, rc = 0;
287 do
288 {
289 init_packet (&pkt);
290 }
291 while (!
292 (rc =
293 parse (inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l)));
294 return rc;
295 }
296 #else /*!DEBUG_PARSE_PACKET*/
297 int
298 copy_all_packets (IOBUF inp, IOBUF out)
299 {
300 PACKET pkt;
301 int skip, rc = 0;
302 do
303 {
304 init_packet (&pkt);
305 }
306 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
307 return rc;
308 }
309 #endif /*!DEBUG_PARSE_PACKET*/
310
311
312 /*
313 * Copy some packets from INP to OUT, thereby removing unused spaces.
314 * Stop at offset STOPoff (i.e. don't copy packets at this or later
315 * offsets)
316 */
317 #ifdef DEBUG_PARSE_PACKET
318 int
319 dbg_copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff,
320 const char *dbg_f, int dbg_l)
321 {
322 PACKET pkt;
323 int skip, rc = 0;
324 do
325 {
326 if (iobuf_tell (inp) >= stopoff)
327 return 0;
328 init_packet (&pkt);
329 }
330 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0,
331 "some", dbg_f, dbg_l)));
332 return rc;
333 }
334 #else /*!DEBUG_PARSE_PACKET*/
335 int
336 copy_some_packets (IOBUF inp, IOBUF out, off_t stopoff)
337 {
338 PACKET pkt;
339 int skip, rc = 0;
340 do
341 {
342 if (iobuf_tell (inp) >= stopoff)
343 return 0;
344 init_packet (&pkt);
345 }
346 while (!(rc = parse (inp, &pkt, 0, NULL, &skip, out, 0)));
347 return rc;
348 }
349 #endif /*!DEBUG_PARSE_PACKET*/
350
351
352 /*
353 * Skip over N packets
354 */
355 #ifdef DEBUG_PARSE_PACKET
356 int
357 dbg_skip_some_packets (IOBUF inp, unsigned n, const char *dbg_f, int dbg_l)
358 {
359 int skip, rc = 0;
360 PACKET pkt;
361
362 for (; n && !rc; n--)
363 {
364 init_packet (&pkt);
365 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l);
366 }
367 return rc;
368 }
369 #else /*!DEBUG_PARSE_PACKET*/
370 int
371 skip_some_packets (IOBUF inp, unsigned n)
372 {
373 int skip, rc = 0;
374 PACKET pkt;
375
376 for (; n && !rc; n--)
377 {
378 init_packet (&pkt);
379 rc = parse (inp, &pkt, 0, NULL, &skip, NULL, 1);
380 }
381 return rc;
382 }
383 #endif /*!DEBUG_PARSE_PACKET*/
384
385
386 /*
387 * Parse packet. Stores 1 at SKIP 1 if the packet should be skipped;
388 * this is the case if either ONLYKEYPKTS is set and the parsed packet
389 * isn't a key packet or the packet-type is 0, indicating deleted
390 * stuff. If OUT is not NULL, a special copymode is used.
391 */
392 static int
393 parse (IOBUF inp, PACKET * pkt, int onlykeypkts, off_t * retpos,
394 int *skip, IOBUF out, int do_skip
395 #ifdef DEBUG_PARSE_PACKET
396 , const char *dbg_w, const char *dbg_f, int dbg_l
397 #endif
398 )
399 {
400 int rc = 0, c, ctb, pkttype, lenbytes;
401 unsigned long pktlen;
402 byte hdr[8];
403 int hdrlen;
404 int new_ctb = 0, partial = 0;
405 int with_uid = (onlykeypkts == 2);
406
407 *skip = 0;
408 assert (!pkt->pkt.generic);
409 if (retpos)
410 *retpos = iobuf_tell (inp);
411
412 if ((ctb = iobuf_get (inp)) == -1)
413 {
414 rc = -1;
415 goto leave;
416 }
417 hdrlen = 0;
418 hdr[hdrlen++] = ctb;
419 if (!(ctb & 0x80))
420 {
421 log_error ("%s: invalid packet (ctb=%02x)\n", iobuf_where (inp), ctb);
422 rc = gpg_error (GPG_ERR_INV_PACKET);
423 goto leave;
424 }
425 pktlen = 0;
426 new_ctb = !!(ctb & 0x40);
427 if (new_ctb)
428 {
429 pkttype = ctb & 0x3f;
430 if ((c = iobuf_get (inp)) == -1)
431 {
432 log_error ("%s: 1st length byte missing\n", iobuf_where (inp));
433 rc = gpg_error (GPG_ERR_INV_PACKET);
434 goto leave;
435 }
436
437
438 hdr[hdrlen++] = c;
439 if (c < 192)
440 pktlen = c;
441 else if (c < 224)
442 {
443 pktlen = (c - 192) * 256;
444 if ((c = iobuf_get (inp)) == -1)
445 {
446 log_error ("%s: 2nd length byte missing\n",
447 iobuf_where (inp));
448 rc = gpg_error (GPG_ERR_INV_PACKET);
449 goto leave;
450 }
451 hdr[hdrlen++] = c;
452 pktlen += c + 192;
453 }
454 else if (c == 255)
455 {
456 pktlen = (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 24;
457 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 16;
458 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof (inp)) << 8;
459 if ((c = iobuf_get (inp)) == -1)
460 {
461 log_error ("%s: 4 byte length invalid\n", iobuf_where (inp));
462 rc = gpg_error (GPG_ERR_INV_PACKET);
463 goto leave;
464 }
465 pktlen |= (hdr[hdrlen++] = c);
466 }
467 else /* Partial body length. */
468 {
469 switch (pkttype)
470 {
471 case PKT_PLAINTEXT:
472 case PKT_ENCRYPTED:
473 case PKT_ENCRYPTED_MDC:
474 case PKT_COMPRESSED:
475 iobuf_set_partial_block_mode (inp, c & 0xff);
476 pktlen = 0; /* To indicate partial length. */
477 partial = 1;
478 break;
479
480 default:
481 log_error ("%s: partial length for invalid"
482 " packet type %d\n", iobuf_where (inp), pkttype);
483 rc = gpg_error (GPG_ERR_INV_PACKET);
484 goto leave;
485 }
486 }
487
488 }
489 else
490 {
491 pkttype = (ctb >> 2) & 0xf;
492 lenbytes = ((ctb & 3) == 3) ? 0 : (1 << (ctb & 3));
493 if (!lenbytes)
494 {
495 pktlen = 0; /* Don't know the value. */
496 /* This isn't really partial, but we can treat it the same
497 in a "read until the end" sort of way. */
498 partial = 1;
499 if (pkttype != PKT_ENCRYPTED && pkttype != PKT_PLAINTEXT
500 && pkttype != PKT_COMPRESSED)
501 {
502 log_error ("%s: indeterminate length for invalid"
503 " packet type %d\n", iobuf_where (inp), pkttype);
504 rc = gpg_error (GPG_ERR_INV_PACKET);
505 goto leave;
506 }
507 }
508 else
509 {
510 for (; lenbytes; lenbytes--)
511 {
512 pktlen <<= 8;
513 pktlen |= hdr[hdrlen++] = iobuf_get_noeof (inp);
514 }
515 }
516 }
517
518 if (pktlen == (unsigned long) (-1))
519 {
520 /* With some probability this is caused by a problem in the
521 * the uncompressing layer - in some error cases it just loops
522 * and spits out 0xff bytes. */
523 log_error ("%s: garbled packet detected\n", iobuf_where (inp));
524 g10_exit (2);
525 }
526
527 if (out && pkttype)
528 {
529 rc = iobuf_write (out, hdr, hdrlen);
530 if (!rc)
531 rc = copy_packet (inp, out, pkttype, pktlen, partial);
532 goto leave;
533 }
534
535 if (with_uid && pkttype == PKT_USER_ID)
536 ;
537 else if (do_skip
538 || !pkttype
539 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
540 && pkttype != PKT_PUBLIC_KEY
541 && pkttype != PKT_SECRET_SUBKEY && pkttype != PKT_SECRET_KEY))
542 {
543 iobuf_skip_rest (inp, pktlen, partial);
544 *skip = 1;
545 rc = 0;
546 goto leave;
547 }
548
549 if (DBG_PACKET)
550 {
551 #ifdef DEBUG_PARSE_PACKET
552 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
553 iobuf_id (inp), pkttype, pktlen, new_ctb ? " (new_ctb)" : "",
554 dbg_w, dbg_f, dbg_l);
555 #else
556 log_debug ("parse_packet(iob=%d): type=%d length=%lu%s\n",
557 iobuf_id (inp), pkttype, pktlen,
558 new_ctb ? " (new_ctb)" : "");
559 #endif
560 }
561
562 pkt->pkttype = pkttype;
563 rc = G10ERR_UNKNOWN_PACKET; /* default error */
564 switch (pkttype)
565 {
566 case PKT_PUBLIC_KEY:
567 case PKT_PUBLIC_SUBKEY:
568 pkt->pkt.public_key = xmalloc_clear (sizeof *pkt->pkt.public_key);
569 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
570 break;
571 case PKT_SECRET_KEY:
572 case PKT_SECRET_SUBKEY:
573 pkt->pkt.secret_key = xmalloc_clear (sizeof *pkt->pkt.secret_key);
574 rc = parse_key (inp, pkttype, pktlen, hdr, hdrlen, pkt);
575 break;
576 case PKT_SYMKEY_ENC:
577 rc = parse_symkeyenc (inp, pkttype, pktlen, pkt);
578 break;
579 case PKT_PUBKEY_ENC:
580 rc = parse_pubkeyenc (inp, pkttype, pktlen, pkt);
581 break;
582 case PKT_SIGNATURE:
583 pkt->pkt.signature = xmalloc_clear (sizeof *pkt->pkt.signature);
584 rc = parse_signature (inp, pkttype, pktlen, pkt->pkt.signature);
585 break;
586 case PKT_ONEPASS_SIG:
587 pkt->pkt.onepass_sig = xmalloc_clear (sizeof *pkt->pkt.onepass_sig);
588 rc = parse_onepass_sig (inp, pkttype, pktlen, pkt->pkt.onepass_sig);
589 break;
590 case PKT_USER_ID:
591 rc = parse_user_id (inp, pkttype, pktlen, pkt);
592 break;
593 case PKT_ATTRIBUTE:
594 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
595 rc = parse_attribute (inp, pkttype, pktlen, pkt);
596 break;
597 case PKT_OLD_COMMENT:
598 case PKT_COMMENT:
599 rc = parse_comment (inp, pkttype, pktlen, pkt);
600 break;
601 case PKT_RING_TRUST:
602 parse_trust (inp, pkttype, pktlen, pkt);
603 rc = 0;
604 break;
605 case PKT_PLAINTEXT:
606 rc = parse_plaintext (inp, pkttype, pktlen, pkt, new_ctb, partial);
607 break;
608 case PKT_COMPRESSED:
609 rc = parse_compressed (inp, pkttype, pktlen, pkt, new_ctb);
610 break;
611 case PKT_ENCRYPTED:
612 case PKT_ENCRYPTED_MDC:
613 rc = parse_encrypted (inp, pkttype, pktlen, pkt, new_ctb, partial);
614 break;
615 case PKT_MDC:
616 rc = parse_mdc (inp, pkttype, pktlen, pkt, new_ctb);
617 break;
618 case PKT_GPG_CONTROL:
619 rc = parse_gpg_control (inp, pkttype, pktlen, pkt, partial);
620 break;
621 case PKT_MARKER:
622 rc = parse_marker (inp, pkttype, pktlen);
623 break;
624 default:
625 skip_packet (inp, pkttype, pktlen, partial);
626 break;
627 }
628
629 leave:
630 if (!rc && iobuf_error (inp))
631 rc = G10ERR_INV_KEYRING;
632 return rc;
633 }
634
635
636 static void
637 dump_hex_line (int c, int *i)
638 {
639 if (*i && !(*i % 8))
640 {
641 if (*i && !(*i % 24))
642 fprintf (listfp, "\n%4d:", *i);
643 else
644 putc (' ', listfp);
645 }
646 if (c == -1)
647 fprintf (listfp, " EOF");
648 else
649 fprintf (listfp, " %02x", c);
650 ++*i;
651 }
652
653
654 static int
655 copy_packet (IOBUF inp, IOBUF out, int pkttype,
656 unsigned long pktlen, int partial)
657 {
658 int rc;
659 int n;
660 char buf[100];
661
662 if (partial)
663 {
664 while ((n = iobuf_read (inp, buf, 100)) != -1)
665 if ((rc = iobuf_write (out, buf, n)))
666 return rc; /* write error */
667 }
668 else if (!pktlen && pkttype == PKT_COMPRESSED)
669 {
670 log_debug ("copy_packet: compressed!\n");
671 /* compressed packet, copy till EOF */
672 while ((n = iobuf_read (inp, buf, 100)) != -1)
673 if ((rc = iobuf_write (out, buf, n)))
674 return rc; /* write error */
675 }
676 else
677 {
678 for (; pktlen; pktlen -= n)
679 {
680 n = pktlen > 100 ? 100 : pktlen;
681 n = iobuf_read (inp, buf, n);
682 if (n == -1)
683 return gpg_error (GPG_ERR_EOF);
684 if ((rc = iobuf_write (out, buf, n)))
685 return rc; /* write error */
686 }
687 }
688 return 0;
689 }
690
691
692 static void
693 skip_packet (IOBUF inp, int pkttype, unsigned long pktlen, int partial)
694 {
695 if (list_mode)
696 {
697 fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
698 pkttype, pktlen);
699 if (pkttype)
700 {
701 int c, i = 0;
702 fputs ("dump:", listfp);
703 if (partial)
704 {
705 while ((c = iobuf_get (inp)) != -1)
706 dump_hex_line (c, &i);
707 }
708 else
709 {
710 for (; pktlen; pktlen--)
711 {
712 dump_hex_line ((c = iobuf_get (inp)), &i);
713 if (c == -1)
714 break;
715 }
716 }
717 putc ('\n', listfp);
718 return;
719 }
720 }
721 iobuf_skip_rest (inp, pktlen, partial);
722 }
723
724
725 static void *
726 read_rest (IOBUF inp, size_t pktlen, int partial)
727 {
728 byte *p;
729 int i;
730
731 if (partial)
732 {
733 log_error ("read_rest: can't store stream data\n");
734 p = NULL;
735 }
736 else
737 {
738 p = xmalloc (pktlen);
739 for (i = 0; pktlen; pktlen--, i++)
740 p[i] = iobuf_get (inp);
741 }
742 return p;
743 }
744
745
746 static int
747 parse_marker (IOBUF inp, int pkttype, unsigned long pktlen)
748 {
749 (void) pkttype;
750
751 if (pktlen != 3)
752 goto fail;
753
754 if (iobuf_get (inp) != 'P')
755 {
756 pktlen--;
757 goto fail;
758 }
759
760 if (iobuf_get (inp) != 'G')
761 {
762 pktlen--;
763 goto fail;
764 }
765
766 if (iobuf_get (inp) != 'P')
767 {
768 pktlen--;
769 goto fail;
770 }
771
772 if (list_mode)
773 fputs (":marker packet: PGP\n", listfp);
774
775 return 0;
776
777 fail:
778 log_error ("invalid marker packet\n");
779 iobuf_skip_rest (inp, pktlen, 0);
780 return G10ERR_INVALID_PACKET;
781 }
782
783
784 static int
785 parse_symkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
786 PACKET * packet)
787 {
788 PKT_symkey_enc *k;
789 int rc = 0;
790 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
791
792 if (pktlen < 4)
793 {
794 log_error ("packet(%d) too short\n", pkttype);
795 rc = gpg_error (GPG_ERR_INV_PACKET);
796 goto leave;
797 }
798 version = iobuf_get_noeof (inp);
799 pktlen--;
800 if (version != 4)
801 {
802 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
803 rc = gpg_error (GPG_ERR_INV_PACKET);
804 goto leave;
805 }
806 if (pktlen > 200)
807 { /* (we encode the seskeylen in a byte) */
808 log_error ("packet(%d) too large\n", pkttype);
809 rc = gpg_error (GPG_ERR_INV_PACKET);
810 goto leave;
811 }
812 cipher_algo = iobuf_get_noeof (inp);
813 pktlen--;
814 s2kmode = iobuf_get_noeof (inp);
815 pktlen--;
816 hash_algo = iobuf_get_noeof (inp);
817 pktlen--;
818 switch (s2kmode)
819 {
820 case 0: /* Simple S2K. */
821 minlen = 0;
822 break;
823 case 1: /* Salted S2K. */
824 minlen = 8;
825 break;
826 case 3: /* Iterated+salted S2K. */
827 minlen = 9;
828 break;
829 default:
830 log_error ("unknown S2K mode %d\n", s2kmode);
831 goto leave;
832 }
833 if (minlen > pktlen)
834 {
835 log_error ("packet with S2K %d too short\n", s2kmode);
836 rc = gpg_error (GPG_ERR_INV_PACKET);
837 goto leave;
838 }
839 seskeylen = pktlen - minlen;
840 k = packet->pkt.symkey_enc = xmalloc_clear (sizeof *packet->pkt.symkey_enc
841 + seskeylen - 1);
842 k->version = version;
843 k->cipher_algo = cipher_algo;
844 k->s2k.mode = s2kmode;
845 k->s2k.hash_algo = hash_algo;
846 if (s2kmode == 1 || s2kmode == 3)
847 {
848 for (i = 0; i < 8 && pktlen; i++, pktlen--)
849 k->s2k.salt[i] = iobuf_get_noeof (inp);
850 }
851 if (s2kmode == 3)
852 {
853 k->s2k.count = iobuf_get (inp);
854 pktlen--;
855 }
856 k->seskeylen = seskeylen;
857 if (k->seskeylen)
858 {
859 for (i = 0; i < seskeylen && pktlen; i++, pktlen--)
860 k->seskey[i] = iobuf_get_noeof (inp);
861
862 /* What we're watching out for here is a session key decryptor
863 with no salt. The RFC says that using salt for this is a
864 MUST. */
865 if (s2kmode != 1 && s2kmode != 3)
866 log_info (_("WARNING: potentially insecure symmetrically"
867 " encrypted session key\n"));
868 }
869 assert (!pktlen);
870
871 if (list_mode)
872 {
873 fprintf (listfp,
874 ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
875 version, cipher_algo, s2kmode, hash_algo);
876 if (seskeylen)
877 fprintf (listfp, ", seskey %d bits", (seskeylen - 1) * 8);
878 fprintf (listfp, "\n");
879 if (s2kmode == 1 || s2kmode == 3)
880 {
881 fprintf (listfp, "\tsalt ");
882 for (i = 0; i < 8; i++)
883 fprintf (listfp, "%02x", k->s2k.salt[i]);
884 if (s2kmode == 3)
885 fprintf (listfp, ", count %lu (%lu)",
886 S2K_DECODE_COUNT ((ulong) k->s2k.count),
887 (ulong) k->s2k.count);
888 fprintf (listfp, "\n");
889 }
890 }
891
892 leave:
893 iobuf_skip_rest (inp, pktlen, 0);
894 return rc;
895 }
896
897
898 static int
899 parse_pubkeyenc (IOBUF inp, int pkttype, unsigned long pktlen,
900 PACKET * packet)
901 {
902 unsigned int n;
903 int rc = 0;
904 int i, ndata;
905 PKT_pubkey_enc *k;
906
907 k = packet->pkt.pubkey_enc = xmalloc_clear (sizeof *packet->pkt.pubkey_enc);
908 if (pktlen < 12)
909 {
910 log_error ("packet(%d) too short\n", pkttype);
911 rc = gpg_error (GPG_ERR_INV_PACKET);
912 goto leave;
913 }
914 k->version = iobuf_get_noeof (inp);
915 pktlen--;
916 if (k->version != 2 && k->version != 3)
917 {
918 log_error ("packet(%d) with unknown version %d\n", pkttype, k->version);
919 rc = gpg_error (GPG_ERR_INV_PACKET);
920 goto leave;
921 }
922 k->keyid[0] = read_32 (inp);
923 pktlen -= 4;
924 k->keyid[1] = read_32 (inp);
925 pktlen -= 4;
926 k->pubkey_algo = iobuf_get_noeof (inp);
927 pktlen--;
928 k->throw_keyid = 0; /* Only used as flag for build_packet. */
929 if (list_mode)
930 fprintf (listfp,
931 ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
932 k->version, k->pubkey_algo, (ulong) k->keyid[0],
933 (ulong) k->keyid[1]);
934
935 ndata = pubkey_get_nenc (k->pubkey_algo);
936 if (!ndata)
937 {
938 if (list_mode)
939 fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo);
940 unknown_pubkey_warning (k->pubkey_algo);
941 k->data[0] = NULL; /* No need to store the encrypted data. */
942 }
943 else
944 {
945 for (i = 0; i < ndata; i++)
946 {
947 n = pktlen;
948 k->data[i] = mpi_read (inp, &n, 0);
949 pktlen -= n;
950 if (list_mode)
951 {
952 fprintf (listfp, "\tdata: ");
953 mpi_print (listfp, k->data[i], mpi_print_mode);
954 putc ('\n', listfp);
955 }
956 if (!k->data[i])
957 rc = gpg_error (GPG_ERR_INV_PACKET);
958 }
959 }
960
961 leave:
962 iobuf_skip_rest (inp, pktlen, 0);
963 return rc;
964 }
965
966
967 static void
968 dump_sig_subpkt (int hashed, int type, int critical,
969 const byte * buffer, size_t buflen, size_t length)
970 {
971 const char *p = NULL;
972 int i;
973
974 /* The CERT has warning out with explains how to use GNUPG to detect
975 * the ARRs - we print our old message here when it is a faked ARR
976 * and add an additional notice. */
977 if (type == SIGSUBPKT_ARR && !hashed)
978 {
979 fprintf (listfp,
980 "\tsubpkt %d len %u (additional recipient request)\n"
981 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
982 "encrypt to this key and thereby reveal the plaintext to "
983 "the owner of this ARR key. Detailed info follows:\n",
984 type, (unsigned) length);
985 }
986
987 buffer++;
988 length--;
989
990 fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*) */
991 critical ? "critical " : "",
992 hashed ? "hashed " : "", type, (unsigned) length);
993 if (length > buflen)
994 {
995 fprintf (listfp, "too short: buffer is only %u)\n", (unsigned) buflen);
996 return;
997 }
998 switch (type)
999 {
1000 case SIGSUBPKT_SIG_CREATED:
1001 if (length >= 4)
1002 fprintf (listfp, "sig created %s",
1003 strtimestamp (buffer_to_u32 (buffer)));
1004 break;
1005 case SIGSUBPKT_SIG_EXPIRE:
1006 if (length >= 4)
1007 {
1008 if (buffer_to_u32 (buffer))
1009 fprintf (listfp, "sig expires after %s",
1010 strtimevalue (buffer_to_u32 (buffer)));
1011 else
1012 fprintf (listfp, "sig does not expire");
1013 }
1014 break;
1015 case SIGSUBPKT_EXPORTABLE:
1016 if (length)
1017 fprintf (listfp, "%sexportable", *buffer ? "" : "not ");
1018 break;
1019 case SIGSUBPKT_TRUST:
1020 if (length != 2)
1021 p = "[invalid trust subpacket]";
1022 else
1023 fprintf (listfp, "trust signature of depth %d, value %d", buffer[0],
1024 buffer[1]);
1025 break;
1026 case SIGSUBPKT_REGEXP:
1027 if (!length)
1028 p = "[invalid regexp subpacket]";
1029 else
1030 fprintf (listfp, "regular expression: \"%s\"", buffer);
1031 break;
1032 case SIGSUBPKT_REVOCABLE:
1033 if (length)
1034 fprintf (listfp, "%srevocable", *buffer ? "" : "not ");
1035 break;
1036 case SIGSUBPKT_KEY_EXPIRE:
1037 if (length >= 4)
1038 {
1039 if (buffer_to_u32 (buffer))
1040 fprintf (listfp, "key expires after %s",
1041 strtimevalue (buffer_to_u32 (buffer)));
1042 else
1043 fprintf (listfp, "key does not expire");
1044 }
1045 break;
1046 case SIGSUBPKT_PREF_SYM:
1047 fputs ("pref-sym-algos:", listfp);
1048 for (i = 0; i < length; i++)
1049 fprintf (listfp, " %d", buffer[i]);
1050 break;
1051 case SIGSUBPKT_REV_KEY:
1052 fputs ("revocation key: ", listfp);
1053 if (length < 22)
1054 p = "[too short]";
1055 else
1056 {
1057 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1058 for (i = 2; i < length; i++)
1059 fprintf (listfp, "%02X", buffer[i]);
1060 }
1061 break;
1062 case SIGSUBPKT_ISSUER:
1063 if (length >= 8)
1064 fprintf (listfp, "issuer key ID %08lX%08lX",
1065 (ulong) buffer_to_u32 (buffer),
1066 (ulong) buffer_to_u32 (buffer + 4));
1067 break;
1068 case SIGSUBPKT_NOTATION:
1069 {
1070 fputs ("notation: ", listfp);
1071 if (length < 8)
1072 p = "[too short]";
1073 else
1074 {
1075 const byte *s = buffer;
1076 size_t n1, n2;
1077
1078 n1 = (s[4] << 8) | s[5];
1079 n2 = (s[6] << 8) | s[7];
1080 s += 8;
1081 if (8 + n1 + n2 != length)
1082 p = "[error]";
1083 else
1084 {
1085 print_string (listfp, s, n1, ')');
1086 putc ('=', listfp);
1087
1088 if (*buffer & 0x80)
1089 print_string (listfp, s + n1, n2, ')');
1090 else
1091 p = "[not human readable]";
1092 }
1093 }
1094 }
1095 break;
1096 case SIGSUBPKT_PREF_HASH:
1097 fputs ("pref-hash-algos:", listfp);
1098 for (i = 0; i < length; i++)
1099 fprintf (listfp, " %d", buffer[i]);
1100 break;
1101 case SIGSUBPKT_PREF_COMPR:
1102 fputs ("pref-zip-algos:", listfp);
1103 for (i = 0; i < length; i++)
1104 fprintf (listfp, " %d", buffer[i]);
1105 break;
1106 case SIGSUBPKT_KS_FLAGS:
1107 fputs ("key server preferences:", listfp);
1108 for (i = 0; i < length; i++)
1109 fprintf (listfp, " %02X", buffer[i]);
1110 break;
1111 case SIGSUBPKT_PREF_KS:
1112 fputs ("preferred key server: ", listfp);
1113 print_string (listfp, buffer, length, ')');
1114 break;
1115 case SIGSUBPKT_PRIMARY_UID:
1116 p = "primary user ID";
1117 break;
1118 case SIGSUBPKT_POLICY:
1119 fputs ("policy: ", listfp);
1120 print_string (listfp, buffer, length, ')');
1121 break;
1122 case SIGSUBPKT_KEY_FLAGS:
1123 fputs ("key flags:", listfp);
1124 for (i = 0; i < length; i++)
1125 fprintf (listfp, " %02X", buffer[i]);
1126 break;
1127 case SIGSUBPKT_SIGNERS_UID:
1128 p = "signer's user ID";
1129 break;
1130 case SIGSUBPKT_REVOC_REASON:
1131 if (length)
1132 {
1133 fprintf (listfp, "revocation reason 0x%02x (", *buffer);
1134 print_string (listfp, buffer + 1, length - 1, ')');
1135 p = ")";
1136 }
1137 break;
1138 case SIGSUBPKT_ARR:
1139 fputs ("Big Brother's key (ignored): ", listfp);
1140 if (length < 22)
1141 p = "[too short]";
1142 else
1143 {
1144 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1]);
1145 for (i = 2; i < length; i++)
1146 fprintf (listfp, "%02X", buffer[i]);
1147 }
1148 break;
1149 case SIGSUBPKT_FEATURES:
1150 fputs ("features:", listfp);
1151 for (i = 0; i < length; i++)
1152 fprintf (listfp, " %02x", buffer[i]);
1153 break;
1154 case SIGSUBPKT_SIGNATURE:
1155 fputs ("signature: ", listfp);
1156 if (length < 17)
1157 p = "[too short]";
1158 else
1159 fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1160 buffer[0],
1161 buffer[0] == 3 ? buffer[2] : buffer[1],
1162 buffer[0] == 3 ? buffer[15] : buffer[2],
1163 buffer[0] == 3 ? buffer[16] : buffer[3]);
1164 break;
1165 default:
1166 if (type >= 100 && type <= 110)
1167 p = "experimental / private subpacket";
1168 else
1169 p = "?";
1170 break;
1171 }
1172
1173 fprintf (listfp, "%s)\n", p ? p : "");
1174 }
1175
1176
1177 /*
1178 * Returns: >= 0 use this offset into buffer
1179 * -1 explicitly reject returning this type
1180 * -2 subpacket too short
1181 */
1182 int
1183 parse_one_sig_subpkt (const byte * buffer, size_t n, int type)
1184 {
1185 switch (type)
1186 {
1187 case SIGSUBPKT_REV_KEY:
1188 if (n < 22)
1189 break;
1190 return 0;
1191 case SIGSUBPKT_SIG_CREATED:
1192 case SIGSUBPKT_SIG_EXPIRE:
1193 case SIGSUBPKT_KEY_EXPIRE:
1194 if (n < 4)
1195 break;
1196 return 0;
1197 case SIGSUBPKT_KEY_FLAGS:
1198 case SIGSUBPKT_KS_FLAGS:
1199 case SIGSUBPKT_PREF_SYM:
1200 case SIGSUBPKT_PREF_HASH:
1201 case SIGSUBPKT_PREF_COMPR:
1202 case SIGSUBPKT_POLICY:
1203 case SIGSUBPKT_PREF_KS:
1204 case SIGSUBPKT_FEATURES:
1205 case SIGSUBPKT_REGEXP:
1206 return 0;
1207 case SIGSUBPKT_SIGNATURE:
1208 case SIGSUBPKT_EXPORTABLE:
1209 case SIGSUBPKT_REVOCABLE:
1210 case SIGSUBPKT_REVOC_REASON:
1211 if (!n)
1212 break;
1213 return 0;
1214 case SIGSUBPKT_ISSUER: /* issuer key ID */
1215 if (n < 8)
1216 break;
1217 return 0;
1218 case SIGSUBPKT_NOTATION:
1219 /* minimum length needed, and the subpacket must be well-formed
1220 where the name length and value length all fit inside the
1221 packet. */
1222 if (n < 8
1223 || 8 + ((buffer[4] << 8) | buffer[5]) +
1224 ((buffer[6] << 8) | buffer[7]) != n)
1225 break;
1226 return 0;
1227 case SIGSUBPKT_PRIMARY_UID:
1228 if (n != 1)
1229 break;
1230 return 0;
1231 case SIGSUBPKT_TRUST:
1232 if (n != 2)
1233 break;
1234 return 0;
1235 default:
1236 return 0;
1237 }
1238 return -2;
1239 }
1240
1241
1242 /* Return true if we understand the critical notation. */
1243 static int
1244 can_handle_critical_notation (const byte * name, size_t len)
1245 {
1246 if (len == 32 && memcmp (name, "preferred-email-encoding@pgp.com", 32) == 0)
1247 return 1;
1248 if (len == 21 && memcmp (name, "pka-address@gnupg.org", 21) == 0)
1249 return 1;
1250
1251 return 0;
1252 }
1253
1254
1255 static int
1256 can_handle_critical (const byte * buffer, size_t n, int type)
1257 {
1258 switch (type)
1259 {
1260 case SIGSUBPKT_NOTATION:
1261 if (n >= 8)
1262 return can_handle_critical_notation (buffer + 8,
1263 (buffer[4] << 8) | buffer[5]);
1264 else
1265 return 0;
1266 case SIGSUBPKT_SIGNATURE:
1267 case SIGSUBPKT_SIG_CREATED:
1268 case SIGSUBPKT_SIG_EXPIRE:
1269 case SIGSUBPKT_KEY_EXPIRE:
1270 case SIGSUBPKT_EXPORTABLE:
1271 case SIGSUBPKT_REVOCABLE:
1272 case SIGSUBPKT_REV_KEY:
1273 case SIGSUBPKT_ISSUER: /* issuer key ID */
1274 case SIGSUBPKT_PREF_SYM:
1275 case SIGSUBPKT_PREF_HASH:
1276 case SIGSUBPKT_PREF_COMPR:
1277 case SIGSUBPKT_KEY_FLAGS:
1278 case SIGSUBPKT_PRIMARY_UID:
1279 case SIGSUBPKT_FEATURES:
1280 case SIGSUBPKT_TRUST:
1281 case SIGSUBPKT_REGEXP:
1282 /* Is it enough to show the policy or keyserver? */
1283 case SIGSUBPKT_POLICY:
1284 case SIGSUBPKT_PREF_KS:
1285 return 1;
1286
1287 default:
1288 return 0;
1289 }
1290 }
1291
1292
1293 const byte *
1294 enum_sig_subpkt (const subpktarea_t * pktbuf, sigsubpkttype_t reqtype,
1295 size_t * ret_n, int *start, int *critical)
1296 {
1297 const byte *buffer;
1298 int buflen;
1299 int type;
1300 int critical_dummy;
1301 int offset;
1302 size_t n;
1303 int seq = 0;
1304 int reqseq = start ? *start : 0;
1305
1306 if (!critical)
1307 critical = &critical_dummy;
1308
1309 if (!pktbuf || reqseq == -1)
1310 {
1311 /* return some value different from NULL to indicate that
1312 * there is no critical bit we do not understand. The caller
1313 * will never use the value. Yes I know, it is an ugly hack */
1314 return reqtype ==
1315 SIGSUBPKT_TEST_CRITICAL ? (const byte *) &pktbuf : NULL;
1316 }
1317 buffer = pktbuf->data;
1318 buflen = pktbuf->len;
1319 while (buflen)
1320 {
1321 n = *buffer++;
1322 buflen--;
1323 if (n == 255) /* 4 byte length header. */
1324 {
1325 if (buflen < 4)
1326 goto too_short;
1327 n = (buffer[0] << 24) | (buffer[1] << 16)
1328 | (buffer[2] << 8) | buffer[3];
1329 buffer += 4;
1330 buflen -= 4;
1331 }
1332 else if (n >= 192) /* 4 byte special encoded length header. */
1333 {
1334 if (buflen < 2)
1335 goto too_short;
1336 n = ((n - 192) << 8) + *buffer + 192;
1337 buffer++;
1338 buflen--;
1339 }
1340 if (buflen < n)
1341 goto too_short;
1342 type = *buffer;
1343 if (type & 0x80)
1344 {
1345 type &= 0x7f;
1346 *critical = 1;
1347 }
1348 else
1349 *critical = 0;
1350 if (!(++seq > reqseq))
1351 ;
1352 else if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1353 {
1354 if (*critical)
1355 {
1356 if (n - 1 > buflen + 1)
1357 goto too_short;
1358 if (!can_handle_critical (buffer + 1, n - 1, type))
1359 {
1360 if (opt.verbose)
1361 log_info (_("subpacket of type %d has "
1362 "critical bit set\n"), type);
1363 if (start)
1364 *start = seq;
1365 return NULL; /* This is an error. */
1366 }
1367 }
1368 }
1369 else if (reqtype < 0) /* List packets. */
1370 dump_sig_subpkt (reqtype == SIGSUBPKT_LIST_HASHED,
1371 type, *critical, buffer, buflen, n);
1372 else if (type == reqtype) /* Found. */
1373 {
1374 buffer++;
1375 n--;
1376 if (n > buflen)
1377 goto too_short;
1378 if (ret_n)
1379 *ret_n = n;
1380 offset = parse_one_sig_subpkt (buffer, n, type);
1381 switch (offset)
1382 {
1383 case -2:
1384 log_error ("subpacket of type %d too short\n", type);
1385 return NULL;
1386 case -1:
1387 return NULL;
1388 default:
1389 break;
1390 }
1391 if (start)
1392 *start = seq;
1393 return buffer + offset;
1394 }
1395 buffer += n;
1396 buflen -= n;
1397 }
1398 if (reqtype == SIGSUBPKT_TEST_CRITICAL)
1399 return buffer; /* Used as True to indicate that there is no. */
1400
1401 /* Critical bit we don't understand. */
1402 if (start)
1403 *start = -1;
1404 return NULL; /* End of packets; not found. */
1405
1406 too_short:
1407 if (opt.verbose)
1408 log_info ("buffer shorter than subpacket\n");
1409 if (start)
1410 *start = -1;
1411 return NULL;
1412 }
1413
1414
1415 const byte *
1416 parse_sig_subpkt (const subpktarea_t * buffer, sigsubpkttype_t reqtype,
1417 size_t * ret_n)
1418 {
1419 return enum_sig_subpkt (buffer, reqtype, ret_n, NULL, NULL);
1420 }
1421
1422
1423 const byte *
1424 parse_sig_subpkt2 (PKT_signature * sig, sigsubpkttype_t reqtype,
1425 size_t * ret_n)
1426 {
1427 const byte *p;
1428
1429 p = parse_sig_subpkt (sig->hashed, reqtype, ret_n);
1430 if (!p)
1431 p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n);
1432 return p;
1433 }
1434
1435
1436 /* Find all revocation keys. Look in hashed area only. */
1437 void
1438 parse_revkeys (PKT_signature * sig)
1439 {
1440 struct revocation_key *revkey;
1441 int seq = 0;
1442 size_t len;
1443
1444 if (sig->sig_class != 0x1F)
1445 return;
1446
1447 while ((revkey =
1448 (struct revocation_key *) enum_sig_subpkt (sig->hashed,
1449 SIGSUBPKT_REV_KEY,
1450 &len, &seq, NULL)))
1451 {
1452 if (len == sizeof (struct revocation_key)
1453 && (revkey->class & 0x80)) /* 0x80 bit must be set. */
1454 {
1455 sig->revkey = xrealloc (sig->revkey,
1456 sizeof (struct revocation_key *) *
1457 (sig->numrevkeys + 1));
1458 sig->revkey[sig->numrevkeys] = revkey;
1459 sig->numrevkeys++;
1460 }
1461 }
1462 }
1463
1464
1465 int
1466 parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
1467 PKT_signature * sig)
1468 {
1469 int md5_len = 0;
1470 unsigned n;
1471 int is_v4 = 0;
1472 int rc = 0;
1473 int i, ndata;
1474
1475 if (pktlen < 16)
1476 {
1477 log_error ("packet(%d) too short\n", pkttype);
1478 goto leave;
1479 }
1480 sig->version = iobuf_get_noeof (inp);
1481 pktlen--;
1482 if (sig->version == 4)
1483 is_v4 = 1;
1484 else if (sig->version != 2 && sig->version != 3)
1485 {
1486 log_error ("packet(%d) with unknown version %d\n",
1487 pkttype, sig->version);
1488 rc = gpg_error (GPG_ERR_INV_PACKET);
1489 goto leave;
1490 }
1491
1492 if (!is_v4)
1493 {
1494 md5_len = iobuf_get_noeof (inp);
1495 pktlen--;
1496 }
1497 sig->sig_class = iobuf_get_noeof (inp);
1498 pktlen--;
1499 if (!is_v4)
1500 {
1501 sig->timestamp = read_32 (inp);
1502 pktlen -= 4;
1503 sig->keyid[0] = read_32 (inp);
1504 pktlen -= 4;
1505 sig->keyid[1] = read_32 (inp);
1506 pktlen -= 4;
1507 }
1508 sig->pubkey_algo = iobuf_get_noeof (inp);
1509 pktlen--;
1510 sig->digest_algo = iobuf_get_noeof (inp);
1511 pktlen--;
1512 sig->flags.exportable = 1;
1513 sig->flags.revocable = 1;
1514 if (is_v4) /* Read subpackets. */
1515 {
1516 n = read_16 (inp);
1517 pktlen -= 2; /* Length of hashed data. */
1518 if (n > 10000)
1519 {
1520 log_error ("signature packet: hashed data too long\n");
1521 rc = G10ERR_INVALID_PACKET;
1522 goto leave;
1523 }
1524 if (n)
1525 {
1526 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1);
1527 sig->hashed->size = n;
1528 sig->hashed->len = n;
1529 if (iobuf_read (inp, sig->hashed->data, n) != n)
1530 {
1531 log_error ("premature eof while reading "
1532 "hashed signature data\n");
1533 rc = -1;
1534 goto leave;
1535 }
1536 pktlen -= n;
1537 }
1538 n = read_16 (inp);
1539 pktlen -= 2; /* Length of unhashed data. */
1540 if (n > 10000)
1541 {
1542 log_error ("signature packet: unhashed data too long\n");
1543 rc = G10ERR_INVALID_PACKET;
1544 goto leave;
1545 }
1546 if (n)
1547 {
1548 sig->unhashed = xmalloc (sizeof (*sig->unhashed) + n - 1);
1549 sig->unhashed->size = n;
1550 sig->unhashed->len = n;
1551 if (iobuf_read (inp, sig->unhashed->data, n) != n)
1552 {
1553 log_error ("premature eof while reading "
1554 "unhashed signature data\n");
1555 rc = -1;
1556 goto leave;
1557 }
1558 pktlen -= n;
1559 }
1560 }
1561
1562 if (pktlen < 5) /* Sanity check. */
1563 {
1564 log_error ("packet(%d) too short\n", pkttype);
1565 rc = G10ERR_INVALID_PACKET;
1566 goto leave;
1567 }
1568
1569 sig->digest_start[0] = iobuf_get_noeof (inp);
1570 pktlen--;
1571 sig->digest_start[1] = iobuf_get_noeof (inp);
1572 pktlen--;
1573
1574 if (is_v4 && sig->pubkey_algo) /* Extract required information. */
1575 {
1576 const byte *p;
1577 size_t len;
1578
1579 /* Set sig->flags.unknown_critical if there is a critical bit
1580 * set for packets which we do not understand. */
1581 if (!parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1582 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL, NULL))
1583 sig->flags.unknown_critical = 1;
1584
1585 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL);
1586 if (p)
1587 sig->timestamp = buffer_to_u32 (p);
1588 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1589 && opt.verbose)
1590 log_info ("signature packet without timestamp\n");
1591
1592 p = parse_sig_subpkt2 (sig, SIGSUBPKT_ISSUER, NULL);
1593 if (p)
1594 {
1595 sig->keyid[0] = buffer_to_u32 (p);
1596 sig->keyid[1] = buffer_to_u32 (p + 4);
1597 }
1598 else if (!(sig->pubkey_algo >= 100 && sig->pubkey_algo <= 110)
1599 && opt.verbose)
1600 log_info ("signature packet without keyid\n");
1601
1602 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_EXPIRE, NULL);
1603 if (p && buffer_to_u32 (p))
1604 sig->expiredate = sig->timestamp + buffer_to_u32 (p);
1605 if (sig->expiredate && sig->expiredate <= make_timestamp ())
1606 sig->flags.expired = 1;
1607
1608 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_POLICY, NULL);
1609 if (p)
1610 sig->flags.policy_url = 1;
1611
1612 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_PREF_KS, NULL);
1613 if (p)
1614 sig->flags.pref_ks = 1;
1615
1616 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_NOTATION, NULL);
1617 if (p)
1618 sig->flags.notation = 1;
1619
1620 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_REVOCABLE, NULL);
1621 if (p && *p == 0)
1622 sig->flags.revocable = 0;
1623
1624 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_TRUST, &len);
1625 if (p && len == 2)
1626 {
1627 sig->trust_depth = p[0];
1628 sig->trust_value = p[1];
1629
1630 /* Only look for a regexp if there is also a trust
1631 subpacket. */
1632 sig->trust_regexp =
1633 parse_sig_subpkt (sig->hashed, SIGSUBPKT_REGEXP, &len);
1634
1635 /* If the regular expression is of 0 length, there is no
1636 regular expression. */
1637 if (len == 0)
1638 sig->trust_regexp = NULL;
1639 }
1640
1641 /* We accept the exportable subpacket from either the hashed or
1642 unhashed areas as older versions of gpg put it in the
1643 unhashed area. In theory, anyway, we should never see this
1644 packet off of a local keyring. */
1645
1646 p = parse_sig_subpkt2 (sig, SIGSUBPKT_EXPORTABLE, NULL);
1647 if (p && *p == 0)
1648 sig->flags.exportable = 0;
1649
1650 /* Find all revocation keys. */
1651 if (sig->sig_class == 0x1F)
1652 parse_revkeys (sig);
1653 }
1654
1655 if (list_mode)
1656 {
1657 fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1658 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1659 "\tdigest algo %d, begin of digest %02x %02x\n",
1660 sig->pubkey_algo,
1661 (ulong) sig->keyid[0], (ulong) sig->keyid[1],
1662 sig->version, (ulong) sig->timestamp, md5_len, sig->sig_class,
1663 sig->digest_algo, sig->digest_start[0], sig->digest_start[1]);
1664 if (is_v4)
1665 {
1666 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL);
1667 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
1668 }
1669 }
1670
1671 ndata = pubkey_get_nsig (sig->pubkey_algo);
1672 if (!ndata)
1673 {
1674 if (list_mode)
1675 fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo);
1676 unknown_pubkey_warning (sig->pubkey_algo);
1677
1678 /* We store the plain material in data[0], so that we are able
1679 * to write it back with build_packet(). */
1680 if (pktlen > (5 * MAX_EXTERN_MPI_BITS / 8))
1681 {
1682 /* We include a limit to avoid too trivial DoS attacks by
1683 having gpg allocate too much memory. */
1684 log_error ("signature packet: too much data\n");
1685 rc = G10ERR_INVALID_PACKET;
1686 }
1687 else
1688 {
1689 sig->data[0] =
1690 gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen, 0),
1691 pktlen * 8);
1692 pktlen = 0;
1693 }
1694 }
1695 else
1696 {
1697 for (i = 0; i < ndata; i++)
1698 {
1699 n = pktlen;
1700 sig->data[i] = mpi_read (inp, &n, 0);
1701 pktlen -= n;
1702 if (list_mode)
1703 {
1704 fprintf (listfp, "\tdata: ");
1705 mpi_print (listfp, sig->data[i], mpi_print_mode);
1706 putc ('\n', listfp);
1707 }
1708 if (!sig->data[i])
1709 rc = G10ERR_INVALID_PACKET;
1710 }
1711 }
1712
1713 leave:
1714 iobuf_skip_rest (inp, pktlen, 0);
1715 return rc;
1716 }
1717
1718
1719 static int
1720 parse_onepass_sig (IOBUF inp, int pkttype, unsigned long pktlen,
1721 PKT_onepass_sig * ops)
1722 {
1723 int version;
1724 int rc = 0;
1725
1726 if (pktlen < 13)
1727 {
1728 log_error ("packet(%d) too short\n", pkttype);
1729 rc = gpg_error (GPG_ERR_INV_PACKET);
1730 goto leave;
1731 }
1732 version = iobuf_get_noeof (inp);
1733 pktlen--;
1734 if (version != 3)
1735 {
1736 log_error ("onepass_sig with unknown version %d\n", version);
1737 rc = gpg_error (GPG_ERR_INV_PACKET);
1738 goto leave;
1739 }
1740 ops->sig_class = iobuf_get_noeof (inp);
1741 pktlen--;
1742 ops->digest_algo = iobuf_get_noeof (inp);
1743 pktlen--;
1744 ops->pubkey_algo = iobuf_get_noeof (inp);
1745 pktlen--;
1746 ops->keyid[0] = read_32 (inp);
1747 pktlen -= 4;
1748 ops->keyid[1] = read_32 (inp);
1749 pktlen -= 4;
1750 ops->last = iobuf_get_noeof (inp);
1751 pktlen--;
1752 if (list_mode)
1753 fprintf (listfp,
1754 ":onepass_sig packet: keyid %08lX%08lX\n"
1755 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
1756 "last=%d\n",
1757 (ulong) ops->keyid[0], (ulong) ops->keyid[1],
1758 version, ops->sig_class,
1759 ops->digest_algo, ops->pubkey_algo, ops->last);
1760
1761
1762 leave:
1763 iobuf_skip_rest (inp, pktlen, 0);
1764 return rc;
1765 }
1766
1767
1768 static gcry_mpi_t
1769 read_protected_v3_mpi (IOBUF inp, unsigned long *length)
1770 {
1771 int c;
1772 unsigned int nbits, nbytes;
1773 unsigned char *buf, *p;
1774 gcry_mpi_t val;
1775
1776 if (*length < 2)
1777 {
1778 log_error ("mpi too small\n");
1779 return NULL;
1780 }
1781
1782 if ((c = iobuf_get (inp)) == -1)
1783 return NULL;
1784 --*length;
1785 nbits = c << 8;
1786 if ((c = iobuf_get (inp)) == -1)
1787 return NULL;
1788 --*length;
1789 nbits |= c;
1790
1791 if (nbits > 16384)
1792 {
1793 log_error ("mpi too large (%u bits)\n", nbits);
1794 return NULL;
1795 }
1796 nbytes = (nbits + 7) / 8;
1797 buf = p = xmalloc (2 + nbytes);
1798 *p++ = nbits >> 8;
1799 *p++ = nbits;
1800 for (; nbytes && *length; nbytes--, --*length)
1801 *p++ = iobuf_get (inp);
1802 if (nbytes)
1803 {
1804 log_error ("packet shorter than mpi\n");
1805 xfree (buf);
1806 return NULL;
1807 }
1808
1809 /* Convert buffer into an opaque MPI. */
1810 val = gcry_mpi_set_opaque (NULL, buf, (p - buf) * 8);
1811 return val;
1812 }
1813
1814
1815 static int
1816 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
1817 byte * hdr, int hdrlen, PACKET * pkt)
1818 {
1819 int i, version, algorithm;
1820 unsigned n;
1821 unsigned long timestamp, expiredate, max_expiredate;
1822 int npkey, nskey;
1823 int is_v4 = 0;
1824 int rc = 0;
1825 u32 keyid[2];
1826
1827 (void) hdr;
1828
1829 version = iobuf_get_noeof (inp);
1830 pktlen--;
1831 if (pkttype == PKT_PUBLIC_SUBKEY && version == '#')
1832 {
1833 /* Early versions of G10 used the old PGP comments packets;
1834 * luckily all those comments are started by a hash. */
1835 if (list_mode)
1836 {
1837 fprintf (listfp, ":rfc1991 comment packet: \"");
1838 for (; pktlen; pktlen--)
1839 {
1840 int c;
1841 c = iobuf_get_noeof (inp);
1842 if (c >= ' ' && c <= 'z')
1843 putc (c, listfp);
1844 else
1845 fprintf (listfp, "\\x%02x", c);
1846 }
1847 fprintf (listfp, "\"\n");
1848 }
1849 iobuf_skip_rest (inp, pktlen, 0);
1850 return 0;
1851 }
1852 else if (version == 4)
1853 is_v4 = 1;
1854 else if (version != 2 && version != 3)
1855 {
1856 log_error ("packet(%d) with unknown version %d\n", pkttype, version);
1857 rc = gpg_error (GPG_ERR_INV_PACKET);
1858 goto leave;
1859 }
1860
1861 if (pktlen < 11)
1862 {
1863 log_error ("packet(%d) too short\n", pkttype);
1864 rc = gpg_error (GPG_ERR_INV_PACKET);
1865 goto leave;
1866 }
1867
1868 timestamp = read_32 (inp);
1869 pktlen -= 4;
1870 if (is_v4)
1871 {
1872 expiredate = 0; /* have to get it from the selfsignature */
1873 max_expiredate = 0;
1874 }
1875 else
1876 {
1877 unsigned short ndays;
1878 ndays = read_16 (inp);
1879 pktlen -= 2;
1880 if (ndays)
1881 expiredate = timestamp + ndays * 86400L;
1882 else
1883 expiredate = 0;
1884
1885 max_expiredate = expiredate;
1886 }
1887 algorithm = iobuf_get_noeof (inp);
1888 pktlen--;
1889 if (list_mode)
1890 fprintf (listfp, ":%s key packet:\n"
1891 "\tversion %d, algo %d, created %lu, expires %lu\n",
1892 pkttype == PKT_PUBLIC_KEY ? "public" :
1893 pkttype == PKT_SECRET_KEY ? "secret" :
1894 pkttype == PKT_PUBLIC_SUBKEY ? "public sub" :
1895 pkttype == PKT_SECRET_SUBKEY ? "secret sub" : "??",
1896 version, algorithm, timestamp, expiredate);
1897
1898 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
1899 {
1900 PKT_secret_key *sk = pkt->pkt.secret_key;
1901
1902 sk->timestamp = timestamp;
1903 sk->expiredate = expiredate;
1904 sk->max_expiredate = max_expiredate;
1905 sk->hdrbytes = hdrlen;
1906 sk->version = version;
1907 sk->is_primary = pkttype == PKT_SECRET_KEY;
1908 sk->pubkey_algo = algorithm;
1909 sk->req_usage = 0;
1910 sk->pubkey_usage = 0; /* not yet used */
1911 }
1912 else
1913 {
1914 PKT_public_key *pk = pkt->pkt.public_key;
1915
1916 pk->timestamp = timestamp;
1917 pk->expiredate = expiredate;
1918 pk->max_expiredate = max_expiredate;
1919 pk->hdrbytes = hdrlen;
1920 pk->version = version;
1921 pk->is_primary = pkttype == PKT_PUBLIC_KEY;
1922 pk->pubkey_algo = algorithm;
1923 pk->req_usage = 0;
1924 pk->pubkey_usage = 0; /* not yet used */
1925 pk->is_revoked = 0;
1926 pk->is_disabled = 0;
1927 pk->keyid[0] = 0;
1928 pk->keyid[1] = 0;
1929 }
1930 nskey = pubkey_get_nskey (algorithm);
1931 npkey = pubkey_get_npkey (algorithm);
1932 if (!npkey)
1933 {
1934 if (list_mode)
1935 fprintf (listfp, "\tunknown algorithm %d\n", algorithm);
1936 unknown_pubkey_warning (algorithm);
1937 }
1938
1939
1940 if (pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY)
1941 {
1942 PKT_secret_key *sk = pkt->pkt.secret_key;
1943 byte temp[16];
1944 size_t snlen = 0;
1945
1946 if (!npkey)
1947 {
1948 sk->skey[0] = gcry_mpi_set_opaque (NULL, read_rest (inp, pktlen, 0),
1949 pktlen * 8);
1950 pktlen = 0;
1951 goto leave;
1952 }
1953
1954 for (i = 0; i < npkey; i++)
1955 {
1956 n = pktlen;
1957 sk->skey[i] = mpi_read (inp, &n, 0);
1958 pktlen -= n;
1959 if (list_mode)
1960 {
1961 fprintf (listfp, "\tskey[%d]: ", i);
1962 mpi_print (listfp, sk->skey[i], mpi_print_mode);
1963 putc ('\n', listfp);
1964 }
1965 if (!sk->skey[i])
1966 rc = G10ERR_INVALID_PACKET;
1967 }
1968 if (rc) /* One of the MPIs were bad. */
1969 goto leave;
1970 sk->protect.algo = iobuf_get_noeof (inp);
1971 pktlen--;
1972 sk->protect.sha1chk = 0;
1973 if (sk->protect.algo)
1974 {
1975 sk->is_protected = 1;
1976 sk->protect.s2k.count = 0;
1977 if (sk->protect.algo == 254 || sk->protect.algo == 255)
1978 {
1979 if (pktlen < 3)
1980 {
1981 rc = G10ERR_INVALID_PACKET;
1982 goto leave;
1983 }
1984 sk->protect.sha1chk = (sk->protect.algo == 254);
1985 sk->protect.algo = iobuf_get_noeof (inp);
1986 pktlen--;
1987 /* Note that a sk->protect.algo > 110 is illegal, but
1988 I'm not erroring on it here as otherwise there would
1989 be no way to delete such a key. */
1990 sk->protect.s2k.mode = iobuf_get_noeof (inp);
1991 pktlen--;
1992 sk->protect.s2k.hash_algo = iobuf_get_noeof (inp);
1993 pktlen--;
1994 /* check for the special GNU extension */
1995 if (is_v4 && sk->protect.s2k.mode == 101)
1996 {
1997 for (i = 0; i < 4 && pktlen; i++, pktlen--)
1998 temp[i] = iobuf_get_noeof (inp);
1999 if (i < 4 || memcmp (temp, "GNU", 3))
2000 {
2001 if (list_mode)
2002 fprintf (listfp, "\tunknown S2K %d\n",
2003 sk->protect.s2k.mode);
2004 rc = G10ERR_INVALID_PACKET;
2005 goto leave;
2006 }
2007 /* Here we know that it is a GNU extension. What
2008 * follows is the GNU protection mode: All values
2009 * have special meanings and they are mapped to MODE
2010 * with a base of 1000. */
2011 sk->protect.s2k.mode = 1000 + temp[3];
2012 }
2013 switch (sk->protect.s2k.mode)
2014 {
2015 case 1:
2016 case 3:
2017 for (i = 0; i < 8 && pktlen; i++, pktlen--)
2018 temp[i] = iobuf_get_noeof (inp);
2019 memcpy (sk->protect.s2k.salt, temp, 8);
2020 break;
2021 }
2022 switch (sk->protect.s2k.mode)
2023 {
2024 case 0:
2025 if (list_mode)
2026 fprintf (listfp, "\tsimple S2K");
2027 break;
2028 case 1:
2029 if (list_mode)
2030 fprintf (listfp, "\tsalted S2K");
2031 break;
2032 case 3:
2033 if (list_mode)
2034 fprintf (listfp, "\titer+salt S2K");
2035 break;
2036 case 1001:
2037 if (list_mode)
2038 fprintf (listfp, "\tgnu-dummy S2K");
2039 break;
2040 case 1002:
2041 if (list_mode)
2042 fprintf (listfp, "\tgnu-divert-to-card S2K");
2043 break;
2044 default:
2045 if (list_mode)
2046 fprintf (listfp, "\tunknown %sS2K %d\n",
2047 sk->protect.s2k.mode < 1000 ? "" : "GNU ",
2048 sk->protect.s2k.mode);
2049 rc = G10ERR_INVALID_PACKET;
2050 goto leave;
2051 }
2052
2053 if (list_mode)
2054 {
2055 fprintf (listfp, ", algo: %d,%s hash: %d",
2056 sk->protect.algo,
2057 sk->protect.sha1chk ? " SHA1 protection,"
2058 : " simple checksum,", sk->protect.s2k.hash_algo);
2059 if (sk->protect.s2k.mode == 1 || sk->protect.s2k.mode == 3)
2060 {
2061 fprintf (listfp, ", salt: ");
2062 for (i = 0; i < 8; i++)
2063 fprintf (listfp, "%02x", sk->protect.s2k.salt[i]);
2064 }
2065 putc ('\n', listfp);
2066 }
2067
2068 if (sk->protect.s2k.mode == 3)
2069 {
2070 if (pktlen < 1)
2071 {
2072 rc = G10ERR_INVALID_PACKET;
2073 goto leave;
2074 }
2075 sk->protect.s2k.count = iobuf_get (inp);
2076 pktlen--;
2077 if (list_mode)
2078 fprintf (listfp, "\tprotect count: %lu\n",
2079 (ulong) sk->protect.s2k.count);
2080 }
2081 else if (sk->protect.s2k.mode == 1002)
2082 {
2083 /* Read the serial number. */
2084 if (pktlen < 1)
2085 {
2086 rc = G10ERR_INVALID_PACKET;
2087 goto leave;
2088 }
2089 snlen = iobuf_get (inp);
2090 pktlen--;
2091 if (pktlen < snlen || snlen == -1)
2092 {
2093 rc = G10ERR_INVALID_PACKET;
2094 goto leave;
2095 }
2096 }
2097 }
2098 else /* Old version; no S2K, so we set mode to 0, hash MD5. */
2099 {
2100 /* Note that a sk->protect.algo > 110 is illegal, but
2101 I'm not erroring on it here as otherwise there would
2102 be no way to delete such a key. */
2103 sk->protect.s2k.mode = 0;
2104 sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
2105 if (list_mode)
2106 fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
2107 sk->protect.algo, sk->protect.s2k.hash_algo);
2108 }
2109
2110 /* It is really ugly that we don't know the size
2111 * of the IV here in cases we are not aware of the algorithm.
2112 * so a
2113 * sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo);
2114 * won't work. The only solution I see is to hardwire it.
2115 * NOTE: if you change the ivlen above 16, don't forget to
2116 * enlarge temp. */
2117 sk->protect.ivlen = openpgp_cipher_blocklen (sk->protect.algo);
2118 assert (sk->protect.ivlen <= sizeof (temp));
2119
2120 if (sk->protect.s2k.mode == 1001)
2121 sk->protect.ivlen = 0;
2122 else if (sk->protect.s2k.mode == 1002)
2123 sk->protect.ivlen = snlen < 16 ? snlen : 16;
2124
2125 if (pktlen < sk->protect.ivlen)
2126 {
2127 rc = G10ERR_INVALID_PACKET;
2128 goto leave;
2129 }
2130 for (i = 0; i < sk->protect.ivlen && pktlen; i++, pktlen--)
2131 temp[i] = iobuf_get_noeof (inp);
2132 if (list_mode)
2133 {
2134 fprintf (listfp,
2135 sk->protect.s2k.mode == 1002 ? "\tserial-number: "
2136 : "\tprotect IV: ");
2137 for (i = 0; i < sk->protect.ivlen; i++)
2138 fprintf (listfp, " %02x", temp[i]);
2139 putc ('\n', listfp);
2140 }
2141 memcpy (sk->protect.iv, temp, sk->protect.ivlen);
2142 }
2143 else
2144 sk->is_protected = 0;
2145
2146 /* It does not make sense to read it into secure memory.
2147 * If the user is so careless, not to protect his secret key,
2148 * we can assume, that he operates an open system :=(.
2149 * So we put the key into secure memory when we unprotect it. */
2150 if (sk->protect.s2k.mode == 1001 || sk->protect.s2k.mode == 1002)
2151 {
2152 /* Better set some dummy stuff here. */
2153 sk->skey[npkey] = gcry_mpi_set_opaque (NULL,
2154 xstrdup ("dummydata"),
2155 10 * 8);
2156 pktlen = 0;
2157 }
2158 else if (is_v4 && sk->is_protected)
2159 {
2160 /* Ugly: The length is encrypted too, so we read all stuff
2161 * up to the end of the packet into the first SKEY
2162 * element. */
2163 sk->skey[npkey] = gcry_mpi_set_opaque (NULL,
2164 read_rest (inp, pktlen, 0),
2165 pktlen * 8);
2166 pktlen = 0;
2167 if (list_mode)
2168 {
2169 fprintf (listfp, "\tencrypted stuff follows\n");
2170 }
2171 }
2172 else /* The v3 method: The mpi length is not encrypted. */
2173 {
2174 for (i = npkey; i < nskey; i++)
2175 {
2176 if (sk->is_protected)
2177 {
2178 sk->skey[i] = read_protected_v3_mpi (inp, &pktlen);
2179 if (list_mode)
2180 fprintf (listfp, "\tskey[%d]: [encrypted]\n", i);
2181 }
2182 else
2183 {
2184 n = pktlen;
2185 sk->skey[i] = mpi_read (inp, &n, 0);
2186 pktlen -= n;
2187 if (list_mode)
2188 {
2189 fprintf (listfp, "\tskey[%d]: ", i);
2190 mpi_print (listfp, sk->skey[i], mpi_print_mode);
2191 putc ('\n', listfp);
2192 }
2193 }
2194
2195 if (!sk->skey[i])
2196 rc = G10ERR_INVALID_PACKET;
2197 }
2198 if (rc)
2199 goto leave;
2200
2201 sk->csum = read_16 (inp);
2202 pktlen -= 2;
2203 if (list_mode)
2204 {
2205 fprintf (listfp, "\tchecksum: %04hx\n", sk->csum);
2206 }
2207 }
2208
2209 if (list_mode)
2210 keyid_from_sk (sk, keyid);
2211 }
2212 else
2213 {
2214 PKT_public_key *pk = pkt->pkt.public_key;
2215
2216 if (!npkey)
2217 {
2218 pk->pkey[0] = gcry_mpi_set_opaque (NULL,
2219 read_rest (inp, pktlen, 0),
2220 pktlen * 8);
2221 pktlen = 0;
2222 goto leave;
2223 }
2224
2225 for (i = 0; i < npkey; i++)
2226 {
2227 n = pktlen;
2228 pk->pkey[i] = mpi_read (inp, &n, 0);
2229 pktlen -= n;
2230 if (list_mode)
2231 {
2232 fprintf (listfp, "\tpkey[%d]: ", i);
2233 mpi_print (listfp, pk->pkey[i], mpi_print_mode);
2234 putc ('\n', listfp);
2235 }
2236 if (!pk->pkey[i])
2237 rc = G10ERR_INVALID_PACKET;
2238 }
2239 if (rc)
2240 goto leave;
2241 if (list_mode)
2242 keyid_from_pk (pk, keyid);
2243 }
2244
2245 if (list_mode)
2246 fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2247 (ulong) keyid[0], (ulong) keyid[1]);
2248
2249 leave:
2250 iobuf_skip_rest (inp, pktlen, 0);
2251 return rc;
2252 }
2253
2254
2255 /* Attribute subpackets have the same format as v4 signature
2256 subpackets. This is not part of OpenPGP, but is done in several
2257 versions of PGP nevertheless. */
2258 int
2259 parse_attribute_subpkts (PKT_user_id * uid)
2260 {
2261 size_t n;
2262 int count = 0;
2263 struct user_attribute *attribs = NULL;
2264 const byte *buffer = uid->attrib_data;
2265 int buflen = uid->attrib_len;
2266 byte type;
2267
2268 xfree (uid->attribs);
2269
2270 while (buflen)
2271 {
2272 n = *buffer++;
2273 buflen--;
2274 if (n == 255) /* 4 byte length header. */
2275 {
2276 if (buflen < 4)
2277 goto too_short;
2278 n = (buffer[0] << 24) | (buffer[1] << 16)
2279 | (buffer[2] << 8) | buffer[3];
2280 buffer += 4;
2281 buflen -= 4;
2282 }
2283 else if (n >= 192) /* 2 byte special encoded length header. */
2284 {
2285 if (buflen < 2)
2286 goto too_short;
2287 n = ((n - 192) << 8) + *buffer + 192;
2288 buffer++;
2289 buflen--;
2290 }
2291 if (buflen < n)
2292 goto too_short;
2293
2294 attribs =
2295 xrealloc (attribs, (count + 1) * sizeof (struct user_attribute));
2296 memset (&attribs[count], 0, sizeof (struct user_attribute));
2297
2298 type = *buffer;
2299 buffer++;
2300 buflen--;
2301 n--;
2302
2303 attribs[count].type = type;
2304 attribs[count].data = buffer;
2305 attribs[count].len = n;
2306 buffer += n;
2307 buflen -= n;
2308 count++;
2309 }
2310
2311 uid->attribs = attribs;
2312 uid->numattribs = count;
2313 return count;
2314
2315 too_short:
2316 if (opt.verbose)
2317 log_info ("buffer shorter than attribute subpacket\n");
2318 uid->attribs = attribs;
2319 uid->numattribs = count;
2320 return count;
2321 }
2322
2323
2324 static int
2325 parse_user_id (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2326 {
2327 byte *p;
2328
2329 /* Cap the size of a user ID at 2k: a value absurdly large enough
2330 that there is no sane user ID string (which is printable text
2331 as of RFC2440bis) that won't fit in it, but yet small enough to
2332 avoid allocation problems. A large pktlen may not be
2333 allocatable, and a very large pktlen could actually cause our
2334 allocation to wrap around in xmalloc to a small number. */
2335
2336 if (pktlen > 2048)
2337 {
2338 log_error ("packet(%d) too large\n", pkttype);
2339 iobuf_skip_rest (inp, pktlen, 0);
2340 return G10ERR_INVALID_PACKET;
2341 }
2342
2343 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id + pktlen);
2344 packet->pkt.user_id->len = pktlen;
2345 packet->pkt.user_id->ref = 1;
2346
2347 p = packet->pkt.user_id->name;
2348 for (; pktlen; pktlen--, p++)
2349 *p = iobuf_get_noeof (inp);
2350 *p = 0;
2351
2352 if (list_mode)
2353 {
2354 int n = packet->pkt.user_id->len;
2355 fprintf (listfp, ":user ID packet: \"");
2356 /* fixme: Hey why don't we replace this with print_string?? */
2357 for (p = packet->pkt.user_id->name; n; p++, n--)
2358 {
2359 if (*p >= ' ' && *p <= 'z')
2360 putc (*p, listfp);
2361 else
2362 fprintf (listfp, "\\x%02x", *p);
2363 }
2364 fprintf (listfp, "\"\n");
2365 }
2366 return 0;
2367 }
2368
2369
2370 void
2371 make_attribute_uidname (PKT_user_id * uid, size_t max_namelen)
2372 {
2373 assert (max_namelen > 70);
2374 if (uid->numattribs <= 0)
2375 sprintf (uid->name, "[bad attribute packet of size %lu]",
2376 uid->attrib_len);
2377 else if (uid->numattribs > 1)
2378 sprintf (uid->name, "[%d attributes of size %lu]",
2379 uid->numattribs, uid->attrib_len);
2380 else
2381 {
2382 /* Only one attribute, so list it as the "user id" */
2383
2384 if (uid->attribs->type == ATTRIB_IMAGE)
2385 {
2386 u32 len;
2387 byte type;
2388
2389 if (parse_image_header (uid->attribs, &type, &len))
2390 sprintf (uid->name, "[%.20s image of size %lu]",
2391 image_type_to_string (type, 1), (ulong) len);
2392 else
2393 sprintf (uid->name, "[invalid image]");
2394 }
2395 else
2396 sprintf (uid->name, "[unknown attribute of size %lu]",
2397 (ulong) uid->attribs->len);
2398 }
2399
2400 uid->len = strlen (uid->name);
2401 }
2402
2403
2404 static int
2405 parse_attribute (IOBUF inp, int pkttype, unsigned long pktlen,
2406 PACKET * packet)
2407 {
2408 byte *p;
2409
2410 (void) pkttype;
2411
2412 #define EXTRA_UID_NAME_SPACE 71
2413 packet->pkt.user_id = xmalloc_clear (sizeof *packet->pkt.user_id
2414 + EXTRA_UID_NAME_SPACE);
2415 packet->pkt.user_id->ref = 1;
2416 packet->pkt.user_id->attrib_data = xmalloc (pktlen);
2417 packet->pkt.user_id->attrib_len = pktlen;
2418
2419 p = packet->pkt.user_id->attrib_data;
2420 for (; pktlen; pktlen--, p++)
2421 *p = iobuf_get_noeof (inp);
2422
2423 /* Now parse out the individual attribute subpackets. This is
2424 somewhat pointless since there is only one currently defined
2425 attribute type (jpeg), but it is correct by the spec. */
2426 parse_attribute_subpkts (packet->pkt.user_id);
2427
2428 make_attribute_uidname (packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2429
2430 if (list_mode)
2431 {
2432 fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name);
2433 }
2434 return 0;
2435 }
2436
2437
2438 static int
2439 parse_comment (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * packet)
2440 {
2441 byte *p;
2442
2443 /* Cap comment packet at a reasonable value to avoid an integer
2444 overflow in the malloc below. Comment packets are actually not
2445 anymore define my OpenPGP and we even stopped to use our
2446 private comment packet. */
2447 if (pktlen > 65536)
2448 {
2449 log_error ("packet(%d) too large\n", pkttype);
2450 iobuf_skip_rest (inp, pktlen, 0);
2451 return G10ERR_INVALID_PACKET;
2452 }
2453 packet->pkt.comment = xmalloc (sizeof *packet->pkt.comment + pktlen - 1);
2454 packet->pkt.comment->len = pktlen;
2455 p = packet->pkt.comment->data;
2456 for (; pktlen; pktlen--, p++)
2457 *p = iobuf_get_noeof (inp);
2458
2459 if (list_mode)
2460 {
2461 int n = packet->pkt.comment->len;
2462 fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT ?
2463 "OpenPGP draft " : "");
2464 for (p = packet->pkt.comment->data; n; p++, n--)
2465 {
2466 if (*p >= ' ' && *p <= 'z')
2467 putc (*p, listfp);
2468 else
2469 fprintf (listfp, "\\x%02x", *p);
2470 }
2471 fprintf (listfp, "\"\n");
2472 }
2473 return 0;
2474 }
2475
2476
2477 static void
2478 parse_trust (IOBUF inp, int pkttype, unsigned long pktlen, PACKET * pkt)
2479 {
2480 int c;
2481
2482 (void) pkttype;
2483
2484 if (pktlen)
2485 {
2486 c = iobuf_get_noeof (inp);
2487 pktlen--;
2488 pkt->pkt.ring_trust = xmalloc (sizeof *pkt->pkt.ring_trust);
2489 pkt->pkt.ring_trust->trustval = c;
2490 pkt->pkt.ring_trust->sigcache = 0;
2491 if (!c && pktlen == 1)
2492 {
2493 c = iobuf_get_noeof (inp);
2494 pktlen--;
2495 /* We require that bit 7 of the sigcache is 0 (easier eof
2496 handling). */
2497 if (!(c & 0x80))
2498 pkt->pkt.ring_trust->sigcache = c;
2499 }
2500 if (list_mode)
2501 fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2502 pkt->pkt.ring_trust->trustval,
2503 pkt->pkt.ring_trust->sigcache);
2504 }
2505 else
2506 {
2507 if (list_mode)
2508 fprintf (listfp, ":trust packet: empty\n");
2509 }
2510 iobuf_skip_rest (inp, pktlen, 0);
2511 }
2512
2513
2514 static int
2515 parse_plaintext (IOBUF inp, int pkttype, unsigned long pktlen,
2516 PACKET * pkt, int new_ctb, int partial)
2517 {
2518 int rc = 0;
2519 int mode, namelen;
2520 PKT_plaintext *pt;
2521 byte *p;
2522 int c, i;
2523
2524 if (!partial && pktlen < 6)
2525 {
2526 log_error ("packet(%d) too short (%lu)\n", pkttype, (ulong) pktlen);
2527 rc = gpg_error (GPG_ERR_INV_PACKET);
2528 goto leave;
2529 }
2530 mode = iobuf_get_noeof (inp);
2531 if (pktlen)
2532 pktlen--;
2533 namelen = iobuf_get_noeof (inp);
2534 if (pktlen)
2535 pktlen--;
2536 /* Note that namelen will never exceed 255 bytes. */
2537 pt = pkt->pkt.plaintext =
2538 xmalloc (sizeof *pkt->pkt.plaintext + namelen - 1);
2539 pt->new_ctb = new_ctb;
2540 pt->mode = mode;
2541 pt->namelen = namelen;
2542 pt->is_partial = partial;
2543 if (pktlen)
2544 {
2545 for (i = 0; pktlen > 4 && i < namelen; pktlen--, i++)
2546 pt->name[i] = iobuf_get_noeof (inp);
2547 }
2548 else
2549 {
2550 for (i = 0; i < namelen; i++)
2551 if ((c = iobuf_get (inp)) == -1)
2552 break;
2553 else
2554 pt->name[i] = c;
2555 }
2556 pt->timestamp = read_32 (inp);
2557 if (pktlen)
2558 pktlen -= 4;
2559 pt->len = pktlen;
2560 pt->buf = inp;
2561 pktlen = 0;
2562
2563 if (list_mode)
2564 {
2565 fprintf (listfp, ":literal data packet:\n"
2566 "\tmode %c (%X), created %lu, name=\"",
2567 mode >= ' ' && mode < 'z' ? mode : '?', mode,
2568 (ulong) pt->timestamp);
2569 for (p = pt->name, i = 0; i < namelen; p++, i++)
2570 {
2571 if (*p >= ' ' && *p <= 'z')
2572 putc (*p, listfp);
2573 else
2574 fprintf (listfp, "\\x%02x", *p);
2575 }
2576 fprintf (listfp, "\",\n\traw data: ");
2577 if (partial)
2578 fprintf (listfp, "unknown length\n");
2579 else
2580 fprintf (listfp, "%lu bytes\n", (ulong) pt->len);
2581 }
2582
2583 leave:
2584 return rc;
2585 }
2586
2587
2588 static int
2589 parse_compressed (IOBUF inp, int pkttype, unsigned long pktlen,
2590 PACKET * pkt, int new_ctb)
2591 {
2592 PKT_compressed *zd;
2593
2594 /* PKTLEN is here 0, but data follows (this should be the last
2595 object in a file or the compress algorithm should know the
2596 length). */
2597 (void) pkttype;
2598 (void) pktlen;
2599
2600 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2601 zd->algorithm = iobuf_get_noeof (inp);
2602 zd->len = 0; /* not used */
2603 zd->new_ctb = new_ctb;
2604 zd->buf = inp;
2605 if (list_mode)
2606 fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2607 return 0;
2608 }
2609
2610
2611 static int
2612 parse_encrypted (IOBUF inp, int pkttype, unsigned long pktlen,
2613 PACKET * pkt, int new_ctb, int partial)
2614 {
2615 int rc = 0;
2616 PKT_encrypted *ed;
2617 unsigned long orig_pktlen = pktlen;
2618
2619 ed = pkt->pkt.encrypted = xmalloc (sizeof *pkt->pkt.encrypted);
2620 /* ed->len is set below. */
2621 ed->extralen = 0; /* Unknown here; only used in build_packet. */
2622 ed->buf = NULL;
2623 ed->new_ctb = new_ctb;
2624 ed->is_partial = partial;
2625 if (pkttype == PKT_ENCRYPTED_MDC)
2626 {
2627 /* Fixme: add some pktlen sanity checks. */
2628 int version;
2629
2630 version = iobuf_get_noeof (inp);
2631 if (orig_pktlen)
2632 pktlen--;
2633 if (version != 1)
2634 {
2635 log_error ("encrypted_mdc packet with unknown version %d\n",
2636 version);
2637 /*skip_rest(inp, pktlen); should we really do this? */
2638 rc = gpg_error (GPG_ERR_INV_PACKET);
2639 goto leave;
2640 }
2641 ed->mdc_method = DIGEST_ALGO_SHA1;
2642 }
2643 else
2644 ed->mdc_method = 0;
2645
2646 /* A basic sanity check. We need at least an 8 byte IV plus the 2
2647 detection bytes. Note that we don't known the algorithm and thus
2648 we may only check against the minimum blocksize. */
2649 if (orig_pktlen && pktlen < 10)
2650 {
2651 /* Actually this is blocksize+2. */
2652 log_error ("packet(%d) too short\n", pkttype);
2653 rc = G10ERR_INVALID_PACKET;
2654 iobuf_skip_rest (inp, pktlen, partial);
2655 goto leave;
2656 }
2657
2658 /* Store the remaining length of the encrypted data (i.e. without
2659 the MDC version number but with the IV etc.). This value is
2660 required during decryption. */
2661 ed->len = pktlen;
2662
2663 if (list_mode)
2664 {
2665 if (orig_pktlen)
2666 fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
2667 orig_pktlen);
2668 else
2669 fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
2670 if (ed->mdc_method)
2671 fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method);
2672 }
2673
2674 ed->buf = inp;
2675
2676 leave:
2677 return rc;
2678 }
2679
2680
2681 /* Note, that this code is not anymore used in real life because the
2682 MDC checking is now done right after the decryption in
2683 decrypt_data. */
2684 static int
2685 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
2686 PACKET * pkt, int new_ctb)
2687 {
2688 int rc = 0;
2689 PKT_mdc *mdc;
2690 byte *p;
2691
2692 (void) pkttype;
2693
2694 mdc = pkt->pkt.mdc = xmalloc (sizeof *pkt->pkt.mdc);
2695 if (list_mode)
2696 fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
2697 if (!new_ctb || pktlen != 20)
2698 {
2699 log_error ("mdc_packet with invalid encoding\n");
2700 rc = gpg_error (GPG_ERR_INV_PACKET);
2701 goto leave;
2702 }
2703 p = mdc->hash;
2704 for (; pktlen; pktlen--, p++)
2705 *p = iobuf_get_noeof (inp);
2706
2707 leave:
2708 return rc;
2709 }
2710
2711
2712 /*
2713 * This packet is internally generated by us (ibn armor.c) to transfer
2714 * some information to the lower layer. To make sure that this packet
2715 * is really a GPG faked one and not one comming from outside, we
2716 * first check that there is a unique tag in it.
2717 *
2718 * The format of such a control packet is:
2719 * n byte session marker
2720 * 1 byte control type CTRLPKT_xxxxx
2721 * m byte control data
2722 */
2723 static int
2724 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
2725 PACKET * packet, int partial)
2726 {
2727 byte *p;
2728 const byte *sesmark;
2729 size_t sesmarklen;
2730 int i;
2731
2732 (void) pkttype;
2733
2734 if (list_mode)
2735 fprintf (listfp, ":packet 63: length %lu ", pktlen);
2736
2737 sesmark = get_session_marker (&sesmarklen);
2738 if (pktlen < sesmarklen + 1) /* 1 is for the control bytes */
2739 goto skipit;
2740 for (i = 0; i < sesmarklen; i++, pktlen--)
2741 {
2742 if (sesmark[i] != iobuf_get_noeof (inp))
2743 goto skipit;
2744 }
2745 if (pktlen > 4096)
2746 goto skipit; /* Definitely too large. We skip it to avoid an
2747 overflow in the malloc. */
2748 if (list_mode)
2749 puts ("- gpg control packet");
2750
2751 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
2752 + pktlen - 1);
2753 packet->pkt.gpg_control->control = iobuf_get_noeof (inp);
2754 pktlen--;
2755 packet->pkt.gpg_control->datalen = pktlen;
2756 p = packet->pkt.gpg_control->data;
2757 for (; pktlen; pktlen--, p++)
2758 *p = iobuf_get_noeof (inp);
2759
2760 return 0;
2761
2762 skipit:
2763 if (list_mode)
2764 {
2765 int c;
2766
2767 i = 0;
2768 fprintf (listfp, "- private (rest length %lu)\n", pktlen);
2769 if (partial)
2770 {
2771 while ((c = iobuf_get (inp)) != -1)
2772 dump_hex_line (c, &i);
2773 }
2774 else
2775 {
2776 for (; pktlen; pktlen--)
2777 {
2778 dump_hex_line ((c = iobuf_get (inp)), &i);
2779 if (c == -1)
2780 break;
2781 }
2782 }
2783 putc ('\n', listfp);
2784 }
2785 iobuf_skip_rest (inp, pktlen, 0);
2786 return gpg_error (GPG_ERR_INV_PACKET);
2787 }
2788
2789
2790 /* Create a GPG control packet to be used internally as a placeholder. */
2791 PACKET *
2792 create_gpg_control (ctrlpkttype_t type, const byte * data, size_t datalen)
2793 {
2794 PACKET *packet;
2795 byte *p;
2796
2797 packet = xmalloc (sizeof *packet);
2798 init_packet (packet);
2799 packet->pkttype = PKT_GPG_CONTROL;
2800 packet->pkt.gpg_control = xmalloc (sizeof *packet->pkt.gpg_control
2801 + datalen - 1);
2802 packet->pkt.gpg_control->control = type;
2803 packet->pkt.gpg_control->datalen = datalen;
2804 p = packet->pkt.gpg_control->data;
2805 for (; datalen; datalen--, p++)
2806 *p = *data++;
2807
2808 return packet;
2809 }
2810
gnupg svn clone