search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make bug reporting address easier changeable.
[gnupg.git] / g10 / parse-packet.c
blob16ca7514fc204167c483a10616b7aa8375a5383b
1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26
27 #include "gpg.h"
28 #include "packet.h"
29 #include "iobuf.h"
30 #include "util.h"
31 #include "cipher.h"
32 #include "filter.h"
33 #include "photoid.h"
34 #include "options.h"
35 #include "main.h"
36 #include "i18n.h"
37
38 static int mpi_print_mode;
39 static int list_mode;
40 static FILE *listfp;
41
42 static int parse( IOBUF inp, PACKET *pkt, int onlykeypkts,
43 off_t *retpos, int *skip, IOBUF out, int do_skip
44 #ifdef DEBUG_PARSE_PACKET
45 ,const char *dbg_w, const char *dbg_f, int dbg_l
46 #endif
47 );
48 static int copy_packet( IOBUF inp, IOBUF out, int pkttype,
49 unsigned long pktlen, int partial );
50 static void skip_packet( IOBUF inp, int pkttype,
51 unsigned long pktlen, int partial );
52 static void *read_rest( IOBUF inp, size_t pktlen, int partial );
53 static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen );
54 static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
55 PACKET *packet );
56 static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
57 PACKET *packet );
58 static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
59 PKT_onepass_sig *ops );
60 static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
61 byte *hdr, int hdrlen, PACKET *packet );
62 static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
63 PACKET *packet );
64 static int parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen,
65 PACKET *packet );
66 static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen,
67 PACKET *packet );
68 static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen,
69 PACKET *packet );
70 static int parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
71 PACKET *packet, int new_ctb, int partial);
72 static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
73 PACKET *packet, int new_ctb );
74 static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
75 PACKET *packet, int new_ctb, int partial);
76 static int parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
77 PACKET *packet, int new_ctb);
78 static int parse_gpg_control( IOBUF inp, int pkttype, unsigned long pktlen,
79 PACKET *packet, int partial );
80
81 static unsigned short
82 read_16(IOBUF inp)
83 {
84 unsigned short a;
85 a = iobuf_get_noeof(inp) << 8;
86 a |= iobuf_get_noeof(inp);
87 return a;
88 }
89
90 static unsigned long
91 read_32(IOBUF inp)
92 {
93 unsigned long a;
94 a = iobuf_get_noeof(inp) << 24;
95 a |= iobuf_get_noeof(inp) << 16;
96 a |= iobuf_get_noeof(inp) << 8;
97 a |= iobuf_get_noeof(inp);
98 return a;
99 }
100
101
102 /* Read an external representation of an mpi and return the MPI. The
103 * external format is a 16 bit unsigned value stored in network byte
104 * order, giving the number of bits for the following integer. The
105 * integer is stored with MSB first (left padded with zeroes to align
106 * on a byte boundary).
107 */
108 static gcry_mpi_t
109 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
110 {
111 /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c*/
112
113 int c, c1, c2, i;
114 unsigned int nbits, nbytes;
115 size_t nread = 0;
116 gcry_mpi_t a = NULL;
117 byte *buf = NULL;
118 byte *p;
119
120 if ( (c = c1 = iobuf_get (inp)) == -1 )
121 goto leave;
122 nbits = c << 8;
123 if ( (c = c2 = iobuf_get (inp)) == -1 )
124 goto leave;
125 nbits |= c;
126 if ( nbits > MAX_EXTERN_MPI_BITS )
127 {
128 log_error("mpi too large (%u bits)\n", nbits);
129 goto leave;
130 }
131 nread = 2;
132 nbytes = (nbits+7) / 8;
133 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
134 p = buf;
135 p[0] = c1;
136 p[1] = c2;
137 for ( i=0 ; i < nbytes; i++ )
138 {
139 p[i+2] = iobuf_get(inp) & 0xff;
140 nread++;
141 }
142
143 if (nread >= 2 && !(buf[0] << 8 | buf[1]))
144 {
145 /* Libgcrypt < 1.5.0 accidently rejects zero-length (i.e. zero)
146 MPIs. We fix this here. */
147 a = gcry_mpi_new (0);
148 }
149 else
150 {
151 if ( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
152 a = NULL;
153 }
154
155 leave:
156 gcry_free(buf);
157 if ( nread > *ret_nread )
158 log_bug ("mpi larger than packet");
159 else
160 *ret_nread = nread;
161 return a;
162 }
163
164
165
166
167 int
168 set_packet_list_mode( int mode )
169 {
170 int old = list_mode;
171 list_mode = mode;
172 /* FIXME(gcrypt) mpi_print_mode = DBG_MPI; */
173 /* We use stdout print only if invoked by the --list-packets
174 command but switch to stderr in all otehr cases. This breaks
175 the previous behaviour but that seems to be more of a bug than
176 intentional. I don't believe that any application makes use of
177 this long standing annoying way of printing to stdout except
178 when doing a --list-packets. If this assumption fails, it will
179 be easy to add an option for the listing stream. Note that we
180 initialize it only once; mainly because some code may switch
181 the option value later back to 1 and we want to have all output
182 to the same stream.
183
184 Using stderr is not actually very clean because it bypasses the
185 logging code but it is a special thing anyay. I am not sure
186 whether using log_stream() would be better. Perhaps we should
187 enable the list mdoe only with a special option. */
188 if (!listfp)
189 listfp = opt.list_packets == 2 ? stdout : stderr;
190 return old;
191 }
192
193 static void
194 unknown_pubkey_warning( int algo )
195 {
196 static byte unknown_pubkey_algos[256];
197
198 algo &= 0xff;
199 if( !unknown_pubkey_algos[algo] ) {
200 if( opt.verbose )
201 log_info(_("can't handle public key algorithm %d\n"), algo );
202 unknown_pubkey_algos[algo] = 1;
203 }
204 }
205
206 /****************
207 * Parse a Packet and return it in packet
208 * Returns: 0 := valid packet in pkt
209 * -1 := no more packets
210 * >0 := error
211 * Note: The function may return an error and a partly valid packet;
212 * caller must free this packet.
213 */
214 #ifdef DEBUG_PARSE_PACKET
215 int
216 dbg_parse_packet( IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l )
217 {
218 int skip, rc;
219
220 do {
221 rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l );
222 } while( skip );
223 return rc;
224 }
225 #else
226 int
227 parse_packet( IOBUF inp, PACKET *pkt )
228 {
229 int skip, rc;
230
231 do {
232 rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0 );
233 } while( skip );
234 return rc;
235 }
236 #endif
237
238 /****************
239 * Like parse packet, but only return secret or public (sub)key packets.
240 */
241 #ifdef DEBUG_PARSE_PACKET
242 int
243 dbg_search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid,
244 const char *dbg_f, int dbg_l )
245 {
246 int skip, rc;
247
248 do {
249 rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0, "search", dbg_f, dbg_l );
250 } while( skip );
251 return rc;
252 }
253 #else
254 int
255 search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid )
256 {
257 int skip, rc;
258
259 do {
260 rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0 );
261 } while( skip );
262 return rc;
263 }
264 #endif
265
266 /****************
267 * Copy all packets from INP to OUT, thereby removing unused spaces.
268 */
269 #ifdef DEBUG_PARSE_PACKET
270 int
271 dbg_copy_all_packets( IOBUF inp, IOBUF out,
272 const char *dbg_f, int dbg_l )
273 {
274 PACKET pkt;
275 int skip, rc=0;
276 do {
277 init_packet(&pkt);
278 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l )));
279 return rc;
280 }
281 #else
282 int
283 copy_all_packets( IOBUF inp, IOBUF out )
284 {
285 PACKET pkt;
286 int skip, rc=0;
287 do {
288 init_packet(&pkt);
289 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )));
290 return rc;
291 }
292 #endif
293
294 /****************
295 * Copy some packets from INP to OUT, thereby removing unused spaces.
296 * Stop at offset STOPoff (i.e. don't copy packets at this or later offsets)
297 */
298 #ifdef DEBUG_PARSE_PACKET
299 int
300 dbg_copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff,
301 const char *dbg_f, int dbg_l )
302 {
303 PACKET pkt;
304 int skip, rc=0;
305 do {
306 if( iobuf_tell(inp) >= stopoff )
307 return 0;
308 init_packet(&pkt);
309 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0,
310 "some", dbg_f, dbg_l )) );
311 return rc;
312 }
313 #else
314 int
315 copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff )
316 {
317 PACKET pkt;
318 int skip, rc=0;
319 do {
320 if( iobuf_tell(inp) >= stopoff )
321 return 0;
322 init_packet(&pkt);
323 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )) );
324 return rc;
325 }
326 #endif
327
328 /****************
329 * Skip over N packets
330 */
331 #ifdef DEBUG_PARSE_PACKET
332 int
333 dbg_skip_some_packets( IOBUF inp, unsigned n,
334 const char *dbg_f, int dbg_l )
335 {
336 int skip, rc=0;
337 PACKET pkt;
338
339 for( ;n && !rc; n--) {
340 init_packet(&pkt);
341 rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l );
342 }
343 return rc;
344 }
345 #else
346 int
347 skip_some_packets( IOBUF inp, unsigned n )
348 {
349 int skip, rc=0;
350 PACKET pkt;
351
352 for( ;n && !rc; n--) {
353 init_packet(&pkt);
354 rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1 );
355 }
356 return rc;
357 }
358 #endif
359
360
361 /****************
362 * Parse packet. Set the variable skip points to 1 if the packet
363 * should be skipped; this is the case if either ONLYKEYPKTS is set
364 * and the parsed packet isn't one or the
365 * packet-type is 0, indicating deleted stuff.
366 * if OUT is not NULL, a special copymode is used.
367 */
368 static int
369 parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos,
370 int *skip, IOBUF out, int do_skip
371 #ifdef DEBUG_PARSE_PACKET
372 ,const char *dbg_w, const char *dbg_f, int dbg_l
373 #endif
374 )
375 {
376 int rc=0, c, ctb, pkttype, lenbytes;
377 unsigned long pktlen;
378 byte hdr[8];
379 int hdrlen;
380 int new_ctb = 0, partial=0;
381 int with_uid = (onlykeypkts == 2);
382
383 *skip = 0;
384 assert( !pkt->pkt.generic );
385 if( retpos )
386 *retpos = iobuf_tell(inp);
387
388 if( (ctb = iobuf_get(inp)) == -1 ) {
389 rc = -1;
390 goto leave;
391 }
392 hdrlen=0;
393 hdr[hdrlen++] = ctb;
394 if( !(ctb & 0x80) ) {
395 log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
396 rc = gpg_error (GPG_ERR_INV_PACKET);
397 goto leave;
398 }
399 pktlen = 0;
400 new_ctb = !!(ctb & 0x40);
401 if( new_ctb ) {
402 pkttype = ctb & 0x3f;
403 if( (c = iobuf_get(inp)) == -1 ) {
404 log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
405 rc = gpg_error (GPG_ERR_INV_PACKET);
406 goto leave;
407 }
408
409 /* The follwing code has been here for ages (2002-08-30) but it is
410 clearly wrong: For example passing a 0 as second argument to
411 iobuf_set_partial_block_mode stops the partial block mode which we
412 definitely do not want. Also all values < 224 or 255 are not
413 valid. Let's disable it and put PKT_COMPRESSED into the list of
414 allowed packets with partial header until someone complains. */
415 /* if (pkttype == PKT_COMPRESSED) { */
416 /* iobuf_set_partial_block_mode(inp, c & 0xff); */
417 /* pktlen = 0; /\* to indicate partial length *\/ */
418 /* partial=1; */
419 /* } */
420 /* else */
421 {
422 hdr[hdrlen++] = c;
423 if( c < 192 )
424 pktlen = c;
425 else if( c < 224 )
426 {
427 pktlen = (c - 192) * 256;
428 if( (c = iobuf_get(inp)) == -1 )
429 {
430 log_error("%s: 2nd length byte missing\n",
431 iobuf_where(inp) );
432 rc = gpg_error (GPG_ERR_INV_PACKET);
433 goto leave;
434 }
435 hdr[hdrlen++] = c;
436 pktlen += c + 192;
437 }
438 else if( c == 255 )
439 {
440 pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24;
441 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16;
442 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8;
443 if( (c = iobuf_get(inp)) == -1 )
444 {
445 log_error("%s: 4 byte length invalid\n",
446 iobuf_where(inp) );
447 rc = gpg_error (GPG_ERR_INV_PACKET);
448 goto leave;
449 }
450 pktlen |= (hdr[hdrlen++] = c );
451 }
452 else
453 {
454 /* Partial body length. */
455 switch (pkttype)
456 {
457 case PKT_PLAINTEXT:
458 case PKT_ENCRYPTED:
459 case PKT_ENCRYPTED_MDC:
460 case PKT_COMPRESSED:
461 iobuf_set_partial_block_mode(inp, c & 0xff);
462 pktlen = 0;/* To indicate partial length. */
463 partial=1;
464 break;
465
466 default:
467 log_error("%s: partial length for invalid"
468 " packet type %d\n", iobuf_where(inp),pkttype);
469 rc = gpg_error (GPG_ERR_INV_PACKET);
470 goto leave;
471 }
472 }
473 }
474 }
475 else
476 {
477 pkttype = (ctb>>2)&0xf;
478 lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
479 if( !lenbytes )
480 {
481 pktlen = 0; /* don't know the value */
482 /* This isn't really partial, but we can treat it the same
483 in a "read until the end" sort of way. */
484 partial=1;
485 if(pkttype!=PKT_ENCRYPTED && pkttype!=PKT_PLAINTEXT
486 && pkttype!=PKT_COMPRESSED)
487 {
488 log_error ("%s: indeterminate length for invalid"
489 " packet type %d\n", iobuf_where(inp), pkttype );
490 rc = gpg_error (GPG_ERR_INV_PACKET);
491 goto leave;
492 }
493 }
494 else
495 {
496 for( ; lenbytes; lenbytes-- )
497 {
498 pktlen <<= 8;
499 pktlen |= hdr[hdrlen++] = iobuf_get_noeof(inp);
500 }
501 }
502 }
503
504 if (pktlen == (unsigned long)(-1)) {
505 /* With some probability this is caused by a problem in the
506 * the uncompressing layer - in some error cases it just loops
507 * and spits out 0xff bytes. */
508 log_error ("%s: garbled packet detected\n", iobuf_where(inp) );
509 g10_exit (2);
510 }
511
512 if( out && pkttype ) {
513 rc = iobuf_write (out, hdr, hdrlen);
514 if (!rc)
515 rc = copy_packet(inp, out, pkttype, pktlen, partial );
516 goto leave;
517 }
518
519 if (with_uid && pkttype == PKT_USER_ID)
520 ;
521 else if( do_skip
522 || !pkttype
523 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
524 && pkttype != PKT_PUBLIC_KEY
525 && pkttype != PKT_SECRET_SUBKEY
526 && pkttype != PKT_SECRET_KEY ) ) {
527 iobuf_skip_rest(inp, pktlen, partial);
528 *skip = 1;
529 rc = 0;
530 goto leave;
531 }
532
533 if( DBG_PACKET ) {
534 #ifdef DEBUG_PARSE_PACKET
535 log_debug("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
536 iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"",
537 dbg_w, dbg_f, dbg_l );
538 #else
539 log_debug("parse_packet(iob=%d): type=%d length=%lu%s\n",
540 iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"" );
541 #endif
542 }
543 pkt->pkttype = pkttype;
544 rc = G10ERR_UNKNOWN_PACKET; /* default error */
545 switch( pkttype ) {
546 case PKT_PUBLIC_KEY:
547 case PKT_PUBLIC_SUBKEY:
548 pkt->pkt.public_key = xmalloc_clear(sizeof *pkt->pkt.public_key );
549 rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
550 break;
551 case PKT_SECRET_KEY:
552 case PKT_SECRET_SUBKEY:
553 pkt->pkt.secret_key = xmalloc_clear(sizeof *pkt->pkt.secret_key );
554 rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
555 break;
556 case PKT_SYMKEY_ENC:
557 rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
558 break;
559 case PKT_PUBKEY_ENC:
560 rc = parse_pubkeyenc(inp, pkttype, pktlen, pkt );
561 break;
562 case PKT_SIGNATURE:
563 pkt->pkt.signature = xmalloc_clear(sizeof *pkt->pkt.signature );
564 rc = parse_signature(inp, pkttype, pktlen, pkt->pkt.signature );
565 break;
566 case PKT_ONEPASS_SIG:
567 pkt->pkt.onepass_sig = xmalloc_clear(sizeof *pkt->pkt.onepass_sig );
568 rc = parse_onepass_sig(inp, pkttype, pktlen, pkt->pkt.onepass_sig );
569 break;
570 case PKT_USER_ID:
571 rc = parse_user_id(inp, pkttype, pktlen, pkt );
572 break;
573 case PKT_ATTRIBUTE:
574 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
575 rc = parse_attribute(inp, pkttype, pktlen, pkt);
576 break;
577 case PKT_OLD_COMMENT:
578 case PKT_COMMENT:
579 rc = parse_comment(inp, pkttype, pktlen, pkt);
580 break;
581 case PKT_RING_TRUST:
582 parse_trust(inp, pkttype, pktlen, pkt);
583 rc = 0;
584 break;
585 case PKT_PLAINTEXT:
586 rc = parse_plaintext(inp, pkttype, pktlen, pkt, new_ctb, partial );
587 break;
588 case PKT_COMPRESSED:
589 rc = parse_compressed(inp, pkttype, pktlen, pkt, new_ctb );
590 break;
591 case PKT_ENCRYPTED:
592 case PKT_ENCRYPTED_MDC:
593 rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb, partial );
594 break;
595 case PKT_MDC:
596 rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb );
597 break;
598 case PKT_GPG_CONTROL:
599 rc = parse_gpg_control(inp, pkttype, pktlen, pkt, partial );
600 break;
601 case PKT_MARKER:
602 rc = parse_marker(inp,pkttype,pktlen);
603 break;
604 default:
605 skip_packet(inp, pkttype, pktlen, partial);
606 break;
607 }
608
609 leave:
610 if( !rc && iobuf_error(inp) )
611 rc = G10ERR_INV_KEYRING;
612 return rc;
613 }
614
615 static void
616 dump_hex_line( int c, int *i )
617 {
618 if( *i && !(*i%8) ) {
619 if( *i && !(*i%24) )
620 fprintf (listfp, "\n%4d:", *i );
621 else
622 putc (' ', listfp);
623 }
624 if( c == -1 )
625 fprintf (listfp, " EOF" );
626 else
627 fprintf (listfp, " %02x", c );
628 ++*i;
629 }
630
631
632 static int
633 copy_packet( IOBUF inp, IOBUF out, int pkttype,
634 unsigned long pktlen, int partial )
635 {
636 int rc;
637 int n;
638 char buf[100];
639
640 if( partial ) {
641 while( (n = iobuf_read( inp, buf, 100 )) != -1 )
642 if( (rc=iobuf_write(out, buf, n )) )
643 return rc; /* write error */
644 }
645 else if( !pktlen && pkttype == PKT_COMPRESSED ) {
646 log_debug("copy_packet: compressed!\n");
647 /* compressed packet, copy till EOF */
648 while( (n = iobuf_read( inp, buf, 100 )) != -1 )
649 if( (rc=iobuf_write(out, buf, n )) )
650 return rc; /* write error */
651 }
652 else {
653 for( ; pktlen; pktlen -= n ) {
654 n = pktlen > 100 ? 100 : pktlen;
655 n = iobuf_read( inp, buf, n );
656 if( n == -1 )
657 return gpg_error (GPG_ERR_EOF);
658 if( (rc=iobuf_write(out, buf, n )) )
659 return rc; /* write error */
660 }
661 }
662 return 0;
663 }
664
665
666 static void
667 skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial )
668 {
669 if( list_mode )
670 {
671 fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
672 pkttype, pktlen);
673 if( pkttype )
674 {
675 int c, i=0 ;
676 fputs("dump:", listfp );
677 if( partial )
678 {
679 while( (c=iobuf_get(inp)) != -1 )
680 dump_hex_line(c, &i);
681 }
682 else
683 {
684 for( ; pktlen; pktlen-- )
685 dump_hex_line(iobuf_get(inp), &i);
686 }
687 putc ('\n', listfp);
688 return;
689 }
690 }
691 iobuf_skip_rest(inp,pktlen,partial);
692 }
693
694 static void *
695 read_rest( IOBUF inp, size_t pktlen, int partial )
696 {
697 byte *p;
698 int i;
699
700 if( partial ) {
701 log_error("read_rest: can't store stream data\n");
702 p = NULL;
703 }
704 else {
705 p = xmalloc( pktlen );
706 for(i=0; pktlen; pktlen--, i++ )
707 p[i] = iobuf_get(inp);
708 }
709 return p;
710 }
711
712 static int
713 parse_marker( IOBUF inp, int pkttype, unsigned long pktlen )
714 {
715 (void)pkttype;
716
717 if(pktlen!=3)
718 goto fail;
719
720 if(iobuf_get(inp)!='P')
721 {
722 pktlen--;
723 goto fail;
724 }
725
726 if(iobuf_get(inp)!='G')
727 {
728 pktlen--;
729 goto fail;
730 }
731
732 if(iobuf_get(inp)!='P')
733 {
734 pktlen--;
735 goto fail;
736 }
737
738 if(list_mode)
739 fputs(":marker packet: PGP\n", listfp );
740
741 return 0;
742
743 fail:
744 log_error("invalid marker packet\n");
745 iobuf_skip_rest(inp,pktlen,0);
746 return G10ERR_INVALID_PACKET;
747 }
748
749 static int
750 parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
751 {
752 PKT_symkey_enc *k;
753 int rc = 0;
754 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
755
756 if( pktlen < 4 ) {
757 log_error("packet(%d) too short\n", pkttype);
758 rc = gpg_error (GPG_ERR_INV_PACKET);
759 goto leave;
760 }
761 version = iobuf_get_noeof(inp); pktlen--;
762 if( version != 4 ) {
763 log_error("packet(%d) with unknown version %d\n", pkttype, version);
764 rc = gpg_error (GPG_ERR_INV_PACKET);
765 goto leave;
766 }
767 if( pktlen > 200 ) { /* (we encode the seskeylen in a byte) */
768 log_error("packet(%d) too large\n", pkttype);
769 rc = gpg_error (GPG_ERR_INV_PACKET);
770 goto leave;
771 }
772 cipher_algo = iobuf_get_noeof(inp); pktlen--;
773 s2kmode = iobuf_get_noeof(inp); pktlen--;
774 hash_algo = iobuf_get_noeof(inp); pktlen--;
775 switch( s2kmode ) {
776 case 0: /* simple s2k */
777 minlen = 0;
778 break;
779 case 1: /* salted s2k */
780 minlen = 8;
781 break;
782 case 3: /* iterated+salted s2k */
783 minlen = 9;
784 break;
785 default:
786 log_error("unknown S2K %d\n", s2kmode );
787 goto leave;
788 }
789 if( minlen > pktlen ) {
790 log_error("packet with S2K %d too short\n", s2kmode );
791 rc = gpg_error (GPG_ERR_INV_PACKET);
792 goto leave;
793 }
794 seskeylen = pktlen - minlen;
795 k = packet->pkt.symkey_enc = xmalloc_clear( sizeof *packet->pkt.symkey_enc
796 + seskeylen - 1 );
797 k->version = version;
798 k->cipher_algo = cipher_algo;
799 k->s2k.mode = s2kmode;
800 k->s2k.hash_algo = hash_algo;
801 if( s2kmode == 1 || s2kmode == 3 ) {
802 for(i=0; i < 8 && pktlen; i++, pktlen-- )
803 k->s2k.salt[i] = iobuf_get_noeof(inp);
804 }
805 if( s2kmode == 3 ) {
806 k->s2k.count = iobuf_get(inp); pktlen--;
807 }
808 k->seskeylen = seskeylen;
809 if(k->seskeylen)
810 {
811 for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
812 k->seskey[i] = iobuf_get_noeof(inp);
813
814 /* What we're watching out for here is a session key decryptor
815 with no salt. The RFC says that using salt for this is a
816 MUST. */
817 if(s2kmode!=1 && s2kmode!=3)
818 log_info(_("WARNING: potentially insecure symmetrically"
819 " encrypted session key\n"));
820 }
821 assert( !pktlen );
822
823 if( list_mode ) {
824 fprintf (listfp, ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
825 version, cipher_algo, s2kmode, hash_algo);
826 if(seskeylen)
827 fprintf (listfp, ", seskey %d bits",(seskeylen-1)*8);
828 fprintf (listfp, "\n");
829 if( s2kmode == 1 || s2kmode == 3 ) {
830 fprintf (listfp, "\tsalt ");
831 for(i=0; i < 8; i++ )
832 fprintf (listfp, "%02x", k->s2k.salt[i]);
833 if( s2kmode == 3 )
834 fprintf (listfp, ", count %lu (%lu)",
835 S2K_DECODE_COUNT((ulong)k->s2k.count),
836 (ulong)k->s2k.count );
837 fprintf (listfp, "\n");
838 }
839 }
840
841 leave:
842 iobuf_skip_rest(inp, pktlen, 0);
843 return rc;
844 }
845
846 static int
847 parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
848 {
849 unsigned int n;
850 int rc = 0;
851 int i, ndata;
852 PKT_pubkey_enc *k;
853
854 k = packet->pkt.pubkey_enc = xmalloc_clear(sizeof *packet->pkt.pubkey_enc);
855 if( pktlen < 12 ) {
856 log_error("packet(%d) too short\n", pkttype);
857 rc = gpg_error (GPG_ERR_INV_PACKET);
858 goto leave;
859 }
860 k->version = iobuf_get_noeof(inp); pktlen--;
861 if( k->version != 2 && k->version != 3 ) {
862 log_error("packet(%d) with unknown version %d\n", pkttype, k->version);
863 rc = gpg_error (GPG_ERR_INV_PACKET);
864 goto leave;
865 }
866 k->keyid[0] = read_32(inp); pktlen -= 4;
867 k->keyid[1] = read_32(inp); pktlen -= 4;
868 k->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
869 k->throw_keyid = 0; /* only used as flag for build_packet */
870 if( list_mode )
871 fprintf (listfp, ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
872 k->version, k->pubkey_algo, (ulong)k->keyid[0], (ulong)k->keyid[1]);
873
874 ndata = pubkey_get_nenc(k->pubkey_algo);
875 if( !ndata ) {
876 if( list_mode )
877 fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo );
878 unknown_pubkey_warning( k->pubkey_algo );
879 k->data[0] = NULL; /* no need to store the encrypted data */
880 }
881 else {
882 for( i=0; i < ndata; i++ ) {
883 n = pktlen;
884 k->data[i] = mpi_read(inp, &n, 0); pktlen -=n;
885 if( list_mode ) {
886 fprintf (listfp, "\tdata: ");
887 mpi_print(listfp, k->data[i], mpi_print_mode );
888 putc ('\n', listfp);
889 }
890 if (!k->data[i])
891 rc = gpg_error (GPG_ERR_INV_PACKET);
892 }
893 }
894
895 leave:
896 iobuf_skip_rest(inp, pktlen, 0);
897 return rc;
898 }
899
900
901 static void
902 dump_sig_subpkt( int hashed, int type, int critical,
903 const byte *buffer, size_t buflen, size_t length )
904 {
905 const char *p=NULL;
906 int i;
907
908 /* The CERT has warning out with explains how to use GNUPG to
909 * detect the ARRs - we print our old message here when it is a faked
910 * ARR and add an additional notice */
911 if ( type == SIGSUBPKT_ARR && !hashed ) {
912 fprintf (listfp,
913 "\tsubpkt %d len %u (additional recipient request)\n"
914 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
915 "encrypt to this key and thereby reveal the plaintext to "
916 "the owner of this ARR key. Detailed info follows:\n",
917 type, (unsigned)length );
918 }
919
920 buffer++;
921 length--;
922
923 fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*)*/
924 critical ? "critical ":"",
925 hashed ? "hashed ":"", type, (unsigned)length );
926 if( length > buflen ) {
927 fprintf (listfp, "too short: buffer is only %u)\n", (unsigned)buflen );
928 return;
929 }
930 switch( type ) {
931 case SIGSUBPKT_SIG_CREATED:
932 if( length >= 4 )
933 fprintf (listfp, "sig created %s", strtimestamp( buffer_to_u32(buffer) ) );
934 break;
935 case SIGSUBPKT_SIG_EXPIRE:
936 if( length >= 4 )
937 {
938 if(buffer_to_u32(buffer))
939 fprintf (listfp, "sig expires after %s",
940 strtimevalue( buffer_to_u32(buffer) ) );
941 else
942 fprintf (listfp, "sig does not expire");
943 }
944 break;
945 case SIGSUBPKT_EXPORTABLE:
946 if( length )
947 fprintf (listfp, "%sexportable", *buffer? "":"not ");
948 break;
949 case SIGSUBPKT_TRUST:
950 if(length!=2)
951 p="[invalid trust subpacket]";
952 else
953 fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]);
954 break;
955 case SIGSUBPKT_REGEXP:
956 if(!length)
957 p="[invalid regexp subpacket]";
958 else
959 fprintf (listfp, "regular expression: \"%s\"",buffer);
960 break;
961 case SIGSUBPKT_REVOCABLE:
962 if( length )
963 fprintf (listfp, "%srevocable", *buffer? "":"not ");
964 break;
965 case SIGSUBPKT_KEY_EXPIRE:
966 if( length >= 4 )
967 {
968 if(buffer_to_u32(buffer))
969 fprintf (listfp, "key expires after %s",
970 strtimevalue( buffer_to_u32(buffer) ) );
971 else
972 fprintf (listfp, "key does not expire");
973 }
974 break;
975 case SIGSUBPKT_PREF_SYM:
976 fputs("pref-sym-algos:", listfp );
977 for( i=0; i < length; i++ )
978 fprintf (listfp, " %d", buffer[i] );
979 break;
980 case SIGSUBPKT_REV_KEY:
981 fputs("revocation key: ", listfp );
982 if( length < 22 )
983 p = "[too short]";
984 else {
985 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
986 for( i=2; i < length; i++ )
987 fprintf (listfp, "%02X", buffer[i] );
988 }
989 break;
990 case SIGSUBPKT_ISSUER:
991 if( length >= 8 )
992 fprintf (listfp, "issuer key ID %08lX%08lX",
993 (ulong)buffer_to_u32(buffer),
994 (ulong)buffer_to_u32(buffer+4) );
995 break;
996 case SIGSUBPKT_NOTATION:
997 {
998 fputs("notation: ", listfp );
999 if( length < 8 )
1000 p = "[too short]";
1001 else {
1002 const byte *s = buffer;
1003 size_t n1, n2;
1004
1005 n1 = (s[4] << 8) | s[5];
1006 n2 = (s[6] << 8) | s[7];
1007 s += 8;
1008 if( 8+n1+n2 != length )
1009 p = "[error]";
1010 else {
1011 print_string( listfp, s, n1, ')' );
1012 putc( '=', listfp );
1013
1014 if( *buffer & 0x80 )
1015 print_string( listfp, s+n1, n2, ')' );
1016 else
1017 p = "[not human readable]";
1018 }
1019 }
1020 }
1021 break;
1022 case SIGSUBPKT_PREF_HASH:
1023 fputs("pref-hash-algos:", listfp );
1024 for( i=0; i < length; i++ )
1025 fprintf (listfp, " %d", buffer[i] );
1026 break;
1027 case SIGSUBPKT_PREF_COMPR:
1028 fputs("pref-zip-algos:", listfp );
1029 for( i=0; i < length; i++ )
1030 fprintf (listfp, " %d", buffer[i] );
1031 break;
1032 case SIGSUBPKT_KS_FLAGS:
1033 fputs("key server preferences:",listfp);
1034 for(i=0;i<length;i++)
1035 fprintf (listfp, " %02X", buffer[i]);
1036 break;
1037 case SIGSUBPKT_PREF_KS:
1038 fputs("preferred key server: ", listfp );
1039 print_string( listfp, buffer, length, ')' );
1040 break;
1041 case SIGSUBPKT_PRIMARY_UID:
1042 p = "primary user ID";
1043 break;
1044 case SIGSUBPKT_POLICY:
1045 fputs("policy: ", listfp );
1046 print_string( listfp, buffer, length, ')' );
1047 break;
1048 case SIGSUBPKT_KEY_FLAGS:
1049 fputs ( "key flags:", listfp );
1050 for( i=0; i < length; i++ )
1051 fprintf (listfp, " %02X", buffer[i] );
1052 break;
1053 case SIGSUBPKT_SIGNERS_UID:
1054 p = "signer's user ID";
1055 break;
1056 case SIGSUBPKT_REVOC_REASON:
1057 if( length ) {
1058 fprintf (listfp, "revocation reason 0x%02x (", *buffer );
1059 print_string( listfp, buffer+1, length-1, ')' );
1060 p = ")";
1061 }
1062 break;
1063 case SIGSUBPKT_ARR:
1064 fputs("Big Brother's key (ignored): ", listfp );
1065 if( length < 22 )
1066 p = "[too short]";
1067 else {
1068 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
1069 for( i=2; i < length; i++ )
1070 fprintf (listfp, "%02X", buffer[i] );
1071 }
1072 break;
1073 case SIGSUBPKT_FEATURES:
1074 fputs ( "features:", listfp );
1075 for( i=0; i < length; i++ )
1076 fprintf (listfp, " %02x", buffer[i] );
1077 break;
1078 case SIGSUBPKT_SIGNATURE:
1079 fputs("signature: ",listfp);
1080 if(length<17)
1081 p="[too short]";
1082 else
1083 fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1084 buffer[0],
1085 buffer[0]==3?buffer[2]:buffer[1],
1086 buffer[0]==3?buffer[15]:buffer[2],
1087 buffer[0]==3?buffer[16]:buffer[3]);
1088 break;
1089 default:
1090 if(type>=100 && type<=110)
1091 p="experimental / private subpacket";
1092 else
1093 p = "?";
1094 break;
1095 }
1096
1097 fprintf (listfp, "%s)\n", p? p: "");
1098 }
1099
1100 /****************
1101 * Returns: >= 0 use this offset into buffer
1102 * -1 explicitly reject returning this type
1103 * -2 subpacket too short
1104 */
1105 int
1106 parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
1107 {
1108 switch( type )
1109 {
1110 case SIGSUBPKT_REV_KEY:
1111 if(n < 22)
1112 break;
1113 return 0;
1114 case SIGSUBPKT_SIG_CREATED:
1115 case SIGSUBPKT_SIG_EXPIRE:
1116 case SIGSUBPKT_KEY_EXPIRE:
1117 if( n < 4 )
1118 break;
1119 return 0;
1120 case SIGSUBPKT_KEY_FLAGS:
1121 case SIGSUBPKT_KS_FLAGS:
1122 case SIGSUBPKT_PREF_SYM:
1123 case SIGSUBPKT_PREF_HASH:
1124 case SIGSUBPKT_PREF_COMPR:
1125 case SIGSUBPKT_POLICY:
1126 case SIGSUBPKT_PREF_KS:
1127 case SIGSUBPKT_FEATURES:
1128 case SIGSUBPKT_REGEXP:
1129 return 0;
1130 case SIGSUBPKT_SIGNATURE:
1131 case SIGSUBPKT_EXPORTABLE:
1132 case SIGSUBPKT_REVOCABLE:
1133 case SIGSUBPKT_REVOC_REASON:
1134 if( !n )
1135 break;
1136 return 0;
1137 case SIGSUBPKT_ISSUER: /* issuer key ID */
1138 if( n < 8 )
1139 break;
1140 return 0;
1141 case SIGSUBPKT_NOTATION:
1142 /* minimum length needed, and the subpacket must be well-formed
1143 where the name length and value length all fit inside the
1144 packet. */
1145 if(n<8 || 8+((buffer[4]<<8)|buffer[5])+((buffer[6]<<8)|buffer[7]) != n)
1146 break;
1147 return 0;
1148 case SIGSUBPKT_PRIMARY_UID:
1149 if ( n != 1 )
1150 break;
1151 return 0;
1152 case SIGSUBPKT_TRUST:
1153 if ( n != 2 )
1154 break;
1155 return 0;
1156 default: return 0;
1157 }
1158 return -2;
1159 }
1160
1161 /* Not many critical notations we understand yet... */
1162 static int
1163 can_handle_critical_notation(const byte *name,size_t len)
1164 {
1165 if(len==32 && memcmp(name,"preferred-email-encoding@pgp.com",32)==0)
1166 return 1;
1167 if(len==21 && memcmp(name,"pka-address@gnupg.org",21)==0)
1168 return 1;
1169
1170 return 0;
1171 }
1172
1173 static int
1174 can_handle_critical( const byte *buffer, size_t n, int type )
1175 {
1176 switch( type )
1177 {
1178 case SIGSUBPKT_NOTATION:
1179 if(n>=8)
1180 return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
1181 else
1182 return 0;
1183 case SIGSUBPKT_SIGNATURE:
1184 case SIGSUBPKT_SIG_CREATED:
1185 case SIGSUBPKT_SIG_EXPIRE:
1186 case SIGSUBPKT_KEY_EXPIRE:
1187 case SIGSUBPKT_EXPORTABLE:
1188 case SIGSUBPKT_REVOCABLE:
1189 case SIGSUBPKT_REV_KEY:
1190 case SIGSUBPKT_ISSUER:/* issuer key ID */
1191 case SIGSUBPKT_PREF_SYM:
1192 case SIGSUBPKT_PREF_HASH:
1193 case SIGSUBPKT_PREF_COMPR:
1194 case SIGSUBPKT_KEY_FLAGS:
1195 case SIGSUBPKT_PRIMARY_UID:
1196 case SIGSUBPKT_FEATURES:
1197 case SIGSUBPKT_TRUST:
1198 case SIGSUBPKT_REGEXP:
1199 /* Is it enough to show the policy or keyserver? */
1200 case SIGSUBPKT_POLICY:
1201 case SIGSUBPKT_PREF_KS:
1202 return 1;
1203
1204 default:
1205 return 0;
1206 }
1207 }
1208
1209
1210 const byte *
1211 enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
1212 size_t *ret_n, int *start, int *critical )
1213 {
1214 const byte *buffer;
1215 int buflen;
1216 int type;
1217 int critical_dummy;
1218 int offset;
1219 size_t n;
1220 int seq = 0;
1221 int reqseq = start? *start: 0;
1222
1223 if(!critical)
1224 critical=&critical_dummy;
1225
1226 if( !pktbuf || reqseq == -1 ) {
1227 /* return some value different from NULL to indicate that
1228 * there is no critical bit we do not understand. The caller
1229 * will never use the value. Yes I know, it is an ugly hack */
1230 return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
1231 }
1232 buffer = pktbuf->data;
1233 buflen = pktbuf->len;
1234 while( buflen ) {
1235 n = *buffer++; buflen--;
1236 if( n == 255 ) { /* 4 byte length header */
1237 if( buflen < 4 )
1238 goto too_short;
1239 n = (buffer[0] << 24) | (buffer[1] << 16)
1240 | (buffer[2] << 8) | buffer[3];
1241 buffer += 4;
1242 buflen -= 4;
1243 }
1244 else if( n >= 192 ) { /* 2 byte special encoded length header */
1245 if( buflen < 2 )
1246 goto too_short;
1247 n = (( n - 192 ) << 8) + *buffer + 192;
1248 buffer++;
1249 buflen--;
1250 }
1251 if( buflen < n )
1252 goto too_short;
1253 type = *buffer;
1254 if( type & 0x80 ) {
1255 type &= 0x7f;
1256 *critical = 1;
1257 }
1258 else
1259 *critical = 0;
1260 if( !(++seq > reqseq) )
1261 ;
1262 else if( reqtype == SIGSUBPKT_TEST_CRITICAL ) {
1263 if( *critical ) {
1264 if( n-1 > buflen+1 )
1265 goto too_short;
1266 if( !can_handle_critical(buffer+1, n-1, type ) )
1267 {
1268 if(opt.verbose)
1269 log_info(_("subpacket of type %d has "
1270 "critical bit set\n"),type);
1271 if( start )
1272 *start = seq;
1273 return NULL; /* this is an error */
1274 }
1275 }
1276 }
1277 else if( reqtype < 0 ) /* list packets */
1278 dump_sig_subpkt( reqtype == SIGSUBPKT_LIST_HASHED,
1279 type, *critical, buffer, buflen, n );
1280 else if( type == reqtype ) { /* found */
1281 buffer++;
1282 n--;
1283 if( n > buflen )
1284 goto too_short;
1285 if( ret_n )
1286 *ret_n = n;
1287 offset = parse_one_sig_subpkt(buffer, n, type );
1288 switch( offset ) {
1289 case -2:
1290 log_error("subpacket of type %d too short\n", type);
1291 return NULL;
1292 case -1:
1293 return NULL;
1294 default:
1295 break;
1296 }
1297 if( start )
1298 *start = seq;
1299 return buffer+offset;
1300 }
1301 buffer += n; buflen -=n;
1302 }
1303 if( reqtype == SIGSUBPKT_TEST_CRITICAL )
1304 return buffer; /* as value true to indicate that there is no */
1305 /* critical bit we don't understand */
1306 if( start )
1307 *start = -1;
1308 return NULL; /* end of packets; not found */
1309
1310 too_short:
1311 if(opt.verbose)
1312 log_info("buffer shorter than subpacket\n");
1313 if( start )
1314 *start = -1;
1315 return NULL;
1316 }
1317
1318
1319 const byte *
1320 parse_sig_subpkt (const subpktarea_t *buffer, sigsubpkttype_t reqtype,
1321 size_t *ret_n)
1322 {
1323 return enum_sig_subpkt( buffer, reqtype, ret_n, NULL, NULL );
1324 }
1325
1326 const byte *
1327 parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype,
1328 size_t *ret_n )
1329 {
1330 const byte *p;
1331
1332 p = parse_sig_subpkt (sig->hashed, reqtype, ret_n );
1333 if( !p )
1334 p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n );
1335 return p;
1336 }
1337
1338 /* Find all revocation keys. Look in hashed area only. */
1339 void parse_revkeys(PKT_signature *sig)
1340 {
1341 struct revocation_key *revkey;
1342 int seq=0;
1343 size_t len;
1344
1345 if(sig->sig_class!=0x1F)
1346 return;
1347
1348 while((revkey=
1349 (struct revocation_key *)enum_sig_subpkt(sig->hashed,
1350 SIGSUBPKT_REV_KEY,
1351 &len,&seq,NULL)))
1352 {
1353 if(len==sizeof(struct revocation_key) &&
1354 (revkey->class&0x80)) /* 0x80 bit must be set */
1355 {
1356 sig->revkey=xrealloc(sig->revkey,
1357 sizeof(struct revocation_key *)*(sig->numrevkeys+1));
1358 sig->revkey[sig->numrevkeys]=revkey;
1359 sig->numrevkeys++;
1360 }
1361 }
1362 }
1363
1364 int
1365 parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
1366 PKT_signature *sig )
1367 {
1368 int md5_len=0;
1369 unsigned n;
1370 int is_v4=0;
1371 int rc=0;
1372 int i, ndata;
1373
1374 if( pktlen < 16 ) {
1375 log_error("packet(%d) too short\n", pkttype);
1376 goto leave;
1377 }
1378 sig->version = iobuf_get_noeof(inp); pktlen--;
1379 if( sig->version == 4 )
1380 is_v4=1;
1381 else if( sig->version != 2 && sig->version != 3 ) {
1382 log_error("packet(%d) with unknown version %d\n",
1383 pkttype, sig->version);
1384 rc = gpg_error (GPG_ERR_INV_PACKET);
1385 goto leave;
1386 }
1387
1388 if( !is_v4 ) {
1389 md5_len = iobuf_get_noeof(inp); pktlen--;
1390 }
1391 sig->sig_class = iobuf_get_noeof(inp); pktlen--;
1392 if( !is_v4 ) {
1393 sig->timestamp = read_32(inp); pktlen -= 4;
1394 sig->keyid[0] = read_32(inp); pktlen -= 4;
1395 sig->keyid[1] = read_32(inp); pktlen -= 4;
1396 }
1397 sig->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
1398 sig->digest_algo = iobuf_get_noeof(inp); pktlen--;
1399 sig->flags.exportable=1;
1400 sig->flags.revocable=1;
1401 if( is_v4 ) { /* read subpackets */
1402 n = read_16(inp); pktlen -= 2; /* length of hashed data */
1403 if( n > 10000 ) {
1404 log_error("signature packet: hashed data too long\n");
1405 rc = G10ERR_INVALID_PACKET;
1406 goto leave;
1407 }
1408 if( n ) {
1409 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1 );
1410 sig->hashed->size = n;
1411 sig->hashed->len = n;
1412 if( iobuf_read (inp, sig->hashed->data, n ) != n ) {
1413 log_error ("premature eof while reading "
1414 "hashed signature data\n");
1415 rc = -1;
1416 goto leave;
1417 }
1418 pktlen -= n;
1419 }
1420 n = read_16(inp); pktlen -= 2; /* length of unhashed data */
1421 if( n > 10000 ) {
1422 log_error("signature packet: unhashed data too long\n");
1423 rc = G10ERR_INVALID_PACKET;
1424 goto leave;
1425 }
1426 if( n ) {
1427 sig->unhashed = xmalloc (sizeof(*sig->unhashed) + n - 1 );
1428 sig->unhashed->size = n;
1429 sig->unhashed->len = n;
1430 if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
1431 log_error("premature eof while reading "
1432 "unhashed signature data\n");
1433 rc = -1;
1434 goto leave;
1435 }
1436 pktlen -= n;
1437 }
1438 }
1439
1440 if( pktlen < 5 ) { /* sanity check */
1441 log_error("packet(%d) too short\n", pkttype);
1442 rc = G10ERR_INVALID_PACKET;
1443 goto leave;
1444 }
1445
1446 sig->digest_start[0] = iobuf_get_noeof(inp); pktlen--;
1447 sig->digest_start[1] = iobuf_get_noeof(inp); pktlen--;
1448
1449 if( is_v4 && sig->pubkey_algo )
1450 { /*extract required information */
1451 const byte *p;
1452 size_t len;
1453
1454 /* set sig->flags.unknown_critical if there is a
1455 * critical bit set for packets which we do not understand */
1456 if( !parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1457 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL,
1458 NULL) )
1459 sig->flags.unknown_critical = 1;
1460
1461 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL );
1462 if(p)
1463 sig->timestamp = buffer_to_u32(p);
1464 else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
1465 && opt.verbose)
1466 log_info ("signature packet without timestamp\n");
1467
1468 p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL );
1469 if(p)
1470 {
1471 sig->keyid[0] = buffer_to_u32(p);
1472 sig->keyid[1] = buffer_to_u32(p+4);
1473 }
1474 else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
1475 && opt.verbose)
1476 log_info ("signature packet without keyid\n");
1477
1478 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL);
1479 if(p && buffer_to_u32(p))
1480 sig->expiredate=sig->timestamp+buffer_to_u32(p);
1481 if(sig->expiredate && sig->expiredate<=make_timestamp())
1482 sig->flags.expired=1;
1483
1484 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,NULL);
1485 if(p)
1486 sig->flags.policy_url=1;
1487
1488 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,NULL);
1489 if(p)
1490 sig->flags.pref_ks=1;
1491
1492 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,NULL);
1493 if(p)
1494 sig->flags.notation=1;
1495
1496 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_REVOCABLE,NULL);
1497 if(p && *p==0)
1498 sig->flags.revocable=0;
1499
1500 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_TRUST,&len);
1501 if(p && len==2)
1502 {
1503 sig->trust_depth=p[0];
1504 sig->trust_value=p[1];
1505
1506 /* Only look for a regexp if there is also a trust
1507 subpacket. */
1508 sig->trust_regexp=
1509 parse_sig_subpkt(sig->hashed,SIGSUBPKT_REGEXP,&len);
1510
1511 /* If the regular expression is of 0 length, there is no
1512 regular expression. */
1513 if(len==0)
1514 sig->trust_regexp=NULL;
1515 }
1516
1517 /* We accept the exportable subpacket from either the hashed
1518 or unhashed areas as older versions of gpg put it in the
1519 unhashed area. In theory, anyway, we should never see this
1520 packet off of a local keyring. */
1521
1522 p=parse_sig_subpkt2(sig,SIGSUBPKT_EXPORTABLE,NULL);
1523 if(p && *p==0)
1524 sig->flags.exportable=0;
1525
1526 /* Find all revocation keys. */
1527 if(sig->sig_class==0x1F)
1528 parse_revkeys(sig);
1529 }
1530
1531 if( list_mode ) {
1532 fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1533 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1534 "\tdigest algo %d, begin of digest %02x %02x\n",
1535 sig->pubkey_algo,
1536 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1537 sig->version, (ulong)sig->timestamp, md5_len, sig->sig_class,
1538 sig->digest_algo,
1539 sig->digest_start[0], sig->digest_start[1] );
1540 if( is_v4 ) {
1541 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL );
1542 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
1543 }
1544 }
1545
1546 ndata = pubkey_get_nsig(sig->pubkey_algo);
1547 if( !ndata ) {
1548 if( list_mode )
1549 fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo );
1550 unknown_pubkey_warning( sig->pubkey_algo );
1551 /* We store the plain material in data[0], so that we are able
1552 * to write it back with build_packet() */
1553 if (pktlen > (5 * MAX_EXTERN_MPI_BITS/8))
1554 {
1555 /* However we include a limit to avoid too trivial DoS
1556 attacks by having gpg allocate too much memory. */
1557 log_error ("signature packet: too much data\n");
1558 rc = G10ERR_INVALID_PACKET;
1559 }
1560 else
1561 {
1562 sig->data[0]= gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
1563 pktlen*8 );
1564 pktlen = 0;
1565 }
1566 }
1567 else {
1568 for( i=0; i < ndata; i++ ) {
1569 n = pktlen;
1570 sig->data[i] = mpi_read(inp, &n, 0 );
1571 pktlen -=n;
1572 if( list_mode ) {
1573 fprintf (listfp, "\tdata: ");
1574 mpi_print(listfp, sig->data[i], mpi_print_mode );
1575 putc ('\n', listfp);
1576 }
1577 if (!sig->data[i])
1578 rc = G10ERR_INVALID_PACKET;
1579 }
1580 }
1581
1582 leave:
1583 iobuf_skip_rest(inp, pktlen, 0);
1584 return rc;
1585 }
1586
1587
1588 static int
1589 parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
1590 PKT_onepass_sig *ops )
1591 {
1592 int version;
1593 int rc = 0;
1594
1595 if( pktlen < 13 ) {
1596 log_error("packet(%d) too short\n", pkttype);
1597 rc = gpg_error (GPG_ERR_INV_PACKET);
1598 goto leave;
1599 }
1600 version = iobuf_get_noeof(inp); pktlen--;
1601 if( version != 3 ) {
1602 log_error("onepass_sig with unknown version %d\n", version);
1603 rc = gpg_error (GPG_ERR_INV_PACKET);
1604 goto leave;
1605 }
1606 ops->sig_class = iobuf_get_noeof(inp); pktlen--;
1607 ops->digest_algo = iobuf_get_noeof(inp); pktlen--;
1608 ops->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
1609 ops->keyid[0] = read_32(inp); pktlen -= 4;
1610 ops->keyid[1] = read_32(inp); pktlen -= 4;
1611 ops->last = iobuf_get_noeof(inp); pktlen--;
1612 if( list_mode )
1613 fprintf (listfp,
1614 ":onepass_sig packet: keyid %08lX%08lX\n"
1615 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
1616 "last=%d\n",
1617 (ulong)ops->keyid[0], (ulong)ops->keyid[1],
1618 version, ops->sig_class,
1619 ops->digest_algo, ops->pubkey_algo, ops->last );
1620
1621
1622 leave:
1623 iobuf_skip_rest(inp, pktlen, 0);
1624 return rc;
1625 }
1626
1627
1628 static gcry_mpi_t
1629 read_protected_v3_mpi (IOBUF inp, unsigned long *length)
1630 {
1631 int c;
1632 unsigned int nbits, nbytes;
1633 unsigned char *buf, *p;
1634 gcry_mpi_t val;
1635
1636 if (*length < 2)
1637 {
1638 log_error ("mpi too small\n");
1639 return NULL;
1640 }
1641
1642 if ((c=iobuf_get (inp)) == -1)
1643 return NULL;
1644 --*length;
1645 nbits = c << 8;
1646 if ((c=iobuf_get(inp)) == -1)
1647 return NULL;
1648 --*length;
1649 nbits |= c;
1650
1651 if (nbits > 16384)
1652 {
1653 log_error ("mpi too large (%u bits)\n", nbits);
1654 return NULL;
1655 }
1656 nbytes = (nbits+7) / 8;
1657 buf = p = xmalloc (2 + nbytes);
1658 *p++ = nbits >> 8;
1659 *p++ = nbits;
1660 for (; nbytes && *length; nbytes--, --*length)
1661 *p++ = iobuf_get (inp);
1662 if (nbytes)
1663 {
1664 log_error ("packet shorter than mpi\n");
1665 xfree (buf);
1666 return NULL;
1667 }
1668
1669 /* convert buffer into an opaque MPI */
1670 val = gcry_mpi_set_opaque (NULL, buf, (p-buf)*8);
1671 return val;
1672 }
1673
1674
1675 static int
1676 parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
1677 byte *hdr, int hdrlen, PACKET *pkt)
1678 {
1679 int i, version, algorithm;
1680 unsigned n;
1681 unsigned long timestamp, expiredate, max_expiredate;
1682 int npkey, nskey;
1683 int is_v4=0;
1684 int rc=0;
1685 u32 keyid[2];
1686
1687 (void)hdr;
1688
1689 version = iobuf_get_noeof(inp); pktlen--;
1690 if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
1691 /* early versions of G10 use old PGP comments packets;
1692 * luckily all those comments are started by a hash */
1693 if( list_mode ) {
1694 fprintf (listfp, ":rfc1991 comment packet: \"" );
1695 for( ; pktlen; pktlen-- ) {
1696 int c;
1697 c = iobuf_get_noeof(inp);
1698 if( c >= ' ' && c <= 'z' )
1699 putc (c, listfp);
1700 else
1701 fprintf (listfp, "\\x%02x", c );
1702 }
1703 fprintf (listfp, "\"\n");
1704 }
1705 iobuf_skip_rest(inp, pktlen, 0);
1706 return 0;
1707 }
1708 else if( version == 4 )
1709 is_v4=1;
1710 else if( version != 2 && version != 3 ) {
1711 log_error("packet(%d) with unknown version %d\n", pkttype, version);
1712 rc = gpg_error (GPG_ERR_INV_PACKET);
1713 goto leave;
1714 }
1715
1716 if( pktlen < 11 ) {
1717 log_error("packet(%d) too short\n", pkttype);
1718 rc = gpg_error (GPG_ERR_INV_PACKET);
1719 goto leave;
1720 }
1721
1722 timestamp = read_32(inp); pktlen -= 4;
1723 if( is_v4 ) {
1724 expiredate = 0; /* have to get it from the selfsignature */
1725 max_expiredate = 0;
1726 }
1727 else {
1728 unsigned short ndays;
1729 ndays = read_16(inp); pktlen -= 2;
1730 if( ndays )
1731 expiredate = timestamp + ndays * 86400L;
1732 else
1733 expiredate = 0;
1734
1735 max_expiredate=expiredate;
1736 }
1737 algorithm = iobuf_get_noeof(inp); pktlen--;
1738 if( list_mode )
1739 fprintf (listfp, ":%s key packet:\n"
1740 "\tversion %d, algo %d, created %lu, expires %lu\n",
1741 pkttype == PKT_PUBLIC_KEY? "public" :
1742 pkttype == PKT_SECRET_KEY? "secret" :
1743 pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
1744 pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
1745 version, algorithm, timestamp, expiredate );
1746
1747 if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
1748 PKT_secret_key *sk = pkt->pkt.secret_key;
1749
1750 sk->timestamp = timestamp;
1751 sk->expiredate = expiredate;
1752 sk->max_expiredate = max_expiredate;
1753 sk->hdrbytes = hdrlen;
1754 sk->version = version;
1755 sk->is_primary = pkttype == PKT_SECRET_KEY;
1756 sk->pubkey_algo = algorithm;
1757 sk->req_usage = 0;
1758 sk->pubkey_usage = 0; /* not yet used */
1759 }
1760 else {
1761 PKT_public_key *pk = pkt->pkt.public_key;
1762
1763 pk->timestamp = timestamp;
1764 pk->expiredate = expiredate;
1765 pk->max_expiredate = max_expiredate;
1766 pk->hdrbytes = hdrlen;
1767 pk->version = version;
1768 pk->is_primary = pkttype == PKT_PUBLIC_KEY;
1769 pk->pubkey_algo = algorithm;
1770 pk->req_usage = 0;
1771 pk->pubkey_usage = 0; /* not yet used */
1772 pk->is_revoked = 0;
1773 pk->is_disabled = 0;
1774 pk->keyid[0] = 0;
1775 pk->keyid[1] = 0;
1776 }
1777 nskey = pubkey_get_nskey( algorithm );
1778 npkey = pubkey_get_npkey( algorithm );
1779 if( !npkey ) {
1780 if( list_mode )
1781 fprintf (listfp, "\tunknown algorithm %d\n", algorithm );
1782 unknown_pubkey_warning( algorithm );
1783 }
1784
1785
1786 if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
1787 PKT_secret_key *sk = pkt->pkt.secret_key;
1788 byte temp[16];
1789 size_t snlen = 0;
1790
1791 if( !npkey ) {
1792 sk->skey[0] = gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
1793 pktlen*8 );
1794 pktlen = 0;
1795 goto leave;
1796 }
1797
1798 for(i=0; i < npkey; i++ ) {
1799 n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
1800 if( list_mode ) {
1801 fprintf (listfp, "\tskey[%d]: ", i);
1802 mpi_print(listfp, sk->skey[i], mpi_print_mode );
1803 putc ('\n', listfp);
1804 }
1805 if (!sk->skey[i])
1806 rc = G10ERR_INVALID_PACKET;
1807 }
1808 if (rc) /* one of the MPIs were bad */
1809 goto leave;
1810 sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
1811 sk->protect.sha1chk = 0;
1812 if( sk->protect.algo ) {
1813 sk->is_protected = 1;
1814 sk->protect.s2k.count = 0;
1815 if( sk->protect.algo == 254 || sk->protect.algo == 255 ) {
1816 if( pktlen < 3 ) {
1817 rc = G10ERR_INVALID_PACKET;
1818 goto leave;
1819 }
1820 sk->protect.sha1chk = (sk->protect.algo == 254);
1821 sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
1822 /* Note that a sk->protect.algo > 110 is illegal, but
1823 I'm not erroring on it here as otherwise there
1824 would be no way to delete such a key. */
1825 sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
1826 sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
1827 /* check for the special GNU extension */
1828 if( is_v4 && sk->protect.s2k.mode == 101 ) {
1829 for(i=0; i < 4 && pktlen; i++, pktlen-- )
1830 temp[i] = iobuf_get_noeof(inp);
1831 if( i < 4 || memcmp( temp, "GNU", 3 ) ) {
1832 if( list_mode )
1833 fprintf (listfp, "\tunknown S2K %d\n",
1834 sk->protect.s2k.mode );
1835 rc = G10ERR_INVALID_PACKET;
1836 goto leave;
1837 }
1838 /* here we know that it is a gnu extension
1839 * What follows is the GNU protection mode:
1840 * All values have special meanings
1841 * and they are mapped in the mode with a base of 1000.
1842 */
1843 sk->protect.s2k.mode = 1000 + temp[3];
1844 }
1845 switch( sk->protect.s2k.mode ) {
1846 case 1:
1847 case 3:
1848 for(i=0; i < 8 && pktlen; i++, pktlen-- )
1849 temp[i] = iobuf_get_noeof(inp);
1850 memcpy(sk->protect.s2k.salt, temp, 8 );
1851 break;
1852 }
1853 switch( sk->protect.s2k.mode ) {
1854 case 0: if( list_mode ) fprintf (listfp, "\tsimple S2K" );
1855 break;
1856 case 1: if( list_mode ) fprintf (listfp, "\tsalted S2K" );
1857 break;
1858 case 3: if( list_mode ) fprintf (listfp, "\titer+salt S2K" );
1859 break;
1860 case 1001: if( list_mode ) fprintf (listfp,
1861 "\tgnu-dummy S2K" );
1862 break;
1863 case 1002: if (list_mode) fprintf (listfp,
1864 "\tgnu-divert-to-card S2K");
1865 break;
1866 default:
1867 if( list_mode )
1868 fprintf (listfp, "\tunknown %sS2K %d\n",
1869 sk->protect.s2k.mode < 1000? "":"GNU ",
1870 sk->protect.s2k.mode );
1871 rc = G10ERR_INVALID_PACKET;
1872 goto leave;
1873 }
1874
1875 if( list_mode ) {
1876 fprintf (listfp, ", algo: %d,%s hash: %d",
1877 sk->protect.algo,
1878 sk->protect.sha1chk?" SHA1 protection,"
1879 :" simple checksum,",
1880 sk->protect.s2k.hash_algo );
1881 if( sk->protect.s2k.mode == 1
1882 || sk->protect.s2k.mode == 3 ) {
1883 fprintf (listfp, ", salt: ");
1884 for(i=0; i < 8; i++ )
1885 fprintf (listfp, "%02x", sk->protect.s2k.salt[i]);
1886 }
1887 putc ('\n', listfp);
1888 }
1889
1890 if( sk->protect.s2k.mode == 3 ) {
1891 if( pktlen < 1 ) {
1892 rc = G10ERR_INVALID_PACKET;
1893 goto leave;
1894 }
1895 sk->protect.s2k.count = iobuf_get(inp);
1896 pktlen--;
1897 if( list_mode )
1898 fprintf (listfp, "\tprotect count: %lu\n",
1899 (ulong)sk->protect.s2k.count);
1900 }
1901 else if( sk->protect.s2k.mode == 1002 ) {
1902 /* Read the serial number. */
1903 if (pktlen < 1) {
1904 rc = G10ERR_INVALID_PACKET;
1905 goto leave;
1906 }
1907 snlen = iobuf_get (inp);
1908 pktlen--;
1909 if (pktlen < snlen || snlen == -1) {
1910 rc = G10ERR_INVALID_PACKET;
1911 goto leave;
1912 }
1913 }
1914 }
1915 /* Note that a sk->protect.algo > 110 is illegal, but I'm
1916 not erroring on it here as otherwise there would be no
1917 way to delete such a key. */
1918 else { /* old version; no S2K, so we set mode to 0, hash MD5 */
1919 sk->protect.s2k.mode = 0;
1920 sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
1921 if( list_mode )
1922 fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
1923 sk->protect.algo, sk->protect.s2k.hash_algo );
1924 }
1925 /* It is really ugly that we don't know the size
1926 * of the IV here in cases we are not aware of the algorithm.
1927 * so a
1928 * sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo);
1929 * won't work. The only solution I see is to hardwire it.
1930 * NOTE: if you change the ivlen above 16, don't forget to
1931 * enlarge temp.
1932 */
1933 sk->protect.ivlen = openpgp_cipher_blocklen (sk->protect.algo);
1934 assert (sk->protect.ivlen <= sizeof (temp));
1935
1936 if( sk->protect.s2k.mode == 1001 )
1937 sk->protect.ivlen = 0;
1938 else if( sk->protect.s2k.mode == 1002 )
1939 sk->protect.ivlen = snlen < 16? snlen : 16;
1940
1941 if( pktlen < sk->protect.ivlen ) {
1942 rc = G10ERR_INVALID_PACKET;
1943 goto leave;
1944 }
1945 for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
1946 temp[i] = iobuf_get_noeof(inp);
1947 if( list_mode ) {
1948 fprintf (listfp,
1949 sk->protect.s2k.mode == 1002? "\tserial-number: "
1950 : "\tprotect IV: ");
1951 for(i=0; i < sk->protect.ivlen; i++ )
1952 fprintf (listfp, " %02x", temp[i] );
1953 putc ('\n', listfp);
1954 }
1955 memcpy(sk->protect.iv, temp, sk->protect.ivlen );
1956 }
1957 else
1958 sk->is_protected = 0;
1959 /* It does not make sense to read it into secure memory.
1960 * If the user is so careless, not to protect his secret key,
1961 * we can assume, that he operates an open system :=(.
1962 * So we put the key into secure memory when we unprotect it. */
1963 if( sk->protect.s2k.mode == 1001
1964 || sk->protect.s2k.mode == 1002 ) {
1965 /* better set some dummy stuff here */
1966 sk->skey[npkey] = gcry_mpi_set_opaque(NULL,
1967 xstrdup("dummydata"), 10*8);
1968 pktlen = 0;
1969 }
1970 else if( is_v4 && sk->is_protected ) {
1971 /* ugly; the length is encrypted too, so we read all
1972 * stuff up to the end of the packet into the first
1973 * skey element */
1974 sk->skey[npkey] = gcry_mpi_set_opaque (NULL,
1975 read_rest(inp, pktlen, 0),
1976 pktlen*8);
1977 pktlen = 0;
1978 if( list_mode ) {
1979 fprintf (listfp, "\tencrypted stuff follows\n");
1980 }
1981 }
1982 else { /* v3 method: the mpi length is not encrypted */
1983 for(i=npkey; i < nskey; i++ ) {
1984 if ( sk->is_protected ) {
1985 sk->skey[i] = read_protected_v3_mpi (inp, &pktlen);
1986 if( list_mode )
1987 fprintf (listfp, "\tskey[%d]: [encrypted]\n", i);
1988 }
1989 else {
1990 n = pktlen;
1991 sk->skey[i] = mpi_read(inp, &n, 0 );
1992 pktlen -=n;
1993 if( list_mode ) {
1994 fprintf (listfp, "\tskey[%d]: ", i);
1995 mpi_print(listfp, sk->skey[i], mpi_print_mode );
1996 putc ('\n', listfp);
1997 }
1998 }
1999
2000 if (!sk->skey[i])
2001 rc = G10ERR_INVALID_PACKET;
2002 }
2003 if (rc)
2004 goto leave;
2005
2006 sk->csum = read_16(inp); pktlen -= 2;
2007 if( list_mode ) {
2008 fprintf (listfp, "\tchecksum: %04hx\n", sk->csum);
2009 }
2010 }
2011
2012 if (list_mode)
2013 keyid_from_sk (sk, keyid);
2014 }
2015 else {
2016 PKT_public_key *pk = pkt->pkt.public_key;
2017
2018 if( !npkey ) {
2019 pk->pkey[0] = gcry_mpi_set_opaque ( NULL,
2020 read_rest(inp, pktlen, 0),
2021 pktlen*8 );
2022 pktlen = 0;
2023 goto leave;
2024 }
2025
2026 for(i=0; i < npkey; i++ ) {
2027 n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
2028 if( list_mode ) {
2029 fprintf (listfp, "\tpkey[%d]: ", i);
2030 mpi_print(listfp, pk->pkey[i], mpi_print_mode );
2031 putc ('\n', listfp);
2032 }
2033 if (!pk->pkey[i])
2034 rc = G10ERR_INVALID_PACKET;
2035 }
2036 if (rc)
2037 goto leave;
2038 if (list_mode)
2039 keyid_from_pk (pk, keyid);
2040 }
2041
2042 if (list_mode)
2043 fprintf (listfp, "\tkeyid: %08lX%08lX\n",
2044 (ulong)keyid[0], (ulong)keyid[1]);
2045
2046 leave:
2047 iobuf_skip_rest(inp, pktlen, 0);
2048 return rc;
2049 }
2050
2051 /* Attribute subpackets have the same format as v4 signature
2052 subpackets. This is not part of OpenPGP, but is done in several
2053 versions of PGP nevertheless. */
2054 int
2055 parse_attribute_subpkts(PKT_user_id *uid)
2056 {
2057 size_t n;
2058 int count=0;
2059 struct user_attribute *attribs=NULL;
2060 const byte *buffer=uid->attrib_data;
2061 int buflen=uid->attrib_len;
2062 byte type;
2063
2064 xfree(uid->attribs);
2065
2066 while(buflen)
2067 {
2068 n = *buffer++; buflen--;
2069 if( n == 255 ) { /* 4 byte length header */
2070 if( buflen < 4 )
2071 goto too_short;
2072 n = (buffer[0] << 24) | (buffer[1] << 16)
2073 | (buffer[2] << 8) | buffer[3];
2074 buffer += 4;
2075 buflen -= 4;
2076 }
2077 else if( n >= 192 ) { /* 2 byte special encoded length header */
2078 if( buflen < 2 )
2079 goto too_short;
2080 n = (( n - 192 ) << 8) + *buffer + 192;
2081 buffer++;
2082 buflen--;
2083 }
2084 if( buflen < n )
2085 goto too_short;
2086
2087 attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
2088 memset(&attribs[count],0,sizeof(struct user_attribute));
2089
2090 type=*buffer;
2091 buffer++;
2092 buflen--;
2093 n--;
2094
2095 attribs[count].type=type;
2096 attribs[count].data=buffer;
2097 attribs[count].len=n;
2098 buffer+=n;
2099 buflen-=n;
2100 count++;
2101 }
2102
2103 uid->attribs=attribs;
2104 uid->numattribs=count;
2105 return count;
2106
2107 too_short:
2108 if(opt.verbose)
2109 log_info("buffer shorter than attribute subpacket\n");
2110 uid->attribs=attribs;
2111 uid->numattribs=count;
2112 return count;
2113 }
2114
2115
2116 static int
2117 parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2118 {
2119 byte *p;
2120
2121 /* Cap the size of a user ID at 2k: a value absurdly large enough
2122 that there is no sane user ID string (which is printable text
2123 as of RFC2440bis) that won't fit in it, but yet small enough to
2124 avoid allocation problems. A large pktlen may not be
2125 allocatable, and a very large pktlen could actually cause our
2126 allocation to wrap around in xmalloc to a small number. */
2127
2128 if (pktlen > 2048)
2129 {
2130 log_error ("packet(%d) too large\n", pkttype);
2131 iobuf_skip_rest(inp, pktlen, 0);
2132 return G10ERR_INVALID_PACKET;
2133 }
2134
2135 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
2136 packet->pkt.user_id->len = pktlen;
2137 packet->pkt.user_id->ref=1;
2138
2139 p = packet->pkt.user_id->name;
2140 for( ; pktlen; pktlen--, p++ )
2141 *p = iobuf_get_noeof(inp);
2142 *p = 0;
2143
2144 if( list_mode ) {
2145 int n = packet->pkt.user_id->len;
2146 fprintf (listfp, ":user ID packet: \"");
2147 /* fixme: Hey why don't we replace this with print_string?? */
2148 for(p=packet->pkt.user_id->name; n; p++, n-- ) {
2149 if( *p >= ' ' && *p <= 'z' )
2150 putc (*p, listfp);
2151 else
2152 fprintf (listfp, "\\x%02x", *p );
2153 }
2154 fprintf (listfp, "\"\n");
2155 }
2156 return 0;
2157 }
2158
2159
2160 void
2161 make_attribute_uidname(PKT_user_id *uid, size_t max_namelen)
2162 {
2163 assert ( max_namelen > 70 );
2164 if(uid->numattribs<=0)
2165 sprintf(uid->name,"[bad attribute packet of size %lu]",uid->attrib_len);
2166 else if(uid->numattribs>1)
2167 sprintf(uid->name,"[%d attributes of size %lu]",
2168 uid->numattribs,uid->attrib_len);
2169 else
2170 {
2171 /* Only one attribute, so list it as the "user id" */
2172
2173 if(uid->attribs->type==ATTRIB_IMAGE)
2174 {
2175 u32 len;
2176 byte type;
2177
2178 if(parse_image_header(uid->attribs,&type,&len))
2179 sprintf(uid->name,"[%.20s image of size %lu]",
2180 image_type_to_string(type,1),(ulong)len);
2181 else
2182 sprintf(uid->name,"[invalid image]");
2183 }
2184 else
2185 sprintf(uid->name,"[unknown attribute of size %lu]",
2186 (ulong)uid->attribs->len);
2187 }
2188
2189 uid->len = strlen(uid->name);
2190 }
2191
2192 static int
2193 parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2194 {
2195 byte *p;
2196
2197 (void)pkttype;
2198
2199 #define EXTRA_UID_NAME_SPACE 71
2200 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id
2201 + EXTRA_UID_NAME_SPACE);
2202 packet->pkt.user_id->ref=1;
2203 packet->pkt.user_id->attrib_data = xmalloc(pktlen);
2204 packet->pkt.user_id->attrib_len = pktlen;
2205
2206 p = packet->pkt.user_id->attrib_data;
2207 for( ; pktlen; pktlen--, p++ )
2208 *p = iobuf_get_noeof(inp);
2209
2210 /* Now parse out the individual attribute subpackets. This is
2211 somewhat pointless since there is only one currently defined
2212 attribute type (jpeg), but it is correct by the spec. */
2213 parse_attribute_subpkts(packet->pkt.user_id);
2214
2215 make_attribute_uidname(packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2216
2217 if( list_mode ) {
2218 fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name );
2219 }
2220 return 0;
2221 }
2222
2223
2224 static int
2225 parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2226 {
2227 byte *p;
2228
2229 /* Cap comment packet at a reasonable value to avoid an integer
2230 overflow in the malloc below. Comment packets are actually not
2231 anymore define my OpenPGP and we even stopped to use our
2232 private comment packet. */
2233 if (pktlen>65536)
2234 {
2235 log_error ("packet(%d) too large\n", pkttype);
2236 iobuf_skip_rest (inp, pktlen, 0);
2237 return G10ERR_INVALID_PACKET;
2238 }
2239 packet->pkt.comment = xmalloc(sizeof *packet->pkt.comment + pktlen - 1);
2240 packet->pkt.comment->len = pktlen;
2241 p = packet->pkt.comment->data;
2242 for( ; pktlen; pktlen--, p++ )
2243 *p = iobuf_get_noeof(inp);
2244
2245 if( list_mode ) {
2246 int n = packet->pkt.comment->len;
2247 fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT?
2248 "OpenPGP draft " : "" );
2249 for(p=packet->pkt.comment->data; n; p++, n-- ) {
2250 if( *p >= ' ' && *p <= 'z' )
2251 putc (*p, listfp);
2252 else
2253 fprintf (listfp, "\\x%02x", *p );
2254 }
2255 fprintf (listfp, "\"\n");
2256 }
2257 return 0;
2258 }
2259
2260
2261 static void
2262 parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
2263 {
2264 int c;
2265
2266 (void)pkttype;
2267
2268 if (pktlen)
2269 {
2270 c = iobuf_get_noeof(inp);
2271 pktlen--;
2272 pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
2273 pkt->pkt.ring_trust->trustval = c;
2274 pkt->pkt.ring_trust->sigcache = 0;
2275 if (!c && pktlen==1)
2276 {
2277 c = iobuf_get_noeof (inp);
2278 pktlen--;
2279 /* we require that bit 7 of the sigcache is 0 (easier eof handling)*/
2280 if ( !(c & 0x80) )
2281 pkt->pkt.ring_trust->sigcache = c;
2282 }
2283 if( list_mode )
2284 fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2285 pkt->pkt.ring_trust->trustval,
2286 pkt->pkt.ring_trust->sigcache);
2287 }
2288 else
2289 {
2290 if( list_mode )
2291 fprintf (listfp, ":trust packet: empty\n");
2292 }
2293 iobuf_skip_rest (inp, pktlen, 0);
2294 }
2295
2296
2297 static int
2298 parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
2299 PACKET *pkt, int new_ctb, int partial )
2300 {
2301 int rc = 0;
2302 int mode, namelen;
2303 PKT_plaintext *pt;
2304 byte *p;
2305 int c, i;
2306
2307 if( !partial && pktlen < 6 ) {
2308 log_error("packet(%d) too short (%lu)\n", pkttype, (ulong)pktlen);
2309 rc = gpg_error (GPG_ERR_INV_PACKET);
2310 goto leave;
2311 }
2312 mode = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
2313 namelen = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
2314 /* Note that namelen will never exceed 255 bytes. */
2315 pt = pkt->pkt.plaintext = xmalloc(sizeof *pkt->pkt.plaintext + namelen -1);
2316 pt->new_ctb = new_ctb;
2317 pt->mode = mode;
2318 pt->namelen = namelen;
2319 pt->is_partial = partial;
2320 if( pktlen ) {
2321 for( i=0; pktlen > 4 && i < namelen; pktlen--, i++ )
2322 pt->name[i] = iobuf_get_noeof(inp);
2323 }
2324 else {
2325 for( i=0; i < namelen; i++ )
2326 if( (c=iobuf_get(inp)) == -1 )
2327 break;
2328 else
2329 pt->name[i] = c;
2330 }
2331 pt->timestamp = read_32(inp); if( pktlen) pktlen -= 4;
2332 pt->len = pktlen;
2333 pt->buf = inp;
2334 pktlen = 0;
2335
2336 if( list_mode ) {
2337 fprintf (listfp, ":literal data packet:\n"
2338 "\tmode %c (%X), created %lu, name=\"",
2339 mode >= ' ' && mode <'z'? mode : '?', mode,
2340 (ulong)pt->timestamp );
2341 for(p=pt->name,i=0; i < namelen; p++, i++ ) {
2342 if( *p >= ' ' && *p <= 'z' )
2343 putc (*p, listfp);
2344 else
2345 fprintf (listfp, "\\x%02x", *p );
2346 }
2347 fprintf (listfp, "\",\n\traw data: ");
2348 if(partial)
2349 fprintf (listfp, "unknown length\n");
2350 else
2351 fprintf (listfp, "%lu bytes\n", (ulong)pt->len );
2352 }
2353
2354 leave:
2355 return rc;
2356 }
2357
2358
2359 static int
2360 parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
2361 PACKET *pkt, int new_ctb )
2362 {
2363 PKT_compressed *zd;
2364
2365 /* PKTLEN is here 0, but data follows (this should be the last
2366 object in a file or the compress algorithm should know the
2367 length). */
2368 (void)pkttype;
2369 (void)pktlen;
2370
2371 zd = pkt->pkt.compressed = xmalloc (sizeof *pkt->pkt.compressed);
2372 zd->algorithm = iobuf_get_noeof(inp);
2373 zd->len = 0; /* not used */
2374 zd->new_ctb = new_ctb;
2375 zd->buf = inp;
2376 if (list_mode)
2377 fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2378 return 0;
2379 }
2380
2381
2382 static int
2383 parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
2384 PACKET *pkt, int new_ctb, int partial )
2385 {
2386 int rc = 0;
2387 PKT_encrypted *ed;
2388 unsigned long orig_pktlen = pktlen;
2389
2390 ed = pkt->pkt.encrypted = xmalloc(sizeof *pkt->pkt.encrypted );
2391 ed->len = pktlen;
2392 /* we don't know the extralen which is (cipher_blocksize+2)
2393 because the algorithm ist not specified in this packet.
2394 However, it is only important to know this for some sanity
2395 checks on the packet length - it doesn't matter that we can't
2396 do it */
2397 ed->extralen = 0;
2398 ed->buf = NULL;
2399 ed->new_ctb = new_ctb;
2400 ed->is_partial = partial;
2401 ed->mdc_method = 0;
2402 if( pkttype == PKT_ENCRYPTED_MDC ) {
2403 /* fixme: add some pktlen sanity checks */
2404 int version;
2405
2406 version = iobuf_get_noeof(inp);
2407 if (orig_pktlen)
2408 pktlen--;
2409 if( version != 1 ) {
2410 log_error("encrypted_mdc packet with unknown version %d\n",
2411 version);
2412 /*skip_rest(inp, pktlen); should we really do this? */
2413 rc = gpg_error (GPG_ERR_INV_PACKET);
2414 goto leave;
2415 }
2416 ed->mdc_method = DIGEST_ALGO_SHA1;
2417 }
2418 if( orig_pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
2419 log_error("packet(%d) too short\n", pkttype);
2420 rc = G10ERR_INVALID_PACKET;
2421 iobuf_skip_rest(inp, pktlen, partial);
2422 goto leave;
2423 }
2424 if( list_mode ) {
2425 if( orig_pktlen )
2426 fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
2427 orig_pktlen);
2428 else
2429 fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
2430 if( ed->mdc_method )
2431 fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method );
2432 }
2433
2434 ed->buf = inp;
2435
2436 leave:
2437 return rc;
2438 }
2439
2440
2441 /* Note, that this code is not anymore used in real life because now
2442 the MDC checking is done right after the encryption in
2443 decrypt_data. */
2444 static int
2445 parse_mdc (IOBUF inp, int pkttype, unsigned long pktlen,
2446 PACKET *pkt, int new_ctb)
2447 {
2448 int rc = 0;
2449 PKT_mdc *mdc;
2450 byte *p;
2451
2452 (void)pkttype;
2453
2454 mdc = pkt->pkt.mdc = xmalloc(sizeof *pkt->pkt.mdc );
2455 if (list_mode)
2456 fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
2457 if (!new_ctb || pktlen != 20)
2458 {
2459 log_error("mdc_packet with invalid encoding\n");
2460 rc = gpg_error (GPG_ERR_INV_PACKET);
2461 goto leave;
2462 }
2463 p = mdc->hash;
2464 for (; pktlen; pktlen--, p++)
2465 *p = iobuf_get_noeof(inp);
2466
2467 leave:
2468 return rc;
2469 }
2470
2471
2472 /*
2473 * This packet is internally generated by PGG (by armor.c) to
2474 * transfer some information to the lower layer. To make sure that
2475 * this packet is really a GPG faked one and not one comming from outside,
2476 * we first check that tehre is a unique tag in it.
2477 * The format of such a control packet is:
2478 * n byte session marker
2479 * 1 byte control type CTRLPKT_xxxxx
2480 * m byte control data
2481 */
2482
2483 static int
2484 parse_gpg_control (IOBUF inp, int pkttype, unsigned long pktlen,
2485 PACKET *packet, int partial)
2486 {
2487 byte *p;
2488 const byte *sesmark;
2489 size_t sesmarklen;
2490 int i;
2491
2492 (void)pkttype;
2493
2494 if ( list_mode )
2495 fprintf (listfp, ":packet 63: length %lu ", pktlen);
2496
2497 sesmark = get_session_marker ( &sesmarklen );
2498 if ( pktlen < sesmarklen+1 ) /* 1 is for the control bytes */
2499 goto skipit;
2500 for( i=0; i < sesmarklen; i++, pktlen-- ) {
2501 if ( sesmark[i] != iobuf_get_noeof(inp) )
2502 goto skipit;
2503 }
2504 if (pktlen > 4096)
2505 goto skipit; /* Definitely too large. We skip it to avoid an
2506 overflow in the malloc. */
2507 if ( list_mode )
2508 puts ("- gpg control packet");
2509
2510 packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
2511 + pktlen - 1);
2512 packet->pkt.gpg_control->control = iobuf_get_noeof(inp); pktlen--;
2513 packet->pkt.gpg_control->datalen = pktlen;
2514 p = packet->pkt.gpg_control->data;
2515 for( ; pktlen; pktlen--, p++ )
2516 *p = iobuf_get_noeof(inp);
2517
2518 return 0;
2519
2520 skipit:
2521 if ( list_mode ) {
2522 int c;
2523
2524 i=0;
2525 fprintf (listfp, "- private (rest length %lu)\n", pktlen);
2526 if( partial ) {
2527 while( (c=iobuf_get(inp)) != -1 )
2528 dump_hex_line(c, &i);
2529 }
2530 else {
2531 for( ; pktlen; pktlen-- )
2532 dump_hex_line(iobuf_get(inp), &i);
2533 }
2534 putc ('\n', listfp);
2535 }
2536 iobuf_skip_rest(inp,pktlen, 0);
2537 return gpg_error (GPG_ERR_INV_PACKET);
2538 }
2539
2540 /* create a gpg control packet to be used internally as a placeholder */
2541 PACKET *
2542 create_gpg_control( ctrlpkttype_t type, const byte *data, size_t datalen )
2543 {
2544 PACKET *packet;
2545 byte *p;
2546
2547 packet = xmalloc( sizeof *packet );
2548 init_packet(packet);
2549 packet->pkttype = PKT_GPG_CONTROL;
2550 packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
2551 + datalen - 1);
2552 packet->pkt.gpg_control->control = type;
2553 packet->pkt.gpg_control->datalen = datalen;
2554 p = packet->pkt.gpg_control->data;
2555 for( ; datalen; datalen--, p++ )
2556 *p = *data++;
2557
2558 return packet;
2559 }
gnupg svn clone