* keyserver.c (path_makes_direct): New. (keyserver_spawn): Used here
[gnupg.git] / g10 / armor.c
blobe437d3db0efdfa1bbcc3b67a6f4d7fc5dd860c5e
1 /* armor.c - Armor flter
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
20 * USA.
23 #include <config.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <assert.h>
29 #include <ctype.h>
31 #include "errors.h"
32 #include "iobuf.h"
33 #include "memory.h"
34 #include "util.h"
35 #include "filter.h"
36 #include "packet.h"
37 #include "options.h"
38 #include "main.h"
39 #include "status.h"
40 #include "i18n.h"
42 #define MAX_LINELEN 20000
44 #define CRCINIT 0xB704CE
45 #define CRCPOLY 0X864CFB
46 #define CRCUPDATE(a,c) do { \
47 a = ((a) << 8) ^ crc_table[((a)&0xff >> 16) ^ (c)]; \
48 a &= 0x00ffffff; \
49 } while(0)
50 static u32 crc_table[256];
51 static byte bintoasc[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
52 "abcdefghijklmnopqrstuvwxyz"
53 "0123456789+/";
54 static byte asctobin[256]; /* runtime initialized */
55 static int is_initialized;
58 typedef enum {
59 fhdrHASArmor = 0,
60 fhdrNOArmor,
61 fhdrINIT,
62 fhdrINITCont,
63 fhdrINITSkip,
64 fhdrCHECKBegin,
65 fhdrWAITHeader,
66 fhdrWAITClearsig,
67 fhdrSKIPHeader,
68 fhdrCLEARSIG,
69 fhdrREADClearsig,
70 fhdrNullClearsig,
71 fhdrEMPTYClearsig,
72 fhdrCHECKClearsig,
73 fhdrCHECKClearsig2,
74 fhdrCHECKDashEscaped,
75 fhdrCHECKDashEscaped2,
76 fhdrCHECKDashEscaped3,
77 fhdrREADClearsigNext,
78 fhdrENDClearsig,
79 fhdrENDClearsigHelp,
80 fhdrTESTSpaces,
81 fhdrCLEARSIGSimple,
82 fhdrCLEARSIGSimpleNext,
83 fhdrTEXT,
84 fhdrTEXTSimple,
85 fhdrERROR,
86 fhdrERRORShow,
87 fhdrEOF
88 } fhdr_state_t;
91 /* if we encounter this armor string with this index, go
92 * into a mode which fakes packets and wait for the next armor */
93 #define BEGIN_SIGNATURE 2
94 #define BEGIN_SIGNED_MSG_IDX 3
95 static char *head_strings[] = {
96 "BEGIN PGP MESSAGE",
97 "BEGIN PGP PUBLIC KEY BLOCK",
98 "BEGIN PGP SIGNATURE",
99 "BEGIN PGP SIGNED MESSAGE",
100 "BEGIN PGP ARMORED FILE", /* gnupg extension */
101 "BEGIN PGP PRIVATE KEY BLOCK",
102 "BEGIN PGP SECRET KEY BLOCK", /* only used by pgp2 */
103 NULL
105 static char *tail_strings[] = {
106 "END PGP MESSAGE",
107 "END PGP PUBLIC KEY BLOCK",
108 "END PGP SIGNATURE",
109 "END dummy",
110 "END PGP ARMORED FILE",
111 "END PGP PRIVATE KEY BLOCK",
112 "END PGP SECRET KEY BLOCK",
113 NULL
117 static void
118 initialize(void)
120 int i, j;
121 u32 t;
122 byte *s;
124 /* init the crc lookup table */
125 crc_table[0] = 0;
126 for(i=j=0; j < 128; j++ ) {
127 t = crc_table[j];
128 if( t & 0x00800000 ) {
129 t <<= 1;
130 crc_table[i++] = t ^ CRCPOLY;
131 crc_table[i++] = t;
133 else {
134 t <<= 1;
135 crc_table[i++] = t;
136 crc_table[i++] = t ^ CRCPOLY;
139 /* build the helptable for radix64 to bin conversion */
140 for(i=0; i < 256; i++ )
141 asctobin[i] = 255; /* used to detect invalid characters */
142 for(s=bintoasc,i=0; *s; s++,i++ )
143 asctobin[*s] = i;
145 is_initialized=1;
148 /****************
149 * Check whether this is an armored file or not See also
150 * parse-packet.c for details on this code For unknown historic
151 * reasons we use a string here but only the first byte will be used.
152 * Returns: True if it seems to be armored
154 static int
155 is_armored( const byte *buf )
157 int ctb, pkttype;
159 ctb = *buf;
160 if( !(ctb & 0x80) )
161 return 1; /* invalid packet: assume it is armored */
162 pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb>>2)&0xf);
163 switch( pkttype ) {
164 case PKT_MARKER:
165 case PKT_SYMKEY_ENC:
166 case PKT_ONEPASS_SIG:
167 case PKT_PUBLIC_KEY:
168 case PKT_SECRET_KEY:
169 case PKT_PUBKEY_ENC:
170 case PKT_SIGNATURE:
171 case PKT_COMMENT:
172 case PKT_OLD_COMMENT:
173 case PKT_PLAINTEXT:
174 case PKT_COMPRESSED:
175 case PKT_ENCRYPTED:
176 return 0; /* seems to be a regular packet: not armored */
179 return 1;
183 /****************
184 * Try to check whether the iobuf is armored
185 * Returns true if this may be the case; the caller should use the
186 * filter to do further processing.
189 use_armor_filter( IOBUF a )
191 byte buf[1];
192 int n;
194 /* fixme: there might be a problem with iobuf_peek */
195 n = iobuf_peek(a, buf, 1 );
196 if( n == -1 )
197 return 0; /* EOF, doesn't matter whether armored or not */
198 if( !n )
199 return 1; /* can't check it: try armored */
200 return is_armored(buf);
206 static void
207 invalid_armor(void)
209 write_status(STATUS_BADARMOR);
210 g10_exit(1); /* stop here */
214 /****************
215 * check whether the armor header is valid on a signed message.
216 * this is for security reasons: the header lines are not included in the
217 * hash and by using some creative formatting rules, Mallory could fake
218 * any text at the beginning of a document; assuming it is read with
219 * a simple viewer. We only allow the Hash Header.
221 static int
222 parse_hash_header( const char *line )
224 const char *s, *s2;
225 unsigned found = 0;
227 if( strlen(line) < 6 || strlen(line) > 60 )
228 return 0; /* too short or too long */
229 if( memcmp( line, "Hash:", 5 ) )
230 return 0; /* invalid header */
231 s = line+5;
232 for(s=line+5;;s=s2) {
233 for(; *s && (*s==' ' || *s == '\t'); s++ )
235 if( !*s )
236 break;
237 for(s2=s+1; *s2 && *s2!=' ' && *s2 != '\t' && *s2 != ','; s2++ )
239 if( !strncmp( s, "RIPEMD160", s2-s ) )
240 found |= 1;
241 else if( !strncmp( s, "SHA1", s2-s ) )
242 found |= 2;
243 else if( !strncmp( s, "MD5", s2-s ) )
244 found |= 4;
245 else if( !strncmp( s, "SHA224", s2-s ) )
246 found |= 8;
247 else if( !strncmp( s, "SHA256", s2-s ) )
248 found |= 16;
249 else if( !strncmp( s, "SHA384", s2-s ) )
250 found |= 32;
251 else if( !strncmp( s, "SHA512", s2-s ) )
252 found |= 64;
253 else
254 return 0;
255 for(; *s2 && (*s2==' ' || *s2 == '\t'); s2++ )
257 if( *s2 && *s2 != ',' )
258 return 0;
259 if( *s2 )
260 s2++;
262 return found;
267 /****************
268 * Check whether this is a armor line.
269 * returns: -1 if it is not a armor header or the index number of the
270 * armor header.
272 static int
273 is_armor_header( byte *line, unsigned len )
275 const char *s;
276 byte *save_p, *p;
277 int save_c;
278 int i;
280 if( len < 15 )
281 return -1; /* too short */
282 if( memcmp( line, "-----", 5 ) )
283 return -1; /* no */
284 p = strstr( line+5, "-----");
285 if( !p )
286 return -1;
287 save_p = p;
288 p += 5;
290 /* Some Windows environments seem to add whitespace to the end of
291 the line, so we strip it here. This becomes strict if
292 --rfc2440 is set since 2440 reads "The header lines, therefore,
293 MUST start at the beginning of a line, and MUST NOT have text
294 following them on the same line." It is unclear whether "text"
295 refers to all text or just non-whitespace text. */
297 if(RFC2440)
299 if( *p == '\r' )
300 p++;
301 if( *p == '\n' )
302 p++;
304 else
305 while(*p==' ' || *p=='\r' || *p=='\n' || *p=='\t')
306 p++;
308 if( *p )
309 return -1; /* garbage after dashes */
310 save_c = *save_p; *save_p = 0;
311 p = line+5;
312 for(i=0; (s=head_strings[i]); i++ )
313 if( !strcmp(s, p) )
314 break;
315 *save_p = save_c;
316 if( !s )
317 return -1; /* unknown armor line */
319 if( opt.verbose > 1 )
320 log_info(_("armor: %s\n"), head_strings[i]);
321 return i;
326 /****************
327 * Parse a header lines
328 * Return 0: Empty line (end of header lines)
329 * -1: invalid header line
330 * >0: Good header line
332 static int
333 parse_header_line( armor_filter_context_t *afx, byte *line, unsigned int len )
335 byte *p;
336 int hashes=0;
337 unsigned int len2;
339 len2 = check_trailing_ws( line, len );
340 if( !len2 ) {
341 afx->buffer_pos = len2; /* (it is not the fine way to do it here) */
342 return 0; /* WS only: same as empty line */
346 This is fussy. The spec says that a header line is delimited
347 with a colon-space pair. This means that a line such as
348 "Comment: " (with nothing else) is actually legal as an empty
349 string comment. However, email and cut-and-paste being what it
350 is, that trailing space may go away. Therefore, we accept empty
351 headers delimited with only a colon. --rfc2440, as always,
352 makes this strict and enforces the colon-space pair. -dms
355 p = strchr( line, ':');
356 if( !p || (RFC2440 && p[1]!=' ')
357 || (!RFC2440 && p[1]!=' ' && p[1]!='\n' && p[1]!='\r'))
359 log_error(_("invalid armor header: "));
360 print_string( stderr, line, len, 0 );
361 putc('\n', stderr);
362 return -1;
365 /* Chop off the whitespace we detected before */
366 len=len2;
367 line[len2]='\0';
369 if( opt.verbose ) {
370 log_info(_("armor header: "));
371 print_string( stderr, line, len, 0 );
372 putc('\n', stderr);
375 if( afx->in_cleartext ) {
376 if( (hashes=parse_hash_header( line )) )
377 afx->hashes |= hashes;
378 else if( strlen(line) > 15 && !memcmp( line, "NotDashEscaped:", 15 ) )
379 afx->not_dash_escaped = 1;
380 else {
381 log_error(_("invalid clearsig header\n"));
382 return -1;
385 return 1;
390 /* figure out whether the data is armored or not */
391 static int
392 check_input( armor_filter_context_t *afx, IOBUF a )
394 int rc = 0;
395 int i;
396 byte *line;
397 unsigned len;
398 unsigned maxlen;
399 int hdr_line = -1;
401 /* read the first line to see whether this is armored data */
402 maxlen = MAX_LINELEN;
403 len = afx->buffer_len = iobuf_read_line( a, &afx->buffer,
404 &afx->buffer_size, &maxlen );
405 line = afx->buffer;
406 if( !maxlen ) {
407 /* line has been truncated: assume not armored */
408 afx->inp_checked = 1;
409 afx->inp_bypass = 1;
410 return 0;
413 if( !len ) {
414 return -1; /* eof */
417 /* (the line is always a C string but maybe longer) */
418 if( *line == '\n' || ( len && (*line == '\r' && line[1]=='\n') ) )
420 else if( !is_armored( line ) ) {
421 afx->inp_checked = 1;
422 afx->inp_bypass = 1;
423 return 0;
426 /* find the armor header */
427 while(len) {
428 i = is_armor_header( line, len );
429 if( i >= 0 && !(afx->only_keyblocks && i != 1 && i != 5 && i != 6 )) {
430 hdr_line = i;
431 if( hdr_line == BEGIN_SIGNED_MSG_IDX ) {
432 if( afx->in_cleartext ) {
433 log_error(_("nested clear text signatures\n"));
434 rc = G10ERR_INVALID_ARMOR;
436 afx->in_cleartext = 1;
438 break;
440 /* read the next line (skip all truncated lines) */
441 do {
442 maxlen = MAX_LINELEN;
443 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
444 &afx->buffer_size, &maxlen );
445 line = afx->buffer;
446 len = afx->buffer_len;
447 } while( !maxlen );
450 /* Parse the header lines. */
451 while(len) {
452 /* Read the next line (skip all truncated lines). */
453 do {
454 maxlen = MAX_LINELEN;
455 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
456 &afx->buffer_size, &maxlen );
457 line = afx->buffer;
458 len = afx->buffer_len;
459 } while( !maxlen );
461 i = parse_header_line( afx, line, len );
462 if( i <= 0 ) {
463 if (i && RFC2440)
464 rc = G10ERR_INVALID_ARMOR;
465 break;
470 if( rc )
471 invalid_armor();
472 else if( afx->in_cleartext )
473 afx->faked = 1;
474 else {
475 afx->inp_checked = 1;
476 afx->crc = CRCINIT;
477 afx->idx = 0;
478 afx->radbuf[0] = 0;
481 return rc;
484 #define PARTIAL_CHUNK 512
485 #define PARTIAL_POW 9
487 /****************
488 * Fake a literal data packet and wait for the next armor line
489 * fixme: empty line handling and null length clear text signature are
490 * not implemented/checked.
492 static int
493 fake_packet( armor_filter_context_t *afx, IOBUF a,
494 size_t *retn, byte *buf, size_t size )
496 int rc = 0;
497 size_t len = 0;
498 int lastline = 0;
499 unsigned maxlen, n;
500 byte *p;
501 byte tempbuf[PARTIAL_CHUNK];
502 size_t tempbuf_len=0;
504 while( !rc && size-len>=(PARTIAL_CHUNK+1)) {
505 /* copy what we have in the line buffer */
506 if( afx->faked == 1 )
507 afx->faked++; /* skip the first (empty) line */
508 else
510 /* It's full, so write this partial chunk */
511 if(tempbuf_len==PARTIAL_CHUNK)
513 buf[len++]=0xE0+PARTIAL_POW;
514 memcpy(&buf[len],tempbuf,PARTIAL_CHUNK);
515 len+=PARTIAL_CHUNK;
516 tempbuf_len=0;
517 continue;
520 while( tempbuf_len < PARTIAL_CHUNK
521 && afx->buffer_pos < afx->buffer_len )
522 tempbuf[tempbuf_len++] = afx->buffer[afx->buffer_pos++];
523 if( tempbuf_len==PARTIAL_CHUNK )
524 continue;
527 /* read the next line */
528 maxlen = MAX_LINELEN;
529 afx->buffer_pos = 0;
530 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
531 &afx->buffer_size, &maxlen );
532 if( !afx->buffer_len ) {
533 rc = -1; /* eof (should not happen) */
534 continue;
536 if( !maxlen )
537 afx->truncated++;
539 p = afx->buffer;
540 n = afx->buffer_len;
542 /* Armor header or dash-escaped line? */
543 if(p[0]=='-')
545 /* 2440bis-10: When reversing dash-escaping, an
546 implementation MUST strip the string "- " if it occurs
547 at the beginning of a line, and SHOULD warn on "-" and
548 any character other than a space at the beginning of a
549 line. */
551 if(p[1]==' ' && !afx->not_dash_escaped)
553 /* It's a dash-escaped line, so skip over the
554 escape. */
555 afx->buffer_pos = 2;
557 else if(p[1]=='-' && p[2]=='-' && p[3]=='-' && p[4]=='-')
559 /* Five dashes in a row mean it's probably armor
560 header. */
561 int type = is_armor_header( p, n );
562 if( afx->not_dash_escaped && type != BEGIN_SIGNATURE )
563 ; /* this is okay */
564 else
566 if( type != BEGIN_SIGNATURE )
568 log_info(_("unexpected armor: "));
569 print_string( stderr, p, n, 0 );
570 putc('\n', stderr);
573 lastline = 1;
574 rc = -1;
577 else if(!afx->not_dash_escaped)
579 /* Bad dash-escaping. */
580 log_info(_("invalid dash escaped line: "));
581 print_string( stderr, p, n, 0 );
582 putc('\n', stderr);
586 /* Now handle the end-of-line canonicalization */
587 if( !afx->not_dash_escaped )
589 int crlf = n > 1 && p[n-2] == '\r' && p[n-1]=='\n';
591 /* PGP2 does not treat a tab as white space character */
592 afx->buffer_len=
593 trim_trailing_chars( &p[afx->buffer_pos], n-afx->buffer_pos,
594 afx->pgp2mode ? " \r\n" : " \t\r\n");
595 afx->buffer_len+=afx->buffer_pos;
596 /* the buffer is always allocated with enough space to append
597 * the removed [CR], LF and a Nul
598 * The reason for this complicated procedure is to keep at least
599 * the original type of lineending - handling of the removed
600 * trailing spaces seems to be impossible in our method
601 * of faking a packet; either we have to use a temporary file
602 * or calculate the hash here in this module and somehow find
603 * a way to send the hash down the processing line (well, a special
604 * faked packet could do the job).
606 if( crlf )
607 afx->buffer[afx->buffer_len++] = '\r';
608 afx->buffer[afx->buffer_len++] = '\n';
609 afx->buffer[afx->buffer_len] = '\0';
613 if( lastline ) { /* write last (ending) length header */
614 if(tempbuf_len<192)
615 buf[len++]=tempbuf_len;
616 else
618 buf[len++]=((tempbuf_len-192)/256) + 192;
619 buf[len++]=(tempbuf_len-192) % 256;
621 memcpy(&buf[len],tempbuf,tempbuf_len);
622 len+=tempbuf_len;
624 rc = 0;
625 afx->faked = 0;
626 afx->in_cleartext = 0;
627 /* and now read the header lines */
628 afx->buffer_pos = 0;
629 for(;;) {
630 int i;
632 /* read the next line (skip all truncated lines) */
633 do {
634 maxlen = MAX_LINELEN;
635 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
636 &afx->buffer_size, &maxlen );
637 } while( !maxlen );
638 p = afx->buffer;
639 n = afx->buffer_len;
640 if( !n ) {
641 rc = -1;
642 break; /* eof */
644 i = parse_header_line( afx, p , n );
645 if( i <= 0 ) {
646 if( i )
647 invalid_armor();
648 break;
651 afx->inp_checked = 1;
652 afx->crc = CRCINIT;
653 afx->idx = 0;
654 afx->radbuf[0] = 0;
657 *retn = len;
658 return rc;
662 static int
663 invalid_crc(void)
665 if ( opt.ignore_crc_error )
666 return 0;
667 log_inc_errorcount();
668 return G10ERR_INVALID_ARMOR;
672 static int
673 radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
674 byte *buf, size_t size )
676 byte val;
677 int c=0, c2; /*init c because gcc is not clever enough for the continue*/
678 int checkcrc=0;
679 int rc = 0;
680 size_t n = 0;
681 int idx, i, onlypad=0;
682 u32 crc;
684 crc = afx->crc;
685 idx = afx->idx;
686 val = afx->radbuf[0];
687 for( n=0; n < size; ) {
689 if( afx->buffer_pos < afx->buffer_len )
690 c = afx->buffer[afx->buffer_pos++];
691 else { /* read the next line */
692 unsigned maxlen = MAX_LINELEN;
693 afx->buffer_pos = 0;
694 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
695 &afx->buffer_size, &maxlen );
696 if( !maxlen )
697 afx->truncated++;
698 if( !afx->buffer_len )
699 break; /* eof */
700 continue;
703 again:
704 if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
705 continue;
706 else if( c == '=' ) { /* pad character: stop */
707 /* some mailers leave quoted-printable encoded characters
708 * so we try to workaround this */
709 if( afx->buffer_pos+2 < afx->buffer_len ) {
710 int cc1, cc2, cc3;
711 cc1 = afx->buffer[afx->buffer_pos];
712 cc2 = afx->buffer[afx->buffer_pos+1];
713 cc3 = afx->buffer[afx->buffer_pos+2];
714 if( isxdigit(cc1) && isxdigit(cc2)
715 && strchr( "=\n\r\t ", cc3 )) {
716 /* well it seems to be the case - adjust */
717 c = isdigit(cc1)? (cc1 - '0'): (ascii_toupper(cc1)-'A'+10);
718 c <<= 4;
719 c |= isdigit(cc2)? (cc2 - '0'): (ascii_toupper(cc2)-'A'+10);
720 afx->buffer_pos += 2;
721 afx->qp_detected = 1;
722 goto again;
725 else if(n==0)
726 onlypad=1;
728 if( idx == 1 )
729 buf[n++] = val;
730 checkcrc++;
731 break;
733 else if( (c = asctobin[(c2=c)]) == 255 ) {
734 log_error(_("invalid radix64 character %02X skipped\n"), c2);
735 continue;
737 switch(idx) {
738 case 0: val = c << 2; break;
739 case 1: val |= (c>>4)&3; buf[n++]=val;val=(c<<4)&0xf0;break;
740 case 2: val |= (c>>2)&15; buf[n++]=val;val=(c<<6)&0xc0;break;
741 case 3: val |= c&0x3f; buf[n++] = val; break;
743 idx = (idx+1) % 4;
746 for(i=0; i < n; i++ )
747 crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
748 crc &= 0x00ffffff;
749 afx->crc = crc;
750 afx->idx = idx;
751 afx->radbuf[0] = val;
753 if( checkcrc ) {
754 afx->any_data = 1;
755 afx->inp_checked=0;
756 afx->faked = 0;
757 for(;;) { /* skip lf and pad characters */
758 if( afx->buffer_pos < afx->buffer_len )
759 c = afx->buffer[afx->buffer_pos++];
760 else { /* read the next line */
761 unsigned maxlen = MAX_LINELEN;
762 afx->buffer_pos = 0;
763 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
764 &afx->buffer_size, &maxlen );
765 if( !maxlen )
766 afx->truncated++;
767 if( !afx->buffer_len )
768 break; /* eof */
769 continue;
771 if( c == '\n' || c == ' ' || c == '\r'
772 || c == '\t' || c == '=' )
773 continue;
774 break;
776 if( c == -1 )
777 log_error(_("premature eof (no CRC)\n"));
778 else {
779 u32 mycrc = 0;
780 idx = 0;
781 do {
782 if( (c = asctobin[c]) == 255 )
783 break;
784 switch(idx) {
785 case 0: val = c << 2; break;
786 case 1: val |= (c>>4)&3; mycrc |= val << 16;val=(c<<4)&0xf0;break;
787 case 2: val |= (c>>2)&15; mycrc |= val << 8;val=(c<<6)&0xc0;break;
788 case 3: val |= c&0x3f; mycrc |= val; break;
790 for(;;) {
791 if( afx->buffer_pos < afx->buffer_len )
792 c = afx->buffer[afx->buffer_pos++];
793 else { /* read the next line */
794 unsigned maxlen = MAX_LINELEN;
795 afx->buffer_pos = 0;
796 afx->buffer_len = iobuf_read_line( a, &afx->buffer,
797 &afx->buffer_size,
798 &maxlen );
799 if( !maxlen )
800 afx->truncated++;
801 if( !afx->buffer_len )
802 break; /* eof */
803 continue;
805 break;
807 if( !afx->buffer_len )
808 break; /* eof */
809 } while( ++idx < 4 );
810 if( c == -1 ) {
811 log_info(_("premature eof (in CRC)\n"));
812 rc = invalid_crc();
814 else if( idx == 0 ) {
815 /* No CRC at all is legal ("MAY") */
816 rc=0;
818 else if( idx != 4 ) {
819 log_info(_("malformed CRC\n"));
820 rc = invalid_crc();
822 else if( mycrc != afx->crc ) {
823 log_info (_("CRC error; %06lX - %06lX\n"),
824 (ulong)afx->crc, (ulong)mycrc);
825 rc = invalid_crc();
827 else {
828 rc = 0;
829 /* FIXME: Here we should emit another control packet,
830 * so that we know in mainproc that we are processing
831 * a clearsign message */
832 #if 0
833 for(rc=0;!rc;) {
834 rc = 0 /*check_trailer( &fhdr, c )*/;
835 if( !rc ) {
836 if( (c=iobuf_get(a)) == -1 )
837 rc = 2;
840 if( rc == -1 )
841 rc = 0;
842 else if( rc == 2 ) {
843 log_error(_("premature eof (in trailer)\n"));
844 rc = G10ERR_INVALID_ARMOR;
846 else {
847 log_error(_("error in trailer line\n"));
848 rc = G10ERR_INVALID_ARMOR;
850 #endif
855 if( !n && !onlypad )
856 rc = -1;
858 *retn = n;
859 return rc;
862 /****************
863 * This filter is used to handle the armor stuff
866 armor_filter( void *opaque, int control,
867 IOBUF a, byte *buf, size_t *ret_len)
869 size_t size = *ret_len;
870 armor_filter_context_t *afx = opaque;
871 int rc=0, i, c;
872 byte radbuf[3];
873 int idx, idx2;
874 size_t n=0;
875 u32 crc;
876 #if 0
877 static FILE *fp ;
879 if( !fp ) {
880 fp = fopen("armor.out", "w");
881 assert(fp);
883 #endif
885 if( DBG_FILTER )
886 log_debug("armor-filter: control: %d\n", control );
887 if( control == IOBUFCTRL_UNDERFLOW && afx->inp_bypass ) {
888 n = 0;
889 if( afx->buffer_len ) {
890 for(; n < size && afx->buffer_pos < afx->buffer_len; n++ )
891 buf[n++] = afx->buffer[afx->buffer_pos++];
892 if( afx->buffer_pos >= afx->buffer_len )
893 afx->buffer_len = 0;
895 for(; n < size; n++ ) {
896 if( (c=iobuf_get(a)) == -1 )
897 break;
898 buf[n] = c & 0xff;
900 if( !n )
901 rc = -1;
902 *ret_len = n;
904 else if( control == IOBUFCTRL_UNDERFLOW ) {
905 /* We need some space for the faked packet. The minmum
906 * required size is the PARTIAL_CHUNK size plus a byte for the
907 * length itself */
908 if( size < PARTIAL_CHUNK+1 )
909 BUG(); /* supplied buffer too short */
911 if( afx->faked )
912 rc = fake_packet( afx, a, &n, buf, size );
913 else if( !afx->inp_checked ) {
914 rc = check_input( afx, a );
915 if( afx->inp_bypass ) {
916 for(n=0; n < size && afx->buffer_pos < afx->buffer_len; )
917 buf[n++] = afx->buffer[afx->buffer_pos++];
918 if( afx->buffer_pos >= afx->buffer_len )
919 afx->buffer_len = 0;
920 if( !n )
921 rc = -1;
923 else if( afx->faked ) {
924 unsigned int hashes = afx->hashes;
925 const byte *sesmark;
926 size_t sesmarklen;
928 sesmark = get_session_marker( &sesmarklen );
929 if ( sesmarklen > 20 )
930 BUG();
932 /* the buffer is at least 15+n*15 bytes long, so it
933 * is easy to construct the packets */
935 hashes &= 1|2|4|8|16|32|64;
936 if( !hashes ) {
937 hashes |= 4; /* default to MD 5 */
938 /* This is non-ideal since PGP 5-8 have the same
939 end-of-line bugs as PGP 2. However, we only
940 enable pgp2mode if there is no Hash: header. */
941 if( opt.pgp2_workarounds )
942 afx->pgp2mode = 1;
944 n=0;
945 /* First a gpg control packet... */
946 buf[n++] = 0xff; /* new format, type 63, 1 length byte */
947 n++; /* see below */
948 memcpy(buf+n, sesmark, sesmarklen ); n+= sesmarklen;
949 buf[n++] = CTRLPKT_CLEARSIGN_START;
950 buf[n++] = afx->not_dash_escaped? 0:1; /* sigclass */
951 if( hashes & 1 )
952 buf[n++] = DIGEST_ALGO_RMD160;
953 if( hashes & 2 )
954 buf[n++] = DIGEST_ALGO_SHA1;
955 if( hashes & 4 )
956 buf[n++] = DIGEST_ALGO_MD5;
957 if( hashes & 8 )
958 buf[n++] = DIGEST_ALGO_SHA224;
959 if( hashes & 16 )
960 buf[n++] = DIGEST_ALGO_SHA256;
961 if( hashes & 32 )
962 buf[n++] = DIGEST_ALGO_SHA384;
963 if( hashes & 64 )
964 buf[n++] = DIGEST_ALGO_SHA512;
965 buf[1] = n - 2;
967 /* ...followed by an invented plaintext packet.
968 Amusingly enough, this packet is not compliant with
969 2440 as the initial partial length is less than 512
970 bytes. Of course, we'll accept it anyway ;) */
972 buf[n++] = 0xCB; /* new packet format, type 11 */
973 buf[n++] = 0xE1; /* 2^1 == 2 bytes */
974 buf[n++] = 't'; /* canonical text mode */
975 buf[n++] = 0; /* namelength */
976 buf[n++] = 0xE2; /* 2^2 == 4 more bytes */
977 memset(buf+n, 0, 4); /* timestamp */
978 n += 4;
980 else if( !rc )
981 rc = radix64_read( afx, a, &n, buf, size );
983 else
984 rc = radix64_read( afx, a, &n, buf, size );
985 #if 0
986 if( n )
987 if( fwrite(buf, n, 1, fp ) != 1 )
988 BUG();
989 #endif
990 *ret_len = n;
992 else if( control == IOBUFCTRL_FLUSH && !afx->cancel ) {
993 if( !afx->status ) { /* write the header line */
994 const char *s;
995 STRLIST comment=opt.comments;
997 if( afx->what >= DIM(head_strings) )
998 log_bug("afx->what=%d", afx->what);
999 iobuf_writestr(a, "-----");
1000 iobuf_writestr(a, head_strings[afx->what] );
1001 iobuf_writestr(a, "-----" );
1002 iobuf_writestr(a,afx->eol);
1003 if( !opt.no_version )
1005 iobuf_writestr(a, "Version: GnuPG v" VERSION " ("
1006 PRINTABLE_OS_NAME ")" );
1007 iobuf_writestr(a,afx->eol);
1010 /* write the comment strings */
1011 for(s=comment->d;comment;comment=comment->next,s=comment->d)
1013 iobuf_writestr(a, "Comment: " );
1014 for( ; *s; s++ )
1016 if( *s == '\n' )
1017 iobuf_writestr(a, "\\n" );
1018 else if( *s == '\r' )
1019 iobuf_writestr(a, "\\r" );
1020 else if( *s == '\v' )
1021 iobuf_writestr(a, "\\v" );
1022 else
1023 iobuf_put(a, *s );
1026 iobuf_writestr(a,afx->eol);
1029 if ( afx->hdrlines ) {
1030 for ( s = afx->hdrlines; *s; s++ ) {
1031 #ifdef HAVE_DOSISH_SYSTEM
1032 if ( *s == '\n' )
1033 iobuf_put( a, '\r');
1034 #endif
1035 iobuf_put(a, *s );
1039 iobuf_writestr(a,afx->eol);
1040 afx->status++;
1041 afx->idx = 0;
1042 afx->idx2 = 0;
1043 afx->crc = CRCINIT;
1046 crc = afx->crc;
1047 idx = afx->idx;
1048 idx2 = afx->idx2;
1049 for(i=0; i < idx; i++ )
1050 radbuf[i] = afx->radbuf[i];
1052 for(i=0; i < size; i++ )
1053 crc = (crc << 8) ^ crc_table[((crc >> 16)&0xff) ^ buf[i]];
1054 crc &= 0x00ffffff;
1056 for( ; size; buf++, size-- ) {
1057 radbuf[idx++] = *buf;
1058 if( idx > 2 ) {
1059 idx = 0;
1060 c = bintoasc[(*radbuf >> 2) & 077];
1061 iobuf_put(a, c);
1062 c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
1063 iobuf_put(a, c);
1064 c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
1065 iobuf_put(a, c);
1066 c = bintoasc[radbuf[2]&077];
1067 iobuf_put(a, c);
1068 if( ++idx2 >= (64/4) )
1069 { /* pgp doesn't like 72 here */
1070 iobuf_writestr(a,afx->eol);
1071 idx2=0;
1075 for(i=0; i < idx; i++ )
1076 afx->radbuf[i] = radbuf[i];
1077 afx->idx = idx;
1078 afx->idx2 = idx2;
1079 afx->crc = crc;
1081 else if( control == IOBUFCTRL_INIT )
1083 if( !is_initialized )
1084 initialize();
1086 /* Figure out what we're using for line endings if the caller
1087 didn't specify. */
1088 if(afx->eol[0]==0)
1090 #ifdef HAVE_DOSISH_SYSTEM
1091 afx->eol[0]='\r';
1092 afx->eol[1]='\n';
1093 #else
1094 afx->eol[0]='\n';
1095 #endif
1098 else if( control == IOBUFCTRL_CANCEL ) {
1099 afx->cancel = 1;
1101 else if( control == IOBUFCTRL_FREE ) {
1102 if( afx->cancel )
1104 else if( afx->status ) { /* pad, write cecksum, and bottom line */
1105 crc = afx->crc;
1106 idx = afx->idx;
1107 idx2 = afx->idx2;
1108 for(i=0; i < idx; i++ )
1109 radbuf[i] = afx->radbuf[i];
1110 if( idx ) {
1111 c = bintoasc[(*radbuf>>2)&077];
1112 iobuf_put(a, c);
1113 if( idx == 1 ) {
1114 c = bintoasc[((*radbuf << 4) & 060) & 077];
1115 iobuf_put(a, c);
1116 iobuf_put(a, '=');
1117 iobuf_put(a, '=');
1119 else { /* 2 */
1120 c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1]>>4)&017))&077];
1121 iobuf_put(a, c);
1122 c = bintoasc[((radbuf[1] << 2) & 074) & 077];
1123 iobuf_put(a, c);
1124 iobuf_put(a, '=');
1126 if( ++idx2 >= (64/4) )
1127 { /* pgp doesn't like 72 here */
1128 iobuf_writestr(a,afx->eol);
1129 idx2=0;
1132 /* may need a linefeed */
1133 if( idx2 )
1134 iobuf_writestr(a,afx->eol);
1135 /* write the CRC */
1136 iobuf_put(a, '=');
1137 radbuf[0] = crc >>16;
1138 radbuf[1] = crc >> 8;
1139 radbuf[2] = crc;
1140 c = bintoasc[(*radbuf >> 2) & 077];
1141 iobuf_put(a, c);
1142 c = bintoasc[(((*radbuf<<4)&060)|((radbuf[1] >> 4)&017))&077];
1143 iobuf_put(a, c);
1144 c = bintoasc[(((radbuf[1]<<2)&074)|((radbuf[2]>>6)&03))&077];
1145 iobuf_put(a, c);
1146 c = bintoasc[radbuf[2]&077];
1147 iobuf_put(a, c);
1148 iobuf_writestr(a,afx->eol);
1149 /* and the the trailer */
1150 if( afx->what >= DIM(tail_strings) )
1151 log_bug("afx->what=%d", afx->what);
1152 iobuf_writestr(a, "-----");
1153 iobuf_writestr(a, tail_strings[afx->what] );
1154 iobuf_writestr(a, "-----" );
1155 iobuf_writestr(a,afx->eol);
1157 else if( !afx->any_data && !afx->inp_bypass ) {
1158 log_error(_("no valid OpenPGP data found.\n"));
1159 afx->no_openpgp_data = 1;
1160 write_status_text( STATUS_NODATA, "1" );
1162 if( afx->truncated )
1163 log_info(_("invalid armor: line longer than %d characters\n"),
1164 MAX_LINELEN );
1165 /* issue an error to enforce dissemination of correct software */
1166 if( afx->qp_detected )
1167 log_error(_("quoted printable character in armor - "
1168 "probably a buggy MTA has been used\n") );
1169 xfree( afx->buffer );
1170 afx->buffer = NULL;
1172 else if( control == IOBUFCTRL_DESC )
1173 *(char**)buf = "armor_filter";
1174 return rc;
1178 /****************
1179 * create a radix64 encoded string.
1181 char *
1182 make_radix64_string( const byte *data, size_t len )
1184 char *buffer, *p;
1186 buffer = p = xmalloc( (len+2)/3*4 + 1 );
1187 for( ; len >= 3 ; len -= 3, data += 3 ) {
1188 *p++ = bintoasc[(data[0] >> 2) & 077];
1189 *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
1190 *p++ = bintoasc[(((data[1]<<2)&074)|((data[2]>>6)&03))&077];
1191 *p++ = bintoasc[data[2]&077];
1193 if( len == 2 ) {
1194 *p++ = bintoasc[(data[0] >> 2) & 077];
1195 *p++ = bintoasc[(((data[0] <<4)&060)|((data[1] >> 4)&017))&077];
1196 *p++ = bintoasc[((data[1]<<2)&074)];
1198 else if( len == 1 ) {
1199 *p++ = bintoasc[(data[0] >> 2) & 077];
1200 *p++ = bintoasc[(data[0] <<4)&060];
1202 *p = 0;
1203 return buffer;
1207 /***********************************************
1208 * For the pipemode command we can't use the armor filter for various
1209 * reasons, so we use this new unarmor_pump stuff to remove the armor
1212 enum unarmor_state_e {
1213 STA_init = 0,
1214 STA_bypass,
1215 STA_wait_newline,
1216 STA_wait_dash,
1217 STA_first_dash,
1218 STA_compare_header,
1219 STA_found_header_wait_newline,
1220 STA_skip_header_lines,
1221 STA_skip_header_lines_non_ws,
1222 STA_read_data,
1223 STA_wait_crc,
1224 STA_read_crc,
1225 STA_ready
1228 struct unarmor_pump_s {
1229 enum unarmor_state_e state;
1230 byte val;
1231 int checkcrc;
1232 int pos; /* counts from 0..3 */
1233 u32 crc;
1234 u32 mycrc; /* the one store in the data */
1239 UnarmorPump
1240 unarmor_pump_new (void)
1242 UnarmorPump x;
1244 if( !is_initialized )
1245 initialize();
1246 x = xmalloc_clear (sizeof *x);
1247 return x;
1250 void
1251 unarmor_pump_release (UnarmorPump x)
1253 xfree (x);
1257 * Get the next character from the ascii armor taken from the IOBUF
1258 * created earlier by unarmor_pump_new().
1259 * Return: c = Character
1260 * 256 = ignore this value
1261 * -1 = End of current armor
1262 * -2 = Premature EOF (not used)
1263 * -3 = Invalid armor
1266 unarmor_pump (UnarmorPump x, int c)
1268 int rval = 256; /* default is to ignore the return value */
1270 switch (x->state) {
1271 case STA_init:
1273 byte tmp[1];
1274 tmp[0] = c;
1275 if ( is_armored (tmp) )
1276 x->state = c == '-'? STA_first_dash : STA_wait_newline;
1277 else {
1278 x->state = STA_bypass;
1279 return c;
1282 break;
1283 case STA_bypass:
1284 return c; /* return here to avoid crc calculation */
1285 case STA_wait_newline:
1286 if (c == '\n')
1287 x->state = STA_wait_dash;
1288 break;
1289 case STA_wait_dash:
1290 x->state = c == '-'? STA_first_dash : STA_wait_newline;
1291 break;
1292 case STA_first_dash: /* just need for initalization */
1293 x->pos = 0;
1294 x->state = STA_compare_header;
1295 case STA_compare_header:
1296 if ( "-----BEGIN PGP SIGNATURE-----"[++x->pos] == c ) {
1297 if ( x->pos == 28 )
1298 x->state = STA_found_header_wait_newline;
1300 else
1301 x->state = c == '\n'? STA_wait_dash : STA_wait_newline;
1302 break;
1303 case STA_found_header_wait_newline:
1304 /* to make CR,LF issues easier we simply allow for white space
1305 behind the 5 dashes */
1306 if ( c == '\n' )
1307 x->state = STA_skip_header_lines;
1308 else if ( c != '\r' && c != ' ' && c != '\t' )
1309 x->state = STA_wait_dash; /* garbage after the header line */
1310 break;
1311 case STA_skip_header_lines:
1312 /* i.e. wait for one empty line */
1313 if ( c == '\n' ) {
1314 x->state = STA_read_data;
1315 x->crc = CRCINIT;
1316 x->val = 0;
1317 x->pos = 0;
1319 else if ( c != '\r' && c != ' ' && c != '\t' )
1320 x->state = STA_skip_header_lines_non_ws;
1321 break;
1322 case STA_skip_header_lines_non_ws:
1323 /* like above but we already encountered non white space */
1324 if ( c == '\n' )
1325 x->state = STA_skip_header_lines;
1326 break;
1327 case STA_read_data:
1328 /* fixme: we don't check for the trailing dash lines but rely
1329 * on the armor stop characters */
1330 if( c == '\n' || c == ' ' || c == '\r' || c == '\t' )
1331 break; /* skip all kind of white space */
1333 if( c == '=' ) { /* pad character: stop */
1334 if( x->pos == 1 ) /* in this case val has some value */
1335 rval = x->val;
1336 x->state = STA_wait_crc;
1337 break;
1341 int c2;
1342 if( (c = asctobin[(c2=c)]) == 255 ) {
1343 log_error(_("invalid radix64 character %02X skipped\n"), c2);
1344 break;
1348 switch(x->pos) {
1349 case 0:
1350 x->val = c << 2;
1351 break;
1352 case 1:
1353 x->val |= (c>>4)&3;
1354 rval = x->val;
1355 x->val = (c<<4)&0xf0;
1356 break;
1357 case 2:
1358 x->val |= (c>>2)&15;
1359 rval = x->val;
1360 x->val = (c<<6)&0xc0;
1361 break;
1362 case 3:
1363 x->val |= c&0x3f;
1364 rval = x->val;
1365 break;
1367 x->pos = (x->pos+1) % 4;
1368 break;
1369 case STA_wait_crc:
1370 if( c == '\n' || c == ' ' || c == '\r' || c == '\t' || c == '=' )
1371 break; /* skip ws and pad characters */
1372 /* assume that we are at the next line */
1373 x->state = STA_read_crc;
1374 x->pos = 0;
1375 x->mycrc = 0;
1376 case STA_read_crc:
1377 if( (c = asctobin[c]) == 255 ) {
1378 rval = -1; /* ready */
1379 if( x->crc != x->mycrc ) {
1380 log_info (_("CRC error; %06lX - %06lX\n"),
1381 (ulong)x->crc, (ulong)x->mycrc);
1382 if ( invalid_crc() )
1383 rval = -3;
1385 x->state = STA_ready; /* not sure whether this is correct */
1386 break;
1389 switch(x->pos) {
1390 case 0:
1391 x->val = c << 2;
1392 break;
1393 case 1:
1394 x->val |= (c>>4)&3;
1395 x->mycrc |= x->val << 16;
1396 x->val = (c<<4)&0xf0;
1397 break;
1398 case 2:
1399 x->val |= (c>>2)&15;
1400 x->mycrc |= x->val << 8;
1401 x->val = (c<<6)&0xc0;
1402 break;
1403 case 3:
1404 x->val |= c&0x3f;
1405 x->mycrc |= x->val;
1406 break;
1408 x->pos = (x->pos+1) % 4;
1409 break;
1410 case STA_ready:
1411 rval = -1;
1412 break;
1415 if ( !(rval & ~255) ) { /* compute the CRC */
1416 x->crc = (x->crc << 8) ^ crc_table[((x->crc >> 16)&0xff) ^ rval];
1417 x->crc &= 0x00ffffff;
1420 return rval;