Fix for extended length Le in decipher
[gnupg.git] / g10 / build-packet.c
blob37922d90c16ccda71a0f15a31597b2e93ba8bfe5
1 /* build-packet.c - assemble packets and write them
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
3 * 2006 Free Software Foundation, Inc.
5 * This file is part of GnuPG.
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26 #include <ctype.h>
28 #include "gpg.h"
29 #include "packet.h"
30 #include "status.h"
31 #include "iobuf.h"
32 #include "util.h"
33 #include "cipher.h"
34 #include "i18n.h"
35 #include "options.h"
37 static int do_user_id( IOBUF out, int ctb, PKT_user_id *uid );
38 static int do_public_key( IOBUF out, int ctb, PKT_public_key *pk );
39 static int do_secret_key( IOBUF out, int ctb, PKT_secret_key *pk );
40 static int do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc );
41 static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
42 static u32 calc_plaintext( PKT_plaintext *pt );
43 static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
44 static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
45 static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
46 static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
47 static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
48 static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
50 static int calc_header_length( u32 len, int new_ctb );
51 static int write_16(IOBUF inp, u16 a);
52 static int write_32(IOBUF inp, u32 a);
53 static int write_header( IOBUF out, int ctb, u32 len );
54 static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
55 static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen );
56 static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
57 static int write_version( IOBUF out, int ctb );
59 /****************
60 * Build a packet and write it to INP
61 * Returns: 0 := okay
62 * >0 := error
63 * Note: Caller must free the packet
65 int
66 build_packet( IOBUF out, PACKET *pkt )
68 int new_ctb=0, rc=0, ctb;
69 int pkttype;
71 if( DBG_PACKET )
72 log_debug("build_packet() type=%d\n", pkt->pkttype );
73 assert( pkt->pkt.generic );
75 switch( (pkttype = pkt->pkttype) )
77 case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
78 case PKT_ENCRYPTED:
79 case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
80 case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
81 case PKT_USER_ID:
82 if( pkt->pkt.user_id->attrib_data )
83 pkttype = PKT_ATTRIBUTE;
84 break;
85 default: break;
88 if( new_ctb || pkttype > 15 ) /* new format */
89 ctb = 0xc0 | (pkttype & 0x3f);
90 else
91 ctb = 0x80 | ((pkttype & 15)<<2);
92 switch( pkttype )
94 case PKT_ATTRIBUTE:
95 case PKT_USER_ID:
96 rc = do_user_id( out, ctb, pkt->pkt.user_id );
97 break;
98 case PKT_OLD_COMMENT:
99 case PKT_COMMENT:
101 Ignore these. Theoretically, this will never be called as
102 we have no way to output comment packets any longer, but
103 just in case there is some code path that would end up
104 outputting a comment that was written before comments were
105 dropped (in the public key?) this is a no-op.
107 break;
108 case PKT_PUBLIC_SUBKEY:
109 case PKT_PUBLIC_KEY:
110 rc = do_public_key( out, ctb, pkt->pkt.public_key );
111 break;
112 case PKT_SECRET_SUBKEY:
113 case PKT_SECRET_KEY:
114 rc = do_secret_key( out, ctb, pkt->pkt.secret_key );
115 break;
116 case PKT_SYMKEY_ENC:
117 rc = do_symkey_enc( out, ctb, pkt->pkt.symkey_enc );
118 break;
119 case PKT_PUBKEY_ENC:
120 rc = do_pubkey_enc( out, ctb, pkt->pkt.pubkey_enc );
121 break;
122 case PKT_PLAINTEXT:
123 rc = do_plaintext( out, ctb, pkt->pkt.plaintext );
124 break;
125 case PKT_ENCRYPTED:
126 rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
127 break;
128 case PKT_ENCRYPTED_MDC:
129 rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
130 break;
131 case PKT_COMPRESSED:
132 rc = do_compressed( out, ctb, pkt->pkt.compressed );
133 break;
134 case PKT_SIGNATURE:
135 rc = do_signature( out, ctb, pkt->pkt.signature );
136 break;
137 case PKT_ONEPASS_SIG:
138 rc = do_onepass_sig( out, ctb, pkt->pkt.onepass_sig );
139 break;
140 case PKT_RING_TRUST:
141 break; /* ignore it (keyring.c does write it directly)*/
142 case PKT_MDC: /* we write it directly, so we should never see it here. */
143 default:
144 log_bug("invalid packet type in build_packet()\n");
145 break;
148 return rc;
153 * Write the mpi A to OUT.
155 static int
156 mpi_write (iobuf_t out, gcry_mpi_t a)
158 char buffer[(MAX_EXTERN_MPI_BITS+7)/8+2]; /* 2 is for the mpi length. */
159 size_t nbytes;
160 int rc;
162 nbytes = DIM(buffer);
163 rc = gcry_mpi_print (GCRYMPI_FMT_PGP, buffer, nbytes, &nbytes, a );
164 if( !rc )
165 rc = iobuf_write( out, buffer, nbytes );
166 else if (gpg_err_code(rc) == GPG_ERR_TOO_SHORT )
168 log_info ("mpi too large (%u bits)\n", gcry_mpi_get_nbits (a));
169 /* The buffer was too small. We better tell the user about the MPI. */
170 rc = gpg_error (GPG_ERR_TOO_LARGE);
173 return rc;
178 /****************
179 * calculate the length of a packet described by PKT
182 calc_packet_length( PACKET *pkt )
184 u32 n=0;
185 int new_ctb = 0;
187 assert( pkt->pkt.generic );
188 switch( pkt->pkttype ) {
189 case PKT_PLAINTEXT:
190 n = calc_plaintext( pkt->pkt.plaintext );
191 new_ctb = pkt->pkt.plaintext->new_ctb;
192 break;
193 case PKT_ATTRIBUTE:
194 case PKT_USER_ID:
195 case PKT_COMMENT:
196 case PKT_PUBLIC_KEY:
197 case PKT_SECRET_KEY:
198 case PKT_SYMKEY_ENC:
199 case PKT_PUBKEY_ENC:
200 case PKT_ENCRYPTED:
201 case PKT_SIGNATURE:
202 case PKT_ONEPASS_SIG:
203 case PKT_RING_TRUST:
204 case PKT_COMPRESSED:
205 default:
206 log_bug("invalid packet type in calc_packet_length()");
207 break;
210 n += calc_header_length(n, new_ctb);
211 return n;
214 static void
215 write_fake_data (IOBUF out, gcry_mpi_t a)
217 if (a)
219 unsigned int n;
220 void *p;
222 p = gcry_mpi_get_opaque ( a, &n );
223 iobuf_write (out, p, (n+7)/8 );
227 static int
228 do_user_id( IOBUF out, int ctb, PKT_user_id *uid )
230 int rc;
232 if( uid->attrib_data )
234 write_header(out, ctb, uid->attrib_len);
235 rc = iobuf_write( out, uid->attrib_data, uid->attrib_len );
237 else
239 write_header2( out, ctb, uid->len, 2 );
240 rc = iobuf_write( out, uid->name, uid->len );
242 return 0;
245 static int
246 do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
248 int rc = 0;
249 int n, i;
250 IOBUF a = iobuf_temp();
252 if ( !pk->version )
253 iobuf_put( a, 3 );
254 else
255 iobuf_put( a, pk->version );
256 write_32(a, pk->timestamp );
257 if ( pk->version < 4 )
259 u16 ndays;
260 if ( pk->expiredate )
261 ndays = (u16)((pk->expiredate - pk->timestamp) / 86400L);
262 else
263 ndays = 0;
264 write_16(a, ndays );
266 iobuf_put (a, pk->pubkey_algo );
267 n = pubkey_get_npkey ( pk->pubkey_algo );
268 if ( !n )
269 write_fake_data( a, pk->pkey[0] );
270 for (i=0; i < n && !rc ; i++ )
271 rc = mpi_write(a, pk->pkey[i] );
273 if (!rc)
275 write_header2 (out, ctb, iobuf_get_temp_length(a), pk->hdrbytes);
276 rc = iobuf_write_temp ( out, a );
279 iobuf_close(a);
280 return rc;
284 static int
285 do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
287 int rc = 0;
288 int i, nskey, npkey;
289 IOBUF a = iobuf_temp(); /* Build in a self-enlarging buffer. */
291 /* Write the version number - if none is specified, use 3 */
292 if ( !sk->version )
293 iobuf_put ( a, 3 );
294 else
295 iobuf_put ( a, sk->version );
296 write_32 (a, sk->timestamp );
298 /* v3 needs the expiration time. */
299 if ( sk->version < 4 )
301 u16 ndays;
302 if ( sk->expiredate )
303 ndays = (u16)((sk->expiredate - sk->timestamp) / 86400L);
304 else
305 ndays = 0;
306 write_16(a, ndays);
309 iobuf_put (a, sk->pubkey_algo );
311 /* Get number of secret and public parameters. They are held in one
312 array first the public ones, then the secret ones. */
313 nskey = pubkey_get_nskey ( sk->pubkey_algo );
314 npkey = pubkey_get_npkey ( sk->pubkey_algo );
316 /* If we don't have any public parameters - which is the case if we
317 don't know the algorithm used - the parameters are stored as one
318 blob in a faked (opaque) MPI. */
319 if ( !npkey )
321 write_fake_data( a, sk->skey[0] );
322 goto leave;
324 assert ( npkey < nskey );
326 /* Writing the public parameters is easy. */
327 for (i=0; i < npkey; i++ )
328 if ((rc = mpi_write (a, sk->skey[i])))
329 goto leave;
331 /* Build the header for protected (encrypted) secret parameters. */
332 if ( sk->is_protected )
334 if ( is_RSA(sk->pubkey_algo)
335 && sk->version < 4
336 && !sk->protect.s2k.mode )
338 /* The simple rfc1991 (v3) way. */
339 iobuf_put (a, sk->protect.algo );
340 iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
342 else
344 /* OpenPGP protection according to rfc2440. */
345 iobuf_put(a, sk->protect.sha1chk? 0xfe : 0xff );
346 iobuf_put(a, sk->protect.algo );
347 if ( sk->protect.s2k.mode >= 1000 )
349 /* These modes are not possible in OpenPGP, we use them
350 to implement our extensions, 101 can be seen as a
351 private/experimental extension (this is not specified
352 in rfc2440 but the same scheme is used for all other
353 algorithm identifiers) */
354 iobuf_put(a, 101 );
355 iobuf_put(a, sk->protect.s2k.hash_algo );
356 iobuf_write(a, "GNU", 3 );
357 iobuf_put(a, sk->protect.s2k.mode - 1000 );
359 else
361 iobuf_put(a, sk->protect.s2k.mode );
362 iobuf_put(a, sk->protect.s2k.hash_algo );
364 if ( sk->protect.s2k.mode == 1
365 || sk->protect.s2k.mode == 3 )
366 iobuf_write (a, sk->protect.s2k.salt, 8 );
368 if ( sk->protect.s2k.mode == 3 )
369 iobuf_put (a, sk->protect.s2k.count );
371 /* For our special modes 1001, 1002 we do not need an IV. */
372 if ( sk->protect.s2k.mode != 1001
373 && sk->protect.s2k.mode != 1002 )
374 iobuf_write (a, sk->protect.iv, sk->protect.ivlen );
377 else
378 iobuf_put (a, 0 );
380 if ( sk->protect.s2k.mode == 1001 )
381 ; /* GnuPG extension - don't write a secret key at all. */
382 else if ( sk->protect.s2k.mode == 1002 )
384 /* GnuPG extension - divert to OpenPGP smartcard. */
385 iobuf_put(a, sk->protect.ivlen ); /* Length of the serial number
386 or 0 for no serial
387 number. */
388 /* The serial number gets stored in the IV field. */
389 iobuf_write(a, sk->protect.iv, sk->protect.ivlen);
391 else if ( sk->is_protected && sk->version >= 4 )
393 /* The secret key is protected - write it out as it is. */
394 byte *p;
395 unsigned int ndatabits;
397 assert (gcry_mpi_get_flag (sk->skey[npkey], GCRYMPI_FLAG_OPAQUE));
398 p = gcry_mpi_get_opaque (sk->skey[npkey], &ndatabits );
399 iobuf_write (a, p, (ndatabits+7)/8 );
401 else if ( sk->is_protected )
403 /* The secret key is protected the old v4 way. */
404 for ( ; i < nskey; i++ )
406 byte *p;
407 unsigned int ndatabits;
409 assert (gcry_mpi_get_flag (sk->skey[i], GCRYMPI_FLAG_OPAQUE));
410 p = gcry_mpi_get_opaque (sk->skey[i], &ndatabits);
411 iobuf_write (a, p, (ndatabits+7)/8);
413 write_16(a, sk->csum );
415 else
417 /* Non-protected key. */
418 for ( ; i < nskey; i++ )
419 if ( (rc = mpi_write (a, sk->skey[i])))
420 goto leave;
421 write_16 (a, sk->csum );
424 leave:
425 if (!rc)
427 /* Build the header of the packet - which we must do after
428 writing all the other stuff, so that we know the length of
429 the packet */
430 write_header2(out, ctb, iobuf_get_temp_length(a), sk->hdrbytes);
431 /* And finally write it out the real stream */
432 rc = iobuf_write_temp( out, a );
435 iobuf_close(a); /* Close the remporary buffer */
436 return rc;
439 static int
440 do_symkey_enc( IOBUF out, int ctb, PKT_symkey_enc *enc )
442 int rc = 0;
443 IOBUF a = iobuf_temp();
445 assert( enc->version == 4 );
446 switch( enc->s2k.mode ) {
447 case 0: case 1: case 3: break;
448 default: log_bug("do_symkey_enc: s2k=%d\n", enc->s2k.mode );
450 iobuf_put( a, enc->version );
451 iobuf_put( a, enc->cipher_algo );
452 iobuf_put( a, enc->s2k.mode );
453 iobuf_put( a, enc->s2k.hash_algo );
454 if( enc->s2k.mode == 1 || enc->s2k.mode == 3 ) {
455 iobuf_write(a, enc->s2k.salt, 8 );
456 if( enc->s2k.mode == 3 )
457 iobuf_put(a, enc->s2k.count);
459 if( enc->seskeylen )
460 iobuf_write(a, enc->seskey, enc->seskeylen );
462 write_header(out, ctb, iobuf_get_temp_length(a) );
463 rc = iobuf_write_temp( out, a );
465 iobuf_close(a);
466 return rc;
470 static int
471 do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
473 int rc = 0;
474 int n, i;
475 IOBUF a = iobuf_temp();
477 write_version( a, ctb );
478 if ( enc->throw_keyid )
480 write_32(a, 0 ); /* Don't tell Eve who can decrypt the message. */
481 write_32(a, 0 );
483 else
485 write_32(a, enc->keyid[0] );
486 write_32(a, enc->keyid[1] );
488 iobuf_put(a,enc->pubkey_algo );
489 n = pubkey_get_nenc( enc->pubkey_algo );
490 if ( !n )
491 write_fake_data( a, enc->data[0] );
492 for (i=0; i < n && !rc ; i++ )
493 rc = mpi_write(a, enc->data[i] );
495 if (!rc)
497 write_header(out, ctb, iobuf_get_temp_length(a) );
498 rc = iobuf_write_temp( out, a );
500 iobuf_close(a);
501 return rc;
505 static u32
506 calc_plaintext( PKT_plaintext *pt )
508 /* Truncate namelen to the maximum 255 characters. Note this means
509 that a function that calls build_packet with an illegal literal
510 packet will get it back legalized. */
512 if(pt->namelen>255)
513 pt->namelen=255;
515 return pt->len? (1 + 1 + pt->namelen + 4 + pt->len) : 0;
518 static int
519 do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt )
521 int i, rc = 0;
522 u32 n;
523 byte buf[1000]; /* this buffer has the plaintext! */
524 int nbytes;
526 write_header(out, ctb, calc_plaintext( pt ) );
527 iobuf_put(out, pt->mode );
528 iobuf_put(out, pt->namelen );
529 for(i=0; i < pt->namelen; i++ )
530 iobuf_put(out, pt->name[i] );
531 rc = write_32(out, pt->timestamp );
532 if (rc)
533 return rc;
535 n = 0;
536 while( (nbytes=iobuf_read(pt->buf, buf, 1000)) != -1 ) {
537 rc = iobuf_write (out, buf, nbytes);
538 if (rc)
539 break;
540 n += nbytes;
542 wipememory(buf,1000); /* burn the buffer */
543 if( (ctb&0x40) && !pt->len )
544 iobuf_set_partial_block_mode(out, 0 ); /* turn off partial */
545 if( pt->len && n != pt->len )
546 log_error("do_plaintext(): wrote %lu bytes but expected %lu bytes\n",
547 (ulong)n, (ulong)pt->len );
549 return rc;
554 static int
555 do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed )
557 int rc = 0;
558 u32 n;
560 n = ed->len ? (ed->len + ed->extralen) : 0;
561 write_header(out, ctb, n );
563 /* This is all. The caller has to write the real data */
565 return rc;
568 static int
569 do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
571 int rc = 0;
572 u32 n;
574 assert( ed->mdc_method );
576 /* Take version number and the following MDC packet in account. */
577 n = ed->len ? (ed->len + ed->extralen + 1 + 22) : 0;
578 write_header(out, ctb, n );
579 iobuf_put(out, 1 ); /* version */
581 /* This is all. The caller has to write the real data */
583 return rc;
587 static int
588 do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
590 int rc = 0;
592 /* We must use the old convention and don't use blockmode for the
593 sake of PGP 2 compatibility. However if the new_ctb flag was
594 set, CTB is already formatted as new style and write_header2
595 does create a partial length encoding using new the new
596 style. */
597 write_header2(out, ctb, 0, 0);
598 iobuf_put(out, cd->algorithm );
600 /* This is all. The caller has to write the real data */
602 return rc;
606 /****************
607 * Delete all subpackets of type REQTYPE and return a bool whether a packet
608 * was deleted.
611 delete_sig_subpkt (subpktarea_t *area, sigsubpkttype_t reqtype )
613 int buflen;
614 sigsubpkttype_t type;
615 byte *buffer, *bufstart;
616 size_t n;
617 size_t unused = 0;
618 int okay = 0;
620 if( !area )
621 return 0;
622 buflen = area->len;
623 buffer = area->data;
624 for(;;) {
625 if( !buflen ) {
626 okay = 1;
627 break;
629 bufstart = buffer;
630 n = *buffer++; buflen--;
631 if( n == 255 ) {
632 if( buflen < 4 )
633 break;
634 n = (buffer[0] << 24) | (buffer[1] << 16)
635 | (buffer[2] << 8) | buffer[3];
636 buffer += 4;
637 buflen -= 4;
639 else if( n >= 192 ) {
640 if( buflen < 2 )
641 break;
642 n = (( n - 192 ) << 8) + *buffer + 192;
643 buffer++;
644 buflen--;
646 if( buflen < n )
647 break;
649 type = *buffer & 0x7f;
650 if( type == reqtype ) {
651 buffer++;
652 buflen--;
653 n--;
654 if( n > buflen )
655 break;
656 buffer += n; /* point to next subpkt */
657 buflen -= n;
658 memmove (bufstart, buffer, buflen); /* shift */
659 unused += buffer - bufstart;
660 buffer = bufstart;
662 else {
663 buffer += n; buflen -=n;
667 if (!okay)
668 log_error ("delete_subpkt: buffer shorter than subpacket\n");
669 assert (unused <= area->len);
670 area->len -= unused;
671 return !!unused;
675 /****************
676 * Create or update a signature subpacket for SIG of TYPE. This
677 * functions knows where to put the data (hashed or unhashed). The
678 * function may move data from the unhashed part to the hashed one.
679 * Note: All pointers into sig->[un]hashed (e.g. returned by
680 * parse_sig_subpkt) are not valid after a call to this function. The
681 * data to put into the subpaket should be in a buffer with a length
682 * of buflen.
684 void
685 build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
686 const byte *buffer, size_t buflen )
688 byte *p;
689 int critical, hashed;
690 subpktarea_t *oldarea, *newarea;
691 size_t nlen, n, n0;
693 critical = (type & SIGSUBPKT_FLAG_CRITICAL);
694 type &= ~SIGSUBPKT_FLAG_CRITICAL;
696 /* Sanity check buffer sizes */
697 if(parse_one_sig_subpkt(buffer,buflen,type)<0)
698 BUG();
700 switch(type)
702 case SIGSUBPKT_NOTATION:
703 case SIGSUBPKT_POLICY:
704 case SIGSUBPKT_REV_KEY:
705 case SIGSUBPKT_SIGNATURE:
706 /* we do allow multiple subpackets */
707 break;
709 default:
710 /* we don't allow multiple subpackets */
711 delete_sig_subpkt(sig->hashed,type);
712 delete_sig_subpkt(sig->unhashed,type);
713 break;
716 /* Any special magic that needs to be done for this type so the
717 packet doesn't need to be reparsed? */
718 switch(type)
720 case SIGSUBPKT_NOTATION:
721 sig->flags.notation=1;
722 break;
724 case SIGSUBPKT_POLICY:
725 sig->flags.policy_url=1;
726 break;
728 case SIGSUBPKT_PREF_KS:
729 sig->flags.pref_ks=1;
730 break;
732 case SIGSUBPKT_EXPORTABLE:
733 if(buffer[0])
734 sig->flags.exportable=1;
735 else
736 sig->flags.exportable=0;
737 break;
739 case SIGSUBPKT_REVOCABLE:
740 if(buffer[0])
741 sig->flags.revocable=1;
742 else
743 sig->flags.revocable=0;
744 break;
746 case SIGSUBPKT_TRUST:
747 sig->trust_depth=buffer[0];
748 sig->trust_value=buffer[1];
749 break;
751 case SIGSUBPKT_REGEXP:
752 sig->trust_regexp=buffer;
753 break;
755 /* This should never happen since we don't currently allow
756 creating such a subpacket, but just in case... */
757 case SIGSUBPKT_SIG_EXPIRE:
758 if(buffer_to_u32(buffer)+sig->timestamp<=make_timestamp())
759 sig->flags.expired=1;
760 else
761 sig->flags.expired=0;
762 break;
764 default:
765 break;
768 if( (buflen+1) >= 8384 )
769 nlen = 5; /* write 5 byte length header */
770 else if( (buflen+1) >= 192 )
771 nlen = 2; /* write 2 byte length header */
772 else
773 nlen = 1; /* just a 1 byte length header */
775 switch( type )
777 /* The issuer being unhashed is a historical oddity. It
778 should work equally as well hashed. Of course, if even an
779 unhashed issuer is tampered with, it makes it awfully hard
780 to verify the sig... */
781 case SIGSUBPKT_ISSUER:
782 case SIGSUBPKT_SIGNATURE:
783 hashed = 0;
784 break;
785 default:
786 hashed = 1;
787 break;
790 if( critical )
791 type |= SIGSUBPKT_FLAG_CRITICAL;
793 oldarea = hashed? sig->hashed : sig->unhashed;
795 /* Calculate new size of the area and allocate */
796 n0 = oldarea? oldarea->len : 0;
797 n = n0 + nlen + 1 + buflen; /* length, type, buffer */
798 if (oldarea && n <= oldarea->size) { /* fits into the unused space */
799 newarea = oldarea;
800 /*log_debug ("updating area for type %d\n", type );*/
802 else if (oldarea) {
803 newarea = xrealloc (oldarea, sizeof (*newarea) + n - 1);
804 newarea->size = n;
805 /*log_debug ("reallocating area for type %d\n", type );*/
807 else {
808 newarea = xmalloc (sizeof (*newarea) + n - 1);
809 newarea->size = n;
810 /*log_debug ("allocating area for type %d\n", type );*/
812 newarea->len = n;
814 p = newarea->data + n0;
815 if (nlen == 5) {
816 *p++ = 255;
817 *p++ = (buflen+1) >> 24;
818 *p++ = (buflen+1) >> 16;
819 *p++ = (buflen+1) >> 8;
820 *p++ = (buflen+1);
821 *p++ = type;
822 memcpy (p, buffer, buflen);
824 else if (nlen == 2) {
825 *p++ = (buflen+1-192) / 256 + 192;
826 *p++ = (buflen+1-192) % 256;
827 *p++ = type;
828 memcpy (p, buffer, buflen);
830 else {
831 *p++ = buflen+1;
832 *p++ = type;
833 memcpy (p, buffer, buflen);
836 if (hashed)
837 sig->hashed = newarea;
838 else
839 sig->unhashed = newarea;
842 /****************
843 * Put all the required stuff from SIG into subpackets of sig.
844 * Hmmm, should we delete those subpackets which are in a wrong area?
846 void
847 build_sig_subpkt_from_sig( PKT_signature *sig )
849 u32 u;
850 byte buf[8];
852 u = sig->keyid[0];
853 buf[0] = (u >> 24) & 0xff;
854 buf[1] = (u >> 16) & 0xff;
855 buf[2] = (u >> 8) & 0xff;
856 buf[3] = u & 0xff;
857 u = sig->keyid[1];
858 buf[4] = (u >> 24) & 0xff;
859 buf[5] = (u >> 16) & 0xff;
860 buf[6] = (u >> 8) & 0xff;
861 buf[7] = u & 0xff;
862 build_sig_subpkt( sig, SIGSUBPKT_ISSUER, buf, 8 );
864 u = sig->timestamp;
865 buf[0] = (u >> 24) & 0xff;
866 buf[1] = (u >> 16) & 0xff;
867 buf[2] = (u >> 8) & 0xff;
868 buf[3] = u & 0xff;
869 build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 );
871 if(sig->expiredate)
873 if(sig->expiredate>sig->timestamp)
874 u=sig->expiredate-sig->timestamp;
875 else
876 u=1; /* A 1-second expiration time is the shortest one
877 OpenPGP has */
879 buf[0] = (u >> 24) & 0xff;
880 buf[1] = (u >> 16) & 0xff;
881 buf[2] = (u >> 8) & 0xff;
882 buf[3] = u & 0xff;
884 /* Mark this CRITICAL, so if any implementation doesn't
885 understand sigs that can expire, it'll just disregard this
886 sig altogether. */
888 build_sig_subpkt( sig, SIGSUBPKT_SIG_EXPIRE | SIGSUBPKT_FLAG_CRITICAL,
889 buf, 4 );
893 void
894 build_attribute_subpkt(PKT_user_id *uid,byte type,
895 const void *buf,u32 buflen,
896 const void *header,u32 headerlen)
898 byte *attrib;
899 int idx;
901 if(1+headerlen+buflen>8383)
902 idx=5;
903 else if(1+headerlen+buflen>191)
904 idx=2;
905 else
906 idx=1;
908 /* realloc uid->attrib_data to the right size */
910 uid->attrib_data=xrealloc(uid->attrib_data,
911 uid->attrib_len+idx+1+headerlen+buflen);
913 attrib=&uid->attrib_data[uid->attrib_len];
915 if(idx==5)
917 attrib[0]=255;
918 attrib[1]=(1+headerlen+buflen) >> 24;
919 attrib[2]=(1+headerlen+buflen) >> 16;
920 attrib[3]=(1+headerlen+buflen) >> 8;
921 attrib[4]=1+headerlen+buflen;
923 else if(idx==2)
925 attrib[0]=(1+headerlen+buflen-192) / 256 + 192;
926 attrib[1]=(1+headerlen+buflen-192) % 256;
928 else
929 attrib[0]=1+headerlen+buflen; /* Good luck finding a JPEG this small! */
931 attrib[idx++]=type;
933 /* Tack on our data at the end */
935 if(headerlen>0)
936 memcpy(&attrib[idx],header,headerlen);
937 memcpy(&attrib[idx+headerlen],buf,buflen);
938 uid->attrib_len+=idx+headerlen+buflen;
941 struct notation *
942 string_to_notation(const char *string,int is_utf8)
944 const char *s;
945 int saw_at=0;
946 struct notation *notation;
948 notation=xmalloc_clear(sizeof(*notation));
950 if(*string=='-')
952 notation->flags.ignore=1;
953 string++;
956 if(*string=='!')
958 notation->flags.critical=1;
959 string++;
962 /* If and when the IETF assigns some official name tags, we'll have
963 to add them here. */
965 for( s=string ; *s != '='; s++ )
967 if( *s=='@')
968 saw_at++;
970 /* -notationname is legal without an = sign */
971 if(!*s && notation->flags.ignore)
972 break;
974 if( !*s || !isascii (*s) || (!isgraph(*s) && !isspace(*s)) )
976 log_error(_("a notation name must have only printable characters"
977 " or spaces, and end with an '='\n") );
978 goto fail;
982 notation->name=xmalloc((s-string)+1);
983 strncpy(notation->name,string,s-string);
984 notation->name[s-string]='\0';
986 if(!saw_at && !opt.expert)
988 log_error(_("a user notation name must contain the '@' character\n"));
989 goto fail;
992 if (saw_at > 1)
994 log_error(_("a notation name must not contain more than"
995 " one '@' character\n"));
996 goto fail;
999 if(*s)
1001 const char *i=s+1;
1002 int highbit=0;
1004 /* we only support printable text - therefore we enforce the use
1005 of only printable characters (an empty value is valid) */
1006 for(s++; *s ; s++ )
1008 if ( !isascii (*s) )
1009 highbit=1;
1010 else if (iscntrl(*s))
1012 log_error(_("a notation value must not use any"
1013 " control characters\n"));
1014 goto fail;
1018 if(!highbit || is_utf8)
1019 notation->value=xstrdup(i);
1020 else
1021 notation->value=native_to_utf8(i);
1024 return notation;
1026 fail:
1027 free_notation(notation);
1028 return NULL;
1031 struct notation *
1032 sig_to_notation(PKT_signature *sig)
1034 const byte *p;
1035 size_t len;
1036 int seq=0,crit;
1037 struct notation *list=NULL;
1039 while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,&len,&seq,&crit)))
1041 int n1,n2;
1042 struct notation *n=NULL;
1044 if(len<8)
1046 log_info(_("WARNING: invalid notation data found\n"));
1047 continue;
1050 n1=(p[4]<<8)|p[5];
1051 n2=(p[6]<<8)|p[7];
1053 if(8+n1+n2!=len)
1055 log_info(_("WARNING: invalid notation data found\n"));
1056 continue;
1059 n=xmalloc_clear(sizeof(*n));
1060 n->name=xmalloc(n1+1);
1062 memcpy(n->name,&p[8],n1);
1063 n->name[n1]='\0';
1065 if(p[0]&0x80)
1067 n->value=xmalloc(n2+1);
1068 memcpy(n->value,&p[8+n1],n2);
1069 n->value[n2]='\0';
1071 else
1073 n->bdat=xmalloc(n2);
1074 n->blen=n2;
1075 memcpy(n->bdat,&p[8+n1],n2);
1077 n->value=xmalloc(2+strlen(_("not human readable"))+2+1);
1078 strcpy(n->value,"[ ");
1079 strcat(n->value,_("not human readable"));
1080 strcat(n->value," ]");
1083 n->flags.critical=crit;
1085 n->next=list;
1086 list=n;
1089 return list;
1092 void
1093 free_notation(struct notation *notation)
1095 while(notation)
1097 struct notation *n=notation;
1099 xfree(n->name);
1100 xfree(n->value);
1101 xfree(n->altvalue);
1102 xfree(n->bdat);
1103 notation=n->next;
1104 xfree(n);
1108 static int
1109 do_signature( IOBUF out, int ctb, PKT_signature *sig )
1111 int rc = 0;
1112 int n, i;
1113 IOBUF a = iobuf_temp();
1115 if ( !sig->version )
1116 iobuf_put( a, 3 );
1117 else
1118 iobuf_put( a, sig->version );
1119 if ( sig->version < 4 )
1120 iobuf_put (a, 5 ); /* Constant */
1121 iobuf_put (a, sig->sig_class );
1122 if ( sig->version < 4 )
1124 write_32(a, sig->timestamp );
1125 write_32(a, sig->keyid[0] );
1126 write_32(a, sig->keyid[1] );
1128 iobuf_put(a, sig->pubkey_algo );
1129 iobuf_put(a, sig->digest_algo );
1130 if ( sig->version >= 4 )
1132 size_t nn;
1133 /* Timestamp and keyid must have been packed into the subpackets
1134 prior to the call of this function, because these subpackets
1135 are hashed. */
1136 nn = sig->hashed? sig->hashed->len : 0;
1137 write_16(a, nn);
1138 if (nn)
1139 iobuf_write( a, sig->hashed->data, nn );
1140 nn = sig->unhashed? sig->unhashed->len : 0;
1141 write_16(a, nn);
1142 if (nn)
1143 iobuf_write( a, sig->unhashed->data, nn );
1145 iobuf_put(a, sig->digest_start[0] );
1146 iobuf_put(a, sig->digest_start[1] );
1147 n = pubkey_get_nsig( sig->pubkey_algo );
1148 if ( !n )
1149 write_fake_data( a, sig->data[0] );
1150 for (i=0; i < n && !rc ; i++ )
1151 rc = mpi_write(a, sig->data[i] );
1153 if (!rc)
1155 if ( is_RSA(sig->pubkey_algo) && sig->version < 4 )
1156 write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
1157 else
1158 write_header(out, ctb, iobuf_get_temp_length(a) );
1159 rc = iobuf_write_temp( out, a );
1162 iobuf_close(a);
1163 return rc;
1167 static int
1168 do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops )
1170 int rc = 0;
1171 IOBUF a = iobuf_temp();
1173 write_version( a, ctb );
1174 iobuf_put(a, ops->sig_class );
1175 iobuf_put(a, ops->digest_algo );
1176 iobuf_put(a, ops->pubkey_algo );
1177 write_32(a, ops->keyid[0] );
1178 write_32(a, ops->keyid[1] );
1179 iobuf_put(a, ops->last );
1181 write_header(out, ctb, iobuf_get_temp_length(a) );
1182 rc = iobuf_write_temp( out, a );
1184 iobuf_close(a);
1185 return rc;
1189 static int
1190 write_16(IOBUF out, u16 a)
1192 iobuf_put(out, a>>8);
1193 if( iobuf_put(out,a) )
1194 return -1;
1195 return 0;
1198 static int
1199 write_32(IOBUF out, u32 a)
1201 iobuf_put(out, a>> 24);
1202 iobuf_put(out, a>> 16);
1203 iobuf_put(out, a>> 8);
1204 return iobuf_put(out, a);
1208 /****************
1209 * calculate the length of a header
1211 static int
1212 calc_header_length( u32 len, int new_ctb )
1214 if( !len )
1215 return 1; /* only the ctb */
1217 if( new_ctb ) {
1218 if( len < 192 )
1219 return 2;
1220 if( len < 8384 )
1221 return 3;
1222 else
1223 return 6;
1225 if( len < 256 )
1226 return 2;
1227 if( len < 65536 )
1228 return 3;
1230 return 5;
1233 /****************
1234 * Write the CTB and the packet length
1236 static int
1237 write_header( IOBUF out, int ctb, u32 len )
1239 return write_header2( out, ctb, len, 0 );
1243 static int
1244 write_sign_packet_header (IOBUF out, int ctb, u32 len)
1246 (void)ctb;
1248 /* Work around a bug in the pgp read function for signature packets,
1249 which are not correctly coded and silently assume at some point 2
1250 byte length headers.*/
1251 iobuf_put (out, 0x89 );
1252 iobuf_put (out, len >> 8 );
1253 return iobuf_put (out, len) == -1 ? -1:0;
1256 /****************
1257 * If HDRLEN is > 0, try to build a header of this length. We need
1258 * this so that we can hash packets without reading them again. If
1259 * len is 0, write a partial or indeterminate length header, unless
1260 * hdrlen is specified in which case write an actual zero length
1261 * (using the specified hdrlen).
1263 static int
1264 write_header2( IOBUF out, int ctb, u32 len, int hdrlen )
1266 if( ctb & 0x40 )
1267 return write_new_header( out, ctb, len, hdrlen );
1269 if( hdrlen )
1271 if( hdrlen == 2 && len < 256 )
1273 else if( hdrlen == 3 && len < 65536 )
1274 ctb |= 1;
1275 else
1276 ctb |= 2;
1278 else
1280 if( !len )
1281 ctb |= 3;
1282 else if( len < 256 )
1284 else if( len < 65536 )
1285 ctb |= 1;
1286 else
1287 ctb |= 2;
1290 if( iobuf_put(out, ctb ) )
1291 return -1;
1293 if( len || hdrlen )
1295 if( ctb & 2 )
1297 if(iobuf_put(out, len >> 24 ))
1298 return -1;
1299 if(iobuf_put(out, len >> 16 ))
1300 return -1;
1303 if( ctb & 3 )
1304 if(iobuf_put(out, len >> 8 ))
1305 return -1;
1307 if( iobuf_put(out, len ) )
1308 return -1;
1311 return 0;
1315 static int
1316 write_new_header( IOBUF out, int ctb, u32 len, int hdrlen )
1318 if( hdrlen )
1319 log_bug("can't cope with hdrlen yet\n");
1321 if( iobuf_put(out, ctb ) )
1322 return -1;
1323 if( !len ) {
1324 iobuf_set_partial_block_mode(out, 512 );
1326 else {
1327 if( len < 192 ) {
1328 if( iobuf_put(out, len ) )
1329 return -1;
1331 else if( len < 8384 ) {
1332 len -= 192;
1333 if( iobuf_put( out, (len / 256) + 192) )
1334 return -1;
1335 if( iobuf_put( out, (len % 256) ) )
1336 return -1;
1338 else {
1339 if( iobuf_put( out, 0xff ) )
1340 return -1;
1341 if( iobuf_put( out, (len >> 24)&0xff ) )
1342 return -1;
1343 if( iobuf_put( out, (len >> 16)&0xff ) )
1344 return -1;
1345 if( iobuf_put( out, (len >> 8)&0xff ) )
1346 return -1;
1347 if( iobuf_put( out, len & 0xff ) )
1348 return -1;
1351 return 0;
1354 static int
1355 write_version (IOBUF out, int ctb)
1357 (void)ctb;
1359 if (iobuf_put (out, 3))
1360 return -1;
1361 return 0;