search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
2008-02-01 Marcus Brinkmann <marcus@g10code.de>
[gnupg.git] / g10 / parse-packet.c
blob6b8e79ec11ec3b20886666ea02e4e91302760fa4
1 /* parse-packet.c - read packets
2 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006,
3 * 2007 Free Software Foundation, Inc.
4 *
5 * This file is part of GnuPG.
6 *
7 * GnuPG is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GnuPG is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <assert.h>
26
27 #include "gpg.h"
28 #include "packet.h"
29 #include "iobuf.h"
30 #include "util.h"
31 #include "cipher.h"
32 #include "filter.h"
33 #include "photoid.h"
34 #include "options.h"
35 #include "main.h"
36 #include "i18n.h"
37
38 static int mpi_print_mode;
39 static int list_mode;
40 static FILE *listfp;
41
42 static int parse( IOBUF inp, PACKET *pkt, int onlykeypkts,
43 off_t *retpos, int *skip, IOBUF out, int do_skip
44 #ifdef DEBUG_PARSE_PACKET
45 ,const char *dbg_w, const char *dbg_f, int dbg_l
46 #endif
47 );
48 static int copy_packet( IOBUF inp, IOBUF out, int pkttype,
49 unsigned long pktlen, int partial );
50 static void skip_packet( IOBUF inp, int pkttype,
51 unsigned long pktlen, int partial );
52 static void *read_rest( IOBUF inp, size_t pktlen, int partial );
53 static int parse_marker( IOBUF inp, int pkttype, unsigned long pktlen );
54 static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
55 PACKET *packet );
56 static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
57 PACKET *packet );
58 static int parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
59 PKT_onepass_sig *ops );
60 static int parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
61 byte *hdr, int hdrlen, PACKET *packet );
62 static int parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen,
63 PACKET *packet );
64 static int parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen,
65 PACKET *packet );
66 static int parse_comment( IOBUF inp, int pkttype, unsigned long pktlen,
67 PACKET *packet );
68 static void parse_trust( IOBUF inp, int pkttype, unsigned long pktlen,
69 PACKET *packet );
70 static int parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
71 PACKET *packet, int new_ctb, int partial);
72 static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
73 PACKET *packet, int new_ctb );
74 static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
75 PACKET *packet, int new_ctb, int partial);
76 static int parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
77 PACKET *packet, int new_ctb);
78 static int parse_gpg_control( IOBUF inp, int pkttype, unsigned long pktlen,
79 PACKET *packet, int partial );
80
81 static unsigned short
82 read_16(IOBUF inp)
83 {
84 unsigned short a;
85 a = iobuf_get_noeof(inp) << 8;
86 a |= iobuf_get_noeof(inp);
87 return a;
88 }
89
90 static unsigned long
91 read_32(IOBUF inp)
92 {
93 unsigned long a;
94 a = iobuf_get_noeof(inp) << 24;
95 a |= iobuf_get_noeof(inp) << 16;
96 a |= iobuf_get_noeof(inp) << 8;
97 a |= iobuf_get_noeof(inp);
98 return a;
99 }
100
101
102 /* Read an external representation of an mpi and return the MPI. The
103 * external format is a 16 bit unsigned value stored in network byte
104 * order, giving the number of bits for the following integer. The
105 * integer is stored with MSB first (left padded with zeroes to align
106 * on a byte boundary).
107 */
108 static gcry_mpi_t
109 mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
110 {
111 /*FIXME: Needs to be synced with gnupg14/mpi/mpicoder.c*/
112
113 int c, c1, c2, i;
114 unsigned int nbits, nbytes;
115 size_t nread;
116 gcry_mpi_t a = NULL;
117 byte *buf = NULL;
118 byte *p;
119
120 if ( (c = c1 = iobuf_get (inp)) == -1 )
121 goto leave;
122 nbits = c << 8;
123 if ( (c = c2 = iobuf_get (inp)) == -1 )
124 goto leave;
125 nbits |= c;
126 if ( nbits > MAX_EXTERN_MPI_BITS )
127 {
128 log_error("mpi too large (%u bits)\n", nbits);
129 goto leave;
130 }
131 nread = 2;
132 nbytes = (nbits+7) / 8;
133 buf = secure ? gcry_xmalloc_secure (nbytes + 2) : gcry_xmalloc (nbytes + 2);
134 p = buf;
135 p[0] = c1;
136 p[1] = c2;
137 for ( i=0 ; i < nbytes; i++ )
138 {
139 p[i+2] = iobuf_get(inp) & 0xff;
140 nread++;
141 }
142 if ( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, nread, &nread ) )
143 a = NULL;
144
145 leave:
146 gcry_free(buf);
147 if ( nread > *ret_nread )
148 log_bug ("mpi larger than packet");
149 else
150 *ret_nread = nread;
151 return a;
152 }
153
154
155
156
157 int
158 set_packet_list_mode( int mode )
159 {
160 int old = list_mode;
161 list_mode = mode;
162 /* FIXME(gcrypt) mpi_print_mode = DBG_MPI; */
163 /* We use stdout print only if invoked by the --list-packets
164 command but switch to stderr in all otehr cases. This breaks
165 the previous behaviour but that seems to be more of a bug than
166 intentional. I don't believe that any application makes use of
167 this long standing annoying way of printing to stdout except
168 when doing a --list-packets. If this assumption fails, it will
169 be easy to add an option for the listing stream. Note that we
170 initialize it only once; mainly because some code may switch
171 the option value later back to 1 and we want to have all output
172 to the same stream.
173
174 Using stderr is not actually very clean because it bypasses the
175 logging code but it is a special thing anyay. I am not sure
176 whether using log_stream() would be better. Perhaps we should
177 enable the list mdoe only with a special option. */
178 if (!listfp)
179 listfp = opt.list_packets == 2 ? stdout : stderr;
180 return old;
181 }
182
183 static void
184 unknown_pubkey_warning( int algo )
185 {
186 static byte unknown_pubkey_algos[256];
187
188 algo &= 0xff;
189 if( !unknown_pubkey_algos[algo] ) {
190 if( opt.verbose )
191 log_info(_("can't handle public key algorithm %d\n"), algo );
192 unknown_pubkey_algos[algo] = 1;
193 }
194 }
195
196 /****************
197 * Parse a Packet and return it in packet
198 * Returns: 0 := valid packet in pkt
199 * -1 := no more packets
200 * >0 := error
201 * Note: The function may return an error and a partly valid packet;
202 * caller must free this packet.
203 */
204 #ifdef DEBUG_PARSE_PACKET
205 int
206 dbg_parse_packet( IOBUF inp, PACKET *pkt, const char *dbg_f, int dbg_l )
207 {
208 int skip, rc;
209
210 do {
211 rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0, "parse", dbg_f, dbg_l );
212 } while( skip );
213 return rc;
214 }
215 #else
216 int
217 parse_packet( IOBUF inp, PACKET *pkt )
218 {
219 int skip, rc;
220
221 do {
222 rc = parse( inp, pkt, 0, NULL, &skip, NULL, 0 );
223 } while( skip );
224 return rc;
225 }
226 #endif
227
228 /****************
229 * Like parse packet, but only return secret or public (sub)key packets.
230 */
231 #ifdef DEBUG_PARSE_PACKET
232 int
233 dbg_search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid,
234 const char *dbg_f, int dbg_l )
235 {
236 int skip, rc;
237
238 do {
239 rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0, "search", dbg_f, dbg_l );
240 } while( skip );
241 return rc;
242 }
243 #else
244 int
245 search_packet( IOBUF inp, PACKET *pkt, off_t *retpos, int with_uid )
246 {
247 int skip, rc;
248
249 do {
250 rc = parse( inp, pkt, with_uid?2:1, retpos, &skip, NULL, 0 );
251 } while( skip );
252 return rc;
253 }
254 #endif
255
256 /****************
257 * Copy all packets from INP to OUT, thereby removing unused spaces.
258 */
259 #ifdef DEBUG_PARSE_PACKET
260 int
261 dbg_copy_all_packets( IOBUF inp, IOBUF out,
262 const char *dbg_f, int dbg_l )
263 {
264 PACKET pkt;
265 int skip, rc=0;
266 do {
267 init_packet(&pkt);
268 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0, "copy", dbg_f, dbg_l )));
269 return rc;
270 }
271 #else
272 int
273 copy_all_packets( IOBUF inp, IOBUF out )
274 {
275 PACKET pkt;
276 int skip, rc=0;
277 do {
278 init_packet(&pkt);
279 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )));
280 return rc;
281 }
282 #endif
283
284 /****************
285 * Copy some packets from INP to OUT, thereby removing unused spaces.
286 * Stop at offset STOPoff (i.e. don't copy packets at this or later offsets)
287 */
288 #ifdef DEBUG_PARSE_PACKET
289 int
290 dbg_copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff,
291 const char *dbg_f, int dbg_l )
292 {
293 PACKET pkt;
294 int skip, rc=0;
295 do {
296 if( iobuf_tell(inp) >= stopoff )
297 return 0;
298 init_packet(&pkt);
299 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0,
300 "some", dbg_f, dbg_l )) );
301 return rc;
302 }
303 #else
304 int
305 copy_some_packets( IOBUF inp, IOBUF out, off_t stopoff )
306 {
307 PACKET pkt;
308 int skip, rc=0;
309 do {
310 if( iobuf_tell(inp) >= stopoff )
311 return 0;
312 init_packet(&pkt);
313 } while( !(rc = parse( inp, &pkt, 0, NULL, &skip, out, 0 )) );
314 return rc;
315 }
316 #endif
317
318 /****************
319 * Skip over N packets
320 */
321 #ifdef DEBUG_PARSE_PACKET
322 int
323 dbg_skip_some_packets( IOBUF inp, unsigned n,
324 const char *dbg_f, int dbg_l )
325 {
326 int skip, rc=0;
327 PACKET pkt;
328
329 for( ;n && !rc; n--) {
330 init_packet(&pkt);
331 rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1, "skip", dbg_f, dbg_l );
332 }
333 return rc;
334 }
335 #else
336 int
337 skip_some_packets( IOBUF inp, unsigned n )
338 {
339 int skip, rc=0;
340 PACKET pkt;
341
342 for( ;n && !rc; n--) {
343 init_packet(&pkt);
344 rc = parse( inp, &pkt, 0, NULL, &skip, NULL, 1 );
345 }
346 return rc;
347 }
348 #endif
349
350
351 /****************
352 * Parse packet. Set the variable skip points to 1 if the packet
353 * should be skipped; this is the case if either ONLYKEYPKTS is set
354 * and the parsed packet isn't one or the
355 * packet-type is 0, indicating deleted stuff.
356 * if OUT is not NULL, a special copymode is used.
357 */
358 static int
359 parse( IOBUF inp, PACKET *pkt, int onlykeypkts, off_t *retpos,
360 int *skip, IOBUF out, int do_skip
361 #ifdef DEBUG_PARSE_PACKET
362 ,const char *dbg_w, const char *dbg_f, int dbg_l
363 #endif
364 )
365 {
366 int rc=0, c, ctb, pkttype, lenbytes;
367 unsigned long pktlen;
368 byte hdr[8];
369 int hdrlen;
370 int new_ctb = 0, partial=0;
371 int with_uid = (onlykeypkts == 2);
372
373 *skip = 0;
374 assert( !pkt->pkt.generic );
375 if( retpos )
376 *retpos = iobuf_tell(inp);
377
378 if( (ctb = iobuf_get(inp)) == -1 ) {
379 rc = -1;
380 goto leave;
381 }
382 hdrlen=0;
383 hdr[hdrlen++] = ctb;
384 if( !(ctb & 0x80) ) {
385 log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
386 rc = gpg_error (GPG_ERR_INV_PACKET);
387 goto leave;
388 }
389 pktlen = 0;
390 new_ctb = !!(ctb & 0x40);
391 if( new_ctb ) {
392 pkttype = ctb & 0x3f;
393 if( (c = iobuf_get(inp)) == -1 ) {
394 log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
395 rc = gpg_error (GPG_ERR_INV_PACKET);
396 goto leave;
397 }
398 if (pkttype == PKT_COMPRESSED) {
399 iobuf_set_partial_block_mode(inp, c & 0xff);
400 pktlen = 0;/* to indicate partial length */
401 partial=1;
402 }
403 else {
404 hdr[hdrlen++] = c;
405 if( c < 192 )
406 pktlen = c;
407 else if( c < 224 )
408 {
409 pktlen = (c - 192) * 256;
410 if( (c = iobuf_get(inp)) == -1 )
411 {
412 log_error("%s: 2nd length byte missing\n",
413 iobuf_where(inp) );
414 rc = gpg_error (GPG_ERR_INV_PACKET);
415 goto leave;
416 }
417 hdr[hdrlen++] = c;
418 pktlen += c + 192;
419 }
420 else if( c == 255 )
421 {
422 pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24;
423 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16;
424 pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8;
425 if( (c = iobuf_get(inp)) == -1 )
426 {
427 log_error("%s: 4 byte length invalid\n",
428 iobuf_where(inp) );
429 rc = gpg_error (GPG_ERR_INV_PACKET);
430 goto leave;
431 }
432 pktlen |= (hdr[hdrlen++] = c );
433 }
434 else
435 {
436 /* Partial body length. Note that we handled
437 PKT_COMPRESSED earlier. */
438 if(pkttype==PKT_PLAINTEXT || pkttype==PKT_ENCRYPTED
439 || pkttype==PKT_ENCRYPTED_MDC)
440 {
441 iobuf_set_partial_block_mode(inp, c & 0xff);
442 pktlen = 0;/* to indicate partial length */
443 partial=1;
444 }
445 else
446 {
447 log_error("%s: partial length for invalid"
448 " packet type %d\n",iobuf_where(inp),pkttype);
449 rc = gpg_error (GPG_ERR_INV_PACKET);
450 goto leave;
451 }
452 }
453 }
454 }
455 else
456 {
457 pkttype = (ctb>>2)&0xf;
458 lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
459 if( !lenbytes )
460 {
461 pktlen = 0; /* don't know the value */
462 /* This isn't really partial, but we can treat it the same
463 in a "read until the end" sort of way. */
464 partial=1;
465 if(pkttype!=PKT_ENCRYPTED && pkttype!=PKT_PLAINTEXT
466 && pkttype!=PKT_COMPRESSED)
467 {
468 log_error ("%s: indeterminate length for invalid"
469 " packet type %d\n", iobuf_where(inp), pkttype );
470 rc = gpg_error (GPG_ERR_INV_PACKET);
471 goto leave;
472 }
473 }
474 else
475 {
476 for( ; lenbytes; lenbytes-- )
477 {
478 pktlen <<= 8;
479 pktlen |= hdr[hdrlen++] = iobuf_get_noeof(inp);
480 }
481 }
482 }
483
484 if (pktlen == 0xffffffff) {
485 /* with a some probability this is caused by a problem in the
486 * the uncompressing layer - in some error cases it just loops
487 * and spits out 0xff bytes. */
488 log_error ("%s: garbled packet detected\n", iobuf_where(inp) );
489 g10_exit (2);
490 }
491
492 if( out && pkttype ) {
493 rc = iobuf_write (out, hdr, hdrlen);
494 if (!rc)
495 rc = copy_packet(inp, out, pkttype, pktlen, partial );
496 goto leave;
497 }
498
499 if (with_uid && pkttype == PKT_USER_ID)
500 ;
501 else if( do_skip
502 || !pkttype
503 || (onlykeypkts && pkttype != PKT_PUBLIC_SUBKEY
504 && pkttype != PKT_PUBLIC_KEY
505 && pkttype != PKT_SECRET_SUBKEY
506 && pkttype != PKT_SECRET_KEY ) ) {
507 iobuf_skip_rest(inp, pktlen, partial);
508 *skip = 1;
509 rc = 0;
510 goto leave;
511 }
512
513 if( DBG_PACKET ) {
514 #ifdef DEBUG_PARSE_PACKET
515 log_debug("parse_packet(iob=%d): type=%d length=%lu%s (%s.%s.%d)\n",
516 iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"",
517 dbg_w, dbg_f, dbg_l );
518 #else
519 log_debug("parse_packet(iob=%d): type=%d length=%lu%s\n",
520 iobuf_id(inp), pkttype, pktlen, new_ctb?" (new_ctb)":"" );
521 #endif
522 }
523 pkt->pkttype = pkttype;
524 rc = G10ERR_UNKNOWN_PACKET; /* default error */
525 switch( pkttype ) {
526 case PKT_PUBLIC_KEY:
527 case PKT_PUBLIC_SUBKEY:
528 pkt->pkt.public_key = xmalloc_clear(sizeof *pkt->pkt.public_key );
529 rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
530 break;
531 case PKT_SECRET_KEY:
532 case PKT_SECRET_SUBKEY:
533 pkt->pkt.secret_key = xmalloc_clear(sizeof *pkt->pkt.secret_key );
534 rc = parse_key(inp, pkttype, pktlen, hdr, hdrlen, pkt );
535 break;
536 case PKT_SYMKEY_ENC:
537 rc = parse_symkeyenc( inp, pkttype, pktlen, pkt );
538 break;
539 case PKT_PUBKEY_ENC:
540 rc = parse_pubkeyenc(inp, pkttype, pktlen, pkt );
541 break;
542 case PKT_SIGNATURE:
543 pkt->pkt.signature = xmalloc_clear(sizeof *pkt->pkt.signature );
544 rc = parse_signature(inp, pkttype, pktlen, pkt->pkt.signature );
545 break;
546 case PKT_ONEPASS_SIG:
547 pkt->pkt.onepass_sig = xmalloc_clear(sizeof *pkt->pkt.onepass_sig );
548 rc = parse_onepass_sig(inp, pkttype, pktlen, pkt->pkt.onepass_sig );
549 break;
550 case PKT_USER_ID:
551 rc = parse_user_id(inp, pkttype, pktlen, pkt );
552 break;
553 case PKT_ATTRIBUTE:
554 pkt->pkttype = pkttype = PKT_USER_ID; /* we store it in the userID */
555 rc = parse_attribute(inp, pkttype, pktlen, pkt);
556 break;
557 case PKT_OLD_COMMENT:
558 case PKT_COMMENT:
559 rc = parse_comment(inp, pkttype, pktlen, pkt);
560 break;
561 case PKT_RING_TRUST:
562 parse_trust(inp, pkttype, pktlen, pkt);
563 rc = 0;
564 break;
565 case PKT_PLAINTEXT:
566 rc = parse_plaintext(inp, pkttype, pktlen, pkt, new_ctb, partial );
567 break;
568 case PKT_COMPRESSED:
569 rc = parse_compressed(inp, pkttype, pktlen, pkt, new_ctb );
570 break;
571 case PKT_ENCRYPTED:
572 case PKT_ENCRYPTED_MDC:
573 rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb, partial );
574 break;
575 case PKT_MDC:
576 rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb );
577 break;
578 case PKT_GPG_CONTROL:
579 rc = parse_gpg_control(inp, pkttype, pktlen, pkt, partial );
580 break;
581 case PKT_MARKER:
582 rc = parse_marker(inp,pkttype,pktlen);
583 break;
584 default:
585 skip_packet(inp, pkttype, pktlen, partial);
586 break;
587 }
588
589 leave:
590 if( !rc && iobuf_error(inp) )
591 rc = G10ERR_INV_KEYRING;
592 return rc;
593 }
594
595 static void
596 dump_hex_line( int c, int *i )
597 {
598 if( *i && !(*i%8) ) {
599 if( *i && !(*i%24) )
600 fprintf (listfp, "\n%4d:", *i );
601 else
602 putc (' ', listfp);
603 }
604 if( c == -1 )
605 fprintf (listfp, " EOF" );
606 else
607 fprintf (listfp, " %02x", c );
608 ++*i;
609 }
610
611
612 static int
613 copy_packet( IOBUF inp, IOBUF out, int pkttype,
614 unsigned long pktlen, int partial )
615 {
616 int rc;
617 int n;
618 char buf[100];
619
620 if( partial ) {
621 while( (n = iobuf_read( inp, buf, 100 )) != -1 )
622 if( (rc=iobuf_write(out, buf, n )) )
623 return rc; /* write error */
624 }
625 else if( !pktlen && pkttype == PKT_COMPRESSED ) {
626 log_debug("copy_packet: compressed!\n");
627 /* compressed packet, copy till EOF */
628 while( (n = iobuf_read( inp, buf, 100 )) != -1 )
629 if( (rc=iobuf_write(out, buf, n )) )
630 return rc; /* write error */
631 }
632 else {
633 for( ; pktlen; pktlen -= n ) {
634 n = pktlen > 100 ? 100 : pktlen;
635 n = iobuf_read( inp, buf, n );
636 if( n == -1 )
637 return gpg_error (GPG_ERR_EOF);
638 if( (rc=iobuf_write(out, buf, n )) )
639 return rc; /* write error */
640 }
641 }
642 return 0;
643 }
644
645
646 static void
647 skip_packet( IOBUF inp, int pkttype, unsigned long pktlen, int partial )
648 {
649 if( list_mode )
650 {
651 fprintf (listfp, ":unknown packet: type %2d, length %lu\n",
652 pkttype, pktlen);
653 if( pkttype )
654 {
655 int c, i=0 ;
656 fputs("dump:", listfp );
657 if( partial )
658 {
659 while( (c=iobuf_get(inp)) != -1 )
660 dump_hex_line(c, &i);
661 }
662 else
663 {
664 for( ; pktlen; pktlen-- )
665 dump_hex_line(iobuf_get(inp), &i);
666 }
667 putc ('\n', listfp);
668 return;
669 }
670 }
671 iobuf_skip_rest(inp,pktlen,partial);
672 }
673
674 static void *
675 read_rest( IOBUF inp, size_t pktlen, int partial )
676 {
677 byte *p;
678 int i;
679
680 if( partial ) {
681 log_error("read_rest: can't store stream data\n");
682 p = NULL;
683 }
684 else {
685 p = xmalloc( pktlen );
686 for(i=0; pktlen; pktlen--, i++ )
687 p[i] = iobuf_get(inp);
688 }
689 return p;
690 }
691
692 static int
693 parse_marker( IOBUF inp, int pkttype, unsigned long pktlen )
694 {
695 if(pktlen!=3)
696 goto fail;
697
698 if(iobuf_get(inp)!='P')
699 {
700 pktlen--;
701 goto fail;
702 }
703
704 if(iobuf_get(inp)!='G')
705 {
706 pktlen--;
707 goto fail;
708 }
709
710 if(iobuf_get(inp)!='P')
711 {
712 pktlen--;
713 goto fail;
714 }
715
716 if(list_mode)
717 fputs(":marker packet: PGP\n", listfp );
718
719 return 0;
720
721 fail:
722 log_error("invalid marker packet\n");
723 iobuf_skip_rest(inp,pktlen,0);
724 return G10ERR_INVALID_PACKET;
725 }
726
727 static int
728 parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
729 {
730 PKT_symkey_enc *k;
731 int rc = 0;
732 int i, version, s2kmode, cipher_algo, hash_algo, seskeylen, minlen;
733
734 if( pktlen < 4 ) {
735 log_error("packet(%d) too short\n", pkttype);
736 rc = gpg_error (GPG_ERR_INV_PACKET);
737 goto leave;
738 }
739 version = iobuf_get_noeof(inp); pktlen--;
740 if( version != 4 ) {
741 log_error("packet(%d) with unknown version %d\n", pkttype, version);
742 rc = gpg_error (GPG_ERR_INV_PACKET);
743 goto leave;
744 }
745 if( pktlen > 200 ) { /* (we encode the seskeylen in a byte) */
746 log_error("packet(%d) too large\n", pkttype);
747 rc = gpg_error (GPG_ERR_INV_PACKET);
748 goto leave;
749 }
750 cipher_algo = iobuf_get_noeof(inp); pktlen--;
751 s2kmode = iobuf_get_noeof(inp); pktlen--;
752 hash_algo = iobuf_get_noeof(inp); pktlen--;
753 switch( s2kmode ) {
754 case 0: /* simple s2k */
755 minlen = 0;
756 break;
757 case 1: /* salted s2k */
758 minlen = 8;
759 break;
760 case 3: /* iterated+salted s2k */
761 minlen = 9;
762 break;
763 default:
764 log_error("unknown S2K %d\n", s2kmode );
765 goto leave;
766 }
767 if( minlen > pktlen ) {
768 log_error("packet with S2K %d too short\n", s2kmode );
769 rc = gpg_error (GPG_ERR_INV_PACKET);
770 goto leave;
771 }
772 seskeylen = pktlen - minlen;
773 k = packet->pkt.symkey_enc = xmalloc_clear( sizeof *packet->pkt.symkey_enc
774 + seskeylen - 1 );
775 k->version = version;
776 k->cipher_algo = cipher_algo;
777 k->s2k.mode = s2kmode;
778 k->s2k.hash_algo = hash_algo;
779 if( s2kmode == 1 || s2kmode == 3 ) {
780 for(i=0; i < 8 && pktlen; i++, pktlen-- )
781 k->s2k.salt[i] = iobuf_get_noeof(inp);
782 }
783 if( s2kmode == 3 ) {
784 k->s2k.count = iobuf_get(inp); pktlen--;
785 }
786 k->seskeylen = seskeylen;
787 if(k->seskeylen)
788 {
789 for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
790 k->seskey[i] = iobuf_get_noeof(inp);
791
792 /* What we're watching out for here is a session key decryptor
793 with no salt. The RFC says that using salt for this is a
794 MUST. */
795 if(s2kmode!=1 && s2kmode!=3)
796 log_info(_("WARNING: potentially insecure symmetrically"
797 " encrypted session key\n"));
798 }
799 assert( !pktlen );
800
801 if( list_mode ) {
802 fprintf (listfp, ":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
803 version, cipher_algo, s2kmode, hash_algo);
804 if(seskeylen)
805 fprintf (listfp, ", seskey %d bits",(seskeylen-1)*8);
806 fprintf (listfp, "\n");
807 if( s2kmode == 1 || s2kmode == 3 ) {
808 fprintf (listfp, "\tsalt ");
809 for(i=0; i < 8; i++ )
810 fprintf (listfp, "%02x", k->s2k.salt[i]);
811 if( s2kmode == 3 )
812 fprintf (listfp, ", count %lu (%lu)",
813 S2K_DECODE_COUNT((ulong)k->s2k.count),
814 (ulong)k->s2k.count );
815 fprintf (listfp, "\n");
816 }
817 }
818
819 leave:
820 iobuf_skip_rest(inp, pktlen, 0);
821 return rc;
822 }
823
824 static int
825 parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
826 {
827 unsigned int n;
828 int rc = 0;
829 int i, ndata;
830 PKT_pubkey_enc *k;
831
832 k = packet->pkt.pubkey_enc = xmalloc_clear(sizeof *packet->pkt.pubkey_enc);
833 if( pktlen < 12 ) {
834 log_error("packet(%d) too short\n", pkttype);
835 rc = gpg_error (GPG_ERR_INV_PACKET);
836 goto leave;
837 }
838 k->version = iobuf_get_noeof(inp); pktlen--;
839 if( k->version != 2 && k->version != 3 ) {
840 log_error("packet(%d) with unknown version %d\n", pkttype, k->version);
841 rc = gpg_error (GPG_ERR_INV_PACKET);
842 goto leave;
843 }
844 k->keyid[0] = read_32(inp); pktlen -= 4;
845 k->keyid[1] = read_32(inp); pktlen -= 4;
846 k->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
847 k->throw_keyid = 0; /* only used as flag for build_packet */
848 if( list_mode )
849 fprintf (listfp, ":pubkey enc packet: version %d, algo %d, keyid %08lX%08lX\n",
850 k->version, k->pubkey_algo, (ulong)k->keyid[0], (ulong)k->keyid[1]);
851
852 ndata = pubkey_get_nenc(k->pubkey_algo);
853 if( !ndata ) {
854 if( list_mode )
855 fprintf (listfp, "\tunsupported algorithm %d\n", k->pubkey_algo );
856 unknown_pubkey_warning( k->pubkey_algo );
857 k->data[0] = NULL; /* no need to store the encrypted data */
858 }
859 else {
860 for( i=0; i < ndata; i++ ) {
861 n = pktlen;
862 k->data[i] = mpi_read(inp, &n, 0); pktlen -=n;
863 if( list_mode ) {
864 fprintf (listfp, "\tdata: ");
865 mpi_print(listfp, k->data[i], mpi_print_mode );
866 putc ('\n', listfp);
867 }
868 if (!k->data[i])
869 rc = gpg_error (GPG_ERR_INV_PACKET);
870 }
871 }
872
873 leave:
874 iobuf_skip_rest(inp, pktlen, 0);
875 return rc;
876 }
877
878
879 static void
880 dump_sig_subpkt( int hashed, int type, int critical,
881 const byte *buffer, size_t buflen, size_t length )
882 {
883 const char *p=NULL;
884 int i;
885
886 /* The CERT has warning out with explains how to use GNUPG to
887 * detect the ARRs - we print our old message here when it is a faked
888 * ARR and add an additional notice */
889 if ( type == SIGSUBPKT_ARR && !hashed ) {
890 fprintf (listfp,
891 "\tsubpkt %d len %u (additional recipient request)\n"
892 "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically "
893 "encrypt to this key and thereby reveal the plaintext to "
894 "the owner of this ARR key. Detailed info follows:\n",
895 type, (unsigned)length );
896 }
897
898 buffer++;
899 length--;
900
901 fprintf (listfp, "\t%s%ssubpkt %d len %u (", /*)*/
902 critical ? "critical ":"",
903 hashed ? "hashed ":"", type, (unsigned)length );
904 if( length > buflen ) {
905 fprintf (listfp, "too short: buffer is only %u)\n", (unsigned)buflen );
906 return;
907 }
908 switch( type ) {
909 case SIGSUBPKT_SIG_CREATED:
910 if( length >= 4 )
911 fprintf (listfp, "sig created %s", strtimestamp( buffer_to_u32(buffer) ) );
912 break;
913 case SIGSUBPKT_SIG_EXPIRE:
914 if( length >= 4 )
915 {
916 if(buffer_to_u32(buffer))
917 fprintf (listfp, "sig expires after %s",
918 strtimevalue( buffer_to_u32(buffer) ) );
919 else
920 fprintf (listfp, "sig does not expire");
921 }
922 break;
923 case SIGSUBPKT_EXPORTABLE:
924 if( length )
925 fprintf (listfp, "%sexportable", *buffer? "":"not ");
926 break;
927 case SIGSUBPKT_TRUST:
928 if(length!=2)
929 p="[invalid trust subpacket]";
930 else
931 fprintf (listfp, "trust signature of depth %d, value %d",buffer[0],buffer[1]);
932 break;
933 case SIGSUBPKT_REGEXP:
934 if(!length)
935 p="[invalid regexp subpacket]";
936 else
937 fprintf (listfp, "regular expression: \"%s\"",buffer);
938 break;
939 case SIGSUBPKT_REVOCABLE:
940 if( length )
941 fprintf (listfp, "%srevocable", *buffer? "":"not ");
942 break;
943 case SIGSUBPKT_KEY_EXPIRE:
944 if( length >= 4 )
945 {
946 if(buffer_to_u32(buffer))
947 fprintf (listfp, "key expires after %s",
948 strtimevalue( buffer_to_u32(buffer) ) );
949 else
950 fprintf (listfp, "key does not expire");
951 }
952 break;
953 case SIGSUBPKT_PREF_SYM:
954 fputs("pref-sym-algos:", listfp );
955 for( i=0; i < length; i++ )
956 fprintf (listfp, " %d", buffer[i] );
957 break;
958 case SIGSUBPKT_REV_KEY:
959 fputs("revocation key: ", listfp );
960 if( length < 22 )
961 p = "[too short]";
962 else {
963 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
964 for( i=2; i < length; i++ )
965 fprintf (listfp, "%02X", buffer[i] );
966 }
967 break;
968 case SIGSUBPKT_ISSUER:
969 if( length >= 8 )
970 fprintf (listfp, "issuer key ID %08lX%08lX",
971 (ulong)buffer_to_u32(buffer),
972 (ulong)buffer_to_u32(buffer+4) );
973 break;
974 case SIGSUBPKT_NOTATION:
975 {
976 fputs("notation: ", listfp );
977 if( length < 8 )
978 p = "[too short]";
979 else {
980 const byte *s = buffer;
981 size_t n1, n2;
982
983 n1 = (s[4] << 8) | s[5];
984 n2 = (s[6] << 8) | s[7];
985 s += 8;
986 if( 8+n1+n2 != length )
987 p = "[error]";
988 else {
989 print_string( listfp, s, n1, ')' );
990 putc( '=', listfp );
991
992 if( *buffer & 0x80 )
993 print_string( listfp, s+n1, n2, ')' );
994 else
995 p = "[not human readable]";
996 }
997 }
998 }
999 break;
1000 case SIGSUBPKT_PREF_HASH:
1001 fputs("pref-hash-algos:", listfp );
1002 for( i=0; i < length; i++ )
1003 fprintf (listfp, " %d", buffer[i] );
1004 break;
1005 case SIGSUBPKT_PREF_COMPR:
1006 fputs("pref-zip-algos:", listfp );
1007 for( i=0; i < length; i++ )
1008 fprintf (listfp, " %d", buffer[i] );
1009 break;
1010 case SIGSUBPKT_KS_FLAGS:
1011 fputs("key server preferences:",listfp);
1012 for(i=0;i<length;i++)
1013 fprintf (listfp, " %02X", buffer[i]);
1014 break;
1015 case SIGSUBPKT_PREF_KS:
1016 fputs("preferred key server: ", listfp );
1017 print_string( listfp, buffer, length, ')' );
1018 break;
1019 case SIGSUBPKT_PRIMARY_UID:
1020 p = "primary user ID";
1021 break;
1022 case SIGSUBPKT_POLICY:
1023 fputs("policy: ", listfp );
1024 print_string( listfp, buffer, length, ')' );
1025 break;
1026 case SIGSUBPKT_KEY_FLAGS:
1027 fputs ( "key flags:", listfp );
1028 for( i=0; i < length; i++ )
1029 fprintf (listfp, " %02X", buffer[i] );
1030 break;
1031 case SIGSUBPKT_SIGNERS_UID:
1032 p = "signer's user ID";
1033 break;
1034 case SIGSUBPKT_REVOC_REASON:
1035 if( length ) {
1036 fprintf (listfp, "revocation reason 0x%02x (", *buffer );
1037 print_string( listfp, buffer+1, length-1, ')' );
1038 p = ")";
1039 }
1040 break;
1041 case SIGSUBPKT_ARR:
1042 fputs("Big Brother's key (ignored): ", listfp );
1043 if( length < 22 )
1044 p = "[too short]";
1045 else {
1046 fprintf (listfp, "c=%02x a=%d f=", buffer[0], buffer[1] );
1047 for( i=2; i < length; i++ )
1048 fprintf (listfp, "%02X", buffer[i] );
1049 }
1050 break;
1051 case SIGSUBPKT_FEATURES:
1052 fputs ( "features:", listfp );
1053 for( i=0; i < length; i++ )
1054 fprintf (listfp, " %02x", buffer[i] );
1055 break;
1056 case SIGSUBPKT_SIGNATURE:
1057 fputs("signature: ",listfp);
1058 if(length<17)
1059 p="[too short]";
1060 else
1061 fprintf (listfp, "v%d, class 0x%02X, algo %d, digest algo %d",
1062 buffer[0],
1063 buffer[0]==3?buffer[2]:buffer[1],
1064 buffer[0]==3?buffer[15]:buffer[2],
1065 buffer[0]==3?buffer[16]:buffer[3]);
1066 break;
1067 default:
1068 if(type>=100 && type<=110)
1069 p="experimental / private subpacket";
1070 else
1071 p = "?";
1072 break;
1073 }
1074
1075 fprintf (listfp, "%s)\n", p? p: "");
1076 }
1077
1078 /****************
1079 * Returns: >= 0 use this offset into buffer
1080 * -1 explicitly reject returning this type
1081 * -2 subpacket too short
1082 */
1083 int
1084 parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
1085 {
1086 switch( type )
1087 {
1088 case SIGSUBPKT_REV_KEY:
1089 if(n < 22)
1090 break;
1091 return 0;
1092 case SIGSUBPKT_SIG_CREATED:
1093 case SIGSUBPKT_SIG_EXPIRE:
1094 case SIGSUBPKT_KEY_EXPIRE:
1095 if( n < 4 )
1096 break;
1097 return 0;
1098 case SIGSUBPKT_KEY_FLAGS:
1099 case SIGSUBPKT_KS_FLAGS:
1100 case SIGSUBPKT_PREF_SYM:
1101 case SIGSUBPKT_PREF_HASH:
1102 case SIGSUBPKT_PREF_COMPR:
1103 case SIGSUBPKT_POLICY:
1104 case SIGSUBPKT_PREF_KS:
1105 case SIGSUBPKT_FEATURES:
1106 case SIGSUBPKT_REGEXP:
1107 return 0;
1108 case SIGSUBPKT_SIGNATURE:
1109 case SIGSUBPKT_EXPORTABLE:
1110 case SIGSUBPKT_REVOCABLE:
1111 case SIGSUBPKT_REVOC_REASON:
1112 if( !n )
1113 break;
1114 return 0;
1115 case SIGSUBPKT_ISSUER: /* issuer key ID */
1116 if( n < 8 )
1117 break;
1118 return 0;
1119 case SIGSUBPKT_NOTATION:
1120 /* minimum length needed, and the subpacket must be well-formed
1121 where the name length and value length all fit inside the
1122 packet. */
1123 if(n<8 || 8+((buffer[4]<<8)|buffer[5])+((buffer[6]<<8)|buffer[7]) != n)
1124 break;
1125 return 0;
1126 case SIGSUBPKT_PRIMARY_UID:
1127 if ( n != 1 )
1128 break;
1129 return 0;
1130 case SIGSUBPKT_TRUST:
1131 if ( n != 2 )
1132 break;
1133 return 0;
1134 default: return 0;
1135 }
1136 return -2;
1137 }
1138
1139 /* Not many critical notations we understand yet... */
1140 static int
1141 can_handle_critical_notation(const byte *name,size_t len)
1142 {
1143 if(len==32 && memcmp(name,"preferred-email-encoding@pgp.com",32)==0)
1144 return 1;
1145 if(len==21 && memcmp(name,"pka-address@gnupg.org",21)==0)
1146 return 1;
1147
1148 return 0;
1149 }
1150
1151 static int
1152 can_handle_critical( const byte *buffer, size_t n, int type )
1153 {
1154 switch( type )
1155 {
1156 case SIGSUBPKT_NOTATION:
1157 if(n>=8)
1158 return can_handle_critical_notation(buffer+8,(buffer[4]<<8)|buffer[5]);
1159 else
1160 return 0;
1161 case SIGSUBPKT_SIGNATURE:
1162 case SIGSUBPKT_SIG_CREATED:
1163 case SIGSUBPKT_SIG_EXPIRE:
1164 case SIGSUBPKT_KEY_EXPIRE:
1165 case SIGSUBPKT_EXPORTABLE:
1166 case SIGSUBPKT_REVOCABLE:
1167 case SIGSUBPKT_REV_KEY:
1168 case SIGSUBPKT_ISSUER:/* issuer key ID */
1169 case SIGSUBPKT_PREF_SYM:
1170 case SIGSUBPKT_PREF_HASH:
1171 case SIGSUBPKT_PREF_COMPR:
1172 case SIGSUBPKT_KEY_FLAGS:
1173 case SIGSUBPKT_PRIMARY_UID:
1174 case SIGSUBPKT_FEATURES:
1175 case SIGSUBPKT_TRUST:
1176 case SIGSUBPKT_REGEXP:
1177 /* Is it enough to show the policy or keyserver? */
1178 case SIGSUBPKT_POLICY:
1179 case SIGSUBPKT_PREF_KS:
1180 return 1;
1181
1182 default:
1183 return 0;
1184 }
1185 }
1186
1187
1188 const byte *
1189 enum_sig_subpkt( const subpktarea_t *pktbuf, sigsubpkttype_t reqtype,
1190 size_t *ret_n, int *start, int *critical )
1191 {
1192 const byte *buffer;
1193 int buflen;
1194 int type;
1195 int critical_dummy;
1196 int offset;
1197 size_t n;
1198 int seq = 0;
1199 int reqseq = start? *start: 0;
1200
1201 if(!critical)
1202 critical=&critical_dummy;
1203
1204 if( !pktbuf || reqseq == -1 ) {
1205 /* return some value different from NULL to indicate that
1206 * there is no critical bit we do not understand. The caller
1207 * will never use the value. Yes I know, it is an ugly hack */
1208 return reqtype == SIGSUBPKT_TEST_CRITICAL? (const byte*)&pktbuf : NULL;
1209 }
1210 buffer = pktbuf->data;
1211 buflen = pktbuf->len;
1212 while( buflen ) {
1213 n = *buffer++; buflen--;
1214 if( n == 255 ) { /* 4 byte length header */
1215 if( buflen < 4 )
1216 goto too_short;
1217 n = (buffer[0] << 24) | (buffer[1] << 16)
1218 | (buffer[2] << 8) | buffer[3];
1219 buffer += 4;
1220 buflen -= 4;
1221 }
1222 else if( n >= 192 ) { /* 2 byte special encoded length header */
1223 if( buflen < 2 )
1224 goto too_short;
1225 n = (( n - 192 ) << 8) + *buffer + 192;
1226 buffer++;
1227 buflen--;
1228 }
1229 if( buflen < n )
1230 goto too_short;
1231 type = *buffer;
1232 if( type & 0x80 ) {
1233 type &= 0x7f;
1234 *critical = 1;
1235 }
1236 else
1237 *critical = 0;
1238 if( !(++seq > reqseq) )
1239 ;
1240 else if( reqtype == SIGSUBPKT_TEST_CRITICAL ) {
1241 if( *critical ) {
1242 if( n-1 > buflen+1 )
1243 goto too_short;
1244 if( !can_handle_critical(buffer+1, n-1, type ) )
1245 {
1246 if(opt.verbose)
1247 log_info(_("subpacket of type %d has "
1248 "critical bit set\n"),type);
1249 if( start )
1250 *start = seq;
1251 return NULL; /* this is an error */
1252 }
1253 }
1254 }
1255 else if( reqtype < 0 ) /* list packets */
1256 dump_sig_subpkt( reqtype == SIGSUBPKT_LIST_HASHED,
1257 type, *critical, buffer, buflen, n );
1258 else if( type == reqtype ) { /* found */
1259 buffer++;
1260 n--;
1261 if( n > buflen )
1262 goto too_short;
1263 if( ret_n )
1264 *ret_n = n;
1265 offset = parse_one_sig_subpkt(buffer, n, type );
1266 switch( offset ) {
1267 case -2:
1268 log_error("subpacket of type %d too short\n", type);
1269 return NULL;
1270 case -1:
1271 return NULL;
1272 default:
1273 break;
1274 }
1275 if( start )
1276 *start = seq;
1277 return buffer+offset;
1278 }
1279 buffer += n; buflen -=n;
1280 }
1281 if( reqtype == SIGSUBPKT_TEST_CRITICAL )
1282 return buffer; /* as value true to indicate that there is no */
1283 /* critical bit we don't understand */
1284 if( start )
1285 *start = -1;
1286 return NULL; /* end of packets; not found */
1287
1288 too_short:
1289 if(opt.verbose)
1290 log_info("buffer shorter than subpacket\n");
1291 if( start )
1292 *start = -1;
1293 return NULL;
1294 }
1295
1296
1297 const byte *
1298 parse_sig_subpkt (const subpktarea_t *buffer, sigsubpkttype_t reqtype,
1299 size_t *ret_n)
1300 {
1301 return enum_sig_subpkt( buffer, reqtype, ret_n, NULL, NULL );
1302 }
1303
1304 const byte *
1305 parse_sig_subpkt2 (PKT_signature *sig, sigsubpkttype_t reqtype,
1306 size_t *ret_n )
1307 {
1308 const byte *p;
1309
1310 p = parse_sig_subpkt (sig->hashed, reqtype, ret_n );
1311 if( !p )
1312 p = parse_sig_subpkt (sig->unhashed, reqtype, ret_n );
1313 return p;
1314 }
1315
1316 /* Find all revocation keys. Look in hashed area only. */
1317 void parse_revkeys(PKT_signature *sig)
1318 {
1319 struct revocation_key *revkey;
1320 int seq=0;
1321 size_t len;
1322
1323 if(sig->sig_class!=0x1F)
1324 return;
1325
1326 while((revkey=
1327 (struct revocation_key *)enum_sig_subpkt(sig->hashed,
1328 SIGSUBPKT_REV_KEY,
1329 &len,&seq,NULL)))
1330 {
1331 if(len==sizeof(struct revocation_key) &&
1332 (revkey->class&0x80)) /* 0x80 bit must be set */
1333 {
1334 sig->revkey=xrealloc(sig->revkey,
1335 sizeof(struct revocation_key *)*(sig->numrevkeys+1));
1336 sig->revkey[sig->numrevkeys]=revkey;
1337 sig->numrevkeys++;
1338 }
1339 }
1340 }
1341
1342 int
1343 parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
1344 PKT_signature *sig )
1345 {
1346 int md5_len=0;
1347 unsigned n;
1348 int is_v4=0;
1349 int rc=0;
1350 int i, ndata;
1351
1352 if( pktlen < 16 ) {
1353 log_error("packet(%d) too short\n", pkttype);
1354 goto leave;
1355 }
1356 sig->version = iobuf_get_noeof(inp); pktlen--;
1357 if( sig->version == 4 )
1358 is_v4=1;
1359 else if( sig->version != 2 && sig->version != 3 ) {
1360 log_error("packet(%d) with unknown version %d\n",
1361 pkttype, sig->version);
1362 rc = gpg_error (GPG_ERR_INV_PACKET);
1363 goto leave;
1364 }
1365
1366 if( !is_v4 ) {
1367 md5_len = iobuf_get_noeof(inp); pktlen--;
1368 }
1369 sig->sig_class = iobuf_get_noeof(inp); pktlen--;
1370 if( !is_v4 ) {
1371 sig->timestamp = read_32(inp); pktlen -= 4;
1372 sig->keyid[0] = read_32(inp); pktlen -= 4;
1373 sig->keyid[1] = read_32(inp); pktlen -= 4;
1374 }
1375 sig->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
1376 sig->digest_algo = iobuf_get_noeof(inp); pktlen--;
1377 sig->flags.exportable=1;
1378 sig->flags.revocable=1;
1379 if( is_v4 ) { /* read subpackets */
1380 n = read_16(inp); pktlen -= 2; /* length of hashed data */
1381 if( n > 10000 ) {
1382 log_error("signature packet: hashed data too long\n");
1383 rc = G10ERR_INVALID_PACKET;
1384 goto leave;
1385 }
1386 if( n ) {
1387 sig->hashed = xmalloc (sizeof (*sig->hashed) + n - 1 );
1388 sig->hashed->size = n;
1389 sig->hashed->len = n;
1390 if( iobuf_read (inp, sig->hashed->data, n ) != n ) {
1391 log_error ("premature eof while reading "
1392 "hashed signature data\n");
1393 rc = -1;
1394 goto leave;
1395 }
1396 pktlen -= n;
1397 }
1398 n = read_16(inp); pktlen -= 2; /* length of unhashed data */
1399 if( n > 10000 ) {
1400 log_error("signature packet: unhashed data too long\n");
1401 rc = G10ERR_INVALID_PACKET;
1402 goto leave;
1403 }
1404 if( n ) {
1405 sig->unhashed = xmalloc (sizeof(*sig->unhashed) + n - 1 );
1406 sig->unhashed->size = n;
1407 sig->unhashed->len = n;
1408 if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
1409 log_error("premature eof while reading "
1410 "unhashed signature data\n");
1411 rc = -1;
1412 goto leave;
1413 }
1414 pktlen -= n;
1415 }
1416 }
1417
1418 if( pktlen < 5 ) { /* sanity check */
1419 log_error("packet(%d) too short\n", pkttype);
1420 rc = G10ERR_INVALID_PACKET;
1421 goto leave;
1422 }
1423
1424 sig->digest_start[0] = iobuf_get_noeof(inp); pktlen--;
1425 sig->digest_start[1] = iobuf_get_noeof(inp); pktlen--;
1426
1427 if( is_v4 && sig->pubkey_algo )
1428 { /*extract required information */
1429 const byte *p;
1430 size_t len;
1431
1432 /* set sig->flags.unknown_critical if there is a
1433 * critical bit set for packets which we do not understand */
1434 if( !parse_sig_subpkt (sig->hashed, SIGSUBPKT_TEST_CRITICAL, NULL)
1435 || !parse_sig_subpkt (sig->unhashed, SIGSUBPKT_TEST_CRITICAL,
1436 NULL) )
1437 sig->flags.unknown_critical = 1;
1438
1439 p = parse_sig_subpkt (sig->hashed, SIGSUBPKT_SIG_CREATED, NULL );
1440 if(p)
1441 sig->timestamp = buffer_to_u32(p);
1442 else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
1443 && opt.verbose)
1444 log_info ("signature packet without timestamp\n");
1445
1446 p = parse_sig_subpkt2( sig, SIGSUBPKT_ISSUER, NULL );
1447 if(p)
1448 {
1449 sig->keyid[0] = buffer_to_u32(p);
1450 sig->keyid[1] = buffer_to_u32(p+4);
1451 }
1452 else if(!(sig->pubkey_algo>=100 && sig->pubkey_algo<=110)
1453 && opt.verbose)
1454 log_info ("signature packet without keyid\n");
1455
1456 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_SIG_EXPIRE,NULL);
1457 if(p && buffer_to_u32(p))
1458 sig->expiredate=sig->timestamp+buffer_to_u32(p);
1459 if(sig->expiredate && sig->expiredate<=make_timestamp())
1460 sig->flags.expired=1;
1461
1462 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY,NULL);
1463 if(p)
1464 sig->flags.policy_url=1;
1465
1466 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,NULL);
1467 if(p)
1468 sig->flags.pref_ks=1;
1469
1470 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION,NULL);
1471 if(p)
1472 sig->flags.notation=1;
1473
1474 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_REVOCABLE,NULL);
1475 if(p && *p==0)
1476 sig->flags.revocable=0;
1477
1478 p=parse_sig_subpkt(sig->hashed,SIGSUBPKT_TRUST,&len);
1479 if(p && len==2)
1480 {
1481 sig->trust_depth=p[0];
1482 sig->trust_value=p[1];
1483
1484 /* Only look for a regexp if there is also a trust
1485 subpacket. */
1486 sig->trust_regexp=
1487 parse_sig_subpkt(sig->hashed,SIGSUBPKT_REGEXP,&len);
1488
1489 /* If the regular expression is of 0 length, there is no
1490 regular expression. */
1491 if(len==0)
1492 sig->trust_regexp=NULL;
1493 }
1494
1495 /* We accept the exportable subpacket from either the hashed
1496 or unhashed areas as older versions of gpg put it in the
1497 unhashed area. In theory, anyway, we should never see this
1498 packet off of a local keyring. */
1499
1500 p=parse_sig_subpkt2(sig,SIGSUBPKT_EXPORTABLE,NULL);
1501 if(p && *p==0)
1502 sig->flags.exportable=0;
1503
1504 /* Find all revocation keys. */
1505 if(sig->sig_class==0x1F)
1506 parse_revkeys(sig);
1507 }
1508
1509 if( list_mode ) {
1510 fprintf (listfp, ":signature packet: algo %d, keyid %08lX%08lX\n"
1511 "\tversion %d, created %lu, md5len %d, sigclass 0x%02x\n"
1512 "\tdigest algo %d, begin of digest %02x %02x\n",
1513 sig->pubkey_algo,
1514 (ulong)sig->keyid[0], (ulong)sig->keyid[1],
1515 sig->version, (ulong)sig->timestamp, md5_len, sig->sig_class,
1516 sig->digest_algo,
1517 sig->digest_start[0], sig->digest_start[1] );
1518 if( is_v4 ) {
1519 parse_sig_subpkt (sig->hashed, SIGSUBPKT_LIST_HASHED, NULL );
1520 parse_sig_subpkt (sig->unhashed, SIGSUBPKT_LIST_UNHASHED, NULL);
1521 }
1522 }
1523
1524 ndata = pubkey_get_nsig(sig->pubkey_algo);
1525 if( !ndata ) {
1526 if( list_mode )
1527 fprintf (listfp, "\tunknown algorithm %d\n", sig->pubkey_algo );
1528 unknown_pubkey_warning( sig->pubkey_algo );
1529 /* We store the plain material in data[0], so that we are able
1530 * to write it back with build_packet() */
1531 if (pktlen > (5 * MAX_EXTERN_MPI_BITS/8))
1532 {
1533 /* However we include a limit to avoid too trivial DoS
1534 attacks by having gpg allocate too much memory. */
1535 log_error ("signature packet: too much data\n");
1536 rc = G10ERR_INVALID_PACKET;
1537 }
1538 else
1539 {
1540 sig->data[0]= gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
1541 pktlen*8 );
1542 pktlen = 0;
1543 }
1544 }
1545 else {
1546 for( i=0; i < ndata; i++ ) {
1547 n = pktlen;
1548 sig->data[i] = mpi_read(inp, &n, 0 );
1549 pktlen -=n;
1550 if( list_mode ) {
1551 fprintf (listfp, "\tdata: ");
1552 mpi_print(listfp, sig->data[i], mpi_print_mode );
1553 putc ('\n', listfp);
1554 }
1555 if (!sig->data[i])
1556 rc = G10ERR_INVALID_PACKET;
1557 }
1558 }
1559
1560 leave:
1561 iobuf_skip_rest(inp, pktlen, 0);
1562 return rc;
1563 }
1564
1565
1566 static int
1567 parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
1568 PKT_onepass_sig *ops )
1569 {
1570 int version;
1571 int rc = 0;
1572
1573 if( pktlen < 13 ) {
1574 log_error("packet(%d) too short\n", pkttype);
1575 rc = gpg_error (GPG_ERR_INV_PACKET);
1576 goto leave;
1577 }
1578 version = iobuf_get_noeof(inp); pktlen--;
1579 if( version != 3 ) {
1580 log_error("onepass_sig with unknown version %d\n", version);
1581 rc = gpg_error (GPG_ERR_INV_PACKET);
1582 goto leave;
1583 }
1584 ops->sig_class = iobuf_get_noeof(inp); pktlen--;
1585 ops->digest_algo = iobuf_get_noeof(inp); pktlen--;
1586 ops->pubkey_algo = iobuf_get_noeof(inp); pktlen--;
1587 ops->keyid[0] = read_32(inp); pktlen -= 4;
1588 ops->keyid[1] = read_32(inp); pktlen -= 4;
1589 ops->last = iobuf_get_noeof(inp); pktlen--;
1590 if( list_mode )
1591 fprintf (listfp,
1592 ":onepass_sig packet: keyid %08lX%08lX\n"
1593 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
1594 "last=%d\n",
1595 (ulong)ops->keyid[0], (ulong)ops->keyid[1],
1596 version, ops->sig_class,
1597 ops->digest_algo, ops->pubkey_algo, ops->last );
1598
1599
1600 leave:
1601 iobuf_skip_rest(inp, pktlen, 0);
1602 return rc;
1603 }
1604
1605
1606 static gcry_mpi_t
1607 read_protected_v3_mpi (IOBUF inp, unsigned long *length)
1608 {
1609 int c;
1610 unsigned int nbits, nbytes;
1611 unsigned char *buf, *p;
1612 gcry_mpi_t val;
1613
1614 if (*length < 2)
1615 {
1616 log_error ("mpi too small\n");
1617 return NULL;
1618 }
1619
1620 if ((c=iobuf_get (inp)) == -1)
1621 return NULL;
1622 --*length;
1623 nbits = c << 8;
1624 if ((c=iobuf_get(inp)) == -1)
1625 return NULL;
1626 --*length;
1627 nbits |= c;
1628
1629 if (nbits > 16384)
1630 {
1631 log_error ("mpi too large (%u bits)\n", nbits);
1632 return NULL;
1633 }
1634 nbytes = (nbits+7) / 8;
1635 buf = p = xmalloc (2 + nbytes);
1636 *p++ = nbits >> 8;
1637 *p++ = nbits;
1638 for (; nbytes && *length; nbytes--, --*length)
1639 *p++ = iobuf_get (inp);
1640 if (nbytes)
1641 {
1642 log_error ("packet shorter than mpi\n");
1643 xfree (buf);
1644 return NULL;
1645 }
1646
1647 /* convert buffer into an opaque MPI */
1648 val = gcry_mpi_set_opaque (NULL, buf, (p-buf)*8);
1649 return val;
1650 }
1651
1652
1653 static int
1654 parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
1655 byte *hdr, int hdrlen, PACKET *pkt )
1656 {
1657 int i, version, algorithm;
1658 unsigned n;
1659 unsigned long timestamp, expiredate, max_expiredate;
1660 int npkey, nskey;
1661 int is_v4=0;
1662 int rc=0;
1663
1664 version = iobuf_get_noeof(inp); pktlen--;
1665 if( pkttype == PKT_PUBLIC_SUBKEY && version == '#' ) {
1666 /* early versions of G10 use old PGP comments packets;
1667 * luckily all those comments are started by a hash */
1668 if( list_mode ) {
1669 fprintf (listfp, ":rfc1991 comment packet: \"" );
1670 for( ; pktlen; pktlen-- ) {
1671 int c;
1672 c = iobuf_get_noeof(inp);
1673 if( c >= ' ' && c <= 'z' )
1674 putc (c, listfp);
1675 else
1676 fprintf (listfp, "\\x%02x", c );
1677 }
1678 fprintf (listfp, "\"\n");
1679 }
1680 iobuf_skip_rest(inp, pktlen, 0);
1681 return 0;
1682 }
1683 else if( version == 4 )
1684 is_v4=1;
1685 else if( version != 2 && version != 3 ) {
1686 log_error("packet(%d) with unknown version %d\n", pkttype, version);
1687 rc = gpg_error (GPG_ERR_INV_PACKET);
1688 goto leave;
1689 }
1690
1691 if( pktlen < 11 ) {
1692 log_error("packet(%d) too short\n", pkttype);
1693 rc = gpg_error (GPG_ERR_INV_PACKET);
1694 goto leave;
1695 }
1696
1697 timestamp = read_32(inp); pktlen -= 4;
1698 if( is_v4 ) {
1699 expiredate = 0; /* have to get it from the selfsignature */
1700 max_expiredate = 0;
1701 }
1702 else {
1703 unsigned short ndays;
1704 ndays = read_16(inp); pktlen -= 2;
1705 if( ndays )
1706 expiredate = timestamp + ndays * 86400L;
1707 else
1708 expiredate = 0;
1709
1710 max_expiredate=expiredate;
1711 }
1712 algorithm = iobuf_get_noeof(inp); pktlen--;
1713 if( list_mode )
1714 fprintf (listfp, ":%s key packet:\n"
1715 "\tversion %d, algo %d, created %lu, expires %lu\n",
1716 pkttype == PKT_PUBLIC_KEY? "public" :
1717 pkttype == PKT_SECRET_KEY? "secret" :
1718 pkttype == PKT_PUBLIC_SUBKEY? "public sub" :
1719 pkttype == PKT_SECRET_SUBKEY? "secret sub" : "??",
1720 version, algorithm, timestamp, expiredate );
1721
1722 if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
1723 PKT_secret_key *sk = pkt->pkt.secret_key;
1724
1725 sk->timestamp = timestamp;
1726 sk->expiredate = expiredate;
1727 sk->max_expiredate = max_expiredate;
1728 sk->hdrbytes = hdrlen;
1729 sk->version = version;
1730 sk->is_primary = pkttype == PKT_SECRET_KEY;
1731 sk->pubkey_algo = algorithm;
1732 sk->req_usage = 0;
1733 sk->pubkey_usage = 0; /* not yet used */
1734 }
1735 else {
1736 PKT_public_key *pk = pkt->pkt.public_key;
1737
1738 pk->timestamp = timestamp;
1739 pk->expiredate = expiredate;
1740 pk->max_expiredate = max_expiredate;
1741 pk->hdrbytes = hdrlen;
1742 pk->version = version;
1743 pk->is_primary = pkttype == PKT_PUBLIC_KEY;
1744 pk->pubkey_algo = algorithm;
1745 pk->req_usage = 0;
1746 pk->pubkey_usage = 0; /* not yet used */
1747 pk->is_revoked = 0;
1748 pk->is_disabled = 0;
1749 pk->keyid[0] = 0;
1750 pk->keyid[1] = 0;
1751 }
1752 nskey = pubkey_get_nskey( algorithm );
1753 npkey = pubkey_get_npkey( algorithm );
1754 if( !npkey ) {
1755 if( list_mode )
1756 fprintf (listfp, "\tunknown algorithm %d\n", algorithm );
1757 unknown_pubkey_warning( algorithm );
1758 }
1759
1760
1761 if( pkttype == PKT_SECRET_KEY || pkttype == PKT_SECRET_SUBKEY ) {
1762 PKT_secret_key *sk = pkt->pkt.secret_key;
1763 byte temp[16];
1764 size_t snlen = 0;
1765
1766 if( !npkey ) {
1767 sk->skey[0] = gcry_mpi_set_opaque (NULL, read_rest(inp, pktlen, 0),
1768 pktlen*8 );
1769 pktlen = 0;
1770 goto leave;
1771 }
1772
1773 for(i=0; i < npkey; i++ ) {
1774 n = pktlen; sk->skey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
1775 if( list_mode ) {
1776 fprintf (listfp, "\tskey[%d]: ", i);
1777 mpi_print(listfp, sk->skey[i], mpi_print_mode );
1778 putc ('\n', listfp);
1779 }
1780 if (!sk->skey[i])
1781 rc = G10ERR_INVALID_PACKET;
1782 }
1783 if (rc) /* one of the MPIs were bad */
1784 goto leave;
1785 sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
1786 sk->protect.sha1chk = 0;
1787 if( sk->protect.algo ) {
1788 sk->is_protected = 1;
1789 sk->protect.s2k.count = 0;
1790 if( sk->protect.algo == 254 || sk->protect.algo == 255 ) {
1791 if( pktlen < 3 ) {
1792 rc = G10ERR_INVALID_PACKET;
1793 goto leave;
1794 }
1795 sk->protect.sha1chk = (sk->protect.algo == 254);
1796 sk->protect.algo = iobuf_get_noeof(inp); pktlen--;
1797 /* Note that a sk->protect.algo > 110 is illegal, but
1798 I'm not erroring on it here as otherwise there
1799 would be no way to delete such a key. */
1800 sk->protect.s2k.mode = iobuf_get_noeof(inp); pktlen--;
1801 sk->protect.s2k.hash_algo = iobuf_get_noeof(inp); pktlen--;
1802 /* check for the special GNU extension */
1803 if( is_v4 && sk->protect.s2k.mode == 101 ) {
1804 for(i=0; i < 4 && pktlen; i++, pktlen-- )
1805 temp[i] = iobuf_get_noeof(inp);
1806 if( i < 4 || memcmp( temp, "GNU", 3 ) ) {
1807 if( list_mode )
1808 fprintf (listfp, "\tunknown S2K %d\n",
1809 sk->protect.s2k.mode );
1810 rc = G10ERR_INVALID_PACKET;
1811 goto leave;
1812 }
1813 /* here we know that it is a gnu extension
1814 * What follows is the GNU protection mode:
1815 * All values have special meanings
1816 * and they are mapped in the mode with a base of 1000.
1817 */
1818 sk->protect.s2k.mode = 1000 + temp[3];
1819 }
1820 switch( sk->protect.s2k.mode ) {
1821 case 1:
1822 case 3:
1823 for(i=0; i < 8 && pktlen; i++, pktlen-- )
1824 temp[i] = iobuf_get_noeof(inp);
1825 memcpy(sk->protect.s2k.salt, temp, 8 );
1826 break;
1827 }
1828 switch( sk->protect.s2k.mode ) {
1829 case 0: if( list_mode ) fprintf (listfp, "\tsimple S2K" );
1830 break;
1831 case 1: if( list_mode ) fprintf (listfp, "\tsalted S2K" );
1832 break;
1833 case 3: if( list_mode ) fprintf (listfp, "\titer+salt S2K" );
1834 break;
1835 case 1001: if( list_mode ) fprintf (listfp,
1836 "\tgnu-dummy S2K" );
1837 break;
1838 case 1002: if (list_mode) fprintf (listfp,
1839 "\tgnu-divert-to-card S2K");
1840 break;
1841 default:
1842 if( list_mode )
1843 fprintf (listfp, "\tunknown %sS2K %d\n",
1844 sk->protect.s2k.mode < 1000? "":"GNU ",
1845 sk->protect.s2k.mode );
1846 rc = G10ERR_INVALID_PACKET;
1847 goto leave;
1848 }
1849
1850 if( list_mode ) {
1851 fprintf (listfp, ", algo: %d,%s hash: %d",
1852 sk->protect.algo,
1853 sk->protect.sha1chk?" SHA1 protection,"
1854 :" simple checksum,",
1855 sk->protect.s2k.hash_algo );
1856 if( sk->protect.s2k.mode == 1
1857 || sk->protect.s2k.mode == 3 ) {
1858 fprintf (listfp, ", salt: ");
1859 for(i=0; i < 8; i++ )
1860 fprintf (listfp, "%02x", sk->protect.s2k.salt[i]);
1861 }
1862 putc ('\n', listfp);
1863 }
1864
1865 if( sk->protect.s2k.mode == 3 ) {
1866 if( pktlen < 1 ) {
1867 rc = G10ERR_INVALID_PACKET;
1868 goto leave;
1869 }
1870 sk->protect.s2k.count = iobuf_get(inp);
1871 pktlen--;
1872 if( list_mode )
1873 fprintf (listfp, "\tprotect count: %lu\n",
1874 (ulong)sk->protect.s2k.count);
1875 }
1876 else if( sk->protect.s2k.mode == 1002 ) {
1877 /* Read the serial number. */
1878 if (pktlen < 1) {
1879 rc = G10ERR_INVALID_PACKET;
1880 goto leave;
1881 }
1882 snlen = iobuf_get (inp);
1883 pktlen--;
1884 if (pktlen < snlen || snlen == -1) {
1885 rc = G10ERR_INVALID_PACKET;
1886 goto leave;
1887 }
1888 }
1889 }
1890 /* Note that a sk->protect.algo > 110 is illegal, but I'm
1891 not erroring on it here as otherwise there would be no
1892 way to delete such a key. */
1893 else { /* old version; no S2K, so we set mode to 0, hash MD5 */
1894 sk->protect.s2k.mode = 0;
1895 sk->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
1896 if( list_mode )
1897 fprintf (listfp, "\tprotect algo: %d (hash algo: %d)\n",
1898 sk->protect.algo, sk->protect.s2k.hash_algo );
1899 }
1900 /* It is really ugly that we don't know the size
1901 * of the IV here in cases we are not aware of the algorithm.
1902 * so a
1903 * sk->protect.ivlen = cipher_get_blocksize(sk->protect.algo);
1904 * won't work. The only solution I see is to hardwire it here.
1905 * NOTE: if you change the ivlen above 16, don't forget to
1906 * enlarge temp.
1907 */
1908 switch( sk->protect.algo ) {
1909 case 7: case 8: case 9: /* reserved for AES */
1910 case 10: /* Twofish */
1911 sk->protect.ivlen = 16;
1912 break;
1913 default:
1914 sk->protect.ivlen = 8;
1915 }
1916 if( sk->protect.s2k.mode == 1001 )
1917 sk->protect.ivlen = 0;
1918 else if( sk->protect.s2k.mode == 1002 )
1919 sk->protect.ivlen = snlen < 16? snlen : 16;
1920
1921 if( pktlen < sk->protect.ivlen ) {
1922 rc = G10ERR_INVALID_PACKET;
1923 goto leave;
1924 }
1925 for(i=0; i < sk->protect.ivlen && pktlen; i++, pktlen-- )
1926 temp[i] = iobuf_get_noeof(inp);
1927 if( list_mode ) {
1928 fprintf (listfp,
1929 sk->protect.s2k.mode == 1002? "\tserial-number: "
1930 : "\tprotect IV: ");
1931 for(i=0; i < sk->protect.ivlen; i++ )
1932 fprintf (listfp, " %02x", temp[i] );
1933 putc ('\n', listfp);
1934 }
1935 memcpy(sk->protect.iv, temp, sk->protect.ivlen );
1936 }
1937 else
1938 sk->is_protected = 0;
1939 /* It does not make sense to read it into secure memory.
1940 * If the user is so careless, not to protect his secret key,
1941 * we can assume, that he operates an open system :=(.
1942 * So we put the key into secure memory when we unprotect it. */
1943 if( sk->protect.s2k.mode == 1001
1944 || sk->protect.s2k.mode == 1002 ) {
1945 /* better set some dummy stuff here */
1946 sk->skey[npkey] = gcry_mpi_set_opaque(NULL,
1947 xstrdup("dummydata"), 10*8);
1948 pktlen = 0;
1949 }
1950 else if( is_v4 && sk->is_protected ) {
1951 /* ugly; the length is encrypted too, so we read all
1952 * stuff up to the end of the packet into the first
1953 * skey element */
1954 sk->skey[npkey] = gcry_mpi_set_opaque (NULL,
1955 read_rest(inp, pktlen, 0),
1956 pktlen*8);
1957 pktlen = 0;
1958 if( list_mode ) {
1959 fprintf (listfp, "\tencrypted stuff follows\n");
1960 }
1961 }
1962 else { /* v3 method: the mpi length is not encrypted */
1963 for(i=npkey; i < nskey; i++ ) {
1964 if ( sk->is_protected ) {
1965 sk->skey[i] = read_protected_v3_mpi (inp, &pktlen);
1966 if( list_mode )
1967 fprintf (listfp, "\tskey[%d]: [encrypted]\n", i);
1968 }
1969 else {
1970 n = pktlen;
1971 sk->skey[i] = mpi_read(inp, &n, 0 );
1972 pktlen -=n;
1973 if( list_mode ) {
1974 fprintf (listfp, "\tskey[%d]: ", i);
1975 mpi_print(listfp, sk->skey[i], mpi_print_mode );
1976 putc ('\n', listfp);
1977 }
1978 }
1979
1980 if (!sk->skey[i])
1981 rc = G10ERR_INVALID_PACKET;
1982 }
1983 if (rc)
1984 goto leave;
1985
1986 sk->csum = read_16(inp); pktlen -= 2;
1987 if( list_mode ) {
1988 fprintf (listfp, "\tchecksum: %04hx\n", sk->csum);
1989 }
1990 }
1991 }
1992 else {
1993 PKT_public_key *pk = pkt->pkt.public_key;
1994
1995 if( !npkey ) {
1996 pk->pkey[0] = gcry_mpi_set_opaque ( NULL,
1997 read_rest(inp, pktlen, 0),
1998 pktlen*8 );
1999 pktlen = 0;
2000 goto leave;
2001 }
2002
2003 for(i=0; i < npkey; i++ ) {
2004 n = pktlen; pk->pkey[i] = mpi_read(inp, &n, 0 ); pktlen -=n;
2005 if( list_mode ) {
2006 fprintf (listfp, "\tpkey[%d]: ", i);
2007 mpi_print(listfp, pk->pkey[i], mpi_print_mode );
2008 putc ('\n', listfp);
2009 }
2010 if (!pk->pkey[i])
2011 rc = G10ERR_INVALID_PACKET;
2012 }
2013 if (rc)
2014 goto leave;
2015 }
2016
2017 leave:
2018 iobuf_skip_rest(inp, pktlen, 0);
2019 return rc;
2020 }
2021
2022 /* Attribute subpackets have the same format as v4 signature
2023 subpackets. This is not part of OpenPGP, but is done in several
2024 versions of PGP nevertheless. */
2025 int
2026 parse_attribute_subpkts(PKT_user_id *uid)
2027 {
2028 size_t n;
2029 int count=0;
2030 struct user_attribute *attribs=NULL;
2031 const byte *buffer=uid->attrib_data;
2032 int buflen=uid->attrib_len;
2033 byte type;
2034
2035 xfree(uid->attribs);
2036
2037 while(buflen)
2038 {
2039 n = *buffer++; buflen--;
2040 if( n == 255 ) { /* 4 byte length header */
2041 if( buflen < 4 )
2042 goto too_short;
2043 n = (buffer[0] << 24) | (buffer[1] << 16)
2044 | (buffer[2] << 8) | buffer[3];
2045 buffer += 4;
2046 buflen -= 4;
2047 }
2048 else if( n >= 192 ) { /* 2 byte special encoded length header */
2049 if( buflen < 2 )
2050 goto too_short;
2051 n = (( n - 192 ) << 8) + *buffer + 192;
2052 buffer++;
2053 buflen--;
2054 }
2055 if( buflen < n )
2056 goto too_short;
2057
2058 attribs=xrealloc(attribs,(count+1)*sizeof(struct user_attribute));
2059 memset(&attribs[count],0,sizeof(struct user_attribute));
2060
2061 type=*buffer;
2062 buffer++;
2063 buflen--;
2064 n--;
2065
2066 attribs[count].type=type;
2067 attribs[count].data=buffer;
2068 attribs[count].len=n;
2069 buffer+=n;
2070 buflen-=n;
2071 count++;
2072 }
2073
2074 uid->attribs=attribs;
2075 uid->numattribs=count;
2076 return count;
2077
2078 too_short:
2079 if(opt.verbose)
2080 log_info("buffer shorter than attribute subpacket\n");
2081 uid->attribs=attribs;
2082 uid->numattribs=count;
2083 return count;
2084 }
2085
2086
2087 static int
2088 parse_user_id( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2089 {
2090 byte *p;
2091
2092 /* Cap the size of a user ID at 2k: a value absurdly large enough
2093 that there is no sane user ID string (which is printable text
2094 as of RFC2440bis) that won't fit in it, but yet small enough to
2095 avoid allocation problems. A large pktlen may not be
2096 allocatable, and a very large pktlen could actually cause our
2097 allocation to wrap around in xmalloc to a small number. */
2098
2099 if (pktlen > 2048)
2100 {
2101 log_error ("packet(%d) too large\n", pkttype);
2102 iobuf_skip_rest(inp, pktlen, 0);
2103 return G10ERR_INVALID_PACKET;
2104 }
2105
2106 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + pktlen);
2107 packet->pkt.user_id->len = pktlen;
2108 packet->pkt.user_id->ref=1;
2109
2110 p = packet->pkt.user_id->name;
2111 for( ; pktlen; pktlen--, p++ )
2112 *p = iobuf_get_noeof(inp);
2113 *p = 0;
2114
2115 if( list_mode ) {
2116 int n = packet->pkt.user_id->len;
2117 fprintf (listfp, ":user ID packet: \"");
2118 /* fixme: Hey why don't we replace this with print_string?? */
2119 for(p=packet->pkt.user_id->name; n; p++, n-- ) {
2120 if( *p >= ' ' && *p <= 'z' )
2121 putc (*p, listfp);
2122 else
2123 fprintf (listfp, "\\x%02x", *p );
2124 }
2125 fprintf (listfp, "\"\n");
2126 }
2127 return 0;
2128 }
2129
2130
2131 void
2132 make_attribute_uidname(PKT_user_id *uid, size_t max_namelen)
2133 {
2134 assert ( max_namelen > 70 );
2135 if(uid->numattribs<=0)
2136 sprintf(uid->name,"[bad attribute packet of size %lu]",uid->attrib_len);
2137 else if(uid->numattribs>1)
2138 sprintf(uid->name,"[%d attributes of size %lu]",
2139 uid->numattribs,uid->attrib_len);
2140 else
2141 {
2142 /* Only one attribute, so list it as the "user id" */
2143
2144 if(uid->attribs->type==ATTRIB_IMAGE)
2145 {
2146 u32 len;
2147 byte type;
2148
2149 if(parse_image_header(uid->attribs,&type,&len))
2150 sprintf(uid->name,"[%.20s image of size %lu]",
2151 image_type_to_string(type,1),(ulong)len);
2152 else
2153 sprintf(uid->name,"[invalid image]");
2154 }
2155 else
2156 sprintf(uid->name,"[unknown attribute of size %lu]",
2157 (ulong)uid->attribs->len);
2158 }
2159
2160 uid->len = strlen(uid->name);
2161 }
2162
2163 static int
2164 parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2165 {
2166 byte *p;
2167
2168 #define EXTRA_UID_NAME_SPACE 71
2169 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id
2170 + EXTRA_UID_NAME_SPACE);
2171 packet->pkt.user_id->ref=1;
2172 packet->pkt.user_id->attrib_data = xmalloc(pktlen);
2173 packet->pkt.user_id->attrib_len = pktlen;
2174
2175 p = packet->pkt.user_id->attrib_data;
2176 for( ; pktlen; pktlen--, p++ )
2177 *p = iobuf_get_noeof(inp);
2178
2179 /* Now parse out the individual attribute subpackets. This is
2180 somewhat pointless since there is only one currently defined
2181 attribute type (jpeg), but it is correct by the spec. */
2182 parse_attribute_subpkts(packet->pkt.user_id);
2183
2184 make_attribute_uidname(packet->pkt.user_id, EXTRA_UID_NAME_SPACE);
2185
2186 if( list_mode ) {
2187 fprintf (listfp, ":attribute packet: %s\n", packet->pkt.user_id->name );
2188 }
2189 return 0;
2190 }
2191
2192
2193 static int
2194 parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
2195 {
2196 byte *p;
2197
2198 /* Cap comment packet at a reasonable value to avoid an integer
2199 overflow in the malloc below. Comment packets are actually not
2200 anymore define my OpenPGP and we even stopped to use our
2201 private comment packet. */
2202 if (pktlen>65536)
2203 {
2204 log_error ("packet(%d) too large\n", pkttype);
2205 iobuf_skip_rest (inp, pktlen, 0);
2206 return G10ERR_INVALID_PACKET;
2207 }
2208 packet->pkt.comment = xmalloc(sizeof *packet->pkt.comment + pktlen - 1);
2209 packet->pkt.comment->len = pktlen;
2210 p = packet->pkt.comment->data;
2211 for( ; pktlen; pktlen--, p++ )
2212 *p = iobuf_get_noeof(inp);
2213
2214 if( list_mode ) {
2215 int n = packet->pkt.comment->len;
2216 fprintf (listfp, ":%scomment packet: \"", pkttype == PKT_OLD_COMMENT?
2217 "OpenPGP draft " : "" );
2218 for(p=packet->pkt.comment->data; n; p++, n-- ) {
2219 if( *p >= ' ' && *p <= 'z' )
2220 putc (*p, listfp);
2221 else
2222 fprintf (listfp, "\\x%02x", *p );
2223 }
2224 fprintf (listfp, "\"\n");
2225 }
2226 return 0;
2227 }
2228
2229
2230 static void
2231 parse_trust( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *pkt )
2232 {
2233 int c;
2234
2235 if (pktlen)
2236 {
2237 c = iobuf_get_noeof(inp);
2238 pktlen--;
2239 pkt->pkt.ring_trust = xmalloc( sizeof *pkt->pkt.ring_trust );
2240 pkt->pkt.ring_trust->trustval = c;
2241 pkt->pkt.ring_trust->sigcache = 0;
2242 if (!c && pktlen==1)
2243 {
2244 c = iobuf_get_noeof (inp);
2245 pktlen--;
2246 /* we require that bit 7 of the sigcache is 0 (easier eof handling)*/
2247 if ( !(c & 0x80) )
2248 pkt->pkt.ring_trust->sigcache = c;
2249 }
2250 if( list_mode )
2251 fprintf (listfp, ":trust packet: flag=%02x sigcache=%02x\n",
2252 pkt->pkt.ring_trust->trustval,
2253 pkt->pkt.ring_trust->sigcache);
2254 }
2255 else
2256 {
2257 if( list_mode )
2258 fprintf (listfp, ":trust packet: empty\n");
2259 }
2260 iobuf_skip_rest (inp, pktlen, 0);
2261 }
2262
2263
2264 static int
2265 parse_plaintext( IOBUF inp, int pkttype, unsigned long pktlen,
2266 PACKET *pkt, int new_ctb, int partial )
2267 {
2268 int rc = 0;
2269 int mode, namelen;
2270 PKT_plaintext *pt;
2271 byte *p;
2272 int c, i;
2273
2274 if( !partial && pktlen < 6 ) {
2275 log_error("packet(%d) too short (%lu)\n", pkttype, (ulong)pktlen);
2276 rc = gpg_error (GPG_ERR_INV_PACKET);
2277 goto leave;
2278 }
2279 mode = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
2280 namelen = iobuf_get_noeof(inp); if( pktlen ) pktlen--;
2281 /* Note that namelen will never exceed 255 bytes. */
2282 pt = pkt->pkt.plaintext = xmalloc(sizeof *pkt->pkt.plaintext + namelen -1);
2283 pt->new_ctb = new_ctb;
2284 pt->mode = mode;
2285 pt->namelen = namelen;
2286 pt->is_partial = partial;
2287 if( pktlen ) {
2288 for( i=0; pktlen > 4 && i < namelen; pktlen--, i++ )
2289 pt->name[i] = iobuf_get_noeof(inp);
2290 }
2291 else {
2292 for( i=0; i < namelen; i++ )
2293 if( (c=iobuf_get(inp)) == -1 )
2294 break;
2295 else
2296 pt->name[i] = c;
2297 }
2298 pt->timestamp = read_32(inp); if( pktlen) pktlen -= 4;
2299 pt->len = pktlen;
2300 pt->buf = inp;
2301 pktlen = 0;
2302
2303 if( list_mode ) {
2304 fprintf (listfp, ":literal data packet:\n"
2305 "\tmode %c (%X), created %lu, name=\"",
2306 mode >= ' ' && mode <'z'? mode : '?', mode,
2307 (ulong)pt->timestamp );
2308 for(p=pt->name,i=0; i < namelen; p++, i++ ) {
2309 if( *p >= ' ' && *p <= 'z' )
2310 putc (*p, listfp);
2311 else
2312 fprintf (listfp, "\\x%02x", *p );
2313 }
2314 fprintf (listfp, "\",\n\traw data: ");
2315 if(partial)
2316 fprintf (listfp, "unknown length\n");
2317 else
2318 fprintf (listfp, "%lu bytes\n", (ulong)pt->len );
2319 }
2320
2321 leave:
2322 return rc;
2323 }
2324
2325
2326 static int
2327 parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
2328 PACKET *pkt, int new_ctb )
2329 {
2330 PKT_compressed *zd;
2331
2332 /* pktlen is here 0, but data follows
2333 * (this should be the last object in a file or
2334 * the compress algorithm should know the length)
2335 */
2336 zd = pkt->pkt.compressed = xmalloc(sizeof *pkt->pkt.compressed );
2337 zd->algorithm = iobuf_get_noeof(inp);
2338 zd->len = 0; /* not used */
2339 zd->new_ctb = new_ctb;
2340 zd->buf = inp;
2341 if( list_mode )
2342 fprintf (listfp, ":compressed packet: algo=%d\n", zd->algorithm);
2343 return 0;
2344 }
2345
2346
2347 static int
2348 parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
2349 PACKET *pkt, int new_ctb, int partial )
2350 {
2351 int rc = 0;
2352 PKT_encrypted *ed;
2353 unsigned long orig_pktlen = pktlen;
2354
2355 ed = pkt->pkt.encrypted = xmalloc(sizeof *pkt->pkt.encrypted );
2356 ed->len = pktlen;
2357 /* we don't know the extralen which is (cipher_blocksize+2)
2358 because the algorithm ist not specified in this packet.
2359 However, it is only important to know this for some sanity
2360 checks on the packet length - it doesn't matter that we can't
2361 do it */
2362 ed->extralen = 0;
2363 ed->buf = NULL;
2364 ed->new_ctb = new_ctb;
2365 ed->is_partial = partial;
2366 ed->mdc_method = 0;
2367 if( pkttype == PKT_ENCRYPTED_MDC ) {
2368 /* fixme: add some pktlen sanity checks */
2369 int version;
2370
2371 version = iobuf_get_noeof(inp);
2372 if (orig_pktlen)
2373 pktlen--;
2374 if( version != 1 ) {
2375 log_error("encrypted_mdc packet with unknown version %d\n",
2376 version);
2377 /*skip_rest(inp, pktlen); should we really do this? */
2378 rc = gpg_error (GPG_ERR_INV_PACKET);
2379 goto leave;
2380 }
2381 ed->mdc_method = DIGEST_ALGO_SHA1;
2382 }
2383 if( orig_pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
2384 log_error("packet(%d) too short\n", pkttype);
2385 rc = G10ERR_INVALID_PACKET;
2386 iobuf_skip_rest(inp, pktlen, partial);
2387 goto leave;
2388 }
2389 if( list_mode ) {
2390 if( orig_pktlen )
2391 fprintf (listfp, ":encrypted data packet:\n\tlength: %lu\n",
2392 orig_pktlen);
2393 else
2394 fprintf (listfp, ":encrypted data packet:\n\tlength: unknown\n");
2395 if( ed->mdc_method )
2396 fprintf (listfp, "\tmdc_method: %d\n", ed->mdc_method );
2397 }
2398
2399 ed->buf = inp;
2400
2401 leave:
2402 return rc;
2403 }
2404
2405
2406 /* Note, that this code is not anymore used in real life because now
2407 the MDC checking is done right after the encryption in
2408 decrypt_data. */
2409 static int
2410 parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen,
2411 PACKET *pkt, int new_ctb )
2412 {
2413 int rc = 0;
2414 PKT_mdc *mdc;
2415 byte *p;
2416
2417 mdc = pkt->pkt.mdc = xmalloc(sizeof *pkt->pkt.mdc );
2418 if( list_mode )
2419 fprintf (listfp, ":mdc packet: length=%lu\n", pktlen);
2420 if( !new_ctb || pktlen != 20 ) {
2421 log_error("mdc_packet with invalid encoding\n");
2422 rc = gpg_error (GPG_ERR_INV_PACKET);
2423 goto leave;
2424 }
2425 p = mdc->hash;
2426 for( ; pktlen; pktlen--, p++ )
2427 *p = iobuf_get_noeof(inp);
2428
2429 leave:
2430 return rc;
2431 }
2432
2433
2434 /*
2435 * This packet is internally generated by PGG (by armor.c) to
2436 * transfer some information to the lower layer. To make sure that
2437 * this packet is really a GPG faked one and not one comming from outside,
2438 * we first check that tehre is a unique tag in it.
2439 * The format of such a control packet is:
2440 * n byte session marker
2441 * 1 byte control type CTRLPKT_xxxxx
2442 * m byte control data
2443 */
2444
2445 static int
2446 parse_gpg_control( IOBUF inp, int pkttype,
2447 unsigned long pktlen, PACKET *packet, int partial )
2448 {
2449 byte *p;
2450 const byte *sesmark;
2451 size_t sesmarklen;
2452 int i;
2453
2454 if ( list_mode )
2455 fprintf (listfp, ":packet 63: length %lu ", pktlen);
2456
2457 sesmark = get_session_marker ( &sesmarklen );
2458 if ( pktlen < sesmarklen+1 ) /* 1 is for the control bytes */
2459 goto skipit;
2460 for( i=0; i < sesmarklen; i++, pktlen-- ) {
2461 if ( sesmark[i] != iobuf_get_noeof(inp) )
2462 goto skipit;
2463 }
2464 if (pktlen > 4096)
2465 goto skipit; /* Definitely too large. We skip it to avoid an
2466 overflow in the malloc. */
2467 if ( list_mode )
2468 puts ("- gpg control packet");
2469
2470 packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
2471 + pktlen - 1);
2472 packet->pkt.gpg_control->control = iobuf_get_noeof(inp); pktlen--;
2473 packet->pkt.gpg_control->datalen = pktlen;
2474 p = packet->pkt.gpg_control->data;
2475 for( ; pktlen; pktlen--, p++ )
2476 *p = iobuf_get_noeof(inp);
2477
2478 return 0;
2479
2480 skipit:
2481 if ( list_mode ) {
2482 int c;
2483
2484 i=0;
2485 fprintf (listfp, "- private (rest length %lu)\n", pktlen);
2486 if( partial ) {
2487 while( (c=iobuf_get(inp)) != -1 )
2488 dump_hex_line(c, &i);
2489 }
2490 else {
2491 for( ; pktlen; pktlen-- )
2492 dump_hex_line(iobuf_get(inp), &i);
2493 }
2494 putc ('\n', listfp);
2495 }
2496 iobuf_skip_rest(inp,pktlen, 0);
2497 return gpg_error (GPG_ERR_INV_PACKET);
2498 }
2499
2500 /* create a gpg control packet to be used internally as a placeholder */
2501 PACKET *
2502 create_gpg_control( ctrlpkttype_t type, const byte *data, size_t datalen )
2503 {
2504 PACKET *packet;
2505 byte *p;
2506
2507 packet = xmalloc( sizeof *packet );
2508 init_packet(packet);
2509 packet->pkttype = PKT_GPG_CONTROL;
2510 packet->pkt.gpg_control = xmalloc(sizeof *packet->pkt.gpg_control
2511 + datalen - 1);
2512 packet->pkt.gpg_control->control = type;
2513 packet->pkt.gpg_control->datalen = datalen;
2514 p = packet->pkt.gpg_control->data;
2515 for( ; datalen; datalen--, p++ )
2516 *p = *data++;
2517
2518 return packet;
2519 }
gnupg svn clone