1 /*-
2 * Copyright (c) 2009 The NetBSD Foundation, Inc.
3 * All rights reserved.
4 *
5 * This code is derived from software contributed to The NetBSD Foundation
6 * by Alistair Crooks (agc@NetBSD.org)
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29 /*
30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk)
31 * All rights reserved.
32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted
33 * their moral rights under the UK Copyright Design and Patents Act 1988 to
34 * be recorded as the authors of this copyright work.
35 *
36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
37 * use this file except in compliance with the License.
38 *
39 * You may obtain a copy of the License at
40 * http://www.apache.org/licenses/LICENSE-2.0
41 *
42 * Unless required by applicable law or agreed to in writing, software
43 * distributed under the License is distributed on an "AS IS" BASIS,
44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
45 *
46 * See the License for the specific language governing permissions and
47 * limitations under the License.
48 */
49
50 /** \file
51 * \brief Parser for OpenPGP packets
52 */
53 #include "config.h"
54
55 #ifdef HAVE_SYS_CDEFS_H
56 #include <sys/cdefs.h>
57 #endif
58
59 #if defined(__NetBSD__)
60 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
61 __RCSID("$NetBSD: packet-parse.c,v 1.51 2012/03/05 02:20:18 christos Exp $");
62 #endif
63
64 #include <sys/types.h>
65 #include <sys/param.h>
66
67 #ifdef HAVE_OPENSSL_CAST_H
68 #include <openssl/cast.h>
69 #endif
70
71 #include <stdarg.h>
72 #include <stdlib.h>
73 #include <string.h>
74
75 #ifdef HAVE_UNISTD_H
76 #include <unistd.h>
77 #endif
78
79 #ifdef HAVE_LIMITS_H
80 #include <limits.h>
81 #endif
82
83 #include "packet.h"
84 #include "packet-parse.h"
85 #include "keyring.h"
86 #include "errors.h"
87 #include "packet-show.h"
88 #include "create.h"
89 #include "readerwriter.h"
90 #include "netpgpdefs.h"
91 #include "crypto.h"
92 #include "netpgpdigest.h"
93
94 #define ERRP(cbinfo, cont, err) do { \
95 cont.u.error = err; \
96 CALLBACK(PGP_PARSER_ERROR, cbinfo, &cont); \
97 return 0; \
98 /*NOTREACHED*/ \
99 } while(/*CONSTCOND*/0)
100
101 /**
102 * limread_data reads the specified amount of the subregion's data
103 * into a data_t structure
104 *
105 * \param data Empty structure which will be filled with data
106 * \param len Number of octets to read
107 * \param subregion
108 * \param stream How to parse
109 *
110 * \return 1 on success, 0 on failure
111 */
112 static int
limread_data(pgp_data_t * data,unsigned len,pgp_region_t * subregion,pgp_stream_t * stream)113 limread_data(pgp_data_t *data, unsigned len,
114 pgp_region_t *subregion, pgp_stream_t *stream)
115 {
116 data->len = len;
117
118 if (subregion->length - subregion->readc < len) {
119 (void) fprintf(stderr, "limread_data: bad length\n");
120 return 0;
121 }
122
123 data->contents = calloc(1, data->len);
124 if (!data->contents) {
125 return 0;
126 }
127
128 return pgp_limited_read(stream, data->contents, data->len, subregion,
129 &stream->errors, &stream->readinfo, &stream->cbinfo);
130 }
131
132 /**
133 * read_data reads the remainder of the subregion's data
134 * into a data_t structure
135 *
136 * \param data
137 * \param subregion
138 * \param stream
139 *
140 * \return 1 on success, 0 on failure
141 */
142 static int
read_data(pgp_data_t * data,pgp_region_t * region,pgp_stream_t * stream)143 read_data(pgp_data_t *data, pgp_region_t *region, pgp_stream_t *stream)
144 {
145 int cc;
146
147 cc = region->length - region->readc;
148 return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0;
149 }
150
151 /**
152 * Reads the remainder of the subregion as a string.
153 * It is the user's responsibility to free the memory allocated here.
154 */
155
156 static int
read_unsig_str(uint8_t ** str,pgp_region_t * subregion,pgp_stream_t * stream)157 read_unsig_str(uint8_t **str, pgp_region_t *subregion,
158 pgp_stream_t *stream)
159 {
160 size_t len;
161
162 len = subregion->length - subregion->readc;
163 if ((*str = calloc(1, len + 1)) == NULL) {
164 return 0;
165 }
166 if (len &&
167 !pgp_limited_read(stream, *str, len, subregion, &stream->errors,
168 &stream->readinfo, &stream->cbinfo)) {
169 return 0;
170 }
171 (*str)[len] = '\0';
172 return 1;
173 }
174
175 static int
read_string(char ** str,pgp_region_t * subregion,pgp_stream_t * stream)176 read_string(char **str, pgp_region_t *subregion, pgp_stream_t *stream)
177 {
178 return read_unsig_str((uint8_t **) str, subregion, stream);
179 }
180
181 void
pgp_init_subregion(pgp_region_t * subregion,pgp_region_t * region)182 pgp_init_subregion(pgp_region_t *subregion, pgp_region_t *region)
183 {
184 (void) memset(subregion, 0x0, sizeof(*subregion));
185 subregion->parent = region;
186 }
187
188 /*
189 * XXX: replace pgp_ptag_t with something more appropriate for limiting reads
190 */
191
192 /**
193 * low-level function to read data from reader function
194 *
195 * Use this function, rather than calling the reader directly.
196 *
197 * If the accumulate flag is set in *stream, the function
198 * adds the read data to the accumulated data, and updates
199 * the accumulated length. This is useful if, for example,
200 * the application wants access to the raw data as well as the
201 * parsed data.
202 *
203 * This function will also try to read the entire amount asked for, but not
204 * if it is over INT_MAX. Obviously many callers will know that they
205 * never ask for that much and so can avoid the extra complexity of
206 * dealing with return codes and filled-in lengths.
207 *
208 * \param *dest
209 * \param *plength
210 * \param flags
211 * \param *stream
212 *
213 * \return PGP_R_OK
214 * \return PGP_R_PARTIAL_READ
215 * \return PGP_R_EOF
216 * \return PGP_R_EARLY_EOF
217 *
218 * \sa #pgp_reader_ret_t for details of return codes
219 */
220
221 static int
sub_base_read(pgp_stream_t * stream,void * dest,size_t length,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)222 sub_base_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors,
223 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo)
224 {
225 size_t n;
226
227 /* reading more than this would look like an error */
228 if (length > INT_MAX)
229 length = INT_MAX;
230
231 for (n = 0; n < length;) {
232 int r;
233
234 r = readinfo->reader(stream, (char *) dest + n, length - n, errors,
235 readinfo, cbinfo);
236 if (r > (int)(length - n)) {
237 (void) fprintf(stderr, "sub_base_read: bad read\n");
238 return 0;
239 }
240 if (r < 0) {
241 return r;
242 }
243 if (r == 0) {
244 break;
245 }
246 n += (unsigned)r;
247 }
248
249 if (n == 0) {
250 return 0;
251 }
252 if (readinfo->accumulate) {
253 if (readinfo->asize < readinfo->alength) {
254 (void) fprintf(stderr, "sub_base_read: bad size\n");
255 return 0;
256 }
257 if (readinfo->alength + n > readinfo->asize) {
258 uint8_t *temp;
259
260 readinfo->asize = (readinfo->asize * 2) + (unsigned)n;
261 temp = realloc(readinfo->accumulated, readinfo->asize);
262 if (temp == NULL) {
263 (void) fprintf(stderr,
264 "sub_base_read: bad alloc\n");
265 return 0;
266 }
267 readinfo->accumulated = temp;
268 }
269 if (readinfo->asize < readinfo->alength + n) {
270 (void) fprintf(stderr, "sub_base_read: bad realloc\n");
271 return 0;
272 }
273 (void) memcpy(readinfo->accumulated + readinfo->alength, dest,
274 n);
275 }
276 /* we track length anyway, because it is used for packet offsets */
277 readinfo->alength += (unsigned)n;
278 /* and also the position */
279 readinfo->position += (unsigned)n;
280
281 return (int)n;
282 }
283
284 int
pgp_stacked_read(pgp_stream_t * stream,void * dest,size_t length,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)285 pgp_stacked_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors,
286 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo)
287 {
288 return sub_base_read(stream, dest, length, errors, readinfo->next, cbinfo);
289 }
290
291 /* This will do a full read so long as length < MAX_INT */
292 static int
base_read(uint8_t * dest,size_t length,pgp_stream_t * stream)293 base_read(uint8_t *dest, size_t length, pgp_stream_t *stream)
294 {
295 return sub_base_read(stream, dest, length, &stream->errors, &stream->readinfo,
296 &stream->cbinfo);
297 }
298
299 /*
300 * Read a full size_t's worth. If the return is < than length, then
301 * *last_read tells you why - < 0 for an error, == 0 for EOF
302 */
303
304 static size_t
full_read(pgp_stream_t * stream,uint8_t * dest,size_t length,int * last_read,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)305 full_read(pgp_stream_t *stream, uint8_t *dest,
306 size_t length,
307 int *last_read,
308 pgp_error_t **errors,
309 pgp_reader_t *readinfo,
310 pgp_cbdata_t *cbinfo)
311 {
312 size_t t;
313 int r = 0; /* preset in case some loon calls with length
314 * == 0 */
315
316 for (t = 0; t < length;) {
317 r = sub_base_read(stream, dest + t, length - t, errors, readinfo,
318 cbinfo);
319 if (r <= 0) {
320 *last_read = r;
321 return t;
322 }
323 t += (size_t)r;
324 }
325
326 *last_read = r;
327
328 return t;
329 }
330
331
332
333 /** Read a scalar value of selected length from reader.
334 *
335 * Read an unsigned scalar value from reader in Big Endian representation.
336 *
337 * This function does not know or care about packet boundaries. It
338 * also assumes that an EOF is an error.
339 *
340 * \param *result The scalar value is stored here
341 * \param *reader Our reader
342 * \param length How many bytes to read
343 * \return 1 on success, 0 on failure
344 */
345 static unsigned
_read_scalar(unsigned * result,unsigned length,pgp_stream_t * stream)346 _read_scalar(unsigned *result, unsigned length,
347 pgp_stream_t *stream)
348 {
349 unsigned t = 0;
350
351 if (length > sizeof(*result)) {
352 (void) fprintf(stderr, "_read_scalar: bad length\n");
353 return 0;
354 }
355
356 while (length--) {
357 uint8_t c;
358 int r;
359
360 r = base_read(&c, 1, stream);
361 if (r != 1)
362 return 0;
363 t = (t << 8) + c;
364 }
365
366 *result = t;
367 return 1;
368 }
369
370 /**
371 * \ingroup Core_ReadPackets
372 * \brief Read bytes from a region within the packet.
373 *
374 * Read length bytes into the buffer pointed to by *dest.
375 * Make sure we do not read over the packet boundary.
376 * Updates the Packet Tag's pgp_ptag_t::readc.
377 *
378 * If length would make us read over the packet boundary, or if
379 * reading fails, we call the callback with an error.
380 *
381 * Note that if the region is indeterminate, this can return a short
382 * read - check region->last_read for the length. EOF is indicated by
383 * a success return and region->last_read == 0 in this case (for a
384 * region of known length, EOF is an error).
385 *
386 * This function makes sure to respect packet boundaries.
387 *
388 * \param dest The destination buffer
389 * \param length How many bytes to read
390 * \param region Pointer to packet region
391 * \param errors Error stack
392 * \param readinfo Reader info
393 * \param cbinfo Callback info
394 * \return 1 on success, 0 on error
395 */
396 unsigned
pgp_limited_read(pgp_stream_t * stream,uint8_t * dest,size_t length,pgp_region_t * region,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)397 pgp_limited_read(pgp_stream_t *stream, uint8_t *dest,
398 size_t length,
399 pgp_region_t *region,
400 pgp_error_t **errors,
401 pgp_reader_t *readinfo,
402 pgp_cbdata_t *cbinfo)
403 {
404 size_t r;
405 int lr;
406
407 if (!region->indeterminate &&
408 region->readc + length > region->length) {
409 PGP_ERROR_1(errors, PGP_E_P_NOT_ENOUGH_DATA, "%s",
410 "Not enough data");
411 return 0;
412 }
413 r = full_read(stream, dest, length, &lr, errors, readinfo, cbinfo);
414 if (lr < 0) {
415 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed");
416 return 0;
417 }
418 if (!region->indeterminate && r != length) {
419 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed");
420 return 0;
421 }
422 region->last_read = (unsigned)r;
423 do {
424 region->readc += (unsigned)r;
425 if (region->parent && region->length > region->parent->length) {
426 (void) fprintf(stderr,
427 "ops_limited_read: bad length\n");
428 return 0;
429 }
430 } while ((region = region->parent) != NULL);
431 return 1;
432 }
433
434 /**
435 \ingroup Core_ReadPackets
436 \brief Call pgp_limited_read on next in stack
437 */
438 unsigned
pgp_stacked_limited_read(pgp_stream_t * stream,uint8_t * dest,unsigned length,pgp_region_t * region,pgp_error_t ** errors,pgp_reader_t * readinfo,pgp_cbdata_t * cbinfo)439 pgp_stacked_limited_read(pgp_stream_t *stream, uint8_t *dest, unsigned length,
440 pgp_region_t *region,
441 pgp_error_t **errors,
442 pgp_reader_t *readinfo,
443 pgp_cbdata_t *cbinfo)
444 {
445 return pgp_limited_read(stream, dest, length, region, errors,
446 readinfo->next, cbinfo);
447 }
448
449 static unsigned
limread(uint8_t * dest,unsigned length,pgp_region_t * region,pgp_stream_t * info)450 limread(uint8_t *dest, unsigned length,
451 pgp_region_t *region, pgp_stream_t *info)
452 {
453 return pgp_limited_read(info, dest, length, region, &info->errors,
454 &info->readinfo, &info->cbinfo);
455 }
456
457 static unsigned
exact_limread(uint8_t * dest,unsigned len,pgp_region_t * region,pgp_stream_t * stream)458 exact_limread(uint8_t *dest, unsigned len,
459 pgp_region_t *region,
460 pgp_stream_t *stream)
461 {
462 unsigned ret;
463
464 stream->exact_read = 1;
465 ret = limread(dest, len, region, stream);
466 stream->exact_read = 0;
467 return ret;
468 }
469
470 /** Skip over length bytes of this packet.
471 *
472 * Calls limread() to skip over some data.
473 *
474 * This function makes sure to respect packet boundaries.
475 *
476 * \param length How many bytes to skip
477 * \param *region Pointer to packet region
478 * \param *stream How to parse
479 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
480 */
481 static int
limskip(unsigned length,pgp_region_t * region,pgp_stream_t * stream)482 limskip(unsigned length, pgp_region_t *region, pgp_stream_t *stream)
483 {
484 uint8_t buf[NETPGP_BUFSIZ];
485
486 while (length > 0) {
487 unsigned n = length % NETPGP_BUFSIZ;
488
489 if (!limread(buf, n, region, stream)) {
490 return 0;
491 }
492 length -= n;
493 }
494 return 1;
495 }
496
497 /** Read a scalar.
498 *
499 * Read a big-endian scalar of length bytes, respecting packet
500 * boundaries (by calling limread() to read the raw data).
501 *
502 * This function makes sure to respect packet boundaries.
503 *
504 * \param *dest The scalar value is stored here
505 * \param length How many bytes make up this scalar (at most 4)
506 * \param *region Pointer to current packet region
507 * \param *stream How to parse
508 * \param *cb The callback
509 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
510 *
511 * \see RFC4880 3.1
512 */
513 static int
limread_scalar(unsigned * dest,unsigned len,pgp_region_t * region,pgp_stream_t * stream)514 limread_scalar(unsigned *dest,
515 unsigned len,
516 pgp_region_t *region,
517 pgp_stream_t *stream)
518 {
519 uint8_t c[4] = "";
520 unsigned t;
521 unsigned n;
522
523 if (len > 4) {
524 (void) fprintf(stderr, "limread_scalar: bad length\n");
525 return 0;
526 }
527 /*LINTED*/
528 if (/*CONSTCOND*/sizeof(*dest) < 4) {
529 (void) fprintf(stderr, "limread_scalar: bad dest\n");
530 return 0;
531 }
532 if (!limread(c, len, region, stream)) {
533 return 0;
534 }
535 for (t = 0, n = 0; n < len; ++n) {
536 t = (t << 8) + c[n];
537 }
538 *dest = t;
539 return 1;
540 }
541
542 /** Read a scalar.
543 *
544 * Read a big-endian scalar of length bytes, respecting packet
545 * boundaries (by calling limread() to read the raw data).
546 *
547 * The value read is stored in a size_t, which is a different size
548 * from an unsigned on some platforms.
549 *
550 * This function makes sure to respect packet boundaries.
551 *
552 * \param *dest The scalar value is stored here
553 * \param length How many bytes make up this scalar (at most 4)
554 * \param *region Pointer to current packet region
555 * \param *stream How to parse
556 * \param *cb The callback
557 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()).
558 *
559 * \see RFC4880 3.1
560 */
561 static int
limread_size_t(size_t * dest,unsigned length,pgp_region_t * region,pgp_stream_t * stream)562 limread_size_t(size_t *dest,
563 unsigned length,
564 pgp_region_t *region,
565 pgp_stream_t *stream)
566 {
567 unsigned tmp;
568
569 /*
570 * Note that because the scalar is at most 4 bytes, we don't care if
571 * size_t is bigger than usigned
572 */
573 if (!limread_scalar(&tmp, length, region, stream))
574 return 0;
575
576 *dest = tmp;
577 return 1;
578 }
579
580 /** Read a timestamp.
581 *
582 * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar
583 * of 4 bytes.
584 *
585 * This function reads the timestamp using limread_scalar().
586 *
587 * This function makes sure to respect packet boundaries.
588 *
589 * \param *dest The timestamp is stored here
590 * \param *ptag Pointer to current packet's Packet Tag.
591 * \param *reader Our reader
592 * \param *cb The callback
593 * \return see limread_scalar()
594 *
595 * \see RFC4880 3.5
596 */
597 static int
limited_read_time(time_t * dest,pgp_region_t * region,pgp_stream_t * stream)598 limited_read_time(time_t *dest, pgp_region_t *region,
599 pgp_stream_t *stream)
600 {
601 uint8_t c;
602 time_t mytime = 0;
603 int i;
604
605 /*
606 * Cannot assume that time_t is 4 octets long -
607 * SunOS 5.10 and NetBSD both have 64-bit time_ts.
608 */
609 if (/* CONSTCOND */sizeof(time_t) == 4) {
610 return limread_scalar((unsigned *)(void *)dest, 4, region, stream);
611 }
612 for (i = 0; i < 4; i++) {
613 if (!limread(&c, 1, region, stream)) {
614 return 0;
615 }
616 mytime = (mytime << 8) + c;
617 }
618 *dest = mytime;
619 return 1;
620 }
621
622 /**
623 * \ingroup Core_MPI
624 * Read a multiprecision integer.
625 *
626 * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar
627 * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most
628 * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is
629 * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted).
630 *
631 * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are
632 * supposed to be cleared - I guess. XXX - does anything actually say so?
633 *
634 * This function makes sure to respect packet boundaries.
635 *
636 * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed
637 * by the caller XXX right ben?
638 * \param *ptag Pointer to current packet's Packet Tag.
639 * \param *reader Our reader
640 * \param *cb The callback
641 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX
642 * see comment below - the callback is called with a PGP_PARSER_ERROR in case of an error)
643 *
644 * \see RFC4880 3.2
645 */
646 static int
limread_mpi(BIGNUM ** pbn,pgp_region_t * region,pgp_stream_t * stream)647 limread_mpi(BIGNUM **pbn, pgp_region_t *region, pgp_stream_t *stream)
648 {
649 uint8_t buf[NETPGP_BUFSIZ] = "";
650 /* an MPI has a 2 byte length part.
651 * Length is given in bits, so the
652 * largest we should ever need for
653 * the buffer is NETPGP_BUFSIZ bytes. */
654 unsigned length;
655 unsigned nonzero;
656 unsigned ret;
657
658 stream->reading_mpi_len = 1;
659 ret = (unsigned)limread_scalar(&length, 2, region, stream);
660
661 stream->reading_mpi_len = 0;
662 if (!ret)
663 return 0;
664
665 nonzero = length & 7; /* there should be this many zero bits in the
666 * MS byte */
667 if (!nonzero)
668 nonzero = 8;
669 length = (length + 7) / 8;
670
671 if (length == 0) {
672 /* if we try to read a length of 0, then fail */
673 if (pgp_get_debug_level(__FILE__)) {
674 (void) fprintf(stderr, "limread_mpi: 0 length\n");
675 }
676 return 0;
677 }
678 if (length > NETPGP_BUFSIZ) {
679 (void) fprintf(stderr, "limread_mpi: bad length\n");
680 return 0;
681 }
682 if (!limread(buf, length, region, stream)) {
683 return 0;
684 }
685 if (((unsigned)buf[0] >> nonzero) != 0 ||
686 !((unsigned)buf[0] & (1U << (nonzero - 1U)))) {
687 PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR,
688 "%s", "MPI Format error");
689 /* XXX: Ben, one part of
690 * this constraint does
691 * not apply to
692 * encrypted MPIs the
693 * draft says. -- peter */
694 return 0;
695 }
696 *pbn = BN_bin2bn(buf, (int)length, NULL);
697 return 1;
698 }
699
700 static unsigned read_new_length(unsigned *, pgp_stream_t *);
701
702 /* allocate space, read, and stash data away in a virtual pkt */
703 static void
streamread(pgp_stream_t * stream,unsigned c)704 streamread(pgp_stream_t *stream, unsigned c)
705 {
706 int cc;
707
708 stream->virtualpkt = realloc(stream->virtualpkt, stream->virtualc + c);
709 cc = stream->readinfo.reader(stream, &stream->virtualpkt[stream->virtualc],
710 c, &stream->errors, &stream->readinfo, &stream->cbinfo);
711 stream->virtualc += cc;
712 }
713
714 /* coalesce all the partial blocks together */
715 static int
coalesce_blocks(pgp_stream_t * stream,unsigned length)716 coalesce_blocks(pgp_stream_t *stream, unsigned length)
717 {
718 unsigned c;
719
720 stream->coalescing = 1;
721 /* already read a partial block length - prime the array */
722 streamread(stream, length);
723 while (read_new_length(&c, stream) && stream->partial_read) {
724 /* length we read is partial - add to end of array */
725 streamread(stream, c);
726 }
727 /* not partial - add the last extent to the end of the array */
728 streamread(stream, c);
729 stream->coalescing = 0;
730 return 1;
731 }
732
733 /** Read some data with a New-Format length from reader.
734 *
735 * \sa Internet-Draft RFC4880.txt Section 4.2.2
736 *
737 * \param *length Where the decoded length will be put
738 * \param *stream How to parse
739 * \return 1 if OK, else 0
740 *
741 */
742
743 static unsigned
read_new_length(unsigned * length,pgp_stream_t * stream)744 read_new_length(unsigned *length, pgp_stream_t *stream)
745 {
746 uint8_t c;
747
748 stream->partial_read = 0;
749 if (base_read(&c, 1, stream) != 1) {
750 return 0;
751 }
752 if (c < 192) {
753 /* 1. One-octet packet */
754 *length = c;
755 return 1;
756 }
757 if (c < 224) {
758 /* 2. Two-octet packet */
759 unsigned t = (c - 192) << 8;
760
761 if (base_read(&c, 1, stream) != 1) {
762 return 0;
763 }
764 *length = t + c + 192;
765 return 1;
766 }
767 if (c < 255) {
768 /* 3. Partial Body Length */
769 stream->partial_read = 1;
770 *length = 1 << (c & 0x1f);
771 if (!stream->coalescing) {
772 /* we have been called from coalesce_blocks -
773 * just return with the partial length */
774 coalesce_blocks(stream, *length);
775 *length = stream->virtualc;
776 }
777 return 1;
778 }
779 /* 4. Five-Octet packet */
780 return _read_scalar(length, 4, stream);
781 }
782
783 /** Read the length information for a new format Packet Tag.
784 *
785 * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and
786 * decodes it to the proper length information.
787 *
788 * This function makes sure to respect packet boundaries.
789 *
790 * \param *length return the length here
791 * \param *ptag Pointer to current packet's Packet Tag.
792 * \param *reader Our reader
793 * \param *cb The callback
794 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX
795 * see comment below)
796 *
797 * \see RFC4880 4.2.2
798 * \see pgp_ptag_t
799 */
800 static int
limited_read_new_length(unsigned * length,pgp_region_t * region,pgp_stream_t * stream)801 limited_read_new_length(unsigned *length, pgp_region_t *region,
802 pgp_stream_t *stream)
803 {
804 uint8_t c = 0x0;
805
806 if (!limread(&c, 1, region, stream)) {
807 return 0;
808 }
809 if (c < 192) {
810 *length = c;
811 return 1;
812 }
813 if (c < 224) {
814 unsigned t = (c - 192) << 8;
815
816 if (!limread(&c, 1, region, stream)) {
817 return 0;
818 }
819 *length = t + c + 192;
820 return 1;
821 }
822 if (c < 255) {
823 stream->partial_read = 1;
824 *length = 1 << (c & 0x1f);
825 if (!stream->coalescing) {
826 /* we have been called from coalesce_blocks -
827 * just return with the partial length */
828 coalesce_blocks(stream, *length);
829 *length = stream->virtualc;
830 }
831 return 1;
832 }
833 return limread_scalar(length, 4, region, stream);
834 }
835
836 /**
837 \ingroup Core_Create
838 \brief Free allocated memory
839 */
840 void
pgp_data_free(pgp_data_t * data)841 pgp_data_free(pgp_data_t *data)
842 {
843 free(data->contents);
844 data->contents = NULL;
845 data->len = 0;
846 }
847
848 /**
849 \ingroup Core_Create
850 \brief Free allocated memory
851 */
852 static void
string_free(char ** str)853 string_free(char **str)
854 {
855 free(*str);
856 *str = NULL;
857 }
858
859 /**
860 \ingroup Core_Create
861 \brief Free allocated memory
862 */
863 /* ! Free packet memory, set pointer to NULL */
864 void
pgp_subpacket_free(pgp_subpacket_t * packet)865 pgp_subpacket_free(pgp_subpacket_t *packet)
866 {
867 free(packet->raw);
868 packet->raw = NULL;
869 }
870
871 /**
872 \ingroup Core_Create
873 \brief Free allocated memory
874 */
875 static void
headers_free(pgp_headers_t * headers)876 headers_free(pgp_headers_t *headers)
877 {
878 unsigned n;
879
880 for (n = 0; n < headers->headerc; ++n) {
881 free(headers->headers[n].key);
882 free(headers->headers[n].value);
883 }
884 free(headers->headers);
885 headers->headers = NULL;
886 }
887
888 /**
889 \ingroup Core_Create
890 \brief Free allocated memory
891 */
892 static void
cleartext_trailer_free(struct pgp_hash_t ** trailer)893 cleartext_trailer_free(struct pgp_hash_t **trailer)
894 {
895 free(*trailer);
896 *trailer = NULL;
897 }
898
899 /**
900 \ingroup Core_Create
901 \brief Free allocated memory
902 */
903 static void
cmd_get_passphrase_free(pgp_seckey_passphrase_t * skp)904 cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp)
905 {
906 if (skp->passphrase && *skp->passphrase) {
907 free(*skp->passphrase);
908 *skp->passphrase = NULL;
909 }
910 }
911
912 /**
913 \ingroup Core_Create
914 \brief Free allocated memory
915 */
916 static void
free_BN(BIGNUM ** pp)917 free_BN(BIGNUM **pp)
918 {
919 BN_free(*pp);
920 *pp = NULL;
921 }
922
923 /**
924 * \ingroup Core_Create
925 * \brief Free the memory used when parsing a signature
926 * \param sig
927 */
928 static void
sig_free(pgp_sig_t * sig)929 sig_free(pgp_sig_t *sig)
930 {
931 switch (sig->info.key_alg) {
932 case PGP_PKA_RSA:
933 case PGP_PKA_RSA_SIGN_ONLY:
934 free_BN(&sig->info.sig.rsa.sig);
935 break;
936
937 case PGP_PKA_DSA:
938 free_BN(&sig->info.sig.dsa.r);
939 free_BN(&sig->info.sig.dsa.s);
940 break;
941
942 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
943 free_BN(&sig->info.sig.elgamal.r);
944 free_BN(&sig->info.sig.elgamal.s);
945 break;
946
947 case PGP_PKA_PRIVATE00:
948 case PGP_PKA_PRIVATE01:
949 case PGP_PKA_PRIVATE02:
950 case PGP_PKA_PRIVATE03:
951 case PGP_PKA_PRIVATE04:
952 case PGP_PKA_PRIVATE05:
953 case PGP_PKA_PRIVATE06:
954 case PGP_PKA_PRIVATE07:
955 case PGP_PKA_PRIVATE08:
956 case PGP_PKA_PRIVATE09:
957 case PGP_PKA_PRIVATE10:
958 pgp_data_free(&sig->info.sig.unknown);
959 break;
960
961 default:
962 (void) fprintf(stderr, "sig_free: bad sig type\n");
963 }
964 }
965
966 /**
967 \ingroup Core_Create
968 \brief Free allocated memory
969 */
970 /* ! Free any memory allocated when parsing the packet content */
971 void
pgp_parser_content_free(pgp_packet_t * c)972 pgp_parser_content_free(pgp_packet_t *c)
973 {
974 switch (c->tag) {
975 case PGP_PARSER_PTAG:
976 case PGP_PTAG_CT_COMPRESSED:
977 case PGP_PTAG_SS_CREATION_TIME:
978 case PGP_PTAG_SS_EXPIRATION_TIME:
979 case PGP_PTAG_SS_KEY_EXPIRY:
980 case PGP_PTAG_SS_TRUST:
981 case PGP_PTAG_SS_ISSUER_KEY_ID:
982 case PGP_PTAG_CT_1_PASS_SIG:
983 case PGP_PTAG_SS_PRIMARY_USER_ID:
984 case PGP_PTAG_SS_REVOCABLE:
985 case PGP_PTAG_SS_REVOCATION_KEY:
986 case PGP_PTAG_CT_LITDATA_HEADER:
987 case PGP_PTAG_CT_LITDATA_BODY:
988 case PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY:
989 case PGP_PTAG_CT_UNARMOURED_TEXT:
990 case PGP_PTAG_CT_ARMOUR_TRAILER:
991 case PGP_PTAG_CT_SIGNATURE_HEADER:
992 case PGP_PTAG_CT_SE_DATA_HEADER:
993 case PGP_PTAG_CT_SE_IP_DATA_HEADER:
994 case PGP_PTAG_CT_SE_IP_DATA_BODY:
995 case PGP_PTAG_CT_MDC:
996 case PGP_GET_SECKEY:
997 break;
998
999 case PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER:
1000 headers_free(&c->u.cleartext_head);
1001 break;
1002
1003 case PGP_PTAG_CT_ARMOUR_HEADER:
1004 headers_free(&c->u.armour_header.headers);
1005 break;
1006
1007 case PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER:
1008 cleartext_trailer_free(&c->u.cleartext_trailer);
1009 break;
1010
1011 case PGP_PTAG_CT_TRUST:
1012 pgp_data_free(&c->u.trust);
1013 break;
1014
1015 case PGP_PTAG_CT_SIGNATURE:
1016 case PGP_PTAG_CT_SIGNATURE_FOOTER:
1017 sig_free(&c->u.sig);
1018 break;
1019
1020 case PGP_PTAG_CT_PUBLIC_KEY:
1021 case PGP_PTAG_CT_PUBLIC_SUBKEY:
1022 pgp_pubkey_free(&c->u.pubkey);
1023 break;
1024
1025 case PGP_PTAG_CT_USER_ID:
1026 pgp_userid_free(&c->u.userid);
1027 break;
1028
1029 case PGP_PTAG_SS_SIGNERS_USER_ID:
1030 pgp_userid_free(&c->u.ss_signer);
1031 break;
1032
1033 case PGP_PTAG_CT_USER_ATTR:
1034 pgp_data_free(&c->u.userattr);
1035 break;
1036
1037 case PGP_PTAG_SS_PREFERRED_SKA:
1038 pgp_data_free(&c->u.ss_skapref);
1039 break;
1040
1041 case PGP_PTAG_SS_PREFERRED_HASH:
1042 pgp_data_free(&c->u.ss_hashpref);
1043 break;
1044
1045 case PGP_PTAG_SS_PREF_COMPRESS:
1046 pgp_data_free(&c->u.ss_zpref);
1047 break;
1048
1049 case PGP_PTAG_SS_KEY_FLAGS:
1050 pgp_data_free(&c->u.ss_key_flags);
1051 break;
1052
1053 case PGP_PTAG_SS_KEYSERV_PREFS:
1054 pgp_data_free(&c->u.ss_key_server_prefs);
1055 break;
1056
1057 case PGP_PTAG_SS_FEATURES:
1058 pgp_data_free(&c->u.ss_features);
1059 break;
1060
1061 case PGP_PTAG_SS_NOTATION_DATA:
1062 pgp_data_free(&c->u.ss_notation.name);
1063 pgp_data_free(&c->u.ss_notation.value);
1064 break;
1065
1066 case PGP_PTAG_SS_REGEXP:
1067 string_free(&c->u.ss_regexp);
1068 break;
1069
1070 case PGP_PTAG_SS_POLICY_URI:
1071 string_free(&c->u.ss_policy);
1072 break;
1073
1074 case PGP_PTAG_SS_PREF_KEYSERV:
1075 string_free(&c->u.ss_keyserv);
1076 break;
1077
1078 case PGP_PTAG_SS_USERDEFINED00:
1079 case PGP_PTAG_SS_USERDEFINED01:
1080 case PGP_PTAG_SS_USERDEFINED02:
1081 case PGP_PTAG_SS_USERDEFINED03:
1082 case PGP_PTAG_SS_USERDEFINED04:
1083 case PGP_PTAG_SS_USERDEFINED05:
1084 case PGP_PTAG_SS_USERDEFINED06:
1085 case PGP_PTAG_SS_USERDEFINED07:
1086 case PGP_PTAG_SS_USERDEFINED08:
1087 case PGP_PTAG_SS_USERDEFINED09:
1088 case PGP_PTAG_SS_USERDEFINED10:
1089 pgp_data_free(&c->u.ss_userdef);
1090 break;
1091
1092 case PGP_PTAG_SS_RESERVED:
1093 pgp_data_free(&c->u.ss_unknown);
1094 break;
1095
1096 case PGP_PTAG_SS_REVOCATION_REASON:
1097 string_free(&c->u.ss_revocation.reason);
1098 break;
1099
1100 case PGP_PTAG_SS_EMBEDDED_SIGNATURE:
1101 pgp_data_free(&c->u.ss_embedded_sig);
1102 break;
1103
1104 case PGP_PARSER_PACKET_END:
1105 pgp_subpacket_free(&c->u.packet);
1106 break;
1107
1108 case PGP_PARSER_ERROR:
1109 case PGP_PARSER_ERRCODE:
1110 break;
1111
1112 case PGP_PTAG_CT_SECRET_KEY:
1113 case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY:
1114 pgp_seckey_free(&c->u.seckey);
1115 break;
1116
1117 case PGP_PTAG_CT_PK_SESSION_KEY:
1118 case PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY:
1119 pgp_pk_sesskey_free(&c->u.pk_sesskey);
1120 break;
1121
1122 case PGP_GET_PASSPHRASE:
1123 cmd_get_passphrase_free(&c->u.skey_passphrase);
1124 break;
1125
1126 default:
1127 fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag);
1128 }
1129 }
1130
1131 /**
1132 \ingroup Core_Create
1133 \brief Free allocated memory
1134 */
1135 void
pgp_pk_sesskey_free(pgp_pk_sesskey_t * sk)1136 pgp_pk_sesskey_free(pgp_pk_sesskey_t *sk)
1137 {
1138 switch (sk->alg) {
1139 case PGP_PKA_RSA:
1140 free_BN(&sk->params.rsa.encrypted_m);
1141 break;
1142
1143 case PGP_PKA_ELGAMAL:
1144 free_BN(&sk->params.elgamal.g_to_k);
1145 free_BN(&sk->params.elgamal.encrypted_m);
1146 break;
1147
1148 default:
1149 (void) fprintf(stderr, "pgp_pk_sesskey_free: bad alg\n");
1150 break;
1151 }
1152 }
1153
1154 /**
1155 \ingroup Core_Create
1156 \brief Free allocated memory
1157 */
1158 /* ! Free the memory used when parsing a public key */
1159 void
pgp_pubkey_free(pgp_pubkey_t * p)1160 pgp_pubkey_free(pgp_pubkey_t *p)
1161 {
1162 switch (p->alg) {
1163 case PGP_PKA_RSA:
1164 case PGP_PKA_RSA_ENCRYPT_ONLY:
1165 case PGP_PKA_RSA_SIGN_ONLY:
1166 free_BN(&p->key.rsa.n);
1167 free_BN(&p->key.rsa.e);
1168 break;
1169
1170 case PGP_PKA_DSA:
1171 free_BN(&p->key.dsa.p);
1172 free_BN(&p->key.dsa.q);
1173 free_BN(&p->key.dsa.g);
1174 free_BN(&p->key.dsa.y);
1175 break;
1176
1177 case PGP_PKA_ELGAMAL:
1178 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1179 free_BN(&p->key.elgamal.p);
1180 free_BN(&p->key.elgamal.g);
1181 free_BN(&p->key.elgamal.y);
1182 break;
1183
1184 case PGP_PKA_NOTHING:
1185 /* nothing to free */
1186 break;
1187
1188 default:
1189 (void) fprintf(stderr, "pgp_pubkey_free: bad alg\n");
1190 }
1191 }
1192
1193 /**
1194 \ingroup Core_ReadPackets
1195 */
1196 static int
parse_pubkey_data(pgp_pubkey_t * key,pgp_region_t * region,pgp_stream_t * stream)1197 parse_pubkey_data(pgp_pubkey_t *key, pgp_region_t *region,
1198 pgp_stream_t *stream)
1199 {
1200 uint8_t c = 0x0;
1201
1202 if (region->readc != 0) {
1203 /* We should not have read anything so far */
1204 (void) fprintf(stderr, "parse_pubkey_data: bad length\n");
1205 return 0;
1206 }
1207 if (!limread(&c, 1, region, stream)) {
1208 return 0;
1209 }
1210 key->version = (pgp_version_t)c;
1211 switch (key->version) {
1212 case PGP_V2:
1213 case PGP_V3:
1214 case PGP_V4:
1215 break;
1216 default:
1217 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PUBLIC_KEY_VRSN,
1218 "Bad public key version (0x%02x)", key->version);
1219 return 0;
1220 }
1221 if (!limited_read_time(&key->birthtime, region, stream)) {
1222 return 0;
1223 }
1224
1225 key->days_valid = 0;
1226 if ((key->version == 2 || key->version == 3) &&
1227 !limread_scalar(&key->days_valid, 2, region, stream)) {
1228 return 0;
1229 }
1230
1231 if (!limread(&c, 1, region, stream)) {
1232 return 0;
1233 }
1234 key->alg = c;
1235
1236 switch (key->alg) {
1237 case PGP_PKA_DSA:
1238 if (!limread_mpi(&key->key.dsa.p, region, stream) ||
1239 !limread_mpi(&key->key.dsa.q, region, stream) ||
1240 !limread_mpi(&key->key.dsa.g, region, stream) ||
1241 !limread_mpi(&key->key.dsa.y, region, stream)) {
1242 return 0;
1243 }
1244 break;
1245
1246 case PGP_PKA_RSA:
1247 case PGP_PKA_RSA_ENCRYPT_ONLY:
1248 case PGP_PKA_RSA_SIGN_ONLY:
1249 if (!limread_mpi(&key->key.rsa.n, region, stream) ||
1250 !limread_mpi(&key->key.rsa.e, region, stream)) {
1251 return 0;
1252 }
1253 break;
1254
1255 case PGP_PKA_ELGAMAL:
1256 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1257 if (!limread_mpi(&key->key.elgamal.p, region, stream) ||
1258 !limread_mpi(&key->key.elgamal.g, region, stream) ||
1259 !limread_mpi(&key->key.elgamal.y, region, stream)) {
1260 return 0;
1261 }
1262 break;
1263
1264 default:
1265 PGP_ERROR_1(&stream->errors,
1266 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
1267 "Unsupported Public Key algorithm (%s)",
1268 pgp_show_pka(key->alg));
1269 return 0;
1270 }
1271
1272 return 1;
1273 }
1274
1275
1276 /**
1277 * \ingroup Core_ReadPackets
1278 * \brief Parse a public key packet.
1279 *
1280 * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys.
1281 *
1282 * Once the key has been parsed successfully, it is passed to the callback.
1283 *
1284 * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet.
1285 * \param *reader Our reader
1286 * \param *cb The callback
1287 * \return 1 on success, 0 on error
1288 *
1289 * \see RFC4880 5.5.2
1290 */
1291 static int
parse_pubkey(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)1292 parse_pubkey(pgp_content_enum tag, pgp_region_t *region,
1293 pgp_stream_t *stream)
1294 {
1295 pgp_packet_t pkt;
1296
1297 if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) {
1298 (void) fprintf(stderr, "parse_pubkey: parse_pubkey_data failed\n");
1299 return 0;
1300 }
1301
1302 /* XXX: this test should be done for all packets, surely? */
1303 if (region->readc != region->length) {
1304 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1305 "Unconsumed data (%d)", region->length - region->readc);
1306 return 0;
1307 }
1308 CALLBACK(tag, &stream->cbinfo, &pkt);
1309
1310 return 1;
1311 }
1312
1313 /**
1314 * \ingroup Core_ReadPackets
1315 * \brief Parse one user attribute packet.
1316 *
1317 * User attribute packets contain one or more attribute subpackets.
1318 * For now, handle the whole packet as raw data.
1319 */
1320
1321 static int
parse_userattr(pgp_region_t * region,pgp_stream_t * stream)1322 parse_userattr(pgp_region_t *region, pgp_stream_t *stream)
1323 {
1324
1325 pgp_packet_t pkt;
1326
1327 /*
1328 * xxx- treat as raw data for now. Could break down further into
1329 * attribute sub-packets later - rachel
1330 */
1331 if (region->readc != 0) {
1332 /* We should not have read anything so far */
1333 (void) fprintf(stderr, "parse_userattr: bad length\n");
1334 return 0;
1335 }
1336 if (!read_data(&pkt.u.userattr, region, stream)) {
1337 return 0;
1338 }
1339 CALLBACK(PGP_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt);
1340 return 1;
1341 }
1342
1343 /**
1344 \ingroup Core_Create
1345 \brief Free allocated memory
1346 */
1347 /* ! Free the memory used when parsing this packet type */
1348 void
pgp_userid_free(uint8_t ** id)1349 pgp_userid_free(uint8_t **id)
1350 {
1351 free(*id);
1352 *id = NULL;
1353 }
1354
1355 /**
1356 * \ingroup Core_ReadPackets
1357 * \brief Parse a user id.
1358 *
1359 * This function parses an user id packet, which is basically just a char array the size of the packet.
1360 *
1361 * The char array is to be treated as an UTF-8 string.
1362 *
1363 * The userid gets null terminated by this function. Freeing it is the responsibility of the caller.
1364 *
1365 * Once the userid has been parsed successfully, it is passed to the callback.
1366 *
1367 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1368 * \param *reader Our reader
1369 * \param *cb The callback
1370 * \return 1 on success, 0 on error
1371 *
1372 * \see RFC4880 5.11
1373 */
1374 static int
parse_userid(pgp_region_t * region,pgp_stream_t * stream)1375 parse_userid(pgp_region_t *region, pgp_stream_t *stream)
1376 {
1377 pgp_packet_t pkt;
1378
1379 if (region->readc != 0) {
1380 /* We should not have read anything so far */
1381 (void) fprintf(stderr, "parse_userid: bad length\n");
1382 return 0;
1383 }
1384
1385 if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) {
1386 (void) fprintf(stderr, "parse_userid: bad alloc\n");
1387 return 0;
1388 }
1389
1390 if (region->length &&
1391 !limread(pkt.u.userid, region->length, region,
1392 stream)) {
1393 return 0;
1394 }
1395 pkt.u.userid[region->length] = 0x0;
1396 CALLBACK(PGP_PTAG_CT_USER_ID, &stream->cbinfo, &pkt);
1397 return 1;
1398 }
1399
1400 static pgp_hash_t *
parse_hash_find(pgp_stream_t * stream,const uint8_t * keyid)1401 parse_hash_find(pgp_stream_t *stream, const uint8_t *keyid)
1402 {
1403 pgp_hashtype_t *hp;
1404 size_t n;
1405
1406 for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) {
1407 if (memcmp(hp->keyid, keyid, PGP_KEY_ID_SIZE) == 0) {
1408 return &hp->hash;
1409 }
1410 }
1411 return NULL;
1412 }
1413
1414 /**
1415 * \ingroup Core_Parse
1416 * \brief Parse a version 3 signature.
1417 *
1418 * This function parses an version 3 signature packet, handling RSA and DSA signatures.
1419 *
1420 * Once the signature has been parsed successfully, it is passed to the callback.
1421 *
1422 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet.
1423 * \param *reader Our reader
1424 * \param *cb The callback
1425 * \return 1 on success, 0 on error
1426 *
1427 * \see RFC4880 5.2.2
1428 */
1429 static int
parse_v3_sig(pgp_region_t * region,pgp_stream_t * stream)1430 parse_v3_sig(pgp_region_t *region,
1431 pgp_stream_t *stream)
1432 {
1433 pgp_packet_t pkt;
1434 uint8_t c = 0x0;
1435
1436 /* clear signature */
1437 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig));
1438
1439 pkt.u.sig.info.version = PGP_V3;
1440
1441 /* hash info length */
1442 if (!limread(&c, 1, region, stream)) {
1443 return 0;
1444 }
1445 if (c != 5) {
1446 ERRP(&stream->cbinfo, pkt, "bad hash info length");
1447 }
1448
1449 if (!limread(&c, 1, region, stream)) {
1450 return 0;
1451 }
1452 pkt.u.sig.info.type = (pgp_sig_type_t)c;
1453 /* XXX: check signature type */
1454
1455 if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) {
1456 return 0;
1457 }
1458 pkt.u.sig.info.birthtime_set = 1;
1459
1460 if (!limread(pkt.u.sig.info.signer_id, PGP_KEY_ID_SIZE, region,
1461 stream)) {
1462 return 0;
1463 }
1464 pkt.u.sig.info.signer_id_set = 1;
1465
1466 if (!limread(&c, 1, region, stream)) {
1467 return 0;
1468 }
1469 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c;
1470 /* XXX: check algorithm */
1471
1472 if (!limread(&c, 1, region, stream)) {
1473 return 0;
1474 }
1475 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c;
1476 /* XXX: check algorithm */
1477
1478 if (!limread(pkt.u.sig.hash2, 2, region, stream)) {
1479 return 0;
1480 }
1481
1482 switch (pkt.u.sig.info.key_alg) {
1483 case PGP_PKA_RSA:
1484 case PGP_PKA_RSA_SIGN_ONLY:
1485 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) {
1486 return 0;
1487 }
1488 break;
1489
1490 case PGP_PKA_DSA:
1491 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) ||
1492 !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) {
1493 return 0;
1494 }
1495 break;
1496
1497 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
1498 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
1499 stream) ||
1500 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region,
1501 stream)) {
1502 return 0;
1503 }
1504 break;
1505
1506 default:
1507 PGP_ERROR_1(&stream->errors,
1508 PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
1509 "Unsupported signature key algorithm (%s)",
1510 pgp_show_pka(pkt.u.sig.info.key_alg));
1511 return 0;
1512 }
1513
1514 if (region->readc != region->length) {
1515 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1516 "Unconsumed data (%d)",
1517 region->length - region->readc);
1518 return 0;
1519 }
1520 if (pkt.u.sig.info.signer_id_set) {
1521 pkt.u.sig.hash = parse_hash_find(stream,
1522 pkt.u.sig.info.signer_id);
1523 }
1524 CALLBACK(PGP_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt);
1525 return 1;
1526 }
1527
1528 /**
1529 * \ingroup Core_ReadPackets
1530 * \brief Parse one signature sub-packet.
1531 *
1532 * Version 4 signatures can have an arbitrary amount of (hashed and
1533 * unhashed) subpackets. Subpackets are used to hold optional
1534 * attributes of subpackets.
1535 *
1536 * This function parses one such signature subpacket.
1537 *
1538 * Once the subpacket has been parsed successfully, it is passed to the callback.
1539 *
1540 * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket.
1541 * \param *reader Our reader
1542 * \param *cb The callback
1543 * \return 1 on success, 0 on error
1544 *
1545 * \see RFC4880 5.2.3
1546 */
1547 static int
parse_one_sig_subpacket(pgp_sig_t * sig,pgp_region_t * region,pgp_stream_t * stream)1548 parse_one_sig_subpacket(pgp_sig_t *sig,
1549 pgp_region_t *region,
1550 pgp_stream_t *stream)
1551 {
1552 pgp_region_t subregion;
1553 pgp_packet_t pkt;
1554 uint8_t bools = 0x0;
1555 uint8_t c = 0x0;
1556 unsigned doread = 1;
1557 unsigned t8;
1558 unsigned t7;
1559
1560 pgp_init_subregion(&subregion, region);
1561 if (!limited_read_new_length(&subregion.length, region, stream)) {
1562 return 0;
1563 }
1564
1565 if (subregion.length > region->length) {
1566 ERRP(&stream->cbinfo, pkt, "Subpacket too long");
1567 }
1568
1569 if (!limread(&c, 1, &subregion, stream)) {
1570 return 0;
1571 }
1572
1573 t8 = (c & 0x7f) / 8;
1574 t7 = 1 << (c & 7);
1575
1576 pkt.critical = (unsigned)c >> 7;
1577 pkt.tag = (pgp_content_enum)(PGP_PTAG_SIG_SUBPKT_BASE + (c & 0x7f));
1578
1579 /* Application wants it delivered raw */
1580 if (stream->ss_raw[t8] & t7) {
1581 pkt.u.ss_raw.tag = pkt.tag;
1582 pkt.u.ss_raw.length = subregion.length - 1;
1583 pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length);
1584 if (pkt.u.ss_raw.raw == NULL) {
1585 (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n");
1586 return 0;
1587 }
1588 if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length,
1589 &subregion, stream)) {
1590 return 0;
1591 }
1592 CALLBACK(PGP_PTAG_RAW_SS, &stream->cbinfo, &pkt);
1593 return 1;
1594 }
1595 switch (pkt.tag) {
1596 case PGP_PTAG_SS_CREATION_TIME:
1597 case PGP_PTAG_SS_EXPIRATION_TIME:
1598 case PGP_PTAG_SS_KEY_EXPIRY:
1599 if (!limited_read_time(&pkt.u.ss_time, &subregion, stream))
1600 return 0;
1601 if (pkt.tag == PGP_PTAG_SS_CREATION_TIME) {
1602 sig->info.birthtime = pkt.u.ss_time;
1603 sig->info.birthtime_set = 1;
1604 }
1605 if (pkt.tag == PGP_PTAG_SS_EXPIRATION_TIME) {
1606 sig->info.duration = pkt.u.ss_time;
1607 sig->info.duration_set = 1;
1608 }
1609 break;
1610
1611 case PGP_PTAG_SS_TRUST:
1612 if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) ||
1613 !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) {
1614 return 0;
1615 }
1616 break;
1617
1618 case PGP_PTAG_SS_REVOCABLE:
1619 if (!limread(&bools, 1, &subregion, stream)) {
1620 return 0;
1621 }
1622 pkt.u.ss_revocable = !!bools;
1623 break;
1624
1625 case PGP_PTAG_SS_ISSUER_KEY_ID:
1626 if (!limread(pkt.u.ss_issuer, PGP_KEY_ID_SIZE, &subregion, stream)) {
1627 return 0;
1628 }
1629 (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, PGP_KEY_ID_SIZE);
1630 sig->info.signer_id_set = 1;
1631 break;
1632
1633 case PGP_PTAG_SS_PREFERRED_SKA:
1634 if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) {
1635 return 0;
1636 }
1637 break;
1638
1639 case PGP_PTAG_SS_PREFERRED_HASH:
1640 if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) {
1641 return 0;
1642 }
1643 break;
1644
1645 case PGP_PTAG_SS_PREF_COMPRESS:
1646 if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) {
1647 return 0;
1648 }
1649 break;
1650
1651 case PGP_PTAG_SS_PRIMARY_USER_ID:
1652 if (!limread(&bools, 1, &subregion, stream)) {
1653 return 0;
1654 }
1655 pkt.u.ss_primary_userid = !!bools;
1656 break;
1657
1658 case PGP_PTAG_SS_KEY_FLAGS:
1659 if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) {
1660 return 0;
1661 }
1662 break;
1663
1664 case PGP_PTAG_SS_KEYSERV_PREFS:
1665 if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) {
1666 return 0;
1667 }
1668 break;
1669
1670 case PGP_PTAG_SS_FEATURES:
1671 if (!read_data(&pkt.u.ss_features, &subregion, stream)) {
1672 return 0;
1673 }
1674 break;
1675
1676 case PGP_PTAG_SS_SIGNERS_USER_ID:
1677 if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) {
1678 return 0;
1679 }
1680 break;
1681
1682 case PGP_PTAG_SS_EMBEDDED_SIGNATURE:
1683 /* \todo should do something with this sig? */
1684 if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) {
1685 return 0;
1686 }
1687 break;
1688
1689 case PGP_PTAG_SS_NOTATION_DATA:
1690 if (!limread_data(&pkt.u.ss_notation.flags, 4,
1691 &subregion, stream)) {
1692 return 0;
1693 }
1694 if (!limread_size_t(&pkt.u.ss_notation.name.len, 2,
1695 &subregion, stream)) {
1696 return 0;
1697 }
1698 if (!limread_size_t(&pkt.u.ss_notation.value.len, 2,
1699 &subregion, stream)) {
1700 return 0;
1701 }
1702 if (!limread_data(&pkt.u.ss_notation.name,
1703 (unsigned)pkt.u.ss_notation.name.len,
1704 &subregion, stream)) {
1705 return 0;
1706 }
1707 if (!limread_data(&pkt.u.ss_notation.value,
1708 (unsigned)pkt.u.ss_notation.value.len,
1709 &subregion, stream)) {
1710 return 0;
1711 }
1712 break;
1713
1714 case PGP_PTAG_SS_POLICY_URI:
1715 if (!read_string(&pkt.u.ss_policy, &subregion, stream)) {
1716 return 0;
1717 }
1718 break;
1719
1720 case PGP_PTAG_SS_REGEXP:
1721 if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) {
1722 return 0;
1723 }
1724 break;
1725
1726 case PGP_PTAG_SS_PREF_KEYSERV:
1727 if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) {
1728 return 0;
1729 }
1730 break;
1731
1732 case PGP_PTAG_SS_USERDEFINED00:
1733 case PGP_PTAG_SS_USERDEFINED01:
1734 case PGP_PTAG_SS_USERDEFINED02:
1735 case PGP_PTAG_SS_USERDEFINED03:
1736 case PGP_PTAG_SS_USERDEFINED04:
1737 case PGP_PTAG_SS_USERDEFINED05:
1738 case PGP_PTAG_SS_USERDEFINED06:
1739 case PGP_PTAG_SS_USERDEFINED07:
1740 case PGP_PTAG_SS_USERDEFINED08:
1741 case PGP_PTAG_SS_USERDEFINED09:
1742 case PGP_PTAG_SS_USERDEFINED10:
1743 if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) {
1744 return 0;
1745 }
1746 break;
1747
1748 case PGP_PTAG_SS_RESERVED:
1749 if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) {
1750 return 0;
1751 }
1752 break;
1753
1754 case PGP_PTAG_SS_REVOCATION_REASON:
1755 /* first byte is the machine-readable code */
1756 if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) {
1757 return 0;
1758 }
1759 /* the rest is a human-readable UTF-8 string */
1760 if (!read_string(&pkt.u.ss_revocation.reason, &subregion,
1761 stream)) {
1762 return 0;
1763 }
1764 break;
1765
1766 case PGP_PTAG_SS_REVOCATION_KEY:
1767 /* octet 0 = class. Bit 0x80 must be set */
1768 if (!limread(&pkt.u.ss_revocation_key.class, 1,
1769 &subregion, stream)) {
1770 return 0;
1771 }
1772 if (!(pkt.u.ss_revocation_key.class & 0x80)) {
1773 printf("Warning: PGP_PTAG_SS_REVOCATION_KEY class: "
1774 "Bit 0x80 should be set\n");
1775 return 0;
1776 }
1777 /* octet 1 = algid */
1778 if (!limread(&pkt.u.ss_revocation_key.algid, 1,
1779 &subregion, stream)) {
1780 return 0;
1781 }
1782 /* octets 2-21 = fingerprint */
1783 if (!limread(&pkt.u.ss_revocation_key.fingerprint[0],
1784 PGP_FINGERPRINT_SIZE, &subregion, stream)) {
1785 return 0;
1786 }
1787 break;
1788
1789 default:
1790 if (stream->ss_parsed[t8] & t7) {
1791 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_UNKNOWN_SS,
1792 "Unknown signature subpacket type (%d)",
1793 c & 0x7f);
1794 }
1795 doread = 0;
1796 break;
1797 }
1798
1799 /* Application doesn't want it delivered parsed */
1800 if (!(stream->ss_parsed[t8] & t7)) {
1801 if (pkt.critical) {
1802 PGP_ERROR_1(&stream->errors,
1803 PGP_E_PROTO_CRITICAL_SS_IGNORED,
1804 "Critical signature subpacket ignored (%d)",
1805 c & 0x7f);
1806 }
1807 if (!doread &&
1808 !limskip(subregion.length - 1, &subregion, stream)) {
1809 return 0;
1810 }
1811 if (doread) {
1812 pgp_parser_content_free(&pkt);
1813 }
1814 return 1;
1815 }
1816 if (doread && subregion.readc != subregion.length) {
1817 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
1818 "Unconsumed data (%d)",
1819 subregion.length - subregion.readc);
1820 return 0;
1821 }
1822 CALLBACK(pkt.tag, &stream->cbinfo, &pkt);
1823 return 1;
1824 }
1825
1826 /**
1827 * \ingroup Core_ReadPackets
1828 * \brief Parse several signature subpackets.
1829 *
1830 * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set.
1831 * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the
1832 * entire set is consumed.
1833 *
1834 * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket.
1835 *
1836 * \param *ptag Pointer to the Packet Tag.
1837 * \param *reader Our reader
1838 * \param *cb The callback
1839 * \return 1 on success, 0 on error
1840 *
1841 * \see RFC4880 5.2.3
1842 */
1843 static int
parse_sig_subpkts(pgp_sig_t * sig,pgp_region_t * region,pgp_stream_t * stream)1844 parse_sig_subpkts(pgp_sig_t *sig,
1845 pgp_region_t *region,
1846 pgp_stream_t *stream)
1847 {
1848 pgp_region_t subregion;
1849 pgp_packet_t pkt;
1850
1851 pgp_init_subregion(&subregion, region);
1852 if (!limread_scalar(&subregion.length, 2, region, stream)) {
1853 return 0;
1854 }
1855
1856 if (subregion.length > region->length) {
1857 ERRP(&stream->cbinfo, pkt, "Subpacket set too long");
1858 }
1859
1860 while (subregion.readc < subregion.length) {
1861 if (!parse_one_sig_subpacket(sig, &subregion, stream)) {
1862 return 0;
1863 }
1864 }
1865
1866 if (subregion.readc != subregion.length) {
1867 if (!limskip(subregion.length - subregion.readc,
1868 &subregion, stream)) {
1869 ERRP(&stream->cbinfo, pkt,
1870 "parse_sig_subpkts: subpacket length read mismatch");
1871 }
1872 ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch");
1873 }
1874 return 1;
1875 }
1876
1877 /**
1878 * \ingroup Core_ReadPackets
1879 * \brief Parse a version 4 signature.
1880 *
1881 * This function parses a version 4 signature including all its hashed and unhashed subpackets.
1882 *
1883 * Once the signature packet has been parsed successfully, it is passed to the callback.
1884 *
1885 * \param *ptag Pointer to the Packet Tag.
1886 * \param *reader Our reader
1887 * \param *cb The callback
1888 * \return 1 on success, 0 on error
1889 *
1890 * \see RFC4880 5.2.3
1891 */
1892 static int
parse_v4_sig(pgp_region_t * region,pgp_stream_t * stream)1893 parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream)
1894 {
1895 pgp_packet_t pkt;
1896 uint8_t c = 0x0;
1897
1898 if (pgp_get_debug_level(__FILE__)) {
1899 fprintf(stderr, "\nparse_v4_sig\n");
1900 }
1901 /* clear signature */
1902 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig));
1903
1904 /*
1905 * We need to hash the packet data from version through the hashed
1906 * subpacket data
1907 */
1908
1909 pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1;
1910
1911 /* Set version,type,algorithms */
1912
1913 pkt.u.sig.info.version = PGP_V4;
1914
1915 if (!limread(&c, 1, region, stream)) {
1916 return 0;
1917 }
1918 pkt.u.sig.info.type = (pgp_sig_type_t)c;
1919 if (pgp_get_debug_level(__FILE__)) {
1920 fprintf(stderr, "signature type=%d (%s)\n",
1921 pkt.u.sig.info.type,
1922 pgp_show_sig_type(pkt.u.sig.info.type));
1923 }
1924 /* XXX: check signature type */
1925
1926 if (!limread(&c, 1, region, stream)) {
1927 return 0;
1928 }
1929 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c;
1930 /* XXX: check key algorithm */
1931 if (pgp_get_debug_level(__FILE__)) {
1932 (void) fprintf(stderr, "key_alg=%d (%s)\n",
1933 pkt.u.sig.info.key_alg,
1934 pgp_show_pka(pkt.u.sig.info.key_alg));
1935 }
1936 if (!limread(&c, 1, region, stream)) {
1937 return 0;
1938 }
1939 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c;
1940 /* XXX: check hash algorithm */
1941 if (pgp_get_debug_level(__FILE__)) {
1942 fprintf(stderr, "hash_alg=%d %s\n",
1943 pkt.u.sig.info.hash_alg,
1944 pgp_show_hash_alg(pkt.u.sig.info.hash_alg));
1945 }
1946 CALLBACK(PGP_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt);
1947
1948 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) {
1949 return 0;
1950 }
1951
1952 pkt.u.sig.info.v4_hashlen = stream->readinfo.alength
1953 - pkt.u.sig.v4_hashstart;
1954 if (pgp_get_debug_level(__FILE__)) {
1955 fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen);
1956 }
1957
1958 /* copy hashed subpackets */
1959 if (pkt.u.sig.info.v4_hashed) {
1960 free(pkt.u.sig.info.v4_hashed);
1961 }
1962 pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen);
1963 if (pkt.u.sig.info.v4_hashed == NULL) {
1964 (void) fprintf(stderr, "parse_v4_sig: bad alloc\n");
1965 return 0;
1966 }
1967
1968 if (!stream->readinfo.accumulate) {
1969 /* We must accumulate, else we can't check the signature */
1970 fprintf(stderr, "*** ERROR: must set accumulate to 1\n");
1971 return 0;
1972 }
1973 (void) memcpy(pkt.u.sig.info.v4_hashed,
1974 stream->readinfo.accumulated + pkt.u.sig.v4_hashstart,
1975 pkt.u.sig.info.v4_hashlen);
1976
1977 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) {
1978 return 0;
1979 }
1980
1981 if (!limread(pkt.u.sig.hash2, 2, region, stream)) {
1982 return 0;
1983 }
1984
1985 switch (pkt.u.sig.info.key_alg) {
1986 case PGP_PKA_RSA:
1987 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) {
1988 return 0;
1989 }
1990 if (pgp_get_debug_level(__FILE__)) {
1991 (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n");
1992 BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig);
1993 (void) fprintf(stderr, "\n");
1994 }
1995 break;
1996
1997 case PGP_PKA_DSA:
1998 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) {
1999 /*
2000 * usually if this fails, it just means we've reached
2001 * the end of the keyring
2002 */
2003 if (pgp_get_debug_level(__FILE__)) {
2004 (void) fprintf(stderr,
2005 "Error reading DSA r field in signature");
2006 }
2007 return 0;
2008 }
2009 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) {
2010 ERRP(&stream->cbinfo, pkt,
2011 "Error reading DSA s field in signature");
2012 }
2013 break;
2014
2015 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
2016 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
2017 stream) ||
2018 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region,
2019 stream)) {
2020 return 0;
2021 }
2022 break;
2023
2024 case PGP_PKA_PRIVATE00:
2025 case PGP_PKA_PRIVATE01:
2026 case PGP_PKA_PRIVATE02:
2027 case PGP_PKA_PRIVATE03:
2028 case PGP_PKA_PRIVATE04:
2029 case PGP_PKA_PRIVATE05:
2030 case PGP_PKA_PRIVATE06:
2031 case PGP_PKA_PRIVATE07:
2032 case PGP_PKA_PRIVATE08:
2033 case PGP_PKA_PRIVATE09:
2034 case PGP_PKA_PRIVATE10:
2035 if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) {
2036 return 0;
2037 }
2038 break;
2039
2040 default:
2041 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG,
2042 "Bad v4 signature key algorithm (%s)",
2043 pgp_show_pka(pkt.u.sig.info.key_alg));
2044 return 0;
2045 }
2046 if (region->readc != region->length) {
2047 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA,
2048 "Unconsumed data (%d)",
2049 region->length - region->readc);
2050 return 0;
2051 }
2052 CALLBACK(PGP_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt);
2053 return 1;
2054 }
2055
2056 /**
2057 * \ingroup Core_ReadPackets
2058 * \brief Parse a signature subpacket.
2059 *
2060 * This function calls the appropriate function to handle v3 or v4 signatures.
2061 *
2062 * Once the signature packet has been parsed successfully, it is passed to the callback.
2063 *
2064 * \param *ptag Pointer to the Packet Tag.
2065 * \param *reader Our reader
2066 * \param *cb The callback
2067 * \return 1 on success, 0 on error
2068 */
2069 static int
parse_sig(pgp_region_t * region,pgp_stream_t * stream)2070 parse_sig(pgp_region_t *region, pgp_stream_t *stream)
2071 {
2072 pgp_packet_t pkt;
2073 uint8_t c = 0x0;
2074
2075 if (region->readc != 0) {
2076 /* We should not have read anything so far */
2077 (void) fprintf(stderr, "parse_sig: bad length\n");
2078 return 0;
2079 }
2080
2081 (void) memset(&pkt, 0x0, sizeof(pkt));
2082 if (!limread(&c, 1, region, stream)) {
2083 return 0;
2084 }
2085 if (c == 2 || c == 3) {
2086 return parse_v3_sig(region, stream);
2087 }
2088 if (c == 4) {
2089 return parse_v4_sig(region, stream);
2090 }
2091 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_SIGNATURE_VRSN,
2092 "Bad signature version (%d)", c);
2093 return 0;
2094 }
2095
2096 /**
2097 \ingroup Core_ReadPackets
2098 \brief Parse Compressed packet
2099 */
2100 static int
parse_compressed(pgp_region_t * region,pgp_stream_t * stream)2101 parse_compressed(pgp_region_t *region, pgp_stream_t *stream)
2102 {
2103 pgp_packet_t pkt;
2104 uint8_t c = 0x0;
2105
2106 if (!limread(&c, 1, region, stream)) {
2107 return 0;
2108 }
2109
2110 pkt.u.compressed = (pgp_compression_type_t)c;
2111
2112 CALLBACK(PGP_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt);
2113
2114 /*
2115 * The content of a compressed data packet is more OpenPGP packets
2116 * once decompressed, so recursively handle them
2117 */
2118
2119 return pgp_decompress(region, stream, pkt.u.compressed);
2120 }
2121
2122 /* XXX: this could be improved by sharing all hashes that are the */
2123 /* same, then duping them just before checking the signature. */
2124 static void
parse_hash_init(pgp_stream_t * stream,pgp_hash_alg_t type,const uint8_t * keyid)2125 parse_hash_init(pgp_stream_t *stream, pgp_hash_alg_t type,
2126 const uint8_t *keyid)
2127 {
2128 pgp_hashtype_t *hash;
2129
2130 hash = realloc(stream->hashes,
2131 (stream->hashc + 1) * sizeof(*stream->hashes));
2132 if (hash == NULL) {
2133 (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n");
2134 /* just continue and die here */
2135 /* XXX - agc - no way to return failure */
2136 } else {
2137 stream->hashes = hash;
2138 }
2139 hash = &stream->hashes[stream->hashc++];
2140
2141 pgp_hash_any(&hash->hash, type);
2142 if (!hash->hash.init(&hash->hash)) {
2143 (void) fprintf(stderr, "parse_hash_init: bad alloc\n");
2144 /* just continue and die here */
2145 /* XXX - agc - no way to return failure */
2146 }
2147 (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid));
2148 }
2149
2150 /**
2151 \ingroup Core_ReadPackets
2152 \brief Parse a One Pass Signature packet
2153 */
2154 static int
parse_one_pass(pgp_region_t * region,pgp_stream_t * stream)2155 parse_one_pass(pgp_region_t * region, pgp_stream_t * stream)
2156 {
2157 pgp_packet_t pkt;
2158 uint8_t c = 0x0;
2159
2160 if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) {
2161 return 0;
2162 }
2163 if (pkt.u.one_pass_sig.version != 3) {
2164 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_ONE_PASS_SIG_VRSN,
2165 "Bad one-pass signature version (%d)",
2166 pkt.u.one_pass_sig.version);
2167 return 0;
2168 }
2169 if (!limread(&c, 1, region, stream)) {
2170 return 0;
2171 }
2172 pkt.u.one_pass_sig.sig_type = (pgp_sig_type_t)c;
2173
2174 if (!limread(&c, 1, region, stream)) {
2175 return 0;
2176 }
2177 pkt.u.one_pass_sig.hash_alg = (pgp_hash_alg_t)c;
2178
2179 if (!limread(&c, 1, region, stream)) {
2180 return 0;
2181 }
2182 pkt.u.one_pass_sig.key_alg = (pgp_pubkey_alg_t)c;
2183
2184 if (!limread(pkt.u.one_pass_sig.keyid,
2185 (unsigned)sizeof(pkt.u.one_pass_sig.keyid),
2186 region, stream)) {
2187 return 0;
2188 }
2189
2190 if (!limread(&c, 1, region, stream)) {
2191 return 0;
2192 }
2193 pkt.u.one_pass_sig.nested = !!c;
2194 CALLBACK(PGP_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt);
2195 /* XXX: we should, perhaps, let the app choose whether to hash or not */
2196 parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg,
2197 pkt.u.one_pass_sig.keyid);
2198 return 1;
2199 }
2200
2201 /**
2202 \ingroup Core_ReadPackets
2203 \brief Parse a Trust packet
2204 */
2205 static int
parse_trust(pgp_region_t * region,pgp_stream_t * stream)2206 parse_trust(pgp_region_t *region, pgp_stream_t *stream)
2207 {
2208 pgp_packet_t pkt;
2209
2210 if (!read_data(&pkt.u.trust, region, stream)) {
2211 return 0;
2212 }
2213 CALLBACK(PGP_PTAG_CT_TRUST, &stream->cbinfo, &pkt);
2214 return 1;
2215 }
2216
2217 static void
parse_hash_data(pgp_stream_t * stream,const void * data,size_t length)2218 parse_hash_data(pgp_stream_t *stream, const void *data,
2219 size_t length)
2220 {
2221 size_t n;
2222
2223 for (n = 0; n < stream->hashc; ++n) {
2224 stream->hashes[n].hash.add(&stream->hashes[n].hash, data, (unsigned)length);
2225 }
2226 }
2227
2228 /**
2229 \ingroup Core_ReadPackets
2230 \brief Parse a Literal Data packet
2231 */
2232 static int
parse_litdata(pgp_region_t * region,pgp_stream_t * stream)2233 parse_litdata(pgp_region_t *region, pgp_stream_t *stream)
2234 {
2235 pgp_memory_t *mem;
2236 pgp_packet_t pkt;
2237 uint8_t c = 0x0;
2238
2239 if (!limread(&c, 1, region, stream)) {
2240 return 0;
2241 }
2242 pkt.u.litdata_header.format = (pgp_litdata_enum)c;
2243 if (!limread(&c, 1, region, stream)) {
2244 return 0;
2245 }
2246 if (!limread((uint8_t *)pkt.u.litdata_header.filename,
2247 (unsigned)c, region, stream)) {
2248 return 0;
2249 }
2250 pkt.u.litdata_header.filename[c] = '\0';
2251 if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) {
2252 return 0;
2253 }
2254 CALLBACK(PGP_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt);
2255 mem = pkt.u.litdata_body.mem = pgp_memory_new();
2256 pgp_memory_init(pkt.u.litdata_body.mem,
2257 (unsigned)((region->length * 101) / 100) + 12);
2258 pkt.u.litdata_body.data = mem->buf;
2259
2260 while (region->readc < region->length) {
2261 unsigned readc = region->length - region->readc;
2262
2263 if (!limread(mem->buf, readc, region, stream)) {
2264 return 0;
2265 }
2266 pkt.u.litdata_body.length = readc;
2267 parse_hash_data(stream, pkt.u.litdata_body.data, region->length);
2268 CALLBACK(PGP_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt);
2269 }
2270
2271 /* XXX - get rid of mem here? */
2272
2273 return 1;
2274 }
2275
2276 /**
2277 * \ingroup Core_Create
2278 *
2279 * pgp_seckey_free() frees the memory associated with "key". Note that
2280 * the key itself is not freed.
2281 *
2282 * \param key
2283 */
2284
2285 void
pgp_seckey_free(pgp_seckey_t * key)2286 pgp_seckey_free(pgp_seckey_t *key)
2287 {
2288 switch (key->pubkey.alg) {
2289 case PGP_PKA_RSA:
2290 case PGP_PKA_RSA_ENCRYPT_ONLY:
2291 case PGP_PKA_RSA_SIGN_ONLY:
2292 free_BN(&key->key.rsa.d);
2293 free_BN(&key->key.rsa.p);
2294 free_BN(&key->key.rsa.q);
2295 free_BN(&key->key.rsa.u);
2296 break;
2297
2298 case PGP_PKA_DSA:
2299 free_BN(&key->key.dsa.x);
2300 break;
2301
2302 default:
2303 (void) fprintf(stderr,
2304 "pgp_seckey_free: Unknown algorithm: %d (%s)\n",
2305 key->pubkey.alg,
2306 pgp_show_pka(key->pubkey.alg));
2307 }
2308 free(key->checkhash);
2309 }
2310
2311 static int
consume_packet(pgp_region_t * region,pgp_stream_t * stream,unsigned warn)2312 consume_packet(pgp_region_t *region, pgp_stream_t *stream, unsigned warn)
2313 {
2314 pgp_packet_t pkt;
2315 pgp_data_t remainder;
2316
2317 if (region->indeterminate) {
2318 ERRP(&stream->cbinfo, pkt,
2319 "Can't consume indeterminate packets");
2320 }
2321
2322 if (read_data(&remainder, region, stream)) {
2323 /* now throw it away */
2324 pgp_data_free(&remainder);
2325 if (warn) {
2326 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_CONSUMED,
2327 "%s", "Warning: packet consumer");
2328 }
2329 return 1;
2330 }
2331 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_NOT_CONSUMED,
2332 "%s", (warn) ? "Warning: Packet was not consumed" :
2333 "Packet was not consumed");
2334 return warn;
2335 }
2336
2337 /**
2338 * \ingroup Core_ReadPackets
2339 * \brief Parse a secret key
2340 */
2341 static int
parse_seckey(pgp_region_t * region,pgp_stream_t * stream)2342 parse_seckey(pgp_region_t *region, pgp_stream_t *stream)
2343 {
2344 pgp_packet_t pkt;
2345 pgp_region_t encregion;
2346 pgp_region_t *saved_region = NULL;
2347 pgp_crypt_t decrypt;
2348 pgp_hash_t checkhash;
2349 unsigned blocksize;
2350 unsigned crypted;
2351 uint8_t c = 0x0;
2352 int ret = 1;
2353
2354 if (pgp_get_debug_level(__FILE__)) {
2355 fprintf(stderr, "\n---------\nparse_seckey:\n");
2356 fprintf(stderr,
2357 "region length=%u, readc=%u, remainder=%u\n",
2358 region->length, region->readc,
2359 region->length - region->readc);
2360 }
2361 (void) memset(&pkt, 0x0, sizeof(pkt));
2362 if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) {
2363 return 0;
2364 }
2365 if (pgp_get_debug_level(__FILE__)) {
2366 fprintf(stderr, "parse_seckey: public key parsed\n");
2367 pgp_print_pubkey(&pkt.u.seckey.pubkey);
2368 }
2369 stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != PGP_V4);
2370
2371 if (!limread(&c, 1, region, stream)) {
2372 return 0;
2373 }
2374 pkt.u.seckey.s2k_usage = (pgp_s2k_usage_t)c;
2375
2376 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED ||
2377 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2378 if (!limread(&c, 1, region, stream)) {
2379 return 0;
2380 }
2381 pkt.u.seckey.alg = (pgp_symm_alg_t)c;
2382 if (!limread(&c, 1, region, stream)) {
2383 return 0;
2384 }
2385 pkt.u.seckey.s2k_specifier = (pgp_s2k_specifier_t)c;
2386 switch (pkt.u.seckey.s2k_specifier) {
2387 case PGP_S2KS_SIMPLE:
2388 case PGP_S2KS_SALTED:
2389 case PGP_S2KS_ITERATED_AND_SALTED:
2390 break;
2391 default:
2392 (void) fprintf(stderr,
2393 "parse_seckey: bad seckey\n");
2394 return 0;
2395 }
2396 if (!limread(&c, 1, region, stream)) {
2397 return 0;
2398 }
2399 pkt.u.seckey.hash_alg = (pgp_hash_alg_t)c;
2400 if (pkt.u.seckey.s2k_specifier != PGP_S2KS_SIMPLE &&
2401 !limread(pkt.u.seckey.salt, 8, region, stream)) {
2402 return 0;
2403 }
2404 if (pkt.u.seckey.s2k_specifier ==
2405 PGP_S2KS_ITERATED_AND_SALTED) {
2406 if (!limread(&c, 1, region, stream)) {
2407 return 0;
2408 }
2409 pkt.u.seckey.octetc =
2410 (16 + ((unsigned)c & 15)) <<
2411 (((unsigned)c >> 4) + 6);
2412 }
2413 } else if (pkt.u.seckey.s2k_usage != PGP_S2KU_NONE) {
2414 /* this is V3 style, looks just like a V4 simple hash */
2415 pkt.u.seckey.alg = (pgp_symm_alg_t)c;
2416 pkt.u.seckey.s2k_usage = PGP_S2KU_ENCRYPTED;
2417 pkt.u.seckey.s2k_specifier = PGP_S2KS_SIMPLE;
2418 pkt.u.seckey.hash_alg = PGP_HASH_MD5;
2419 }
2420 crypted = pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED ||
2421 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED;
2422
2423 if (crypted) {
2424 pgp_packet_t seckey;
2425 pgp_hash_t hashes[(PGP_MAX_KEY_SIZE + PGP_MIN_HASH_SIZE - 1) / PGP_MIN_HASH_SIZE];
2426 unsigned passlen;
2427 uint8_t key[PGP_MAX_KEY_SIZE + PGP_MAX_HASH_SIZE];
2428 char *passphrase;
2429 int hashsize;
2430 int keysize;
2431 int n;
2432
2433 if (pgp_get_debug_level(__FILE__)) {
2434 (void) fprintf(stderr, "crypted seckey\n");
2435 }
2436 blocksize = pgp_block_size(pkt.u.seckey.alg);
2437 if (blocksize == 0 || blocksize > PGP_MAX_BLOCK_SIZE) {
2438 (void) fprintf(stderr,
2439 "parse_seckey: bad blocksize\n");
2440 return 0;
2441 }
2442
2443 if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) {
2444 return 0;
2445 }
2446 (void) memset(&seckey, 0x0, sizeof(seckey));
2447 passphrase = NULL;
2448 seckey.u.skey_passphrase.passphrase = &passphrase;
2449 seckey.u.skey_passphrase.seckey = &pkt.u.seckey;
2450 CALLBACK(PGP_GET_PASSPHRASE, &stream->cbinfo, &seckey);
2451 if (!passphrase) {
2452 if (pgp_get_debug_level(__FILE__)) {
2453 /* \todo make into proper error */
2454 (void) fprintf(stderr,
2455 "parse_seckey: can't get passphrase\n");
2456 }
2457 if (!consume_packet(region, stream, 0)) {
2458 return 0;
2459 }
2460
2461 CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY,
2462 &stream->cbinfo, &pkt);
2463
2464 return 1;
2465 }
2466 keysize = pgp_key_size(pkt.u.seckey.alg);
2467 if (keysize == 0 || keysize > PGP_MAX_KEY_SIZE) {
2468 (void) fprintf(stderr,
2469 "parse_seckey: bad keysize\n");
2470 return 0;
2471 }
2472
2473 /* Hardcoded SHA1 for just now */
2474 pkt.u.seckey.hash_alg = PGP_HASH_SHA1;
2475 hashsize = pgp_hash_size(pkt.u.seckey.hash_alg);
2476 if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) {
2477 (void) fprintf(stderr,
2478 "parse_seckey: bad hashsize\n");
2479 return 0;
2480 }
2481
2482 for (n = 0; n * hashsize < keysize; ++n) {
2483 int i;
2484
2485 pgp_hash_any(&hashes[n],
2486 pkt.u.seckey.hash_alg);
2487 if (!hashes[n].init(&hashes[n])) {
2488 (void) fprintf(stderr,
2489 "parse_seckey: bad alloc\n");
2490 return 0;
2491 }
2492 /* preload hashes with zeroes... */
2493 for (i = 0; i < n; ++i) {
2494 hashes[n].add(&hashes[n],
2495 (const uint8_t *) "", 1);
2496 }
2497 }
2498 passlen = (unsigned)strlen(passphrase);
2499 for (n = 0; n * hashsize < keysize; ++n) {
2500 unsigned i;
2501
2502 switch (pkt.u.seckey.s2k_specifier) {
2503 case PGP_S2KS_SALTED:
2504 hashes[n].add(&hashes[n],
2505 pkt.u.seckey.salt,
2506 PGP_SALT_SIZE);
2507 /* FALLTHROUGH */
2508 case PGP_S2KS_SIMPLE:
2509 hashes[n].add(&hashes[n],
2510 (uint8_t *)passphrase, (unsigned)passlen);
2511 break;
2512
2513 case PGP_S2KS_ITERATED_AND_SALTED:
2514 for (i = 0; i < pkt.u.seckey.octetc;
2515 i += passlen + PGP_SALT_SIZE) {
2516 unsigned j;
2517
2518 j = passlen + PGP_SALT_SIZE;
2519 if (i + j > pkt.u.seckey.octetc && i != 0) {
2520 j = pkt.u.seckey.octetc - i;
2521 }
2522 hashes[n].add(&hashes[n],
2523 pkt.u.seckey.salt,
2524 (unsigned)(j > PGP_SALT_SIZE) ?
2525 PGP_SALT_SIZE : j);
2526 if (j > PGP_SALT_SIZE) {
2527 hashes[n].add(&hashes[n],
2528 (uint8_t *) passphrase,
2529 j - PGP_SALT_SIZE);
2530 }
2531 }
2532 break;
2533 default:
2534 break;
2535 }
2536 }
2537
2538 for (n = 0; n * hashsize < keysize; ++n) {
2539 int r;
2540
2541 r = hashes[n].finish(&hashes[n], key + n * hashsize);
2542 if (r != hashsize) {
2543 (void) fprintf(stderr,
2544 "parse_seckey: bad r\n");
2545 return 0;
2546 }
2547 }
2548
2549 pgp_forget(passphrase, passlen);
2550
2551 pgp_crypt_any(&decrypt, pkt.u.seckey.alg);
2552 if (pgp_get_debug_level(__FILE__)) {
2553 hexdump(stderr, "input iv", pkt.u.seckey.iv, pgp_block_size(pkt.u.seckey.alg));
2554 hexdump(stderr, "key", key, CAST_KEY_LENGTH);
2555 }
2556 decrypt.set_iv(&decrypt, pkt.u.seckey.iv);
2557 decrypt.set_crypt_key(&decrypt, key);
2558
2559 /* now read encrypted data */
2560
2561 pgp_reader_push_decrypt(stream, &decrypt, region);
2562
2563 /*
2564 * Since all known encryption for PGP doesn't compress, we
2565 * can limit to the same length as the current region (for
2566 * now).
2567 */
2568 pgp_init_subregion(&encregion, NULL);
2569 encregion.length = region->length - region->readc;
2570 if (pkt.u.seckey.pubkey.version != PGP_V4) {
2571 encregion.length -= 2;
2572 }
2573 saved_region = region;
2574 region = &encregion;
2575 }
2576 if (pgp_get_debug_level(__FILE__)) {
2577 fprintf(stderr, "parse_seckey: end of crypted passphrase\n");
2578 }
2579 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2580 /* XXX - Hard-coded SHA1 here ?? Check */
2581 pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE);
2582 if (pkt.u.seckey.checkhash == NULL) {
2583 (void) fprintf(stderr, "parse_seckey: bad alloc\n");
2584 return 0;
2585 }
2586 pgp_hash_sha1(&checkhash);
2587 pgp_reader_push_hash(stream, &checkhash);
2588 } else {
2589 pgp_reader_push_sum16(stream);
2590 }
2591 if (pgp_get_debug_level(__FILE__)) {
2592 fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n");
2593 }
2594 switch (pkt.u.seckey.pubkey.alg) {
2595 case PGP_PKA_RSA:
2596 case PGP_PKA_RSA_ENCRYPT_ONLY:
2597 case PGP_PKA_RSA_SIGN_ONLY:
2598 if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) ||
2599 !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) ||
2600 !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) ||
2601 !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) {
2602 ret = 0;
2603 }
2604 break;
2605
2606 case PGP_PKA_DSA:
2607 if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) {
2608 ret = 0;
2609 }
2610 break;
2611
2612 case PGP_PKA_ELGAMAL:
2613 if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) {
2614 ret = 0;
2615 }
2616 break;
2617
2618 default:
2619 PGP_ERROR_2(&stream->errors,
2620 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
2621 "Unsupported Public Key algorithm %d (%s)",
2622 pkt.u.seckey.pubkey.alg,
2623 pgp_show_pka(pkt.u.seckey.pubkey.alg));
2624 ret = 0;
2625 }
2626
2627 if (pgp_get_debug_level(__FILE__)) {
2628 (void) fprintf(stderr, "4 MPIs read\n");
2629 }
2630 stream->reading_v3_secret = 0;
2631
2632 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) {
2633 uint8_t hash[PGP_CHECKHASH_SIZE];
2634
2635 pgp_reader_pop_hash(stream);
2636 checkhash.finish(&checkhash, hash);
2637
2638 if (crypted &&
2639 pkt.u.seckey.pubkey.version != PGP_V4) {
2640 pgp_reader_pop_decrypt(stream);
2641 region = saved_region;
2642 }
2643 if (ret) {
2644 if (!limread(pkt.u.seckey.checkhash,
2645 PGP_CHECKHASH_SIZE, region, stream)) {
2646 return 0;
2647 }
2648
2649 if (memcmp(hash, pkt.u.seckey.checkhash,
2650 PGP_CHECKHASH_SIZE) != 0) {
2651 ERRP(&stream->cbinfo, pkt,
2652 "Hash mismatch in secret key");
2653 }
2654 }
2655 } else {
2656 uint16_t sum;
2657
2658 sum = pgp_reader_pop_sum16(stream);
2659 if (crypted &&
2660 pkt.u.seckey.pubkey.version != PGP_V4) {
2661 pgp_reader_pop_decrypt(stream);
2662 region = saved_region;
2663 }
2664 if (ret) {
2665 if (!limread_scalar(&pkt.u.seckey.checksum, 2,
2666 region, stream))
2667 return 0;
2668
2669 if (sum != pkt.u.seckey.checksum) {
2670 ERRP(&stream->cbinfo, pkt,
2671 "Checksum mismatch in secret key");
2672 }
2673 }
2674 }
2675
2676 if (crypted && pkt.u.seckey.pubkey.version == PGP_V4) {
2677 pgp_reader_pop_decrypt(stream);
2678 }
2679 if (region == NULL) {
2680 (void) fprintf(stderr, "parse_seckey: NULL region\n");
2681 return 0;
2682 }
2683 if (ret && region->readc != region->length) {
2684 (void) fprintf(stderr, "parse_seckey: bad length\n");
2685 return 0;
2686 }
2687 if (!ret) {
2688 return 0;
2689 }
2690 CALLBACK(PGP_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt);
2691 if (pgp_get_debug_level(__FILE__)) {
2692 (void) fprintf(stderr, "--- end of parse_seckey\n\n");
2693 }
2694 return 1;
2695 }
2696
2697 /**
2698 \ingroup Core_ReadPackets
2699 \brief Parse a Public Key Session Key packet
2700 */
2701 static int
parse_pk_sesskey(pgp_region_t * region,pgp_stream_t * stream)2702 parse_pk_sesskey(pgp_region_t *region,
2703 pgp_stream_t *stream)
2704 {
2705 const pgp_seckey_t *secret;
2706 pgp_packet_t sesskey;
2707 pgp_packet_t pkt;
2708 uint8_t *iv;
2709 uint8_t c = 0x0;
2710 uint8_t cs[2];
2711 unsigned k;
2712 BIGNUM *g_to_k;
2713 BIGNUM *enc_m;
2714 int n;
2715 uint8_t unencoded_m_buf[1024];
2716
2717 if (!limread(&c, 1, region, stream)) {
2718 (void) fprintf(stderr, "parse_pk_sesskey - can't read char in region\n");
2719 return 0;
2720 }
2721 pkt.u.pk_sesskey.version = c;
2722 if (pkt.u.pk_sesskey.version != 3) {
2723 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PKSK_VRSN,
2724 "Bad public-key encrypted session key version (%d)",
2725 pkt.u.pk_sesskey.version);
2726 return 0;
2727 }
2728 if (!limread(pkt.u.pk_sesskey.key_id,
2729 (unsigned)sizeof(pkt.u.pk_sesskey.key_id), region, stream)) {
2730 return 0;
2731 }
2732 if (pgp_get_debug_level(__FILE__)) {
2733 hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id));
2734 }
2735 if (!limread(&c, 1, region, stream)) {
2736 return 0;
2737 }
2738 pkt.u.pk_sesskey.alg = (pgp_pubkey_alg_t)c;
2739 switch (pkt.u.pk_sesskey.alg) {
2740 case PGP_PKA_RSA:
2741 if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m,
2742 region, stream)) {
2743 return 0;
2744 }
2745 enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m;
2746 g_to_k = NULL;
2747 break;
2748
2749 case PGP_PKA_DSA:
2750 case PGP_PKA_ELGAMAL:
2751 if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k,
2752 region, stream) ||
2753 !limread_mpi(
2754 &pkt.u.pk_sesskey.params.elgamal.encrypted_m,
2755 region, stream)) {
2756 return 0;
2757 }
2758 g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k;
2759 enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m;
2760 break;
2761
2762 default:
2763 PGP_ERROR_1(&stream->errors,
2764 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG,
2765 "Unknown public key algorithm in session key (%s)",
2766 pgp_show_pka(pkt.u.pk_sesskey.alg));
2767 return 0;
2768 }
2769
2770 (void) memset(&sesskey, 0x0, sizeof(sesskey));
2771 secret = NULL;
2772 sesskey.u.get_seckey.seckey = &secret;
2773 sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey;
2774
2775 if (pgp_get_debug_level(__FILE__)) {
2776 (void) fprintf(stderr, "getting secret key via callback\n");
2777 }
2778
2779 CALLBACK(PGP_GET_SECKEY, &stream->cbinfo, &sesskey);
2780
2781 if (pgp_get_debug_level(__FILE__)) {
2782 (void) fprintf(stderr, "got secret key via callback\n");
2783 }
2784 if (!secret) {
2785 CALLBACK(PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo,
2786 &pkt);
2787 return 1;
2788 }
2789 n = pgp_decrypt_decode_mpi(unencoded_m_buf,
2790 (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret);
2791
2792 if (n < 1) {
2793 ERRP(&stream->cbinfo, pkt, "decrypted message too short");
2794 return 0;
2795 }
2796
2797 /* PKA */
2798 pkt.u.pk_sesskey.symm_alg = (pgp_symm_alg_t)unencoded_m_buf[0];
2799 if (pgp_get_debug_level(__FILE__)) {
2800 (void) fprintf(stderr, "symm alg %d\n", pkt.u.pk_sesskey.symm_alg);
2801 }
2802
2803 if (!pgp_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) {
2804 /* ERR1P */
2805 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SYMMETRIC_ALG,
2806 "Symmetric algorithm %s not supported",
2807 pgp_show_symm_alg(
2808 pkt.u.pk_sesskey.symm_alg));
2809 return 0;
2810 }
2811 k = pgp_key_size(pkt.u.pk_sesskey.symm_alg);
2812 if (pgp_get_debug_level(__FILE__)) {
2813 (void) fprintf(stderr, "key size %d\n", k);
2814 }
2815
2816 if ((unsigned) n != k + 3) {
2817 PGP_ERROR_2(&stream->errors, PGP_E_PROTO_DECRYPTED_MSG_WRONG_LEN,
2818 "decrypted message wrong length (got %d expected %d)",
2819 n, k + 3);
2820 return 0;
2821 }
2822 if (k > sizeof(pkt.u.pk_sesskey.key)) {
2823 (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n");
2824 return 0;
2825 }
2826
2827 (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k);
2828
2829 if (pgp_get_debug_level(__FILE__)) {
2830 hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k);
2831 }
2832 pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] +
2833 (unencoded_m_buf[k + 2] << 8);
2834 if (pgp_get_debug_level(__FILE__)) {
2835 (void) fprintf(stderr, "session key checksum: %2x %2x\n",
2836 unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]);
2837 }
2838
2839 /* Check checksum */
2840 pgp_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]);
2841 if (unencoded_m_buf[k + 1] != cs[0] ||
2842 unencoded_m_buf[k + 2] != cs[1]) {
2843 PGP_ERROR_4(&stream->errors, PGP_E_PROTO_BAD_SK_CHECKSUM,
2844 "Session key checksum wrong: expected %2x %2x, got %2x %2x",
2845 cs[0], cs[1], unencoded_m_buf[k + 1],
2846 unencoded_m_buf[k + 2]);
2847 return 0;
2848 }
2849
2850 if (pgp_get_debug_level(__FILE__)) {
2851 (void) fprintf(stderr, "getting pk session key via callback\n");
2852 }
2853 /* all is well */
2854 CALLBACK(PGP_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt);
2855 if (pgp_get_debug_level(__FILE__)) {
2856 (void) fprintf(stderr, "got pk session key via callback\n");
2857 }
2858
2859 pgp_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg);
2860 iv = calloc(1, stream->decrypt.blocksize);
2861 if (iv == NULL) {
2862 (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n");
2863 return 0;
2864 }
2865 stream->decrypt.set_iv(&stream->decrypt, iv);
2866 stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key);
2867 pgp_encrypt_init(&stream->decrypt);
2868 free(iv);
2869 return 1;
2870 }
2871
2872 static int
decrypt_se_data(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)2873 decrypt_se_data(pgp_content_enum tag, pgp_region_t *region,
2874 pgp_stream_t *stream)
2875 {
2876 pgp_crypt_t *decrypt;
2877 const int printerrors = 1;
2878 int r = 1;
2879
2880 decrypt = pgp_get_decrypt(stream);
2881 if (decrypt) {
2882 pgp_region_t encregion;
2883 unsigned b = (unsigned)decrypt->blocksize;
2884 uint8_t buf[PGP_MAX_BLOCK_SIZE + 2] = "";
2885
2886 pgp_reader_push_decrypt(stream, decrypt, region);
2887
2888 pgp_init_subregion(&encregion, NULL);
2889 encregion.length = b + 2;
2890
2891 if (!exact_limread(buf, b + 2, &encregion, stream)) {
2892 return 0;
2893 }
2894 if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) {
2895 pgp_reader_pop_decrypt(stream);
2896 PGP_ERROR_4(&stream->errors,
2897 PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT,
2898 "Bad symmetric decrypt (%02x%02x vs %02x%02x)",
2899 buf[b - 2], buf[b - 1], buf[b], buf[b + 1]);
2900 return 0;
2901 }
2902 if (tag == PGP_PTAG_CT_SE_DATA_BODY) {
2903 decrypt->decrypt_resync(decrypt);
2904 decrypt->block_encrypt(decrypt, decrypt->civ,
2905 decrypt->civ);
2906 }
2907 r = pgp_parse(stream, !printerrors);
2908
2909 pgp_reader_pop_decrypt(stream);
2910 } else {
2911 pgp_packet_t pkt;
2912
2913 while (region->readc < region->length) {
2914 unsigned len;
2915
2916 len = region->length - region->readc;
2917 if (len > sizeof(pkt.u.se_data_body.data))
2918 len = sizeof(pkt.u.se_data_body.data);
2919
2920 if (!limread(pkt.u.se_data_body.data, len,
2921 region, stream)) {
2922 return 0;
2923 }
2924 pkt.u.se_data_body.length = len;
2925 CALLBACK(tag, &stream->cbinfo, &pkt);
2926 }
2927 }
2928
2929 return r;
2930 }
2931
2932 static int
decrypt_se_ip_data(pgp_content_enum tag,pgp_region_t * region,pgp_stream_t * stream)2933 decrypt_se_ip_data(pgp_content_enum tag, pgp_region_t *region,
2934 pgp_stream_t *stream)
2935 {
2936 pgp_crypt_t *decrypt;
2937 const int printerrors = 1;
2938 int r = 1;
2939
2940 decrypt = pgp_get_decrypt(stream);
2941 if (decrypt) {
2942 if (pgp_get_debug_level(__FILE__)) {
2943 (void) fprintf(stderr, "decrypt_se_ip_data: decrypt\n");
2944 }
2945 pgp_reader_push_decrypt(stream, decrypt, region);
2946 pgp_reader_push_se_ip_data(stream, decrypt, region);
2947
2948 r = pgp_parse(stream, !printerrors);
2949
2950 pgp_reader_pop_se_ip_data(stream);
2951 pgp_reader_pop_decrypt(stream);
2952 } else {
2953 pgp_packet_t pkt;
2954
2955 if (pgp_get_debug_level(__FILE__)) {
2956 (void) fprintf(stderr, "decrypt_se_ip_data: no decrypt\n");
2957 }
2958 while (region->readc < region->length) {
2959 unsigned len;
2960
2961 len = region->length - region->readc;
2962 if (len > sizeof(pkt.u.se_data_body.data)) {
2963 len = sizeof(pkt.u.se_data_body.data);
2964 }
2965
2966 if (!limread(pkt.u.se_data_body.data,
2967 len, region, stream)) {
2968 return 0;
2969 }
2970
2971 pkt.u.se_data_body.length = len;
2972
2973 CALLBACK(tag, &stream->cbinfo, &pkt);
2974 }
2975 }
2976
2977 return r;
2978 }
2979
2980 /**
2981 \ingroup Core_ReadPackets
2982 \brief Read a Symmetrically Encrypted packet
2983 */
2984 static int
parse_se_data(pgp_region_t * region,pgp_stream_t * stream)2985 parse_se_data(pgp_region_t *region, pgp_stream_t *stream)
2986 {
2987 pgp_packet_t pkt;
2988
2989 /* there's no info to go with this, so just announce it */
2990 CALLBACK(PGP_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt);
2991
2992 /*
2993 * The content of an encrypted data packet is more OpenPGP packets
2994 * once decrypted, so recursively handle them
2995 */
2996 return decrypt_se_data(PGP_PTAG_CT_SE_DATA_BODY, region, stream);
2997 }
2998
2999 /**
3000 \ingroup Core_ReadPackets
3001 \brief Read a Symmetrically Encrypted Integrity Protected packet
3002 */
3003 static int
parse_se_ip_data(pgp_region_t * region,pgp_stream_t * stream)3004 parse_se_ip_data(pgp_region_t *region, pgp_stream_t *stream)
3005 {
3006 pgp_packet_t pkt;
3007 uint8_t c = 0x0;
3008
3009 if (!limread(&c, 1, region, stream)) {
3010 return 0;
3011 }
3012 pkt.u.se_ip_data_header = c;
3013 if (pgp_get_debug_level(__FILE__)) {
3014 (void) fprintf(stderr, "parse_se_ip_data: data header %d\n", c);
3015 }
3016 if (pkt.u.se_ip_data_header != PGP_SE_IP_DATA_VERSION) {
3017 (void) fprintf(stderr, "parse_se_ip_data: bad version\n");
3018 return 0;
3019 }
3020
3021 if (pgp_get_debug_level(__FILE__)) {
3022 (void) fprintf(stderr, "parse_se_ip_data: region %d,%d\n",
3023 region->readc, region->length);
3024 hexdump(stderr, "compressed region", stream->virtualpkt, stream->virtualc);
3025 }
3026 /*
3027 * The content of an encrypted data packet is more OpenPGP packets
3028 * once decrypted, so recursively handle them
3029 */
3030 return decrypt_se_ip_data(PGP_PTAG_CT_SE_IP_DATA_BODY, region, stream);
3031 }
3032
3033 /**
3034 \ingroup Core_ReadPackets
3035 \brief Read a MDC packet
3036 */
3037 static int
parse_mdc(pgp_region_t * region,pgp_stream_t * stream)3038 parse_mdc(pgp_region_t *region, pgp_stream_t *stream)
3039 {
3040 pgp_packet_t pkt;
3041
3042 pkt.u.mdc.length = PGP_SHA1_HASH_SIZE;
3043 if ((pkt.u.mdc.data = calloc(1, PGP_SHA1_HASH_SIZE)) == NULL) {
3044 (void) fprintf(stderr, "parse_mdc: bad alloc\n");
3045 return 0;
3046 }
3047 if (!limread(pkt.u.mdc.data, PGP_SHA1_HASH_SIZE, region, stream)) {
3048 return 0;
3049 }
3050 CALLBACK(PGP_PTAG_CT_MDC, &stream->cbinfo, &pkt);
3051 free(pkt.u.mdc.data);
3052 return 1;
3053 }
3054
3055 /**
3056 * \ingroup Core_ReadPackets
3057 * \brief Parse one packet.
3058 *
3059 * This function parses the packet tag. It computes the value of the
3060 * content tag and then calls the appropriate function to handle the
3061 * content.
3062 *
3063 * \param *stream How to parse
3064 * \param *pktlen On return, will contain number of bytes in packet
3065 * \return 1 on success, 0 on error, -1 on EOF */
3066 static int
parse_packet(pgp_stream_t * stream,uint32_t * pktlen)3067 parse_packet(pgp_stream_t *stream, uint32_t *pktlen)
3068 {
3069 pgp_packet_t pkt;
3070 pgp_region_t region;
3071 uint8_t ptag;
3072 unsigned indeterminate = 0;
3073 int ret;
3074
3075 pkt.u.ptag.position = stream->readinfo.position;
3076
3077 ret = base_read(&ptag, 1, stream);
3078
3079 if (pgp_get_debug_level(__FILE__)) {
3080 (void) fprintf(stderr,
3081 "parse_packet: base_read returned %d, ptag %d\n",
3082 ret, ptag);
3083 }
3084
3085 /* errors in the base read are effectively EOF. */
3086 if (ret <= 0) {
3087 return -1;
3088 }
3089
3090 *pktlen = 0;
3091
3092 if (!(ptag & PGP_PTAG_ALWAYS_SET)) {
3093 pkt.u.error = "Format error (ptag bit not set)";
3094 CALLBACK(PGP_PARSER_ERROR, &stream->cbinfo, &pkt);
3095 return 0;
3096 }
3097 pkt.u.ptag.new_format = !!(ptag & PGP_PTAG_NEW_FORMAT);
3098 if (pkt.u.ptag.new_format) {
3099 pkt.u.ptag.type = (ptag & PGP_PTAG_NF_CONTENT_TAG_MASK);
3100 pkt.u.ptag.length_type = 0;
3101 if (!read_new_length(&pkt.u.ptag.length, stream)) {
3102 return 0;
3103 }
3104 } else {
3105 unsigned rb;
3106
3107 rb = 0;
3108 pkt.u.ptag.type = ((unsigned)ptag &
3109 PGP_PTAG_OF_CONTENT_TAG_MASK)
3110 >> PGP_PTAG_OF_CONTENT_TAG_SHIFT;
3111 pkt.u.ptag.length_type = ptag & PGP_PTAG_OF_LENGTH_TYPE_MASK;
3112 switch (pkt.u.ptag.length_type) {
3113 case PGP_PTAG_OLD_LEN_1:
3114 rb = _read_scalar(&pkt.u.ptag.length, 1, stream);
3115 break;
3116
3117 case PGP_PTAG_OLD_LEN_2:
3118 rb = _read_scalar(&pkt.u.ptag.length, 2, stream);
3119 break;
3120
3121 case PGP_PTAG_OLD_LEN_4:
3122 rb = _read_scalar(&pkt.u.ptag.length, 4, stream);
3123 break;
3124
3125 case PGP_PTAG_OLD_LEN_INDETERMINATE:
3126 pkt.u.ptag.length = 0;
3127 indeterminate = 1;
3128 rb = 1;
3129 break;
3130 }
3131 if (!rb) {
3132 return 0;
3133 }
3134 }
3135
3136 CALLBACK(PGP_PARSER_PTAG, &stream->cbinfo, &pkt);
3137
3138 pgp_init_subregion(®ion, NULL);
3139 region.length = pkt.u.ptag.length;
3140 region.indeterminate = indeterminate;
3141 if (pgp_get_debug_level(__FILE__)) {
3142 (void) fprintf(stderr, "parse_packet: type %u\n",
3143 pkt.u.ptag.type);
3144 }
3145 switch (pkt.u.ptag.type) {
3146 case PGP_PTAG_CT_SIGNATURE:
3147 ret = parse_sig(®ion, stream);
3148 break;
3149
3150 case PGP_PTAG_CT_PUBLIC_KEY:
3151 case PGP_PTAG_CT_PUBLIC_SUBKEY:
3152 ret = parse_pubkey((pgp_content_enum)pkt.u.ptag.type, ®ion, stream);
3153 break;
3154
3155 case PGP_PTAG_CT_TRUST:
3156 ret = parse_trust(®ion, stream);
3157 break;
3158
3159 case PGP_PTAG_CT_USER_ID:
3160 ret = parse_userid(®ion, stream);
3161 break;
3162
3163 case PGP_PTAG_CT_COMPRESSED:
3164 ret = parse_compressed(®ion, stream);
3165 break;
3166
3167 case PGP_PTAG_CT_1_PASS_SIG:
3168 ret = parse_one_pass(®ion, stream);
3169 break;
3170
3171 case PGP_PTAG_CT_LITDATA:
3172 ret = parse_litdata(®ion, stream);
3173 break;
3174
3175 case PGP_PTAG_CT_USER_ATTR:
3176 ret = parse_userattr(®ion, stream);
3177 break;
3178
3179 case PGP_PTAG_CT_SECRET_KEY:
3180 ret = parse_seckey(®ion, stream);
3181 break;
3182
3183 case PGP_PTAG_CT_SECRET_SUBKEY:
3184 ret = parse_seckey(®ion, stream);
3185 break;
3186
3187 case PGP_PTAG_CT_PK_SESSION_KEY:
3188 ret = parse_pk_sesskey(®ion, stream);
3189 break;
3190
3191 case PGP_PTAG_CT_SE_DATA:
3192 ret = parse_se_data(®ion, stream);
3193 break;
3194
3195 case PGP_PTAG_CT_SE_IP_DATA:
3196 ret = parse_se_ip_data(®ion, stream);
3197 break;
3198
3199 case PGP_PTAG_CT_MDC:
3200 ret = parse_mdc(®ion, stream);
3201 break;
3202
3203 default:
3204 PGP_ERROR_1(&stream->errors, PGP_E_P_UNKNOWN_TAG,
3205 "Unknown content tag 0x%x",
3206 pkt.u.ptag.type);
3207 ret = 0;
3208 }
3209
3210 /* Ensure that the entire packet has been consumed */
3211
3212 if (region.length != region.readc && !region.indeterminate) {
3213 if (!consume_packet(®ion, stream, 0)) {
3214 ret = -1;
3215 }
3216 }
3217
3218 /* also consume it if there's been an error? */
3219 /* \todo decide what to do about an error on an */
3220 /* indeterminate packet */
3221 if (ret == 0) {
3222 if (!consume_packet(®ion, stream, 0)) {
3223 ret = -1;
3224 }
3225 }
3226 /* set pktlen */
3227
3228 *pktlen = stream->readinfo.alength;
3229
3230 /* do callback on entire packet, if desired and there was no error */
3231
3232 if (ret > 0 && stream->readinfo.accumulate) {
3233 pkt.u.packet.length = stream->readinfo.alength;
3234 pkt.u.packet.raw = stream->readinfo.accumulated;
3235 stream->readinfo.accumulated = NULL;
3236 stream->readinfo.asize = 0;
3237 CALLBACK(PGP_PARSER_PACKET_END, &stream->cbinfo, &pkt);
3238 }
3239 stream->readinfo.alength = 0;
3240
3241 return (ret < 0) ? -1 : (ret) ? 1 : 0;
3242 }
3243
3244 /**
3245 * \ingroup Core_ReadPackets
3246 *
3247 * \brief Parse packets from an input stream until EOF or error.
3248 *
3249 * \details Setup the necessary parsing configuration in "stream"
3250 * before calling pgp_parse().
3251 *
3252 * That information includes :
3253 *
3254 * - a "reader" function to be used to get the data to be parsed
3255 *
3256 * - a "callback" function to be called when this library has identified
3257 * a parseable object within the data
3258 *
3259 * - whether the calling function wants the signature subpackets
3260 * returned raw, parsed or not at all.
3261 *
3262 * After returning, stream->errors holds any errors encountered while parsing.
3263 *
3264 * \param stream Parsing configuration
3265 * \return 1 on success in all packets, 0 on error in any packet
3266 *
3267 * \sa CoreAPI Overview
3268 *
3269 * \sa pgp_print_errors()
3270 *
3271 */
3272
3273 int
pgp_parse(pgp_stream_t * stream,const int perrors)3274 pgp_parse(pgp_stream_t *stream, const int perrors)
3275 {
3276 uint32_t pktlen;
3277 int r;
3278
3279 do {
3280 r = parse_packet(stream, &pktlen);
3281 } while (r != -1);
3282 if (perrors) {
3283 pgp_print_errors(stream->errors);
3284 }
3285 return (stream->errors == NULL);
3286 }
3287
3288 /**
3289 * \ingroup Core_ReadPackets
3290 *
3291 * \brief Specifies whether one or more signature
3292 * subpacket types should be returned parsed; or raw; or ignored.
3293 *
3294 * \param stream Pointer to previously allocated structure
3295 * \param tag Packet tag. PGP_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag
3296 * \param type Parse type
3297 * \todo Make all packet types optional, not just subpackets */
3298 void
pgp_parse_options(pgp_stream_t * stream,pgp_content_enum tag,pgp_parse_type_t type)3299 pgp_parse_options(pgp_stream_t *stream,
3300 pgp_content_enum tag,
3301 pgp_parse_type_t type)
3302 {
3303 unsigned t7;
3304 unsigned t8;
3305
3306 if (tag == PGP_PTAG_SS_ALL) {
3307 int n;
3308
3309 for (n = 0; n < 256; ++n) {
3310 pgp_parse_options(stream,
3311 PGP_PTAG_SIG_SUBPKT_BASE + n,
3312 type);
3313 }
3314 return;
3315 }
3316 if (tag < PGP_PTAG_SIG_SUBPKT_BASE ||
3317 tag > PGP_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) {
3318 (void) fprintf(stderr, "pgp_parse_options: bad tag\n");
3319 return;
3320 }
3321 t8 = (tag - PGP_PTAG_SIG_SUBPKT_BASE) / 8;
3322 t7 = 1 << ((tag - PGP_PTAG_SIG_SUBPKT_BASE) & 7);
3323 switch (type) {
3324 case PGP_PARSE_RAW:
3325 stream->ss_raw[t8] |= t7;
3326 stream->ss_parsed[t8] &= ~t7;
3327 break;
3328
3329 case PGP_PARSE_PARSED:
3330 stream->ss_raw[t8] &= ~t7;
3331 stream->ss_parsed[t8] |= t7;
3332 break;
3333
3334 case PGP_PARSE_IGNORE:
3335 stream->ss_raw[t8] &= ~t7;
3336 stream->ss_parsed[t8] &= ~t7;
3337 break;
3338 }
3339 }
3340
3341 /**
3342 \ingroup Core_ReadPackets
3343 \brief Free pgp_stream_t struct and its contents
3344 */
3345 void
pgp_stream_delete(pgp_stream_t * stream)3346 pgp_stream_delete(pgp_stream_t *stream)
3347 {
3348 pgp_cbdata_t *cbinfo;
3349 pgp_cbdata_t *next;
3350
3351 for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) {
3352 next = cbinfo->next;
3353 free(cbinfo);
3354 }
3355 if (stream->readinfo.destroyer) {
3356 stream->readinfo.destroyer(&stream->readinfo);
3357 }
3358 pgp_free_errors(stream->errors);
3359 if (stream->readinfo.accumulated) {
3360 free(stream->readinfo.accumulated);
3361 }
3362 free(stream);
3363 }
3364
3365 /**
3366 \ingroup Core_ReadPackets
3367 \brief Returns the parse_info's reader_info
3368 \return Pointer to the reader_info inside the parse_info
3369 */
3370 pgp_reader_t *
pgp_readinfo(pgp_stream_t * stream)3371 pgp_readinfo(pgp_stream_t *stream)
3372 {
3373 return &stream->readinfo;
3374 }
3375
3376 /**
3377 \ingroup Core_ReadPackets
3378 \brief Sets the parse_info's callback
3379 This is used when adding the first callback in a stack of callbacks.
3380 \sa pgp_callback_push()
3381 */
3382
3383 void
pgp_set_callback(pgp_stream_t * stream,pgp_cbfunc_t * cb,void * arg)3384 pgp_set_callback(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg)
3385 {
3386 stream->cbinfo.cbfunc = cb;
3387 stream->cbinfo.arg = arg;
3388 stream->cbinfo.errors = &stream->errors;
3389 }
3390
3391 /**
3392 \ingroup Core_ReadPackets
3393 \brief Adds a further callback to a stack of callbacks
3394 \sa pgp_set_callback()
3395 */
3396 void
pgp_callback_push(pgp_stream_t * stream,pgp_cbfunc_t * cb,void * arg)3397 pgp_callback_push(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg)
3398 {
3399 pgp_cbdata_t *cbinfo;
3400
3401 if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) {
3402 (void) fprintf(stderr, "pgp_callback_push: bad alloc\n");
3403 return;
3404 }
3405 (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo));
3406 cbinfo->io = stream->io;
3407 stream->cbinfo.next = cbinfo;
3408 pgp_set_callback(stream, cb, arg);
3409 }
3410
3411 /**
3412 \ingroup Core_ReadPackets
3413 \brief Returns callback's arg
3414 */
3415 void *
pgp_callback_arg(pgp_cbdata_t * cbinfo)3416 pgp_callback_arg(pgp_cbdata_t *cbinfo)
3417 {
3418 return cbinfo->arg;
3419 }
3420
3421 /**
3422 \ingroup Core_ReadPackets
3423 \brief Returns callback's errors
3424 */
3425 void *
pgp_callback_errors(pgp_cbdata_t * cbinfo)3426 pgp_callback_errors(pgp_cbdata_t *cbinfo)
3427 {
3428 return cbinfo->errors;
3429 }
3430
3431 /**
3432 \ingroup Core_ReadPackets
3433 \brief Calls the parse_cb_info's callback if present
3434 \return Return value from callback, if present; else PGP_FINISHED
3435 */
3436 pgp_cb_ret_t
pgp_callback(const pgp_packet_t * pkt,pgp_cbdata_t * cbinfo)3437 pgp_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
3438 {
3439 return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : PGP_FINISHED;
3440 }
3441
3442 /**
3443 \ingroup Core_ReadPackets
3444 \brief Calls the next callback in the stack
3445 \return Return value from callback
3446 */
3447 pgp_cb_ret_t
pgp_stacked_callback(const pgp_packet_t * pkt,pgp_cbdata_t * cbinfo)3448 pgp_stacked_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo)
3449 {
3450 return pgp_callback(pkt, cbinfo->next);
3451 }
3452
3453 /**
3454 \ingroup Core_ReadPackets
3455 \brief Returns the parse_info's errors
3456 \return parse_info's errors
3457 */
3458 pgp_error_t *
pgp_stream_get_errors(pgp_stream_t * stream)3459 pgp_stream_get_errors(pgp_stream_t *stream)
3460 {
3461 return stream->errors;
3462 }
3463
3464 pgp_crypt_t *
pgp_get_decrypt(pgp_stream_t * stream)3465 pgp_get_decrypt(pgp_stream_t *stream)
3466 {
3467 return (stream->decrypt.alg) ? &stream->decrypt : NULL;
3468 }
3469