1 /*- 2 * Copyright (c) 2009 The NetBSD Foundation, Inc. 3 * All rights reserved. 4 * 5 * This code is derived from software contributed to The NetBSD Foundation 6 * by Alistair Crooks (agc@NetBSD.org) 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 * POSSIBILITY OF SUCH DAMAGE. 28 */ 29 /* 30 * Copyright (c) 2005-2008 Nominet UK (www.nic.uk) 31 * All rights reserved. 32 * Contributors: Ben Laurie, Rachel Willmer. The Contributors have asserted 33 * their moral rights under the UK Copyright Design and Patents Act 1988 to 34 * be recorded as the authors of this copyright work. 35 * 36 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 37 * use this file except in compliance with the License. 38 * 39 * You may obtain a copy of the License at 40 * http://www.apache.org/licenses/LICENSE-2.0 41 * 42 * Unless required by applicable law or agreed to in writing, software 43 * distributed under the License is distributed on an "AS IS" BASIS, 44 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 45 * 46 * See the License for the specific language governing permissions and 47 * limitations under the License. 48 */ 49 50 /** \file 51 * \brief Parser for OpenPGP packets 52 */ 53 #include "config.h" 54 55 #ifdef HAVE_SYS_CDEFS_H 56 #include <sys/cdefs.h> 57 #endif 58 59 #if defined(__NetBSD__) 60 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); 61 __RCSID("$NetBSD: packet-parse.c,v 1.51 2012/03/05 02:20:18 christos Exp $"); 62 #endif 63 64 #include <sys/types.h> 65 #include <sys/param.h> 66 67 #ifdef HAVE_OPENSSL_CAST_H 68 #include <openssl/cast.h> 69 #endif 70 71 #include <stdarg.h> 72 #include <stdlib.h> 73 #include <string.h> 74 75 #ifdef HAVE_UNISTD_H 76 #include <unistd.h> 77 #endif 78 79 #ifdef HAVE_LIMITS_H 80 #include <limits.h> 81 #endif 82 83 #include "packet.h" 84 #include "packet-parse.h" 85 #include "keyring.h" 86 #include "errors.h" 87 #include "packet-show.h" 88 #include "create.h" 89 #include "readerwriter.h" 90 #include "netpgpdefs.h" 91 #include "crypto.h" 92 #include "netpgpdigest.h" 93 94 #define ERRP(cbinfo, cont, err) do { \ 95 cont.u.error = err; \ 96 CALLBACK(PGP_PARSER_ERROR, cbinfo, &cont); \ 97 return 0; \ 98 /*NOTREACHED*/ \ 99 } while(/*CONSTCOND*/0) 100 101 /** 102 * limread_data reads the specified amount of the subregion's data 103 * into a data_t structure 104 * 105 * \param data Empty structure which will be filled with data 106 * \param len Number of octets to read 107 * \param subregion 108 * \param stream How to parse 109 * 110 * \return 1 on success, 0 on failure 111 */ 112 static int 113 limread_data(pgp_data_t *data, unsigned len, 114 pgp_region_t *subregion, pgp_stream_t *stream) 115 { 116 data->len = len; 117 118 if (subregion->length - subregion->readc < len) { 119 (void) fprintf(stderr, "limread_data: bad length\n"); 120 return 0; 121 } 122 123 data->contents = calloc(1, data->len); 124 if (!data->contents) { 125 return 0; 126 } 127 128 return pgp_limited_read(stream, data->contents, data->len, subregion, 129 &stream->errors, &stream->readinfo, &stream->cbinfo); 130 } 131 132 /** 133 * read_data reads the remainder of the subregion's data 134 * into a data_t structure 135 * 136 * \param data 137 * \param subregion 138 * \param stream 139 * 140 * \return 1 on success, 0 on failure 141 */ 142 static int 143 read_data(pgp_data_t *data, pgp_region_t *region, pgp_stream_t *stream) 144 { 145 int cc; 146 147 cc = region->length - region->readc; 148 return (cc >= 0) ? limread_data(data, (unsigned)cc, region, stream) : 0; 149 } 150 151 /** 152 * Reads the remainder of the subregion as a string. 153 * It is the user's responsibility to free the memory allocated here. 154 */ 155 156 static int 157 read_unsig_str(uint8_t **str, pgp_region_t *subregion, 158 pgp_stream_t *stream) 159 { 160 size_t len; 161 162 len = subregion->length - subregion->readc; 163 if ((*str = calloc(1, len + 1)) == NULL) { 164 return 0; 165 } 166 if (len && 167 !pgp_limited_read(stream, *str, len, subregion, &stream->errors, 168 &stream->readinfo, &stream->cbinfo)) { 169 return 0; 170 } 171 (*str)[len] = '\0'; 172 return 1; 173 } 174 175 static int 176 read_string(char **str, pgp_region_t *subregion, pgp_stream_t *stream) 177 { 178 return read_unsig_str((uint8_t **) str, subregion, stream); 179 } 180 181 void 182 pgp_init_subregion(pgp_region_t *subregion, pgp_region_t *region) 183 { 184 (void) memset(subregion, 0x0, sizeof(*subregion)); 185 subregion->parent = region; 186 } 187 188 /* 189 * XXX: replace pgp_ptag_t with something more appropriate for limiting reads 190 */ 191 192 /** 193 * low-level function to read data from reader function 194 * 195 * Use this function, rather than calling the reader directly. 196 * 197 * If the accumulate flag is set in *stream, the function 198 * adds the read data to the accumulated data, and updates 199 * the accumulated length. This is useful if, for example, 200 * the application wants access to the raw data as well as the 201 * parsed data. 202 * 203 * This function will also try to read the entire amount asked for, but not 204 * if it is over INT_MAX. Obviously many callers will know that they 205 * never ask for that much and so can avoid the extra complexity of 206 * dealing with return codes and filled-in lengths. 207 * 208 * \param *dest 209 * \param *plength 210 * \param flags 211 * \param *stream 212 * 213 * \return PGP_R_OK 214 * \return PGP_R_PARTIAL_READ 215 * \return PGP_R_EOF 216 * \return PGP_R_EARLY_EOF 217 * 218 * \sa #pgp_reader_ret_t for details of return codes 219 */ 220 221 static int 222 sub_base_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors, 223 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo) 224 { 225 size_t n; 226 227 /* reading more than this would look like an error */ 228 if (length > INT_MAX) 229 length = INT_MAX; 230 231 for (n = 0; n < length;) { 232 int r; 233 234 r = readinfo->reader(stream, (char *) dest + n, length - n, errors, 235 readinfo, cbinfo); 236 if (r > (int)(length - n)) { 237 (void) fprintf(stderr, "sub_base_read: bad read\n"); 238 return 0; 239 } 240 if (r < 0) { 241 return r; 242 } 243 if (r == 0) { 244 break; 245 } 246 n += (unsigned)r; 247 } 248 249 if (n == 0) { 250 return 0; 251 } 252 if (readinfo->accumulate) { 253 if (readinfo->asize < readinfo->alength) { 254 (void) fprintf(stderr, "sub_base_read: bad size\n"); 255 return 0; 256 } 257 if (readinfo->alength + n > readinfo->asize) { 258 uint8_t *temp; 259 260 readinfo->asize = (readinfo->asize * 2) + (unsigned)n; 261 temp = realloc(readinfo->accumulated, readinfo->asize); 262 if (temp == NULL) { 263 (void) fprintf(stderr, 264 "sub_base_read: bad alloc\n"); 265 return 0; 266 } 267 readinfo->accumulated = temp; 268 } 269 if (readinfo->asize < readinfo->alength + n) { 270 (void) fprintf(stderr, "sub_base_read: bad realloc\n"); 271 return 0; 272 } 273 (void) memcpy(readinfo->accumulated + readinfo->alength, dest, 274 n); 275 } 276 /* we track length anyway, because it is used for packet offsets */ 277 readinfo->alength += (unsigned)n; 278 /* and also the position */ 279 readinfo->position += (unsigned)n; 280 281 return (int)n; 282 } 283 284 int 285 pgp_stacked_read(pgp_stream_t *stream, void *dest, size_t length, pgp_error_t **errors, 286 pgp_reader_t *readinfo, pgp_cbdata_t *cbinfo) 287 { 288 return sub_base_read(stream, dest, length, errors, readinfo->next, cbinfo); 289 } 290 291 /* This will do a full read so long as length < MAX_INT */ 292 static int 293 base_read(uint8_t *dest, size_t length, pgp_stream_t *stream) 294 { 295 return sub_base_read(stream, dest, length, &stream->errors, &stream->readinfo, 296 &stream->cbinfo); 297 } 298 299 /* 300 * Read a full size_t's worth. If the return is < than length, then 301 * *last_read tells you why - < 0 for an error, == 0 for EOF 302 */ 303 304 static size_t 305 full_read(pgp_stream_t *stream, uint8_t *dest, 306 size_t length, 307 int *last_read, 308 pgp_error_t **errors, 309 pgp_reader_t *readinfo, 310 pgp_cbdata_t *cbinfo) 311 { 312 size_t t; 313 int r = 0; /* preset in case some loon calls with length 314 * == 0 */ 315 316 for (t = 0; t < length;) { 317 r = sub_base_read(stream, dest + t, length - t, errors, readinfo, 318 cbinfo); 319 if (r <= 0) { 320 *last_read = r; 321 return t; 322 } 323 t += (size_t)r; 324 } 325 326 *last_read = r; 327 328 return t; 329 } 330 331 332 333 /** Read a scalar value of selected length from reader. 334 * 335 * Read an unsigned scalar value from reader in Big Endian representation. 336 * 337 * This function does not know or care about packet boundaries. It 338 * also assumes that an EOF is an error. 339 * 340 * \param *result The scalar value is stored here 341 * \param *reader Our reader 342 * \param length How many bytes to read 343 * \return 1 on success, 0 on failure 344 */ 345 static unsigned 346 _read_scalar(unsigned *result, unsigned length, 347 pgp_stream_t *stream) 348 { 349 unsigned t = 0; 350 351 if (length > sizeof(*result)) { 352 (void) fprintf(stderr, "_read_scalar: bad length\n"); 353 return 0; 354 } 355 356 while (length--) { 357 uint8_t c; 358 int r; 359 360 r = base_read(&c, 1, stream); 361 if (r != 1) 362 return 0; 363 t = (t << 8) + c; 364 } 365 366 *result = t; 367 return 1; 368 } 369 370 /** 371 * \ingroup Core_ReadPackets 372 * \brief Read bytes from a region within the packet. 373 * 374 * Read length bytes into the buffer pointed to by *dest. 375 * Make sure we do not read over the packet boundary. 376 * Updates the Packet Tag's pgp_ptag_t::readc. 377 * 378 * If length would make us read over the packet boundary, or if 379 * reading fails, we call the callback with an error. 380 * 381 * Note that if the region is indeterminate, this can return a short 382 * read - check region->last_read for the length. EOF is indicated by 383 * a success return and region->last_read == 0 in this case (for a 384 * region of known length, EOF is an error). 385 * 386 * This function makes sure to respect packet boundaries. 387 * 388 * \param dest The destination buffer 389 * \param length How many bytes to read 390 * \param region Pointer to packet region 391 * \param errors Error stack 392 * \param readinfo Reader info 393 * \param cbinfo Callback info 394 * \return 1 on success, 0 on error 395 */ 396 unsigned 397 pgp_limited_read(pgp_stream_t *stream, uint8_t *dest, 398 size_t length, 399 pgp_region_t *region, 400 pgp_error_t **errors, 401 pgp_reader_t *readinfo, 402 pgp_cbdata_t *cbinfo) 403 { 404 size_t r; 405 int lr; 406 407 if (!region->indeterminate && 408 region->readc + length > region->length) { 409 PGP_ERROR_1(errors, PGP_E_P_NOT_ENOUGH_DATA, "%s", 410 "Not enough data"); 411 return 0; 412 } 413 r = full_read(stream, dest, length, &lr, errors, readinfo, cbinfo); 414 if (lr < 0) { 415 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed"); 416 return 0; 417 } 418 if (!region->indeterminate && r != length) { 419 PGP_ERROR_1(errors, PGP_E_R_READ_FAILED, "%s", "Read failed"); 420 return 0; 421 } 422 region->last_read = (unsigned)r; 423 do { 424 region->readc += (unsigned)r; 425 if (region->parent && region->length > region->parent->length) { 426 (void) fprintf(stderr, 427 "ops_limited_read: bad length\n"); 428 return 0; 429 } 430 } while ((region = region->parent) != NULL); 431 return 1; 432 } 433 434 /** 435 \ingroup Core_ReadPackets 436 \brief Call pgp_limited_read on next in stack 437 */ 438 unsigned 439 pgp_stacked_limited_read(pgp_stream_t *stream, uint8_t *dest, unsigned length, 440 pgp_region_t *region, 441 pgp_error_t **errors, 442 pgp_reader_t *readinfo, 443 pgp_cbdata_t *cbinfo) 444 { 445 return pgp_limited_read(stream, dest, length, region, errors, 446 readinfo->next, cbinfo); 447 } 448 449 static unsigned 450 limread(uint8_t *dest, unsigned length, 451 pgp_region_t *region, pgp_stream_t *info) 452 { 453 return pgp_limited_read(info, dest, length, region, &info->errors, 454 &info->readinfo, &info->cbinfo); 455 } 456 457 static unsigned 458 exact_limread(uint8_t *dest, unsigned len, 459 pgp_region_t *region, 460 pgp_stream_t *stream) 461 { 462 unsigned ret; 463 464 stream->exact_read = 1; 465 ret = limread(dest, len, region, stream); 466 stream->exact_read = 0; 467 return ret; 468 } 469 470 /** Skip over length bytes of this packet. 471 * 472 * Calls limread() to skip over some data. 473 * 474 * This function makes sure to respect packet boundaries. 475 * 476 * \param length How many bytes to skip 477 * \param *region Pointer to packet region 478 * \param *stream How to parse 479 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 480 */ 481 static int 482 limskip(unsigned length, pgp_region_t *region, pgp_stream_t *stream) 483 { 484 uint8_t buf[NETPGP_BUFSIZ]; 485 486 while (length > 0) { 487 unsigned n = length % NETPGP_BUFSIZ; 488 489 if (!limread(buf, n, region, stream)) { 490 return 0; 491 } 492 length -= n; 493 } 494 return 1; 495 } 496 497 /** Read a scalar. 498 * 499 * Read a big-endian scalar of length bytes, respecting packet 500 * boundaries (by calling limread() to read the raw data). 501 * 502 * This function makes sure to respect packet boundaries. 503 * 504 * \param *dest The scalar value is stored here 505 * \param length How many bytes make up this scalar (at most 4) 506 * \param *region Pointer to current packet region 507 * \param *stream How to parse 508 * \param *cb The callback 509 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 510 * 511 * \see RFC4880 3.1 512 */ 513 static int 514 limread_scalar(unsigned *dest, 515 unsigned len, 516 pgp_region_t *region, 517 pgp_stream_t *stream) 518 { 519 uint8_t c[4] = ""; 520 unsigned t; 521 unsigned n; 522 523 if (len > 4) { 524 (void) fprintf(stderr, "limread_scalar: bad length\n"); 525 return 0; 526 } 527 /*LINTED*/ 528 if (/*CONSTCOND*/sizeof(*dest) < 4) { 529 (void) fprintf(stderr, "limread_scalar: bad dest\n"); 530 return 0; 531 } 532 if (!limread(c, len, region, stream)) { 533 return 0; 534 } 535 for (t = 0, n = 0; n < len; ++n) { 536 t = (t << 8) + c[n]; 537 } 538 *dest = t; 539 return 1; 540 } 541 542 /** Read a scalar. 543 * 544 * Read a big-endian scalar of length bytes, respecting packet 545 * boundaries (by calling limread() to read the raw data). 546 * 547 * The value read is stored in a size_t, which is a different size 548 * from an unsigned on some platforms. 549 * 550 * This function makes sure to respect packet boundaries. 551 * 552 * \param *dest The scalar value is stored here 553 * \param length How many bytes make up this scalar (at most 4) 554 * \param *region Pointer to current packet region 555 * \param *stream How to parse 556 * \param *cb The callback 557 * \return 1 on success, 0 on error (calls the cb with PGP_PARSER_ERROR in limread()). 558 * 559 * \see RFC4880 3.1 560 */ 561 static int 562 limread_size_t(size_t *dest, 563 unsigned length, 564 pgp_region_t *region, 565 pgp_stream_t *stream) 566 { 567 unsigned tmp; 568 569 /* 570 * Note that because the scalar is at most 4 bytes, we don't care if 571 * size_t is bigger than usigned 572 */ 573 if (!limread_scalar(&tmp, length, region, stream)) 574 return 0; 575 576 *dest = tmp; 577 return 1; 578 } 579 580 /** Read a timestamp. 581 * 582 * Timestamps in OpenPGP are unix time, i.e. seconds since The Epoch (1.1.1970). They are stored in an unsigned scalar 583 * of 4 bytes. 584 * 585 * This function reads the timestamp using limread_scalar(). 586 * 587 * This function makes sure to respect packet boundaries. 588 * 589 * \param *dest The timestamp is stored here 590 * \param *ptag Pointer to current packet's Packet Tag. 591 * \param *reader Our reader 592 * \param *cb The callback 593 * \return see limread_scalar() 594 * 595 * \see RFC4880 3.5 596 */ 597 static int 598 limited_read_time(time_t *dest, pgp_region_t *region, 599 pgp_stream_t *stream) 600 { 601 uint8_t c; 602 time_t mytime = 0; 603 int i; 604 605 /* 606 * Cannot assume that time_t is 4 octets long - 607 * SunOS 5.10 and NetBSD both have 64-bit time_ts. 608 */ 609 if (/* CONSTCOND */sizeof(time_t) == 4) { 610 return limread_scalar((unsigned *)(void *)dest, 4, region, stream); 611 } 612 for (i = 0; i < 4; i++) { 613 if (!limread(&c, 1, region, stream)) { 614 return 0; 615 } 616 mytime = (mytime << 8) + c; 617 } 618 *dest = mytime; 619 return 1; 620 } 621 622 /** 623 * \ingroup Core_MPI 624 * Read a multiprecision integer. 625 * 626 * Large numbers (multiprecision integers, MPI) are stored in OpenPGP in two parts. First there is a 2 byte scalar 627 * indicating the length of the following MPI in Bits. Then follow the bits that make up the actual number, most 628 * significant bits first (Big Endian). The most significant bit in the MPI is supposed to be 1 (unless the MPI is 629 * encrypted - then it may be different as the bit count refers to the plain text but the bits are encrypted). 630 * 631 * Unused bits (i.e. those filling up the most significant byte from the left to the first bits that counts) are 632 * supposed to be cleared - I guess. XXX - does anything actually say so? 633 * 634 * This function makes sure to respect packet boundaries. 635 * 636 * \param **pgn return the integer there - the BIGNUM is created by BN_bin2bn() and probably needs to be freed 637 * by the caller XXX right ben? 638 * \param *ptag Pointer to current packet's Packet Tag. 639 * \param *reader Our reader 640 * \param *cb The callback 641 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 642 * see comment below - the callback is called with a PGP_PARSER_ERROR in case of an error) 643 * 644 * \see RFC4880 3.2 645 */ 646 static int 647 limread_mpi(BIGNUM **pbn, pgp_region_t *region, pgp_stream_t *stream) 648 { 649 uint8_t buf[NETPGP_BUFSIZ] = ""; 650 /* an MPI has a 2 byte length part. 651 * Length is given in bits, so the 652 * largest we should ever need for 653 * the buffer is NETPGP_BUFSIZ bytes. */ 654 unsigned length; 655 unsigned nonzero; 656 unsigned ret; 657 658 stream->reading_mpi_len = 1; 659 ret = (unsigned)limread_scalar(&length, 2, region, stream); 660 661 stream->reading_mpi_len = 0; 662 if (!ret) 663 return 0; 664 665 nonzero = length & 7; /* there should be this many zero bits in the 666 * MS byte */ 667 if (!nonzero) 668 nonzero = 8; 669 length = (length + 7) / 8; 670 671 if (length == 0) { 672 /* if we try to read a length of 0, then fail */ 673 if (pgp_get_debug_level(__FILE__)) { 674 (void) fprintf(stderr, "limread_mpi: 0 length\n"); 675 } 676 return 0; 677 } 678 if (length > NETPGP_BUFSIZ) { 679 (void) fprintf(stderr, "limread_mpi: bad length\n"); 680 return 0; 681 } 682 if (!limread(buf, length, region, stream)) { 683 return 0; 684 } 685 if (((unsigned)buf[0] >> nonzero) != 0 || 686 !((unsigned)buf[0] & (1U << (nonzero - 1U)))) { 687 PGP_ERROR_1(&stream->errors, PGP_E_P_MPI_FORMAT_ERROR, 688 "%s", "MPI Format error"); 689 /* XXX: Ben, one part of 690 * this constraint does 691 * not apply to 692 * encrypted MPIs the 693 * draft says. -- peter */ 694 return 0; 695 } 696 *pbn = BN_bin2bn(buf, (int)length, NULL); 697 return 1; 698 } 699 700 static unsigned read_new_length(unsigned *, pgp_stream_t *); 701 702 /* allocate space, read, and stash data away in a virtual pkt */ 703 static void 704 streamread(pgp_stream_t *stream, unsigned c) 705 { 706 int cc; 707 708 stream->virtualpkt = realloc(stream->virtualpkt, stream->virtualc + c); 709 cc = stream->readinfo.reader(stream, &stream->virtualpkt[stream->virtualc], 710 c, &stream->errors, &stream->readinfo, &stream->cbinfo); 711 stream->virtualc += cc; 712 } 713 714 /* coalesce all the partial blocks together */ 715 static int 716 coalesce_blocks(pgp_stream_t *stream, unsigned length) 717 { 718 unsigned c; 719 720 stream->coalescing = 1; 721 /* already read a partial block length - prime the array */ 722 streamread(stream, length); 723 while (read_new_length(&c, stream) && stream->partial_read) { 724 /* length we read is partial - add to end of array */ 725 streamread(stream, c); 726 } 727 /* not partial - add the last extent to the end of the array */ 728 streamread(stream, c); 729 stream->coalescing = 0; 730 return 1; 731 } 732 733 /** Read some data with a New-Format length from reader. 734 * 735 * \sa Internet-Draft RFC4880.txt Section 4.2.2 736 * 737 * \param *length Where the decoded length will be put 738 * \param *stream How to parse 739 * \return 1 if OK, else 0 740 * 741 */ 742 743 static unsigned 744 read_new_length(unsigned *length, pgp_stream_t *stream) 745 { 746 uint8_t c; 747 748 stream->partial_read = 0; 749 if (base_read(&c, 1, stream) != 1) { 750 return 0; 751 } 752 if (c < 192) { 753 /* 1. One-octet packet */ 754 *length = c; 755 return 1; 756 } 757 if (c < 224) { 758 /* 2. Two-octet packet */ 759 unsigned t = (c - 192) << 8; 760 761 if (base_read(&c, 1, stream) != 1) { 762 return 0; 763 } 764 *length = t + c + 192; 765 return 1; 766 } 767 if (c < 255) { 768 /* 3. Partial Body Length */ 769 stream->partial_read = 1; 770 *length = 1 << (c & 0x1f); 771 if (!stream->coalescing) { 772 /* we have been called from coalesce_blocks - 773 * just return with the partial length */ 774 coalesce_blocks(stream, *length); 775 *length = stream->virtualc; 776 } 777 return 1; 778 } 779 /* 4. Five-Octet packet */ 780 return _read_scalar(length, 4, stream); 781 } 782 783 /** Read the length information for a new format Packet Tag. 784 * 785 * New style Packet Tags encode the length in one to five octets. This function reads the right amount of bytes and 786 * decodes it to the proper length information. 787 * 788 * This function makes sure to respect packet boundaries. 789 * 790 * \param *length return the length here 791 * \param *ptag Pointer to current packet's Packet Tag. 792 * \param *reader Our reader 793 * \param *cb The callback 794 * \return 1 on success, 0 on error (by limread_scalar() or limread() or if the MPI is not properly formed (XXX 795 * see comment below) 796 * 797 * \see RFC4880 4.2.2 798 * \see pgp_ptag_t 799 */ 800 static int 801 limited_read_new_length(unsigned *length, pgp_region_t *region, 802 pgp_stream_t *stream) 803 { 804 uint8_t c = 0x0; 805 806 if (!limread(&c, 1, region, stream)) { 807 return 0; 808 } 809 if (c < 192) { 810 *length = c; 811 return 1; 812 } 813 if (c < 224) { 814 unsigned t = (c - 192) << 8; 815 816 if (!limread(&c, 1, region, stream)) { 817 return 0; 818 } 819 *length = t + c + 192; 820 return 1; 821 } 822 if (c < 255) { 823 stream->partial_read = 1; 824 *length = 1 << (c & 0x1f); 825 if (!stream->coalescing) { 826 /* we have been called from coalesce_blocks - 827 * just return with the partial length */ 828 coalesce_blocks(stream, *length); 829 *length = stream->virtualc; 830 } 831 return 1; 832 } 833 return limread_scalar(length, 4, region, stream); 834 } 835 836 /** 837 \ingroup Core_Create 838 \brief Free allocated memory 839 */ 840 void 841 pgp_data_free(pgp_data_t *data) 842 { 843 free(data->contents); 844 data->contents = NULL; 845 data->len = 0; 846 } 847 848 /** 849 \ingroup Core_Create 850 \brief Free allocated memory 851 */ 852 static void 853 string_free(char **str) 854 { 855 free(*str); 856 *str = NULL; 857 } 858 859 /** 860 \ingroup Core_Create 861 \brief Free allocated memory 862 */ 863 /* ! Free packet memory, set pointer to NULL */ 864 void 865 pgp_subpacket_free(pgp_subpacket_t *packet) 866 { 867 free(packet->raw); 868 packet->raw = NULL; 869 } 870 871 /** 872 \ingroup Core_Create 873 \brief Free allocated memory 874 */ 875 static void 876 headers_free(pgp_headers_t *headers) 877 { 878 unsigned n; 879 880 for (n = 0; n < headers->headerc; ++n) { 881 free(headers->headers[n].key); 882 free(headers->headers[n].value); 883 } 884 free(headers->headers); 885 headers->headers = NULL; 886 } 887 888 /** 889 \ingroup Core_Create 890 \brief Free allocated memory 891 */ 892 static void 893 cleartext_trailer_free(struct pgp_hash_t **trailer) 894 { 895 free(*trailer); 896 *trailer = NULL; 897 } 898 899 /** 900 \ingroup Core_Create 901 \brief Free allocated memory 902 */ 903 static void 904 cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp) 905 { 906 if (skp->passphrase && *skp->passphrase) { 907 free(*skp->passphrase); 908 *skp->passphrase = NULL; 909 } 910 } 911 912 /** 913 \ingroup Core_Create 914 \brief Free allocated memory 915 */ 916 static void 917 free_BN(BIGNUM **pp) 918 { 919 BN_free(*pp); 920 *pp = NULL; 921 } 922 923 /** 924 * \ingroup Core_Create 925 * \brief Free the memory used when parsing a signature 926 * \param sig 927 */ 928 static void 929 sig_free(pgp_sig_t *sig) 930 { 931 switch (sig->info.key_alg) { 932 case PGP_PKA_RSA: 933 case PGP_PKA_RSA_SIGN_ONLY: 934 free_BN(&sig->info.sig.rsa.sig); 935 break; 936 937 case PGP_PKA_DSA: 938 free_BN(&sig->info.sig.dsa.r); 939 free_BN(&sig->info.sig.dsa.s); 940 break; 941 942 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 943 free_BN(&sig->info.sig.elgamal.r); 944 free_BN(&sig->info.sig.elgamal.s); 945 break; 946 947 case PGP_PKA_PRIVATE00: 948 case PGP_PKA_PRIVATE01: 949 case PGP_PKA_PRIVATE02: 950 case PGP_PKA_PRIVATE03: 951 case PGP_PKA_PRIVATE04: 952 case PGP_PKA_PRIVATE05: 953 case PGP_PKA_PRIVATE06: 954 case PGP_PKA_PRIVATE07: 955 case PGP_PKA_PRIVATE08: 956 case PGP_PKA_PRIVATE09: 957 case PGP_PKA_PRIVATE10: 958 pgp_data_free(&sig->info.sig.unknown); 959 break; 960 961 default: 962 (void) fprintf(stderr, "sig_free: bad sig type\n"); 963 } 964 } 965 966 /** 967 \ingroup Core_Create 968 \brief Free allocated memory 969 */ 970 /* ! Free any memory allocated when parsing the packet content */ 971 void 972 pgp_parser_content_free(pgp_packet_t *c) 973 { 974 switch (c->tag) { 975 case PGP_PARSER_PTAG: 976 case PGP_PTAG_CT_COMPRESSED: 977 case PGP_PTAG_SS_CREATION_TIME: 978 case PGP_PTAG_SS_EXPIRATION_TIME: 979 case PGP_PTAG_SS_KEY_EXPIRY: 980 case PGP_PTAG_SS_TRUST: 981 case PGP_PTAG_SS_ISSUER_KEY_ID: 982 case PGP_PTAG_CT_1_PASS_SIG: 983 case PGP_PTAG_SS_PRIMARY_USER_ID: 984 case PGP_PTAG_SS_REVOCABLE: 985 case PGP_PTAG_SS_REVOCATION_KEY: 986 case PGP_PTAG_CT_LITDATA_HEADER: 987 case PGP_PTAG_CT_LITDATA_BODY: 988 case PGP_PTAG_CT_SIGNED_CLEARTEXT_BODY: 989 case PGP_PTAG_CT_UNARMOURED_TEXT: 990 case PGP_PTAG_CT_ARMOUR_TRAILER: 991 case PGP_PTAG_CT_SIGNATURE_HEADER: 992 case PGP_PTAG_CT_SE_DATA_HEADER: 993 case PGP_PTAG_CT_SE_IP_DATA_HEADER: 994 case PGP_PTAG_CT_SE_IP_DATA_BODY: 995 case PGP_PTAG_CT_MDC: 996 case PGP_GET_SECKEY: 997 break; 998 999 case PGP_PTAG_CT_SIGNED_CLEARTEXT_HEADER: 1000 headers_free(&c->u.cleartext_head); 1001 break; 1002 1003 case PGP_PTAG_CT_ARMOUR_HEADER: 1004 headers_free(&c->u.armour_header.headers); 1005 break; 1006 1007 case PGP_PTAG_CT_SIGNED_CLEARTEXT_TRAILER: 1008 cleartext_trailer_free(&c->u.cleartext_trailer); 1009 break; 1010 1011 case PGP_PTAG_CT_TRUST: 1012 pgp_data_free(&c->u.trust); 1013 break; 1014 1015 case PGP_PTAG_CT_SIGNATURE: 1016 case PGP_PTAG_CT_SIGNATURE_FOOTER: 1017 sig_free(&c->u.sig); 1018 break; 1019 1020 case PGP_PTAG_CT_PUBLIC_KEY: 1021 case PGP_PTAG_CT_PUBLIC_SUBKEY: 1022 pgp_pubkey_free(&c->u.pubkey); 1023 break; 1024 1025 case PGP_PTAG_CT_USER_ID: 1026 pgp_userid_free(&c->u.userid); 1027 break; 1028 1029 case PGP_PTAG_SS_SIGNERS_USER_ID: 1030 pgp_userid_free(&c->u.ss_signer); 1031 break; 1032 1033 case PGP_PTAG_CT_USER_ATTR: 1034 pgp_data_free(&c->u.userattr); 1035 break; 1036 1037 case PGP_PTAG_SS_PREFERRED_SKA: 1038 pgp_data_free(&c->u.ss_skapref); 1039 break; 1040 1041 case PGP_PTAG_SS_PREFERRED_HASH: 1042 pgp_data_free(&c->u.ss_hashpref); 1043 break; 1044 1045 case PGP_PTAG_SS_PREF_COMPRESS: 1046 pgp_data_free(&c->u.ss_zpref); 1047 break; 1048 1049 case PGP_PTAG_SS_KEY_FLAGS: 1050 pgp_data_free(&c->u.ss_key_flags); 1051 break; 1052 1053 case PGP_PTAG_SS_KEYSERV_PREFS: 1054 pgp_data_free(&c->u.ss_key_server_prefs); 1055 break; 1056 1057 case PGP_PTAG_SS_FEATURES: 1058 pgp_data_free(&c->u.ss_features); 1059 break; 1060 1061 case PGP_PTAG_SS_NOTATION_DATA: 1062 pgp_data_free(&c->u.ss_notation.name); 1063 pgp_data_free(&c->u.ss_notation.value); 1064 break; 1065 1066 case PGP_PTAG_SS_REGEXP: 1067 string_free(&c->u.ss_regexp); 1068 break; 1069 1070 case PGP_PTAG_SS_POLICY_URI: 1071 string_free(&c->u.ss_policy); 1072 break; 1073 1074 case PGP_PTAG_SS_PREF_KEYSERV: 1075 string_free(&c->u.ss_keyserv); 1076 break; 1077 1078 case PGP_PTAG_SS_USERDEFINED00: 1079 case PGP_PTAG_SS_USERDEFINED01: 1080 case PGP_PTAG_SS_USERDEFINED02: 1081 case PGP_PTAG_SS_USERDEFINED03: 1082 case PGP_PTAG_SS_USERDEFINED04: 1083 case PGP_PTAG_SS_USERDEFINED05: 1084 case PGP_PTAG_SS_USERDEFINED06: 1085 case PGP_PTAG_SS_USERDEFINED07: 1086 case PGP_PTAG_SS_USERDEFINED08: 1087 case PGP_PTAG_SS_USERDEFINED09: 1088 case PGP_PTAG_SS_USERDEFINED10: 1089 pgp_data_free(&c->u.ss_userdef); 1090 break; 1091 1092 case PGP_PTAG_SS_RESERVED: 1093 pgp_data_free(&c->u.ss_unknown); 1094 break; 1095 1096 case PGP_PTAG_SS_REVOCATION_REASON: 1097 string_free(&c->u.ss_revocation.reason); 1098 break; 1099 1100 case PGP_PTAG_SS_EMBEDDED_SIGNATURE: 1101 pgp_data_free(&c->u.ss_embedded_sig); 1102 break; 1103 1104 case PGP_PARSER_PACKET_END: 1105 pgp_subpacket_free(&c->u.packet); 1106 break; 1107 1108 case PGP_PARSER_ERROR: 1109 case PGP_PARSER_ERRCODE: 1110 break; 1111 1112 case PGP_PTAG_CT_SECRET_KEY: 1113 case PGP_PTAG_CT_ENCRYPTED_SECRET_KEY: 1114 pgp_seckey_free(&c->u.seckey); 1115 break; 1116 1117 case PGP_PTAG_CT_PK_SESSION_KEY: 1118 case PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: 1119 pgp_pk_sesskey_free(&c->u.pk_sesskey); 1120 break; 1121 1122 case PGP_GET_PASSPHRASE: 1123 cmd_get_passphrase_free(&c->u.skey_passphrase); 1124 break; 1125 1126 default: 1127 fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); 1128 } 1129 } 1130 1131 /** 1132 \ingroup Core_Create 1133 \brief Free allocated memory 1134 */ 1135 void 1136 pgp_pk_sesskey_free(pgp_pk_sesskey_t *sk) 1137 { 1138 switch (sk->alg) { 1139 case PGP_PKA_RSA: 1140 free_BN(&sk->params.rsa.encrypted_m); 1141 break; 1142 1143 case PGP_PKA_ELGAMAL: 1144 free_BN(&sk->params.elgamal.g_to_k); 1145 free_BN(&sk->params.elgamal.encrypted_m); 1146 break; 1147 1148 default: 1149 (void) fprintf(stderr, "pgp_pk_sesskey_free: bad alg\n"); 1150 break; 1151 } 1152 } 1153 1154 /** 1155 \ingroup Core_Create 1156 \brief Free allocated memory 1157 */ 1158 /* ! Free the memory used when parsing a public key */ 1159 void 1160 pgp_pubkey_free(pgp_pubkey_t *p) 1161 { 1162 switch (p->alg) { 1163 case PGP_PKA_RSA: 1164 case PGP_PKA_RSA_ENCRYPT_ONLY: 1165 case PGP_PKA_RSA_SIGN_ONLY: 1166 free_BN(&p->key.rsa.n); 1167 free_BN(&p->key.rsa.e); 1168 break; 1169 1170 case PGP_PKA_DSA: 1171 free_BN(&p->key.dsa.p); 1172 free_BN(&p->key.dsa.q); 1173 free_BN(&p->key.dsa.g); 1174 free_BN(&p->key.dsa.y); 1175 break; 1176 1177 case PGP_PKA_ELGAMAL: 1178 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1179 free_BN(&p->key.elgamal.p); 1180 free_BN(&p->key.elgamal.g); 1181 free_BN(&p->key.elgamal.y); 1182 break; 1183 1184 case PGP_PKA_NOTHING: 1185 /* nothing to free */ 1186 break; 1187 1188 default: 1189 (void) fprintf(stderr, "pgp_pubkey_free: bad alg\n"); 1190 } 1191 } 1192 1193 /** 1194 \ingroup Core_ReadPackets 1195 */ 1196 static int 1197 parse_pubkey_data(pgp_pubkey_t *key, pgp_region_t *region, 1198 pgp_stream_t *stream) 1199 { 1200 uint8_t c = 0x0; 1201 1202 if (region->readc != 0) { 1203 /* We should not have read anything so far */ 1204 (void) fprintf(stderr, "parse_pubkey_data: bad length\n"); 1205 return 0; 1206 } 1207 if (!limread(&c, 1, region, stream)) { 1208 return 0; 1209 } 1210 key->version = (pgp_version_t)c; 1211 switch (key->version) { 1212 case PGP_V2: 1213 case PGP_V3: 1214 case PGP_V4: 1215 break; 1216 default: 1217 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PUBLIC_KEY_VRSN, 1218 "Bad public key version (0x%02x)", key->version); 1219 return 0; 1220 } 1221 if (!limited_read_time(&key->birthtime, region, stream)) { 1222 return 0; 1223 } 1224 1225 key->days_valid = 0; 1226 if ((key->version == 2 || key->version == 3) && 1227 !limread_scalar(&key->days_valid, 2, region, stream)) { 1228 return 0; 1229 } 1230 1231 if (!limread(&c, 1, region, stream)) { 1232 return 0; 1233 } 1234 key->alg = c; 1235 1236 switch (key->alg) { 1237 case PGP_PKA_DSA: 1238 if (!limread_mpi(&key->key.dsa.p, region, stream) || 1239 !limread_mpi(&key->key.dsa.q, region, stream) || 1240 !limread_mpi(&key->key.dsa.g, region, stream) || 1241 !limread_mpi(&key->key.dsa.y, region, stream)) { 1242 return 0; 1243 } 1244 break; 1245 1246 case PGP_PKA_RSA: 1247 case PGP_PKA_RSA_ENCRYPT_ONLY: 1248 case PGP_PKA_RSA_SIGN_ONLY: 1249 if (!limread_mpi(&key->key.rsa.n, region, stream) || 1250 !limread_mpi(&key->key.rsa.e, region, stream)) { 1251 return 0; 1252 } 1253 break; 1254 1255 case PGP_PKA_ELGAMAL: 1256 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1257 if (!limread_mpi(&key->key.elgamal.p, region, stream) || 1258 !limread_mpi(&key->key.elgamal.g, region, stream) || 1259 !limread_mpi(&key->key.elgamal.y, region, stream)) { 1260 return 0; 1261 } 1262 break; 1263 1264 default: 1265 PGP_ERROR_1(&stream->errors, 1266 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 1267 "Unsupported Public Key algorithm (%s)", 1268 pgp_show_pka(key->alg)); 1269 return 0; 1270 } 1271 1272 return 1; 1273 } 1274 1275 1276 /** 1277 * \ingroup Core_ReadPackets 1278 * \brief Parse a public key packet. 1279 * 1280 * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. 1281 * 1282 * Once the key has been parsed successfully, it is passed to the callback. 1283 * 1284 * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. 1285 * \param *reader Our reader 1286 * \param *cb The callback 1287 * \return 1 on success, 0 on error 1288 * 1289 * \see RFC4880 5.5.2 1290 */ 1291 static int 1292 parse_pubkey(pgp_content_enum tag, pgp_region_t *region, 1293 pgp_stream_t *stream) 1294 { 1295 pgp_packet_t pkt; 1296 1297 if (!parse_pubkey_data(&pkt.u.pubkey, region, stream)) { 1298 (void) fprintf(stderr, "parse_pubkey: parse_pubkey_data failed\n"); 1299 return 0; 1300 } 1301 1302 /* XXX: this test should be done for all packets, surely? */ 1303 if (region->readc != region->length) { 1304 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1305 "Unconsumed data (%d)", region->length - region->readc); 1306 return 0; 1307 } 1308 CALLBACK(tag, &stream->cbinfo, &pkt); 1309 1310 return 1; 1311 } 1312 1313 /** 1314 * \ingroup Core_ReadPackets 1315 * \brief Parse one user attribute packet. 1316 * 1317 * User attribute packets contain one or more attribute subpackets. 1318 * For now, handle the whole packet as raw data. 1319 */ 1320 1321 static int 1322 parse_userattr(pgp_region_t *region, pgp_stream_t *stream) 1323 { 1324 1325 pgp_packet_t pkt; 1326 1327 /* 1328 * xxx- treat as raw data for now. Could break down further into 1329 * attribute sub-packets later - rachel 1330 */ 1331 if (region->readc != 0) { 1332 /* We should not have read anything so far */ 1333 (void) fprintf(stderr, "parse_userattr: bad length\n"); 1334 return 0; 1335 } 1336 if (!read_data(&pkt.u.userattr, region, stream)) { 1337 return 0; 1338 } 1339 CALLBACK(PGP_PTAG_CT_USER_ATTR, &stream->cbinfo, &pkt); 1340 return 1; 1341 } 1342 1343 /** 1344 \ingroup Core_Create 1345 \brief Free allocated memory 1346 */ 1347 /* ! Free the memory used when parsing this packet type */ 1348 void 1349 pgp_userid_free(uint8_t **id) 1350 { 1351 free(*id); 1352 *id = NULL; 1353 } 1354 1355 /** 1356 * \ingroup Core_ReadPackets 1357 * \brief Parse a user id. 1358 * 1359 * This function parses an user id packet, which is basically just a char array the size of the packet. 1360 * 1361 * The char array is to be treated as an UTF-8 string. 1362 * 1363 * The userid gets null terminated by this function. Freeing it is the responsibility of the caller. 1364 * 1365 * Once the userid has been parsed successfully, it is passed to the callback. 1366 * 1367 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1368 * \param *reader Our reader 1369 * \param *cb The callback 1370 * \return 1 on success, 0 on error 1371 * 1372 * \see RFC4880 5.11 1373 */ 1374 static int 1375 parse_userid(pgp_region_t *region, pgp_stream_t *stream) 1376 { 1377 pgp_packet_t pkt; 1378 1379 if (region->readc != 0) { 1380 /* We should not have read anything so far */ 1381 (void) fprintf(stderr, "parse_userid: bad length\n"); 1382 return 0; 1383 } 1384 1385 if ((pkt.u.userid = calloc(1, region->length + 1)) == NULL) { 1386 (void) fprintf(stderr, "parse_userid: bad alloc\n"); 1387 return 0; 1388 } 1389 1390 if (region->length && 1391 !limread(pkt.u.userid, region->length, region, 1392 stream)) { 1393 return 0; 1394 } 1395 pkt.u.userid[region->length] = 0x0; 1396 CALLBACK(PGP_PTAG_CT_USER_ID, &stream->cbinfo, &pkt); 1397 return 1; 1398 } 1399 1400 static pgp_hash_t * 1401 parse_hash_find(pgp_stream_t *stream, const uint8_t *keyid) 1402 { 1403 pgp_hashtype_t *hp; 1404 size_t n; 1405 1406 for (n = 0, hp = stream->hashes; n < stream->hashc; n++, hp++) { 1407 if (memcmp(hp->keyid, keyid, PGP_KEY_ID_SIZE) == 0) { 1408 return &hp->hash; 1409 } 1410 } 1411 return NULL; 1412 } 1413 1414 /** 1415 * \ingroup Core_Parse 1416 * \brief Parse a version 3 signature. 1417 * 1418 * This function parses an version 3 signature packet, handling RSA and DSA signatures. 1419 * 1420 * Once the signature has been parsed successfully, it is passed to the callback. 1421 * 1422 * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. 1423 * \param *reader Our reader 1424 * \param *cb The callback 1425 * \return 1 on success, 0 on error 1426 * 1427 * \see RFC4880 5.2.2 1428 */ 1429 static int 1430 parse_v3_sig(pgp_region_t *region, 1431 pgp_stream_t *stream) 1432 { 1433 pgp_packet_t pkt; 1434 uint8_t c = 0x0; 1435 1436 /* clear signature */ 1437 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1438 1439 pkt.u.sig.info.version = PGP_V3; 1440 1441 /* hash info length */ 1442 if (!limread(&c, 1, region, stream)) { 1443 return 0; 1444 } 1445 if (c != 5) { 1446 ERRP(&stream->cbinfo, pkt, "bad hash info length"); 1447 } 1448 1449 if (!limread(&c, 1, region, stream)) { 1450 return 0; 1451 } 1452 pkt.u.sig.info.type = (pgp_sig_type_t)c; 1453 /* XXX: check signature type */ 1454 1455 if (!limited_read_time(&pkt.u.sig.info.birthtime, region, stream)) { 1456 return 0; 1457 } 1458 pkt.u.sig.info.birthtime_set = 1; 1459 1460 if (!limread(pkt.u.sig.info.signer_id, PGP_KEY_ID_SIZE, region, 1461 stream)) { 1462 return 0; 1463 } 1464 pkt.u.sig.info.signer_id_set = 1; 1465 1466 if (!limread(&c, 1, region, stream)) { 1467 return 0; 1468 } 1469 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c; 1470 /* XXX: check algorithm */ 1471 1472 if (!limread(&c, 1, region, stream)) { 1473 return 0; 1474 } 1475 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c; 1476 /* XXX: check algorithm */ 1477 1478 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 1479 return 0; 1480 } 1481 1482 switch (pkt.u.sig.info.key_alg) { 1483 case PGP_PKA_RSA: 1484 case PGP_PKA_RSA_SIGN_ONLY: 1485 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 1486 return 0; 1487 } 1488 break; 1489 1490 case PGP_PKA_DSA: 1491 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream) || 1492 !limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 1493 return 0; 1494 } 1495 break; 1496 1497 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 1498 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 1499 stream) || 1500 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 1501 stream)) { 1502 return 0; 1503 } 1504 break; 1505 1506 default: 1507 PGP_ERROR_1(&stream->errors, 1508 PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 1509 "Unsupported signature key algorithm (%s)", 1510 pgp_show_pka(pkt.u.sig.info.key_alg)); 1511 return 0; 1512 } 1513 1514 if (region->readc != region->length) { 1515 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1516 "Unconsumed data (%d)", 1517 region->length - region->readc); 1518 return 0; 1519 } 1520 if (pkt.u.sig.info.signer_id_set) { 1521 pkt.u.sig.hash = parse_hash_find(stream, 1522 pkt.u.sig.info.signer_id); 1523 } 1524 CALLBACK(PGP_PTAG_CT_SIGNATURE, &stream->cbinfo, &pkt); 1525 return 1; 1526 } 1527 1528 /** 1529 * \ingroup Core_ReadPackets 1530 * \brief Parse one signature sub-packet. 1531 * 1532 * Version 4 signatures can have an arbitrary amount of (hashed and 1533 * unhashed) subpackets. Subpackets are used to hold optional 1534 * attributes of subpackets. 1535 * 1536 * This function parses one such signature subpacket. 1537 * 1538 * Once the subpacket has been parsed successfully, it is passed to the callback. 1539 * 1540 * \param *ptag Pointer to the Packet Tag. This function should consume the entire subpacket. 1541 * \param *reader Our reader 1542 * \param *cb The callback 1543 * \return 1 on success, 0 on error 1544 * 1545 * \see RFC4880 5.2.3 1546 */ 1547 static int 1548 parse_one_sig_subpacket(pgp_sig_t *sig, 1549 pgp_region_t *region, 1550 pgp_stream_t *stream) 1551 { 1552 pgp_region_t subregion; 1553 pgp_packet_t pkt; 1554 uint8_t bools = 0x0; 1555 uint8_t c = 0x0; 1556 unsigned doread = 1; 1557 unsigned t8; 1558 unsigned t7; 1559 1560 pgp_init_subregion(&subregion, region); 1561 if (!limited_read_new_length(&subregion.length, region, stream)) { 1562 return 0; 1563 } 1564 1565 if (subregion.length > region->length) { 1566 ERRP(&stream->cbinfo, pkt, "Subpacket too long"); 1567 } 1568 1569 if (!limread(&c, 1, &subregion, stream)) { 1570 return 0; 1571 } 1572 1573 t8 = (c & 0x7f) / 8; 1574 t7 = 1 << (c & 7); 1575 1576 pkt.critical = (unsigned)c >> 7; 1577 pkt.tag = (pgp_content_enum)(PGP_PTAG_SIG_SUBPKT_BASE + (c & 0x7f)); 1578 1579 /* Application wants it delivered raw */ 1580 if (stream->ss_raw[t8] & t7) { 1581 pkt.u.ss_raw.tag = pkt.tag; 1582 pkt.u.ss_raw.length = subregion.length - 1; 1583 pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length); 1584 if (pkt.u.ss_raw.raw == NULL) { 1585 (void) fprintf(stderr, "parse_one_sig_subpacket: bad alloc\n"); 1586 return 0; 1587 } 1588 if (!limread(pkt.u.ss_raw.raw, (unsigned)pkt.u.ss_raw.length, 1589 &subregion, stream)) { 1590 return 0; 1591 } 1592 CALLBACK(PGP_PTAG_RAW_SS, &stream->cbinfo, &pkt); 1593 return 1; 1594 } 1595 switch (pkt.tag) { 1596 case PGP_PTAG_SS_CREATION_TIME: 1597 case PGP_PTAG_SS_EXPIRATION_TIME: 1598 case PGP_PTAG_SS_KEY_EXPIRY: 1599 if (!limited_read_time(&pkt.u.ss_time, &subregion, stream)) 1600 return 0; 1601 if (pkt.tag == PGP_PTAG_SS_CREATION_TIME) { 1602 sig->info.birthtime = pkt.u.ss_time; 1603 sig->info.birthtime_set = 1; 1604 } 1605 if (pkt.tag == PGP_PTAG_SS_EXPIRATION_TIME) { 1606 sig->info.duration = pkt.u.ss_time; 1607 sig->info.duration_set = 1; 1608 } 1609 break; 1610 1611 case PGP_PTAG_SS_TRUST: 1612 if (!limread(&pkt.u.ss_trust.level, 1, &subregion, stream) || 1613 !limread(&pkt.u.ss_trust.amount, 1, &subregion, stream)) { 1614 return 0; 1615 } 1616 break; 1617 1618 case PGP_PTAG_SS_REVOCABLE: 1619 if (!limread(&bools, 1, &subregion, stream)) { 1620 return 0; 1621 } 1622 pkt.u.ss_revocable = !!bools; 1623 break; 1624 1625 case PGP_PTAG_SS_ISSUER_KEY_ID: 1626 if (!limread(pkt.u.ss_issuer, PGP_KEY_ID_SIZE, &subregion, stream)) { 1627 return 0; 1628 } 1629 (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer, PGP_KEY_ID_SIZE); 1630 sig->info.signer_id_set = 1; 1631 break; 1632 1633 case PGP_PTAG_SS_PREFERRED_SKA: 1634 if (!read_data(&pkt.u.ss_skapref, &subregion, stream)) { 1635 return 0; 1636 } 1637 break; 1638 1639 case PGP_PTAG_SS_PREFERRED_HASH: 1640 if (!read_data(&pkt.u.ss_hashpref, &subregion, stream)) { 1641 return 0; 1642 } 1643 break; 1644 1645 case PGP_PTAG_SS_PREF_COMPRESS: 1646 if (!read_data(&pkt.u.ss_zpref, &subregion, stream)) { 1647 return 0; 1648 } 1649 break; 1650 1651 case PGP_PTAG_SS_PRIMARY_USER_ID: 1652 if (!limread(&bools, 1, &subregion, stream)) { 1653 return 0; 1654 } 1655 pkt.u.ss_primary_userid = !!bools; 1656 break; 1657 1658 case PGP_PTAG_SS_KEY_FLAGS: 1659 if (!read_data(&pkt.u.ss_key_flags, &subregion, stream)) { 1660 return 0; 1661 } 1662 break; 1663 1664 case PGP_PTAG_SS_KEYSERV_PREFS: 1665 if (!read_data(&pkt.u.ss_key_server_prefs, &subregion, stream)) { 1666 return 0; 1667 } 1668 break; 1669 1670 case PGP_PTAG_SS_FEATURES: 1671 if (!read_data(&pkt.u.ss_features, &subregion, stream)) { 1672 return 0; 1673 } 1674 break; 1675 1676 case PGP_PTAG_SS_SIGNERS_USER_ID: 1677 if (!read_unsig_str(&pkt.u.ss_signer, &subregion, stream)) { 1678 return 0; 1679 } 1680 break; 1681 1682 case PGP_PTAG_SS_EMBEDDED_SIGNATURE: 1683 /* \todo should do something with this sig? */ 1684 if (!read_data(&pkt.u.ss_embedded_sig, &subregion, stream)) { 1685 return 0; 1686 } 1687 break; 1688 1689 case PGP_PTAG_SS_NOTATION_DATA: 1690 if (!limread_data(&pkt.u.ss_notation.flags, 4, 1691 &subregion, stream)) { 1692 return 0; 1693 } 1694 if (!limread_size_t(&pkt.u.ss_notation.name.len, 2, 1695 &subregion, stream)) { 1696 return 0; 1697 } 1698 if (!limread_size_t(&pkt.u.ss_notation.value.len, 2, 1699 &subregion, stream)) { 1700 return 0; 1701 } 1702 if (!limread_data(&pkt.u.ss_notation.name, 1703 (unsigned)pkt.u.ss_notation.name.len, 1704 &subregion, stream)) { 1705 return 0; 1706 } 1707 if (!limread_data(&pkt.u.ss_notation.value, 1708 (unsigned)pkt.u.ss_notation.value.len, 1709 &subregion, stream)) { 1710 return 0; 1711 } 1712 break; 1713 1714 case PGP_PTAG_SS_POLICY_URI: 1715 if (!read_string(&pkt.u.ss_policy, &subregion, stream)) { 1716 return 0; 1717 } 1718 break; 1719 1720 case PGP_PTAG_SS_REGEXP: 1721 if (!read_string(&pkt.u.ss_regexp, &subregion, stream)) { 1722 return 0; 1723 } 1724 break; 1725 1726 case PGP_PTAG_SS_PREF_KEYSERV: 1727 if (!read_string(&pkt.u.ss_keyserv, &subregion, stream)) { 1728 return 0; 1729 } 1730 break; 1731 1732 case PGP_PTAG_SS_USERDEFINED00: 1733 case PGP_PTAG_SS_USERDEFINED01: 1734 case PGP_PTAG_SS_USERDEFINED02: 1735 case PGP_PTAG_SS_USERDEFINED03: 1736 case PGP_PTAG_SS_USERDEFINED04: 1737 case PGP_PTAG_SS_USERDEFINED05: 1738 case PGP_PTAG_SS_USERDEFINED06: 1739 case PGP_PTAG_SS_USERDEFINED07: 1740 case PGP_PTAG_SS_USERDEFINED08: 1741 case PGP_PTAG_SS_USERDEFINED09: 1742 case PGP_PTAG_SS_USERDEFINED10: 1743 if (!read_data(&pkt.u.ss_userdef, &subregion, stream)) { 1744 return 0; 1745 } 1746 break; 1747 1748 case PGP_PTAG_SS_RESERVED: 1749 if (!read_data(&pkt.u.ss_unknown, &subregion, stream)) { 1750 return 0; 1751 } 1752 break; 1753 1754 case PGP_PTAG_SS_REVOCATION_REASON: 1755 /* first byte is the machine-readable code */ 1756 if (!limread(&pkt.u.ss_revocation.code, 1, &subregion, stream)) { 1757 return 0; 1758 } 1759 /* the rest is a human-readable UTF-8 string */ 1760 if (!read_string(&pkt.u.ss_revocation.reason, &subregion, 1761 stream)) { 1762 return 0; 1763 } 1764 break; 1765 1766 case PGP_PTAG_SS_REVOCATION_KEY: 1767 /* octet 0 = class. Bit 0x80 must be set */ 1768 if (!limread(&pkt.u.ss_revocation_key.class, 1, 1769 &subregion, stream)) { 1770 return 0; 1771 } 1772 if (!(pkt.u.ss_revocation_key.class & 0x80)) { 1773 printf("Warning: PGP_PTAG_SS_REVOCATION_KEY class: " 1774 "Bit 0x80 should be set\n"); 1775 return 0; 1776 } 1777 /* octet 1 = algid */ 1778 if (!limread(&pkt.u.ss_revocation_key.algid, 1, 1779 &subregion, stream)) { 1780 return 0; 1781 } 1782 /* octets 2-21 = fingerprint */ 1783 if (!limread(&pkt.u.ss_revocation_key.fingerprint[0], 1784 PGP_FINGERPRINT_SIZE, &subregion, stream)) { 1785 return 0; 1786 } 1787 break; 1788 1789 default: 1790 if (stream->ss_parsed[t8] & t7) { 1791 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_UNKNOWN_SS, 1792 "Unknown signature subpacket type (%d)", 1793 c & 0x7f); 1794 } 1795 doread = 0; 1796 break; 1797 } 1798 1799 /* Application doesn't want it delivered parsed */ 1800 if (!(stream->ss_parsed[t8] & t7)) { 1801 if (pkt.critical) { 1802 PGP_ERROR_1(&stream->errors, 1803 PGP_E_PROTO_CRITICAL_SS_IGNORED, 1804 "Critical signature subpacket ignored (%d)", 1805 c & 0x7f); 1806 } 1807 if (!doread && 1808 !limskip(subregion.length - 1, &subregion, stream)) { 1809 return 0; 1810 } 1811 if (doread) { 1812 pgp_parser_content_free(&pkt); 1813 } 1814 return 1; 1815 } 1816 if (doread && subregion.readc != subregion.length) { 1817 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 1818 "Unconsumed data (%d)", 1819 subregion.length - subregion.readc); 1820 return 0; 1821 } 1822 CALLBACK(pkt.tag, &stream->cbinfo, &pkt); 1823 return 1; 1824 } 1825 1826 /** 1827 * \ingroup Core_ReadPackets 1828 * \brief Parse several signature subpackets. 1829 * 1830 * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. 1831 * This function parses this length and then calls parse_one_sig_subpacket() for each subpacket until the 1832 * entire set is consumed. 1833 * 1834 * This function does not call the callback directly, parse_one_sig_subpacket() does for each subpacket. 1835 * 1836 * \param *ptag Pointer to the Packet Tag. 1837 * \param *reader Our reader 1838 * \param *cb The callback 1839 * \return 1 on success, 0 on error 1840 * 1841 * \see RFC4880 5.2.3 1842 */ 1843 static int 1844 parse_sig_subpkts(pgp_sig_t *sig, 1845 pgp_region_t *region, 1846 pgp_stream_t *stream) 1847 { 1848 pgp_region_t subregion; 1849 pgp_packet_t pkt; 1850 1851 pgp_init_subregion(&subregion, region); 1852 if (!limread_scalar(&subregion.length, 2, region, stream)) { 1853 return 0; 1854 } 1855 1856 if (subregion.length > region->length) { 1857 ERRP(&stream->cbinfo, pkt, "Subpacket set too long"); 1858 } 1859 1860 while (subregion.readc < subregion.length) { 1861 if (!parse_one_sig_subpacket(sig, &subregion, stream)) { 1862 return 0; 1863 } 1864 } 1865 1866 if (subregion.readc != subregion.length) { 1867 if (!limskip(subregion.length - subregion.readc, 1868 &subregion, stream)) { 1869 ERRP(&stream->cbinfo, pkt, 1870 "parse_sig_subpkts: subpacket length read mismatch"); 1871 } 1872 ERRP(&stream->cbinfo, pkt, "Subpacket length mismatch"); 1873 } 1874 return 1; 1875 } 1876 1877 /** 1878 * \ingroup Core_ReadPackets 1879 * \brief Parse a version 4 signature. 1880 * 1881 * This function parses a version 4 signature including all its hashed and unhashed subpackets. 1882 * 1883 * Once the signature packet has been parsed successfully, it is passed to the callback. 1884 * 1885 * \param *ptag Pointer to the Packet Tag. 1886 * \param *reader Our reader 1887 * \param *cb The callback 1888 * \return 1 on success, 0 on error 1889 * 1890 * \see RFC4880 5.2.3 1891 */ 1892 static int 1893 parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream) 1894 { 1895 pgp_packet_t pkt; 1896 uint8_t c = 0x0; 1897 1898 if (pgp_get_debug_level(__FILE__)) { 1899 fprintf(stderr, "\nparse_v4_sig\n"); 1900 } 1901 /* clear signature */ 1902 (void) memset(&pkt.u.sig, 0x0, sizeof(pkt.u.sig)); 1903 1904 /* 1905 * We need to hash the packet data from version through the hashed 1906 * subpacket data 1907 */ 1908 1909 pkt.u.sig.v4_hashstart = stream->readinfo.alength - 1; 1910 1911 /* Set version,type,algorithms */ 1912 1913 pkt.u.sig.info.version = PGP_V4; 1914 1915 if (!limread(&c, 1, region, stream)) { 1916 return 0; 1917 } 1918 pkt.u.sig.info.type = (pgp_sig_type_t)c; 1919 if (pgp_get_debug_level(__FILE__)) { 1920 fprintf(stderr, "signature type=%d (%s)\n", 1921 pkt.u.sig.info.type, 1922 pgp_show_sig_type(pkt.u.sig.info.type)); 1923 } 1924 /* XXX: check signature type */ 1925 1926 if (!limread(&c, 1, region, stream)) { 1927 return 0; 1928 } 1929 pkt.u.sig.info.key_alg = (pgp_pubkey_alg_t)c; 1930 /* XXX: check key algorithm */ 1931 if (pgp_get_debug_level(__FILE__)) { 1932 (void) fprintf(stderr, "key_alg=%d (%s)\n", 1933 pkt.u.sig.info.key_alg, 1934 pgp_show_pka(pkt.u.sig.info.key_alg)); 1935 } 1936 if (!limread(&c, 1, region, stream)) { 1937 return 0; 1938 } 1939 pkt.u.sig.info.hash_alg = (pgp_hash_alg_t)c; 1940 /* XXX: check hash algorithm */ 1941 if (pgp_get_debug_level(__FILE__)) { 1942 fprintf(stderr, "hash_alg=%d %s\n", 1943 pkt.u.sig.info.hash_alg, 1944 pgp_show_hash_alg(pkt.u.sig.info.hash_alg)); 1945 } 1946 CALLBACK(PGP_PTAG_CT_SIGNATURE_HEADER, &stream->cbinfo, &pkt); 1947 1948 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 1949 return 0; 1950 } 1951 1952 pkt.u.sig.info.v4_hashlen = stream->readinfo.alength 1953 - pkt.u.sig.v4_hashstart; 1954 if (pgp_get_debug_level(__FILE__)) { 1955 fprintf(stderr, "v4_hashlen=%zd\n", pkt.u.sig.info.v4_hashlen); 1956 } 1957 1958 /* copy hashed subpackets */ 1959 if (pkt.u.sig.info.v4_hashed) { 1960 free(pkt.u.sig.info.v4_hashed); 1961 } 1962 pkt.u.sig.info.v4_hashed = calloc(1, pkt.u.sig.info.v4_hashlen); 1963 if (pkt.u.sig.info.v4_hashed == NULL) { 1964 (void) fprintf(stderr, "parse_v4_sig: bad alloc\n"); 1965 return 0; 1966 } 1967 1968 if (!stream->readinfo.accumulate) { 1969 /* We must accumulate, else we can't check the signature */ 1970 fprintf(stderr, "*** ERROR: must set accumulate to 1\n"); 1971 return 0; 1972 } 1973 (void) memcpy(pkt.u.sig.info.v4_hashed, 1974 stream->readinfo.accumulated + pkt.u.sig.v4_hashstart, 1975 pkt.u.sig.info.v4_hashlen); 1976 1977 if (!parse_sig_subpkts(&pkt.u.sig, region, stream)) { 1978 return 0; 1979 } 1980 1981 if (!limread(pkt.u.sig.hash2, 2, region, stream)) { 1982 return 0; 1983 } 1984 1985 switch (pkt.u.sig.info.key_alg) { 1986 case PGP_PKA_RSA: 1987 if (!limread_mpi(&pkt.u.sig.info.sig.rsa.sig, region, stream)) { 1988 return 0; 1989 } 1990 if (pgp_get_debug_level(__FILE__)) { 1991 (void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n"); 1992 BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig); 1993 (void) fprintf(stderr, "\n"); 1994 } 1995 break; 1996 1997 case PGP_PKA_DSA: 1998 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.r, region, stream)) { 1999 /* 2000 * usually if this fails, it just means we've reached 2001 * the end of the keyring 2002 */ 2003 if (pgp_get_debug_level(__FILE__)) { 2004 (void) fprintf(stderr, 2005 "Error reading DSA r field in signature"); 2006 } 2007 return 0; 2008 } 2009 if (!limread_mpi(&pkt.u.sig.info.sig.dsa.s, region, stream)) { 2010 ERRP(&stream->cbinfo, pkt, 2011 "Error reading DSA s field in signature"); 2012 } 2013 break; 2014 2015 case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: 2016 if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region, 2017 stream) || 2018 !limread_mpi(&pkt.u.sig.info.sig.elgamal.s, region, 2019 stream)) { 2020 return 0; 2021 } 2022 break; 2023 2024 case PGP_PKA_PRIVATE00: 2025 case PGP_PKA_PRIVATE01: 2026 case PGP_PKA_PRIVATE02: 2027 case PGP_PKA_PRIVATE03: 2028 case PGP_PKA_PRIVATE04: 2029 case PGP_PKA_PRIVATE05: 2030 case PGP_PKA_PRIVATE06: 2031 case PGP_PKA_PRIVATE07: 2032 case PGP_PKA_PRIVATE08: 2033 case PGP_PKA_PRIVATE09: 2034 case PGP_PKA_PRIVATE10: 2035 if (!read_data(&pkt.u.sig.info.sig.unknown, region, stream)) { 2036 return 0; 2037 } 2038 break; 2039 2040 default: 2041 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SIGNATURE_ALG, 2042 "Bad v4 signature key algorithm (%s)", 2043 pgp_show_pka(pkt.u.sig.info.key_alg)); 2044 return 0; 2045 } 2046 if (region->readc != region->length) { 2047 PGP_ERROR_1(&stream->errors, PGP_E_R_UNCONSUMED_DATA, 2048 "Unconsumed data (%d)", 2049 region->length - region->readc); 2050 return 0; 2051 } 2052 CALLBACK(PGP_PTAG_CT_SIGNATURE_FOOTER, &stream->cbinfo, &pkt); 2053 return 1; 2054 } 2055 2056 /** 2057 * \ingroup Core_ReadPackets 2058 * \brief Parse a signature subpacket. 2059 * 2060 * This function calls the appropriate function to handle v3 or v4 signatures. 2061 * 2062 * Once the signature packet has been parsed successfully, it is passed to the callback. 2063 * 2064 * \param *ptag Pointer to the Packet Tag. 2065 * \param *reader Our reader 2066 * \param *cb The callback 2067 * \return 1 on success, 0 on error 2068 */ 2069 static int 2070 parse_sig(pgp_region_t *region, pgp_stream_t *stream) 2071 { 2072 pgp_packet_t pkt; 2073 uint8_t c = 0x0; 2074 2075 if (region->readc != 0) { 2076 /* We should not have read anything so far */ 2077 (void) fprintf(stderr, "parse_sig: bad length\n"); 2078 return 0; 2079 } 2080 2081 (void) memset(&pkt, 0x0, sizeof(pkt)); 2082 if (!limread(&c, 1, region, stream)) { 2083 return 0; 2084 } 2085 if (c == 2 || c == 3) { 2086 return parse_v3_sig(region, stream); 2087 } 2088 if (c == 4) { 2089 return parse_v4_sig(region, stream); 2090 } 2091 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_SIGNATURE_VRSN, 2092 "Bad signature version (%d)", c); 2093 return 0; 2094 } 2095 2096 /** 2097 \ingroup Core_ReadPackets 2098 \brief Parse Compressed packet 2099 */ 2100 static int 2101 parse_compressed(pgp_region_t *region, pgp_stream_t *stream) 2102 { 2103 pgp_packet_t pkt; 2104 uint8_t c = 0x0; 2105 2106 if (!limread(&c, 1, region, stream)) { 2107 return 0; 2108 } 2109 2110 pkt.u.compressed = (pgp_compression_type_t)c; 2111 2112 CALLBACK(PGP_PTAG_CT_COMPRESSED, &stream->cbinfo, &pkt); 2113 2114 /* 2115 * The content of a compressed data packet is more OpenPGP packets 2116 * once decompressed, so recursively handle them 2117 */ 2118 2119 return pgp_decompress(region, stream, pkt.u.compressed); 2120 } 2121 2122 /* XXX: this could be improved by sharing all hashes that are the */ 2123 /* same, then duping them just before checking the signature. */ 2124 static void 2125 parse_hash_init(pgp_stream_t *stream, pgp_hash_alg_t type, 2126 const uint8_t *keyid) 2127 { 2128 pgp_hashtype_t *hash; 2129 2130 hash = realloc(stream->hashes, 2131 (stream->hashc + 1) * sizeof(*stream->hashes)); 2132 if (hash == NULL) { 2133 (void) fprintf(stderr, "parse_hash_init: bad alloc 0\n"); 2134 /* just continue and die here */ 2135 /* XXX - agc - no way to return failure */ 2136 } else { 2137 stream->hashes = hash; 2138 } 2139 hash = &stream->hashes[stream->hashc++]; 2140 2141 pgp_hash_any(&hash->hash, type); 2142 if (!hash->hash.init(&hash->hash)) { 2143 (void) fprintf(stderr, "parse_hash_init: bad alloc\n"); 2144 /* just continue and die here */ 2145 /* XXX - agc - no way to return failure */ 2146 } 2147 (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); 2148 } 2149 2150 /** 2151 \ingroup Core_ReadPackets 2152 \brief Parse a One Pass Signature packet 2153 */ 2154 static int 2155 parse_one_pass(pgp_region_t * region, pgp_stream_t * stream) 2156 { 2157 pgp_packet_t pkt; 2158 uint8_t c = 0x0; 2159 2160 if (!limread(&pkt.u.one_pass_sig.version, 1, region, stream)) { 2161 return 0; 2162 } 2163 if (pkt.u.one_pass_sig.version != 3) { 2164 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_ONE_PASS_SIG_VRSN, 2165 "Bad one-pass signature version (%d)", 2166 pkt.u.one_pass_sig.version); 2167 return 0; 2168 } 2169 if (!limread(&c, 1, region, stream)) { 2170 return 0; 2171 } 2172 pkt.u.one_pass_sig.sig_type = (pgp_sig_type_t)c; 2173 2174 if (!limread(&c, 1, region, stream)) { 2175 return 0; 2176 } 2177 pkt.u.one_pass_sig.hash_alg = (pgp_hash_alg_t)c; 2178 2179 if (!limread(&c, 1, region, stream)) { 2180 return 0; 2181 } 2182 pkt.u.one_pass_sig.key_alg = (pgp_pubkey_alg_t)c; 2183 2184 if (!limread(pkt.u.one_pass_sig.keyid, 2185 (unsigned)sizeof(pkt.u.one_pass_sig.keyid), 2186 region, stream)) { 2187 return 0; 2188 } 2189 2190 if (!limread(&c, 1, region, stream)) { 2191 return 0; 2192 } 2193 pkt.u.one_pass_sig.nested = !!c; 2194 CALLBACK(PGP_PTAG_CT_1_PASS_SIG, &stream->cbinfo, &pkt); 2195 /* XXX: we should, perhaps, let the app choose whether to hash or not */ 2196 parse_hash_init(stream, pkt.u.one_pass_sig.hash_alg, 2197 pkt.u.one_pass_sig.keyid); 2198 return 1; 2199 } 2200 2201 /** 2202 \ingroup Core_ReadPackets 2203 \brief Parse a Trust packet 2204 */ 2205 static int 2206 parse_trust(pgp_region_t *region, pgp_stream_t *stream) 2207 { 2208 pgp_packet_t pkt; 2209 2210 if (!read_data(&pkt.u.trust, region, stream)) { 2211 return 0; 2212 } 2213 CALLBACK(PGP_PTAG_CT_TRUST, &stream->cbinfo, &pkt); 2214 return 1; 2215 } 2216 2217 static void 2218 parse_hash_data(pgp_stream_t *stream, const void *data, 2219 size_t length) 2220 { 2221 size_t n; 2222 2223 for (n = 0; n < stream->hashc; ++n) { 2224 stream->hashes[n].hash.add(&stream->hashes[n].hash, data, (unsigned)length); 2225 } 2226 } 2227 2228 /** 2229 \ingroup Core_ReadPackets 2230 \brief Parse a Literal Data packet 2231 */ 2232 static int 2233 parse_litdata(pgp_region_t *region, pgp_stream_t *stream) 2234 { 2235 pgp_memory_t *mem; 2236 pgp_packet_t pkt; 2237 uint8_t c = 0x0; 2238 2239 if (!limread(&c, 1, region, stream)) { 2240 return 0; 2241 } 2242 pkt.u.litdata_header.format = (pgp_litdata_enum)c; 2243 if (!limread(&c, 1, region, stream)) { 2244 return 0; 2245 } 2246 if (!limread((uint8_t *)pkt.u.litdata_header.filename, 2247 (unsigned)c, region, stream)) { 2248 return 0; 2249 } 2250 pkt.u.litdata_header.filename[c] = '\0'; 2251 if (!limited_read_time(&pkt.u.litdata_header.mtime, region, stream)) { 2252 return 0; 2253 } 2254 CALLBACK(PGP_PTAG_CT_LITDATA_HEADER, &stream->cbinfo, &pkt); 2255 mem = pkt.u.litdata_body.mem = pgp_memory_new(); 2256 pgp_memory_init(pkt.u.litdata_body.mem, 2257 (unsigned)((region->length * 101) / 100) + 12); 2258 pkt.u.litdata_body.data = mem->buf; 2259 2260 while (region->readc < region->length) { 2261 unsigned readc = region->length - region->readc; 2262 2263 if (!limread(mem->buf, readc, region, stream)) { 2264 return 0; 2265 } 2266 pkt.u.litdata_body.length = readc; 2267 parse_hash_data(stream, pkt.u.litdata_body.data, region->length); 2268 CALLBACK(PGP_PTAG_CT_LITDATA_BODY, &stream->cbinfo, &pkt); 2269 } 2270 2271 /* XXX - get rid of mem here? */ 2272 2273 return 1; 2274 } 2275 2276 /** 2277 * \ingroup Core_Create 2278 * 2279 * pgp_seckey_free() frees the memory associated with "key". Note that 2280 * the key itself is not freed. 2281 * 2282 * \param key 2283 */ 2284 2285 void 2286 pgp_seckey_free(pgp_seckey_t *key) 2287 { 2288 switch (key->pubkey.alg) { 2289 case PGP_PKA_RSA: 2290 case PGP_PKA_RSA_ENCRYPT_ONLY: 2291 case PGP_PKA_RSA_SIGN_ONLY: 2292 free_BN(&key->key.rsa.d); 2293 free_BN(&key->key.rsa.p); 2294 free_BN(&key->key.rsa.q); 2295 free_BN(&key->key.rsa.u); 2296 break; 2297 2298 case PGP_PKA_DSA: 2299 free_BN(&key->key.dsa.x); 2300 break; 2301 2302 default: 2303 (void) fprintf(stderr, 2304 "pgp_seckey_free: Unknown algorithm: %d (%s)\n", 2305 key->pubkey.alg, 2306 pgp_show_pka(key->pubkey.alg)); 2307 } 2308 free(key->checkhash); 2309 } 2310 2311 static int 2312 consume_packet(pgp_region_t *region, pgp_stream_t *stream, unsigned warn) 2313 { 2314 pgp_packet_t pkt; 2315 pgp_data_t remainder; 2316 2317 if (region->indeterminate) { 2318 ERRP(&stream->cbinfo, pkt, 2319 "Can't consume indeterminate packets"); 2320 } 2321 2322 if (read_data(&remainder, region, stream)) { 2323 /* now throw it away */ 2324 pgp_data_free(&remainder); 2325 if (warn) { 2326 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_CONSUMED, 2327 "%s", "Warning: packet consumer"); 2328 } 2329 return 1; 2330 } 2331 PGP_ERROR_1(&stream->errors, PGP_E_P_PACKET_NOT_CONSUMED, 2332 "%s", (warn) ? "Warning: Packet was not consumed" : 2333 "Packet was not consumed"); 2334 return warn; 2335 } 2336 2337 /** 2338 * \ingroup Core_ReadPackets 2339 * \brief Parse a secret key 2340 */ 2341 static int 2342 parse_seckey(pgp_region_t *region, pgp_stream_t *stream) 2343 { 2344 pgp_packet_t pkt; 2345 pgp_region_t encregion; 2346 pgp_region_t *saved_region = NULL; 2347 pgp_crypt_t decrypt; 2348 pgp_hash_t checkhash; 2349 unsigned blocksize; 2350 unsigned crypted; 2351 uint8_t c = 0x0; 2352 int ret = 1; 2353 2354 if (pgp_get_debug_level(__FILE__)) { 2355 fprintf(stderr, "\n---------\nparse_seckey:\n"); 2356 fprintf(stderr, 2357 "region length=%u, readc=%u, remainder=%u\n", 2358 region->length, region->readc, 2359 region->length - region->readc); 2360 } 2361 (void) memset(&pkt, 0x0, sizeof(pkt)); 2362 if (!parse_pubkey_data(&pkt.u.seckey.pubkey, region, stream)) { 2363 return 0; 2364 } 2365 if (pgp_get_debug_level(__FILE__)) { 2366 fprintf(stderr, "parse_seckey: public key parsed\n"); 2367 pgp_print_pubkey(&pkt.u.seckey.pubkey); 2368 } 2369 stream->reading_v3_secret = (pkt.u.seckey.pubkey.version != PGP_V4); 2370 2371 if (!limread(&c, 1, region, stream)) { 2372 return 0; 2373 } 2374 pkt.u.seckey.s2k_usage = (pgp_s2k_usage_t)c; 2375 2376 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED || 2377 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2378 if (!limread(&c, 1, region, stream)) { 2379 return 0; 2380 } 2381 pkt.u.seckey.alg = (pgp_symm_alg_t)c; 2382 if (!limread(&c, 1, region, stream)) { 2383 return 0; 2384 } 2385 pkt.u.seckey.s2k_specifier = (pgp_s2k_specifier_t)c; 2386 switch (pkt.u.seckey.s2k_specifier) { 2387 case PGP_S2KS_SIMPLE: 2388 case PGP_S2KS_SALTED: 2389 case PGP_S2KS_ITERATED_AND_SALTED: 2390 break; 2391 default: 2392 (void) fprintf(stderr, 2393 "parse_seckey: bad seckey\n"); 2394 return 0; 2395 } 2396 if (!limread(&c, 1, region, stream)) { 2397 return 0; 2398 } 2399 pkt.u.seckey.hash_alg = (pgp_hash_alg_t)c; 2400 if (pkt.u.seckey.s2k_specifier != PGP_S2KS_SIMPLE && 2401 !limread(pkt.u.seckey.salt, 8, region, stream)) { 2402 return 0; 2403 } 2404 if (pkt.u.seckey.s2k_specifier == 2405 PGP_S2KS_ITERATED_AND_SALTED) { 2406 if (!limread(&c, 1, region, stream)) { 2407 return 0; 2408 } 2409 pkt.u.seckey.octetc = 2410 (16 + ((unsigned)c & 15)) << 2411 (((unsigned)c >> 4) + 6); 2412 } 2413 } else if (pkt.u.seckey.s2k_usage != PGP_S2KU_NONE) { 2414 /* this is V3 style, looks just like a V4 simple hash */ 2415 pkt.u.seckey.alg = (pgp_symm_alg_t)c; 2416 pkt.u.seckey.s2k_usage = PGP_S2KU_ENCRYPTED; 2417 pkt.u.seckey.s2k_specifier = PGP_S2KS_SIMPLE; 2418 pkt.u.seckey.hash_alg = PGP_HASH_MD5; 2419 } 2420 crypted = pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED || 2421 pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED; 2422 2423 if (crypted) { 2424 pgp_packet_t seckey; 2425 pgp_hash_t hashes[(PGP_MAX_KEY_SIZE + PGP_MIN_HASH_SIZE - 1) / PGP_MIN_HASH_SIZE]; 2426 unsigned passlen; 2427 uint8_t key[PGP_MAX_KEY_SIZE + PGP_MAX_HASH_SIZE]; 2428 char *passphrase; 2429 int hashsize; 2430 int keysize; 2431 int n; 2432 2433 if (pgp_get_debug_level(__FILE__)) { 2434 (void) fprintf(stderr, "crypted seckey\n"); 2435 } 2436 blocksize = pgp_block_size(pkt.u.seckey.alg); 2437 if (blocksize == 0 || blocksize > PGP_MAX_BLOCK_SIZE) { 2438 (void) fprintf(stderr, 2439 "parse_seckey: bad blocksize\n"); 2440 return 0; 2441 } 2442 2443 if (!limread(pkt.u.seckey.iv, blocksize, region, stream)) { 2444 return 0; 2445 } 2446 (void) memset(&seckey, 0x0, sizeof(seckey)); 2447 passphrase = NULL; 2448 seckey.u.skey_passphrase.passphrase = &passphrase; 2449 seckey.u.skey_passphrase.seckey = &pkt.u.seckey; 2450 CALLBACK(PGP_GET_PASSPHRASE, &stream->cbinfo, &seckey); 2451 if (!passphrase) { 2452 if (pgp_get_debug_level(__FILE__)) { 2453 /* \todo make into proper error */ 2454 (void) fprintf(stderr, 2455 "parse_seckey: can't get passphrase\n"); 2456 } 2457 if (!consume_packet(region, stream, 0)) { 2458 return 0; 2459 } 2460 2461 CALLBACK(PGP_PTAG_CT_ENCRYPTED_SECRET_KEY, 2462 &stream->cbinfo, &pkt); 2463 2464 return 1; 2465 } 2466 keysize = pgp_key_size(pkt.u.seckey.alg); 2467 if (keysize == 0 || keysize > PGP_MAX_KEY_SIZE) { 2468 (void) fprintf(stderr, 2469 "parse_seckey: bad keysize\n"); 2470 return 0; 2471 } 2472 2473 /* Hardcoded SHA1 for just now */ 2474 pkt.u.seckey.hash_alg = PGP_HASH_SHA1; 2475 hashsize = pgp_hash_size(pkt.u.seckey.hash_alg); 2476 if (hashsize == 0 || hashsize > PGP_MAX_HASH_SIZE) { 2477 (void) fprintf(stderr, 2478 "parse_seckey: bad hashsize\n"); 2479 return 0; 2480 } 2481 2482 for (n = 0; n * hashsize < keysize; ++n) { 2483 int i; 2484 2485 pgp_hash_any(&hashes[n], 2486 pkt.u.seckey.hash_alg); 2487 if (!hashes[n].init(&hashes[n])) { 2488 (void) fprintf(stderr, 2489 "parse_seckey: bad alloc\n"); 2490 return 0; 2491 } 2492 /* preload hashes with zeroes... */ 2493 for (i = 0; i < n; ++i) { 2494 hashes[n].add(&hashes[n], 2495 (const uint8_t *) "", 1); 2496 } 2497 } 2498 passlen = (unsigned)strlen(passphrase); 2499 for (n = 0; n * hashsize < keysize; ++n) { 2500 unsigned i; 2501 2502 switch (pkt.u.seckey.s2k_specifier) { 2503 case PGP_S2KS_SALTED: 2504 hashes[n].add(&hashes[n], 2505 pkt.u.seckey.salt, 2506 PGP_SALT_SIZE); 2507 /* FALLTHROUGH */ 2508 case PGP_S2KS_SIMPLE: 2509 hashes[n].add(&hashes[n], 2510 (uint8_t *)passphrase, (unsigned)passlen); 2511 break; 2512 2513 case PGP_S2KS_ITERATED_AND_SALTED: 2514 for (i = 0; i < pkt.u.seckey.octetc; 2515 i += passlen + PGP_SALT_SIZE) { 2516 unsigned j; 2517 2518 j = passlen + PGP_SALT_SIZE; 2519 if (i + j > pkt.u.seckey.octetc && i != 0) { 2520 j = pkt.u.seckey.octetc - i; 2521 } 2522 hashes[n].add(&hashes[n], 2523 pkt.u.seckey.salt, 2524 (unsigned)(j > PGP_SALT_SIZE) ? 2525 PGP_SALT_SIZE : j); 2526 if (j > PGP_SALT_SIZE) { 2527 hashes[n].add(&hashes[n], 2528 (uint8_t *) passphrase, 2529 j - PGP_SALT_SIZE); 2530 } 2531 } 2532 break; 2533 default: 2534 break; 2535 } 2536 } 2537 2538 for (n = 0; n * hashsize < keysize; ++n) { 2539 int r; 2540 2541 r = hashes[n].finish(&hashes[n], key + n * hashsize); 2542 if (r != hashsize) { 2543 (void) fprintf(stderr, 2544 "parse_seckey: bad r\n"); 2545 return 0; 2546 } 2547 } 2548 2549 pgp_forget(passphrase, passlen); 2550 2551 pgp_crypt_any(&decrypt, pkt.u.seckey.alg); 2552 if (pgp_get_debug_level(__FILE__)) { 2553 hexdump(stderr, "input iv", pkt.u.seckey.iv, pgp_block_size(pkt.u.seckey.alg)); 2554 hexdump(stderr, "key", key, CAST_KEY_LENGTH); 2555 } 2556 decrypt.set_iv(&decrypt, pkt.u.seckey.iv); 2557 decrypt.set_crypt_key(&decrypt, key); 2558 2559 /* now read encrypted data */ 2560 2561 pgp_reader_push_decrypt(stream, &decrypt, region); 2562 2563 /* 2564 * Since all known encryption for PGP doesn't compress, we 2565 * can limit to the same length as the current region (for 2566 * now). 2567 */ 2568 pgp_init_subregion(&encregion, NULL); 2569 encregion.length = region->length - region->readc; 2570 if (pkt.u.seckey.pubkey.version != PGP_V4) { 2571 encregion.length -= 2; 2572 } 2573 saved_region = region; 2574 region = &encregion; 2575 } 2576 if (pgp_get_debug_level(__FILE__)) { 2577 fprintf(stderr, "parse_seckey: end of crypted passphrase\n"); 2578 } 2579 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2580 /* XXX - Hard-coded SHA1 here ?? Check */ 2581 pkt.u.seckey.checkhash = calloc(1, PGP_SHA1_HASH_SIZE); 2582 if (pkt.u.seckey.checkhash == NULL) { 2583 (void) fprintf(stderr, "parse_seckey: bad alloc\n"); 2584 return 0; 2585 } 2586 pgp_hash_sha1(&checkhash); 2587 pgp_reader_push_hash(stream, &checkhash); 2588 } else { 2589 pgp_reader_push_sum16(stream); 2590 } 2591 if (pgp_get_debug_level(__FILE__)) { 2592 fprintf(stderr, "parse_seckey: checkhash, reading MPIs\n"); 2593 } 2594 switch (pkt.u.seckey.pubkey.alg) { 2595 case PGP_PKA_RSA: 2596 case PGP_PKA_RSA_ENCRYPT_ONLY: 2597 case PGP_PKA_RSA_SIGN_ONLY: 2598 if (!limread_mpi(&pkt.u.seckey.key.rsa.d, region, stream) || 2599 !limread_mpi(&pkt.u.seckey.key.rsa.p, region, stream) || 2600 !limread_mpi(&pkt.u.seckey.key.rsa.q, region, stream) || 2601 !limread_mpi(&pkt.u.seckey.key.rsa.u, region, stream)) { 2602 ret = 0; 2603 } 2604 break; 2605 2606 case PGP_PKA_DSA: 2607 if (!limread_mpi(&pkt.u.seckey.key.dsa.x, region, stream)) { 2608 ret = 0; 2609 } 2610 break; 2611 2612 case PGP_PKA_ELGAMAL: 2613 if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) { 2614 ret = 0; 2615 } 2616 break; 2617 2618 default: 2619 PGP_ERROR_2(&stream->errors, 2620 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2621 "Unsupported Public Key algorithm %d (%s)", 2622 pkt.u.seckey.pubkey.alg, 2623 pgp_show_pka(pkt.u.seckey.pubkey.alg)); 2624 ret = 0; 2625 } 2626 2627 if (pgp_get_debug_level(__FILE__)) { 2628 (void) fprintf(stderr, "4 MPIs read\n"); 2629 } 2630 stream->reading_v3_secret = 0; 2631 2632 if (pkt.u.seckey.s2k_usage == PGP_S2KU_ENCRYPTED_AND_HASHED) { 2633 uint8_t hash[PGP_CHECKHASH_SIZE]; 2634 2635 pgp_reader_pop_hash(stream); 2636 checkhash.finish(&checkhash, hash); 2637 2638 if (crypted && 2639 pkt.u.seckey.pubkey.version != PGP_V4) { 2640 pgp_reader_pop_decrypt(stream); 2641 region = saved_region; 2642 } 2643 if (ret) { 2644 if (!limread(pkt.u.seckey.checkhash, 2645 PGP_CHECKHASH_SIZE, region, stream)) { 2646 return 0; 2647 } 2648 2649 if (memcmp(hash, pkt.u.seckey.checkhash, 2650 PGP_CHECKHASH_SIZE) != 0) { 2651 ERRP(&stream->cbinfo, pkt, 2652 "Hash mismatch in secret key"); 2653 } 2654 } 2655 } else { 2656 uint16_t sum; 2657 2658 sum = pgp_reader_pop_sum16(stream); 2659 if (crypted && 2660 pkt.u.seckey.pubkey.version != PGP_V4) { 2661 pgp_reader_pop_decrypt(stream); 2662 region = saved_region; 2663 } 2664 if (ret) { 2665 if (!limread_scalar(&pkt.u.seckey.checksum, 2, 2666 region, stream)) 2667 return 0; 2668 2669 if (sum != pkt.u.seckey.checksum) { 2670 ERRP(&stream->cbinfo, pkt, 2671 "Checksum mismatch in secret key"); 2672 } 2673 } 2674 } 2675 2676 if (crypted && pkt.u.seckey.pubkey.version == PGP_V4) { 2677 pgp_reader_pop_decrypt(stream); 2678 } 2679 if (region == NULL) { 2680 (void) fprintf(stderr, "parse_seckey: NULL region\n"); 2681 return 0; 2682 } 2683 if (ret && region->readc != region->length) { 2684 (void) fprintf(stderr, "parse_seckey: bad length\n"); 2685 return 0; 2686 } 2687 if (!ret) { 2688 return 0; 2689 } 2690 CALLBACK(PGP_PTAG_CT_SECRET_KEY, &stream->cbinfo, &pkt); 2691 if (pgp_get_debug_level(__FILE__)) { 2692 (void) fprintf(stderr, "--- end of parse_seckey\n\n"); 2693 } 2694 return 1; 2695 } 2696 2697 /** 2698 \ingroup Core_ReadPackets 2699 \brief Parse a Public Key Session Key packet 2700 */ 2701 static int 2702 parse_pk_sesskey(pgp_region_t *region, 2703 pgp_stream_t *stream) 2704 { 2705 const pgp_seckey_t *secret; 2706 pgp_packet_t sesskey; 2707 pgp_packet_t pkt; 2708 uint8_t *iv; 2709 uint8_t c = 0x0; 2710 uint8_t cs[2]; 2711 unsigned k; 2712 BIGNUM *g_to_k; 2713 BIGNUM *enc_m; 2714 int n; 2715 uint8_t unencoded_m_buf[1024]; 2716 2717 if (!limread(&c, 1, region, stream)) { 2718 (void) fprintf(stderr, "parse_pk_sesskey - can't read char in region\n"); 2719 return 0; 2720 } 2721 pkt.u.pk_sesskey.version = c; 2722 if (pkt.u.pk_sesskey.version != 3) { 2723 PGP_ERROR_1(&stream->errors, PGP_E_PROTO_BAD_PKSK_VRSN, 2724 "Bad public-key encrypted session key version (%d)", 2725 pkt.u.pk_sesskey.version); 2726 return 0; 2727 } 2728 if (!limread(pkt.u.pk_sesskey.key_id, 2729 (unsigned)sizeof(pkt.u.pk_sesskey.key_id), region, stream)) { 2730 return 0; 2731 } 2732 if (pgp_get_debug_level(__FILE__)) { 2733 hexdump(stderr, "sesskey: pubkey id", pkt.u.pk_sesskey.key_id, sizeof(pkt.u.pk_sesskey.key_id)); 2734 } 2735 if (!limread(&c, 1, region, stream)) { 2736 return 0; 2737 } 2738 pkt.u.pk_sesskey.alg = (pgp_pubkey_alg_t)c; 2739 switch (pkt.u.pk_sesskey.alg) { 2740 case PGP_PKA_RSA: 2741 if (!limread_mpi(&pkt.u.pk_sesskey.params.rsa.encrypted_m, 2742 region, stream)) { 2743 return 0; 2744 } 2745 enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m; 2746 g_to_k = NULL; 2747 break; 2748 2749 case PGP_PKA_DSA: 2750 case PGP_PKA_ELGAMAL: 2751 if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k, 2752 region, stream) || 2753 !limread_mpi( 2754 &pkt.u.pk_sesskey.params.elgamal.encrypted_m, 2755 region, stream)) { 2756 return 0; 2757 } 2758 g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k; 2759 enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m; 2760 break; 2761 2762 default: 2763 PGP_ERROR_1(&stream->errors, 2764 PGP_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, 2765 "Unknown public key algorithm in session key (%s)", 2766 pgp_show_pka(pkt.u.pk_sesskey.alg)); 2767 return 0; 2768 } 2769 2770 (void) memset(&sesskey, 0x0, sizeof(sesskey)); 2771 secret = NULL; 2772 sesskey.u.get_seckey.seckey = &secret; 2773 sesskey.u.get_seckey.pk_sesskey = &pkt.u.pk_sesskey; 2774 2775 if (pgp_get_debug_level(__FILE__)) { 2776 (void) fprintf(stderr, "getting secret key via callback\n"); 2777 } 2778 2779 CALLBACK(PGP_GET_SECKEY, &stream->cbinfo, &sesskey); 2780 2781 if (pgp_get_debug_level(__FILE__)) { 2782 (void) fprintf(stderr, "got secret key via callback\n"); 2783 } 2784 if (!secret) { 2785 CALLBACK(PGP_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &stream->cbinfo, 2786 &pkt); 2787 return 1; 2788 } 2789 n = pgp_decrypt_decode_mpi(unencoded_m_buf, 2790 (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret); 2791 2792 if (n < 1) { 2793 ERRP(&stream->cbinfo, pkt, "decrypted message too short"); 2794 return 0; 2795 } 2796 2797 /* PKA */ 2798 pkt.u.pk_sesskey.symm_alg = (pgp_symm_alg_t)unencoded_m_buf[0]; 2799 if (pgp_get_debug_level(__FILE__)) { 2800 (void) fprintf(stderr, "symm alg %d\n", pkt.u.pk_sesskey.symm_alg); 2801 } 2802 2803 if (!pgp_is_sa_supported(pkt.u.pk_sesskey.symm_alg)) { 2804 /* ERR1P */ 2805 PGP_ERROR_1(&stream->errors, PGP_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, 2806 "Symmetric algorithm %s not supported", 2807 pgp_show_symm_alg( 2808 pkt.u.pk_sesskey.symm_alg)); 2809 return 0; 2810 } 2811 k = pgp_key_size(pkt.u.pk_sesskey.symm_alg); 2812 if (pgp_get_debug_level(__FILE__)) { 2813 (void) fprintf(stderr, "key size %d\n", k); 2814 } 2815 2816 if ((unsigned) n != k + 3) { 2817 PGP_ERROR_2(&stream->errors, PGP_E_PROTO_DECRYPTED_MSG_WRONG_LEN, 2818 "decrypted message wrong length (got %d expected %d)", 2819 n, k + 3); 2820 return 0; 2821 } 2822 if (k > sizeof(pkt.u.pk_sesskey.key)) { 2823 (void) fprintf(stderr, "parse_pk_sesskey: bad keylength\n"); 2824 return 0; 2825 } 2826 2827 (void) memcpy(pkt.u.pk_sesskey.key, unencoded_m_buf + 1, k); 2828 2829 if (pgp_get_debug_level(__FILE__)) { 2830 hexdump(stderr, "recovered sesskey", pkt.u.pk_sesskey.key, k); 2831 } 2832 pkt.u.pk_sesskey.checksum = unencoded_m_buf[k + 1] + 2833 (unencoded_m_buf[k + 2] << 8); 2834 if (pgp_get_debug_level(__FILE__)) { 2835 (void) fprintf(stderr, "session key checksum: %2x %2x\n", 2836 unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); 2837 } 2838 2839 /* Check checksum */ 2840 pgp_calc_sesskey_checksum(&pkt.u.pk_sesskey, &cs[0]); 2841 if (unencoded_m_buf[k + 1] != cs[0] || 2842 unencoded_m_buf[k + 2] != cs[1]) { 2843 PGP_ERROR_4(&stream->errors, PGP_E_PROTO_BAD_SK_CHECKSUM, 2844 "Session key checksum wrong: expected %2x %2x, got %2x %2x", 2845 cs[0], cs[1], unencoded_m_buf[k + 1], 2846 unencoded_m_buf[k + 2]); 2847 return 0; 2848 } 2849 2850 if (pgp_get_debug_level(__FILE__)) { 2851 (void) fprintf(stderr, "getting pk session key via callback\n"); 2852 } 2853 /* all is well */ 2854 CALLBACK(PGP_PTAG_CT_PK_SESSION_KEY, &stream->cbinfo, &pkt); 2855 if (pgp_get_debug_level(__FILE__)) { 2856 (void) fprintf(stderr, "got pk session key via callback\n"); 2857 } 2858 2859 pgp_crypt_any(&stream->decrypt, pkt.u.pk_sesskey.symm_alg); 2860 iv = calloc(1, stream->decrypt.blocksize); 2861 if (iv == NULL) { 2862 (void) fprintf(stderr, "parse_pk_sesskey: bad alloc\n"); 2863 return 0; 2864 } 2865 stream->decrypt.set_iv(&stream->decrypt, iv); 2866 stream->decrypt.set_crypt_key(&stream->decrypt, pkt.u.pk_sesskey.key); 2867 pgp_encrypt_init(&stream->decrypt); 2868 free(iv); 2869 return 1; 2870 } 2871 2872 static int 2873 decrypt_se_data(pgp_content_enum tag, pgp_region_t *region, 2874 pgp_stream_t *stream) 2875 { 2876 pgp_crypt_t *decrypt; 2877 const int printerrors = 1; 2878 int r = 1; 2879 2880 decrypt = pgp_get_decrypt(stream); 2881 if (decrypt) { 2882 pgp_region_t encregion; 2883 unsigned b = (unsigned)decrypt->blocksize; 2884 uint8_t buf[PGP_MAX_BLOCK_SIZE + 2] = ""; 2885 2886 pgp_reader_push_decrypt(stream, decrypt, region); 2887 2888 pgp_init_subregion(&encregion, NULL); 2889 encregion.length = b + 2; 2890 2891 if (!exact_limread(buf, b + 2, &encregion, stream)) { 2892 return 0; 2893 } 2894 if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { 2895 pgp_reader_pop_decrypt(stream); 2896 PGP_ERROR_4(&stream->errors, 2897 PGP_E_PROTO_BAD_SYMMETRIC_DECRYPT, 2898 "Bad symmetric decrypt (%02x%02x vs %02x%02x)", 2899 buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); 2900 return 0; 2901 } 2902 if (tag == PGP_PTAG_CT_SE_DATA_BODY) { 2903 decrypt->decrypt_resync(decrypt); 2904 decrypt->block_encrypt(decrypt, decrypt->civ, 2905 decrypt->civ); 2906 } 2907 r = pgp_parse(stream, !printerrors); 2908 2909 pgp_reader_pop_decrypt(stream); 2910 } else { 2911 pgp_packet_t pkt; 2912 2913 while (region->readc < region->length) { 2914 unsigned len; 2915 2916 len = region->length - region->readc; 2917 if (len > sizeof(pkt.u.se_data_body.data)) 2918 len = sizeof(pkt.u.se_data_body.data); 2919 2920 if (!limread(pkt.u.se_data_body.data, len, 2921 region, stream)) { 2922 return 0; 2923 } 2924 pkt.u.se_data_body.length = len; 2925 CALLBACK(tag, &stream->cbinfo, &pkt); 2926 } 2927 } 2928 2929 return r; 2930 } 2931 2932 static int 2933 decrypt_se_ip_data(pgp_content_enum tag, pgp_region_t *region, 2934 pgp_stream_t *stream) 2935 { 2936 pgp_crypt_t *decrypt; 2937 const int printerrors = 1; 2938 int r = 1; 2939 2940 decrypt = pgp_get_decrypt(stream); 2941 if (decrypt) { 2942 if (pgp_get_debug_level(__FILE__)) { 2943 (void) fprintf(stderr, "decrypt_se_ip_data: decrypt\n"); 2944 } 2945 pgp_reader_push_decrypt(stream, decrypt, region); 2946 pgp_reader_push_se_ip_data(stream, decrypt, region); 2947 2948 r = pgp_parse(stream, !printerrors); 2949 2950 pgp_reader_pop_se_ip_data(stream); 2951 pgp_reader_pop_decrypt(stream); 2952 } else { 2953 pgp_packet_t pkt; 2954 2955 if (pgp_get_debug_level(__FILE__)) { 2956 (void) fprintf(stderr, "decrypt_se_ip_data: no decrypt\n"); 2957 } 2958 while (region->readc < region->length) { 2959 unsigned len; 2960 2961 len = region->length - region->readc; 2962 if (len > sizeof(pkt.u.se_data_body.data)) { 2963 len = sizeof(pkt.u.se_data_body.data); 2964 } 2965 2966 if (!limread(pkt.u.se_data_body.data, 2967 len, region, stream)) { 2968 return 0; 2969 } 2970 2971 pkt.u.se_data_body.length = len; 2972 2973 CALLBACK(tag, &stream->cbinfo, &pkt); 2974 } 2975 } 2976 2977 return r; 2978 } 2979 2980 /** 2981 \ingroup Core_ReadPackets 2982 \brief Read a Symmetrically Encrypted packet 2983 */ 2984 static int 2985 parse_se_data(pgp_region_t *region, pgp_stream_t *stream) 2986 { 2987 pgp_packet_t pkt; 2988 2989 /* there's no info to go with this, so just announce it */ 2990 CALLBACK(PGP_PTAG_CT_SE_DATA_HEADER, &stream->cbinfo, &pkt); 2991 2992 /* 2993 * The content of an encrypted data packet is more OpenPGP packets 2994 * once decrypted, so recursively handle them 2995 */ 2996 return decrypt_se_data(PGP_PTAG_CT_SE_DATA_BODY, region, stream); 2997 } 2998 2999 /** 3000 \ingroup Core_ReadPackets 3001 \brief Read a Symmetrically Encrypted Integrity Protected packet 3002 */ 3003 static int 3004 parse_se_ip_data(pgp_region_t *region, pgp_stream_t *stream) 3005 { 3006 pgp_packet_t pkt; 3007 uint8_t c = 0x0; 3008 3009 if (!limread(&c, 1, region, stream)) { 3010 return 0; 3011 } 3012 pkt.u.se_ip_data_header = c; 3013 if (pgp_get_debug_level(__FILE__)) { 3014 (void) fprintf(stderr, "parse_se_ip_data: data header %d\n", c); 3015 } 3016 if (pkt.u.se_ip_data_header != PGP_SE_IP_DATA_VERSION) { 3017 (void) fprintf(stderr, "parse_se_ip_data: bad version\n"); 3018 return 0; 3019 } 3020 3021 if (pgp_get_debug_level(__FILE__)) { 3022 (void) fprintf(stderr, "parse_se_ip_data: region %d,%d\n", 3023 region->readc, region->length); 3024 hexdump(stderr, "compressed region", stream->virtualpkt, stream->virtualc); 3025 } 3026 /* 3027 * The content of an encrypted data packet is more OpenPGP packets 3028 * once decrypted, so recursively handle them 3029 */ 3030 return decrypt_se_ip_data(PGP_PTAG_CT_SE_IP_DATA_BODY, region, stream); 3031 } 3032 3033 /** 3034 \ingroup Core_ReadPackets 3035 \brief Read a MDC packet 3036 */ 3037 static int 3038 parse_mdc(pgp_region_t *region, pgp_stream_t *stream) 3039 { 3040 pgp_packet_t pkt; 3041 3042 pkt.u.mdc.length = PGP_SHA1_HASH_SIZE; 3043 if ((pkt.u.mdc.data = calloc(1, PGP_SHA1_HASH_SIZE)) == NULL) { 3044 (void) fprintf(stderr, "parse_mdc: bad alloc\n"); 3045 return 0; 3046 } 3047 if (!limread(pkt.u.mdc.data, PGP_SHA1_HASH_SIZE, region, stream)) { 3048 return 0; 3049 } 3050 CALLBACK(PGP_PTAG_CT_MDC, &stream->cbinfo, &pkt); 3051 free(pkt.u.mdc.data); 3052 return 1; 3053 } 3054 3055 /** 3056 * \ingroup Core_ReadPackets 3057 * \brief Parse one packet. 3058 * 3059 * This function parses the packet tag. It computes the value of the 3060 * content tag and then calls the appropriate function to handle the 3061 * content. 3062 * 3063 * \param *stream How to parse 3064 * \param *pktlen On return, will contain number of bytes in packet 3065 * \return 1 on success, 0 on error, -1 on EOF */ 3066 static int 3067 parse_packet(pgp_stream_t *stream, uint32_t *pktlen) 3068 { 3069 pgp_packet_t pkt; 3070 pgp_region_t region; 3071 uint8_t ptag; 3072 unsigned indeterminate = 0; 3073 int ret; 3074 3075 pkt.u.ptag.position = stream->readinfo.position; 3076 3077 ret = base_read(&ptag, 1, stream); 3078 3079 if (pgp_get_debug_level(__FILE__)) { 3080 (void) fprintf(stderr, 3081 "parse_packet: base_read returned %d, ptag %d\n", 3082 ret, ptag); 3083 } 3084 3085 /* errors in the base read are effectively EOF. */ 3086 if (ret <= 0) { 3087 return -1; 3088 } 3089 3090 *pktlen = 0; 3091 3092 if (!(ptag & PGP_PTAG_ALWAYS_SET)) { 3093 pkt.u.error = "Format error (ptag bit not set)"; 3094 CALLBACK(PGP_PARSER_ERROR, &stream->cbinfo, &pkt); 3095 return 0; 3096 } 3097 pkt.u.ptag.new_format = !!(ptag & PGP_PTAG_NEW_FORMAT); 3098 if (pkt.u.ptag.new_format) { 3099 pkt.u.ptag.type = (ptag & PGP_PTAG_NF_CONTENT_TAG_MASK); 3100 pkt.u.ptag.length_type = 0; 3101 if (!read_new_length(&pkt.u.ptag.length, stream)) { 3102 return 0; 3103 } 3104 } else { 3105 unsigned rb; 3106 3107 rb = 0; 3108 pkt.u.ptag.type = ((unsigned)ptag & 3109 PGP_PTAG_OF_CONTENT_TAG_MASK) 3110 >> PGP_PTAG_OF_CONTENT_TAG_SHIFT; 3111 pkt.u.ptag.length_type = ptag & PGP_PTAG_OF_LENGTH_TYPE_MASK; 3112 switch (pkt.u.ptag.length_type) { 3113 case PGP_PTAG_OLD_LEN_1: 3114 rb = _read_scalar(&pkt.u.ptag.length, 1, stream); 3115 break; 3116 3117 case PGP_PTAG_OLD_LEN_2: 3118 rb = _read_scalar(&pkt.u.ptag.length, 2, stream); 3119 break; 3120 3121 case PGP_PTAG_OLD_LEN_4: 3122 rb = _read_scalar(&pkt.u.ptag.length, 4, stream); 3123 break; 3124 3125 case PGP_PTAG_OLD_LEN_INDETERMINATE: 3126 pkt.u.ptag.length = 0; 3127 indeterminate = 1; 3128 rb = 1; 3129 break; 3130 } 3131 if (!rb) { 3132 return 0; 3133 } 3134 } 3135 3136 CALLBACK(PGP_PARSER_PTAG, &stream->cbinfo, &pkt); 3137 3138 pgp_init_subregion(®ion, NULL); 3139 region.length = pkt.u.ptag.length; 3140 region.indeterminate = indeterminate; 3141 if (pgp_get_debug_level(__FILE__)) { 3142 (void) fprintf(stderr, "parse_packet: type %u\n", 3143 pkt.u.ptag.type); 3144 } 3145 switch (pkt.u.ptag.type) { 3146 case PGP_PTAG_CT_SIGNATURE: 3147 ret = parse_sig(®ion, stream); 3148 break; 3149 3150 case PGP_PTAG_CT_PUBLIC_KEY: 3151 case PGP_PTAG_CT_PUBLIC_SUBKEY: 3152 ret = parse_pubkey((pgp_content_enum)pkt.u.ptag.type, ®ion, stream); 3153 break; 3154 3155 case PGP_PTAG_CT_TRUST: 3156 ret = parse_trust(®ion, stream); 3157 break; 3158 3159 case PGP_PTAG_CT_USER_ID: 3160 ret = parse_userid(®ion, stream); 3161 break; 3162 3163 case PGP_PTAG_CT_COMPRESSED: 3164 ret = parse_compressed(®ion, stream); 3165 break; 3166 3167 case PGP_PTAG_CT_1_PASS_SIG: 3168 ret = parse_one_pass(®ion, stream); 3169 break; 3170 3171 case PGP_PTAG_CT_LITDATA: 3172 ret = parse_litdata(®ion, stream); 3173 break; 3174 3175 case PGP_PTAG_CT_USER_ATTR: 3176 ret = parse_userattr(®ion, stream); 3177 break; 3178 3179 case PGP_PTAG_CT_SECRET_KEY: 3180 ret = parse_seckey(®ion, stream); 3181 break; 3182 3183 case PGP_PTAG_CT_SECRET_SUBKEY: 3184 ret = parse_seckey(®ion, stream); 3185 break; 3186 3187 case PGP_PTAG_CT_PK_SESSION_KEY: 3188 ret = parse_pk_sesskey(®ion, stream); 3189 break; 3190 3191 case PGP_PTAG_CT_SE_DATA: 3192 ret = parse_se_data(®ion, stream); 3193 break; 3194 3195 case PGP_PTAG_CT_SE_IP_DATA: 3196 ret = parse_se_ip_data(®ion, stream); 3197 break; 3198 3199 case PGP_PTAG_CT_MDC: 3200 ret = parse_mdc(®ion, stream); 3201 break; 3202 3203 default: 3204 PGP_ERROR_1(&stream->errors, PGP_E_P_UNKNOWN_TAG, 3205 "Unknown content tag 0x%x", 3206 pkt.u.ptag.type); 3207 ret = 0; 3208 } 3209 3210 /* Ensure that the entire packet has been consumed */ 3211 3212 if (region.length != region.readc && !region.indeterminate) { 3213 if (!consume_packet(®ion, stream, 0)) { 3214 ret = -1; 3215 } 3216 } 3217 3218 /* also consume it if there's been an error? */ 3219 /* \todo decide what to do about an error on an */ 3220 /* indeterminate packet */ 3221 if (ret == 0) { 3222 if (!consume_packet(®ion, stream, 0)) { 3223 ret = -1; 3224 } 3225 } 3226 /* set pktlen */ 3227 3228 *pktlen = stream->readinfo.alength; 3229 3230 /* do callback on entire packet, if desired and there was no error */ 3231 3232 if (ret > 0 && stream->readinfo.accumulate) { 3233 pkt.u.packet.length = stream->readinfo.alength; 3234 pkt.u.packet.raw = stream->readinfo.accumulated; 3235 stream->readinfo.accumulated = NULL; 3236 stream->readinfo.asize = 0; 3237 CALLBACK(PGP_PARSER_PACKET_END, &stream->cbinfo, &pkt); 3238 } 3239 stream->readinfo.alength = 0; 3240 3241 return (ret < 0) ? -1 : (ret) ? 1 : 0; 3242 } 3243 3244 /** 3245 * \ingroup Core_ReadPackets 3246 * 3247 * \brief Parse packets from an input stream until EOF or error. 3248 * 3249 * \details Setup the necessary parsing configuration in "stream" 3250 * before calling pgp_parse(). 3251 * 3252 * That information includes : 3253 * 3254 * - a "reader" function to be used to get the data to be parsed 3255 * 3256 * - a "callback" function to be called when this library has identified 3257 * a parseable object within the data 3258 * 3259 * - whether the calling function wants the signature subpackets 3260 * returned raw, parsed or not at all. 3261 * 3262 * After returning, stream->errors holds any errors encountered while parsing. 3263 * 3264 * \param stream Parsing configuration 3265 * \return 1 on success in all packets, 0 on error in any packet 3266 * 3267 * \sa CoreAPI Overview 3268 * 3269 * \sa pgp_print_errors() 3270 * 3271 */ 3272 3273 int 3274 pgp_parse(pgp_stream_t *stream, const int perrors) 3275 { 3276 uint32_t pktlen; 3277 int r; 3278 3279 do { 3280 r = parse_packet(stream, &pktlen); 3281 } while (r != -1); 3282 if (perrors) { 3283 pgp_print_errors(stream->errors); 3284 } 3285 return (stream->errors == NULL); 3286 } 3287 3288 /** 3289 * \ingroup Core_ReadPackets 3290 * 3291 * \brief Specifies whether one or more signature 3292 * subpacket types should be returned parsed; or raw; or ignored. 3293 * 3294 * \param stream Pointer to previously allocated structure 3295 * \param tag Packet tag. PGP_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag 3296 * \param type Parse type 3297 * \todo Make all packet types optional, not just subpackets */ 3298 void 3299 pgp_parse_options(pgp_stream_t *stream, 3300 pgp_content_enum tag, 3301 pgp_parse_type_t type) 3302 { 3303 unsigned t7; 3304 unsigned t8; 3305 3306 if (tag == PGP_PTAG_SS_ALL) { 3307 int n; 3308 3309 for (n = 0; n < 256; ++n) { 3310 pgp_parse_options(stream, 3311 PGP_PTAG_SIG_SUBPKT_BASE + n, 3312 type); 3313 } 3314 return; 3315 } 3316 if (tag < PGP_PTAG_SIG_SUBPKT_BASE || 3317 tag > PGP_PTAG_SIG_SUBPKT_BASE + NTAGS - 1) { 3318 (void) fprintf(stderr, "pgp_parse_options: bad tag\n"); 3319 return; 3320 } 3321 t8 = (tag - PGP_PTAG_SIG_SUBPKT_BASE) / 8; 3322 t7 = 1 << ((tag - PGP_PTAG_SIG_SUBPKT_BASE) & 7); 3323 switch (type) { 3324 case PGP_PARSE_RAW: 3325 stream->ss_raw[t8] |= t7; 3326 stream->ss_parsed[t8] &= ~t7; 3327 break; 3328 3329 case PGP_PARSE_PARSED: 3330 stream->ss_raw[t8] &= ~t7; 3331 stream->ss_parsed[t8] |= t7; 3332 break; 3333 3334 case PGP_PARSE_IGNORE: 3335 stream->ss_raw[t8] &= ~t7; 3336 stream->ss_parsed[t8] &= ~t7; 3337 break; 3338 } 3339 } 3340 3341 /** 3342 \ingroup Core_ReadPackets 3343 \brief Free pgp_stream_t struct and its contents 3344 */ 3345 void 3346 pgp_stream_delete(pgp_stream_t *stream) 3347 { 3348 pgp_cbdata_t *cbinfo; 3349 pgp_cbdata_t *next; 3350 3351 for (cbinfo = stream->cbinfo.next; cbinfo; cbinfo = next) { 3352 next = cbinfo->next; 3353 free(cbinfo); 3354 } 3355 if (stream->readinfo.destroyer) { 3356 stream->readinfo.destroyer(&stream->readinfo); 3357 } 3358 pgp_free_errors(stream->errors); 3359 if (stream->readinfo.accumulated) { 3360 free(stream->readinfo.accumulated); 3361 } 3362 free(stream); 3363 } 3364 3365 /** 3366 \ingroup Core_ReadPackets 3367 \brief Returns the parse_info's reader_info 3368 \return Pointer to the reader_info inside the parse_info 3369 */ 3370 pgp_reader_t * 3371 pgp_readinfo(pgp_stream_t *stream) 3372 { 3373 return &stream->readinfo; 3374 } 3375 3376 /** 3377 \ingroup Core_ReadPackets 3378 \brief Sets the parse_info's callback 3379 This is used when adding the first callback in a stack of callbacks. 3380 \sa pgp_callback_push() 3381 */ 3382 3383 void 3384 pgp_set_callback(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg) 3385 { 3386 stream->cbinfo.cbfunc = cb; 3387 stream->cbinfo.arg = arg; 3388 stream->cbinfo.errors = &stream->errors; 3389 } 3390 3391 /** 3392 \ingroup Core_ReadPackets 3393 \brief Adds a further callback to a stack of callbacks 3394 \sa pgp_set_callback() 3395 */ 3396 void 3397 pgp_callback_push(pgp_stream_t *stream, pgp_cbfunc_t *cb, void *arg) 3398 { 3399 pgp_cbdata_t *cbinfo; 3400 3401 if ((cbinfo = calloc(1, sizeof(*cbinfo))) == NULL) { 3402 (void) fprintf(stderr, "pgp_callback_push: bad alloc\n"); 3403 return; 3404 } 3405 (void) memcpy(cbinfo, &stream->cbinfo, sizeof(*cbinfo)); 3406 cbinfo->io = stream->io; 3407 stream->cbinfo.next = cbinfo; 3408 pgp_set_callback(stream, cb, arg); 3409 } 3410 3411 /** 3412 \ingroup Core_ReadPackets 3413 \brief Returns callback's arg 3414 */ 3415 void * 3416 pgp_callback_arg(pgp_cbdata_t *cbinfo) 3417 { 3418 return cbinfo->arg; 3419 } 3420 3421 /** 3422 \ingroup Core_ReadPackets 3423 \brief Returns callback's errors 3424 */ 3425 void * 3426 pgp_callback_errors(pgp_cbdata_t *cbinfo) 3427 { 3428 return cbinfo->errors; 3429 } 3430 3431 /** 3432 \ingroup Core_ReadPackets 3433 \brief Calls the parse_cb_info's callback if present 3434 \return Return value from callback, if present; else PGP_FINISHED 3435 */ 3436 pgp_cb_ret_t 3437 pgp_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) 3438 { 3439 return (cbinfo->cbfunc) ? cbinfo->cbfunc(pkt, cbinfo) : PGP_FINISHED; 3440 } 3441 3442 /** 3443 \ingroup Core_ReadPackets 3444 \brief Calls the next callback in the stack 3445 \return Return value from callback 3446 */ 3447 pgp_cb_ret_t 3448 pgp_stacked_callback(const pgp_packet_t *pkt, pgp_cbdata_t *cbinfo) 3449 { 3450 return pgp_callback(pkt, cbinfo->next); 3451 } 3452 3453 /** 3454 \ingroup Core_ReadPackets 3455 \brief Returns the parse_info's errors 3456 \return parse_info's errors 3457 */ 3458 pgp_error_t * 3459 pgp_stream_get_errors(pgp_stream_t *stream) 3460 { 3461 return stream->errors; 3462 } 3463 3464 pgp_crypt_t * 3465 pgp_get_decrypt(pgp_stream_t *stream) 3466 { 3467 return (stream->decrypt.alg) ? &stream->decrypt : NULL; 3468 } 3469