+ __ops_packet_t -> __ops_subpacket_t + __ops_parser_content_t -> __ops_packet_t + rename some other long names 51 chars is the record function name length so far + preliminary moves to support detached signatures as yet, incomplete + add back command line option to list packets in a signed or encrypted file + make __ops_parse() take an argument whether to print errors, and kill the __ops_parse_and_print_errors() function + get rid of some assertions in the code - this is a library - about 100 to godiff -r1.2 -r1.3 src/crypto/external/bsd/netpgp/dist/TODO
(agc)
--- src/crypto/external/bsd/netpgp/dist/TODO 2009/05/02 02:38:54 1.2
+++ src/crypto/external/bsd/netpgp/dist/TODO 2009/05/05 01:28:15 1.3
@@ -1,15 +1,17 @@ | @@ -1,15 +1,17 @@ | |||
1 | To Do | 1 | To Do | |
2 | ===== | 2 | ===== | |
3 | detached verification | |||
4 | get rid of assert()s | |||
3 | need a netpgp_set_{pub,sec}key()? vs _init()? | 5 | need a netpgp_set_{pub,sec}key()? vs _init()? | |
4 | default compression when signing | 6 | default compression when signing | |
5 | get rid of ops_memory after used literal_data_body | 7 | get rid of ops_memory after used literal_data_body | |
6 | sort out callback - ops_export_key, packet-parse callback etc | 8 | sort out callback - ops_export_key, packet-parse callback etc | |
7 | Simplify IO | 9 | Simplify IO | |
8 | Make into SHA1Init, SHA1End, SHA1File style of calls | 10 | Make into SHA1Init, SHA1End, SHA1File style of calls | |
9 | Work out a way to get text out of a signed file | 11 | Work out a way to get text out of a signed file | |
10 | Multiple recipients for encryption | 12 | Multiple recipients for encryption | |
11 | Look at inefficiencies - read() etc | 13 | Look at inefficiencies - read() etc | |
12 | 14 | |||
13 | Done | 15 | Done | |
14 | ==== | 16 | ==== | |
15 | autoconf | 17 | autoconf | |
@@ -32,13 +34,14 @@ use PRIsize appropriately | @@ -32,13 +34,14 @@ use PRIsize appropriately | |||
32 | make a high-level interface | 34 | make a high-level interface | |
33 | get rid of multiple local headers | 35 | get rid of multiple local headers | |
34 | get rid of long identifier names - all done internally now | 36 | get rid of long identifier names - all done internally now | |
35 | Finish name change for everything | 37 | Finish name change for everything | |
36 | work out what's exported and what's not | 38 | work out what's exported and what's not | |
37 | finish off main header file | 39 | finish off main header file | |
38 | init(&netpgp, userid, pubring, secring) | 40 | init(&netpgp, userid, pubring, secring) | |
39 | __ops | 41 | __ops | |
40 | real naming scheme | 42 | real naming scheme | |
41 | get rid of malloc() instances -> calloc() | 43 | get rid of malloc() instances -> calloc() | |
42 | change include directory | 44 | change include directory | |
43 | Install man pages | 45 | Install man pages | |
44 | WARNS=4 (again) | 46 | WARNS=4 (again) | |
47 | detached sig |
--- src/crypto/external/bsd/netpgp/dist/tst 2009/04/23 06:31:56 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/tst 2009/05/05 01:28:15 1.2
@@ -1,33 +1,36 @@ | @@ -1,33 +1,36 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh | |
2 | 2 | |||
3 | #mkdir $HOME/netpgp | 3 | env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../lib && \ | |
4 | ./configure --prefix=$HOME/netpgp | 4 | make cleandir ; \ | |
5 | make clean | 5 | make ; \ | |
6 | make | 6 | su root -c "make install"' | |
7 | (cd src/lib && make install) | 7 | env USETOOLS=no MAKEOBJDIRPREFIX=/usr/obj/i386 sh -c 'cd ../bin && \ | |
8 | make cleandir ; \ | |||
9 | make ; \ | |||
10 | su root -c "make install"' | |||
8 | echo "======> sign/verify 180938 file" | 11 | echo "======> sign/verify 180938 file" | |
9 | cp configure a | 12 | cp configure a | |
10 | src/bin/netpgp --sign a | 13 | /usr/bin/netpgp --sign a | |
11 | src/bin/netpgp --verify a.gpg | 14 | /usr/bin/netpgp --verify a.gpg | |
12 | echo "======> attempt to verify an unsigned file" | 15 | echo "======> attempt to verify an unsigned file" | |
13 | src/bin/netpgp --verify a | 16 | /usr/bin/netpgp --verify a | |
14 | echo "======> encrypt/decrypt 10809 file" | 17 | echo "======> encrypt/decrypt 10809 file" | |
15 | cp src/bin/netpgp.1 b | 18 | cp src/bin/netpgp.1 b | |
16 | src/bin/netpgp --encrypt b | 19 | /usr/bin/netpgp --encrypt b | |
17 | src/bin/netpgp --decrypt b.gpg | 20 | /usr/bin/netpgp --decrypt b.gpg | |
18 | diff src/bin/netpgp.1 b && echo "No differences found" | 21 | diff src/bin/netpgp.1 b && echo "No differences found" | |
19 | echo "======> encrypt/decrypt 180938 file" | 22 | echo "======> encrypt/decrypt 180938 file" | |
20 | cp configure c | 23 | cp configure c | |
21 | src/bin/netpgp --encrypt c | 24 | /usr/bin/netpgp --encrypt c | |
22 | src/bin/netpgp --decrypt c.gpg | 25 | /usr/bin/netpgp --decrypt c.gpg | |
23 | diff configure c && echo "No differences found" | 26 | diff configure c && echo "No differences found" | |
24 | echo "======> encrypt/decrypt bigass file" | 27 | echo "======> encrypt/decrypt bigass file" | |
25 | cat configure configure configure configure configure configure > d | 28 | cat configure configure configure configure configure configure > d | |
26 | ls -l d | 29 | ls -l d | |
27 | cp d e | 30 | cp d e | |
28 | src/bin/netpgp --encrypt d | 31 | /usr/bin/netpgp --encrypt d | |
29 | src/bin/netpgp --decrypt d.gpg | 32 | /usr/bin/netpgp --decrypt d.gpg | |
30 | diff e d && echo "No differences found" | 33 | diff e d && echo "No differences found" | |
31 | echo "======> version information" | 34 | echo "======> version information" | |
32 | src/bin/netpgp --version | 35 | /usr/bin/netpgp --version | |
33 | rm -f a a.gpg b b.gpg c c.gpg d d.gpg e | 36 | rm -f a a.gpg b b.gpg c c.gpg d d.gpg e |
--- src/crypto/external/bsd/netpgp/dist/include/netpgp.h 2009/05/02 02:38:54 1.2
+++ src/crypto/external/bsd/netpgp/dist/include/netpgp.h 2009/05/05 01:28:15 1.3
@@ -36,26 +36,27 @@ typedef struct netpgp_t { | @@ -36,26 +36,27 @@ typedef struct netpgp_t { | |||
36 | void *pubring; /* public key ring */ | 36 | void *pubring; /* public key ring */ | |
37 | char *secringfile; /* name of secret key ring file */ | 37 | char *secringfile; /* name of secret key ring file */ | |
38 | void *secring; /* secret key ring */ | 38 | void *secring; /* secret key ring */ | |
39 | } netpgp_t; | 39 | } netpgp_t; | |
40 | 40 | |||
41 | /* begin and end */ | 41 | /* begin and end */ | |
42 | int netpgp_init(netpgp_t *, char *, char *, char *); /* userid, pubring, secring */ | 42 | int netpgp_init(netpgp_t *, char *, char *, char *); /* userid, pubring, secring */ | |
43 | int netpgp_end(netpgp_t *); | 43 | int netpgp_end(netpgp_t *); | |
44 | 44 | |||
45 | /* debugging, reflection and information */ | 45 | /* debugging, reflection and information */ | |
46 | int netpgp_set_debug(const char *); | 46 | int netpgp_set_debug(const char *); | |
47 | int netpgp_get_debug(const char *); | 47 | int netpgp_get_debug(const char *); | |
48 | const char *netpgp_get_info(const char *); | 48 | const char *netpgp_get_info(const char *); | |
49 | int netpgp_list_packets(netpgp_t *, char *, int, char *); | |||
49 | 50 | |||
50 | /* key management */ | 51 | /* key management */ | |
51 | int netpgp_list_keys(netpgp_t *); | 52 | int netpgp_list_keys(netpgp_t *); | |
52 | int netpgp_find_key(netpgp_t *, char *); | 53 | int netpgp_find_key(netpgp_t *, char *); | |
53 | int netpgp_export_key(netpgp_t *, char *); | 54 | int netpgp_export_key(netpgp_t *, char *); | |
54 | int netpgp_import_key(netpgp_t *, char *); | 55 | int netpgp_import_key(netpgp_t *, char *); | |
55 | int netpgp_generate_key(netpgp_t *, char *, int); | 56 | int netpgp_generate_key(netpgp_t *, char *, int); | |
56 | 57 | |||
57 | /* file management */ | 58 | /* file management */ | |
58 | int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int); | 59 | int netpgp_encrypt_file(netpgp_t *, char *, char *, char *, int); | |
59 | int netpgp_decrypt_file(netpgp_t *, char *, char *, int); | 60 | int netpgp_decrypt_file(netpgp_t *, char *, char *, int); | |
60 | int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int); | 61 | int netpgp_sign_file(netpgp_t *, char *, char *, char *, int, int, int); | |
61 | int netpgp_verify_file(netpgp_t *, char *, int); | 62 | int netpgp_verify_file(netpgp_t *, char *, int); |
--- src/crypto/external/bsd/netpgp/dist/src/bin/Attic/netpgp.1 2009/05/02 09:40:33 1.6
+++ src/crypto/external/bsd/netpgp/dist/src/bin/Attic/netpgp.1 2009/05/05 01:28:15 1.7
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: netpgp.1,v 1.6 2009/05/02 09:40:33 wiz Exp $ | 1 | .\" $NetBSD: netpgp.1,v 1.7 2009/05/05 01:28:15 agc Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2009 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This manual page is derived from software contributed to | 6 | .\" This manual page is derived from software contributed to | |
7 | .\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org). | 7 | .\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org). | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -17,46 +17,47 @@ | @@ -17,46 +17,47 @@ | |||
17 | .\" | 17 | .\" | |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | 28 | .\" POSSIBILITY OF SUCH DAMAGE. | |
29 | .\" | 29 | .\" | |
30 | .Dd May 1, 2009 | 30 | .Dd May 4, 2009 | |
31 | .Dt NETPGP 1 | 31 | .Dt NETPGP 1 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm netpgp | 34 | .Nm netpgp | |
35 | .Nd signing, verification, encryption, and decryption utility | 35 | .Nd signing, verification, encryption, and decryption utility | |
36 | .Sh SYNOPSIS | 36 | .Sh SYNOPSIS | |
37 | .Nm netpgp | 37 | .Nm netpgp | |
38 | .Op Fl Fl armour | 38 | .Op Fl Fl armour | |
39 | .Op Fl Fl clearsign | 39 | .Op Fl Fl clearsign | |
40 | .Op Fl Fl decrypt | 40 | .Op Fl Fl decrypt | |
41 | .Op Fl Fl detached | 41 | .Op Fl Fl detached | |
42 | .Op Fl Fl encrypt | 42 | .Op Fl Fl encrypt | |
43 | .Op Fl Fl export-key | 43 | .Op Fl Fl export-key | |
44 | .Op Fl Fl find-key | 44 | .Op Fl Fl find-key | |
45 | .Op Fl Fl generate-key | 45 | .Op Fl Fl generate-key | |
46 | .Op Fl Fl homedir Ns = Ns Ar home-directory | 46 | .Op Fl Fl homedir Ns = Ns Ar home-directory | |
47 | .Op Fl Fl import-key | 47 | .Op Fl Fl import-key | |
48 | .Op Fl Fl keyring Ns = Ns Ar keyring | 48 | .Op Fl Fl keyring Ns = Ns Ar keyring | |
49 | .Op Fl Fl list-keys | 49 | .Op Fl Fl list-keys | |
50 | .Op Fl Fl list-packets | |||
50 | .Op Fl Fl numbits Ns = Ns Ar numbits | 51 | .Op Fl Fl numbits Ns = Ns Ar numbits | |
51 | .Op Fl Fl sign | 52 | .Op Fl Fl sign | |
52 | .Op Fl Fl userid Ns = Ns Ar userid | 53 | .Op Fl Fl userid Ns = Ns Ar userid | |
53 | .Op Fl Fl verify | 54 | .Op Fl Fl verify | |
54 | .Op Fl Fl version | 55 | .Op Fl Fl version | |
55 | .Ar file ... | 56 | .Ar file ... | |
56 | .Sh DESCRIPTION | 57 | .Sh DESCRIPTION | |
57 | The | 58 | The | |
58 | .Nm | 59 | .Nm | |
59 | command can digitally sign files and verify that the signatures | 60 | command can digitally sign files and verify that the signatures | |
60 | attached to files were signed by a given user identifier. | 61 | attached to files were signed by a given user identifier. | |
61 | .Nm | 62 | .Nm | |
62 | can also encrypt files using the public or private keys of | 63 | can also encrypt files using the public or private keys of | |
@@ -108,26 +109,35 @@ public key servers, for example. | @@ -108,26 +109,35 @@ public key servers, for example. | |||
108 | Find the appropriate public key from the current keyring. | 109 | Find the appropriate public key from the current keyring. | |
109 | If no keyring is provided, the user's public keyring is used. | 110 | If no keyring is provided, the user's public keyring is used. | |
110 | .It Fl Fl generate-key | 111 | .It Fl Fl generate-key | |
111 | This command is used to generate a new public and private key pair. | 112 | This command is used to generate a new public and private key pair. | |
112 | The user id is taken from the command line, and the user will be | 113 | The user id is taken from the command line, and the user will be | |
113 | prompted to provide a suitable pass phrase. | 114 | prompted to provide a suitable pass phrase. | |
114 | .It Fl Fl import-key | 115 | .It Fl Fl import-key | |
115 | Import a public key as retrieved from one of the public key servers. | 116 | Import a public key as retrieved from one of the public key servers. | |
116 | This is in the form of a file which has previously been | 117 | This is in the form of a file which has previously been | |
117 | retrieved from elsewhere. | 118 | retrieved from elsewhere. | |
118 | .It Fl Fl list-keys | 119 | .It Fl Fl list-keys | |
119 | List all the public keys in the current keyring. | 120 | List all the public keys in the current keyring. | |
120 | If no keyring is provided, the user's public keyring is used. | 121 | If no keyring is provided, the user's public keyring is used. | |
122 | .It Fl Fl list-packets | |||
123 | List all the | |||
124 | .Dq packets | |||
125 | in an encrypted or signed file. | |||
126 | Internally, | |||
127 | .Nm | |||
128 | splits an encrypted or signed file into separate packets, and | |||
129 | this option is used to give a verbose representation | |||
130 | of these packets on standard output. | |||
121 | .It Fl Fl sign | 131 | .It Fl Fl sign | |
122 | The private key is used to digitally sign the files named on the | 132 | The private key is used to digitally sign the files named on the | |
123 | command line. | 133 | command line. | |
124 | Extra text is added to the file. | 134 | Extra text is added to the file. | |
125 | In rough terms, this text is a digest of the file's contents, | 135 | In rough terms, this text is a digest of the file's contents, | |
126 | encrypted with the user's private key. | 136 | encrypted with the user's private key. | |
127 | Since together, the private and public keys identify the user | 137 | Since together, the private and public keys identify the user | |
128 | uniquely, the added text can be used to identify the exact version | 138 | uniquely, the added text can be used to identify the exact version | |
129 | of the file, and any changes made to the file will mean that the | 139 | of the file, and any changes made to the file will mean that the | |
130 | signature no longer matches. | 140 | signature no longer matches. | |
131 | The file and its attached signature are created with a | 141 | The file and its attached signature are created with a | |
132 | .Dq Pa .gpg | 142 | .Dq Pa .gpg | |
133 | extension to the original file name. | 143 | extension to the original file name. |
--- src/crypto/external/bsd/netpgp/dist/src/bin/Attic/netpgp.c 2009/05/02 02:38:54 1.2
+++ src/crypto/external/bsd/netpgp/dist/src/bin/Attic/netpgp.c 2009/05/05 01:28:15 1.3
@@ -163,26 +163,29 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p, | @@ -163,26 +163,29 @@ netpgp_cmd(netpgp_t *netpgp, prog_t *p, | |||
163 | netpgp_decrypt_file(netpgp, f, NULL, p->armour); | 163 | netpgp_decrypt_file(netpgp, f, NULL, p->armour); | |
164 | break; | 164 | break; | |
165 | case SIGN: | 165 | case SIGN: | |
166 | netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 0, | 166 | netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 0, | |
167 | p->detached); | 167 | p->detached); | |
168 | break; | 168 | break; | |
169 | case CLEARSIGN: | 169 | case CLEARSIGN: | |
170 | netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 1, | 170 | netpgp_sign_file(netpgp, p->userid, f, NULL, p->armour, 1, | |
171 | p->detached); | 171 | p->detached); | |
172 | break; | 172 | break; | |
173 | case VERIFY: | 173 | case VERIFY: | |
174 | netpgp_verify_file(netpgp, f, p->armour); | 174 | netpgp_verify_file(netpgp, f, p->armour); | |
175 | break; | 175 | break; | |
176 | case LIST_PACKETS: | |||
177 | netpgp_list_packets(netpgp, f, p->armour, NULL); | |||
178 | break; | |||
176 | default: | 179 | default: | |
177 | print_usage(usage, pname); | 180 | print_usage(usage, pname); | |
178 | exit(EXIT_ERROR); | 181 | exit(EXIT_ERROR); | |
179 | } | 182 | } | |
180 | } | 183 | } | |
181 | 184 | |||
182 | int | 185 | int | |
183 | main(int argc, char **argv) | 186 | main(int argc, char **argv) | |
184 | { | 187 | { | |
185 | netpgp_t netpgp; | 188 | netpgp_t netpgp; | |
186 | prog_t p; | 189 | prog_t p; | |
187 | char homedir[MAXBUF + 1]; | 190 | char homedir[MAXBUF + 1]; | |
188 | int zeroargs; | 191 | int zeroargs; | |
@@ -219,27 +222,27 @@ main(int argc, char **argv) | @@ -219,27 +222,27 @@ main(int argc, char **argv) | |||
219 | case EXPORT_KEY: | 222 | case EXPORT_KEY: | |
220 | case IMPORT_KEY: | 223 | case IMPORT_KEY: | |
221 | case GENERATE_KEY: | 224 | case GENERATE_KEY: | |
222 | case ENCRYPT: | 225 | case ENCRYPT: | |
223 | case DECRYPT: | 226 | case DECRYPT: | |
224 | case SIGN: | 227 | case SIGN: | |
225 | case CLEARSIGN: | 228 | case CLEARSIGN: | |
226 | case VERIFY: | 229 | case VERIFY: | |
227 | case LIST_PACKETS: | 230 | case LIST_PACKETS: | |
228 | p.cmd = long_options[optindex].val; | 231 | p.cmd = long_options[optindex].val; | |
229 | break; | 232 | break; | |
230 | 233 | |||
231 | case VERSION_CMD: | 234 | case VERSION_CMD: | |
232 | printf("%s\nAll bug reports, praise and chocolate, please, to: %s\n", | 235 | printf("%s\nAll bug reports, praise and chocolate, please, to:\n%s\n", | |
233 | netpgp_get_info("version"), | 236 | netpgp_get_info("version"), | |
234 | netpgp_get_info("maintainer")); | 237 | netpgp_get_info("maintainer")); | |
235 | exit(EXIT_SUCCESS); | 238 | exit(EXIT_SUCCESS); | |
236 | 239 | |||
237 | /* options */ | 240 | /* options */ | |
238 | case KEYRING: | 241 | case KEYRING: | |
239 | if (optarg == NULL) { | 242 | if (optarg == NULL) { | |
240 | (void) fprintf(stderr, "No keyring argument provided\n"); | 243 | (void) fprintf(stderr, "No keyring argument provided\n"); | |
241 | exit(EXIT_ERROR); | 244 | exit(EXIT_ERROR); | |
242 | } | 245 | } | |
243 | snprintf(p.keyring, sizeof(p.keyring), "%s", optarg); | 246 | snprintf(p.keyring, sizeof(p.keyring), "%s", optarg); | |
244 | break; | 247 | break; | |
245 | 248 |
--- src/crypto/external/bsd/netpgp/dist/src/lib/compress.c 2009/05/02 02:38:55 1.4
+++ src/crypto/external/bsd/netpgp/dist/src/lib/compress.c 2009/05/05 01:28:15 1.5
@@ -21,30 +21,26 @@ | @@ -21,30 +21,26 @@ | |||
21 | 21 | |||
22 | /** \file | 22 | /** \file | |
23 | */ | 23 | */ | |
24 | #include "config.h" | 24 | #include "config.h" | |
25 | 25 | |||
26 | #ifdef HAVE_ZLIB_H | 26 | #ifdef HAVE_ZLIB_H | |
27 | #include <zlib.h> | 27 | #include <zlib.h> | |
28 | #endif | 28 | #endif | |
29 | 29 | |||
30 | #ifdef HAVE_BZLIB_H | 30 | #ifdef HAVE_BZLIB_H | |
31 | #include <bzlib.h> | 31 | #include <bzlib.h> | |
32 | #endif | 32 | #endif | |
33 | 33 | |||
34 | #ifdef HAVE_ASSERT_H | |||
35 | #include <assert.h> | |||
36 | #endif | |||
37 | ||||
38 | #include <string.h> | 34 | #include <string.h> | |
39 | 35 | |||
40 | #include "packet-parse.h" | 36 | #include "packet-parse.h" | |
41 | #include "errors.h" | 37 | #include "errors.h" | |
42 | #include "netpgpdefs.h" | 38 | #include "netpgpdefs.h" | |
43 | #include "parse_local.h" | 39 | #include "parse_local.h" | |
44 | #include "memory.h" | 40 | #include "memory.h" | |
45 | #include "writer.h" | 41 | #include "writer.h" | |
46 | 42 | |||
47 | #define DECOMPRESS_BUFFER 1024 | 43 | #define DECOMPRESS_BUFFER 1024 | |
48 | 44 | |||
49 | typedef struct { | 45 | typedef struct { | |
50 | __ops_compression_type_t type; | 46 | __ops_compression_type_t type; | |
@@ -77,27 +73,32 @@ typedef struct { | @@ -77,27 +73,32 @@ typedef struct { | |||
77 | * bzip2_compressed_data_reader | 73 | * bzip2_compressed_data_reader | |
78 | */ | 74 | */ | |
79 | static int | 75 | static int | |
80 | zlib_compressed_data_reader(void *dest, size_t length, | 76 | zlib_compressed_data_reader(void *dest, size_t length, | |
81 | __ops_error_t ** errors, | 77 | __ops_error_t ** errors, | |
82 | __ops_reader_info_t *rinfo, | 78 | __ops_reader_info_t *rinfo, | |
83 | __ops_parse_cb_info_t *cbinfo) | 79 | __ops_parse_cb_info_t *cbinfo) | |
84 | { | 80 | { | |
85 | z_decompress_t *z = __ops_reader_get_arg(rinfo); | 81 | z_decompress_t *z = __ops_reader_get_arg(rinfo); | |
86 | size_t len; | 82 | size_t len; | |
87 | size_t cc; | 83 | size_t cc; | |
88 | char *cdest = dest; | 84 | char *cdest = dest; | |
89 | 85 | |||
90 | assert(z->type == OPS_C_ZIP || z->type == OPS_C_ZLIB); | 86 | if (z->type != OPS_C_ZIP && z->type != OPS_C_ZLIB) { | |
87 | (void) fprintf(stderr, | |||
88 | "zlib_compressed_data_reader: weird type %d\n", | |||
89 | z->type); | |||
90 | return 0; | |||
91 | } | |||
91 | 92 | |||
92 | if (z->inflate_ret == Z_STREAM_END && | 93 | if (z->inflate_ret == Z_STREAM_END && | |
93 | z->zstream.next_out == &z->out[z->offset]) { | 94 | z->zstream.next_out == &z->out[z->offset]) { | |
94 | return 0; | 95 | return 0; | |
95 | } | 96 | } | |
96 | 97 | |||
97 | if (__ops_get_debug_level(__FILE__)) { | 98 | if (__ops_get_debug_level(__FILE__)) { | |
98 | (void) fprintf(stderr, "zlib_compressed_data_reader: length %" PRIsize "d\n", length); | 99 | (void) fprintf(stderr, "zlib_compressed_data_reader: length %" PRIsize "d\n", length); | |
99 | } | 100 | } | |
100 | 101 | |||
101 | if (z->region->length_read == z->region->length) { | 102 | if (z->region->length_read == z->region->length) { | |
102 | if (z->inflate_ret != Z_STREAM_END) { | 103 | if (z->inflate_ret != Z_STREAM_END) { | |
103 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, | 104 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, | |
@@ -136,51 +137,57 @@ zlib_compressed_data_reader(void *dest, | @@ -136,51 +137,57 @@ zlib_compressed_data_reader(void *dest, | |||
136 | if (ret == Z_STREAM_END) { | 137 | if (ret == Z_STREAM_END) { | |
137 | if (!z->region->indeterminate && | 138 | if (!z->region->indeterminate && | |
138 | z->region->length_read != z->region->length) { | 139 | z->region->length_read != z->region->length) { | |
139 | OPS_ERROR(cbinfo->errors, | 140 | OPS_ERROR(cbinfo->errors, | |
140 | OPS_E_P_DECOMPRESSION_ERROR, | 141 | OPS_E_P_DECOMPRESSION_ERROR, | |
141 | "Compressed stream ended before packet end."); | 142 | "Compressed stream ended before packet end."); | |
142 | } | 143 | } | |
143 | } else if (ret != Z_OK) { | 144 | } else if (ret != Z_OK) { | |
144 | (void) fprintf(stderr, "ret=%d\n", ret); | 145 | (void) fprintf(stderr, "ret=%d\n", ret); | |
145 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, z->zstream.msg); | 146 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, z->zstream.msg); | |
146 | } | 147 | } | |
147 | z->inflate_ret = ret; | 148 | z->inflate_ret = ret; | |
148 | } | 149 | } | |
149 | assert(z->zstream.next_out > &z->out[z->offset]); | 150 | if (z->zstream.next_out <= &z->out[z->offset]) { | |
151 | (void) fprintf(stderr, "Out of memory in buffer\n"); | |||
152 | return 0; | |||
153 | } | |||
150 | len = z->zstream.next_out - &z->out[z->offset]; | 154 | len = z->zstream.next_out - &z->out[z->offset]; | |
151 | if (len > length) { | 155 | if (len > length) { | |
152 | len = length; | 156 | len = length; | |
153 | } | 157 | } | |
154 | (void) memcpy(&cdest[cc], &z->out[z->offset], len); | 158 | (void) memcpy(&cdest[cc], &z->out[z->offset], len); | |
155 | z->offset += len; | 159 | z->offset += len; | |
156 | } | 160 | } | |
157 | 161 | |||
158 | return length; | 162 | return length; | |
159 | } | 163 | } | |
160 | 164 | |||
161 | /* \todo remove code duplication between this and zlib_compressed_data_reader */ | 165 | /* \todo remove code duplication between this and zlib_compressed_data_reader */ | |
162 | static int | 166 | static int | |
163 | bzip2_compressed_data_reader(void *dest, size_t length, | 167 | bzip2_compressed_data_reader(void *dest, size_t length, | |
164 | __ops_error_t ** errors, | 168 | __ops_error_t ** errors, | |
165 | __ops_reader_info_t * rinfo, | 169 | __ops_reader_info_t * rinfo, | |
166 | __ops_parse_cb_info_t * cbinfo) | 170 | __ops_parse_cb_info_t * cbinfo) | |
167 | { | 171 | { | |
168 | bz_decompress_t *bz = __ops_reader_get_arg(rinfo); | 172 | bz_decompress_t *bz = __ops_reader_get_arg(rinfo); | |
169 | size_t len; | 173 | size_t len; | |
170 | size_t cc; | 174 | size_t cc; | |
171 | char *cdest = dest; | 175 | char *cdest = dest; | |
172 | 176 | |||
173 | assert(bz->type == OPS_C_BZIP2); | 177 | if (bz->type != OPS_C_BZIP2) { | |
178 | (void) fprintf(stderr, "Weird type %d\n", bz->type); | |||
179 | return 0; | |||
180 | } | |||
174 | 181 | |||
175 | if (bz->inflate_ret == BZ_STREAM_END && | 182 | if (bz->inflate_ret == BZ_STREAM_END && | |
176 | bz->bzstream.next_out == &bz->out[bz->offset]) { | 183 | bz->bzstream.next_out == &bz->out[bz->offset]) { | |
177 | return 0; | 184 | return 0; | |
178 | } | 185 | } | |
179 | if (bz->region->length_read == bz->region->length) { | 186 | if (bz->region->length_read == bz->region->length) { | |
180 | if (bz->inflate_ret != BZ_STREAM_END) { | 187 | if (bz->inflate_ret != BZ_STREAM_END) { | |
181 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, | 188 | OPS_ERROR(cbinfo->errors, OPS_E_P_DECOMPRESSION_ERROR, | |
182 | "Compressed data didn't end when region ended."); | 189 | "Compressed data didn't end when region ended."); | |
183 | } | 190 | } | |
184 | } | 191 | } | |
185 | for (cc = 0 ; cc < length ; cc += len) { | 192 | for (cc = 0 ; cc < length ; cc += len) { | |
186 | if (&bz->out[bz->offset] == bz->bzstream.next_out) { | 193 | if (&bz->out[bz->offset] == bz->bzstream.next_out) { | |
@@ -211,30 +218,34 @@ bzip2_compressed_data_reader(void *dest, | @@ -211,30 +218,34 @@ bzip2_compressed_data_reader(void *dest, | |||
211 | if (ret == BZ_STREAM_END) { | 218 | if (ret == BZ_STREAM_END) { | |
212 | if (!bz->region->indeterminate && | 219 | if (!bz->region->indeterminate && | |
213 | bz->region->length_read != bz->region->length) | 220 | bz->region->length_read != bz->region->length) | |
214 | OPS_ERROR(cbinfo->errors, | 221 | OPS_ERROR(cbinfo->errors, | |
215 | OPS_E_P_DECOMPRESSION_ERROR, | 222 | OPS_E_P_DECOMPRESSION_ERROR, | |
216 | "Compressed stream ended before packet end."); | 223 | "Compressed stream ended before packet end."); | |
217 | } else if (ret != BZ_OK) { | 224 | } else if (ret != BZ_OK) { | |
218 | OPS_ERROR_1(cbinfo->errors, | 225 | OPS_ERROR_1(cbinfo->errors, | |
219 | OPS_E_P_DECOMPRESSION_ERROR, | 226 | OPS_E_P_DECOMPRESSION_ERROR, | |
220 | "Invalid return %d from BZ2_bzDecompress", ret); | 227 | "Invalid return %d from BZ2_bzDecompress", ret); | |
221 | } | 228 | } | |
222 | bz->inflate_ret = ret; | 229 | bz->inflate_ret = ret; | |
223 | } | 230 | } | |
224 | assert(bz->bzstream.next_out > &bz->out[bz->offset]); | 231 | if (bz->bzstream.next_out <= &bz->out[bz->offset]) { | |
232 | (void) fprintf(stderr, "Out of bz memroy\n"); | |||
233 | return 0; | |||
234 | } | |||
225 | len = bz->bzstream.next_out - &bz->out[bz->offset]; | 235 | len = bz->bzstream.next_out - &bz->out[bz->offset]; | |
226 | if (len > length) | 236 | if (len > length) { | |
227 | len = length; | 237 | len = length; | |
238 | } | |||
228 | (void) memcpy(&cdest[cc], &bz->out[bz->offset], len); | 239 | (void) memcpy(&cdest[cc], &bz->out[bz->offset], len); | |
229 | bz->offset += len; | 240 | bz->offset += len; | |
230 | } | 241 | } | |
231 | 242 | |||
232 | return length; | 243 | return length; | |
233 | } | 244 | } | |
234 | 245 | |||
235 | /** | 246 | /** | |
236 | * \ingroup Core_Compress | 247 | * \ingroup Core_Compress | |
237 | * | 248 | * | |
238 | * \param *region Pointer to a region | 249 | * \param *region Pointer to a region | |
239 | * \param *parse_info How to parse | 250 | * \param *parse_info How to parse | |
240 | * \param type Which compression type to expect | 251 | * \param type Which compression type to expect | |
@@ -328,27 +339,27 @@ __ops_decompress(__ops_region_t *region, | @@ -328,27 +339,27 @@ __ops_decompress(__ops_region_t *region, | |||
328 | "Cannot initialise BZIP2 stream for decompression: error=%d", ret); | 339 | "Cannot initialise BZIP2 stream for decompression: error=%d", ret); | |
329 | return 0; | 340 | return 0; | |
330 | } | 341 | } | |
331 | __ops_reader_push(parse_info, bzip2_compressed_data_reader, NULL, &bz); | 342 | __ops_reader_push(parse_info, bzip2_compressed_data_reader, NULL, &bz); | |
332 | break; | 343 | break; | |
333 | 344 | |||
334 | default: | 345 | default: | |
335 | OPS_ERROR_1(&parse_info->errors, | 346 | OPS_ERROR_1(&parse_info->errors, | |
336 | OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, | 347 | OPS_E_ALG_UNSUPPORTED_COMPRESS_ALG, | |
337 | "Compression algorithm %d is not yet supported", type); | 348 | "Compression algorithm %d is not yet supported", type); | |
338 | return 0; | 349 | return 0; | |
339 | } | 350 | } | |
340 | 351 | |||
341 | ret = __ops_parse(parse_info); | 352 | ret = __ops_parse(parse_info, 0); | |
342 | 353 | |||
343 | __ops_reader_pop(parse_info); | 354 | __ops_reader_pop(parse_info); | |
344 | 355 | |||
345 | return ret; | 356 | return ret; | |
346 | } | 357 | } | |
347 | 358 | |||
348 | /** | 359 | /** | |
349 | \ingroup Core_WritePackets | 360 | \ingroup Core_WritePackets | |
350 | \brief Writes Compressed packet | 361 | \brief Writes Compressed packet | |
351 | \param data Data to write out | 362 | \param data Data to write out | |
352 | \param len Length of data | 363 | \param len Length of data | |
353 | \param cinfo Write settings | 364 | \param cinfo Write settings | |
354 | \return true if OK; else false | 365 | \return true if OK; else false | |
@@ -364,45 +375,50 @@ __ops_write_compressed(const unsigned ch | @@ -364,45 +375,50 @@ __ops_write_compressed(const unsigned ch | |||
364 | size_t sz_out = 0; | 375 | size_t sz_out = 0; | |
365 | int r = 0; | 376 | int r = 0; | |
366 | 377 | |||
367 | /* compress the data */ | 378 | /* compress the data */ | |
368 | const int level = Z_DEFAULT_COMPRESSION; /* \todo allow varying | 379 | const int level = Z_DEFAULT_COMPRESSION; /* \todo allow varying | |
369 | * levels */ | 380 | * levels */ | |
370 | zip->stream.zalloc = Z_NULL; | 381 | zip->stream.zalloc = Z_NULL; | |
371 | zip->stream.zfree = Z_NULL; | 382 | zip->stream.zfree = Z_NULL; | |
372 | zip->stream.opaque = NULL; | 383 | zip->stream.opaque = NULL; | |
373 | 384 | |||
374 | /* all other fields set to zero by use of calloc */ | 385 | /* all other fields set to zero by use of calloc */ | |
375 | 386 | |||
376 | if (deflateInit(&zip->stream, level) != Z_OK) { | 387 | if (deflateInit(&zip->stream, level) != Z_OK) { | |
377 | /* can't initialise */ | 388 | (void) fprintf(stderr, | |
378 | assert(/* CONSTCOND */0); | 389 | "__ops_write_compressed: can't initialise\n"); | |
390 | return false; | |||
379 | } | 391 | } | |
380 | /* do necessary transformation */ | 392 | /* do necessary transformation */ | |
381 | /* copy input to maintain const'ness of src */ | 393 | /* copy input to maintain const'ness of src */ | |
382 | assert(zip->src == NULL); | 394 | if (zip->src != NULL || zip->dst != NULL) { | |
383 | assert(zip->dst == NULL); | 395 | (void) fprintf(stderr, | |
396 | "__ops_write_compressed: non-null streams\n"); | |||
397 | return false; | |||
398 | } | |||
384 | 399 | |||
385 | sz_in = len * sizeof(unsigned char); | 400 | sz_in = len * sizeof(unsigned char); | |
386 | sz_out = (sz_in * 1.01) + 12; /* from zlib webpage */ | 401 | sz_out = (sz_in * 1.01) + 12; /* from zlib webpage */ | |
387 | zip->src = calloc(1, sz_in); | 402 | zip->src = calloc(1, sz_in); | |
388 | zip->dst = calloc(1, sz_out); | 403 | zip->dst = calloc(1, sz_out); | |
389 | (void) memcpy(zip->src, data, len); | 404 | (void) memcpy(zip->src, data, len); | |
390 | 405 | |||
391 | /* setup stream */ | 406 | /* setup stream */ | |
392 | zip->stream.next_in = zip->src; | 407 | zip->stream.next_in = zip->src; | |
393 | zip->stream.avail_in = sz_in; | 408 | zip->stream.avail_in = sz_in; | |
394 | zip->stream.total_in = 0; | 409 | zip->stream.total_in = 0; | |
395 | 410 | |||
396 | zip->stream.next_out = zip->dst; | 411 | zip->stream.next_out = zip->dst; | |
397 | zip->stream.avail_out = sz_out; | 412 | zip->stream.avail_out = sz_out; | |
398 | zip->stream.total_out = 0; | 413 | zip->stream.total_out = 0; | |
399 | 414 | |||
400 | r = deflate(&zip->stream, Z_FINISH); | 415 | do { | |
401 | assert(r == Z_STREAM_END); /* need to loop if not */ | 416 | r = deflate(&zip->stream, Z_FINISH); | |
417 | } while (r != Z_STREAM_END); | |||
402 | 418 | |||
403 | /* write it out */ | 419 | /* write it out */ | |
404 | return (__ops_write_ptag(OPS_PTAG_CT_COMPRESSED, cinfo) && | 420 | return (__ops_write_ptag(OPS_PTAG_CT_COMPRESSED, cinfo) && | |
405 | __ops_write_length((unsigned)(zip->stream.total_out + 1), cinfo) && | 421 | __ops_write_length((unsigned)(zip->stream.total_out + 1), cinfo) && | |
406 | __ops_write_scalar(OPS_C_ZLIB, 1, cinfo) && | 422 | __ops_write_scalar(OPS_C_ZLIB, 1, cinfo) && | |
407 | __ops_write(zip->dst, (unsigned)zip->stream.total_out, cinfo)); | 423 | __ops_write(zip->dst, (unsigned)zip->stream.total_out, cinfo)); | |
408 | } | 424 | } |
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c 2009/05/02 02:38:55 1.4
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c 2009/05/05 01:28:15 1.5
@@ -13,60 +13,60 @@ | @@ -13,60 +13,60 @@ | |||
13 | * | 13 | * | |
14 | * Unless required by applicable law or agreed to in writing, software | 14 | * Unless required by applicable law or agreed to in writing, software | |
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /** \file | 22 | /** \file | |
23 | */ | 23 | */ | |
24 | #include "config.h" | 24 | #include "config.h" | |
25 | 25 | |||
26 | #ifdef HAVE_OPENSSL_CAST_H | |||
27 | #include <openssl/cast.h> | |||
28 | #endif | |||
29 | ||||
30 | #include "create.h" | |||
31 | #include "keyring.h" | |||
32 | #include "packet.h" | |||
33 | #include "signature.h" | |||
34 | #include "writer.h" | |||
35 | ||||
36 | #include "readerwriter.h" | |||
37 | #include "keyring_local.h" | |||
38 | #include "loccreate.h" | |||
39 | #include "memory.h" | |||
40 | #include "netpgpdefs.h" | |||
41 | ||||
42 | #include <sys/types.h> | 26 | #include <sys/types.h> | |
43 | #include <sys/stat.h> | 27 | #include <sys/stat.h> | |
44 | #include <sys/mman.h> | 28 | #include <sys/mman.h> | |
45 | 29 | |||
46 | #include <string.h> | |||
47 | ||||
48 | #ifdef HAVE_ASSERT_H | 30 | #ifdef HAVE_ASSERT_H | |
49 | #include <assert.h> | 31 | #include <assert.h> | |
50 | #endif | 32 | #endif | |
51 | 33 | |||
52 | #ifdef HAVE_FCNTL_H | 34 | #ifdef HAVE_FCNTL_H | |
53 | #include <fcntl.h> | 35 | #include <fcntl.h> | |
54 | #endif | 36 | #endif | |
55 | 37 | |||
38 | #include <string.h> | |||
39 | ||||
56 | #ifdef HAVE_UNISTD_H | 40 | #ifdef HAVE_UNISTD_H | |
57 | #include <unistd.h> | 41 | #include <unistd.h> | |
58 | #endif | 42 | #endif | |
59 | 43 | |||
44 | #ifdef HAVE_OPENSSL_CAST_H | |||
45 | #include <openssl/cast.h> | |||
46 | #endif | |||
47 | ||||
48 | #include "create.h" | |||
49 | #include "keyring.h" | |||
50 | #include "packet.h" | |||
51 | #include "signature.h" | |||
52 | #include "writer.h" | |||
53 | ||||
54 | #include "readerwriter.h" | |||
55 | #include "keyring_local.h" | |||
56 | #include "loccreate.h" | |||
57 | #include "memory.h" | |||
58 | #include "netpgpdefs.h" | |||
59 | ||||
60 | /** | 60 | /** | |
61 | * \ingroup Core_Create | 61 | * \ingroup Core_Create | |
62 | * \param length | 62 | * \param length | |
63 | * \param type | 63 | * \param type | |
64 | * \param info | 64 | * \param info | |
65 | * \return true if OK, otherwise false | 65 | * \return true if OK, otherwise false | |
66 | */ | 66 | */ | |
67 | 67 | |||
68 | bool | 68 | bool | |
69 | __ops_write_ss_header(unsigned length, __ops_content_tag_t type, | 69 | __ops_write_ss_header(unsigned length, __ops_content_tag_t type, | |
70 | __ops_create_info_t * info) | 70 | __ops_create_info_t * info) | |
71 | { | 71 | { | |
72 | return __ops_write_length(length, info) && | 72 | return __ops_write_length(length, info) && | |
@@ -146,37 +146,37 @@ public_key_length(const __ops_public_key | @@ -146,37 +146,37 @@ public_key_length(const __ops_public_key | |||
146 | default: | 146 | default: | |
147 | assert(!"unknown key algorithm"); | 147 | assert(!"unknown key algorithm"); | |
148 | } | 148 | } | |
149 | /* not reached */ | 149 | /* not reached */ | |
150 | return 0; | 150 | return 0; | |
151 | } | 151 | } | |
152 | 152 | |||
153 | static unsigned | 153 | static unsigned | |
154 | secret_key_length(const __ops_secret_key_t * key) | 154 | secret_key_length(const __ops_secret_key_t * key) | |
155 | { | 155 | { | |
156 | int l; | 156 | int l; | |
157 | 157 | |||
158 | l = 0; | 158 | l = 0; | |
159 | switch (key->public_key.algorithm) { | 159 | switch (key->pubkey.algorithm) { | |
160 | case OPS_PKA_RSA: | 160 | case OPS_PKA_RSA: | |
161 | l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) | 161 | l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) + | |
162 | + mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u); | 162 | mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u); | |
163 | break; | 163 | break; | |
164 | 164 | |||
165 | default: | 165 | default: | |
166 | assert(!"unknown key algorithm"); | 166 | assert(!"unknown key algorithm"); | |
167 | } | 167 | } | |
168 | 168 | |||
169 | return l + public_key_length(&key->public_key); | 169 | return l + public_key_length(&key->pubkey); | |
170 | } | 170 | } | |
171 | 171 | |||
172 | /** | 172 | /** | |
173 | * \ingroup Core_Create | 173 | * \ingroup Core_Create | |
174 | * \param key | 174 | * \param key | |
175 | * \param t | 175 | * \param t | |
176 | * \param n | 176 | * \param n | |
177 | * \param e | 177 | * \param e | |
178 | */ | 178 | */ | |
179 | void | 179 | void | |
180 | __ops_fast_create_rsa_public_key(__ops_public_key_t * key, time_t t, | 180 | __ops_fast_create_rsa_public_key(__ops_public_key_t * key, time_t t, | |
181 | BIGNUM * n, BIGNUM * e) | 181 | BIGNUM * n, BIGNUM * e) | |
182 | { | 182 | { | |
@@ -186,52 +186,56 @@ __ops_fast_create_rsa_public_key(__ops_p | @@ -186,52 +186,56 @@ __ops_fast_create_rsa_public_key(__ops_p | |||
186 | key->key.rsa.n = n; | 186 | key->key.rsa.n = n; | |
187 | key->key.rsa.e = e; | 187 | key->key.rsa.e = e; | |
188 | } | 188 | } | |
189 | 189 | |||
190 | /* | 190 | /* | |
191 | * Note that we support v3 keys here because they're needed for for | 191 | * Note that we support v3 keys here because they're needed for for | |
192 | * verification - the writer doesn't allow them, though | 192 | * verification - the writer doesn't allow them, though | |
193 | */ | 193 | */ | |
194 | static bool | 194 | static bool | |
195 | write_public_key_body(const __ops_public_key_t * key, | 195 | write_public_key_body(const __ops_public_key_t * key, | |
196 | __ops_create_info_t * info) | 196 | __ops_create_info_t * info) | |
197 | { | 197 | { | |
198 | if (!(__ops_write_scalar((unsigned)key->version, 1, info) && | 198 | if (!(__ops_write_scalar((unsigned)key->version, 1, info) && | |
199 | __ops_write_scalar((unsigned)key->creation_time, 4, info))) | 199 | __ops_write_scalar((unsigned)key->creation_time, 4, info))) { | |
200 | return false; | 200 | return false; | |
201 | } | |||
201 | 202 | |||
202 | if (key->version != 4 && !__ops_write_scalar(key->days_valid, 2, info)) | 203 | if (key->version != 4 && | |
204 | !__ops_write_scalar(key->days_valid, 2, info)) { | |||
203 | return false; | 205 | return false; | |
206 | } | |||
204 | 207 | |||
205 | if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) | 208 | if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) { | |
206 | return false; | 209 | return false; | |
210 | } | |||
207 | 211 | |||
208 | switch (key->algorithm) { | 212 | switch (key->algorithm) { | |
209 | case OPS_PKA_DSA: | 213 | case OPS_PKA_DSA: | |
210 | return __ops_write_mpi(key->key.dsa.p, info) | 214 | return __ops_write_mpi(key->key.dsa.p, info) && | |
211 | && __ops_write_mpi(key->key.dsa.q, info) | 215 | __ops_write_mpi(key->key.dsa.q, info) && | |
212 | && __ops_write_mpi(key->key.dsa.g, info) | 216 | __ops_write_mpi(key->key.dsa.g, info) && | |
213 | && __ops_write_mpi(key->key.dsa.y, info); | 217 | __ops_write_mpi(key->key.dsa.y, info); | |
214 | 218 | |||
215 | case OPS_PKA_RSA: | 219 | case OPS_PKA_RSA: | |
216 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 220 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
217 | case OPS_PKA_RSA_SIGN_ONLY: | 221 | case OPS_PKA_RSA_SIGN_ONLY: | |
218 | return __ops_write_mpi(key->key.rsa.n, info) | 222 | return __ops_write_mpi(key->key.rsa.n, info) && | |
219 | && __ops_write_mpi(key->key.rsa.e, info); | 223 | __ops_write_mpi(key->key.rsa.e, info); | |
220 | 224 | |||
221 | case OPS_PKA_ELGAMAL: | 225 | case OPS_PKA_ELGAMAL: | |
222 | return __ops_write_mpi(key->key.elgamal.p, info) | 226 | return __ops_write_mpi(key->key.elgamal.p, info) && | |
223 | && __ops_write_mpi(key->key.elgamal.g, info) | 227 | __ops_write_mpi(key->key.elgamal.g, info) && | |
224 | && __ops_write_mpi(key->key.elgamal.y, info); | 228 | __ops_write_mpi(key->key.elgamal.y, info); | |
225 | 229 | |||
226 | default: | 230 | default: | |
227 | assert( /* CONSTCOND */ 0); | 231 | assert( /* CONSTCOND */ 0); | |
228 | break; | 232 | break; | |
229 | } | 233 | } | |
230 | 234 | |||
231 | /* not reached */ | 235 | /* not reached */ | |
232 | return false; | 236 | return false; | |
233 | } | 237 | } | |
234 | 238 | |||
235 | /* | 239 | /* | |
236 | * Note that we support v3 keys here because they're needed for for | 240 | * Note that we support v3 keys here because they're needed for for | |
237 | * verification - the writer doesn't allow them, though | 241 | * verification - the writer doesn't allow them, though | |
@@ -241,71 +245,80 @@ write_secret_key_body(const __ops_secret | @@ -241,71 +245,80 @@ write_secret_key_body(const __ops_secret | |||
241 | const unsigned char *passphrase, | 245 | const unsigned char *passphrase, | |
242 | const size_t pplen, | 246 | const size_t pplen, | |
243 | __ops_create_info_t * info) | 247 | __ops_create_info_t * info) | |
244 | { | 248 | { | |
245 | /* RFC4880 Section 5.5.3 Secret-Key Packet Formats */ | 249 | /* RFC4880 Section 5.5.3 Secret-Key Packet Formats */ | |
246 | 250 | |||
247 | __ops_crypt_t crypted; | 251 | __ops_crypt_t crypted; | |
248 | __ops_hash_t hash; | 252 | __ops_hash_t hash; | |
249 | unsigned char hashed[OPS_SHA1_HASH_SIZE]; | 253 | unsigned char hashed[OPS_SHA1_HASH_SIZE]; | |
250 | unsigned char session_key[CAST_KEY_LENGTH]; | 254 | unsigned char session_key[CAST_KEY_LENGTH]; | |
251 | unsigned int done = 0; | 255 | unsigned int done = 0; | |
252 | unsigned int i = 0; | 256 | unsigned int i = 0; | |
253 | 257 | |||
254 | if (!write_public_key_body(&key->public_key, info)) | 258 | if (!write_public_key_body(&key->pubkey, info)) { | |
255 | return false; | 259 | return false; | |
260 | } | |||
256 | 261 | |||
257 | assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED); /* = 254 */ | 262 | assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED); /* = 254 */ | |
258 | if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info)) | 263 | if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info)) { | |
259 | return false; | 264 | return false; | |
265 | } | |||
260 | 266 | |||
261 | assert(key->algorithm == OPS_SA_CAST5); | 267 | assert(key->algorithm == OPS_SA_CAST5); | |
262 | if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) | 268 | if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) { | |
263 | return false; | 269 | return false; | |
270 | } | |||
264 | 271 | |||
265 | assert(key->s2k_specifier == OPS_S2KS_SIMPLE || key->s2k_specifier == OPS_S2KS_SALTED); /* = 1 \todo could also | 272 | assert(key->s2k_specifier == OPS_S2KS_SIMPLE || | |
266 | * be | 273 | key->s2k_specifier == OPS_S2KS_SALTED); | |
267 | * iterated-and-salted */ | 274 | /* = 1 \todo could also be iterated-and-salted */ | |
268 | if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info)) | 275 | if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info)) { | |
269 | return false; | 276 | return false; | |
277 | } | |||
270 | 278 | |||
271 | assert(key->hash_algorithm == OPS_HASH_SHA1); | 279 | assert(key->hash_algorithm == OPS_HASH_SHA1); | |
272 | if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info)) | 280 | if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info)) { | |
273 | return false; | 281 | return false; | |
282 | } | |||
274 | 283 | |||
275 | switch (key->s2k_specifier) { | 284 | switch (key->s2k_specifier) { | |
276 | case OPS_S2KS_SIMPLE: | 285 | case OPS_S2KS_SIMPLE: | |
277 | /* nothing more to do */ | 286 | /* nothing more to do */ | |
278 | break; | 287 | break; | |
279 | 288 | |||
280 | case OPS_S2KS_SALTED: | 289 | case OPS_S2KS_SALTED: | |
281 | /* 8-octet salt value */ | 290 | /* 8-octet salt value */ | |
282 | __ops_random(__UNCONST(&key->salt[0]), OPS_SALT_SIZE); | 291 | __ops_random(__UNCONST(&key->salt[0]), OPS_SALT_SIZE); | |
283 | if (!__ops_write(key->salt, OPS_SALT_SIZE, info)) | 292 | if (!__ops_write(key->salt, OPS_SALT_SIZE, info)) { | |
284 | return false; | 293 | return false; | |
294 | } | |||
285 | break; | 295 | break; | |
286 | 296 | |||
287 | /* | 297 | /* | |
288 | * \todo case OPS_S2KS_ITERATED_AND_SALTED: // 8-octet salt | 298 | * \todo case OPS_S2KS_ITERATED_AND_SALTED: // 8-octet salt | |
289 | * value // 1-octet count break; | 299 | * value // 1-octet count break; | |
290 | */ | 300 | */ | |
291 | 301 | |||
292 | default: | 302 | default: | |
293 | fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier); | 303 | (void) fprintf(stderr, | |
304 | "invalid/unsupported s2k specifier %d\n", | |||
305 | key->s2k_specifier); | |||
294 | assert( /* CONSTCOND */ 0); | 306 | assert( /* CONSTCOND */ 0); | |
295 | } | 307 | } | |
296 | 308 | |||
297 | if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info)) | 309 | if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info)) { | |
298 | return false; | 310 | return false; | |
311 | } | |||
299 | 312 | |||
300 | /* | 313 | /* | |
301 | * create the session key for encrypting the algorithm-specific | 314 | * create the session key for encrypting the algorithm-specific | |
302 | * fields | 315 | * fields | |
303 | */ | 316 | */ | |
304 | 317 | |||
305 | switch (key->s2k_specifier) { | 318 | switch (key->s2k_specifier) { | |
306 | case OPS_S2KS_SIMPLE: | 319 | case OPS_S2KS_SIMPLE: | |
307 | case OPS_S2KS_SALTED: | 320 | case OPS_S2KS_SALTED: | |
308 | /* RFC4880: section 3.7.1.1 and 3.7.1.2 */ | 321 | /* RFC4880: section 3.7.1.1 and 3.7.1.2 */ | |
309 | 322 | |||
310 | done = 0; | 323 | done = 0; | |
311 | for (i = 0; done < CAST_KEY_LENGTH; i++) { | 324 | for (i = 0; done < CAST_KEY_LENGTH; i++) { | |
@@ -329,166 +342,157 @@ write_secret_key_body(const __ops_secret | @@ -329,166 +342,157 @@ write_secret_key_body(const __ops_secret | |||
329 | hash.add(&hash, &zero, 1); | 342 | hash.add(&hash, &zero, 1); | |
330 | } | 343 | } | |
331 | 344 | |||
332 | if (key->s2k_specifier == OPS_S2KS_SALTED) { | 345 | if (key->s2k_specifier == OPS_S2KS_SALTED) { | |
333 | hash.add(&hash, key->salt, OPS_SALT_SIZE); | 346 | hash.add(&hash, key->salt, OPS_SALT_SIZE); | |
334 | } | 347 | } | |
335 | hash.add(&hash, passphrase, pplen); | 348 | hash.add(&hash, passphrase, pplen); | |
336 | hash.finish(&hash, hashed); | 349 | hash.finish(&hash, hashed); | |
337 | 350 | |||
338 | /* | 351 | /* | |
339 | * if more in hash than is needed by session key, use | 352 | * if more in hash than is needed by session key, use | |
340 | * the leftmost octets | 353 | * the leftmost octets | |
341 | */ | 354 | */ | |
342 | (void) memcpy(session_key + (i * SHA_DIGEST_LENGTH), hashed, (unsigned)use); | 355 | (void) memcpy(session_key + (i * SHA_DIGEST_LENGTH), | |
356 | hashed, (unsigned)use); | |||
343 | done += use; | 357 | done += use; | |
344 | assert(done <= CAST_KEY_LENGTH); | 358 | assert(done <= CAST_KEY_LENGTH); | |
345 | } | 359 | } | |
346 | 360 | |||
347 | break; | 361 | break; | |
348 | 362 | |||
349 | /* | 363 | /* | |
350 | * \todo case OPS_S2KS_ITERATED_AND_SALTED: * 8-octet salt | 364 | * \todo case OPS_S2KS_ITERATED_AND_SALTED: * 8-octet salt | |
351 | * value * 1-octet count break; | 365 | * value * 1-octet count break; | |
352 | */ | 366 | */ | |
353 | 367 | |||
354 | default: | 368 | default: | |
355 | fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier); | 369 | (void) fprintf(stderr, | |
370 | "invalid/unsupported s2k specifier %d\n", | |||
371 | key->s2k_specifier); | |||
356 | assert( /* CONSTCOND */ 0); | 372 | assert( /* CONSTCOND */ 0); | |
357 | } | 373 | } | |
358 | 374 | |||
359 | /* use this session key to encrypt */ | 375 | /* use this session key to encrypt */ | |
360 | 376 | |||
361 | __ops_crypt_any(&crypted, key->algorithm); | 377 | __ops_crypt_any(&crypted, key->algorithm); | |
362 | crypted.set_iv(&crypted, key->iv); | 378 | crypted.set_iv(&crypted, key->iv); | |
363 | crypted.set_key(&crypted, session_key); | 379 | crypted.set_key(&crypted, session_key); | |
364 | __ops_encrypt_init(&crypted); | 380 | __ops_encrypt_init(&crypted); | |
365 | 381 | |||
366 | if (__ops_get_debug_level(__FILE__)) { | 382 | if (__ops_get_debug_level(__FILE__)) { | |
367 | unsigned int i2 = 0; | 383 | unsigned int i2 = 0; | |
368 | 384 | |||
369 | fprintf(stderr, "\nWRITING:\niv="); | 385 | (void) fprintf(stderr, "\nWRITING:\niv="); | |
370 | for (i2 = 0; i2 < __ops_block_size(key->algorithm); i2++) { | 386 | for (i2 = 0; i2 < __ops_block_size(key->algorithm); i2++) { | |
371 | fprintf(stderr, "%02x ", key->iv[i2]); | 387 | (void) fprintf(stderr, "%02x ", key->iv[i2]); | |
372 | } | 388 | } | |
373 | fprintf(stderr, "\n"); | 389 | (void) fprintf(stderr, "\n"); | |
374 | 390 | |||
375 | fprintf(stderr, "key="); | 391 | (void) fprintf(stderr, "key="); | |
376 | for (i2 = 0; i2 < CAST_KEY_LENGTH; i2++) { | 392 | for (i2 = 0; i2 < CAST_KEY_LENGTH; i2++) { | |
377 | fprintf(stderr, "%02x ", session_key[i2]); | 393 | (void) fprintf(stderr, "%02x ", session_key[i2]); | |
378 | } | 394 | } | |
379 | fprintf(stderr, "\n"); | 395 | (void) fprintf(stderr, "\n"); | |
380 | ||||
381 | /* __ops_print_secret_key(OPS_PTAG_CT_SECRET_KEY,key); */ | |||
382 | 396 | |||
383 | fprintf(stderr, "turning encryption on...\n"); | 397 | (void) fprintf(stderr, "turning encryption on...\n"); | |
384 | } | 398 | } | |
385 | __ops_writer_push_encrypt_crypt(info, &crypted); | 399 | __ops_writer_push_encrypt_crypt(info, &crypted); | |
386 | 400 | |||
387 | switch (key->public_key.algorithm) { | 401 | switch (key->pubkey.algorithm) { | |
388 | /* case OPS_PKA_DSA: */ | 402 | /* case OPS_PKA_DSA: */ | |
389 | /* return __ops_write_mpi(key->key.dsa.x,info); */ | 403 | /* return __ops_write_mpi(key->key.dsa.x,info); */ | |
390 | 404 | |||
391 | case OPS_PKA_RSA: | 405 | case OPS_PKA_RSA: | |
392 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 406 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
393 | case OPS_PKA_RSA_SIGN_ONLY: | 407 | case OPS_PKA_RSA_SIGN_ONLY: | |
394 | 408 | |||
395 | if (!__ops_write_mpi(key->key.rsa.d, info) || | 409 | if (!__ops_write_mpi(key->key.rsa.d, info) || | |
396 | !__ops_write_mpi(key->key.rsa.p, info) || | 410 | !__ops_write_mpi(key->key.rsa.p, info) || | |
397 | !__ops_write_mpi(key->key.rsa.q, info) || | 411 | !__ops_write_mpi(key->key.rsa.q, info) || | |
398 | !__ops_write_mpi(key->key.rsa.u, info)) { | 412 | !__ops_write_mpi(key->key.rsa.u, info)) { | |
399 | if (__ops_get_debug_level(__FILE__)) { | 413 | if (__ops_get_debug_level(__FILE__)) { | |
400 | (void) fprintf(stderr, "4 x mpi not written - problem\n"); | 414 | (void) fprintf(stderr, "4 x mpi not written - problem\n"); | |
401 | } | 415 | } | |
402 | return false; | 416 | return false; | |
403 | } | 417 | } | |
404 | break; | 418 | break; | |
405 | 419 | |||
406 | /* case OPS_PKA_ELGAMAL: */ | 420 | /* case OPS_PKA_ELGAMAL: */ | |
407 | /* return __ops_write_mpi(key->key.elgamal.x,info); */ | 421 | /* return __ops_write_mpi(key->key.elgamal.x,info); */ | |
408 | 422 | |||
409 | default: | 423 | default: | |
410 | assert( /* CONSTCOND */ 0); | 424 | assert( /* CONSTCOND */ 0); | |
411 | break; | 425 | break; | |
412 | } | 426 | } | |
413 | 427 | |||
414 | if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info)) | 428 | if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info)) { | |
415 | return false; | 429 | return false; | |
430 | } | |||
416 | 431 | |||
417 | __ops_writer_pop(info); | 432 | __ops_writer_pop(info); | |
418 | 433 | |||
419 | return true; | 434 | return true; | |
420 | } | 435 | } | |
421 | 436 | |||
422 | 437 | |||
423 | /** | 438 | /** | |
424 | \ingroup HighLevel_KeyWrite | 439 | \ingroup HighLevel_KeyWrite | |
425 | 440 | |||
426 | \brief Writes a transferable PGP public key to the given output stream. | 441 | \brief Writes a transferable PGP public key to the given output stream. | |
427 | 442 | |||
428 | \param keydata Key to be written | 443 | \param keydata Key to be written | |
429 | \param armoured Flag is set for armoured output | 444 | \param armoured Flag is set for armoured output | |
430 | \param info Output stream | 445 | \param info Output stream | |
431 | 446 | |||
432 | Example code: | |||
433 | \code | |||
434 | void example(const __ops_keydata_t* keydata) | |||
435 | { | |||
436 | bool armoured=true; | |||
437 | char* filename="/tmp/testkey.asc"; | |||
438 | ||||
439 | int fd; | |||
440 | bool overwrite=true; | |||
441 | __ops_create_info_t* cinfo; | |||
442 | ||||
443 | fd=__ops_setup_file_write(&cinfo, filename, overwrite); | |||
444 | __ops_write_transferable_public_key(keydata,armoured,cinfo); | |||
445 | __ops_teardown_file_write(cinfo,fd); | |||
446 | } | |||
447 | \endcode | |||
448 | */ | 447 | */ | |
449 | 448 | |||
450 | bool | 449 | bool | |
451 | __ops_write_transferable_public_key(const __ops_keydata_t * keydata, bool armoured, __ops_create_info_t * info) | 450 | __ops_write_transferable_public_key(const __ops_keydata_t * keydata, bool armoured, __ops_create_info_t * info) | |
452 | { | 451 | { | |
453 | bool rtn; | 452 | bool rtn; | |
454 | unsigned int i = 0, j = 0; | 453 | unsigned int i = 0, j = 0; | |
455 | 454 | |||
456 | if (armoured) { | 455 | if (armoured) { | |
457 | __ops_writer_push_armoured(info, OPS_PGP_PUBLIC_KEY_BLOCK); | 456 | __ops_writer_push_armoured(info, OPS_PGP_PUBLIC_KEY_BLOCK); | |
458 | } | 457 | } | |
459 | /* public key */ | 458 | /* public key */ | |
460 | rtn = __ops_write_struct_public_key(&keydata->key.skey.public_key, info); | 459 | rtn = __ops_write_struct_public_key(&keydata->key.skey.pubkey, info); | |
461 | if (rtn != true) | 460 | if (rtn != true) { | |
462 | return rtn; | 461 | return rtn; | |
462 | } | |||
463 | 463 | |||
464 | /* TODO: revocation signatures go here */ | 464 | /* TODO: revocation signatures go here */ | |
465 | 465 | |||
466 | /* user ids and corresponding signatures */ | 466 | /* user ids and corresponding signatures */ | |
467 | for (i = 0; i < keydata->nuids; i++) { | 467 | for (i = 0; i < keydata->nuids; i++) { | |
468 | __ops_user_id_t *uid = &keydata->uids[i]; | 468 | __ops_user_id_t *uid = &keydata->uids[i]; | |
469 | 469 | |||
470 | rtn = __ops_write_struct_user_id(uid, info); | 470 | rtn = __ops_write_struct_user_id(uid, info); | |
471 | 471 | if (!rtn) { | ||
472 | if (!rtn) | |||
473 | return rtn; | 472 | return rtn; | |
473 | } | |||
474 | 474 | |||
475 | /* find signature for this packet if it exists */ | 475 | /* find signature for this packet if it exists */ | |
476 | for (j = 0; j < keydata->nsigs; j++) { | 476 | for (j = 0; j < keydata->nsigs; j++) { | |
477 | sigpacket_t *sig = &keydata->sigs[i]; | 477 | sigpacket_t *sig = &keydata->sigs[i]; | |
478 | if (!strcmp((char *) sig->userid->user_id, (char *) uid->user_id)) { | 478 | ||
479 | rtn = __ops_write(sig->packet->raw, sig->packet->length, info); | 479 | if (strcmp((char *) sig->userid->user_id, | |
480 | if (!rtn) | 480 | (char *) uid->user_id) == 0) { | |
481 | rtn = __ops_write(sig->packet->raw, | |||
482 | sig->packet->length, info); | |||
483 | if (!rtn) { | |||
481 | return !rtn; | 484 | return !rtn; | |
485 | } | |||
482 | } | 486 | } | |
483 | } | 487 | } | |
484 | } | 488 | } | |
485 | 489 | |||
486 | /* TODO: user attributes and corresponding signatures */ | 490 | /* TODO: user attributes and corresponding signatures */ | |
487 | 491 | |||
488 | /* | 492 | /* | |
489 | * subkey packets and corresponding signatures and optional | 493 | * subkey packets and corresponding signatures and optional | |
490 | * revocation | 494 | * revocation | |
491 | */ | 495 | */ | |
492 | 496 | |||
493 | if (armoured) { | 497 | if (armoured) { | |
494 | writer_info_finalise(&info->errors, &info->winfo); | 498 | writer_info_finalise(&info->errors, &info->winfo); | |
@@ -498,80 +502,68 @@ __ops_write_transferable_public_key(cons | @@ -498,80 +502,68 @@ __ops_write_transferable_public_key(cons | |||
498 | } | 502 | } | |
499 | 503 | |||
500 | /** | 504 | /** | |
501 | \ingroup HighLevel_KeyWrite | 505 | \ingroup HighLevel_KeyWrite | |
502 | 506 | |||
503 | \brief Writes a transferable PGP secret key to the given output stream. | 507 | \brief Writes a transferable PGP secret key to the given output stream. | |
504 | 508 | |||
505 | \param keydata Key to be written | 509 | \param keydata Key to be written | |
506 | \param passphrase | 510 | \param passphrase | |
507 | \param pplen | 511 | \param pplen | |
508 | \param armoured Flag is set for armoured output | 512 | \param armoured Flag is set for armoured output | |
509 | \param info Output stream | 513 | \param info Output stream | |
510 | 514 | |||
511 | Example code: | |||
512 | \code | |||
513 | void example(const __ops_keydata_t* keydata) | |||
514 | { | |||
515 | const unsigned char* passphrase=NULL; | |||
516 | const size_t passphraselen=0; | |||
517 | bool armoured=true; | |||
518 | ||||
519 | int fd; | |||
520 | char* filename="/tmp/testkey.asc"; | |||
521 | bool overwrite=true; | |||
522 | __ops_create_info_t* cinfo; | |||
523 | ||||
524 | fd=__ops_setup_file_write(&cinfo, filename, overwrite); | |||
525 | __ops_write_transferable_secret_key(keydata,passphrase,pplen,armoured,cinfo); | |||
526 | __ops_teardown_file_write(cinfo,fd); | |||
527 | } | |||
528 | \endcode | |||
529 | */ | 515 | */ | |
530 | 516 | |||
531 | bool | 517 | bool | |
532 | __ops_write_transferable_secret_key(const __ops_keydata_t *keydata, | 518 | __ops_write_transferable_secret_key(const __ops_keydata_t *keydata, | |
533 | const unsigned char *passphrase, const size_t pplen, | 519 | const unsigned char *passphrase, const size_t pplen, | |
534 | bool armoured, __ops_create_info_t * info) | 520 | bool armoured, __ops_create_info_t * info) | |
535 | { | 521 | { | |
536 | unsigned i = 0, j = 0; | 522 | unsigned i = 0, j = 0; | |
537 | bool rtn; | 523 | bool rtn; | |
538 | 524 | |||
539 | if (armoured) { | 525 | if (armoured) { | |
540 | __ops_writer_push_armoured(info, OPS_PGP_PRIVATE_KEY_BLOCK); | 526 | __ops_writer_push_armoured(info, OPS_PGP_PRIVATE_KEY_BLOCK); | |
541 | } | 527 | } | |
542 | /* public key */ | 528 | /* public key */ | |
543 | rtn = __ops_write_struct_secret_key(&keydata->key.skey, passphrase, pplen, info); | 529 | rtn = __ops_write_struct_secret_key(&keydata->key.skey, passphrase, | |
544 | if (rtn != true) | 530 | pplen, info); | |
531 | if (rtn != true) { | |||
545 | return rtn; | 532 | return rtn; | |
533 | } | |||
546 | 534 | |||
547 | /* TODO: revocation signatures go here */ | 535 | /* TODO: revocation signatures go here */ | |
548 | 536 | |||
549 | /* user ids and corresponding signatures */ | 537 | /* user ids and corresponding signatures */ | |
550 | for (i = 0; i < keydata->nuids; i++) { | 538 | for (i = 0; i < keydata->nuids; i++) { | |
551 | __ops_user_id_t *uid = &keydata->uids[i]; | 539 | __ops_user_id_t *uid = &keydata->uids[i]; | |
552 | 540 | |||
553 | rtn = __ops_write_struct_user_id(uid, info); | 541 | rtn = __ops_write_struct_user_id(uid, info); | |
554 | 542 | if (!rtn) { | ||
555 | if (!rtn) | |||
556 | return rtn; | 543 | return rtn; | |
544 | } | |||
557 | 545 | |||
558 | /* find signature for this packet if it exists */ | 546 | /* find signature for this packet if it exists */ | |
559 | for (j = 0; j < keydata->nsigs; j++) { | 547 | for (j = 0; j < keydata->nsigs; j++) { | |
560 | sigpacket_t *sig = &keydata->sigs[i]; | 548 | sigpacket_t *sig = &keydata->sigs[i]; | |
561 | if (!strcmp((char *) sig->userid->user_id, (char *) uid->user_id)) { | 549 | ||
562 | rtn = __ops_write(sig->packet->raw, sig->packet->length, info); | 550 | if (strcmp((char *) sig->userid->user_id, | |
563 | if (!rtn) | 551 | (char *) uid->user_id) == 0) { | |
552 | rtn = __ops_write(sig->packet->raw, | |||
553 | sig->packet->length, info); | |||
554 | if (!rtn) { | |||
564 | return !rtn; | 555 | return !rtn; | |
556 | } | |||
565 | } | 557 | } | |
566 | } | 558 | } | |
567 | } | 559 | } | |
568 | 560 | |||
569 | /* TODO: user attributes and corresponding signatures */ | 561 | /* TODO: user attributes and corresponding signatures */ | |
570 | 562 | |||
571 | /* | 563 | /* | |
572 | * subkey packets and corresponding signatures and optional | 564 | * subkey packets and corresponding signatures and optional | |
573 | * revocation | 565 | * revocation | |
574 | */ | 566 | */ | |
575 | 567 | |||
576 | if (armoured) { | 568 | if (armoured) { | |
577 | writer_info_finalise(&info->errors, &info->winfo); | 569 | writer_info_finalise(&info->errors, &info->winfo); | |
@@ -583,29 +575,29 @@ __ops_write_transferable_secret_key(cons | @@ -583,29 +575,29 @@ __ops_write_transferable_secret_key(cons | |||
583 | /** | 575 | /** | |
584 | * \ingroup Core_WritePackets | 576 | * \ingroup Core_WritePackets | |
585 | * \brief Writes a Public Key packet | 577 | * \brief Writes a Public Key packet | |
586 | * \param key | 578 | * \param key | |
587 | * \param info | 579 | * \param info | |
588 | * \return true if OK, otherwise false | 580 | * \return true if OK, otherwise false | |
589 | */ | 581 | */ | |
590 | bool | 582 | bool | |
591 | __ops_write_struct_public_key(const __ops_public_key_t * key, | 583 | __ops_write_struct_public_key(const __ops_public_key_t * key, | |
592 | __ops_create_info_t * info) | 584 | __ops_create_info_t * info) | |
593 | { | 585 | { | |
594 | assert(key->version == 4); | 586 | assert(key->version == 4); | |
595 | 587 | |||
596 | return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info) | 588 | return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info) && | |
597 | && __ops_write_length(1 + 4 + 1 + public_key_length(key), info) | 589 | __ops_write_length(1 + 4 + 1 + public_key_length(key), info) && | |
598 | && write_public_key_body(key, info); | 590 | write_public_key_body(key, info); | |
599 | } | 591 | } | |
600 | 592 | |||
601 | /** | 593 | /** | |
602 | * \ingroup Core_WritePackets | 594 | * \ingroup Core_WritePackets | |
603 | * \brief Writes one RSA public key packet. | 595 | * \brief Writes one RSA public key packet. | |
604 | * \param t Creation time | 596 | * \param t Creation time | |
605 | * \param n RSA public modulus | 597 | * \param n RSA public modulus | |
606 | * \param e RSA public encryption exponent | 598 | * \param e RSA public encryption exponent | |
607 | * \param info Writer settings | 599 | * \param info Writer settings | |
608 | * | 600 | * | |
609 | * \return true if OK, otherwise false | 601 | * \return true if OK, otherwise false | |
610 | */ | 602 | */ | |
611 | 603 | |||
@@ -624,35 +616,32 @@ __ops_write_rsa_public_key(time_t t, con | @@ -624,35 +616,32 @@ __ops_write_rsa_public_key(time_t t, con | |||
624 | * \ingroup Core_Create | 616 | * \ingroup Core_Create | |
625 | * \param out | 617 | * \param out | |
626 | * \param key | 618 | * \param key | |
627 | * \param make_packet | 619 | * \param make_packet | |
628 | */ | 620 | */ | |
629 | 621 | |||
630 | void | 622 | void | |
631 | __ops_build_public_key(__ops_memory_t * out, const __ops_public_key_t * key, | 623 | __ops_build_public_key(__ops_memory_t * out, const __ops_public_key_t * key, | |
632 | bool make_packet) | 624 | bool make_packet) | |
633 | { | 625 | { | |
634 | __ops_create_info_t *info; | 626 | __ops_create_info_t *info; | |
635 | 627 | |||
636 | info = __ops_create_info_new(); | 628 | info = __ops_create_info_new(); | |
637 | ||||
638 | __ops_memory_init(out, 128); | 629 | __ops_memory_init(out, 128); | |
639 | __ops_writer_set_memory(info, out); | 630 | __ops_writer_set_memory(info, out); | |
640 | ||||
641 | write_public_key_body(key, info); | 631 | write_public_key_body(key, info); | |
642 | 632 | if (make_packet) { | ||
643 | if (make_packet) | |||
644 | __ops_memory_make_packet(out, OPS_PTAG_CT_PUBLIC_KEY); | 633 | __ops_memory_make_packet(out, OPS_PTAG_CT_PUBLIC_KEY); | |
645 | 634 | } | ||
646 | __ops_create_info_delete(info); | 635 | __ops_create_info_delete(info); | |
647 | } | 636 | } | |
648 | 637 | |||
649 | /** | 638 | /** | |
650 | * \ingroup Core_Create | 639 | * \ingroup Core_Create | |
651 | * | 640 | * | |
652 | * Create an RSA secret key structure. If a parameter is marked as | 641 | * Create an RSA secret key structure. If a parameter is marked as | |
653 | * [OPTIONAL], then it can be omitted and will be calculated from | 642 | * [OPTIONAL], then it can be omitted and will be calculated from | |
654 | * other parameters - or, in the case of e, will default to 0x10001. | 643 | * other parameters - or, in the case of e, will default to 0x10001. | |
655 | * | 644 | * | |
656 | * Parameters are _not_ copied, so will be freed if the structure is | 645 | * Parameters are _not_ copied, so will be freed if the structure is | |
657 | * freed. | 646 | * freed. | |
658 | * | 647 | * | |
@@ -660,27 +649,27 @@ __ops_build_public_key(__ops_memory_t * | @@ -660,27 +649,27 @@ __ops_build_public_key(__ops_memory_t * | |||
660 | * \param t | 649 | * \param t | |
661 | * \param d The RSA parameter d (=e^-1 mod (p-1)(q-1)) [OPTIONAL] | 650 | * \param d The RSA parameter d (=e^-1 mod (p-1)(q-1)) [OPTIONAL] | |
662 | * \param p The RSA parameter p | 651 | * \param p The RSA parameter p | |
663 | * \param q The RSA parameter q (q > p) | 652 | * \param q The RSA parameter q (q > p) | |
664 | * \param u The RSA parameter u (=p^-1 mod q) [OPTIONAL] | 653 | * \param u The RSA parameter u (=p^-1 mod q) [OPTIONAL] | |
665 | * \param n The RSA public parameter n (=p*q) [OPTIONAL] | 654 | * \param n The RSA public parameter n (=p*q) [OPTIONAL] | |
666 | * \param e The RSA public parameter e */ | 655 | * \param e The RSA public parameter e */ | |
667 | 656 | |||
668 | void | 657 | void | |
669 | __ops_fast_create_rsa_secret_key(__ops_secret_key_t * key, time_t t, | 658 | __ops_fast_create_rsa_secret_key(__ops_secret_key_t * key, time_t t, | |
670 | BIGNUM * d, BIGNUM * p, BIGNUM * q, BIGNUM * u, | 659 | BIGNUM * d, BIGNUM * p, BIGNUM * q, BIGNUM * u, | |
671 | BIGNUM * n, BIGNUM * e) | 660 | BIGNUM * n, BIGNUM * e) | |
672 | { | 661 | { | |
673 | __ops_fast_create_rsa_public_key(&key->public_key, t, n, e); | 662 | __ops_fast_create_rsa_public_key(&key->pubkey, t, n, e); | |
674 | 663 | |||
675 | /* XXX: calculate optionals */ | 664 | /* XXX: calculate optionals */ | |
676 | key->key.rsa.d = d; | 665 | key->key.rsa.d = d; | |
677 | key->key.rsa.p = p; | 666 | key->key.rsa.p = p; | |
678 | key->key.rsa.q = q; | 667 | key->key.rsa.q = q; | |
679 | key->key.rsa.u = u; | 668 | key->key.rsa.u = u; | |
680 | 669 | |||
681 | key->s2k_usage = OPS_S2KU_NONE; | 670 | key->s2k_usage = OPS_S2KU_NONE; | |
682 | 671 | |||
683 | /* XXX: sanity check and add errors... */ | 672 | /* XXX: sanity check and add errors... */ | |
684 | } | 673 | } | |
685 | 674 | |||
686 | /** | 675 | /** | |
@@ -690,31 +679,31 @@ __ops_fast_create_rsa_secret_key(__ops_s | @@ -690,31 +679,31 @@ __ops_fast_create_rsa_secret_key(__ops_s | |||
690 | * \param passphrase The passphrase | 679 | * \param passphrase The passphrase | |
691 | * \param pplen Length of passphrase | 680 | * \param pplen Length of passphrase | |
692 | * \param info | 681 | * \param info | |
693 | * \return true if OK; else false | 682 | * \return true if OK; else false | |
694 | */ | 683 | */ | |
695 | bool | 684 | bool | |
696 | __ops_write_struct_secret_key(const __ops_secret_key_t * key, | 685 | __ops_write_struct_secret_key(const __ops_secret_key_t * key, | |
697 | const unsigned char *passphrase, | 686 | const unsigned char *passphrase, | |
698 | const size_t pplen, | 687 | const size_t pplen, | |
699 | __ops_create_info_t * info) | 688 | __ops_create_info_t * info) | |
700 | { | 689 | { | |
701 | int length = 0; | 690 | int length = 0; | |
702 | 691 | |||
703 | assert(key->public_key.version == 4); | 692 | assert(key->pubkey.version == 4); | |
704 | 693 | |||
705 | /* Ref: RFC4880 Section 5.5.3 */ | 694 | /* Ref: RFC4880 Section 5.5.3 */ | |
706 | 695 | |||
707 | /* public_key, excluding MPIs */ | 696 | /* pubkey, excluding MPIs */ | |
708 | length += 1 + 4 + 1 + 1; | 697 | length += 1 + 4 + 1 + 1; | |
709 | 698 | |||
710 | /* s2k usage */ | 699 | /* s2k usage */ | |
711 | length += 1; | 700 | length += 1; | |
712 | 701 | |||
713 | switch (key->s2k_usage) { | 702 | switch (key->s2k_usage) { | |
714 | case OPS_S2KU_NONE: | 703 | case OPS_S2KU_NONE: | |
715 | /* nothing to add */ | 704 | /* nothing to add */ | |
716 | break; | 705 | break; | |
717 | 706 | |||
718 | case OPS_S2KU_ENCRYPTED_AND_HASHED: /* 254 */ | 707 | case OPS_S2KU_ENCRYPTED_AND_HASHED: /* 254 */ | |
719 | case OPS_S2KU_ENCRYPTED: /* 255 */ | 708 | case OPS_S2KU_ENCRYPTED: /* 255 */ | |
720 | 709 | |||
@@ -790,135 +779,138 @@ __ops_create_info_new(void) | @@ -790,135 +779,138 @@ __ops_create_info_new(void) | |||
790 | /** | 779 | /** | |
791 | * \ingroup Core_Create | 780 | * \ingroup Core_Create | |
792 | * \brief Delete an __ops_create_info_t strucut and associated resources. | 781 | * \brief Delete an __ops_create_info_t strucut and associated resources. | |
793 | * | 782 | * | |
794 | * Delete an __ops_create_info_t structure. If a writer is active, then | 783 | * Delete an __ops_create_info_t structure. If a writer is active, then | |
795 | * that is also deleted. | 784 | * that is also deleted. | |
796 | * | 785 | * | |
797 | * \param info the structure to be deleted. | 786 | * \param info the structure to be deleted. | |
798 | */ | 787 | */ | |
799 | void | 788 | void | |
800 | __ops_create_info_delete(__ops_create_info_t * info) | 789 | __ops_create_info_delete(__ops_create_info_t * info) | |
801 | { | 790 | { | |
802 | writer_info_delete(&info->winfo); | 791 | writer_info_delete(&info->winfo); | |
803 | free(info); | 792 | (void) free(info); | |
804 | } | 793 | } | |
805 | 794 | |||
806 | /** | 795 | /** | |
807 | \ingroup Core_Create | 796 | \ingroup Core_Create | |
808 | \brief Calculate the checksum for a session key | 797 | \brief Calculate the checksum for a session key | |
809 | \param session_key Session Key to use | 798 | \param session_key Session Key to use | |
810 | \param cs Checksum to be written | 799 | \param cs Checksum to be written | |
811 | \return true if OK; else false | 800 | \return true if OK; else false | |
812 | */ | 801 | */ | |
813 | bool | 802 | bool | |
814 | __ops_calc_session_key_checksum(__ops_pk_session_key_t * session_key, unsigned char cs[2]) | 803 | __ops_calc_session_key_checksum(__ops_pk_session_key_t * session_key, unsigned char cs[2]) | |
815 | { | 804 | { | |
816 | unsigned int i = 0; | 805 | unsigned int i = 0; | |
817 | unsigned long checksum = 0; | 806 | unsigned long checksum = 0; | |
818 | 807 | |||
819 | if (!__ops_is_sa_supported(session_key->symmetric_algorithm)) | 808 | if (!__ops_is_sa_supported(session_key->symmetric_algorithm)) { | |
820 | return false; | 809 | return false; | |
810 | } | |||
821 | 811 | |||
822 | for (i = 0; i < __ops_key_size(session_key->symmetric_algorithm); i++) { | 812 | for (i = 0; i < __ops_key_size(session_key->symmetric_algorithm); i++) { | |
823 | checksum += session_key->key[i]; | 813 | checksum += session_key->key[i]; | |
824 | } | 814 | } | |
825 | checksum = checksum % 65536; | 815 | checksum = checksum % 65536; | |
826 | 816 | |||
827 | cs[0] = (unsigned char)((checksum >> 8) & 0xff); | 817 | cs[0] = (unsigned char)((checksum >> 8) & 0xff); | |
828 | cs[1] = (unsigned char)(checksum & 0xff); | 818 | cs[1] = (unsigned char)(checksum & 0xff); | |
829 | 819 | |||
830 | if (__ops_get_debug_level(__FILE__)) { | 820 | if (__ops_get_debug_level(__FILE__)) { | |
831 | (void) fprintf(stderr,"\nm buf checksum: "); | 821 | (void) fprintf(stderr,"\nm buf checksum: "); | |
832 | (void) fprintf(stderr," %2x",cs[0]); | 822 | (void) fprintf(stderr," %2x",cs[0]); | |
833 | (void) fprintf(stderr," %2x\n",cs[1]); | 823 | (void) fprintf(stderr," %2x\n",cs[1]); | |
834 | } | 824 | } | |
835 | return true; | 825 | return true; | |
836 | } | 826 | } | |
837 | 827 | |||
838 | static bool | 828 | static bool | |
839 | create_unencoded_m_buf(__ops_pk_session_key_t * session_key, unsigned char *m_buf) | 829 | create_unencoded_m_buf(__ops_pk_session_key_t * session_key, unsigned char *m_buf) | |
840 | { | 830 | { | |
841 | int i = 0; | 831 | int i = 0; | |
842 | /* unsigned long checksum=0; */ | |||
843 | 832 | |||
844 | /* m_buf is the buffer which will be encoded in PKCS#1 block */ | 833 | /* m_buf is the buffer which will be encoded in PKCS#1 block */ | |
845 | /* encoding to form the "m" value used in the */ | 834 | /* encoding to form the "m" value used in the */ | |
846 | /* Public Key Encrypted Session Key Packet */ | 835 | /* Public Key Encrypted Session Key Packet */ | |
847 | /* | 836 | /* | |
848 | * as defined in RFC Section 5.1 "Public-Key Encrypted Session Key | 837 | * as defined in RFC Section 5.1 "Public-Key Encrypted Session Key | |
849 | * Packet" | 838 | * Packet" | |
850 | */ | 839 | */ | |
851 | 840 | |||
852 | m_buf[0] = session_key->symmetric_algorithm; | 841 | m_buf[0] = session_key->symmetric_algorithm; | |
853 | 842 | |||
854 | assert(session_key->symmetric_algorithm == OPS_SA_CAST5); | 843 | assert(session_key->symmetric_algorithm == OPS_SA_CAST5); | |
855 | for (i = 0; i < CAST_KEY_LENGTH; i++) { | 844 | for (i = 0; i < CAST_KEY_LENGTH; i++) { | |
856 | m_buf[1 + i] = session_key->key[i]; | 845 | m_buf[1 + i] = session_key->key[i]; | |
857 | } | 846 | } | |
858 | 847 | |||
859 | return (__ops_calc_session_key_checksum(session_key, m_buf + 1 + CAST_KEY_LENGTH)); | 848 | return (__ops_calc_session_key_checksum(session_key, | |
849 | m_buf + 1 + CAST_KEY_LENGTH)); | |||
860 | } | 850 | } | |
861 | 851 | |||
862 | /** | 852 | /** | |
863 | \ingroup Core_Create | 853 | \ingroup Core_Create | |
864 | \brief implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC | 854 | \brief implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC | |
865 | \param M | 855 | \param M | |
866 | \param mLen | 856 | \param mLen | |
867 | \param pkey | 857 | \param pkey | |
868 | \param EM | 858 | \param EM | |
869 | \return true if OK; else false | 859 | \return true if OK; else false | |
870 | */ | 860 | */ | |
871 | bool | 861 | bool | |
872 | encode_m_buf(const unsigned char *M, size_t mLen, | 862 | encode_m_buf(const unsigned char *M, size_t mLen, | |
873 | const __ops_public_key_t * pkey, | 863 | const __ops_public_key_t * pkey, | |
874 | unsigned char *EM | 864 | unsigned char *EM) | |
875 | ) | |||
876 | { | 865 | { | |
877 | unsigned int k; | 866 | unsigned int k; | |
878 | unsigned i; | 867 | unsigned i; | |
879 | 868 | |||
880 | /* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */ | 869 | /* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */ | |
881 | 870 | |||
882 | assert(pkey->algorithm == OPS_PKA_RSA); | 871 | assert(pkey->algorithm == OPS_PKA_RSA); | |
883 | 872 | |||
884 | k = BN_num_bytes(pkey->key.rsa.n); | 873 | k = BN_num_bytes(pkey->key.rsa.n); | |
885 | assert(mLen <= k - 11); | 874 | assert(mLen <= k - 11); | |
886 | if (mLen > k - 11) { | 875 | if (mLen > k - 11) { | |
887 | fprintf(stderr, "message too long\n"); | 876 | fprintf(stderr, "message too long\n"); | |
888 | return false; | 877 | return false; | |
889 | } | 878 | } | |
890 | /* these two bytes defined by RFC */ | 879 | /* these two bytes defined by RFC */ | |
891 | EM[0] = 0x00; | 880 | EM[0] = 0x00; | |
892 | EM[1] = 0x02; | 881 | EM[1] = 0x02; | |
893 | 882 | |||
894 | /* add non-zero random bytes of length k - mLen -3 */ | 883 | /* add non-zero random bytes of length k - mLen -3 */ | |
895 | for (i = 2; i < k - mLen - 1; ++i) | 884 | for (i = 2; i < k - mLen - 1; ++i) { | |
896 | do | 885 | do { | |
897 | __ops_random(EM + i, 1); | 886 | __ops_random(EM + i, 1); | |
898 | while (EM[i] == 0); | 887 | } while (EM[i] == 0); | |
888 | } | |||
899 | 889 | |||
900 | assert(i >= 8 + 2); | 890 | assert(i >= 8 + 2); | |
901 | 891 | |||
902 | EM[i++] = 0; | 892 | EM[i++] = 0; | |
903 | 893 | |||
904 | (void) memcpy(EM + i, M, mLen); | 894 | (void) memcpy(EM + i, M, mLen); | |
905 | 895 | |||
906 | if (__ops_get_debug_level(__FILE__)) { | 896 | if (__ops_get_debug_level(__FILE__)) { | |
907 | unsigned int i2 = 0; | 897 | unsigned int i2 = 0; | |
908 | fprintf(stderr, "Encoded Message: \n"); | 898 | ||
909 | for (i2 = 0; i2 < mLen; i2++) | 899 | (void) fprintf(stderr, "Encoded Message: \n"); | |
910 | fprintf(stderr, "%2x ", EM[i2]); | 900 | for (i2 = 0; i2 < mLen; i2++) { | |
911 | fprintf(stderr, "\n"); | 901 | (void) fprintf(stderr, "%2x ", EM[i2]); | |
902 | } | |||
903 | (void) fprintf(stderr, "\n"); | |||
912 | } | 904 | } | |
913 | return true; | 905 | return true; | |
914 | } | 906 | } | |
915 | 907 | |||
916 | /** | 908 | /** | |
917 | \ingroup Core_Create | 909 | \ingroup Core_Create | |
918 | \brief Creates an __ops_pk_session_key_t struct from keydata | 910 | \brief Creates an __ops_pk_session_key_t struct from keydata | |
919 | \param key Keydata to use | 911 | \param key Keydata to use | |
920 | \return __ops_pk_session_key_t struct | 912 | \return __ops_pk_session_key_t struct | |
921 | \note It is the caller's responsiblity to free the returned pointer | 913 | \note It is the caller's responsiblity to free the returned pointer | |
922 | \note Currently hard-coded to use CAST5 | 914 | \note Currently hard-coded to use CAST5 | |
923 | \note Currently hard-coded to use RSA | 915 | \note Currently hard-coded to use RSA | |
924 | */ | 916 | */ | |
@@ -928,77 +920,84 @@ __ops_create_pk_session_key(const __ops_ | @@ -928,77 +920,84 @@ __ops_create_pk_session_key(const __ops_ | |||
928 | /* | 920 | /* | |
929 | * Creates a random session key and encrypts it for the given key | 921 | * Creates a random session key and encrypts it for the given key | |
930 | * | 922 | * | |
931 | * Session Key is for use with a SK algo, | 923 | * Session Key is for use with a SK algo, | |
932 | * can be any, we're hardcoding CAST5 for now | 924 | * can be any, we're hardcoding CAST5 for now | |
933 | * | 925 | * | |
934 | * Encryption used is PK, | 926 | * Encryption used is PK, | |
935 | * can be any, we're hardcoding RSA for now | 927 | * can be any, we're hardcoding RSA for now | |
936 | */ | 928 | */ | |
937 | 929 | |||
938 | const __ops_public_key_t *pub_key = __ops_get_public_key_from_data(key); | 930 | const __ops_public_key_t *pub_key = __ops_get_public_key_from_data(key); | |
939 | #define SZ_UNENCODED_M_BUF CAST_KEY_LENGTH+1+2 | 931 | #define SZ_UNENCODED_M_BUF CAST_KEY_LENGTH+1+2 | |
940 | unsigned char unencoded_m_buf[SZ_UNENCODED_M_BUF]; | 932 | unsigned char unencoded_m_buf[SZ_UNENCODED_M_BUF]; | |
941 | ||||
942 | const size_t sz_encoded_m_buf = BN_num_bytes(pub_key->key.rsa.n); | 933 | const size_t sz_encoded_m_buf = BN_num_bytes(pub_key->key.rsa.n); | |
943 | unsigned char *encoded_m_buf = calloc(1, sz_encoded_m_buf); | 934 | unsigned char *encoded_m_buf = calloc(1, sz_encoded_m_buf); | |
944 | 935 | |||
945 | __ops_pk_session_key_t *session_key = calloc(1, sizeof(*session_key)); | 936 | __ops_pk_session_key_t *session_key = calloc(1, sizeof(*session_key)); | |
946 | ||||
947 | assert(key->type == OPS_PTAG_CT_PUBLIC_KEY); | 937 | assert(key->type == OPS_PTAG_CT_PUBLIC_KEY); | |
948 | session_key->version = OPS_PKSK_V3; | 938 | session_key->version = OPS_PKSK_V3; | |
949 | (void) memcpy(session_key->key_id, key->key_id, sizeof(session_key->key_id)); | 939 | (void) memcpy(session_key->key_id, key->key_id, sizeof(session_key->key_id)); | |
950 | 940 | |||
951 | if (__ops_get_debug_level(__FILE__)) { | 941 | if (__ops_get_debug_level(__FILE__)) { | |
952 | unsigned int i = 0; | 942 | unsigned int i = 0; | |
953 | 943 | |||
954 | fprintf(stderr, "Encrypting for RSA key id : "); | 944 | (void) fprintf(stderr, "Encrypting for RSA key id : "); | |
955 | for (i = 0; i < sizeof(session_key->key_id); i++) | 945 | for (i = 0; i < sizeof(session_key->key_id); i++) { | |
956 | fprintf(stderr, "%2x ", key->key_id[i]); | 946 | (void) fprintf(stderr, "%2x ", key->key_id[i]); | |
957 | fprintf(stderr, "\n"); | 947 | } | |
948 | (void) fprintf(stderr, "\n"); | |||
958 | } | 949 | } | |
959 | assert(key->key.pkey.algorithm == OPS_PKA_RSA); | 950 | assert(key->key.pkey.algorithm == OPS_PKA_RSA); | |
960 | session_key->algorithm = key->key.pkey.algorithm; | 951 | session_key->algorithm = key->key.pkey.algorithm; | |
961 | 952 | |||
962 | /* \todo allow user to specify other algorithm */ | 953 | /* \todo allow user to specify other algorithm */ | |
963 | session_key->symmetric_algorithm = OPS_SA_CAST5; | 954 | session_key->symmetric_algorithm = OPS_SA_CAST5; | |
964 | __ops_random(session_key->key, CAST_KEY_LENGTH); | 955 | __ops_random(session_key->key, CAST_KEY_LENGTH); | |
965 | 956 | |||
966 | if (__ops_get_debug_level(__FILE__)) { | 957 | if (__ops_get_debug_level(__FILE__)) { | |
967 | unsigned int i = 0; | 958 | unsigned int i = 0; | |
968 | fprintf(stderr, "CAST5 session key created (len=%d):\n ", CAST_KEY_LENGTH); | 959 | ||
969 | for (i = 0; i < CAST_KEY_LENGTH; i++) | 960 | (void) fprintf(stderr, | |
970 | fprintf(stderr, "%2x ", session_key->key[i]); | 961 | "CAST5 session key created (len=%d):\n ", | |
971 | fprintf(stderr, "\n"); | 962 | CAST_KEY_LENGTH); | |
963 | for (i = 0; i < CAST_KEY_LENGTH; i++) { | |||
964 | (void) fprintf(stderr, "%2x ", session_key->key[i]); | |||
965 | } | |||
966 | (void) fprintf(stderr, "\n"); | |||
972 | } | 967 | } | |
973 | if (create_unencoded_m_buf(session_key, &unencoded_m_buf[0]) == false) { | 968 | if (create_unencoded_m_buf(session_key, &unencoded_m_buf[0]) == false) { | |
974 | free(encoded_m_buf); | 969 | (void) free(encoded_m_buf); | |
975 | return NULL; | 970 | return NULL; | |
976 | } | 971 | } | |
977 | if (__ops_get_debug_level(__FILE__)) { | 972 | if (__ops_get_debug_level(__FILE__)) { | |
978 | unsigned int i = 0; | 973 | unsigned int i = 0; | |
974 | ||||
979 | printf("unencoded m buf:\n"); | 975 | printf("unencoded m buf:\n"); | |
980 | for (i = 0; i < SZ_UNENCODED_M_BUF; i++) | 976 | for (i = 0; i < SZ_UNENCODED_M_BUF; i++) { | |
981 | printf("%2x ", unencoded_m_buf[i]); | 977 | printf("%2x ", unencoded_m_buf[i]); | |
978 | } | |||
982 | printf("\n"); | 979 | printf("\n"); | |
983 | } | 980 | } | |
984 | encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key, &encoded_m_buf[0]); | 981 | encode_m_buf(&unencoded_m_buf[0], SZ_UNENCODED_M_BUF, pub_key, | |
982 | &encoded_m_buf[0]); | |||
985 | 983 | |||
986 | /* and encrypt it */ | 984 | /* and encrypt it */ | |
987 | if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key, &session_key->parameters)) { | 985 | if (!__ops_rsa_encrypt_mpi(encoded_m_buf, sz_encoded_m_buf, pub_key, | |
988 | free(encoded_m_buf); | 986 | &session_key->parameters)) { | |
987 | (void) free(encoded_m_buf); | |||
989 | return NULL; | 988 | return NULL; | |
990 | } | 989 | } | |
991 | free(encoded_m_buf); | 990 | (void) free(encoded_m_buf); | |
992 | return session_key; | 991 | return session_key; | |
993 | } | 992 | } | |
994 | 993 | |||
995 | /** | 994 | /** | |
996 | \ingroup Core_WritePackets | 995 | \ingroup Core_WritePackets | |
997 | \brief Writes Public Key Session Key packet | 996 | \brief Writes Public Key Session Key packet | |
998 | \param info Write settings | 997 | \param info Write settings | |
999 | \param pksk Public Key Session Key to write out | 998 | \param pksk Public Key Session Key to write out | |
1000 | \return true if OK; else false | 999 | \return true if OK; else false | |
1001 | */ | 1000 | */ | |
1002 | bool | 1001 | bool | |
1003 | __ops_write_pk_session_key(__ops_create_info_t * info, | 1002 | __ops_write_pk_session_key(__ops_create_info_t * info, | |
1004 | __ops_pk_session_key_t * pksk) | 1003 | __ops_pk_session_key_t * pksk) | |
@@ -1211,32 +1210,33 @@ __ops_write_file_from_buf(const char *fi | @@ -1211,32 +1210,33 @@ __ops_write_file_from_buf(const char *fi | |||
1211 | if (overwrite == true) { | 1210 | if (overwrite == true) { | |
1212 | flags |= O_TRUNC; | 1211 | flags |= O_TRUNC; | |
1213 | } else { | 1212 | } else { | |
1214 | flags |= O_EXCL; | 1213 | flags |= O_EXCL; | |
1215 | } | 1214 | } | |
1216 | #ifdef O_BINARY | 1215 | #ifdef O_BINARY | |
1217 | flags |= O_BINARY; | 1216 | flags |= O_BINARY; | |
1218 | #endif | 1217 | #endif | |
1219 | fd = open(filename, flags, 0600); | 1218 | fd = open(filename, flags, 0600); | |
1220 | if (fd < 0) { | 1219 | if (fd < 0) { | |
1221 | perror(NULL); | 1220 | perror(NULL); | |
1222 | return 0; | 1221 | return 0; | |
1223 | } | 1222 | } | |
1224 | n = write(fd, buf, len); | 1223 | if ((n = write(fd, buf, len)) != len) { | |
1225 | if (n != len) | |||
1226 | return 0; | 1224 | return 0; | |
1225 | } | |||
1227 | 1226 | |||
1228 | if (!close(fd)) | 1227 | if (!close(fd)) { | |
1229 | return 1; | 1228 | return 1; | |
1229 | } | |||
1230 | 1230 | |||
1231 | return 0; | 1231 | return 0; | |
1232 | } | 1232 | } | |
1233 | 1233 | |||
1234 | /** | 1234 | /** | |
1235 | \ingroup Core_WritePackets | 1235 | \ingroup Core_WritePackets | |
1236 | \brief Write Symmetrically Encrypted packet | 1236 | \brief Write Symmetrically Encrypted packet | |
1237 | \param data Data to encrypt | 1237 | \param data Data to encrypt | |
1238 | \param len Length of data | 1238 | \param len Length of data | |
1239 | \param info Write settings | 1239 | \param info Write settings | |
1240 | \return true if OK; else false | 1240 | \return true if OK; else false | |
1241 | \note Hard-coded to use AES256 | 1241 | \note Hard-coded to use AES256 | |
1242 | */ | 1242 | */ | |
@@ -1277,24 +1277,24 @@ __ops_write_symmetrically_encrypted_data | @@ -1277,24 +1277,24 @@ __ops_write_symmetrically_encrypted_data | |||
1277 | \return true if OK; else false | 1277 | \return true if OK; else false | |
1278 | */ | 1278 | */ | |
1279 | bool | 1279 | bool | |
1280 | __ops_write_one_pass_sig(const __ops_secret_key_t * skey, | 1280 | __ops_write_one_pass_sig(const __ops_secret_key_t * skey, | |
1281 | const __ops_hash_algorithm_t hash_alg, | 1281 | const __ops_hash_algorithm_t hash_alg, | |
1282 | const __ops_sig_type_t sig_type, | 1282 | const __ops_sig_type_t sig_type, | |
1283 | __ops_create_info_t * info) | 1283 | __ops_create_info_t * info) | |
1284 | { | 1284 | { | |
1285 | unsigned char keyid[OPS_KEY_ID_SIZE]; | 1285 | unsigned char keyid[OPS_KEY_ID_SIZE]; | |
1286 | 1286 | |||
1287 | if (__ops_get_debug_level(__FILE__)) { | 1287 | if (__ops_get_debug_level(__FILE__)) { | |
1288 | fprintf(stderr, "calling __ops_keyid in write_one_pass_sig: this calls sha1_init\n"); | 1288 | fprintf(stderr, "calling __ops_keyid in write_one_pass_sig: this calls sha1_init\n"); | |
1289 | } | 1289 | } | |
1290 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key); | 1290 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey); | |
1291 | 1291 | |||
1292 | return __ops_write_ptag(OPS_PTAG_CT_ONE_PASS_SIGNATURE, info) && | 1292 | return __ops_write_ptag(OPS_PTAG_CT_ONE_PASS_SIGNATURE, info) && | |
1293 | __ops_write_length(1 + 1 + 1 + 1 + 8 + 1, info) && | 1293 | __ops_write_length(1 + 1 + 1 + 1 + 8 + 1, info) && | |
1294 | __ops_write_scalar(3, 1, info) /* version */ && | 1294 | __ops_write_scalar(3, 1, info) /* version */ && | |
1295 | __ops_write_scalar((unsigned)sig_type, 1, info) && | 1295 | __ops_write_scalar((unsigned)sig_type, 1, info) && | |
1296 | __ops_write_scalar((unsigned)hash_alg, 1, info) && | 1296 | __ops_write_scalar((unsigned)hash_alg, 1, info) && | |
1297 | __ops_write_scalar((unsigned)skey->public_key.algorithm, 1, info) && | 1297 | __ops_write_scalar((unsigned)skey->pubkey.algorithm, 1, info) && | |
1298 | __ops_write(keyid, 8, info) && | 1298 | __ops_write(keyid, 8, info) && | |
1299 | __ops_write_scalar(1, 1, info); | 1299 | __ops_write_scalar(1, 1, info); | |
1300 | } | 1300 | } |
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c 2009/04/28 20:49:57 1.4
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c 2009/05/05 01:28:15 1.5
@@ -732,29 +732,29 @@ data_free(__ops_data_t * data) | @@ -732,29 +732,29 @@ data_free(__ops_data_t * data) | |||
732 | static void | 732 | static void | |
733 | string_free(char **str) | 733 | string_free(char **str) | |
734 | { | 734 | { | |
735 | free(*str); | 735 | free(*str); | |
736 | *str = NULL; | 736 | *str = NULL; | |
737 | } | 737 | } | |
738 | 738 | |||
739 | /** | 739 | /** | |
740 | \ingroup Core_Create | 740 | \ingroup Core_Create | |
741 | \brief Free allocated memory | 741 | \brief Free allocated memory | |
742 | */ | 742 | */ | |
743 | /* ! Free packet memory, set pointer to NULL */ | 743 | /* ! Free packet memory, set pointer to NULL */ | |
744 | void | 744 | void | |
745 | __ops_packet_free(__ops_packet_t * packet) | 745 | __ops_subpacket_free(__ops_subpacket_t *packet) | |
746 | { | 746 | { | |
747 | free(packet->raw); | 747 | (void) free(packet->raw); | |
748 | packet->raw = NULL; | 748 | packet->raw = NULL; | |
749 | } | 749 | } | |
750 | 750 | |||
751 | /** | 751 | /** | |
752 | \ingroup Core_Create | 752 | \ingroup Core_Create | |
753 | \brief Free allocated memory | 753 | \brief Free allocated memory | |
754 | */ | 754 | */ | |
755 | static void | 755 | static void | |
756 | __ops_headers_free(__ops_headers_t * headers) | 756 | __ops_headers_free(__ops_headers_t * headers) | |
757 | { | 757 | { | |
758 | unsigned n; | 758 | unsigned n; | |
759 | 759 | |||
760 | for (n = 0; n < headers->nheaders; ++n) { | 760 | for (n = 0; n < headers->nheaders; ++n) { | |
@@ -1002,27 +1002,27 @@ ss_revocation_reason_free(__ops_ss_revoc | @@ -1002,27 +1002,27 @@ ss_revocation_reason_free(__ops_ss_revoc | |||
1002 | 1002 | |||
1003 | static void | 1003 | static void | |
1004 | ss_embedded_signature_free(__ops_ss_embedded_signature_t *ss_embedded_signature) | 1004 | ss_embedded_signature_free(__ops_ss_embedded_signature_t *ss_embedded_signature) | |
1005 | { | 1005 | { | |
1006 | data_free(&ss_embedded_signature->sig); | 1006 | data_free(&ss_embedded_signature->sig); | |
1007 | } | 1007 | } | |
1008 | 1008 | |||
1009 | /** | 1009 | /** | |
1010 | \ingroup Core_Create | 1010 | \ingroup Core_Create | |
1011 | \brief Free allocated memory | 1011 | \brief Free allocated memory | |
1012 | */ | 1012 | */ | |
1013 | /* ! Free any memory allocated when parsing the packet content */ | 1013 | /* ! Free any memory allocated when parsing the packet content */ | |
1014 | void | 1014 | void | |
1015 | __ops_parser_content_free(__ops_parser_content_t * c) | 1015 | __ops_parser_content_free(__ops_packet_t * c) | |
1016 | { | 1016 | { | |
1017 | switch (c->tag) { | 1017 | switch (c->tag) { | |
1018 | case OPS_PARSER_PTAG: | 1018 | case OPS_PARSER_PTAG: | |
1019 | case OPS_PTAG_CT_COMPRESSED: | 1019 | case OPS_PTAG_CT_COMPRESSED: | |
1020 | case OPS_PTAG_SS_CREATION_TIME: | 1020 | case OPS_PTAG_SS_CREATION_TIME: | |
1021 | case OPS_PTAG_SS_EXPIRATION_TIME: | 1021 | case OPS_PTAG_SS_EXPIRATION_TIME: | |
1022 | case OPS_PTAG_SS_KEY_EXPIRATION_TIME: | 1022 | case OPS_PTAG_SS_KEY_EXPIRATION_TIME: | |
1023 | case OPS_PTAG_SS_TRUST: | 1023 | case OPS_PTAG_SS_TRUST: | |
1024 | case OPS_PTAG_SS_ISSUER_KEY_ID: | 1024 | case OPS_PTAG_SS_ISSUER_KEY_ID: | |
1025 | case OPS_PTAG_CT_ONE_PASS_SIGNATURE: | 1025 | case OPS_PTAG_CT_ONE_PASS_SIGNATURE: | |
1026 | case OPS_PTAG_SS_PRIMARY_USER_ID: | 1026 | case OPS_PTAG_SS_PRIMARY_USER_ID: | |
1027 | case OPS_PTAG_SS_REVOCABLE: | 1027 | case OPS_PTAG_SS_REVOCABLE: | |
1028 | case OPS_PTAG_SS_REVOCATION_KEY: | 1028 | case OPS_PTAG_SS_REVOCATION_KEY: | |
@@ -1052,27 +1052,27 @@ __ops_parser_content_free(__ops_parser_c | @@ -1052,27 +1052,27 @@ __ops_parser_content_free(__ops_parser_c | |||
1052 | break; | 1052 | break; | |
1053 | 1053 | |||
1054 | case OPS_PTAG_CT_TRUST: | 1054 | case OPS_PTAG_CT_TRUST: | |
1055 | trust_free(&c->u.trust); | 1055 | trust_free(&c->u.trust); | |
1056 | break; | 1056 | break; | |
1057 | 1057 | |||
1058 | case OPS_PTAG_CT_SIGNATURE: | 1058 | case OPS_PTAG_CT_SIGNATURE: | |
1059 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | 1059 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | |
1060 | signature_free(&c->u.signature); | 1060 | signature_free(&c->u.signature); | |
1061 | break; | 1061 | break; | |
1062 | 1062 | |||
1063 | case OPS_PTAG_CT_PUBLIC_KEY: | 1063 | case OPS_PTAG_CT_PUBLIC_KEY: | |
1064 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | 1064 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | |
1065 | __ops_public_key_free(&c->u.public_key); | 1065 | __ops_public_key_free(&c->u.pubkey); | |
1066 | break; | 1066 | break; | |
1067 | 1067 | |||
1068 | case OPS_PTAG_CT_USER_ID: | 1068 | case OPS_PTAG_CT_USER_ID: | |
1069 | __ops_user_id_free(&c->u.user_id); | 1069 | __ops_user_id_free(&c->u.user_id); | |
1070 | break; | 1070 | break; | |
1071 | 1071 | |||
1072 | case OPS_PTAG_SS_SIGNERS_USER_ID: | 1072 | case OPS_PTAG_SS_SIGNERS_USER_ID: | |
1073 | __ops_user_id_free(&c->u.ss_signers_user_id); | 1073 | __ops_user_id_free(&c->u.ss_signers_user_id); | |
1074 | break; | 1074 | break; | |
1075 | 1075 | |||
1076 | case OPS_PTAG_CT_USER_ATTRIBUTE: | 1076 | case OPS_PTAG_CT_USER_ATTRIBUTE: | |
1077 | __ops_user_attribute_free(&c->u.user_attribute); | 1077 | __ops_user_attribute_free(&c->u.user_attribute); | |
1078 | break; | 1078 | break; | |
@@ -1134,45 +1134,45 @@ __ops_parser_content_free(__ops_parser_c | @@ -1134,45 +1134,45 @@ __ops_parser_content_free(__ops_parser_c | |||
1134 | case OPS_PTAG_SS_RESERVED: | 1134 | case OPS_PTAG_SS_RESERVED: | |
1135 | ss_reserved_free(&c->u.ss_unknown); | 1135 | ss_reserved_free(&c->u.ss_unknown); | |
1136 | break; | 1136 | break; | |
1137 | 1137 | |||
1138 | case OPS_PTAG_SS_REVOCATION_REASON: | 1138 | case OPS_PTAG_SS_REVOCATION_REASON: | |
1139 | ss_revocation_reason_free(&c->u.ss_revocation_reason); | 1139 | ss_revocation_reason_free(&c->u.ss_revocation_reason); | |
1140 | break; | 1140 | break; | |
1141 | 1141 | |||
1142 | case OPS_PTAG_SS_EMBEDDED_SIGNATURE: | 1142 | case OPS_PTAG_SS_EMBEDDED_SIGNATURE: | |
1143 | ss_embedded_signature_free(&c->u.ss_embedded_signature); | 1143 | ss_embedded_signature_free(&c->u.ss_embedded_signature); | |
1144 | break; | 1144 | break; | |
1145 | 1145 | |||
1146 | case OPS_PARSER_PACKET_END: | 1146 | case OPS_PARSER_PACKET_END: | |
1147 | __ops_packet_free(&c->u.packet); | 1147 | __ops_subpacket_free(&c->u.packet); | |
1148 | break; | 1148 | break; | |
1149 | 1149 | |||
1150 | case OPS_PARSER_ERROR: | 1150 | case OPS_PARSER_ERROR: | |
1151 | case OPS_PARSER_ERRCODE: | 1151 | case OPS_PARSER_ERRCODE: | |
1152 | break; | 1152 | break; | |
1153 | 1153 | |||
1154 | case OPS_PTAG_CT_SECRET_KEY: | 1154 | case OPS_PTAG_CT_SECRET_KEY: | |
1155 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | 1155 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | |
1156 | __ops_secret_key_free(&c->u.secret_key); | 1156 | __ops_secret_key_free(&c->u.secret_key); | |
1157 | break; | 1157 | break; | |
1158 | 1158 | |||
1159 | case OPS_PTAG_CT_PK_SESSION_KEY: | 1159 | case OPS_PTAG_CT_PK_SESSION_KEY: | |
1160 | case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: | 1160 | case OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY: | |
1161 | __ops_pk_session_key_free(&c->u.pk_session_key); | 1161 | __ops_pk_session_key_free(&c->u.pk_session_key); | |
1162 | break; | 1162 | break; | |
1163 | 1163 | |||
1164 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 1164 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
1165 | __ops_cmd_get_passphrase_free(&c->u.secret_key_passphrase); | 1165 | __ops_cmd_get_passphrase_free(&c->u.skey_passphrase); | |
1166 | break; | 1166 | break; | |
1167 | 1167 | |||
1168 | default: | 1168 | default: | |
1169 | fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); | 1169 | fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); | |
1170 | assert( /* CONSTCOND */ 0); | 1170 | assert( /* CONSTCOND */ 0); | |
1171 | } | 1171 | } | |
1172 | } | 1172 | } | |
1173 | 1173 | |||
1174 | /** | 1174 | /** | |
1175 | \ingroup Core_Create | 1175 | \ingroup Core_Create | |
1176 | \brief Free allocated memory | 1176 | \brief Free allocated memory | |
1177 | */ | 1177 | */ | |
1178 | void | 1178 | void | |
@@ -1234,112 +1234,121 @@ __ops_public_key_free(__ops_public_key_t | @@ -1234,112 +1234,121 @@ __ops_public_key_free(__ops_public_key_t | |||
1234 | 1234 | |||
1235 | /** | 1235 | /** | |
1236 | \ingroup Core_ReadPackets | 1236 | \ingroup Core_ReadPackets | |
1237 | */ | 1237 | */ | |
1238 | static int | 1238 | static int | |
1239 | parse_public_key_data(__ops_public_key_t * key, __ops_region_t * region, | 1239 | parse_public_key_data(__ops_public_key_t * key, __ops_region_t * region, | |
1240 | __ops_parse_info_t * pinfo) | 1240 | __ops_parse_info_t * pinfo) | |
1241 | { | 1241 | { | |
1242 | unsigned char c[1] = ""; | 1242 | unsigned char c[1] = ""; | |
1243 | 1243 | |||
1244 | assert(region->length_read == 0); /* We should not have read | 1244 | assert(region->length_read == 0); /* We should not have read | |
1245 | * anything so far */ | 1245 | * anything so far */ | |
1246 | 1246 | |||
1247 | if (!limited_read(c, 1, region, pinfo)) | 1247 | if (!limited_read(c, 1, region, pinfo)) { | |
1248 | return 0; | 1248 | return 0; | |
1249 | } | |||
1249 | key->version = c[0]; | 1250 | key->version = c[0]; | |
1250 | if (key->version < 2 || key->version > 4) { | 1251 | if (key->version < 2 || key->version > 4) { | |
1251 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN, | 1252 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PUBLIC_KEY_VRSN, | |
1252 | "Bad public key version (0x%02x)", key->version); | 1253 | "Bad public key version (0x%02x)", key->version); | |
1253 | return 0; | 1254 | return 0; | |
1254 | } | 1255 | } | |
1255 | if (!limited_read_time(&key->creation_time, region, pinfo)) | 1256 | if (!limited_read_time(&key->creation_time, region, pinfo)) { | |
1256 | return 0; | 1257 | return 0; | |
1258 | } | |||
1257 | 1259 | |||
1258 | key->days_valid = 0; | 1260 | key->days_valid = 0; | |
1259 | if ((key->version == 2 || key->version == 3) | 1261 | if ((key->version == 2 || key->version == 3) && | |
1260 | && !limited_read_scalar(&key->days_valid, 2, region, pinfo)) | 1262 | !limited_read_scalar(&key->days_valid, 2, region, pinfo)) { | |
1261 | return 0; | 1263 | return 0; | |
1264 | } | |||
1262 | 1265 | |||
1263 | if (!limited_read(c, 1, region, pinfo)) | 1266 | if (!limited_read(c, 1, region, pinfo)) | |
1264 | return 0; | 1267 | return 0; | |
1265 | 1268 | |||
1266 | key->algorithm = c[0]; | 1269 | key->algorithm = c[0]; | |
1267 | 1270 | |||
1268 | switch (key->algorithm) { | 1271 | switch (key->algorithm) { | |
1269 | case OPS_PKA_DSA: | 1272 | case OPS_PKA_DSA: | |
1270 | if (!limited_read_mpi(&key->key.dsa.p, region, pinfo) | 1273 | if (!limited_read_mpi(&key->key.dsa.p, region, pinfo) || | |
1271 | || !limited_read_mpi(&key->key.dsa.q, region, pinfo) | 1274 | !limited_read_mpi(&key->key.dsa.q, region, pinfo) || | |
1272 | || !limited_read_mpi(&key->key.dsa.g, region, pinfo) | 1275 | !limited_read_mpi(&key->key.dsa.g, region, pinfo) || | |
1273 | || !limited_read_mpi(&key->key.dsa.y, region, pinfo)) | 1276 | !limited_read_mpi(&key->key.dsa.y, region, pinfo)) { | |
1274 | return 0; | 1277 | return 0; | |
1278 | } | |||
1275 | break; | 1279 | break; | |
1276 | 1280 | |||
1277 | case OPS_PKA_RSA: | 1281 | case OPS_PKA_RSA: | |
1278 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 1282 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
1279 | case OPS_PKA_RSA_SIGN_ONLY: | 1283 | case OPS_PKA_RSA_SIGN_ONLY: | |
1280 | if (!limited_read_mpi(&key->key.rsa.n, region, pinfo) | 1284 | if (!limited_read_mpi(&key->key.rsa.n, region, pinfo) || | |
1281 | || !limited_read_mpi(&key->key.rsa.e, region, pinfo)) | 1285 | !limited_read_mpi(&key->key.rsa.e, region, pinfo)) { | |
1282 | return 0; | 1286 | return 0; | |
1287 | } | |||
1283 | break; | 1288 | break; | |
1284 | 1289 | |||
1285 | case OPS_PKA_ELGAMAL: | 1290 | case OPS_PKA_ELGAMAL: | |
1286 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 1291 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
1287 | if (!limited_read_mpi(&key->key.elgamal.p, region, pinfo) | 1292 | if (!limited_read_mpi(&key->key.elgamal.p, region, pinfo) || | |
1288 | || !limited_read_mpi(&key->key.elgamal.g, region, pinfo) | 1293 | !limited_read_mpi(&key->key.elgamal.g, region, pinfo) || | |
1289 | || !limited_read_mpi(&key->key.elgamal.y, region, pinfo)) | 1294 | !limited_read_mpi(&key->key.elgamal.y, region, pinfo)) { | |
1290 | return 0; | 1295 | return 0; | |
1296 | } | |||
1291 | break; | 1297 | break; | |
1292 | 1298 | |||
1293 | default: | 1299 | default: | |
1294 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, "Unsupported Public Key algorithm (%s)", __ops_show_pka(key->algorithm)); | 1300 | OPS_ERROR_1(&pinfo->errors, | |
1301 | OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, | |||
1302 | "Unsupported Public Key algorithm (%s)", | |||
1303 | __ops_show_pka(key->algorithm)); | |||
1295 | return 0; | 1304 | return 0; | |
1296 | } | 1305 | } | |
1297 | 1306 | |||
1298 | return 1; | 1307 | return 1; | |
1299 | } | 1308 | } | |
1300 | 1309 | |||
1301 | 1310 | |||
1302 | /** | 1311 | /** | |
1303 | * \ingroup Core_ReadPackets | 1312 | * \ingroup Core_ReadPackets | |
1304 | * \brief Parse a public key packet. | 1313 | * \brief Parse a public key packet. | |
1305 | * | 1314 | * | |
1306 | * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. | 1315 | * This function parses an entire v3 (== v2) or v4 public key packet for RSA, ElGamal, and DSA keys. | |
1307 | * | 1316 | * | |
1308 | * Once the key has been parsed successfully, it is passed to the callback. | 1317 | * Once the key has been parsed successfully, it is passed to the callback. | |
1309 | * | 1318 | * | |
1310 | * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. | 1319 | * \param *ptag Pointer to the current Packet Tag. This function should consume the entire packet. | |
1311 | * \param *reader Our reader | 1320 | * \param *reader Our reader | |
1312 | * \param *cb The callback | 1321 | * \param *cb The callback | |
1313 | * \return 1 on success, 0 on error | 1322 | * \return 1 on success, 0 on error | |
1314 | * | 1323 | * | |
1315 | * \see RFC4880 5.5.2 | 1324 | * \see RFC4880 5.5.2 | |
1316 | */ | 1325 | */ | |
1317 | static int | 1326 | static int | |
1318 | parse_public_key(__ops_content_tag_t tag, __ops_region_t * region, | 1327 | parse_public_key(__ops_content_tag_t tag, __ops_region_t * region, | |
1319 | __ops_parse_info_t * pinfo) | 1328 | __ops_parse_info_t * pinfo) | |
1320 | { | 1329 | { | |
1321 | __ops_parser_content_t content; | 1330 | __ops_packet_t pkt; | |
1322 | 1331 | |||
1323 | if (!parse_public_key_data(&content.u.public_key, region, pinfo)) | 1332 | if (!parse_public_key_data(&pkt.u.pubkey, region, pinfo)) | |
1324 | return 0; | 1333 | return 0; | |
1325 | 1334 | |||
1326 | /* XXX: this test should be done for all packets, surely? */ | 1335 | /* XXX: this test should be done for all packets, surely? */ | |
1327 | if (region->length_read != region->length) { | 1336 | if (region->length_read != region->length) { | |
1328 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | 1337 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | |
1329 | "Unconsumed data (%d)", region->length - region->length_read); | 1338 | "Unconsumed data (%d)", region->length - region->length_read); | |
1330 | return 0; | 1339 | return 0; | |
1331 | } | 1340 | } | |
1332 | CALLBACK(&pinfo->cbinfo, tag, &content); | 1341 | CALLBACK(&pinfo->cbinfo, tag, &pkt); | |
1333 | 1342 | |||
1334 | return 1; | 1343 | return 1; | |
1335 | } | 1344 | } | |
1336 | 1345 | |||
1337 | 1346 | |||
1338 | /** | 1347 | /** | |
1339 | \ingroup Core_Create | 1348 | \ingroup Core_Create | |
1340 | \brief Free allocated memory | 1349 | \brief Free allocated memory | |
1341 | */ | 1350 | */ | |
1342 | /* ! Free the memory used when parsing this packet type */ | 1351 | /* ! Free the memory used when parsing this packet type */ | |
1343 | void | 1352 | void | |
1344 | __ops_user_attribute_free(__ops_user_attribute_t * user_att) | 1353 | __ops_user_attribute_free(__ops_user_attribute_t * user_att) | |
1345 | { | 1354 | { | |
@@ -1348,40 +1357,40 @@ __ops_user_attribute_free(__ops_user_att | @@ -1348,40 +1357,40 @@ __ops_user_attribute_free(__ops_user_att | |||
1348 | 1357 | |||
1349 | /** | 1358 | /** | |
1350 | * \ingroup Core_ReadPackets | 1359 | * \ingroup Core_ReadPackets | |
1351 | * \brief Parse one user attribute packet. | 1360 | * \brief Parse one user attribute packet. | |
1352 | * | 1361 | * | |
1353 | * User attribute packets contain one or more attribute subpackets. | 1362 | * User attribute packets contain one or more attribute subpackets. | |
1354 | * For now, handle the whole packet as raw data. | 1363 | * For now, handle the whole packet as raw data. | |
1355 | */ | 1364 | */ | |
1356 | 1365 | |||
1357 | static int | 1366 | static int | |
1358 | parse_user_attribute(__ops_region_t * region, __ops_parse_info_t * pinfo) | 1367 | parse_user_attribute(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
1359 | { | 1368 | { | |
1360 | 1369 | |||
1361 | __ops_parser_content_t content; | 1370 | __ops_packet_t pkt; | |
1362 | 1371 | |||
1363 | /* | 1372 | /* | |
1364 | * xxx- treat as raw data for now. Could break down further into | 1373 | * xxx- treat as raw data for now. Could break down further into | |
1365 | * attribute sub-packets later - rachel | 1374 | * attribute sub-packets later - rachel | |
1366 | */ | 1375 | */ | |
1367 | 1376 | |||
1368 | assert(region->length_read == 0); /* We should not have read | 1377 | assert(region->length_read == 0); /* We should not have read | |
1369 | * anything so far */ | 1378 | * anything so far */ | |
1370 | 1379 | |||
1371 | if (!read_data(&content.u.user_attribute.data, region, pinfo)) | 1380 | if (!read_data(&pkt.u.user_attribute.data, region, pinfo)) | |
1372 | return 0; | 1381 | return 0; | |
1373 | 1382 | |||
1374 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTRIBUTE, &content); | 1383 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ATTRIBUTE, &pkt); | |
1375 | 1384 | |||
1376 | return 1; | 1385 | return 1; | |
1377 | } | 1386 | } | |
1378 | 1387 | |||
1379 | /** | 1388 | /** | |
1380 | \ingroup Core_Create | 1389 | \ingroup Core_Create | |
1381 | \brief Free allocated memory | 1390 | \brief Free allocated memory | |
1382 | */ | 1391 | */ | |
1383 | /* ! Free the memory used when parsing this packet type */ | 1392 | /* ! Free the memory used when parsing this packet type */ | |
1384 | void | 1393 | void | |
1385 | __ops_user_id_free(__ops_user_id_t * id) | 1394 | __ops_user_id_free(__ops_user_id_t * id) | |
1386 | { | 1395 | { | |
1387 | free(id->user_id); | 1396 | free(id->user_id); | |
@@ -1400,42 +1409,42 @@ __ops_user_id_free(__ops_user_id_t * id) | @@ -1400,42 +1409,42 @@ __ops_user_id_free(__ops_user_id_t * id) | |||
1400 | * | 1409 | * | |
1401 | * Once the userid has been parsed successfully, it is passed to the callback. | 1410 | * Once the userid has been parsed successfully, it is passed to the callback. | |
1402 | * | 1411 | * | |
1403 | * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. | 1412 | * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. | |
1404 | * \param *reader Our reader | 1413 | * \param *reader Our reader | |
1405 | * \param *cb The callback | 1414 | * \param *cb The callback | |
1406 | * \return 1 on success, 0 on error | 1415 | * \return 1 on success, 0 on error | |
1407 | * | 1416 | * | |
1408 | * \see RFC4880 5.11 | 1417 | * \see RFC4880 5.11 | |
1409 | */ | 1418 | */ | |
1410 | static int | 1419 | static int | |
1411 | parse_user_id(__ops_region_t * region, __ops_parse_info_t * pinfo) | 1420 | parse_user_id(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
1412 | { | 1421 | { | |
1413 | __ops_parser_content_t content; | 1422 | __ops_packet_t pkt; | |
1414 | 1423 | |||
1415 | assert(region->length_read == 0); /* We should not have read | 1424 | assert(region->length_read == 0); /* We should not have read | |
1416 | * anything so far */ | 1425 | * anything so far */ | |
1417 | 1426 | |||
1418 | content.u.user_id.user_id = calloc(1, region->length + 1); /* XXX should we not | 1427 | pkt.u.user_id.user_id = calloc(1, region->length + 1); /* XXX should we not | |
1419 | * like check malloc's | 1428 | * like check malloc's | |
1420 | * return value? */ | 1429 | * return value? */ | |
1421 | 1430 | |||
1422 | if (region->length && !limited_read(content.u.user_id.user_id, region->length, region, | 1431 | if (region->length && !limited_read(pkt.u.user_id.user_id, region->length, region, | |
1423 | pinfo)) | 1432 | pinfo)) | |
1424 | return 0; | 1433 | return 0; | |
1425 | 1434 | |||
1426 | content.u.user_id.user_id[region->length] = '\0'; /* terminate the string */ | 1435 | pkt.u.user_id.user_id[region->length] = '\0'; /* terminate the string */ | |
1427 | 1436 | |||
1428 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ID, &content); | 1437 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_USER_ID, &pkt); | |
1429 | 1438 | |||
1430 | return 1; | 1439 | return 1; | |
1431 | } | 1440 | } | |
1432 | 1441 | |||
1433 | static __ops_hash_t * | 1442 | static __ops_hash_t * | |
1434 | parse_hash_find(__ops_parse_info_t * pinfo, | 1443 | parse_hash_find(__ops_parse_info_t * pinfo, | |
1435 | const unsigned char keyid[OPS_KEY_ID_SIZE]) | 1444 | const unsigned char keyid[OPS_KEY_ID_SIZE]) | |
1436 | { | 1445 | { | |
1437 | size_t n; | 1446 | size_t n; | |
1438 | 1447 | |||
1439 | for (n = 0; n < pinfo->nhashes; ++n) { | 1448 | for (n = 0; n < pinfo->nhashes; ++n) { | |
1440 | if (memcmp(pinfo->hashes[n].keyid, keyid, OPS_KEY_ID_SIZE) == 0) { | 1449 | if (memcmp(pinfo->hashes[n].keyid, keyid, OPS_KEY_ID_SIZE) == 0) { | |
1441 | return &pinfo->hashes[n].hash; | 1450 | return &pinfo->hashes[n].hash; | |
@@ -1453,101 +1462,116 @@ parse_hash_find(__ops_parse_info_t * pin | @@ -1453,101 +1462,116 @@ parse_hash_find(__ops_parse_info_t * pin | |||
1453 | * Once the signature has been parsed successfully, it is passed to the callback. | 1462 | * Once the signature has been parsed successfully, it is passed to the callback. | |
1454 | * | 1463 | * | |
1455 | * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. | 1464 | * \param *ptag Pointer to the Packet Tag. This function should consume the entire packet. | |
1456 | * \param *reader Our reader | 1465 | * \param *reader Our reader | |
1457 | * \param *cb The callback | 1466 | * \param *cb The callback | |
1458 | * \return 1 on success, 0 on error | 1467 | * \return 1 on success, 0 on error | |
1459 | * | 1468 | * | |
1460 | * \see RFC4880 5.2.2 | 1469 | * \see RFC4880 5.2.2 | |
1461 | */ | 1470 | */ | |
1462 | static int | 1471 | static int | |
1463 | parse_v3_signature(__ops_region_t * region, | 1472 | parse_v3_signature(__ops_region_t * region, | |
1464 | __ops_parse_info_t * pinfo) | 1473 | __ops_parse_info_t * pinfo) | |
1465 | { | 1474 | { | |
1466 | unsigned char c[1] = ""; | 1475 | __ops_packet_t pkt; | |
1467 | __ops_parser_content_t content; | 1476 | unsigned char c[1] = ""; | |
1468 | 1477 | |||
1469 | /* clear signature */ | 1478 | /* clear signature */ | |
1470 | (void) memset(&content.u.signature, 0x0, sizeof(content.u.signature)); | 1479 | (void) memset(&pkt.u.signature, 0x0, sizeof(pkt.u.signature)); | |
1471 | 1480 | |||
1472 | content.u.signature.info.version = OPS_V3; | 1481 | pkt.u.signature.info.version = OPS_V3; | |
1473 | 1482 | |||
1474 | /* hash info length */ | 1483 | /* hash info length */ | |
1475 | if (!limited_read(c, 1, region, pinfo)) | 1484 | if (!limited_read(c, 1, region, pinfo)) { | |
1476 | return 0; | 1485 | return 0; | |
1486 | } | |||
1477 | if (c[0] != 5) { | 1487 | if (c[0] != 5) { | |
1478 | ERRP(&pinfo->cbinfo, content, "bad hash info length"); | 1488 | ERRP(&pinfo->cbinfo, pkt, "bad hash info length"); | |
1479 | } | 1489 | } | |
1480 | 1490 | |||
1481 | if (!limited_read(c, 1, region, pinfo)) | 1491 | if (!limited_read(c, 1, region, pinfo)) { | |
1482 | return 0; | 1492 | return 0; | |
1483 | content.u.signature.info.type = c[0]; | 1493 | } | |
1494 | pkt.u.signature.info.type = c[0]; | |||
1484 | /* XXX: check signature type */ | 1495 | /* XXX: check signature type */ | |
1485 | 1496 | |||
1486 | if (!limited_read_time(&content.u.signature.info.creation_time, region, pinfo)) | 1497 | if (!limited_read_time(&pkt.u.signature.info.creation_time, | |
1498 | region, pinfo)) { | |||
1487 | return 0; | 1499 | return 0; | |
1488 | content.u.signature.info.creation_time_set = true; | 1500 | } | |
1501 | pkt.u.signature.info.creation_time_set = true; | |||
1489 | 1502 | |||
1490 | if (!limited_read(content.u.signature.info.signer_id, OPS_KEY_ID_SIZE, region, pinfo)) | 1503 | if (!limited_read(pkt.u.signature.info.signer_id, OPS_KEY_ID_SIZE, | |
1504 | region, pinfo)) { | |||
1491 | return 0; | 1505 | return 0; | |
1492 | content.u.signature.info.signer_id_set = true; | 1506 | } | |
1507 | pkt.u.signature.info.signer_id_set = true; | |||
1493 | 1508 | |||
1494 | if (!limited_read(c, 1, region, pinfo)) | 1509 | if (!limited_read(c, 1, region, pinfo)) { | |
1495 | return 0; | 1510 | return 0; | |
1496 | content.u.signature.info.key_algorithm = c[0]; | 1511 | } | |
1512 | pkt.u.signature.info.key_algorithm = c[0]; | |||
1497 | /* XXX: check algorithm */ | 1513 | /* XXX: check algorithm */ | |
1498 | 1514 | |||
1499 | if (!limited_read(c, 1, region, pinfo)) | 1515 | if (!limited_read(c, 1, region, pinfo)) { | |
1500 | return 0; | 1516 | return 0; | |
1501 | content.u.signature.info.hash_algorithm = c[0]; | 1517 | } | |
1518 | pkt.u.signature.info.hash_algorithm = c[0]; | |||
1502 | /* XXX: check algorithm */ | 1519 | /* XXX: check algorithm */ | |
1503 | 1520 | |||
1504 | if (!limited_read(content.u.signature.hash2, 2, region, pinfo)) | 1521 | if (!limited_read(pkt.u.signature.hash2, 2, region, pinfo)) { | |
1505 | return 0; | 1522 | return 0; | |
1523 | } | |||
1506 | 1524 | |||
1507 | switch (content.u.signature.info.key_algorithm) { | 1525 | switch (pkt.u.signature.info.key_algorithm) { | |
1508 | case OPS_PKA_RSA: | 1526 | case OPS_PKA_RSA: | |
1509 | case OPS_PKA_RSA_SIGN_ONLY: | 1527 | case OPS_PKA_RSA_SIGN_ONLY: | |
1510 | if (!limited_read_mpi(&content.u.signature.info.signature.rsa.sig, region, pinfo)) | 1528 | if (!limited_read_mpi(&pkt.u.signature.info.signature.rsa.sig, region, pinfo)) { | |
1511 | return 0; | 1529 | return 0; | |
1530 | } | |||
1512 | break; | 1531 | break; | |
1513 | 1532 | |||
1514 | case OPS_PKA_DSA: | 1533 | case OPS_PKA_DSA: | |
1515 | if (!limited_read_mpi(&content.u.signature.info.signature.dsa.r, region, pinfo) | 1534 | if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.r, region, pinfo) || | |
1516 | || !limited_read_mpi(&content.u.signature.info.signature.dsa.s, region, pinfo)) | 1535 | !limited_read_mpi(&pkt.u.signature.info.signature.dsa.s, region, pinfo)) { | |
1517 | return 0; | 1536 | return 0; | |
1537 | } | |||
1518 | break; | 1538 | break; | |
1519 | 1539 | |||
1520 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 1540 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
1521 | if (!limited_read_mpi(&content.u.signature.info.signature.elgamal.r, region, pinfo) | 1541 | if (!limited_read_mpi(&pkt.u.signature.info.signature.elgamal.r, region, pinfo) || | |
1522 | || !limited_read_mpi(&content.u.signature.info.signature.elgamal.s, region, pinfo)) | 1542 | !limited_read_mpi(&pkt.u.signature.info.signature.elgamal.s, region, pinfo)) { | |
1523 | return 0; | 1543 | return 0; | |
1544 | } | |||
1524 | break; | 1545 | break; | |
1525 | 1546 | |||
1526 | default: | 1547 | default: | |
1527 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, | 1548 | OPS_ERROR_1(&pinfo->errors, | |
1528 | "Unsupported signature key algorithm (%s)", | 1549 | OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, | |
1529 | __ops_show_pka(content.u.signature.info.key_algorithm)); | 1550 | "Unsupported signature key algorithm (%s)", | |
1551 | __ops_show_pka(pkt.u.signature.info.key_algorithm)); | |||
1530 | return 0; | 1552 | return 0; | |
1531 | } | 1553 | } | |
1532 | 1554 | |||
1533 | if (region->length_read != region->length) { | 1555 | if (region->length_read != region->length) { | |
1534 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, "Unconsumed data (%d)", region->length - region->length_read); | 1556 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, "Unconsumed data (%d)", region->length - region->length_read); | |
1535 | return 0; | 1557 | return 0; | |
1536 | } | 1558 | } | |
1537 | if (content.u.signature.info.signer_id_set) | 1559 | if (pkt.u.signature.info.signer_id_set) { | |
1538 | content.u.signature.hash = parse_hash_find(pinfo, content.u.signature.info.signer_id); | 1560 | pkt.u.signature.hash = parse_hash_find(pinfo, | |
1561 | pkt.u.signature.info.signer_id); | |||
1562 | } | |||
1539 | 1563 | |||
1540 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE, &content); | 1564 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE, &pkt); | |
1541 | 1565 | |||
1542 | return 1; | 1566 | return 1; | |
1543 | } | 1567 | } | |
1544 | 1568 | |||
1545 | /** | 1569 | /** | |
1546 | * \ingroup Core_ReadPackets | 1570 | * \ingroup Core_ReadPackets | |
1547 | * \brief Parse one signature sub-packet. | 1571 | * \brief Parse one signature sub-packet. | |
1548 | * | 1572 | * | |
1549 | * Version 4 signatures can have an arbitrary amount of (hashed and unhashed) subpackets. Subpackets are used to hold | 1573 | * Version 4 signatures can have an arbitrary amount of (hashed and unhashed) subpackets. Subpackets are used to hold | |
1550 | * optional attributes of subpackets. | 1574 | * optional attributes of subpackets. | |
1551 | * | 1575 | * | |
1552 | * This function parses one such signature subpacket. | 1576 | * This function parses one such signature subpacket. | |
1553 | * | 1577 | * | |
@@ -1557,513 +1581,520 @@ parse_v3_signature(__ops_region_t * regi | @@ -1557,513 +1581,520 @@ parse_v3_signature(__ops_region_t * regi | |||
1557 | * \param *reader Our reader | 1581 | * \param *reader Our reader | |
1558 | * \param *cb The callback | 1582 | * \param *cb The callback | |
1559 | * \return 1 on success, 0 on error | 1583 | * \return 1 on success, 0 on error | |
1560 | * | 1584 | * | |
1561 | * \see RFC4880 5.2.3 | 1585 | * \see RFC4880 5.2.3 | |
1562 | */ | 1586 | */ | |
1563 | static int | 1587 | static int | |
1564 | parse_one_signature_subpacket(__ops_signature_t * sig, | 1588 | parse_one_signature_subpacket(__ops_signature_t * sig, | |
1565 | __ops_region_t * region, | 1589 | __ops_region_t * region, | |
1566 | __ops_parse_info_t * pinfo) | 1590 | __ops_parse_info_t * pinfo) | |
1567 | { | 1591 | { | |
1568 | __ops_region_t subregion; | 1592 | __ops_region_t subregion; | |
1569 | unsigned char c[1] = ""; | 1593 | unsigned char c[1] = ""; | |
1570 | __ops_parser_content_t content; | 1594 | __ops_packet_t pkt; | |
1571 | unsigned t8, t7; | 1595 | unsigned t8, t7; | |
1572 | bool doread = true; | 1596 | bool doread = true; | |
1573 | unsigned char bools[1] = ""; | 1597 | unsigned char bools[1] = ""; | |
1574 | 1598 | |||
1575 | __ops_init_subregion(&subregion, region); | 1599 | __ops_init_subregion(&subregion, region); | |
1576 | if (!limited_read_new_length(&subregion.length, region, pinfo)) | 1600 | if (!limited_read_new_length(&subregion.length, region, pinfo)) | |
1577 | return 0; | 1601 | return 0; | |
1578 | 1602 | |||
1579 | if (subregion.length > region->length) | 1603 | if (subregion.length > region->length) | |
1580 | ERRP(&pinfo->cbinfo, content, "Subpacket too long"); | 1604 | ERRP(&pinfo->cbinfo, pkt, "Subpacket too long"); | |
1581 | 1605 | |||
1582 | if (!limited_read(c, 1, &subregion, pinfo)) | 1606 | if (!limited_read(c, 1, &subregion, pinfo)) | |
1583 | return 0; | 1607 | return 0; | |
1584 | 1608 | |||
1585 | t8 = (c[0] & 0x7f) / 8; | 1609 | t8 = (c[0] & 0x7f) / 8; | |
1586 | t7 = 1 << (c[0] & 7); | 1610 | t7 = 1 << (c[0] & 7); | |
1587 | 1611 | |||
1588 | content.critical = (unsigned)c[0] >> 7; | 1612 | pkt.critical = (unsigned)c[0] >> 7; | |
1589 | content.tag = OPS_PTAG_SIGNATURE_SUBPACKET_BASE + (c[0] & 0x7f); | 1613 | pkt.tag = OPS_PTAG_SIGNATURE_SUBPACKET_BASE + (c[0] & 0x7f); | |
1590 | 1614 | |||
1591 | /* Application wants it delivered raw */ | 1615 | /* Application wants it delivered raw */ | |
1592 | if (pinfo->ss_raw[t8] & t7) { | 1616 | if (pinfo->ss_raw[t8] & t7) { | |
1593 | content.u.ss_raw.tag = content.tag; | 1617 | pkt.u.ss_raw.tag = pkt.tag; | |
1594 | content.u.ss_raw.length = subregion.length - 1; | 1618 | pkt.u.ss_raw.length = subregion.length - 1; | |
1595 | content.u.ss_raw.raw = calloc(1, content.u.ss_raw.length); | 1619 | pkt.u.ss_raw.raw = calloc(1, pkt.u.ss_raw.length); | |
1596 | if (!limited_read(content.u.ss_raw.raw, content.u.ss_raw.length, &subregion, pinfo)) | 1620 | if (!limited_read(pkt.u.ss_raw.raw, pkt.u.ss_raw.length, &subregion, pinfo)) | |
1597 | return 0; | 1621 | return 0; | |
1598 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_RAW_SS, &content); | 1622 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_RAW_SS, &pkt); | |
1599 | return 1; | 1623 | return 1; | |
1600 | } | 1624 | } | |
1601 | switch (content.tag) { | 1625 | switch (pkt.tag) { | |
1602 | case OPS_PTAG_SS_CREATION_TIME: | 1626 | case OPS_PTAG_SS_CREATION_TIME: | |
1603 | case OPS_PTAG_SS_EXPIRATION_TIME: | 1627 | case OPS_PTAG_SS_EXPIRATION_TIME: | |
1604 | case OPS_PTAG_SS_KEY_EXPIRATION_TIME: | 1628 | case OPS_PTAG_SS_KEY_EXPIRATION_TIME: | |
1605 | if (!limited_read_time(&content.u.ss_time.time, &subregion, pinfo)) | 1629 | if (!limited_read_time(&pkt.u.ss_time.time, &subregion, pinfo)) | |
1606 | return 0; | 1630 | return 0; | |
1607 | if (content.tag == OPS_PTAG_SS_CREATION_TIME) { | 1631 | if (pkt.tag == OPS_PTAG_SS_CREATION_TIME) { | |
1608 | sig->info.creation_time = content.u.ss_time.time; | 1632 | sig->info.creation_time = pkt.u.ss_time.time; | |
1609 | sig->info.creation_time_set = true; | 1633 | sig->info.creation_time_set = true; | |
1610 | } | 1634 | } | |
1611 | break; | 1635 | break; | |
1612 | 1636 | |||
1613 | case OPS_PTAG_SS_TRUST: | 1637 | case OPS_PTAG_SS_TRUST: | |
1614 | if (!limited_read(&content.u.ss_trust.level, 1, &subregion, pinfo) | 1638 | if (!limited_read(&pkt.u.ss_trust.level, 1, &subregion, pinfo) | |
1615 | || !limited_read(&content.u.ss_trust.amount, 1, &subregion, pinfo)) | 1639 | || !limited_read(&pkt.u.ss_trust.amount, 1, &subregion, pinfo)) | |
1616 | return 0; | 1640 | return 0; | |
1617 | break; | 1641 | break; | |
1618 | 1642 | |||
1619 | case OPS_PTAG_SS_REVOCABLE: | 1643 | case OPS_PTAG_SS_REVOCABLE: | |
1620 | if (!limited_read(bools, 1, &subregion, pinfo)) | 1644 | if (!limited_read(bools, 1, &subregion, pinfo)) | |
1621 | return 0; | 1645 | return 0; | |
1622 | content.u.ss_revocable.revocable = !!bools[0]; | 1646 | pkt.u.ss_revocable.revocable = !!bools[0]; | |
1623 | break; | 1647 | break; | |
1624 | 1648 | |||
1625 | case OPS_PTAG_SS_ISSUER_KEY_ID: | 1649 | case OPS_PTAG_SS_ISSUER_KEY_ID: | |
1626 | if (!limited_read(content.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE, | 1650 | if (!limited_read(pkt.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE, | |
1627 | &subregion, pinfo)) | 1651 | &subregion, pinfo)) | |
1628 | return 0; | 1652 | return 0; | |
1629 | (void) memcpy(sig->info.signer_id, content.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE); | 1653 | (void) memcpy(sig->info.signer_id, pkt.u.ss_issuer_key_id.key_id, OPS_KEY_ID_SIZE); | |
1630 | sig->info.signer_id_set = true; | 1654 | sig->info.signer_id_set = true; | |
1631 | break; | 1655 | break; | |
1632 | 1656 | |||
1633 | case OPS_PTAG_SS_PREFERRED_SKA: | 1657 | case OPS_PTAG_SS_PREFERRED_SKA: | |
1634 | if (!read_data(&content.u.ss_preferred_ska.data, &subregion, pinfo)) | 1658 | if (!read_data(&pkt.u.ss_preferred_ska.data, &subregion, pinfo)) | |
1635 | return 0; | 1659 | return 0; | |
1636 | break; | 1660 | break; | |
1637 | 1661 | |||
1638 | case OPS_PTAG_SS_PREFERRED_HASH: | 1662 | case OPS_PTAG_SS_PREFERRED_HASH: | |
1639 | if (!read_data(&content.u.ss_preferred_hash.data, &subregion, pinfo)) | 1663 | if (!read_data(&pkt.u.ss_preferred_hash.data, &subregion, pinfo)) | |
1640 | return 0; | 1664 | return 0; | |
1641 | break; | 1665 | break; | |
1642 | 1666 | |||
1643 | case OPS_PTAG_SS_PREFERRED_COMPRESSION: | 1667 | case OPS_PTAG_SS_PREFERRED_COMPRESSION: | |
1644 | if (!read_data(&content.u.ss_preferred_compression.data, &subregion, pinfo)) | 1668 | if (!read_data(&pkt.u.ss_preferred_compression.data, &subregion, pinfo)) | |
1645 | return 0; | 1669 | return 0; | |
1646 | break; | 1670 | break; | |
1647 | 1671 | |||
1648 | case OPS_PTAG_SS_PRIMARY_USER_ID: | 1672 | case OPS_PTAG_SS_PRIMARY_USER_ID: | |
1649 | if (!limited_read(bools, 1, &subregion, pinfo)) | 1673 | if (!limited_read(bools, 1, &subregion, pinfo)) | |
1650 | return 0; | 1674 | return 0; | |
1651 | content.u.ss_primary_user_id.primary_user_id = !!bools[0]; | 1675 | pkt.u.ss_primary_user_id.primary_user_id = !!bools[0]; | |
1652 | break; | 1676 | break; | |
1653 | 1677 | |||
1654 | case OPS_PTAG_SS_KEY_FLAGS: | 1678 | case OPS_PTAG_SS_KEY_FLAGS: | |
1655 | if (!read_data(&content.u.ss_key_flags.data, &subregion, pinfo)) | 1679 | if (!read_data(&pkt.u.ss_key_flags.data, &subregion, pinfo)) | |
1656 | return 0; | 1680 | return 0; | |
1657 | break; | 1681 | break; | |
1658 | 1682 | |||
1659 | case OPS_PTAG_SS_KEY_SERVER_PREFS: | 1683 | case OPS_PTAG_SS_KEY_SERVER_PREFS: | |
1660 | if (!read_data(&content.u.ss_key_server_prefs.data, &subregion, pinfo)) | 1684 | if (!read_data(&pkt.u.ss_key_server_prefs.data, &subregion, pinfo)) | |
1661 | return 0; | 1685 | return 0; | |
1662 | break; | 1686 | break; | |
1663 | 1687 | |||
1664 | case OPS_PTAG_SS_FEATURES: | 1688 | case OPS_PTAG_SS_FEATURES: | |
1665 | if (!read_data(&content.u.ss_features.data, &subregion, pinfo)) | 1689 | if (!read_data(&pkt.u.ss_features.data, &subregion, pinfo)) | |
1666 | return 0; | 1690 | return 0; | |
1667 | break; | 1691 | break; | |
1668 | 1692 | |||
1669 | case OPS_PTAG_SS_SIGNERS_USER_ID: | 1693 | case OPS_PTAG_SS_SIGNERS_USER_ID: | |
1670 | if (!read_unsigned_string(&content.u.ss_signers_user_id.user_id, &subregion, pinfo)) | 1694 | if (!read_unsigned_string(&pkt.u.ss_signers_user_id.user_id, &subregion, pinfo)) | |
1671 | return 0; | 1695 | return 0; | |
1672 | break; | 1696 | break; | |
1673 | 1697 | |||
1674 | case OPS_PTAG_SS_EMBEDDED_SIGNATURE: | 1698 | case OPS_PTAG_SS_EMBEDDED_SIGNATURE: | |
1675 | /* \todo should do something with this sig? */ | 1699 | /* \todo should do something with this sig? */ | |
1676 | if (!read_data(&content.u.ss_embedded_signature.sig, &subregion, pinfo)) | 1700 | if (!read_data(&pkt.u.ss_embedded_signature.sig, &subregion, pinfo)) | |
1677 | return 0; | 1701 | return 0; | |
1678 | break; | 1702 | break; | |
1679 | 1703 | |||
1680 | case OPS_PTAG_SS_NOTATION_DATA: | 1704 | case OPS_PTAG_SS_NOTATION_DATA: | |
1681 | if (!limited_read_data(&content.u.ss_notation_data.flags, 4, &subregion, pinfo)) | 1705 | if (!limited_read_data(&pkt.u.ss_notation_data.flags, 4, &subregion, pinfo)) | |
1682 | return 0; | 1706 | return 0; | |
1683 | if (!limited_read_size_t_scalar(&content.u.ss_notation_data.name.len, 2, | 1707 | if (!limited_read_size_t_scalar(&pkt.u.ss_notation_data.name.len, 2, | |
1684 | &subregion, pinfo)) | 1708 | &subregion, pinfo)) | |
1685 | return 0; | 1709 | return 0; | |
1686 | if (!limited_read_size_t_scalar(&content.u.ss_notation_data.value.len, 2, | 1710 | if (!limited_read_size_t_scalar(&pkt.u.ss_notation_data.value.len, 2, | |
1687 | &subregion, pinfo)) | 1711 | &subregion, pinfo)) | |
1688 | return 0; | 1712 | return 0; | |
1689 | if (!limited_read_data(&content.u.ss_notation_data.name, | 1713 | if (!limited_read_data(&pkt.u.ss_notation_data.name, | |
1690 | content.u.ss_notation_data.name.len, &subregion, pinfo)) | 1714 | pkt.u.ss_notation_data.name.len, &subregion, pinfo)) | |
1691 | return 0; | 1715 | return 0; | |
1692 | if (!limited_read_data(&content.u.ss_notation_data.value, | 1716 | if (!limited_read_data(&pkt.u.ss_notation_data.value, | |
1693 | content.u.ss_notation_data.value.len, &subregion, pinfo)) | 1717 | pkt.u.ss_notation_data.value.len, &subregion, pinfo)) | |
1694 | return 0; | 1718 | return 0; | |
1695 | break; | 1719 | break; | |
1696 | 1720 | |||
1697 | case OPS_PTAG_SS_POLICY_URI: | 1721 | case OPS_PTAG_SS_POLICY_URI: | |
1698 | if (!read_string(&content.u.ss_policy_url.text, &subregion, pinfo)) | 1722 | if (!read_string(&pkt.u.ss_policy_url.text, &subregion, pinfo)) | |
1699 | return 0; | 1723 | return 0; | |
1700 | break; | 1724 | break; | |
1701 | 1725 | |||
1702 | case OPS_PTAG_SS_REGEXP: | 1726 | case OPS_PTAG_SS_REGEXP: | |
1703 | if (!read_string(&content.u.ss_regexp.text, &subregion, pinfo)) | 1727 | if (!read_string(&pkt.u.ss_regexp.text, &subregion, pinfo)) | |
1704 | return 0; | 1728 | return 0; | |
1705 | break; | 1729 | break; | |
1706 | 1730 | |||
1707 | case OPS_PTAG_SS_PREFERRED_KEY_SERVER: | 1731 | case OPS_PTAG_SS_PREFERRED_KEY_SERVER: | |
1708 | if (!read_string(&content.u.ss_preferred_key_server.text, &subregion, pinfo)) | 1732 | if (!read_string(&pkt.u.ss_preferred_key_server.text, &subregion, pinfo)) | |
1709 | return 0; | 1733 | return 0; | |
1710 | break; | 1734 | break; | |
1711 | 1735 | |||
1712 | case OPS_PTAG_SS_USERDEFINED00: | 1736 | case OPS_PTAG_SS_USERDEFINED00: | |
1713 | case OPS_PTAG_SS_USERDEFINED01: | 1737 | case OPS_PTAG_SS_USERDEFINED01: | |
1714 | case OPS_PTAG_SS_USERDEFINED02: | 1738 | case OPS_PTAG_SS_USERDEFINED02: | |
1715 | case OPS_PTAG_SS_USERDEFINED03: | 1739 | case OPS_PTAG_SS_USERDEFINED03: | |
1716 | case OPS_PTAG_SS_USERDEFINED04: | 1740 | case OPS_PTAG_SS_USERDEFINED04: | |
1717 | case OPS_PTAG_SS_USERDEFINED05: | 1741 | case OPS_PTAG_SS_USERDEFINED05: | |
1718 | case OPS_PTAG_SS_USERDEFINED06: | 1742 | case OPS_PTAG_SS_USERDEFINED06: | |
1719 | case OPS_PTAG_SS_USERDEFINED07: | 1743 | case OPS_PTAG_SS_USERDEFINED07: | |
1720 | case OPS_PTAG_SS_USERDEFINED08: | 1744 | case OPS_PTAG_SS_USERDEFINED08: | |
1721 | case OPS_PTAG_SS_USERDEFINED09: | 1745 | case OPS_PTAG_SS_USERDEFINED09: | |
1722 | case OPS_PTAG_SS_USERDEFINED10: | 1746 | case OPS_PTAG_SS_USERDEFINED10: | |
1723 | if (!read_data(&content.u.ss_userdefined.data, &subregion, pinfo)) | 1747 | if (!read_data(&pkt.u.ss_userdefined.data, &subregion, pinfo)) | |
1724 | return 0; | 1748 | return 0; | |
1725 | break; | 1749 | break; | |
1726 | 1750 | |||
1727 | case OPS_PTAG_SS_RESERVED: | 1751 | case OPS_PTAG_SS_RESERVED: | |
1728 | if (!read_data(&content.u.ss_unknown.data, &subregion, pinfo)) | 1752 | if (!read_data(&pkt.u.ss_unknown.data, &subregion, pinfo)) | |
1729 | return 0; | 1753 | return 0; | |
1730 | break; | 1754 | break; | |
1731 | 1755 | |||
1732 | case OPS_PTAG_SS_REVOCATION_REASON: | 1756 | case OPS_PTAG_SS_REVOCATION_REASON: | |
1733 | /* first byte is the machine-readable code */ | 1757 | /* first byte is the machine-readable code */ | |
1734 | if (!limited_read(&content.u.ss_revocation_reason.code, 1, &subregion, pinfo)) | 1758 | if (!limited_read(&pkt.u.ss_revocation_reason.code, 1, &subregion, pinfo)) | |
1735 | return 0; | 1759 | return 0; | |
1736 | 1760 | |||
1737 | /* the rest is a human-readable UTF-8 string */ | 1761 | /* the rest is a human-readable UTF-8 string */ | |
1738 | if (!read_string(&content.u.ss_revocation_reason.text, &subregion, pinfo)) | 1762 | if (!read_string(&pkt.u.ss_revocation_reason.text, &subregion, pinfo)) | |
1739 | return 0; | 1763 | return 0; | |
1740 | break; | 1764 | break; | |
1741 | 1765 | |||
1742 | case OPS_PTAG_SS_REVOCATION_KEY: | 1766 | case OPS_PTAG_SS_REVOCATION_KEY: | |
1743 | /* octet 0 = class. Bit 0x80 must be set */ | 1767 | /* octet 0 = class. Bit 0x80 must be set */ | |
1744 | if (!limited_read(&content.u.ss_revocation_key.class, 1, &subregion, pinfo)) | 1768 | if (!limited_read(&pkt.u.ss_revocation_key.class, 1, &subregion, pinfo)) | |
1745 | return 0; | 1769 | return 0; | |
1746 | if (!(content.u.ss_revocation_key.class & 0x80)) { | 1770 | if (!(pkt.u.ss_revocation_key.class & 0x80)) { | |
1747 | printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: " | 1771 | printf("Warning: OPS_PTAG_SS_REVOCATION_KEY class: " | |
1748 | "Bit 0x80 should be set\n"); | 1772 | "Bit 0x80 should be set\n"); | |
1749 | return 0; | 1773 | return 0; | |
1750 | } | 1774 | } | |
1751 | /* octet 1 = algid */ | 1775 | /* octet 1 = algid */ | |
1752 | if (!limited_read(&content.u.ss_revocation_key.algid, 1, &subregion, pinfo)) | 1776 | if (!limited_read(&pkt.u.ss_revocation_key.algid, 1, &subregion, pinfo)) | |
1753 | return 0; | 1777 | return 0; | |
1754 | 1778 | |||
1755 | /* octets 2-21 = fingerprint */ | 1779 | /* octets 2-21 = fingerprint */ | |
1756 | if (!limited_read(&content.u.ss_revocation_key.fingerprint[0], 20, &subregion, | 1780 | if (!limited_read(&pkt.u.ss_revocation_key.fingerprint[0], 20, &subregion, | |
1757 | pinfo)) | 1781 | pinfo)) | |
1758 | return 0; | 1782 | return 0; | |
1759 | break; | 1783 | break; | |
1760 | 1784 | |||
1761 | default: | 1785 | default: | |
1762 | if (pinfo->ss_parsed[t8] & t7) | 1786 | if (pinfo->ss_parsed[t8] & t7) | |
1763 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_UNKNOWN_SS, | 1787 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_UNKNOWN_SS, | |
1764 | "Unknown signature subpacket type (%d)", c[0] & 0x7f); | 1788 | "Unknown signature subpacket type (%d)", c[0] & 0x7f); | |
1765 | doread = false; | 1789 | doread = false; | |
1766 | break; | 1790 | break; | |
1767 | } | 1791 | } | |
1768 | 1792 | |||
1769 | /* Application doesn't want it delivered parsed */ | 1793 | /* Application doesn't want it delivered parsed */ | |
1770 | if (!(pinfo->ss_parsed[t8] & t7)) { | 1794 | if (!(pinfo->ss_parsed[t8] & t7)) { | |
1771 | if (content.critical) | 1795 | if (pkt.critical) | |
1772 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_CRITICAL_SS_IGNORED, | 1796 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_CRITICAL_SS_IGNORED, | |
1773 | "Critical signature subpacket ignored (%d)", | 1797 | "Critical signature subpacket ignored (%d)", | |
1774 | c[0] & 0x7f); | 1798 | c[0] & 0x7f); | |
1775 | if (!doread && !limited_skip(subregion.length - 1, &subregion, pinfo)) | 1799 | if (!doread && !limited_skip(subregion.length - 1, &subregion, pinfo)) | |
1776 | return 0; | 1800 | return 0; | |
1777 | /* | 1801 | /* | |
1778 | * printf("skipped %d length | 1802 | * printf("skipped %d length | |
1779 | * %d\n",c[0]&0x7f,subregion.length); | 1803 | * %d\n",c[0]&0x7f,subregion.length); | |
1780 | */ | 1804 | */ | |
1781 | if (doread) | 1805 | if (doread) | |
1782 | __ops_parser_content_free(&content); | 1806 | __ops_parser_content_free(&pkt); | |
1783 | return 1; | 1807 | return 1; | |
1784 | } | 1808 | } | |
1785 | if (doread && subregion.length_read != subregion.length) { | 1809 | if (doread && subregion.length_read != subregion.length) { | |
1786 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | 1810 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | |
1787 | "Unconsumed data (%d)", | 1811 | "Unconsumed data (%d)", | |
1788 | subregion.length - subregion.length_read); | 1812 | subregion.length - subregion.length_read); | |
1789 | return 0; | 1813 | return 0; | |
1790 | } | 1814 | } | |
1791 | CALLBACK(&pinfo->cbinfo, content.tag, &content); | 1815 | CALLBACK(&pinfo->cbinfo, pkt.tag, &pkt); | |
1792 | 1816 | |||
1793 | return 1; | 1817 | return 1; | |
1794 | } | 1818 | } | |
1795 | 1819 | |||
1796 | /** | 1820 | /** | |
1797 | * \ingroup Core_ReadPackets | 1821 | * \ingroup Core_ReadPackets | |
1798 | * \brief Parse several signature subpackets. | 1822 | * \brief Parse several signature subpackets. | |
1799 | * | 1823 | * | |
1800 | * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. | 1824 | * Hashed and unhashed subpacket sets are preceded by an octet count that specifies the length of the complete set. | |
1801 | * This function parses this length and then calls parse_one_signature_subpacket() for each subpacket until the | 1825 | * This function parses this length and then calls parse_one_signature_subpacket() for each subpacket until the | |
1802 | * entire set is consumed. | 1826 | * entire set is consumed. | |
1803 | * | 1827 | * | |
1804 | * This function does not call the callback directly, parse_one_signature_subpacket() does for each subpacket. | 1828 | * This function does not call the callback directly, parse_one_signature_subpacket() does for each subpacket. | |
1805 | * | 1829 | * | |
1806 | * \param *ptag Pointer to the Packet Tag. | 1830 | * \param *ptag Pointer to the Packet Tag. | |
1807 | * \param *reader Our reader | 1831 | * \param *reader Our reader | |
1808 | * \param *cb The callback | 1832 | * \param *cb The callback | |
1809 | * \return 1 on success, 0 on error | 1833 | * \return 1 on success, 0 on error | |
1810 | * | 1834 | * | |
1811 | * \see RFC4880 5.2.3 | 1835 | * \see RFC4880 5.2.3 | |
1812 | */ | 1836 | */ | |
1813 | static int | 1837 | static int | |
1814 | parse_signature_subpackets(__ops_signature_t * sig, | 1838 | parse_signature_subpackets(__ops_signature_t * sig, | |
1815 | __ops_region_t * region, | 1839 | __ops_region_t * region, | |
1816 | __ops_parse_info_t * pinfo) | 1840 | __ops_parse_info_t * pinfo) | |
1817 | { | 1841 | { | |
1818 | __ops_region_t subregion; | 1842 | __ops_packet_t pkt; | |
1819 | __ops_parser_content_t content; | 1843 | __ops_region_t subregion; | |
1820 | 1844 | |||
1821 | __ops_init_subregion(&subregion, region); | 1845 | __ops_init_subregion(&subregion, region); | |
1822 | if (!limited_read_scalar(&subregion.length, 2, region, pinfo)) | 1846 | if (!limited_read_scalar(&subregion.length, 2, region, pinfo)) { | |
1823 | return 0; | 1847 | return 0; | |
1848 | } | |||
1824 | 1849 | |||
1825 | if (subregion.length > region->length) | 1850 | if (subregion.length > region->length) { | |
1826 | ERRP(&pinfo->cbinfo, content, "Subpacket set too long"); | 1851 | ERRP(&pinfo->cbinfo, pkt, "Subpacket set too long"); | |
1852 | } | |||
1827 | 1853 | |||
1828 | while (subregion.length_read < subregion.length) | 1854 | while (subregion.length_read < subregion.length) { | |
1829 | if (!parse_one_signature_subpacket(sig, &subregion, pinfo)) | 1855 | if (!parse_one_signature_subpacket(sig, &subregion, pinfo)) { | |
1830 | return 0; | 1856 | return 0; | |
1857 | } | |||
1858 | } | |||
1831 | 1859 | |||
1832 | if (subregion.length_read != subregion.length) { | 1860 | if (subregion.length_read != subregion.length) { | |
1833 | if (!limited_skip(subregion.length - subregion.length_read, &subregion, | 1861 | if (!limited_skip(subregion.length - subregion.length_read, | |
1834 | pinfo)) | 1862 | &subregion, pinfo)) { | |
1835 | ERRP(&pinfo->cbinfo, content, "Read failed while recovering from subpacket length mismatch"); | 1863 | ERRP(&pinfo->cbinfo, pkt, | |
1836 | ERRP(&pinfo->cbinfo, content, "Subpacket length mismatch"); | 1864 | "Read failed while recovering from subpacket length mismatch"); | |
1865 | } | |||
1866 | ERRP(&pinfo->cbinfo, pkt, "Subpacket length mismatch"); | |||
1837 | } | 1867 | } | |
1838 | return 1; | 1868 | return 1; | |
1839 | } | 1869 | } | |
1840 | 1870 | |||
1841 | /** | 1871 | /** | |
1842 | * \ingroup Core_ReadPackets | 1872 | * \ingroup Core_ReadPackets | |
1843 | * \brief Parse a version 4 signature. | 1873 | * \brief Parse a version 4 signature. | |
1844 | * | 1874 | * | |
1845 | * This function parses a version 4 signature including all its hashed and unhashed subpackets. | 1875 | * This function parses a version 4 signature including all its hashed and unhashed subpackets. | |
1846 | * | 1876 | * | |
1847 | * Once the signature packet has been parsed successfully, it is passed to the callback. | 1877 | * Once the signature packet has been parsed successfully, it is passed to the callback. | |
1848 | * | 1878 | * | |
1849 | * \param *ptag Pointer to the Packet Tag. | 1879 | * \param *ptag Pointer to the Packet Tag. | |
1850 | * \param *reader Our reader | 1880 | * \param *reader Our reader | |
1851 | * \param *cb The callback | 1881 | * \param *cb The callback | |
1852 | * \return 1 on success, 0 on error | 1882 | * \return 1 on success, 0 on error | |
1853 | * | 1883 | * | |
1854 | * \see RFC4880 5.2.3 | 1884 | * \see RFC4880 5.2.3 | |
1855 | */ | 1885 | */ | |
1856 | static int | 1886 | static int | |
1857 | parse_v4_signature(__ops_region_t * region, __ops_parse_info_t * pinfo) | 1887 | parse_v4_signature(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
1858 | { | 1888 | { | |
1859 | unsigned char c[1] = ""; | 1889 | unsigned char c[1] = ""; | |
1860 | __ops_parser_content_t content; | 1890 | __ops_packet_t pkt; | |
1861 | 1891 | |||
1862 | /* debug=1; */ | 1892 | /* debug=1; */ | |
1863 | if (__ops_get_debug_level(__FILE__)) { | 1893 | if (__ops_get_debug_level(__FILE__)) { | |
1864 | fprintf(stderr, "\nparse_v4_signature\n"); | 1894 | fprintf(stderr, "\nparse_v4_signature\n"); | |
1865 | } | 1895 | } | |
1866 | /* clear signature */ | 1896 | /* clear signature */ | |
1867 | (void) memset(&content.u.signature, 0x0, sizeof(content.u.signature)); | 1897 | (void) memset(&pkt.u.signature, 0x0, sizeof(pkt.u.signature)); | |
1868 | 1898 | |||
1869 | /* | 1899 | /* | |
1870 | * We need to hash the packet data from version through the hashed | 1900 | * We need to hash the packet data from version through the hashed | |
1871 | * subpacket data | 1901 | * subpacket data | |
1872 | */ | 1902 | */ | |
1873 | 1903 | |||
1874 | content.u.signature.v4_hashed_data_start = pinfo->rinfo.alength - 1; | 1904 | pkt.u.signature.v4_hashed_data_start = pinfo->rinfo.alength - 1; | |
1875 | 1905 | |||
1876 | /* Set version,type,algorithms */ | 1906 | /* Set version,type,algorithms */ | |
1877 | 1907 | |||
1878 | content.u.signature.info.version = OPS_V4; | 1908 | pkt.u.signature.info.version = OPS_V4; | |
1879 | 1909 | |||
1880 | if (!limited_read(c, 1, region, pinfo)) | 1910 | if (!limited_read(c, 1, region, pinfo)) | |
1881 | return 0; | 1911 | return 0; | |
1882 | content.u.signature.info.type = c[0]; | 1912 | pkt.u.signature.info.type = c[0]; | |
1883 | if (__ops_get_debug_level(__FILE__)) { | 1913 | if (__ops_get_debug_level(__FILE__)) { | |
1884 | fprintf(stderr, "signature type=%d (%s)\n", | 1914 | fprintf(stderr, "signature type=%d (%s)\n", | |
1885 | content.u.signature.info.type, | 1915 | pkt.u.signature.info.type, | |
1886 | __ops_show_sig_type(content.u.signature.info.type)); | 1916 | __ops_show_sig_type(pkt.u.signature.info.type)); | |
1887 | } | 1917 | } | |
1888 | /* XXX: check signature type */ | 1918 | /* XXX: check signature type */ | |
1889 | 1919 | |||
1890 | if (!limited_read(c, 1, region, pinfo)) | 1920 | if (!limited_read(c, 1, region, pinfo)) | |
1891 | return 0; | 1921 | return 0; | |
1892 | content.u.signature.info.key_algorithm = c[0]; | 1922 | pkt.u.signature.info.key_algorithm = c[0]; | |
1893 | /* XXX: check algorithm */ | 1923 | /* XXX: check algorithm */ | |
1894 | if (__ops_get_debug_level(__FILE__)) { | 1924 | if (__ops_get_debug_level(__FILE__)) { | |
1895 | fprintf(stderr, "key_algorithm=%d (%s)\n", | 1925 | fprintf(stderr, "key_algorithm=%d (%s)\n", | |
1896 | content.u.signature.info.key_algorithm, | 1926 | pkt.u.signature.info.key_algorithm, | |
1897 | __ops_show_pka(content.u.signature.info.key_algorithm)); | 1927 | __ops_show_pka(pkt.u.signature.info.key_algorithm)); | |
1898 | } | 1928 | } | |
1899 | if (!limited_read(c, 1, region, pinfo)) | 1929 | if (!limited_read(c, 1, region, pinfo)) | |
1900 | return 0; | 1930 | return 0; | |
1901 | content.u.signature.info.hash_algorithm = c[0]; | 1931 | pkt.u.signature.info.hash_algorithm = c[0]; | |
1902 | /* XXX: check algorithm */ | 1932 | /* XXX: check algorithm */ | |
1903 | if (__ops_get_debug_level(__FILE__)) { | 1933 | if (__ops_get_debug_level(__FILE__)) { | |
1904 | fprintf(stderr, "hash_algorithm=%d %s\n", | 1934 | fprintf(stderr, "hash_algorithm=%d %s\n", | |
1905 | content.u.signature.info.hash_algorithm, | 1935 | pkt.u.signature.info.hash_algorithm, | |
1906 | __ops_show_hash_algorithm(content.u.signature.info.hash_algorithm)); | 1936 | __ops_show_hash_algorithm(pkt.u.signature.info.hash_algorithm)); | |
1907 | } | 1937 | } | |
1908 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_HEADER, &content); | 1938 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_HEADER, &pkt); | |
1909 | 1939 | |||
1910 | 1940 | |||
1911 | if (!parse_signature_subpackets(&content.u.signature, region, pinfo)) | 1941 | if (!parse_signature_subpackets(&pkt.u.signature, region, pinfo)) | |
1912 | return 0; | 1942 | return 0; | |
1913 | 1943 | |||
1914 | content.u.signature.info.v4_hashed_data_length = pinfo->rinfo.alength | 1944 | pkt.u.signature.info.v4_hashed_data_length = pinfo->rinfo.alength | |
1915 | - content.u.signature.v4_hashed_data_start; | 1945 | - pkt.u.signature.v4_hashed_data_start; | |
1916 | 1946 | |||
1917 | /* copy hashed subpackets */ | 1947 | /* copy hashed subpackets */ | |
1918 | if (content.u.signature.info.v4_hashed_data) | 1948 | if (pkt.u.signature.info.v4_hashed_data) | |
1919 | free(content.u.signature.info.v4_hashed_data); | 1949 | free(pkt.u.signature.info.v4_hashed_data); | |
1920 | content.u.signature.info.v4_hashed_data = calloc(1, content.u.signature.info.v4_hashed_data_length); | 1950 | pkt.u.signature.info.v4_hashed_data = calloc(1, pkt.u.signature.info.v4_hashed_data_length); | |
1921 | 1951 | |||
1922 | if (!pinfo->rinfo.accumulate) { | 1952 | if (!pinfo->rinfo.accumulate) { | |
1923 | /* We must accumulate, else we can't check the signature */ | 1953 | /* We must accumulate, else we can't check the signature */ | |
1924 | fprintf(stderr, "*** ERROR: must set accumulate to true\n"); | 1954 | fprintf(stderr, "*** ERROR: must set accumulate to true\n"); | |
1925 | assert( /* CONSTCOND */ 0); | 1955 | assert( /* CONSTCOND */ 0); | |
1926 | } | 1956 | } | |
1927 | (void) memcpy(content.u.signature.info.v4_hashed_data, | 1957 | (void) memcpy(pkt.u.signature.info.v4_hashed_data, | |
1928 | pinfo->rinfo.accumulated + content.u.signature.v4_hashed_data_start, | 1958 | pinfo->rinfo.accumulated + pkt.u.signature.v4_hashed_data_start, | |
1929 | content.u.signature.info.v4_hashed_data_length); | 1959 | pkt.u.signature.info.v4_hashed_data_length); | |
1930 | 1960 | |||
1931 | if (!parse_signature_subpackets(&content.u.signature, region, pinfo)) | 1961 | if (!parse_signature_subpackets(&pkt.u.signature, region, pinfo)) | |
1932 | return 0; | 1962 | return 0; | |
1933 | 1963 | |||
1934 | if (!limited_read(content.u.signature.hash2, 2, region, pinfo)) | 1964 | if (!limited_read(pkt.u.signature.hash2, 2, region, pinfo)) | |
1935 | return 0; | 1965 | return 0; | |
1936 | 1966 | |||
1937 | switch (content.u.signature.info.key_algorithm) { | 1967 | switch (pkt.u.signature.info.key_algorithm) { | |
1938 | case OPS_PKA_RSA: | 1968 | case OPS_PKA_RSA: | |
1939 | if (!limited_read_mpi(&content.u.signature.info.signature.rsa.sig, region, pinfo)) | 1969 | if (!limited_read_mpi(&pkt.u.signature.info.signature.rsa.sig, region, pinfo)) | |
1940 | return 0; | 1970 | return 0; | |
1941 | break; | 1971 | break; | |
1942 | 1972 | |||
1943 | case OPS_PKA_DSA: | 1973 | case OPS_PKA_DSA: | |
1944 | if (!limited_read_mpi(&content.u.signature.info.signature.dsa.r, region, pinfo)) { | 1974 | if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.r, region, pinfo)) { | |
1945 | /* | 1975 | /* | |
1946 | * usually if this fails, it just means we've reached | 1976 | * usually if this fails, it just means we've reached | |
1947 | * the end of the keyring | 1977 | * the end of the keyring | |
1948 | */ | 1978 | */ | |
1949 | if (__ops_get_debug_level(__FILE__)) { | 1979 | if (__ops_get_debug_level(__FILE__)) { | |
1950 | (void) fprintf(stderr, "Error reading DSA r field in signature"); | 1980 | (void) fprintf(stderr, "Error reading DSA r field in signature"); | |
1951 | } | 1981 | } | |
1952 | return 0; | 1982 | return 0; | |
1953 | } | 1983 | } | |
1954 | if (!limited_read_mpi(&content.u.signature.info.signature.dsa.s, region, pinfo)) | 1984 | if (!limited_read_mpi(&pkt.u.signature.info.signature.dsa.s, region, pinfo)) | |
1955 | ERRP(&pinfo->cbinfo, content, "Error reading DSA s field in signature"); | 1985 | ERRP(&pinfo->cbinfo, pkt, "Error reading DSA s field in signature"); | |
1956 | break; | 1986 | break; | |
1957 | 1987 | |||
1958 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 1988 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
1959 | if (!limited_read_mpi(&content.u.signature.info.signature.elgamal.r, region, pinfo) | 1989 | if (!limited_read_mpi(&pkt.u.signature.info.signature.elgamal.r, region, pinfo) | |
1960 | || !limited_read_mpi(&content.u.signature.info.signature.elgamal.s, region, pinfo)) | 1990 | || !limited_read_mpi(&pkt.u.signature.info.signature.elgamal.s, region, pinfo)) | |
1961 | return 0; | 1991 | return 0; | |
1962 | break; | 1992 | break; | |
1963 | 1993 | |||
1964 | case OPS_PKA_PRIVATE00: | 1994 | case OPS_PKA_PRIVATE00: | |
1965 | case OPS_PKA_PRIVATE01: | 1995 | case OPS_PKA_PRIVATE01: | |
1966 | case OPS_PKA_PRIVATE02: | 1996 | case OPS_PKA_PRIVATE02: | |
1967 | case OPS_PKA_PRIVATE03: | 1997 | case OPS_PKA_PRIVATE03: | |
1968 | case OPS_PKA_PRIVATE04: | 1998 | case OPS_PKA_PRIVATE04: | |
1969 | case OPS_PKA_PRIVATE05: | 1999 | case OPS_PKA_PRIVATE05: | |
1970 | case OPS_PKA_PRIVATE06: | 2000 | case OPS_PKA_PRIVATE06: | |
1971 | case OPS_PKA_PRIVATE07: | 2001 | case OPS_PKA_PRIVATE07: | |
1972 | case OPS_PKA_PRIVATE08: | 2002 | case OPS_PKA_PRIVATE08: | |
1973 | case OPS_PKA_PRIVATE09: | 2003 | case OPS_PKA_PRIVATE09: | |
1974 | case OPS_PKA_PRIVATE10: | 2004 | case OPS_PKA_PRIVATE10: | |
1975 | if (!read_data(&content.u.signature.info.signature.unknown.data, region, pinfo)) | 2005 | if (!read_data(&pkt.u.signature.info.signature.unknown.data, region, pinfo)) | |
1976 | return 0; | 2006 | return 0; | |
1977 | break; | 2007 | break; | |
1978 | 2008 | |||
1979 | default: | 2009 | default: | |
1980 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, | 2010 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SIGNATURE_ALG, | |
1981 | "Bad v4 signature key algorithm (%s)", | 2011 | "Bad v4 signature key algorithm (%s)", | |
1982 | __ops_show_pka(content.u.signature.info.key_algorithm)); | 2012 | __ops_show_pka(pkt.u.signature.info.key_algorithm)); | |
1983 | return 0; | 2013 | return 0; | |
1984 | } | 2014 | } | |
1985 | 2015 | |||
1986 | if (region->length_read != region->length) { | 2016 | if (region->length_read != region->length) { | |
1987 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | 2017 | OPS_ERROR_1(&pinfo->errors, OPS_E_R_UNCONSUMED_DATA, | |
1988 | "Unconsumed data (%d)", | 2018 | "Unconsumed data (%d)", | |
1989 | region->length - region->length_read); | 2019 | region->length - region->length_read); | |
1990 | return 0; | 2020 | return 0; | |
1991 | } | 2021 | } | |
1992 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_FOOTER, &content); | 2022 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SIGNATURE_FOOTER, &pkt); | |
1993 | 2023 | |||
1994 | return 1; | 2024 | return 1; | |
1995 | } | 2025 | } | |
1996 | 2026 | |||
1997 | /** | 2027 | /** | |
1998 | * \ingroup Core_ReadPackets | 2028 | * \ingroup Core_ReadPackets | |
1999 | * \brief Parse a signature subpacket. | 2029 | * \brief Parse a signature subpacket. | |
2000 | * | 2030 | * | |
2001 | * This function calls the appropriate function to handle v3 or v4 signatures. | 2031 | * This function calls the appropriate function to handle v3 or v4 signatures. | |
2002 | * | 2032 | * | |
2003 | * Once the signature packet has been parsed successfully, it is passed to the callback. | 2033 | * Once the signature packet has been parsed successfully, it is passed to the callback. | |
2004 | * | 2034 | * | |
2005 | * \param *ptag Pointer to the Packet Tag. | 2035 | * \param *ptag Pointer to the Packet Tag. | |
2006 | * \param *reader Our reader | 2036 | * \param *reader Our reader | |
2007 | * \param *cb The callback | 2037 | * \param *cb The callback | |
2008 | * \return 1 on success, 0 on error | 2038 | * \return 1 on success, 0 on error | |
2009 | */ | 2039 | */ | |
2010 | static int | 2040 | static int | |
2011 | parse_signature(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2041 | parse_signature(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2012 | { | 2042 | { | |
2013 | unsigned char c[1] = ""; | 2043 | unsigned char c[1] = ""; | |
2014 | __ops_parser_content_t content; | 2044 | __ops_packet_t pkt; | |
2015 | 2045 | |||
2016 | assert(region->length_read == 0); /* We should not have read | 2046 | assert(region->length_read == 0); /* We should not have read | |
2017 | * anything so far */ | 2047 | * anything so far */ | |
2018 | 2048 | |||
2019 | (void) memset(&content, 0x0, sizeof(content)); | 2049 | (void) memset(&pkt, 0x0, sizeof(pkt)); | |
2020 | 2050 | |||
2021 | if (!limited_read(c, 1, region, pinfo)) | 2051 | if (!limited_read(c, 1, region, pinfo)) | |
2022 | return 0; | 2052 | return 0; | |
2023 | 2053 | |||
2024 | if (c[0] == 2 || c[0] == 3) | 2054 | if (c[0] == 2 || c[0] == 3) | |
2025 | return parse_v3_signature(region, pinfo); | 2055 | return parse_v3_signature(region, pinfo); | |
2026 | else if (c[0] == 4) | 2056 | else if (c[0] == 4) | |
2027 | return parse_v4_signature(region, pinfo); | 2057 | return parse_v4_signature(region, pinfo); | |
2028 | 2058 | |||
2029 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_SIGNATURE_VRSN, | 2059 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_SIGNATURE_VRSN, | |
2030 | "Bad signature version (%d)", c[0]); | 2060 | "Bad signature version (%d)", c[0]); | |
2031 | return 0; | 2061 | return 0; | |
2032 | } | 2062 | } | |
2033 | 2063 | |||
2034 | /** | 2064 | /** | |
2035 | \ingroup Core_ReadPackets | 2065 | \ingroup Core_ReadPackets | |
2036 | \brief Parse Compressed packet | 2066 | \brief Parse Compressed packet | |
2037 | */ | 2067 | */ | |
2038 | static int | 2068 | static int | |
2039 | parse_compressed(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2069 | parse_compressed(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2040 | { | 2070 | { | |
2041 | unsigned char c[1] = ""; | 2071 | __ops_packet_t pkt; | |
2042 | __ops_parser_content_t content; | 2072 | unsigned char c[1] = ""; | |
2043 | 2073 | |||
2044 | if (!limited_read(c, 1, region, pinfo)) | 2074 | if (!limited_read(c, 1, region, pinfo)) { | |
2045 | return 0; | 2075 | return 0; | |
2076 | } | |||
2046 | 2077 | |||
2047 | content.u.compressed.type = c[0]; | 2078 | pkt.u.compressed.type = c[0]; | |
2048 | 2079 | |||
2049 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_COMPRESSED, &content); | 2080 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_COMPRESSED, &pkt); | |
2050 | 2081 | |||
2051 | /* | 2082 | /* | |
2052 | * The content of a compressed data packet is more OpenPGP packets | 2083 | * The content of a compressed data packet is more OpenPGP packets | |
2053 | * once decompressed, so recursively handle them | 2084 | * once decompressed, so recursively handle them | |
2054 | */ | 2085 | */ | |
2055 | 2086 | |||
2056 | return __ops_decompress(region, pinfo, content.u.compressed.type); | 2087 | return __ops_decompress(region, pinfo, pkt.u.compressed.type); | |
2057 | } | 2088 | } | |
2058 | 2089 | |||
2059 | /* XXX: this could be improved by sharing all hashes that are the */ | 2090 | /* XXX: this could be improved by sharing all hashes that are the */ | |
2060 | /* same, then duping them just before checking the signature. */ | 2091 | /* same, then duping them just before checking the signature. */ | |
2061 | static void | 2092 | static void | |
2062 | parse_hash_init(__ops_parse_info_t * pinfo, __ops_hash_algorithm_t type, | 2093 | parse_hash_init(__ops_parse_info_t * pinfo, __ops_hash_algorithm_t type, | |
2063 | const unsigned char *keyid) | 2094 | const unsigned char *keyid) | |
2064 | { | 2095 | { | |
2065 | __ops_parse_hash_info_t *hash; | 2096 | __ops_parse_hash_info_t *hash; | |
2066 | 2097 | |||
2067 | pinfo->hashes = realloc(pinfo->hashes, | 2098 | pinfo->hashes = realloc(pinfo->hashes, | |
2068 | (pinfo->nhashes + 1) * sizeof(*pinfo->hashes)); | 2099 | (pinfo->nhashes + 1) * sizeof(*pinfo->hashes)); | |
2069 | hash = &pinfo->hashes[pinfo->nhashes++]; | 2100 | hash = &pinfo->hashes[pinfo->nhashes++]; | |
@@ -2071,895 +2102,961 @@ parse_hash_init(__ops_parse_info_t * pin | @@ -2071,895 +2102,961 @@ parse_hash_init(__ops_parse_info_t * pin | |||
2071 | __ops_hash_any(&hash->hash, type); | 2102 | __ops_hash_any(&hash->hash, type); | |
2072 | hash->hash.init(&hash->hash); | 2103 | hash->hash.init(&hash->hash); | |
2073 | (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); | 2104 | (void) memcpy(hash->keyid, keyid, sizeof(hash->keyid)); | |
2074 | } | 2105 | } | |
2075 | 2106 | |||
2076 | /** | 2107 | /** | |
2077 | \ingroup Core_ReadPackets | 2108 | \ingroup Core_ReadPackets | |
2078 | \brief Parse a One Pass Signature packet | 2109 | \brief Parse a One Pass Signature packet | |
2079 | */ | 2110 | */ | |
2080 | static int | 2111 | static int | |
2081 | parse_one_pass(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2112 | parse_one_pass(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2082 | { | 2113 | { | |
2083 | unsigned char c[1] = ""; | 2114 | unsigned char c[1] = ""; | |
2084 | __ops_parser_content_t content; | 2115 | __ops_packet_t pkt; | |
2085 | 2116 | |||
2086 | if (!limited_read(&content.u.one_pass_signature.version, 1, region, pinfo)) | 2117 | if (!limited_read(&pkt.u.one_pass_signature.version, 1, region, pinfo)) | |
2087 | return 0; | 2118 | return 0; | |
2088 | if (content.u.one_pass_signature.version != 3) { | 2119 | if (pkt.u.one_pass_signature.version != 3) { | |
2089 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN, | 2120 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_ONE_PASS_SIG_VRSN, | |
2090 | "Bad one-pass signature version (%d)", | 2121 | "Bad one-pass signature version (%d)", | |
2091 | content.u.one_pass_signature.version); | 2122 | pkt.u.one_pass_signature.version); | |
2092 | return 0; | 2123 | return 0; | |
2093 | } | 2124 | } | |
2094 | if (!limited_read(c, 1, region, pinfo)) | 2125 | if (!limited_read(c, 1, region, pinfo)) | |
2095 | return 0; | 2126 | return 0; | |
2096 | content.u.one_pass_signature.sig_type = c[0]; | 2127 | pkt.u.one_pass_signature.sig_type = c[0]; | |
2097 | 2128 | |||
2098 | if (!limited_read(c, 1, region, pinfo)) | 2129 | if (!limited_read(c, 1, region, pinfo)) | |
2099 | return 0; | 2130 | return 0; | |
2100 | content.u.one_pass_signature.hash_algorithm = c[0]; | 2131 | pkt.u.one_pass_signature.hash_algorithm = c[0]; | |
2101 | 2132 | |||
2102 | if (!limited_read(c, 1, region, pinfo)) | 2133 | if (!limited_read(c, 1, region, pinfo)) | |
2103 | return 0; | 2134 | return 0; | |
2104 | content.u.one_pass_signature.key_algorithm = c[0]; | 2135 | pkt.u.one_pass_signature.key_algorithm = c[0]; | |
2105 | 2136 | |||
2106 | if (!limited_read(content.u.one_pass_signature.keyid, | 2137 | if (!limited_read(pkt.u.one_pass_signature.keyid, | |
2107 | sizeof(content.u.one_pass_signature.keyid), region, pinfo)) | 2138 | sizeof(pkt.u.one_pass_signature.keyid), region, pinfo)) | |
2108 | return 0; | 2139 | return 0; | |
2109 | 2140 | |||
2110 | if (!limited_read(c, 1, region, pinfo)) | 2141 | if (!limited_read(c, 1, region, pinfo)) | |
2111 | return 0; | 2142 | return 0; | |
2112 | content.u.one_pass_signature.nested = !!c[0]; | 2143 | pkt.u.one_pass_signature.nested = !!c[0]; | |
2113 | 2144 | |||
2114 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ONE_PASS_SIGNATURE, &content); | 2145 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ONE_PASS_SIGNATURE, &pkt); | |
2115 | 2146 | |||
2116 | /* XXX: we should, perhaps, let the app choose whether to hash or not */ | 2147 | /* XXX: we should, perhaps, let the app choose whether to hash or not */ | |
2117 | parse_hash_init(pinfo, content.u.one_pass_signature.hash_algorithm, | 2148 | parse_hash_init(pinfo, pkt.u.one_pass_signature.hash_algorithm, | |
2118 | content.u.one_pass_signature.keyid); | 2149 | pkt.u.one_pass_signature.keyid); | |
2119 | 2150 | |||
2120 | return 1; | 2151 | return 1; | |
2121 | } | 2152 | } | |
2122 | 2153 | |||
2123 | /** | 2154 | /** | |
2124 | \ingroup Core_ReadPackets | 2155 | \ingroup Core_ReadPackets | |
2125 | \brief Parse a Trust packet | 2156 | \brief Parse a Trust packet | |
2126 | */ | 2157 | */ | |
2127 | static int | 2158 | static int | |
2128 | parse_trust(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2159 | parse_trust(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2129 | { | 2160 | { | |
2130 | __ops_parser_content_t content; | 2161 | __ops_packet_t pkt; | |
2131 | 2162 | |||
2132 | if (!read_data(&content.u.trust.data, region, pinfo)) | 2163 | if (!read_data(&pkt.u.trust.data, region, pinfo)) | |
2133 | return 0; | 2164 | return 0; | |
2134 | 2165 | |||
2135 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_TRUST, &content); | 2166 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_TRUST, &pkt); | |
2136 | 2167 | |||
2137 | return 1; | 2168 | return 1; | |
2138 | } | 2169 | } | |
2139 | 2170 | |||
2140 | static void | 2171 | static void | |
2141 | parse_hash_data(__ops_parse_info_t * pinfo, const void *data, | 2172 | parse_hash_data(__ops_parse_info_t * pinfo, const void *data, | |
2142 | size_t length) | 2173 | size_t length) | |
2143 | { | 2174 | { | |
2144 | size_t n; | 2175 | size_t n; | |
2145 | 2176 | |||
2146 | for (n = 0; n < pinfo->nhashes; ++n) { | 2177 | for (n = 0; n < pinfo->nhashes; ++n) { | |
2147 | pinfo->hashes[n].hash.add(&pinfo->hashes[n].hash, data, length); | 2178 | pinfo->hashes[n].hash.add(&pinfo->hashes[n].hash, data, length); | |
2148 | } | 2179 | } | |
2149 | } | 2180 | } | |
2150 | 2181 | |||
2151 | /** | 2182 | /** | |
2152 | \ingroup Core_ReadPackets | 2183 | \ingroup Core_ReadPackets | |
2153 | \brief Parse a Literal Data packet | 2184 | \brief Parse a Literal Data packet | |
2154 | */ | 2185 | */ | |
2155 | static int | 2186 | static int | |
2156 | parse_literal_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2187 | parse_literal_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2157 | { | 2188 | { | |
2158 | __ops_parser_content_t content; | 2189 | __ops_packet_t pkt; | |
2159 | __ops_memory_t *mem; | 2190 | __ops_memory_t *mem; | |
2160 | unsigned char c[1] = ""; | 2191 | unsigned char c[1] = ""; | |
2161 | 2192 | |||
2162 | if (!limited_read(c, 1, region, pinfo)) | 2193 | if (!limited_read(c, 1, region, pinfo)) { | |
2163 | return 0; | 2194 | return 0; | |
2164 | content.u.literal_data_header.format = c[0]; | 2195 | } | |
2196 | pkt.u.literal_data_header.format = c[0]; | |||
2165 | 2197 | |||
2166 | if (!limited_read(c, 1, region, pinfo)) | 2198 | if (!limited_read(c, 1, region, pinfo)) { | |
2167 | return 0; | 2199 | return 0; | |
2168 | if (!limited_read((unsigned char *) content.u.literal_data_header.filename, | 2200 | } | |
2169 | (unsigned)c[0], region, pinfo)) | 2201 | if (!limited_read((unsigned char *)pkt.u.literal_data_header.filename, | |
2202 | (unsigned)c[0], region, pinfo)) { | |||
2170 | return 0; | 2203 | return 0; | |
2171 | content.u.literal_data_header.filename[c[0]] = '\0'; | 2204 | } | |
2205 | pkt.u.literal_data_header.filename[c[0]] = '\0'; | |||
2172 | 2206 | |||
2173 | if (!limited_read_time(&content.u.literal_data_header.modification_time, region, pinfo)) | 2207 | if (!limited_read_time(&pkt.u.literal_data_header.modification_time, | |
2208 | region, pinfo)) { | |||
2174 | return 0; | 2209 | return 0; | |
2210 | } | |||
2175 | 2211 | |||
2176 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_HEADER, &content); | 2212 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_HEADER, &pkt); | |
2177 | 2213 | |||
2178 | mem = content.u.literal_data_body.mem = __ops_memory_new(); | 2214 | mem = pkt.u.literal_data_body.mem = __ops_memory_new(); | |
2179 | __ops_memory_init(content.u.literal_data_body.mem, (unsigned)(region->length * 1.01) + 12); | 2215 | __ops_memory_init(pkt.u.literal_data_body.mem, | |
2180 | content.u.literal_data_body.data = mem->buf; | 2216 | (unsigned)(region->length * 1.01) + 12); | |
2217 | pkt.u.literal_data_body.data = mem->buf; | |||
2181 | 2218 | |||
2182 | while (region->length_read < region->length) { | 2219 | while (region->length_read < region->length) { | |
2183 | unsigned readc = region->length - region->length_read; | 2220 | unsigned readc = region->length - region->length_read; | |
2184 | 2221 | |||
2185 | if (!limited_read(mem->buf, readc, region, pinfo)) { | 2222 | if (!limited_read(mem->buf, readc, region, pinfo)) { | |
2186 | return 0; | 2223 | return 0; | |
2187 | } | 2224 | } | |
2188 | content.u.literal_data_body.length = readc; | 2225 | pkt.u.literal_data_body.length = readc; | |
2189 | parse_hash_data(pinfo, content.u.literal_data_body.data, region->length); | 2226 | parse_hash_data(pinfo, pkt.u.literal_data_body.data, | |
2190 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_BODY, &content); | 2227 | region->length); | |
2228 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_LITERAL_DATA_BODY, | |||
2229 | &pkt); | |||
2191 | } | 2230 | } | |
2192 | 2231 | |||
2193 | /* XXX - get rid of mem here? */ | 2232 | /* XXX - get rid of mem here? */ | |
2194 | 2233 | |||
2195 | return 1; | 2234 | return 1; | |
2196 | } | 2235 | } | |
2197 | 2236 | |||
2198 | /** | 2237 | /** | |
2199 | * \ingroup Core_Create | 2238 | * \ingroup Core_Create | |
2200 | * | 2239 | * | |
2201 | * __ops_secret_key_free() frees the memory associated with "key". Note that | 2240 | * __ops_secret_key_free() frees the memory associated with "key". Note that | |
2202 | * the key itself is not freed. | 2241 | * the key itself is not freed. | |
2203 | * | 2242 | * | |
2204 | * \param key | 2243 | * \param key | |
2205 | */ | 2244 | */ | |
2206 | 2245 | |||
2207 | void | 2246 | void | |
2208 | __ops_secret_key_free(__ops_secret_key_t * key) | 2247 | __ops_secret_key_free(__ops_secret_key_t * key) | |
2209 | { | 2248 | { | |
2210 | switch (key->public_key.algorithm) { | 2249 | switch (key->pubkey.algorithm) { | |
2211 | case OPS_PKA_RSA: | 2250 | case OPS_PKA_RSA: | |
2212 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 2251 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
2213 | case OPS_PKA_RSA_SIGN_ONLY: | 2252 | case OPS_PKA_RSA_SIGN_ONLY: | |
2214 | free_BN(&key->key.rsa.d); | 2253 | free_BN(&key->key.rsa.d); | |
2215 | free_BN(&key->key.rsa.p); | 2254 | free_BN(&key->key.rsa.p); | |
2216 | free_BN(&key->key.rsa.q); | 2255 | free_BN(&key->key.rsa.q); | |
2217 | free_BN(&key->key.rsa.u); | 2256 | free_BN(&key->key.rsa.u); | |
2218 | break; | 2257 | break; | |
2219 | 2258 | |||
2220 | case OPS_PKA_DSA: | 2259 | case OPS_PKA_DSA: | |
2221 | free_BN(&key->key.dsa.x); | 2260 | free_BN(&key->key.dsa.x); | |
2222 | break; | 2261 | break; | |
2223 | 2262 | |||
2224 | default: | 2263 | default: | |
2225 | fprintf(stderr, "__ops_secret_key_free: Unknown algorithm: %d (%s)\n", key->public_key.algorithm, __ops_show_pka(key->public_key.algorithm)); | 2264 | (void) fprintf(stderr, | |
2226 | /* assert(0); */ | 2265 | "__ops_secret_key_free: Unknown algorithm: %d (%s)\n", | |
2266 | key->pubkey.algorithm, | |||
2267 | __ops_show_pka(key->pubkey.algorithm)); | |||
2227 | } | 2268 | } | |
2228 | 2269 | |||
2229 | __ops_public_key_free(&key->public_key); | 2270 | __ops_public_key_free(&key->pubkey); | |
2230 | } | 2271 | } | |
2231 | 2272 | |||
2232 | static int | 2273 | static int | |
2233 | consume_packet(__ops_region_t * region, __ops_parse_info_t * pinfo, | 2274 | consume_packet(__ops_region_t * region, __ops_parse_info_t * pinfo, | |
2234 | bool warn) | 2275 | bool warn) | |
2235 | { | 2276 | { | |
2236 | __ops_data_t remainder; | 2277 | __ops_packet_t pkt; | |
2237 | __ops_parser_content_t content; | 2278 | __ops_data_t remainder; | |
2238 | 2279 | |||
2239 | if (region->indeterminate) | 2280 | if (region->indeterminate) { | |
2240 | ERRP(&pinfo->cbinfo, content, "Can't consume indeterminate packets"); | 2281 | ERRP(&pinfo->cbinfo, pkt, "Can't consume indeterminate packets"); | |
2282 | } | |||
2241 | 2283 | |||
2284 | #if 0 | |||
2242 | if (read_data(&remainder, region, pinfo)) { | 2285 | if (read_data(&remainder, region, pinfo)) { | |
2243 | /* now throw it away */ | 2286 | /* now throw it away */ | |
2244 | data_free(&remainder); | 2287 | data_free(&remainder); | |
2245 | if (warn) | 2288 | if (warn) { | |
2246 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED, "Warning: packet consumer"); | 2289 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED, | |
2247 | } else if (warn) | 2290 | "Warning: packet consumer"); | |
2248 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, "Warning: Packet was not consumed"); | 2291 | } | |
2249 | else { | 2292 | } else if (warn) { | |
2250 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, "Packet was not consumed"); | 2293 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, | |
2294 | "Warning: Packet was not consumed"); | |||
2295 | } else { | |||
2296 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, | |||
2297 | "Packet was not consumed"); | |||
2251 | return 0; | 2298 | return 0; | |
2252 | } | 2299 | } | |
2253 | ||||
2254 | return 1; | 2300 | return 1; | |
2301 | #else | |||
2302 | if (read_data(&remainder, region, pinfo)) { | |||
2303 | /* now throw it away */ | |||
2304 | data_free(&remainder); | |||
2305 | if (warn) { | |||
2306 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_CONSUMED, | |||
2307 | "Warning: packet consumer"); | |||
2308 | } | |||
2309 | return 1; | |||
2310 | } | |||
2311 | OPS_ERROR(&pinfo->errors, OPS_E_P_PACKET_NOT_CONSUMED, | |||
2312 | (warn) ? "Warning: Packet was not consumed" : | |||
2313 | "Packet was not consumed"); | |||
2314 | return warn; | |||
2315 | #endif | |||
2255 | } | 2316 | } | |
2256 | 2317 | |||
2257 | /** | 2318 | /** | |
2258 | * \ingroup Core_ReadPackets | 2319 | * \ingroup Core_ReadPackets | |
2259 | * \brief Parse a secret key | 2320 | * \brief Parse a secret key | |
2260 | */ | 2321 | */ | |
2261 | static int | 2322 | static int | |
2262 | parse_secret_key(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2323 | parse_secret_key(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2263 | { | 2324 | { | |
2264 | __ops_parser_content_t content; | 2325 | __ops_packet_t pkt; | |
2265 | __ops_region_t encregion; | 2326 | __ops_region_t encregion; | |
2266 | __ops_region_t *saved_region = NULL; | 2327 | __ops_region_t *saved_region = NULL; | |
2267 | unsigned char c[1] = ""; | 2328 | unsigned char c[1] = ""; | |
2268 | __ops_crypt_t decrypt; | 2329 | __ops_crypt_t decrypt; | |
2269 | __ops_hash_t checkhash; | 2330 | __ops_hash_t checkhash; | |
2270 | unsigned blocksize; | 2331 | unsigned blocksize; | |
2271 | #if 0 | 2332 | #if 0 | |
2272 | size_t checksum_length = 2; | 2333 | size_t checksum_length = 2; | |
2273 | #endif | 2334 | #endif | |
2274 | bool crypted; | 2335 | bool crypted; | |
2275 | int ret = 1; | 2336 | int ret = 1; | |
2276 | 2337 | |||
2277 | if (__ops_get_debug_level(__FILE__)) { | 2338 | if (__ops_get_debug_level(__FILE__)) { | |
2278 | fprintf(stderr, "\n---------\nparse_secret_key:\n"); | 2339 | fprintf(stderr, "\n---------\nparse_secret_key:\n"); | |
2279 | fprintf(stderr, "region length=%d, length_read=%d, remainder=%d\n", region->length, region->length_read, region->length - region->length_read); | 2340 | fprintf(stderr, "region length=%d, length_read=%d, remainder=%d\n", region->length, region->length_read, region->length - region->length_read); | |
2280 | } | 2341 | } | |
2281 | (void) memset(&content, 0x0, sizeof(content)); | 2342 | (void) memset(&pkt, 0x0, sizeof(pkt)); | |
2282 | if (!parse_public_key_data(&content.u.secret_key.public_key, region, pinfo)) | 2343 | if (!parse_public_key_data(&pkt.u.secret_key.pubkey, region, pinfo)) | |
2283 | return 0; | 2344 | return 0; | |
2284 | 2345 | |||
2285 | if (__ops_get_debug_level(__FILE__)) { | 2346 | if (__ops_get_debug_level(__FILE__)) { | |
2286 | fprintf(stderr, "parse_secret_key: public key parsed\n"); | 2347 | fprintf(stderr, "parse_secret_key: public key parsed\n"); | |
2287 | __ops_print_public_key(&content.u.secret_key.public_key); | 2348 | __ops_print_public_key(&pkt.u.secret_key.pubkey); | |
2288 | } | 2349 | } | |
2289 | pinfo->reading_v3_secret = content.u.secret_key.public_key.version != OPS_V4; | 2350 | pinfo->reading_v3_secret = pkt.u.secret_key.pubkey.version != OPS_V4; | |
2290 | 2351 | |||
2291 | if (!limited_read(c, 1, region, pinfo)) | 2352 | if (!limited_read(c, 1, region, pinfo)) | |
2292 | return 0; | 2353 | return 0; | |
2293 | content.u.secret_key.s2k_usage = c[0]; | 2354 | pkt.u.secret_key.s2k_usage = c[0]; | |
2294 | #if 0 | 2355 | #if 0 | |
2295 | if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) | 2356 | if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) | |
2296 | checksum_length = 20; | 2357 | checksum_length = 20; | |
2297 | #endif | 2358 | #endif | |
2298 | 2359 | |||
2299 | if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED | 2360 | if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED || | |
2300 | || content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | 2361 | pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | |
2301 | if (!limited_read(c, 1, region, pinfo)) | 2362 | if (!limited_read(c, 1, region, pinfo)) { | |
2302 | return 0; | 2363 | return 0; | |
2303 | content.u.secret_key.algorithm = c[0]; | 2364 | } | |
2365 | pkt.u.secret_key.algorithm = c[0]; | |||
2304 | 2366 | |||
2305 | if (!limited_read(c, 1, region, pinfo)) | 2367 | if (!limited_read(c, 1, region, pinfo)) { | |
2306 | return 0; | 2368 | return 0; | |
2307 | content.u.secret_key.s2k_specifier = c[0]; | 2369 | } | |
2370 | pkt.u.secret_key.s2k_specifier = c[0]; | |||
2308 | 2371 | |||
2309 | assert(content.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE | 2372 | assert(pkt.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE || | |
2310 | || content.u.secret_key.s2k_specifier == OPS_S2KS_SALTED | 2373 | pkt.u.secret_key.s2k_specifier == OPS_S2KS_SALTED || | |
2311 | || content.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED); | 2374 | pkt.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED); | |
2312 | 2375 | |||
2313 | if (!limited_read(c, 1, region, pinfo)) | 2376 | if (!limited_read(c, 1, region, pinfo)) { | |
2314 | return 0; | 2377 | return 0; | |
2315 | content.u.secret_key.hash_algorithm = c[0]; | 2378 | } | |
2379 | pkt.u.secret_key.hash_algorithm = c[0]; | |||
2316 | 2380 | |||
2317 | if (content.u.secret_key.s2k_specifier != OPS_S2KS_SIMPLE | 2381 | if (pkt.u.secret_key.s2k_specifier != OPS_S2KS_SIMPLE && | |
2318 | && !limited_read(content.u.secret_key.salt, 8, region, pinfo)) { | 2382 | !limited_read(pkt.u.secret_key.salt, 8, region, | |
2383 | pinfo)) { | |||
2319 | return 0; | 2384 | return 0; | |
2320 | } | 2385 | } | |
2321 | if (content.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED) { | 2386 | if (pkt.u.secret_key.s2k_specifier == | |
2322 | if (!limited_read(c, 1, region, pinfo)) | 2387 | OPS_S2KS_ITERATED_AND_SALTED) { | |
2388 | if (!limited_read(c, 1, region, pinfo)) { | |||
2323 | return 0; | 2389 | return 0; | |
2324 | content.u.secret_key.octet_count = (16 + ((unsigned)c[0] & 15)) << (((unsigned)c[0] >> 4) + 6); | 2390 | } | |
2391 | pkt.u.secret_key.octet_count = | |||
2392 | (16 + ((unsigned)c[0] & 15)) << | |||
2393 | (((unsigned)c[0] >> 4) + 6); | |||
2325 | } | 2394 | } | |
2326 | } else if (content.u.secret_key.s2k_usage != OPS_S2KU_NONE) { | 2395 | } else if (pkt.u.secret_key.s2k_usage != OPS_S2KU_NONE) { | |
2327 | /* this is V3 style, looks just like a V4 simple hash */ | 2396 | /* this is V3 style, looks just like a V4 simple hash */ | |
2328 | #if 0 | 2397 | pkt.u.secret_key.algorithm = c[0]; | |
2329 | content.u.secret_key.algorithm = content.u.secret_key.s2k_usage; | 2398 | pkt.u.secret_key.s2k_usage = OPS_S2KU_ENCRYPTED; | |
2330 | #else | 2399 | pkt.u.secret_key.s2k_specifier = OPS_S2KS_SIMPLE; | |
2331 | /* XXX - if we get problems, this may be the source - agc */ | 2400 | pkt.u.secret_key.hash_algorithm = OPS_HASH_MD5; | |
2332 | content.u.secret_key.algorithm = c[0]; | |||
2333 | #endif | |||
2334 | content.u.secret_key.s2k_usage = OPS_S2KU_ENCRYPTED; | |||
2335 | content.u.secret_key.s2k_specifier = OPS_S2KS_SIMPLE; | |||
2336 | content.u.secret_key.hash_algorithm = OPS_HASH_MD5; | |||
2337 | } | 2401 | } | |
2338 | crypted = content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED | 2402 | crypted = pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED || | |
2339 | || content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED; | 2403 | pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED; | |
2340 | 2404 | |||
2341 | if (crypted) { | 2405 | if (crypted) { | |
2342 | int n; | 2406 | int n; | |
2343 | __ops_parser_content_t seckey; | 2407 | __ops_packet_t seckey; | |
2344 | char *passphrase; | 2408 | char *passphrase; | |
2345 | unsigned char key[OPS_MAX_KEY_SIZE + OPS_MAX_HASH_SIZE]; | 2409 | unsigned char key[OPS_MAX_KEY_SIZE + OPS_MAX_HASH_SIZE]; | |
2346 | __ops_hash_t hashes[(OPS_MAX_KEY_SIZE + OPS_MIN_HASH_SIZE - 1) / OPS_MIN_HASH_SIZE]; | 2410 | __ops_hash_t hashes[(OPS_MAX_KEY_SIZE + OPS_MIN_HASH_SIZE - 1) / OPS_MIN_HASH_SIZE]; | |
2411 | size_t passlen; | |||
2347 | int keysize; | 2412 | int keysize; | |
2348 | int hashsize; | 2413 | int hashsize; | |
2349 | size_t len; | |||
2350 | 2414 | |||
2351 | blocksize = __ops_block_size(content.u.secret_key.algorithm); | 2415 | blocksize = __ops_block_size(pkt.u.secret_key.algorithm); | |
2352 | assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE); | 2416 | assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE); | |
2353 | 2417 | |||
2354 | if (!limited_read(content.u.secret_key.iv, blocksize, region, pinfo)) | 2418 | if (!limited_read(pkt.u.secret_key.iv, blocksize, region, | |
2419 | pinfo)) { | |||
2355 | return 0; | 2420 | return 0; | |
2356 | 2421 | } | ||
2357 | (void) memset(&seckey, 0x0, sizeof(seckey)); | 2422 | (void) memset(&seckey, 0x0, sizeof(seckey)); | |
2358 | passphrase = NULL; | 2423 | passphrase = NULL; | |
2359 | seckey.u.secret_key_passphrase.passphrase = &passphrase; | 2424 | seckey.u.skey_passphrase.passphrase = &passphrase; | |
2360 | seckey.u.secret_key_passphrase.secret_key = &content.u.secret_key; | 2425 | seckey.u.skey_passphrase.secret_key = | |
2361 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey); | 2426 | &pkt.u.secret_key; | |
2427 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, | |||
2428 | &seckey); | |||
2362 | if (!passphrase) { | 2429 | if (!passphrase) { | |
2363 | if (__ops_get_debug_level(__FILE__)) { | 2430 | if (__ops_get_debug_level(__FILE__)) { | |
2364 | /* \todo make into proper error */ | 2431 | /* \todo make into proper error */ | |
2365 | fprintf(stderr, "parse_secret_key: can't get passphrase\n"); | 2432 | (void) fprintf(stderr, | |
2433 | "parse_secret_key: can't get passphrase\n"); | |||
2366 | } | 2434 | } | |
2367 | if (!consume_packet(region, pinfo, false)) | 2435 | if (!consume_packet(region, pinfo, false)) { | |
2368 | return 0; | 2436 | return 0; | |
2437 | } | |||
2369 | 2438 | |||
2370 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, &content); | 2439 | CALLBACK(&pinfo->cbinfo, | |
2440 | OPS_PTAG_CT_ENCRYPTED_SECRET_KEY, &pkt); | |||
2371 | 2441 | |||
2372 | return 1; | 2442 | return 1; | |
2373 | } | 2443 | } | |
2374 | keysize = __ops_key_size(content.u.secret_key.algorithm); | 2444 | keysize = __ops_key_size(pkt.u.secret_key.algorithm); | |
2375 | assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE); | 2445 | assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE); | |
2376 | 2446 | |||
2377 | hashsize = __ops_hash_size(content.u.secret_key.hash_algorithm); | 2447 | hashsize = __ops_hash_size(pkt.u.secret_key.hash_algorithm); | |
2378 | assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE); | 2448 | assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE); | |
2379 | 2449 | |||
2380 | for (n = 0; n * hashsize < keysize; ++n) { | 2450 | for (n = 0; n * hashsize < keysize; ++n) { | |
2381 | int i; | 2451 | int i; | |
2382 | 2452 | |||
2383 | __ops_hash_any(&hashes[n], content.u.secret_key.hash_algorithm); | 2453 | __ops_hash_any(&hashes[n], | |
2454 | pkt.u.secret_key.hash_algorithm); | |||
2384 | hashes[n].init(&hashes[n]); | 2455 | hashes[n].init(&hashes[n]); | |
2385 | /* preload hashes with zeroes... */ | 2456 | /* preload hashes with zeroes... */ | |
2386 | for (i = 0; i < n; ++i) | 2457 | for (i = 0; i < n; ++i) { | |
2387 | hashes[n].add(&hashes[n], (const unsigned char *) "", 1); | 2458 | hashes[n].add(&hashes[n], | |
2459 | (const unsigned char *) "", 1); | |||
2460 | } | |||
2388 | } | 2461 | } | |
2389 | 2462 | |||
2390 | len = strlen(passphrase); | 2463 | passlen = strlen(passphrase); | |
2391 | 2464 | |||
2392 | for (n = 0; n * hashsize < keysize; ++n) { | 2465 | for (n = 0; n * hashsize < keysize; ++n) { | |
2393 | unsigned i; | 2466 | unsigned i; | |
2394 | 2467 | |||
2395 | switch (content.u.secret_key.s2k_specifier) { | 2468 | switch (pkt.u.secret_key.s2k_specifier) { | |
2396 | case OPS_S2KS_SALTED: | 2469 | case OPS_S2KS_SALTED: | |
2397 | hashes[n].add(&hashes[n], content.u.secret_key.salt, OPS_SALT_SIZE); | 2470 | hashes[n].add(&hashes[n], | |
2471 | pkt.u.secret_key.salt, | |||
2472 | OPS_SALT_SIZE); | |||
2398 | /* FALLTHROUGH */ | 2473 | /* FALLTHROUGH */ | |
2399 | case OPS_S2KS_SIMPLE: | 2474 | case OPS_S2KS_SIMPLE: | |
2400 | hashes[n].add(&hashes[n], (unsigned char *) passphrase, len); | 2475 | hashes[n].add(&hashes[n], | |
2476 | (unsigned char *) passphrase, passlen); | |||
2401 | break; | 2477 | break; | |
2402 | 2478 | |||
2403 | case OPS_S2KS_ITERATED_AND_SALTED: | 2479 | case OPS_S2KS_ITERATED_AND_SALTED: | |
2404 | for (i = 0; i < content.u.secret_key.octet_count; i += len + OPS_SALT_SIZE) { | 2480 | for (i = 0; i < pkt.u.secret_key.octet_count; i += passlen + OPS_SALT_SIZE) { | |
2405 | unsigned j = len + OPS_SALT_SIZE; | 2481 | unsigned j = passlen + OPS_SALT_SIZE; | |
2406 | ||||
2407 | if (i + j > content.u.secret_key.octet_count && i != 0) | |||
2408 | j = content.u.secret_key.octet_count - i; | |||
2409 | 2482 | |||
2483 | if (i + j > pkt.u.secret_key.octet_count && i != 0) { | |||
2484 | j = pkt.u.secret_key.octet_count - i; | |||
2485 | } | |||
2410 | hashes[n].add(&hashes[n], | 2486 | hashes[n].add(&hashes[n], | |
2411 | content.u.secret_key.salt, | 2487 | pkt.u.secret_key.salt, | |
2412 | (unsigned)(j > OPS_SALT_SIZE) ? | 2488 | (unsigned)(j > OPS_SALT_SIZE) ? | |
2413 | OPS_SALT_SIZE : j); | 2489 | OPS_SALT_SIZE : j); | |
2414 | if (j > OPS_SALT_SIZE) | 2490 | if (j > OPS_SALT_SIZE) { | |
2415 | hashes[n].add(&hashes[n], (unsigned char *) passphrase, j - OPS_SALT_SIZE); | 2491 | hashes[n].add(&hashes[n], | |
2492 | (unsigned char *) passphrase, | |||
2493 | j - OPS_SALT_SIZE); | |||
2494 | } | |||
2416 | } | 2495 | } | |
2417 | 2496 | |||
2418 | } | 2497 | } | |
2419 | } | 2498 | } | |
2420 | 2499 | |||
2421 | for (n = 0; n * hashsize < keysize; ++n) { | 2500 | for (n = 0; n * hashsize < keysize; ++n) { | |
2422 | int r = hashes[n].finish(&hashes[n], key + n * hashsize); | 2501 | int r; | |
2502 | ||||
2503 | r = hashes[n].finish(&hashes[n], key + n * hashsize); | |||
2423 | assert(r == hashsize); | 2504 | assert(r == hashsize); | |
2424 | } | 2505 | } | |
2425 | 2506 | |||
2426 | free(passphrase); | 2507 | (void) memset(passphrase, 0x0, passlen); | |
2508 | (void) free(passphrase); | |||
2427 | 2509 | |||
2428 | __ops_crypt_any(&decrypt, content.u.secret_key.algorithm); | 2510 | __ops_crypt_any(&decrypt, pkt.u.secret_key.algorithm); | |
2429 | if (__ops_get_debug_level(__FILE__)) { | 2511 | if (__ops_get_debug_level(__FILE__)) { | |
2430 | unsigned int i = 0; | 2512 | unsigned int i = 0; | |
2431 | fprintf(stderr, "\nREADING:\niv="); | 2513 | fprintf(stderr, "\nREADING:\niv="); | |
2432 | for (i = 0; i < __ops_block_size(content.u.secret_key.algorithm); i++) { | 2514 | for (i = 0; i < __ops_block_size(pkt.u.secret_key.algorithm); i++) { | |
2433 | fprintf(stderr, "%02x ", content.u.secret_key.iv[i]); | 2515 | fprintf(stderr, "%02x ", pkt.u.secret_key.iv[i]); | |
2434 | } | 2516 | } | |
2435 | fprintf(stderr, "\n"); | 2517 | fprintf(stderr, "\n"); | |
2436 | fprintf(stderr, "key="); | 2518 | fprintf(stderr, "key="); | |
2437 | for (i = 0; i < CAST_KEY_LENGTH; i++) { | 2519 | for (i = 0; i < CAST_KEY_LENGTH; i++) { | |
2438 | fprintf(stderr, "%02x ", key[i]); | 2520 | fprintf(stderr, "%02x ", key[i]); | |
2439 | } | 2521 | } | |
2440 | fprintf(stderr, "\n"); | 2522 | fprintf(stderr, "\n"); | |
2441 | } | 2523 | } | |
2442 | decrypt.set_iv(&decrypt, content.u.secret_key.iv); | 2524 | decrypt.set_iv(&decrypt, pkt.u.secret_key.iv); | |
2443 | decrypt.set_key(&decrypt, key); | 2525 | decrypt.set_key(&decrypt, key); | |
2444 | 2526 | |||
2445 | /* now read encrypted data */ | 2527 | /* now read encrypted data */ | |
2446 | 2528 | |||
2447 | __ops_reader_push_decrypt(pinfo, &decrypt, region); | 2529 | __ops_reader_push_decrypt(pinfo, &decrypt, region); | |
2448 | 2530 | |||
2449 | /* | 2531 | /* | |
2450 | * Since all known encryption for PGP doesn't compress, we | 2532 | * Since all known encryption for PGP doesn't compress, we | |
2451 | * can limit to the same length as the current region (for | 2533 | * can limit to the same length as the current region (for | |
2452 | * now). | 2534 | * now). | |
2453 | */ | 2535 | */ | |
2454 | __ops_init_subregion(&encregion, NULL); | 2536 | __ops_init_subregion(&encregion, NULL); | |
2455 | encregion.length = region->length - region->length_read; | 2537 | encregion.length = region->length - region->length_read; | |
2456 | if (content.u.secret_key.public_key.version != OPS_V4) { | 2538 | if (pkt.u.secret_key.pubkey.version != OPS_V4) { | |
2457 | encregion.length -= 2; | 2539 | encregion.length -= 2; | |
2458 | } | 2540 | } | |
2459 | saved_region = region; | 2541 | saved_region = region; | |
2460 | region = &encregion; | 2542 | region = &encregion; | |
2461 | } | 2543 | } | |
2462 | if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | 2544 | if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | |
2463 | __ops_hash_sha1(&checkhash); | 2545 | __ops_hash_sha1(&checkhash); | |
2464 | __ops_reader_push_hash(pinfo, &checkhash); | 2546 | __ops_reader_push_hash(pinfo, &checkhash); | |
2465 | } else { | 2547 | } else { | |
2466 | __ops_reader_push_sum16(pinfo); | 2548 | __ops_reader_push_sum16(pinfo); | |
2467 | } | 2549 | } | |
2468 | 2550 | |||
2469 | switch (content.u.secret_key.public_key.algorithm) { | 2551 | switch (pkt.u.secret_key.pubkey.algorithm) { | |
2470 | case OPS_PKA_RSA: | 2552 | case OPS_PKA_RSA: | |
2471 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 2553 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
2472 | case OPS_PKA_RSA_SIGN_ONLY: | 2554 | case OPS_PKA_RSA_SIGN_ONLY: | |
2473 | if (!limited_read_mpi(&content.u.secret_key.key.rsa.d, region, pinfo) | 2555 | if (!limited_read_mpi(&pkt.u.secret_key.key.rsa.d, region, | |
2474 | || !limited_read_mpi(&content.u.secret_key.key.rsa.p, region, pinfo) | 2556 | pinfo) || | |
2475 | || !limited_read_mpi(&content.u.secret_key.key.rsa.q, region, pinfo) | 2557 | !limited_read_mpi(&pkt.u.secret_key.key.rsa.p, region, | |
2476 | || !limited_read_mpi(&content.u.secret_key.key.rsa.u, region, pinfo)) | 2558 | pinfo) || | |
2559 | !limited_read_mpi(&pkt.u.secret_key.key.rsa.q, region, | |||
2560 | pinfo) || | |||
2561 | !limited_read_mpi(&pkt.u.secret_key.key.rsa.u, region, | |||
2562 | pinfo)) { | |||
2477 | ret = 0; | 2563 | ret = 0; | |
2478 | 2564 | } | ||
2479 | break; | 2565 | break; | |
2480 | 2566 | |||
2481 | case OPS_PKA_DSA: | 2567 | case OPS_PKA_DSA: | |
2482 | 2568 | |||
2483 | if (!limited_read_mpi(&content.u.secret_key.key.dsa.x, region, pinfo)) | 2569 | if (!limited_read_mpi(&pkt.u.secret_key.key.dsa.x, region, | |
2570 | pinfo)) { | |||
2484 | ret = 0; | 2571 | ret = 0; | |
2572 | } | |||
2485 | break; | 2573 | break; | |
2486 | 2574 | |||
2487 | default: | 2575 | default: | |
2488 | OPS_ERROR_2(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, "Unsupported Public Key algorithm %d (%s)", content.u.secret_key.public_key.algorithm, __ops_show_pka(content.u.secret_key.public_key.algorithm)); | 2576 | OPS_ERROR_2(&pinfo->errors, | |
2577 | OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, | |||
2578 | "Unsupported Public Key algorithm %d (%s)", | |||
2579 | pkt.u.secret_key.pubkey.algorithm, | |||
2580 | __ops_show_pka(pkt.u.secret_key.pubkey.algorithm)); | |||
2489 | ret = 0; | 2581 | ret = 0; | |
2490 | /* assert(0); */ | 2582 | /* assert(0); */ | |
2491 | } | 2583 | } | |
2492 | 2584 | |||
2493 | if (__ops_get_debug_level(__FILE__)) { | 2585 | if (__ops_get_debug_level(__FILE__)) { | |
2494 | fprintf(stderr, "4 MPIs read\n"); | 2586 | (void) fprintf(stderr, "4 MPIs read\n"); | |
2495 | /* | |||
2496 | * __ops_print_secret_key_verbose(OPS_PTAG_CT_SECRET_KEY, | |||
2497 | * &content.u.secret_key); | |||
2498 | */ | |||
2499 | } | 2587 | } | |
2500 | pinfo->reading_v3_secret = false; | 2588 | pinfo->reading_v3_secret = false; | |
2501 | 2589 | |||
2502 | if (content.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | 2590 | if (pkt.u.secret_key.s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) { | |
2503 | unsigned char hash[20]; | 2591 | unsigned char hash[20]; | |
2504 | 2592 | |||
2505 | __ops_reader_pop_hash(pinfo); | 2593 | __ops_reader_pop_hash(pinfo); | |
2506 | checkhash.finish(&checkhash, hash); | 2594 | checkhash.finish(&checkhash, hash); | |
2507 | 2595 | |||
2508 | if (crypted && content.u.secret_key.public_key.version != OPS_V4) { | 2596 | if (crypted && | |
2597 | pkt.u.secret_key.pubkey.version != OPS_V4) { | |||
2509 | __ops_reader_pop_decrypt(pinfo); | 2598 | __ops_reader_pop_decrypt(pinfo); | |
2510 | region = saved_region; | 2599 | region = saved_region; | |
2511 | } | 2600 | } | |
2512 | if (ret) { | 2601 | if (ret) { | |
2513 | if (!limited_read(content.u.secret_key.checkhash, 20, region, pinfo)) | 2602 | if (!limited_read(pkt.u.secret_key.checkhash, | |
2603 | 20, region, pinfo)) { | |||
2514 | return 0; | 2604 | return 0; | |
2605 | } | |||
2515 | 2606 | |||
2516 | if (memcmp(hash, content.u.secret_key.checkhash, 20)) | 2607 | if (memcmp(hash, pkt.u.secret_key.checkhash, 20)) { | |
2517 | ERRP(&pinfo->cbinfo, content, "Hash mismatch in secret key"); | 2608 | ERRP(&pinfo->cbinfo, pkt, | |
2609 | "Hash mismatch in secret key"); | |||
2610 | } | |||
2518 | } | 2611 | } | |
2519 | } else { | 2612 | } else { | |
2520 | unsigned short sum; | 2613 | unsigned short sum; | |
2521 | 2614 | |||
2522 | sum = __ops_reader_pop_sum16(pinfo); | 2615 | sum = __ops_reader_pop_sum16(pinfo); | |
2523 | 2616 | if (crypted && | ||
2524 | if (crypted && content.u.secret_key.public_key.version != OPS_V4) { | 2617 | pkt.u.secret_key.pubkey.version != OPS_V4) { | |
2525 | __ops_reader_pop_decrypt(pinfo); | 2618 | __ops_reader_pop_decrypt(pinfo); | |
2526 | region = saved_region; | 2619 | region = saved_region; | |
2527 | } | 2620 | } | |
2528 | if (ret) { | 2621 | if (ret) { | |
2529 | if (!limited_read_scalar(&content.u.secret_key.checksum, 2, region, | 2622 | if (!limited_read_scalar(&pkt.u.secret_key.checksum, 2, region, | |
2530 | pinfo)) | 2623 | pinfo)) | |
2531 | return 0; | 2624 | return 0; | |
2532 | 2625 | |||
2533 | if (sum != content.u.secret_key.checksum) | 2626 | if (sum != pkt.u.secret_key.checksum) | |
2534 | ERRP(&pinfo->cbinfo, content, "Checksum mismatch in secret key"); | 2627 | ERRP(&pinfo->cbinfo, pkt, "Checksum mismatch in secret key"); | |
2535 | } | 2628 | } | |
2536 | } | 2629 | } | |
2537 | 2630 | |||
2538 | if (crypted && content.u.secret_key.public_key.version == OPS_V4) { | 2631 | if (crypted && pkt.u.secret_key.pubkey.version == OPS_V4) { | |
2539 | __ops_reader_pop_decrypt(pinfo); | 2632 | __ops_reader_pop_decrypt(pinfo); | |
2540 | } | 2633 | } | |
2541 | assert(!ret || region->length_read == region->length); | 2634 | assert(!ret || region->length_read == region->length); | |
2542 | 2635 | |||
2543 | if (!ret) | 2636 | if (!ret) | |
2544 | return 0; | 2637 | return 0; | |
2545 | 2638 | |||
2546 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SECRET_KEY, &content); | 2639 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SECRET_KEY, &pkt); | |
2547 | 2640 | |||
2548 | if (__ops_get_debug_level(__FILE__)) { | 2641 | if (__ops_get_debug_level(__FILE__)) { | |
2549 | fprintf(stderr, "--- end of parse_secret_key\n\n"); | 2642 | fprintf(stderr, "--- end of parse_secret_key\n\n"); | |
2550 | } | 2643 | } | |
2551 | return 1; | 2644 | return 1; | |
2552 | } | 2645 | } | |
2553 | 2646 | |||
2554 | /** | 2647 | /** | |
2555 | \ingroup Core_ReadPackets | 2648 | \ingroup Core_ReadPackets | |
2556 | \brief Parse a Public Key Session Key packet | 2649 | \brief Parse a Public Key Session Key packet | |
2557 | */ | 2650 | */ | |
2558 | static int | 2651 | static int | |
2559 | parse_pk_session_key(__ops_region_t * region, | 2652 | parse_pk_session_key(__ops_region_t * region, | |
2560 | __ops_parse_info_t * pinfo) | 2653 | __ops_parse_info_t * pinfo) | |
2561 | { | 2654 | { | |
2562 | unsigned char c[1] = ""; | 2655 | const __ops_secret_key_t *secret; | |
2563 | __ops_parser_content_t content; | 2656 | __ops_packet_t sesskey; | |
2564 | __ops_parser_content_t sesskey; | 2657 | __ops_packet_t pkt; | |
2565 | 2658 | unsigned char *iv; | ||
2566 | int n; | 2659 | unsigned char c[1] = ""; | |
2567 | BIGNUM *enc_m; | 2660 | unsigned char cs[2]; | |
2568 | unsigned k; | 2661 | unsigned k; | |
2569 | const __ops_secret_key_t *secret; | 2662 | BIGNUM *enc_m; | |
2570 | unsigned char cs[2]; | 2663 | int n; | |
2571 | unsigned char *iv; | |||
2572 | 2664 | |||
2573 | /* Can't rely on it being CAST5 */ | 2665 | /* Can't rely on it being CAST5 */ | |
2574 | /* \todo FIXME RW */ | 2666 | /* \todo FIXME RW */ | |
2575 | /* const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; */ | 2667 | /* const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; */ | |
2576 | unsigned char unencoded_m_buf[1024]; | 2668 | unsigned char unencoded_m_buf[1024]; | |
2577 | 2669 | |||
2578 | if (!limited_read(c, 1, region, pinfo)) | 2670 | if (!limited_read(c, 1, region, pinfo)) | |
2579 | return 0; | 2671 | return 0; | |
2580 | content.u.pk_session_key.version = c[0]; | 2672 | pkt.u.pk_session_key.version = c[0]; | |
2581 | if (content.u.pk_session_key.version != OPS_PKSK_V3) { | 2673 | if (pkt.u.pk_session_key.version != OPS_PKSK_V3) { | |
2582 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PKSK_VRSN, | 2674 | OPS_ERROR_1(&pinfo->errors, OPS_E_PROTO_BAD_PKSK_VRSN, | |
2583 | "Bad public-key encrypted session key version (%d)", | 2675 | "Bad public-key encrypted session key version (%d)", | |
2584 | content.u.pk_session_key.version); | 2676 | pkt.u.pk_session_key.version); | |
2585 | return 0; | 2677 | return 0; | |
2586 | } | 2678 | } | |
2587 | if (!limited_read(content.u.pk_session_key.key_id, | 2679 | if (!limited_read(pkt.u.pk_session_key.key_id, | |
2588 | sizeof(content.u.pk_session_key.key_id), region, pinfo)) { | 2680 | sizeof(pkt.u.pk_session_key.key_id), region, pinfo)) { | |
2589 | return 0; | 2681 | return 0; | |
2590 | } | 2682 | } | |
2591 | if (__ops_get_debug_level(__FILE__)) { | 2683 | if (__ops_get_debug_level(__FILE__)) { | |
2592 | int i; | 2684 | int i; | |
2593 | int x = sizeof(content.u.pk_session_key.key_id); | 2685 | int x = sizeof(pkt.u.pk_session_key.key_id); | |
2594 | printf("session key: public key id: x=%d\n", x); | 2686 | printf("session key: public key id: x=%d\n", x); | |
2595 | for (i = 0; i < x; i++) | 2687 | for (i = 0; i < x; i++) | |
2596 | printf("%2x ", content.u.pk_session_key.key_id[i]); | 2688 | printf("%2x ", pkt.u.pk_session_key.key_id[i]); | |
2597 | printf("\n"); | 2689 | printf("\n"); | |
2598 | } | 2690 | } | |
2599 | if (!limited_read(c, 1, region, pinfo)) | 2691 | if (!limited_read(c, 1, region, pinfo)) | |
2600 | return 0; | 2692 | return 0; | |
2601 | content.u.pk_session_key.algorithm = c[0]; | 2693 | pkt.u.pk_session_key.algorithm = c[0]; | |
2602 | switch (content.u.pk_session_key.algorithm) { | 2694 | switch (pkt.u.pk_session_key.algorithm) { | |
2603 | case OPS_PKA_RSA: | 2695 | case OPS_PKA_RSA: | |
2604 | if (!limited_read_mpi(&content.u.pk_session_key.parameters.rsa.encrypted_m, | 2696 | if (!limited_read_mpi(&pkt.u.pk_session_key.parameters.rsa.encrypted_m, | |
2605 | region, pinfo)) { | 2697 | region, pinfo)) { | |
2606 | return 0; | 2698 | return 0; | |
2607 | } | 2699 | } | |
2608 | enc_m = content.u.pk_session_key.parameters.rsa.encrypted_m; | 2700 | enc_m = pkt.u.pk_session_key.parameters.rsa.encrypted_m; | |
2609 | break; | 2701 | break; | |
2610 | 2702 | |||
2611 | case OPS_PKA_ELGAMAL: | 2703 | case OPS_PKA_ELGAMAL: | |
2612 | if (!limited_read_mpi(&content.u.pk_session_key.parameters.elgamal.g_to_k, | 2704 | if (!limited_read_mpi(&pkt.u.pk_session_key.parameters.elgamal.g_to_k, | |
2613 | region, pinfo) | 2705 | region, pinfo) | |
2614 | || !limited_read_mpi(&content.u.pk_session_key.parameters.elgamal.encrypted_m, | 2706 | || !limited_read_mpi(&pkt.u.pk_session_key.parameters.elgamal.encrypted_m, | |
2615 | region, pinfo)) { | 2707 | region, pinfo)) { | |
2616 | return 0; | 2708 | return 0; | |
2617 | } | 2709 | } | |
2618 | enc_m = content.u.pk_session_key.parameters.elgamal.encrypted_m; | 2710 | enc_m = pkt.u.pk_session_key.parameters.elgamal.encrypted_m; | |
2619 | break; | 2711 | break; | |
2620 | 2712 | |||
2621 | default: | 2713 | default: | |
2622 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, | 2714 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_PUBLIC_KEY_ALG, | |
2623 | "Unknown public key algorithm in session key (%s)", | 2715 | "Unknown public key algorithm in session key (%s)", | |
2624 | __ops_show_pka(content.u.pk_session_key.algorithm)); | 2716 | __ops_show_pka(pkt.u.pk_session_key.algorithm)); | |
2625 | return 0; | 2717 | return 0; | |
2626 | } | 2718 | } | |
2627 | 2719 | |||
2628 | (void) memset(&sesskey, 0x0, sizeof(sesskey)); | 2720 | (void) memset(&sesskey, 0x0, sizeof(sesskey)); | |
2629 | secret = NULL; | 2721 | secret = NULL; | |
2630 | sesskey.u.get_secret_key.secret_key = &secret; | 2722 | sesskey.u.get_secret_key.secret_key = &secret; | |
2631 | sesskey.u.get_secret_key.pk_session_key = &content.u.pk_session_key; | 2723 | sesskey.u.get_secret_key.pk_session_key = &pkt.u.pk_session_key; | |
2632 | 2724 | |||
2633 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SECRET_KEY, &sesskey); | 2725 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_CMD_GET_SECRET_KEY, &sesskey); | |
2634 | 2726 | |||
2635 | if (!secret) { | 2727 | if (!secret) { | |
2636 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &content); | 2728 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_ENCRYPTED_PK_SESSION_KEY, &pkt); | |
2637 | 2729 | |||
2638 | return 1; | 2730 | return 1; | |
2639 | } | 2731 | } | |
2640 | /* n=__ops_decrypt_mpi(buf,sizeof(buf),enc_m,secret); */ | 2732 | /* n=__ops_decrypt_mpi(buf,sizeof(buf),enc_m,secret); */ | |
2641 | n = __ops_decrypt_and_unencode_mpi(unencoded_m_buf, | 2733 | n = __ops_decrypt_and_unencode_mpi(unencoded_m_buf, | |
2642 | sizeof(unencoded_m_buf), enc_m, secret); | 2734 | sizeof(unencoded_m_buf), enc_m, secret); | |
2643 | 2735 | |||
2644 | if (n < 1) { | 2736 | if (n < 1) { | |
2645 | ERRP(&pinfo->cbinfo, content, "decrypted message too short"); | 2737 | ERRP(&pinfo->cbinfo, pkt, "decrypted message too short"); | |
2646 | return 0; | 2738 | return 0; | |
2647 | } | 2739 | } | |
2648 | /* PKA */ | 2740 | /* PKA */ | |
2649 | content.u.pk_session_key.symmetric_algorithm = unencoded_m_buf[0]; | 2741 | pkt.u.pk_session_key.symmetric_algorithm = unencoded_m_buf[0]; | |
2650 | 2742 | |||
2651 | if (!__ops_is_sa_supported(content.u.pk_session_key.symmetric_algorithm)) { | 2743 | if (!__ops_is_sa_supported(pkt.u.pk_session_key.symmetric_algorithm)) { | |
2652 | /* ERR1P */ | 2744 | /* ERR1P */ | |
2653 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, | 2745 | OPS_ERROR_1(&pinfo->errors, OPS_E_ALG_UNSUPPORTED_SYMMETRIC_ALG, | |
2654 | "Symmetric algorithm %s not supported", | 2746 | "Symmetric algorithm %s not supported", | |
2655 | __ops_show_symmetric_algorithm(content.u.pk_session_key.symmetric_algorithm)); | 2747 | __ops_show_symmetric_algorithm(pkt.u.pk_session_key.symmetric_algorithm)); | |
2656 | return 0; | 2748 | return 0; | |
2657 | } | 2749 | } | |
2658 | k = __ops_key_size(content.u.pk_session_key.symmetric_algorithm); | 2750 | k = __ops_key_size(pkt.u.pk_session_key.symmetric_algorithm); | |
2659 | 2751 | |||
2660 | if ((unsigned) n != k + 3) { | 2752 | if ((unsigned) n != k + 3) { | |
2661 | OPS_ERROR_2(&pinfo->errors, OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN, | 2753 | OPS_ERROR_2(&pinfo->errors, OPS_E_PROTO_DECRYPTED_MSG_WRONG_LEN, | |
2662 | "decrypted message wrong length (got %d expected %d)", | 2754 | "decrypted message wrong length (got %d expected %d)", | |
2663 | n, k + 3); | 2755 | n, k + 3); | |
2664 | return 0; | 2756 | return 0; | |
2665 | } | 2757 | } | |
2666 | assert(k <= sizeof(content.u.pk_session_key.key)); | 2758 | assert(k <= sizeof(pkt.u.pk_session_key.key)); | |
2667 | 2759 | |||
2668 | (void) memcpy(content.u.pk_session_key.key, unencoded_m_buf + 1, k); | 2760 | (void) memcpy(pkt.u.pk_session_key.key, unencoded_m_buf + 1, k); | |
2669 | 2761 | |||
2670 | if (__ops_get_debug_level(__FILE__)) { | 2762 | if (__ops_get_debug_level(__FILE__)) { | |
2671 | unsigned int j; | 2763 | unsigned int j; | |
2672 | printf("session key recovered (len=%d):\n", k); | 2764 | printf("session key recovered (len=%d):\n", k); | |
2673 | for (j = 0; j < k; j++) | 2765 | for (j = 0; j < k; j++) | |
2674 | printf("%2x ", content.u.pk_session_key.key[j]); | 2766 | printf("%2x ", pkt.u.pk_session_key.key[j]); | |
2675 | printf("\n"); | 2767 | printf("\n"); | |
2676 | } | 2768 | } | |
2677 | content.u.pk_session_key.checksum = unencoded_m_buf[k + 1] + (unencoded_m_buf[k + 2] << 8); | 2769 | pkt.u.pk_session_key.checksum = unencoded_m_buf[k + 1] + (unencoded_m_buf[k + 2] << 8); | |
2678 | if (__ops_get_debug_level(__FILE__)) { | 2770 | if (__ops_get_debug_level(__FILE__)) { | |
2679 | printf("session key checksum: %2x %2x\n", unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); | 2771 | printf("session key checksum: %2x %2x\n", unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); | |
2680 | } | 2772 | } | |
2681 | /* Check checksum */ | 2773 | /* Check checksum */ | |
2682 | 2774 | |||
2683 | __ops_calc_session_key_checksum(&content.u.pk_session_key, &cs[0]); | 2775 | __ops_calc_session_key_checksum(&pkt.u.pk_session_key, &cs[0]); | |
2684 | if (unencoded_m_buf[k + 1] != cs[0] || unencoded_m_buf[k + 2] != cs[1]) { | 2776 | if (unencoded_m_buf[k + 1] != cs[0] || unencoded_m_buf[k + 2] != cs[1]) { | |
2685 | OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SK_CHECKSUM, | 2777 | OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SK_CHECKSUM, | |
2686 | "Session key checksum wrong: expected %2x %2x, got %2x %2x", | 2778 | "Session key checksum wrong: expected %2x %2x, got %2x %2x", | |
2687 | cs[0], cs[1], unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); | 2779 | cs[0], cs[1], unencoded_m_buf[k + 1], unencoded_m_buf[k + 2]); | |
2688 | return 0; | 2780 | return 0; | |
2689 | } | 2781 | } | |
2690 | /* all is well */ | 2782 | /* all is well */ | |
2691 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_PK_SESSION_KEY, &content); | 2783 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_PK_SESSION_KEY, &pkt); | |
2692 | 2784 | |||
2693 | __ops_crypt_any(&pinfo->decrypt, content.u.pk_session_key.symmetric_algorithm); | 2785 | __ops_crypt_any(&pinfo->decrypt, pkt.u.pk_session_key.symmetric_algorithm); | |
2694 | iv = calloc(1, pinfo->decrypt.blocksize); | 2786 | iv = calloc(1, pinfo->decrypt.blocksize); | |
2695 | pinfo->decrypt.set_iv(&pinfo->decrypt, iv); | 2787 | pinfo->decrypt.set_iv(&pinfo->decrypt, iv); | |
2696 | pinfo->decrypt.set_key(&pinfo->decrypt, content.u.pk_session_key.key); | 2788 | pinfo->decrypt.set_key(&pinfo->decrypt, pkt.u.pk_session_key.key); | |
2697 | __ops_encrypt_init(&pinfo->decrypt); | 2789 | __ops_encrypt_init(&pinfo->decrypt); | |
2698 | (void) free(iv); | 2790 | (void) free(iv); | |
2699 | return 1; | 2791 | return 1; | |
2700 | } | 2792 | } | |
2701 | 2793 | |||
2702 | static int | 2794 | static int | |
2703 | __ops_decrypt_se_data(__ops_content_tag_t tag, __ops_region_t * region, | 2795 | __ops_decrypt_se_data(__ops_content_tag_t tag, __ops_region_t * region, | |
2704 | __ops_parse_info_t * pinfo) | 2796 | __ops_parse_info_t * pinfo) | |
2705 | { | 2797 | { | |
2706 | int r = 1; | 2798 | int r = 1; | |
2707 | __ops_crypt_t *decrypt = __ops_parse_get_decrypt(pinfo); | 2799 | __ops_crypt_t *decrypt = __ops_parse_get_decrypt(pinfo); | |
2708 | 2800 | |||
2709 | if (decrypt) { | 2801 | if (decrypt) { | |
2710 | unsigned char buf[OPS_MAX_BLOCK_SIZE + 2] = ""; | 2802 | unsigned char buf[OPS_MAX_BLOCK_SIZE + 2] = ""; | |
2711 | size_t b = decrypt->blocksize; | 2803 | size_t b = decrypt->blocksize; | |
2712 | /* __ops_parser_content_t content; */ | 2804 | /* __ops_packet_t pkt; */ | |
2713 | __ops_region_t encregion; | 2805 | __ops_region_t encregion; | |
2714 | 2806 | |||
2715 | 2807 | |||
2716 | __ops_reader_push_decrypt(pinfo, decrypt, region); | 2808 | __ops_reader_push_decrypt(pinfo, decrypt, region); | |
2717 | 2809 | |||
2718 | __ops_init_subregion(&encregion, NULL); | 2810 | __ops_init_subregion(&encregion, NULL); | |
2719 | encregion.length = b + 2; | 2811 | encregion.length = b + 2; | |
2720 | 2812 | |||
2721 | if (!exact_limited_read(buf, b + 2, &encregion, pinfo)) | 2813 | if (!exact_limited_read(buf, b + 2, &encregion, pinfo)) | |
2722 | return 0; | 2814 | return 0; | |
2723 | 2815 | |||
2724 | if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { | 2816 | if (buf[b - 2] != buf[b] || buf[b - 1] != buf[b + 1]) { | |
2725 | __ops_reader_pop_decrypt(pinfo); | 2817 | __ops_reader_pop_decrypt(pinfo); | |
2726 | OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT, | 2818 | OPS_ERROR_4(&pinfo->errors, OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT, | |
2727 | "Bad symmetric decrypt (%02x%02x vs %02x%02x)", | 2819 | "Bad symmetric decrypt (%02x%02x vs %02x%02x)", | |
2728 | buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); | 2820 | buf[b - 2], buf[b - 1], buf[b], buf[b + 1]); | |
2729 | return 0; | 2821 | return 0; | |
2730 | } | 2822 | } | |
2731 | if (tag == OPS_PTAG_CT_SE_DATA_BODY) { | 2823 | if (tag == OPS_PTAG_CT_SE_DATA_BODY) { | |
2732 | decrypt->decrypt_resync(decrypt); | 2824 | decrypt->decrypt_resync(decrypt); | |
2733 | decrypt->block_encrypt(decrypt, decrypt->civ, decrypt->civ); | 2825 | decrypt->block_encrypt(decrypt, decrypt->civ, decrypt->civ); | |
2734 | } | 2826 | } | |
2735 | r = __ops_parse(pinfo); | 2827 | r = __ops_parse(pinfo, 0); | |
2736 | 2828 | |||
2737 | __ops_reader_pop_decrypt(pinfo); | 2829 | __ops_reader_pop_decrypt(pinfo); | |
2738 | } else { | 2830 | } else { | |
2739 | __ops_parser_content_t content; | 2831 | __ops_packet_t pkt; | |
2740 | 2832 | |||
2741 | while (region->length_read < region->length) { | 2833 | while (region->length_read < region->length) { | |
2742 | unsigned len = region->length - region->length_read; | 2834 | unsigned len = region->length - region->length_read; | |
2743 | 2835 | |||
2744 | if (len > sizeof(content.u.se_data_body.data)) | 2836 | if (len > sizeof(pkt.u.se_data_body.data)) | |
2745 | len = sizeof(content.u.se_data_body.data); | 2837 | len = sizeof(pkt.u.se_data_body.data); | |
2746 | 2838 | |||
2747 | if (!limited_read(content.u.se_data_body.data, len, region, pinfo)) | 2839 | if (!limited_read(pkt.u.se_data_body.data, len, region, pinfo)) | |
2748 | return 0; | 2840 | return 0; | |
2749 | 2841 | |||
2750 | content.u.se_data_body.length = len; | 2842 | pkt.u.se_data_body.length = len; | |
2751 | 2843 | |||
2752 | CALLBACK(&pinfo->cbinfo, tag, &content); | 2844 | CALLBACK(&pinfo->cbinfo, tag, &pkt); | |
2753 | } | 2845 | } | |
2754 | } | 2846 | } | |
2755 | 2847 | |||
2756 | return r; | 2848 | return r; | |
2757 | } | 2849 | } | |
2758 | 2850 | |||
2759 | static int | 2851 | static int | |
2760 | __ops_decrypt_se_ip_data(__ops_content_tag_t tag, __ops_region_t * region, | 2852 | __ops_decrypt_se_ip_data(__ops_content_tag_t tag, __ops_region_t * region, | |
2761 | __ops_parse_info_t * pinfo) | 2853 | __ops_parse_info_t * pinfo) | |
2762 | { | 2854 | { | |
2763 | int r = 1; | 2855 | int r = 1; | |
2764 | __ops_crypt_t *decrypt = __ops_parse_get_decrypt(pinfo); | 2856 | __ops_crypt_t *decrypt = __ops_parse_get_decrypt(pinfo); | |
2765 | 2857 | |||
2766 | if (decrypt) { | 2858 | if (decrypt) { | |
2767 | __ops_reader_push_decrypt(pinfo, decrypt, region); | 2859 | __ops_reader_push_decrypt(pinfo, decrypt, region); | |
2768 | __ops_reader_push_se_ip_data(pinfo, decrypt, region); | 2860 | __ops_reader_push_se_ip_data(pinfo, decrypt, region); | |
2769 | 2861 | |||
2770 | r = __ops_parse(pinfo); | 2862 | r = __ops_parse(pinfo, 0); | |
2771 | 2863 | |||
2772 | /* assert(0); */ | |||
2773 | __ops_reader_pop_se_ip_data(pinfo); | 2864 | __ops_reader_pop_se_ip_data(pinfo); | |
2774 | __ops_reader_pop_decrypt(pinfo); | 2865 | __ops_reader_pop_decrypt(pinfo); | |
2775 | } else { | 2866 | } else { | |
2776 | __ops_parser_content_t content; | 2867 | __ops_packet_t pkt; | |
2777 | 2868 | |||
2778 | while (region->length_read < region->length) { | 2869 | while (region->length_read < region->length) { | |
2779 | unsigned len = region->length - region->length_read; | 2870 | unsigned len = region->length - region->length_read; | |
2780 | 2871 | |||
2781 | if (len > sizeof(content.u.se_data_body.data)) | 2872 | if (len > sizeof(pkt.u.se_data_body.data)) { | |
2782 | len = sizeof(content.u.se_data_body.data); | 2873 | len = sizeof(pkt.u.se_data_body.data); | |
2874 | } | |||
2783 | 2875 | |||
2784 | if (!limited_read(content.u.se_data_body.data, len, region, pinfo)) | 2876 | if (!limited_read(pkt.u.se_data_body.data, | |
2877 | len, region, pinfo)) { | |||
2785 | return 0; | 2878 | return 0; | |
2879 | } | |||
2786 | 2880 | |||
2787 | content.u.se_data_body.length = len; | 2881 | pkt.u.se_data_body.length = len; | |
2788 | 2882 | |||
2789 | CALLBACK(&pinfo->cbinfo, tag, &content); | 2883 | CALLBACK(&pinfo->cbinfo, tag, &pkt); | |
2790 | } | 2884 | } | |
2791 | } | 2885 | } | |
2792 | 2886 | |||
2793 | return r; | 2887 | return r; | |
2794 | } | 2888 | } | |
2795 | 2889 | |||
2796 | /** | 2890 | /** | |
2797 | \ingroup Core_ReadPackets | 2891 | \ingroup Core_ReadPackets | |
2798 | \brief Read a Symmetrically Encrypted packet | 2892 | \brief Read a Symmetrically Encrypted packet | |
2799 | */ | 2893 | */ | |
2800 | static int | 2894 | static int | |
2801 | parse_se_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2895 | parse_se_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2802 | { | 2896 | { | |
2803 | __ops_parser_content_t content; | 2897 | __ops_packet_t pkt; | |
2804 | 2898 | |||
2805 | /* there's no info to go with this, so just announce it */ | 2899 | /* there's no info to go with this, so just announce it */ | |
2806 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SE_DATA_HEADER, &content); | 2900 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_SE_DATA_HEADER, &pkt); | |
2807 | 2901 | |||
2808 | /* | 2902 | /* | |
2809 | * The content of an encrypted data packet is more OpenPGP packets | 2903 | * The content of an encrypted data packet is more OpenPGP packets | |
2810 | * once decrypted, so recursively handle them | 2904 | * once decrypted, so recursively handle them | |
2811 | */ | 2905 | */ | |
2812 | return __ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY, region, pinfo); | 2906 | return __ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY, region, pinfo); | |
2813 | } | 2907 | } | |
2814 | 2908 | |||
2815 | /** | 2909 | /** | |
2816 | \ingroup Core_ReadPackets | 2910 | \ingroup Core_ReadPackets | |
2817 | \brief Read a Symmetrically Encrypted Integrity Protected packet | 2911 | \brief Read a Symmetrically Encrypted Integrity Protected packet | |
2818 | */ | 2912 | */ | |
2819 | static int | 2913 | static int | |
2820 | parse_se_ip_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2914 | parse_se_ip_data(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2821 | { | 2915 | { | |
2822 | unsigned char c[1] = ""; | 2916 | unsigned char c[1] = ""; | |
2823 | __ops_parser_content_t content; | 2917 | __ops_packet_t pkt; | |
2824 | 2918 | |||
2825 | if (!limited_read(c, 1, region, pinfo)) | 2919 | if (!limited_read(c, 1, region, pinfo)) | |
2826 | return 0; | 2920 | return 0; | |
2827 | content.u.se_ip_data_header.version = c[0]; | 2921 | pkt.u.se_ip_data_header.version = c[0]; | |
2828 | assert(content.u.se_ip_data_header.version == OPS_SE_IP_V1); | 2922 | assert(pkt.u.se_ip_data_header.version == OPS_SE_IP_V1); | |
2829 | 2923 | |||
2830 | /* | 2924 | /* | |
2831 | * The content of an encrypted data packet is more OpenPGP packets | 2925 | * The content of an encrypted data packet is more OpenPGP packets | |
2832 | * once decrypted, so recursively handle them | 2926 | * once decrypted, so recursively handle them | |
2833 | */ | 2927 | */ | |
2834 | return __ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY, region, pinfo); | 2928 | return __ops_decrypt_se_ip_data(OPS_PTAG_CT_SE_IP_DATA_BODY, region, pinfo); | |
2835 | } | 2929 | } | |
2836 | 2930 | |||
2837 | /** | 2931 | /** | |
2838 | \ingroup Core_ReadPackets | 2932 | \ingroup Core_ReadPackets | |
2839 | \brief Read a MDC packet | 2933 | \brief Read a MDC packet | |
2840 | */ | 2934 | */ | |
2841 | static int | 2935 | static int | |
2842 | parse_mdc(__ops_region_t * region, __ops_parse_info_t * pinfo) | 2936 | parse_mdc(__ops_region_t * region, __ops_parse_info_t * pinfo) | |
2843 | { | 2937 | { | |
2844 | __ops_parser_content_t content; | 2938 | __ops_packet_t pkt; | |
2845 | 2939 | |||
2846 | if (!limited_read((unsigned char *)(void *)&content.u.mdc, | 2940 | if (!limited_read((unsigned char *)(void *)&pkt.u.mdc, | |
2847 | OPS_SHA1_HASH_SIZE, region, pinfo)) | 2941 | OPS_SHA1_HASH_SIZE, region, pinfo)) | |
2848 | return 0; | 2942 | return 0; | |
2849 | 2943 | |||
2850 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_MDC, &content); | 2944 | CALLBACK(&pinfo->cbinfo, OPS_PTAG_CT_MDC, &pkt); | |
2851 | 2945 | |||
2852 | return 1; | 2946 | return 1; | |
2853 | } | 2947 | } | |
2854 | 2948 | |||
2855 | /** | 2949 | /** | |
2856 | * \ingroup Core_ReadPackets | 2950 | * \ingroup Core_ReadPackets | |
2857 | * \brief Parse one packet. | 2951 | * \brief Parse one packet. | |
2858 | * | 2952 | * | |
2859 | * This function parses the packet tag. It computes the value of the | 2953 | * This function parses the packet tag. It computes the value of the | |
2860 | * content tag and then calls the appropriate function to handle the | 2954 | * content tag and then calls the appropriate function to handle the | |
2861 | * content. | 2955 | * content. | |
2862 | * | 2956 | * | |
2863 | * \param *pinfo How to parse | 2957 | * \param *pinfo How to parse | |
2864 | * \param *pktlen On return, will contain number of bytes in packet | 2958 | * \param *pktlen On return, will contain number of bytes in packet | |
2865 | * \return 1 on success, 0 on error, -1 on EOF */ | 2959 | * \return 1 on success, 0 on error, -1 on EOF */ | |
2866 | static int | 2960 | static int | |
2867 | __ops_parse_packet(__ops_parse_info_t * pinfo, unsigned long *pktlen) | 2961 | __ops_parse_packet(__ops_parse_info_t * pinfo, unsigned long *pktlen) | |
2868 | { | 2962 | { | |
2869 | __ops_parser_content_t content; | 2963 | __ops_packet_t pkt; | |
2870 | unsigned char ptag[1]; | |||
2871 | __ops_region_t region; | 2964 | __ops_region_t region; | |
2965 | unsigned char ptag[1]; | |||
2872 | bool indeterminate = false; | 2966 | bool indeterminate = false; | |
2873 | int ret; | 2967 | int ret; | |
2874 | 2968 | |||
2875 | content.u.ptag.position = pinfo->rinfo.position; | 2969 | pkt.u.ptag.position = pinfo->rinfo.position; | |
2876 | 2970 | |||
2877 | ret = base_read(ptag, 1, pinfo); | 2971 | ret = base_read(ptag, 1, pinfo); | |
2878 | 2972 | |||
2879 | if (__ops_get_debug_level(__FILE__)) { | 2973 | if (__ops_get_debug_level(__FILE__)) { | |
2880 | (void) fprintf(stderr, "__ops_parse_packet: base_read returned %d\n", | 2974 | (void) fprintf(stderr, | |
2881 | ret); | 2975 | "__ops_parse_packet: base_read returned %d\n", | |
2976 | ret); | |||
2882 | } | 2977 | } | |
2883 | 2978 | |||
2884 | /* errors in the base read are effectively EOF. */ | 2979 | /* errors in the base read are effectively EOF. */ | |
2885 | if (ret <= 0) { | 2980 | if (ret <= 0) { | |
2886 | return -1; | 2981 | return -1; | |
2887 | } | 2982 | } | |
2888 | 2983 | |||
2889 | *pktlen = 0; | 2984 | *pktlen = 0; | |
2890 | 2985 | |||
2891 | if (!(*ptag & OPS_PTAG_ALWAYS_SET)) { | 2986 | if (!(*ptag & OPS_PTAG_ALWAYS_SET)) { | |
2892 | content.u.error.error = "Format error (ptag bit not set)"; | 2987 | pkt.u.error.error = "Format error (ptag bit not set)"; | |
2893 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_ERROR, &content); | 2988 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_ERROR, &pkt); | |
2894 | return 0; | 2989 | return 0; | |
2895 | } | 2990 | } | |
2896 | content.u.ptag.new_format = !!(*ptag & OPS_PTAG_NEW_FORMAT); | 2991 | pkt.u.ptag.new_format = !!(*ptag & OPS_PTAG_NEW_FORMAT); | |
2897 | if (content.u.ptag.new_format) { | 2992 | if (pkt.u.ptag.new_format) { | |
2898 | content.u.ptag.content_tag = *ptag & OPS_PTAG_NF_CONTENT_TAG_MASK; | 2993 | pkt.u.ptag.content_tag = | |
2899 | content.u.ptag.length_type = 0; | 2994 | *ptag & OPS_PTAG_NF_CONTENT_TAG_MASK; | |
2900 | if (!read_new_length(&content.u.ptag.length, pinfo)) { | 2995 | pkt.u.ptag.length_type = 0; | |
2996 | if (!read_new_length(&pkt.u.ptag.length, pinfo)) { | |||
2901 | return 0; | 2997 | return 0; | |
2902 | } | 2998 | } | |
2903 | ||||
2904 | } else { | 2999 | } else { | |
2905 | bool rb; | 3000 | bool rb; | |
2906 | 3001 | |||
2907 | rb = false; | 3002 | rb = false; | |
2908 | content.u.ptag.content_tag = ((unsigned)*ptag & | 3003 | pkt.u.ptag.content_tag = ((unsigned)*ptag & | |
2909 | OPS_PTAG_OF_CONTENT_TAG_MASK) | 3004 | OPS_PTAG_OF_CONTENT_TAG_MASK) | |
2910 | >> OPS_PTAG_OF_CONTENT_TAG_SHIFT; | 3005 | >> OPS_PTAG_OF_CONTENT_TAG_SHIFT; | |
2911 | content.u.ptag.length_type = *ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK; | 3006 | pkt.u.ptag.length_type = | |
2912 | switch (content.u.ptag.length_type) { | 3007 | *ptag & OPS_PTAG_OF_LENGTH_TYPE_MASK; | |
3008 | switch (pkt.u.ptag.length_type) { | |||
2913 | case OPS_PTAG_OLD_LEN_1: | 3009 | case OPS_PTAG_OLD_LEN_1: | |
2914 | rb = _read_scalar(&content.u.ptag.length, 1, pinfo); | 3010 | rb = _read_scalar(&pkt.u.ptag.length, 1, pinfo); | |
2915 | break; | 3011 | break; | |
2916 | 3012 | |||
2917 | case OPS_PTAG_OLD_LEN_2: | 3013 | case OPS_PTAG_OLD_LEN_2: | |
2918 | rb = _read_scalar(&content.u.ptag.length, 2, pinfo); | 3014 | rb = _read_scalar(&pkt.u.ptag.length, 2, pinfo); | |
2919 | break; | 3015 | break; | |
2920 | 3016 | |||
2921 | case OPS_PTAG_OLD_LEN_4: | 3017 | case OPS_PTAG_OLD_LEN_4: | |
2922 | rb = _read_scalar(&content.u.ptag.length, 4, pinfo); | 3018 | rb = _read_scalar(&pkt.u.ptag.length, 4, pinfo); | |
2923 | break; | 3019 | break; | |
2924 | 3020 | |||
2925 | case OPS_PTAG_OLD_LEN_INDETERMINATE: | 3021 | case OPS_PTAG_OLD_LEN_INDETERMINATE: | |
2926 | content.u.ptag.length = 0; | 3022 | pkt.u.ptag.length = 0; | |
2927 | indeterminate = true; | 3023 | indeterminate = true; | |
2928 | rb = true; | 3024 | rb = true; | |
2929 | break; | 3025 | break; | |
2930 | } | 3026 | } | |
2931 | if (!rb) { | 3027 | if (!rb) { | |
2932 | return 0; | 3028 | return 0; | |
2933 | } | 3029 | } | |
2934 | } | 3030 | } | |
2935 | 3031 | |||
2936 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_PTAG, &content); | 3032 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_PTAG, &pkt); | |
2937 | 3033 | |||
2938 | __ops_init_subregion(®ion, NULL); | 3034 | __ops_init_subregion(®ion, NULL); | |
2939 | region.length = content.u.ptag.length; | 3035 | region.length = pkt.u.ptag.length; | |
2940 | region.indeterminate = indeterminate; | 3036 | region.indeterminate = indeterminate; | |
2941 | if (__ops_get_debug_level(__FILE__)) { | 3037 | if (__ops_get_debug_level(__FILE__)) { | |
2942 | (void) fprintf(stderr, "__ops_parse_packet: content_tag %d\n", | 3038 | (void) fprintf(stderr, "__ops_parse_packet: content_tag %d\n", | |
2943 | content.u.ptag.content_tag); | 3039 | pkt.u.ptag.content_tag); | |
2944 | } | 3040 | } | |
2945 | switch (content.u.ptag.content_tag) { | 3041 | switch (pkt.u.ptag.content_tag) { | |
2946 | case OPS_PTAG_CT_SIGNATURE: | 3042 | case OPS_PTAG_CT_SIGNATURE: | |
2947 | ret = parse_signature(®ion, pinfo); | 3043 | ret = parse_signature(®ion, pinfo); | |
2948 | break; | 3044 | break; | |
2949 | 3045 | |||
2950 | case OPS_PTAG_CT_PUBLIC_KEY: | 3046 | case OPS_PTAG_CT_PUBLIC_KEY: | |
2951 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | 3047 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | |
2952 | ret = parse_public_key(content.u.ptag.content_tag, ®ion, pinfo); | 3048 | ret = parse_public_key(pkt.u.ptag.content_tag, ®ion, | |
3049 | pinfo); | |||
2953 | break; | 3050 | break; | |
2954 | 3051 | |||
2955 | case OPS_PTAG_CT_TRUST: | 3052 | case OPS_PTAG_CT_TRUST: | |
2956 | ret = parse_trust(®ion, pinfo); | 3053 | ret = parse_trust(®ion, pinfo); | |
2957 | break; | 3054 | break; | |
2958 | 3055 | |||
2959 | case OPS_PTAG_CT_USER_ID: | 3056 | case OPS_PTAG_CT_USER_ID: | |
2960 | ret = parse_user_id(®ion, pinfo); | 3057 | ret = parse_user_id(®ion, pinfo); | |
2961 | break; | 3058 | break; | |
2962 | 3059 | |||
2963 | case OPS_PTAG_CT_COMPRESSED: | 3060 | case OPS_PTAG_CT_COMPRESSED: | |
2964 | ret = parse_compressed(®ion, pinfo); | 3061 | ret = parse_compressed(®ion, pinfo); | |
2965 | break; | 3062 | break; | |
@@ -2992,140 +3089,112 @@ __ops_parse_packet(__ops_parse_info_t * | @@ -2992,140 +3089,112 @@ __ops_parse_packet(__ops_parse_info_t * | |||
2992 | ret = parse_se_data(®ion, pinfo); | 3089 | ret = parse_se_data(®ion, pinfo); | |
2993 | break; | 3090 | break; | |
2994 | 3091 | |||
2995 | case OPS_PTAG_CT_SE_IP_DATA: | 3092 | case OPS_PTAG_CT_SE_IP_DATA: | |
2996 | ret = parse_se_ip_data(®ion, pinfo); | 3093 | ret = parse_se_ip_data(®ion, pinfo); | |
2997 | break; | 3094 | break; | |
2998 | 3095 | |||
2999 | case OPS_PTAG_CT_MDC: | 3096 | case OPS_PTAG_CT_MDC: | |
3000 | ret = parse_mdc(®ion, pinfo); | 3097 | ret = parse_mdc(®ion, pinfo); | |
3001 | break; | 3098 | break; | |
3002 | 3099 | |||
3003 | default: | 3100 | default: | |
3004 | OPS_ERROR_1(&pinfo->errors, OPS_E_P_UNKNOWN_TAG, | 3101 | OPS_ERROR_1(&pinfo->errors, OPS_E_P_UNKNOWN_TAG, | |
3005 | "Unknown content tag 0x%x", content.u.ptag.content_tag); | 3102 | "Unknown content tag 0x%x", | |
3103 | pkt.u.ptag.content_tag); | |||
3006 | ret = 0; | 3104 | ret = 0; | |
3007 | } | 3105 | } | |
3008 | 3106 | |||
3009 | /* Ensure that the entire packet has been consumed */ | 3107 | /* Ensure that the entire packet has been consumed */ | |
3010 | 3108 | |||
3011 | if (region.length != region.length_read && !region.indeterminate) | 3109 | if (region.length != region.length_read && !region.indeterminate) { | |
3012 | if (!consume_packet(®ion, pinfo, false)) | 3110 | if (!consume_packet(®ion, pinfo, false)) { | |
3013 | ret = -1; | 3111 | ret = -1; | |
3112 | } | |||
3113 | } | |||
3014 | 3114 | |||
3015 | /* also consume it if there's been an error? */ | 3115 | /* also consume it if there's been an error? */ | |
3016 | /* \todo decide what to do about an error on an */ | 3116 | /* \todo decide what to do about an error on an */ | |
3017 | /* indeterminate packet */ | 3117 | /* indeterminate packet */ | |
3018 | if (ret == 0) { | 3118 | if (ret == 0) { | |
3019 | if (!consume_packet(®ion, pinfo, false)) | 3119 | if (!consume_packet(®ion, pinfo, false)) { | |
3020 | ret = -1; | 3120 | ret = -1; | |
3121 | } | |||
3021 | } | 3122 | } | |
3022 | /* set pktlen */ | 3123 | /* set pktlen */ | |
3023 | 3124 | |||
3024 | *pktlen = pinfo->rinfo.alength; | 3125 | *pktlen = pinfo->rinfo.alength; | |
3025 | 3126 | |||
3026 | /* do callback on entire packet, if desired and there was no error */ | 3127 | /* do callback on entire packet, if desired and there was no error */ | |
3027 | 3128 | |||
3028 | if (ret > 0 && pinfo->rinfo.accumulate) { | 3129 | if (ret > 0 && pinfo->rinfo.accumulate) { | |
3029 | content.u.packet.length = pinfo->rinfo.alength; | 3130 | pkt.u.packet.length = pinfo->rinfo.alength; | |
3030 | content.u.packet.raw = pinfo->rinfo.accumulated; | 3131 | pkt.u.packet.raw = pinfo->rinfo.accumulated; | |
3031 | pinfo->rinfo.accumulated = NULL; | 3132 | pinfo->rinfo.accumulated = NULL; | |
3032 | pinfo->rinfo.asize = 0; | 3133 | pinfo->rinfo.asize = 0; | |
3033 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_PACKET_END, &content); | 3134 | CALLBACK(&pinfo->cbinfo, OPS_PARSER_PACKET_END, &pkt); | |
3034 | } | 3135 | } | |
3035 | pinfo->rinfo.alength = 0; | 3136 | pinfo->rinfo.alength = 0; | |
3036 | 3137 | |||
3037 | if (ret < 0) { | 3138 | return (ret < 0) ? -1 : (ret) ? 1 : 0; | |
3038 | return -1; | |||
3039 | } | |||
3040 | ||||
3041 | return (ret) ? 1 : 0; | |||
3042 | } | 3139 | } | |
3043 | 3140 | |||
3044 | /** | 3141 | /** | |
3045 | * \ingroup Core_ReadPackets | 3142 | * \ingroup Core_ReadPackets | |
3046 | * | 3143 | * | |
3047 | * \brief Parse packets from an input stream until EOF or error. | 3144 | * \brief Parse packets from an input stream until EOF or error. | |
3048 | * | 3145 | * | |
3049 | * \details Setup the necessary parsing configuration in "pinfo" before calling __ops_parse(). | 3146 | * \details Setup the necessary parsing configuration in "pinfo" | |
3147 | * before calling __ops_parse(). | |||
3050 | * | 3148 | * | |
3051 | * That information includes : | 3149 | * That information includes : | |
3052 | * | 3150 | * | |
3053 | * - a "reader" function to be used to get the data to be parsed | 3151 | * - a "reader" function to be used to get the data to be parsed | |
3054 | * | 3152 | * | |
3055 | * - a "callback" function to be called when this library has identified | 3153 | * - a "callback" function to be called when this library has identified | |
3056 | * a parseable object within the data | 3154 | * a parseable object within the data | |
3057 | * | 3155 | * | |
3058 | * - whether the calling function wants the signature subpackets returned raw, parsed or not at all. | 3156 | * - whether the calling function wants the signature subpackets | |
3157 | * returned raw, parsed or not at all. | |||
3059 | * | 3158 | * | |
3060 | * After returning, pinfo->errors holds any errors encountered while parsing. | 3159 | * After returning, pinfo->errors holds any errors encountered while parsing. | |
3061 | * | 3160 | * | |
3062 | * \param pinfo Parsing configuration | 3161 | * \param pinfo Parsing configuration | |
3063 | * \return 1 on success in all packets, 0 on error in any packet | 3162 | * \return 1 on success in all packets, 0 on error in any packet | |
3064 | * | 3163 | * | |
3065 | * \sa CoreAPI Overview | 3164 | * \sa CoreAPI Overview | |
3066 | * | 3165 | * | |
3067 | * \sa __ops_print_errors(), __ops_parse_and_print_errors() | 3166 | * \sa __ops_print_errors() | |
3068 | * | 3167 | * | |
3069 | * Example code | |||
3070 | * \code | |||
3071 | __ops_parse_cb_t* example_callback(); | |||
3072 | void example() | |||
3073 | { | |||
3074 | int fd=0; | |||
3075 | __ops_parse_info_t *pinfo=NULL; | |||
3076 | char *filename="pubring.gpg"; | |||
3077 | ||||
3078 | // setup pinfo to read from file with example callback | |||
3079 | fd=__ops_setup_file_read(&pinfo, filename, NULL, example_callback, false); | |||
3080 | ||||
3081 | // specify how we handle signature subpackets | |||
3082 | __ops_parse_options(pinfo, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); | |||
3083 | ||||
3084 | if (!__ops_parse(pinfo)) | |||
3085 | __ops_print_errors(pinfo->errors); | |||
3086 | ||||
3087 | __ops_teardown_file_read(pinfo,fd); | |||
3088 | } | |||
3089 | * \endcode | |||
3090 | */ | 3168 | */ | |
3091 | 3169 | |||
3092 | int | 3170 | int | |
3093 | __ops_parse(__ops_parse_info_t * pinfo) | 3171 | __ops_parse(__ops_parse_info_t *pinfo, int perrors) | |
3094 | { | 3172 | { | |
3095 | int r; | |||
3096 | unsigned long pktlen; | 3173 | unsigned long pktlen; | |
3174 | int r; | |||
3097 | 3175 | |||
3176 | if (pinfo->synthlit) { | |||
3177 | #if 0 | |||
3178 | r = __ops_parse_packet(pinfo->synthsig, &pktlen); | |||
3179 | r = __ops_parse_packet(pinfo->synthlit, &pktlen); | |||
3180 | #endif | |||
3181 | } | |||
3098 | do { | 3182 | do { | |
3099 | r = __ops_parse_packet(pinfo, &pktlen); | 3183 | r = __ops_parse_packet(pinfo, &pktlen); | |
3100 | } while (r != -1); | 3184 | } while (r != -1); | |
3101 | 3185 | if (perrors) { | ||
3102 | return pinfo->errors ? 0 : 1; | 3186 | __ops_print_errors(pinfo->errors); | |
3103 | } | 3187 | } | |
3104 | ||||
3105 | /** | |||
3106 | \ingroup Core_ReadPackets | |||
3107 | \brief Parse packets and print any errors | |||
3108 | * \param pinfo Parsing configuration | |||
3109 | * \return 1 on success in all packets, 0 on error in any packet | |||
3110 | * \sa CoreAPI Overview | |||
3111 | * \sa __ops_parse() | |||
3112 | */ | |||
3113 | ||||
3114 | int | |||
3115 | __ops_parse_and_print_errors(__ops_parse_info_t * pinfo) | |||
3116 | { | |||
3117 | __ops_parse(pinfo); | |||
3118 | __ops_print_errors(pinfo->errors); | |||
3119 | return (pinfo->errors == NULL); | 3188 | return (pinfo->errors == NULL); | |
3120 | } | 3189 | } | |
3121 | 3190 | |||
3122 | /** | 3191 | /** | |
3123 | * \ingroup Core_ReadPackets | 3192 | * \ingroup Core_ReadPackets | |
3124 | * | 3193 | * | |
3125 | * \brief Specifies whether one or more signature | 3194 | * \brief Specifies whether one or more signature | |
3126 | * subpacket types should be returned parsed; or raw; or ignored. | 3195 | * subpacket types should be returned parsed; or raw; or ignored. | |
3127 | * | 3196 | * | |
3128 | * \param pinfo Pointer to previously allocated structure | 3197 | * \param pinfo Pointer to previously allocated structure | |
3129 | * \param tag Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag | 3198 | * \param tag Packet tag. OPS_PTAG_SS_ALL for all SS tags; or one individual signature subpacket tag | |
3130 | * \param type Parse type | 3199 | * \param type Parse type | |
3131 | * \todo Make all packet types optional, not just subpackets */ | 3200 | * \todo Make all packet types optional, not just subpackets */ | |
@@ -3256,45 +3325,45 @@ __ops_parse_cb_get_arg(__ops_parse_cb_in | @@ -3256,45 +3325,45 @@ __ops_parse_cb_get_arg(__ops_parse_cb_in | |||
3256 | */ | 3325 | */ | |
3257 | void * | 3326 | void * | |
3258 | __ops_parse_cb_get_errors(__ops_parse_cb_info_t * cbinfo) | 3327 | __ops_parse_cb_get_errors(__ops_parse_cb_info_t * cbinfo) | |
3259 | { | 3328 | { | |
3260 | return cbinfo->errors; | 3329 | return cbinfo->errors; | |
3261 | } | 3330 | } | |
3262 | 3331 | |||
3263 | /** | 3332 | /** | |
3264 | \ingroup Core_ReadPackets | 3333 | \ingroup Core_ReadPackets | |
3265 | \brief Calls the parse_cb_info's callback if present | 3334 | \brief Calls the parse_cb_info's callback if present | |
3266 | \return Return value from callback, if present; else OPS_FINISHED | 3335 | \return Return value from callback, if present; else OPS_FINISHED | |
3267 | */ | 3336 | */ | |
3268 | __ops_parse_cb_return_t | 3337 | __ops_parse_cb_return_t | |
3269 | __ops_parse_cb(const __ops_parser_content_t * content, | 3338 | __ops_parse_cb(const __ops_packet_t * pkt, | |
3270 | __ops_parse_cb_info_t * cbinfo) | 3339 | __ops_parse_cb_info_t * cbinfo) | |
3271 | { | 3340 | { | |
3272 | if (cbinfo->cb) | 3341 | if (cbinfo->cb) | |
3273 | return cbinfo->cb(content, cbinfo); | 3342 | return cbinfo->cb(pkt, cbinfo); | |
3274 | else | 3343 | else | |
3275 | return OPS_FINISHED; | 3344 | return OPS_FINISHED; | |
3276 | } | 3345 | } | |
3277 | 3346 | |||
3278 | /** | 3347 | /** | |
3279 | \ingroup Core_ReadPackets | 3348 | \ingroup Core_ReadPackets | |
3280 | \brief Calls the next callback in the stack | 3349 | \brief Calls the next callback in the stack | |
3281 | \return Return value from callback | 3350 | \return Return value from callback | |
3282 | */ | 3351 | */ | |
3283 | __ops_parse_cb_return_t | 3352 | __ops_parse_cb_return_t | |
3284 | __ops_parse_stacked_cb(const __ops_parser_content_t * content, | 3353 | __ops_parse_stacked_cb(const __ops_packet_t * pkt, | |
3285 | __ops_parse_cb_info_t * cbinfo) | 3354 | __ops_parse_cb_info_t * cbinfo) | |
3286 | { | 3355 | { | |
3287 | return __ops_parse_cb(content, cbinfo->next); | 3356 | return __ops_parse_cb(pkt, cbinfo->next); | |
3288 | } | 3357 | } | |
3289 | 3358 | |||
3290 | /** | 3359 | /** | |
3291 | \ingroup Core_ReadPackets | 3360 | \ingroup Core_ReadPackets | |
3292 | \brief Returns the parse_info's errors | 3361 | \brief Returns the parse_info's errors | |
3293 | \return parse_info's errors | 3362 | \return parse_info's errors | |
3294 | */ | 3363 | */ | |
3295 | __ops_error_t * | 3364 | __ops_error_t * | |
3296 | __ops_parse_info_get_errors(__ops_parse_info_t * pinfo) | 3365 | __ops_parse_info_get_errors(__ops_parse_info_t * pinfo) | |
3297 | { | 3366 | { | |
3298 | return pinfo->errors; | 3367 | return pinfo->errors; | |
3299 | } | 3368 | } | |
3300 | 3369 |
--- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c 2009/04/30 04:57:57 1.4
+++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c 2009/05/05 01:28:15 1.5
@@ -397,27 +397,27 @@ read_and_eat_whitespace(dearmour_t * dea | @@ -397,27 +397,27 @@ read_and_eat_whitespace(dearmour_t * dea | |||
397 | { | 397 | { | |
398 | int c; | 398 | int c; | |
399 | 399 | |||
400 | do { | 400 | do { | |
401 | c = read_char(dearmour, errors, rinfo, cbinfo, skip); | 401 | c = read_char(dearmour, errors, rinfo, cbinfo, skip); | |
402 | } while (c == ' ' || c == '\t'); | 402 | } while (c == ' ' || c == '\t'); | |
403 | 403 | |||
404 | return c; | 404 | return c; | |
405 | } | 405 | } | |
406 | 406 | |||
407 | static void | 407 | static void | |
408 | flush(dearmour_t * dearmour, __ops_parse_cb_info_t * cbinfo) | 408 | flush(dearmour_t * dearmour, __ops_parse_cb_info_t * cbinfo) | |
409 | { | 409 | { | |
410 | __ops_parser_content_t content; | 410 | __ops_packet_t content; | |
411 | 411 | |||
412 | if (dearmour->num_unarmoured == 0) | 412 | if (dearmour->num_unarmoured == 0) | |
413 | return; | 413 | return; | |
414 | 414 | |||
415 | content.u.unarmoured_text.data = dearmour->unarmoured; | 415 | content.u.unarmoured_text.data = dearmour->unarmoured; | |
416 | content.u.unarmoured_text.length = dearmour->num_unarmoured; | 416 | content.u.unarmoured_text.length = dearmour->num_unarmoured; | |
417 | CALLBACK(cbinfo, OPS_PTAG_CT_UNARMOURED_TEXT, &content); | 417 | CALLBACK(cbinfo, OPS_PTAG_CT_UNARMOURED_TEXT, &content); | |
418 | dearmour->num_unarmoured = 0; | 418 | dearmour->num_unarmoured = 0; | |
419 | } | 419 | } | |
420 | 420 | |||
421 | static int | 421 | static int | |
422 | unarmoured_read_char(dearmour_t * dearmour, __ops_error_t ** errors, | 422 | unarmoured_read_char(dearmour_t * dearmour, __ops_error_t ** errors, | |
423 | __ops_reader_info_t * rinfo, | 423 | __ops_reader_info_t * rinfo, | |
@@ -476,28 +476,28 @@ __ops_dup_headers(__ops_headers_t * dest | @@ -476,28 +476,28 @@ __ops_dup_headers(__ops_headers_t * dest | |||
476 | dest->headers[n].value = strdup(src->headers[n].value); | 476 | dest->headers[n].value = strdup(src->headers[n].value); | |
477 | } | 477 | } | |
478 | } | 478 | } | |
479 | 479 | |||
480 | /* | 480 | /* | |
481 | * Note that this skips CRs so implementations always see just straight LFs | 481 | * Note that this skips CRs so implementations always see just straight LFs | |
482 | * as line terminators | 482 | * as line terminators | |
483 | */ | 483 | */ | |
484 | static int | 484 | static int | |
485 | process_dash_escaped(dearmour_t * dearmour, __ops_error_t ** errors, | 485 | process_dash_escaped(dearmour_t * dearmour, __ops_error_t ** errors, | |
486 | __ops_reader_info_t * rinfo, | 486 | __ops_reader_info_t * rinfo, | |
487 | __ops_parse_cb_info_t * cbinfo) | 487 | __ops_parse_cb_info_t * cbinfo) | |
488 | { | 488 | { | |
489 | __ops_parser_content_t content; | 489 | __ops_packet_t content; | |
490 | __ops_parser_content_t content2; | 490 | __ops_packet_t content2; | |
491 | __ops_signed_cleartext_body_t *body = &content.u.signed_cleartext_body; | 491 | __ops_signed_cleartext_body_t *body = &content.u.signed_cleartext_body; | |
492 | __ops_signed_cleartext_trailer_t *trailer | 492 | __ops_signed_cleartext_trailer_t *trailer | |
493 | = &content2.u.signed_cleartext_trailer; | 493 | = &content2.u.signed_cleartext_trailer; | |
494 | const char *hashstr; | 494 | const char *hashstr; | |
495 | __ops_hash_t *hash; | 495 | __ops_hash_t *hash; | |
496 | int total; | 496 | int total; | |
497 | 497 | |||
498 | hash = calloc(1, sizeof(*hash)); | 498 | hash = calloc(1, sizeof(*hash)); | |
499 | hashstr = __ops_find_header(&dearmour->headers, "Hash"); | 499 | hashstr = __ops_find_header(&dearmour->headers, "Hash"); | |
500 | if (hashstr) { | 500 | if (hashstr) { | |
501 | __ops_hash_algorithm_t alg; | 501 | __ops_hash_algorithm_t alg; | |
502 | 502 | |||
503 | alg = __ops_hash_algorithm_from_text(hashstr); | 503 | alg = __ops_hash_algorithm_from_text(hashstr); | |
@@ -868,27 +868,27 @@ base64(dearmour_t * dearmour) | @@ -868,27 +868,27 @@ base64(dearmour_t * dearmour) | |||
868 | dearmour->buffered = 0; | 868 | dearmour->buffered = 0; | |
869 | } | 869 | } | |
870 | 870 | |||
871 | /* This reader is rather strange in that it can generate callbacks for */ | 871 | /* This reader is rather strange in that it can generate callbacks for */ | |
872 | /* content - this is because plaintext is not encapsulated in PGP */ | 872 | /* content - this is because plaintext is not encapsulated in PGP */ | |
873 | /* packets... it also calls back for the text between the blocks. */ | 873 | /* packets... it also calls back for the text between the blocks. */ | |
874 | 874 | |||
875 | static int | 875 | static int | |
876 | armoured_data_reader(void *dest_, size_t length, __ops_error_t ** errors, | 876 | armoured_data_reader(void *dest_, size_t length, __ops_error_t ** errors, | |
877 | __ops_reader_info_t * rinfo, | 877 | __ops_reader_info_t * rinfo, | |
878 | __ops_parse_cb_info_t * cbinfo) | 878 | __ops_parse_cb_info_t * cbinfo) | |
879 | { | 879 | { | |
880 | dearmour_t *dearmour = __ops_reader_get_arg(rinfo); | 880 | dearmour_t *dearmour = __ops_reader_get_arg(rinfo); | |
881 | __ops_parser_content_t content; | 881 | __ops_packet_t content; | |
882 | int ret; | 882 | int ret; | |
883 | bool first; | 883 | bool first; | |
884 | unsigned char *dest = dest_; | 884 | unsigned char *dest = dest_; | |
885 | int saved = length; | 885 | int saved = length; | |
886 | 886 | |||
887 | if (dearmour->eof64 && !dearmour->buffered) | 887 | if (dearmour->eof64 && !dearmour->buffered) | |
888 | assert(dearmour->state == OUTSIDE_BLOCK || dearmour->state == AT_TRAILER_NAME); | 888 | assert(dearmour->state == OUTSIDE_BLOCK || dearmour->state == AT_TRAILER_NAME); | |
889 | 889 | |||
890 | while (length > 0) { | 890 | while (length > 0) { | |
891 | unsigned count; | 891 | unsigned count; | |
892 | unsigned n; | 892 | unsigned n; | |
893 | char buf[1024]; | 893 | char buf[1024]; | |
894 | int c; | 894 | int c; | |
@@ -1675,27 +1675,27 @@ __ops_teardown_memory_write(__ops_create | @@ -1675,27 +1675,27 @@ __ops_teardown_memory_write(__ops_create | |||
1675 | \ingroup Core_Readers | 1675 | \ingroup Core_Readers | |
1676 | \brief Create parse_info and sets to read from memory | 1676 | \brief Create parse_info and sets to read from memory | |
1677 | \param pinfo Address where new parse_info will be set | 1677 | \param pinfo Address where new parse_info will be set | |
1678 | \param mem Memory to read from | 1678 | \param mem Memory to read from | |
1679 | \param arg Reader-specific arg | 1679 | \param arg Reader-specific arg | |
1680 | \param callback Callback to use with reader | 1680 | \param callback Callback to use with reader | |
1681 | \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification) | 1681 | \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification) | |
1682 | \note It is the caller's responsiblity to free parse_info | 1682 | \note It is the caller's responsiblity to free parse_info | |
1683 | \sa __ops_teardown_memory_read() | 1683 | \sa __ops_teardown_memory_read() | |
1684 | */ | 1684 | */ | |
1685 | void | 1685 | void | |
1686 | __ops_setup_memory_read(__ops_parse_info_t ** pinfo, __ops_memory_t * mem, | 1686 | __ops_setup_memory_read(__ops_parse_info_t ** pinfo, __ops_memory_t * mem, | |
1687 | void *vp, | 1687 | void *vp, | |
1688 | __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), | 1688 | __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), | |
1689 | bool accumulate) | 1689 | bool accumulate) | |
1690 | { | 1690 | { | |
1691 | /* | 1691 | /* | |
1692 | * initialise needed structures for reading | 1692 | * initialise needed structures for reading | |
1693 | */ | 1693 | */ | |
1694 | 1694 | |||
1695 | *pinfo = __ops_parse_info_new(); | 1695 | *pinfo = __ops_parse_info_new(); | |
1696 | __ops_parse_cb_set(*pinfo, callback, vp); | 1696 | __ops_parse_cb_set(*pinfo, callback, vp); | |
1697 | __ops_reader_set_memory(*pinfo, | 1697 | __ops_reader_set_memory(*pinfo, | |
1698 | __ops_memory_get_data(mem), | 1698 | __ops_memory_get_data(mem), | |
1699 | __ops_memory_get_length(mem)); | 1699 | __ops_memory_get_length(mem)); | |
1700 | 1700 | |||
1701 | if (accumulate) | 1701 | if (accumulate) | |
@@ -1815,27 +1815,27 @@ __ops_teardown_file_append(__ops_create_ | @@ -1815,27 +1815,27 @@ __ops_teardown_file_append(__ops_create_ | |||
1815 | \brief Creates parse_info, opens file, and sets to read from file | 1815 | \brief Creates parse_info, opens file, and sets to read from file | |
1816 | \param pinfo Address where new parse_info will be set | 1816 | \param pinfo Address where new parse_info will be set | |
1817 | \param filename Name of file to read | 1817 | \param filename Name of file to read | |
1818 | \param vp Reader-specific arg | 1818 | \param vp Reader-specific arg | |
1819 | \param callback Callback to use when reading | 1819 | \param callback Callback to use when reading | |
1820 | \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification) | 1820 | \param accumulate Set if we need to accumulate as we read. (Usually false unless doing signature verification) | |
1821 | \note It is the caller's responsiblity to free parse_info and to close fd | 1821 | \note It is the caller's responsiblity to free parse_info and to close fd | |
1822 | \sa __ops_teardown_file_read() | 1822 | \sa __ops_teardown_file_read() | |
1823 | */ | 1823 | */ | |
1824 | 1824 | |||
1825 | int | 1825 | int | |
1826 | __ops_setup_file_read(__ops_parse_info_t ** pinfo, const char *filename, | 1826 | __ops_setup_file_read(__ops_parse_info_t ** pinfo, const char *filename, | |
1827 | void *vp, | 1827 | void *vp, | |
1828 | __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), | 1828 | __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), | |
1829 | bool accumulate) | 1829 | bool accumulate) | |
1830 | { | 1830 | { | |
1831 | int fd = 0; | 1831 | int fd = 0; | |
1832 | /* | 1832 | /* | |
1833 | * initialise needed structures for reading | 1833 | * initialise needed structures for reading | |
1834 | */ | 1834 | */ | |
1835 | 1835 | |||
1836 | #ifdef O_BINARY | 1836 | #ifdef O_BINARY | |
1837 | fd = open(filename, O_RDONLY | O_BINARY); | 1837 | fd = open(filename, O_RDONLY | O_BINARY); | |
1838 | #else | 1838 | #else | |
1839 | fd = open(filename, O_RDONLY); | 1839 | fd = open(filename, O_RDONLY); | |
1840 | #endif | 1840 | #endif | |
1841 | if (fd < 0) { | 1841 | if (fd < 0) { | |
@@ -1865,27 +1865,27 @@ __ops_setup_file_read(__ops_parse_info_t | @@ -1865,27 +1865,27 @@ __ops_setup_file_read(__ops_parse_info_t | |||
1865 | \brief Frees pinfo and closes fd | 1865 | \brief Frees pinfo and closes fd | |
1866 | \param pinfo | 1866 | \param pinfo | |
1867 | \param fd | 1867 | \param fd | |
1868 | \sa __ops_setup_file_read() | 1868 | \sa __ops_setup_file_read() | |
1869 | */ | 1869 | */ | |
1870 | void | 1870 | void | |
1871 | __ops_teardown_file_read(__ops_parse_info_t * pinfo, int fd) | 1871 | __ops_teardown_file_read(__ops_parse_info_t * pinfo, int fd) | |
1872 | { | 1872 | { | |
1873 | close(fd); | 1873 | close(fd); | |
1874 | __ops_parse_info_delete(pinfo); | 1874 | __ops_parse_info_delete(pinfo); | |
1875 | } | 1875 | } | |
1876 | 1876 | |||
1877 | __ops_parse_cb_return_t | 1877 | __ops_parse_cb_return_t | |
1878 | literal_data_cb(const __ops_parser_content_t *contents, __ops_parse_cb_info_t *cbinfo) | 1878 | literal_data_cb(const __ops_packet_t *contents, __ops_parse_cb_info_t *cbinfo) | |
1879 | { | 1879 | { | |
1880 | const __ops_parser_content_union_t *content = &contents->u; | 1880 | const __ops_parser_content_union_t *content = &contents->u; | |
1881 | 1881 | |||
1882 | OPS_USED(cbinfo); | 1882 | OPS_USED(cbinfo); | |
1883 | 1883 | |||
1884 | if (__ops_get_debug_level(__FILE__)) { | 1884 | if (__ops_get_debug_level(__FILE__)) { | |
1885 | printf("literal_data_cb: "); | 1885 | printf("literal_data_cb: "); | |
1886 | __ops_print_packet(contents); | 1886 | __ops_print_packet(contents); | |
1887 | } | 1887 | } | |
1888 | /* Read data from packet into static buffer */ | 1888 | /* Read data from packet into static buffer */ | |
1889 | switch (contents->tag) { | 1889 | switch (contents->tag) { | |
1890 | case OPS_PTAG_CT_LITERAL_DATA_BODY: | 1890 | case OPS_PTAG_CT_LITERAL_DATA_BODY: | |
1891 | /* if writer enabled, use it */ | 1891 | /* if writer enabled, use it */ | |
@@ -1902,27 +1902,27 @@ literal_data_cb(const __ops_parser_conte | @@ -1902,27 +1902,27 @@ literal_data_cb(const __ops_parser_conte | |||
1902 | 1902 | |||
1903 | case OPS_PTAG_CT_LITERAL_DATA_HEADER: | 1903 | case OPS_PTAG_CT_LITERAL_DATA_HEADER: | |
1904 | /* ignore */ | 1904 | /* ignore */ | |
1905 | break; | 1905 | break; | |
1906 | 1906 | |||
1907 | default: | 1907 | default: | |
1908 | break; | 1908 | break; | |
1909 | } | 1909 | } | |
1910 | 1910 | |||
1911 | return OPS_RELEASE_MEMORY; | 1911 | return OPS_RELEASE_MEMORY; | |
1912 | } | 1912 | } | |
1913 | 1913 | |||
1914 | __ops_parse_cb_return_t | 1914 | __ops_parse_cb_return_t | |
1915 | pk_session_key_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo) | 1915 | pk_session_key_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo) | |
1916 | { | 1916 | { | |
1917 | const __ops_parser_content_union_t *content = &contents->u; | 1917 | const __ops_parser_content_union_t *content = &contents->u; | |
1918 | 1918 | |||
1919 | OPS_USED(cbinfo); | 1919 | OPS_USED(cbinfo); | |
1920 | 1920 | |||
1921 | if (__ops_get_debug_level(__FILE__)) { | 1921 | if (__ops_get_debug_level(__FILE__)) { | |
1922 | __ops_print_packet(contents); | 1922 | __ops_print_packet(contents); | |
1923 | } | 1923 | } | |
1924 | /* Read data from packet into static buffer */ | 1924 | /* Read data from packet into static buffer */ | |
1925 | switch (contents->tag) { | 1925 | switch (contents->tag) { | |
1926 | case OPS_PTAG_CT_PK_SESSION_KEY: | 1926 | case OPS_PTAG_CT_PK_SESSION_KEY: | |
1927 | if (__ops_get_debug_level(__FILE__)) { | 1927 | if (__ops_get_debug_level(__FILE__)) { | |
1928 | printf("OPS_PTAG_CT_PK_SESSION_KEY\n"); | 1928 | printf("OPS_PTAG_CT_PK_SESSION_KEY\n"); | |
@@ -1947,49 +1947,49 @@ pk_session_key_cb(const __ops_parser_con | @@ -1947,49 +1947,49 @@ pk_session_key_cb(const __ops_parser_con | |||
1947 | 1947 | |||
1948 | \brief Callback to get secret key, decrypting if necessary. | 1948 | \brief Callback to get secret key, decrypting if necessary. | |
1949 | 1949 | |||
1950 | @verbatim | 1950 | @verbatim | |
1951 | This callback does the following: | 1951 | This callback does the following: | |
1952 | * finds the session key in the keyring | 1952 | * finds the session key in the keyring | |
1953 | * gets a passphrase if required | 1953 | * gets a passphrase if required | |
1954 | * decrypts the secret key, if necessary | 1954 | * decrypts the secret key, if necessary | |
1955 | * sets the secret_key in the content struct | 1955 | * sets the secret_key in the content struct | |
1956 | @endverbatim | 1956 | @endverbatim | |
1957 | */ | 1957 | */ | |
1958 | 1958 | |||
1959 | __ops_parse_cb_return_t | 1959 | __ops_parse_cb_return_t | |
1960 | get_secret_key_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo) | 1960 | get_secret_key_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo) | |
1961 | { | 1961 | { | |
1962 | const __ops_parser_content_union_t *content = &contents->u; | 1962 | const __ops_parser_content_union_t *content = &contents->u; | |
1963 | const __ops_secret_key_t *secret; | 1963 | const __ops_secret_key_t *secret; | |
1964 | __ops_parser_content_t seckey; | 1964 | __ops_packet_t seckey; | |
1965 | 1965 | |||
1966 | OPS_USED(cbinfo); | 1966 | OPS_USED(cbinfo); | |
1967 | 1967 | |||
1968 | if (__ops_get_debug_level(__FILE__)) { | 1968 | if (__ops_get_debug_level(__FILE__)) { | |
1969 | __ops_print_packet(contents); | 1969 | __ops_print_packet(contents); | |
1970 | } | 1970 | } | |
1971 | switch (contents->tag) { | 1971 | switch (contents->tag) { | |
1972 | case OPS_PARSER_CMD_GET_SECRET_KEY: | 1972 | case OPS_PARSER_CMD_GET_SECRET_KEY: | |
1973 | cbinfo->cryptinfo.keydata = __ops_keyring_find_key_by_id(cbinfo->cryptinfo.keyring, content->get_secret_key.pk_session_key->key_id); | 1973 | cbinfo->cryptinfo.keydata = __ops_keyring_find_key_by_id(cbinfo->cryptinfo.keyring, content->get_secret_key.pk_session_key->key_id); | |
1974 | if (!cbinfo->cryptinfo.keydata || !__ops_is_key_secret(cbinfo->cryptinfo.keydata)) | 1974 | if (!cbinfo->cryptinfo.keydata || !__ops_is_key_secret(cbinfo->cryptinfo.keydata)) | |
1975 | return 0; | 1975 | return 0; | |
1976 | 1976 | |||
1977 | /* now get the key from the data */ | 1977 | /* now get the key from the data */ | |
1978 | secret = __ops_get_secret_key_from_data(cbinfo->cryptinfo.keydata); | 1978 | secret = __ops_get_secret_key_from_data(cbinfo->cryptinfo.keydata); | |
1979 | while (!secret) { | 1979 | while (!secret) { | |
1980 | if (!cbinfo->cryptinfo.passphrase) { | 1980 | if (!cbinfo->cryptinfo.passphrase) { | |
1981 | (void) memset(&seckey, 0x0, sizeof(seckey)); | 1981 | (void) memset(&seckey, 0x0, sizeof(seckey)); | |
1982 | seckey.u.secret_key_passphrase.passphrase = &cbinfo->cryptinfo.passphrase; | 1982 | seckey.u.skey_passphrase.passphrase = &cbinfo->cryptinfo.passphrase; | |
1983 | CALLBACK(cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey); | 1983 | CALLBACK(cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey); | |
1984 | if (!cbinfo->cryptinfo.passphrase) { | 1984 | if (!cbinfo->cryptinfo.passphrase) { | |
1985 | fprintf(stderr, "can't get passphrase\n"); | 1985 | fprintf(stderr, "can't get passphrase\n"); | |
1986 | assert(/*CONSTCOND*/0); | 1986 | assert(/*CONSTCOND*/0); | |
1987 | } | 1987 | } | |
1988 | } | 1988 | } | |
1989 | /* then it must be encrypted */ | 1989 | /* then it must be encrypted */ | |
1990 | secret = __ops_decrypt_secret_key_from_data(cbinfo->cryptinfo.keydata, cbinfo->cryptinfo.passphrase); | 1990 | secret = __ops_decrypt_secret_key_from_data(cbinfo->cryptinfo.keydata, cbinfo->cryptinfo.passphrase); | |
1991 | } | 1991 | } | |
1992 | 1992 | |||
1993 | *content->get_secret_key.secret_key = secret; | 1993 | *content->get_secret_key.secret_key = secret; | |
1994 | break; | 1994 | break; | |
1995 | 1995 | |||
@@ -2012,37 +2012,37 @@ __ops_malloc_passphrase(char *pp) | @@ -2012,37 +2012,37 @@ __ops_malloc_passphrase(char *pp) | |||
2012 | (void) memcpy(passphrase, pp, n); | 2012 | (void) memcpy(passphrase, pp, n); | |
2013 | passphrase[n] = 0x0; | 2013 | passphrase[n] = 0x0; | |
2014 | } | 2014 | } | |
2015 | return passphrase; | 2015 | return passphrase; | |
2016 | } | 2016 | } | |
2017 | 2017 | |||
2018 | /** | 2018 | /** | |
2019 | \ingroup HighLevel_Callbacks | 2019 | \ingroup HighLevel_Callbacks | |
2020 | \brief Callback to use when you need to prompt user for passphrase | 2020 | \brief Callback to use when you need to prompt user for passphrase | |
2021 | \param contents | 2021 | \param contents | |
2022 | \param cbinfo | 2022 | \param cbinfo | |
2023 | */ | 2023 | */ | |
2024 | __ops_parse_cb_return_t | 2024 | __ops_parse_cb_return_t | |
2025 | get_passphrase_cb(const __ops_parser_content_t *contents, __ops_parse_cb_info_t *cbinfo) | 2025 | get_passphrase_cb(const __ops_packet_t *contents, __ops_parse_cb_info_t *cbinfo) | |
2026 | { | 2026 | { | |
2027 | const __ops_parser_content_union_t *content = &contents->u; | 2027 | const __ops_parser_content_union_t *content = &contents->u; | |
2028 | 2028 | |||
2029 | OPS_USED(cbinfo); | 2029 | OPS_USED(cbinfo); | |
2030 | if (__ops_get_debug_level(__FILE__)) { | 2030 | if (__ops_get_debug_level(__FILE__)) { | |
2031 | __ops_print_packet(contents); | 2031 | __ops_print_packet(contents); | |
2032 | } | 2032 | } | |
2033 | switch (contents->tag) { | 2033 | switch (contents->tag) { | |
2034 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 2034 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
2035 | *(content->secret_key_passphrase.passphrase) = | 2035 | *(content->skey_passphrase.passphrase) = | |
2036 | __ops_malloc_passphrase(getpass("netpgp passphrase: ")); | 2036 | __ops_malloc_passphrase(getpass("netpgp passphrase: ")); | |
2037 | return OPS_KEEP_MEMORY; | 2037 | return OPS_KEEP_MEMORY; | |
2038 | 2038 | |||
2039 | default: | 2039 | default: | |
2040 | /* return callback_general(contents,cbinfo); */ | 2040 | /* return callback_general(contents,cbinfo); */ | |
2041 | break; | 2041 | break; | |
2042 | } | 2042 | } | |
2043 | 2043 | |||
2044 | return OPS_RELEASE_MEMORY; | 2044 | return OPS_RELEASE_MEMORY; | |
2045 | } | 2045 | } | |
2046 | 2046 | |||
2047 | bool | 2047 | bool | |
2048 | __ops_reader_set_accumulate(__ops_parse_info_t * pinfo, bool state) | 2048 | __ops_reader_set_accumulate(__ops_parse_info_t * pinfo, bool state) |
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c 2009/05/02 02:38:55 1.4
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c 2009/05/05 01:28:15 1.5
@@ -80,52 +80,51 @@ __ops_create_signature_new() | @@ -80,52 +80,51 @@ __ops_create_signature_new() | |||
80 | \ingroup Core_Signature | 80 | \ingroup Core_Signature | |
81 | Free signature and memory associated with it | 81 | Free signature and memory associated with it | |
82 | \param sig struct to free | 82 | \param sig struct to free | |
83 | \sa __ops_create_signature_new() | 83 | \sa __ops_create_signature_new() | |
84 | */ | 84 | */ | |
85 | void | 85 | void | |
86 | __ops_create_signature_delete(__ops_create_signature_t * sig) | 86 | __ops_create_signature_delete(__ops_create_signature_t * sig) | |
87 | { | 87 | { | |
88 | __ops_create_info_delete(sig->info); | 88 | __ops_create_info_delete(sig->info); | |
89 | sig->info = NULL; | 89 | sig->info = NULL; | |
90 | free(sig); | 90 | free(sig); | |
91 | } | 91 | } | |
92 | 92 | |||
93 | static unsigned char prefix_md5[] = {0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, | 93 | static unsigned char prefix_md5[] = {0x30, 0x20, 0x30, 0x0C, 0x06, | |
94 | 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, | 94 | 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, 0x05, | |
95 | 0x04, 0x10}; | 95 | 0x00, 0x04, 0x10}; | |
96 | 96 | |||
97 | static unsigned char prefix_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, | 97 | static unsigned char prefix_sha1[] = {0x30, 0x21, 0x30, 0x09, 0x06, | |
98 | 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; | 98 | 0x05, 0x2b, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14}; | |
99 | 99 | |||
100 | static unsigned char prefix_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, | 100 | static unsigned char prefix_sha256[] = {0x30, 0x31, 0x30, 0x0d, 0x06, | |
101 | 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, | 101 | 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, | |
102 | 0x00, 0x04, 0x20}; | 102 | 0x05, 0x00, 0x04, 0x20}; | |
103 | 103 | |||
104 | #if 0 | 104 | #if 0 | |
105 | /** | 105 | /** | |
106 | \ingroup Core_Create | 106 | \ingroup Core_Create | |
107 | implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC | 107 | implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC | |
108 | \param M | 108 | \param M | |
109 | \param mLen | 109 | \param mLen | |
110 | \param hash_alg Hash algorithm to use | 110 | \param hash_alg Hash algorithm to use | |
111 | \param EM | 111 | \param EM | |
112 | \return true if OK; else false | 112 | \return true if OK; else false | |
113 | */ | 113 | */ | |
114 | static bool | 114 | static bool | |
115 | encode_hash_buf(const unsigned char *M, size_t mLen, | 115 | encode_hash_buf(const unsigned char *M, size_t mLen, | |
116 | const __ops_hash_algorithm_t hash_alg, | 116 | const __ops_hash_algorithm_t hash_alg, | |
117 | unsigned char *EM | 117 | unsigned char *EM) | |
118 | ) | |||
119 | { | 118 | { | |
120 | /* implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC */ | 119 | /* implementation of EMSA-PKCS1-v1_5, as defined in OpenPGP RFC */ | |
121 | 120 | |||
122 | unsigned i; | 121 | unsigned i; | |
123 | 122 | |||
124 | int n = 0; | 123 | int n = 0; | |
125 | __ops_hash_t hash; | 124 | __ops_hash_t hash; | |
126 | int hash_sz = 0; | 125 | int hash_sz = 0; | |
127 | int encoded_hash_sz = 0; | 126 | int encoded_hash_sz = 0; | |
128 | int prefix_sz = 0; | 127 | int prefix_sz = 0; | |
129 | unsigned padding_sz = 0; | 128 | unsigned padding_sz = 0; | |
130 | unsigned encoded_msg_sz = 0; | 129 | unsigned encoded_msg_sz = 0; | |
131 | unsigned char *prefix = NULL; | 130 | unsigned char *prefix = NULL; | |
@@ -154,49 +153,50 @@ encode_hash_buf(const unsigned char *M, | @@ -154,49 +153,50 @@ encode_hash_buf(const unsigned char *M, | |||
154 | break; | 153 | break; | |
155 | 154 | |||
156 | default: | 155 | default: | |
157 | assert(0); | 156 | assert(0); | |
158 | } | 157 | } | |
159 | 158 | |||
160 | /* \todo 3. Test for len being too short */ | 159 | /* \todo 3. Test for len being too short */ | |
161 | 160 | |||
162 | /* 4 and 5. Generate PS and EM */ | 161 | /* 4 and 5. Generate PS and EM */ | |
163 | 162 | |||
164 | EM[0] = 0x00; | 163 | EM[0] = 0x00; | |
165 | EM[1] = 0x01; | 164 | EM[1] = 0x01; | |
166 | 165 | |||
167 | for (i = 0; i < padding_sz; i++) | 166 | for (i = 0; i < padding_sz; i++) { | |
168 | EM[2 + i] = 0xFF; | 167 | EM[2 + i] = 0xFF; | |
168 | } | |||
169 | 169 | |||
170 | i += 2; | 170 | i += 2; | |
171 | 171 | |||
172 | EM[i++] = 0x00; | 172 | EM[i++] = 0x00; | |
173 | 173 | |||
174 | (void) memcpy(&EM[i], prefix, prefix_sz); | 174 | (void) memcpy(&EM[i], prefix, prefix_sz); | |
175 | i += prefix_sz; | 175 | i += prefix_sz; | |
176 | 176 | |||
177 | /* finally, write out hashed result */ | 177 | /* finally, write out hashed result */ | |
178 | 178 | |||
179 | n = hash.finish(&hash, &EM[i]); | 179 | n = hash.finish(&hash, &EM[i]); | |
180 | 180 | |||
181 | encoded_msg_sz = i + hash_sz - 1; | 181 | encoded_msg_sz = i + hash_sz - 1; | |
182 | 182 | |||
183 | /* \todo test n for OK response? */ | 183 | /* \todo test n for OK response? */ | |
184 | 184 | |||
185 | if (__ops_get_debug_level(__FILE__)) { | 185 | if (__ops_get_debug_level(__FILE__)) { | |
186 | fprintf(stderr, "Encoded Message: \n"); | 186 | (void) fprintf(stderr, "Encoded Message: \n"); | |
187 | for (i = 0; i < encoded_msg_sz; i++) | 187 | for (i = 0; i < encoded_msg_sz; i++) | |
188 | fprintf(stderr, "%2x ", EM[i]); | 188 | (void) fprintf(stderr, "%2x ", EM[i]); | |
189 | fprintf(stderr, "\n"); | 189 | (void) fprintf(stderr, "\n"); | |
190 | } | 190 | } | |
191 | return true; | 191 | return true; | |
192 | } | 192 | } | |
193 | #endif | 193 | #endif | |
194 | 194 | |||
195 | /* XXX: both this and verify would be clearer if the signature were */ | 195 | /* XXX: both this and verify would be clearer if the signature were */ | |
196 | /* treated as an MPI. */ | 196 | /* treated as an MPI. */ | |
197 | static void | 197 | static void | |
198 | rsa_sign(__ops_hash_t * hash, const __ops_rsa_public_key_t * rsa, | 198 | rsa_sign(__ops_hash_t * hash, const __ops_rsa_public_key_t * rsa, | |
199 | const __ops_rsa_secret_key_t * srsa, | 199 | const __ops_rsa_secret_key_t * srsa, | |
200 | __ops_create_info_t * opt) | 200 | __ops_create_info_t * opt) | |
201 | { | 201 | { | |
202 | unsigned char hashbuf[NETPGP_BUFSIZ]; | 202 | unsigned char hashbuf[NETPGP_BUFSIZ]; | |
@@ -209,28 +209,29 @@ rsa_sign(__ops_hash_t * hash, const __op | @@ -209,28 +209,29 @@ rsa_sign(__ops_hash_t * hash, const __op | |||
209 | 209 | |||
210 | /* XXX: we assume hash is sha-1 for now */ | 210 | /* XXX: we assume hash is sha-1 for now */ | |
211 | hashsize = 20 + sizeof(prefix_sha1); | 211 | hashsize = 20 + sizeof(prefix_sha1); | |
212 | 212 | |||
213 | keysize = (BN_num_bits(rsa->n) + 7) / 8; | 213 | keysize = (BN_num_bits(rsa->n) + 7) / 8; | |
214 | assert(keysize <= sizeof(hashbuf)); | 214 | assert(keysize <= sizeof(hashbuf)); | |
215 | assert(10 + hashsize <= keysize); | 215 | assert(10 + hashsize <= keysize); | |
216 | 216 | |||
217 | hashbuf[0] = 0; | 217 | hashbuf[0] = 0; | |
218 | hashbuf[1] = 1; | 218 | hashbuf[1] = 1; | |
219 | if (__ops_get_debug_level(__FILE__)) { | 219 | if (__ops_get_debug_level(__FILE__)) { | |
220 | printf("rsa_sign: PS is %d\n", keysize - hashsize - 1 - 2); | 220 | printf("rsa_sign: PS is %d\n", keysize - hashsize - 1 - 2); | |
221 | } | 221 | } | |
222 | for (n = 2; n < keysize - hashsize - 1; ++n) | 222 | for (n = 2; n < keysize - hashsize - 1; ++n) { | |
223 | hashbuf[n] = 0xff; | 223 | hashbuf[n] = 0xff; | |
224 | } | |||
224 | hashbuf[n++] = 0; | 225 | hashbuf[n++] = 0; | |
225 | 226 | |||
226 | (void) memcpy(&hashbuf[n], prefix_sha1, sizeof(prefix_sha1)); | 227 | (void) memcpy(&hashbuf[n], prefix_sha1, sizeof(prefix_sha1)); | |
227 | n += sizeof(prefix_sha1); | 228 | n += sizeof(prefix_sha1); | |
228 | 229 | |||
229 | t = hash->finish(hash, &hashbuf[n]); | 230 | t = hash->finish(hash, &hashbuf[n]); | |
230 | assert(t == 20); | 231 | assert(t == 20); | |
231 | 232 | |||
232 | __ops_write(&hashbuf[n], 2, opt); | 233 | __ops_write(&hashbuf[n], 2, opt); | |
233 | 234 | |||
234 | n += t; | 235 | n += t; | |
235 | assert(n == keysize); | 236 | assert(n == keysize); | |
236 | 237 | |||
@@ -294,56 +295,61 @@ rsa_verify(__ops_hash_algorithm_t type, | @@ -294,56 +295,61 @@ rsa_verify(__ops_hash_algorithm_t type, | |||
294 | assert(keysize <= sizeof(hashbuf_from_sig)); | 295 | assert(keysize <= sizeof(hashbuf_from_sig)); | |
295 | assert((unsigned) BN_num_bits(sig->sig) <= 8 * sizeof(sigbuf)); | 296 | assert((unsigned) BN_num_bits(sig->sig) <= 8 * sizeof(sigbuf)); | |
296 | BN_bn2bin(sig->sig, sigbuf); | 297 | BN_bn2bin(sig->sig, sigbuf); | |
297 | 298 | |||
298 | n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf, | 299 | n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf, | |
299 | (unsigned)(BN_num_bits(sig->sig) + 7) / 8, rsa); | 300 | (unsigned)(BN_num_bits(sig->sig) + 7) / 8, rsa); | |
300 | debug_len_decrypted = n; | 301 | debug_len_decrypted = n; | |
301 | 302 | |||
302 | if (n != keysize) /* obviously, this includes error returns */ | 303 | if (n != keysize) /* obviously, this includes error returns */ | |
303 | return false; | 304 | return false; | |
304 | 305 | |||
305 | /* XXX: why is there a leading 0? The first byte should be 1... */ | 306 | /* XXX: why is there a leading 0? The first byte should be 1... */ | |
306 | /* XXX: because the decrypt should use keysize and not sigsize? */ | 307 | /* XXX: because the decrypt should use keysize and not sigsize? */ | |
307 | if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) | 308 | if (hashbuf_from_sig[0] != 0 || hashbuf_from_sig[1] != 1) { | |
308 | return false; | 309 | return false; | |
310 | } | |||
309 | 311 | |||
310 | switch (type) { | 312 | switch (type) { | |
311 | case OPS_HASH_MD5: | 313 | case OPS_HASH_MD5: | |
312 | prefix = prefix_md5; | 314 | prefix = prefix_md5; | |
313 | plen = sizeof(prefix_md5); | 315 | plen = sizeof(prefix_md5); | |
314 | break; | 316 | break; | |
315 | case OPS_HASH_SHA1: | 317 | case OPS_HASH_SHA1: | |
316 | prefix = prefix_sha1; | 318 | prefix = prefix_sha1; | |
317 | plen = sizeof(prefix_sha1); | 319 | plen = sizeof(prefix_sha1); | |
318 | break; | 320 | break; | |
319 | case OPS_HASH_SHA256: | 321 | case OPS_HASH_SHA256: | |
320 | prefix = prefix_sha256; | 322 | prefix = prefix_sha256; | |
321 | plen = sizeof(prefix_sha256); | 323 | plen = sizeof(prefix_sha256); | |
322 | break; | 324 | break; | |
323 | default: | 325 | default: | |
324 | (void) fprintf(stderr, "Unknown hash algorithm: %d\n", type); | 326 | (void) fprintf(stderr, "Unknown hash algorithm: %d\n", type); | |
325 | return false; | 327 | return false; | |
326 | } | 328 | } | |
327 | 329 | |||
328 | if (keysize - plen - hash_length < 10) | 330 | if (keysize - plen - hash_length < 10) { | |
329 | return false; | 331 | return false; | |
332 | } | |||
330 | 333 | |||
331 | for (n = 2; n < keysize - plen - hash_length - 1; ++n) | 334 | for (n = 2; n < keysize - plen - hash_length - 1; ++n) { | |
332 | if (hashbuf_from_sig[n] != 0xff) | 335 | if (hashbuf_from_sig[n] != 0xff) { | |
333 | return false; | 336 | return false; | |
337 | } | |||
338 | } | |||
334 | 339 | |||
335 | if (hashbuf_from_sig[n++] != 0) | 340 | if (hashbuf_from_sig[n++] != 0) { | |
336 | return false; | 341 | return false; | |
342 | } | |||
337 | 343 | |||
338 | if (__ops_get_debug_level(__FILE__)) { | 344 | if (__ops_get_debug_level(__FILE__)) { | |
339 | unsigned zz; | 345 | unsigned zz; | |
340 | unsigned uu; | 346 | unsigned uu; | |
341 | 347 | |||
342 | printf("\n"); | 348 | printf("\n"); | |
343 | printf("hashbuf_from_sig\n"); | 349 | printf("hashbuf_from_sig\n"); | |
344 | for (zz = 0; zz < debug_len_decrypted; zz++) { | 350 | for (zz = 0; zz < debug_len_decrypted; zz++) { | |
345 | printf("%02x ", hashbuf_from_sig[n + zz]); | 351 | printf("%02x ", hashbuf_from_sig[n + zz]); | |
346 | } | 352 | } | |
347 | printf("\n"); | 353 | printf("\n"); | |
348 | printf("prefix\n"); | 354 | printf("prefix\n"); | |
349 | for (zz = 0; zz < plen; zz++) { | 355 | for (zz = 0; zz < plen; zz++) { | |
@@ -353,38 +359,38 @@ rsa_verify(__ops_hash_algorithm_t type, | @@ -353,38 +359,38 @@ rsa_verify(__ops_hash_algorithm_t type, | |||
353 | 359 | |||
354 | printf("\n"); | 360 | printf("\n"); | |
355 | printf("hash from sig\n"); | 361 | printf("hash from sig\n"); | |
356 | for (uu = 0; uu < hash_length; uu++) { | 362 | for (uu = 0; uu < hash_length; uu++) { | |
357 | printf("%02x ", hashbuf_from_sig[n + plen + uu]); | 363 | printf("%02x ", hashbuf_from_sig[n + plen + uu]); | |
358 | } | 364 | } | |
359 | printf("\n"); | 365 | printf("\n"); | |
360 | printf("hash passed in (should match hash from sig)\n"); | 366 | printf("hash passed in (should match hash from sig)\n"); | |
361 | for (uu = 0; uu < hash_length; uu++) { | 367 | for (uu = 0; uu < hash_length; uu++) { | |
362 | printf("%02x ", hash[uu]); | 368 | printf("%02x ", hash[uu]); | |
363 | } | 369 | } | |
364 | printf("\n"); | 370 | printf("\n"); | |
365 | } | 371 | } | |
366 | if (memcmp(&hashbuf_from_sig[n], prefix, plen) != 0 | 372 | if (memcmp(&hashbuf_from_sig[n], prefix, plen) != 0 || | |
367 | || memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) != 0) | 373 | memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) != 0) { | |
368 | return false; | 374 | return false; | |
369 | 375 | } | ||
370 | return true; | 376 | return true; | |
371 | } | 377 | } | |
372 | 378 | |||
373 | static void | 379 | static void | |
374 | hash_add_key(__ops_hash_t * hash, const __ops_public_key_t * key) | 380 | hash_add_key(__ops_hash_t * hash, const __ops_public_key_t * key) | |
375 | { | 381 | { | |
376 | __ops_memory_t *mem = __ops_memory_new(); | 382 | __ops_memory_t *mem = __ops_memory_new(); | |
377 | size_t l; | 383 | size_t l; | |
378 | 384 | |||
379 | __ops_build_public_key(mem, key, false); | 385 | __ops_build_public_key(mem, key, false); | |
380 | 386 | |||
381 | l = __ops_memory_get_length(mem); | 387 | l = __ops_memory_get_length(mem); | |
382 | __ops_hash_add_int(hash, 0x99, 1); | 388 | __ops_hash_add_int(hash, 0x99, 1); | |
383 | __ops_hash_add_int(hash, l, 2); | 389 | __ops_hash_add_int(hash, l, 2); | |
384 | hash->add(hash, __ops_memory_get_data(mem), l); | 390 | hash->add(hash, __ops_memory_get_data(mem), l); | |
385 | 391 | |||
386 | __ops_memory_free(mem); | 392 | __ops_memory_free(mem); | |
387 | } | 393 | } | |
388 | 394 | |||
389 | static void | 395 | static void | |
390 | initialise_hash(__ops_hash_t * hash, const __ops_signature_t * sig) | 396 | initialise_hash(__ops_hash_t * hash, const __ops_signature_t * sig) | |
@@ -396,29 +402,30 @@ initialise_hash(__ops_hash_t * hash, con | @@ -396,29 +402,30 @@ initialise_hash(__ops_hash_t * hash, con | |||
396 | static void | 402 | static void | |
397 | init_key_signature(__ops_hash_t * hash, const __ops_signature_t * sig, | 403 | init_key_signature(__ops_hash_t * hash, const __ops_signature_t * sig, | |
398 | const __ops_public_key_t * key) | 404 | const __ops_public_key_t * key) | |
399 | { | 405 | { | |
400 | initialise_hash(hash, sig); | 406 | initialise_hash(hash, sig); | |
401 | hash_add_key(hash, key); | 407 | hash_add_key(hash, key); | |
402 | } | 408 | } | |
403 | 409 | |||
404 | static void | 410 | static void | |
405 | hash_add_trailer(__ops_hash_t * hash, const __ops_signature_t * sig, | 411 | hash_add_trailer(__ops_hash_t * hash, const __ops_signature_t * sig, | |
406 | const unsigned char *raw_packet) | 412 | const unsigned char *raw_packet) | |
407 | { | 413 | { | |
408 | if (sig->info.version == OPS_V4) { | 414 | if (sig->info.version == OPS_V4) { | |
409 | if (raw_packet) | 415 | if (raw_packet) { | |
410 | hash->add(hash, raw_packet + sig->v4_hashed_data_start, | 416 | hash->add(hash, raw_packet + sig->v4_hashed_data_start, | |
411 | sig->info.v4_hashed_data_length); | 417 | sig->info.v4_hashed_data_length); | |
418 | } | |||
412 | __ops_hash_add_int(hash, (unsigned)sig->info.version, 1); | 419 | __ops_hash_add_int(hash, (unsigned)sig->info.version, 1); | |
413 | __ops_hash_add_int(hash, 0xff, 1); | 420 | __ops_hash_add_int(hash, 0xff, 1); | |
414 | __ops_hash_add_int(hash, sig->info.v4_hashed_data_length, 4); | 421 | __ops_hash_add_int(hash, sig->info.v4_hashed_data_length, 4); | |
415 | } else { | 422 | } else { | |
416 | __ops_hash_add_int(hash, (unsigned)sig->info.type, 1); | 423 | __ops_hash_add_int(hash, (unsigned)sig->info.type, 1); | |
417 | __ops_hash_add_int(hash, (unsigned)sig->info.creation_time, 4); | 424 | __ops_hash_add_int(hash, (unsigned)sig->info.creation_time, 4); | |
418 | } | 425 | } | |
419 | } | 426 | } | |
420 | 427 | |||
421 | /** | 428 | /** | |
422 | \ingroup Core_Signature | 429 | \ingroup Core_Signature | |
423 | \brief Checks a signature | 430 | \brief Checks a signature | |
424 | \param hash Signature Hash to be checked | 431 | \param hash Signature Hash to be checked | |
@@ -432,115 +439,116 @@ __ops_check_signature(const unsigned cha | @@ -432,115 +439,116 @@ __ops_check_signature(const unsigned cha | |||
432 | const __ops_signature_t * sig, | 439 | const __ops_signature_t * sig, | |
433 | const __ops_public_key_t * signer) | 440 | const __ops_public_key_t * signer) | |
434 | { | 441 | { | |
435 | bool ret; | 442 | bool ret; | |
436 | 443 | |||
437 | if (__ops_get_debug_level(__FILE__)) { | 444 | if (__ops_get_debug_level(__FILE__)) { | |
438 | printf("__ops_check_signature: (length %d) hash=", length); | 445 | printf("__ops_check_signature: (length %d) hash=", length); | |
439 | /* hashout[0]=0; */ | 446 | /* hashout[0]=0; */ | |
440 | hexdump(hash, length, ""); | 447 | hexdump(hash, length, ""); | |
441 | } | 448 | } | |
442 | ret = 0; | 449 | ret = 0; | |
443 | switch (sig->info.key_algorithm) { | 450 | switch (sig->info.key_algorithm) { | |
444 | case OPS_PKA_DSA: | 451 | case OPS_PKA_DSA: | |
445 | ret = __ops_dsa_verify(hash, length, &sig->info.signature.dsa, &signer->key.dsa); | 452 | ret = __ops_dsa_verify(hash, length, &sig->info.signature.dsa, | |
453 | &signer->key.dsa); | |||
446 | break; | 454 | break; | |
447 | 455 | |||
448 | case OPS_PKA_RSA: | 456 | case OPS_PKA_RSA: | |
449 | ret = rsa_verify(sig->info.hash_algorithm, hash, length, &sig->info.signature.rsa, | 457 | ret = rsa_verify(sig->info.hash_algorithm, hash, length, | |
450 | &signer->key.rsa); | 458 | &sig->info.signature.rsa, | |
459 | &signer->key.rsa); | |||
451 | break; | 460 | break; | |
452 | 461 | |||
453 | default: | 462 | default: | |
454 | assert(/*CONSTCOND*/0); | 463 | assert(/*CONSTCOND*/0); | |
455 | } | 464 | } | |
456 | 465 | |||
457 | return ret; | 466 | return ret; | |
458 | } | 467 | } | |
459 | 468 | |||
460 | static bool | 469 | static bool | |
461 | hash_and_check_signature(__ops_hash_t * hash, | 470 | hash_and_check_signature(__ops_hash_t * hash, | |
462 | const __ops_signature_t * sig, | 471 | const __ops_signature_t * sig, | |
463 | const __ops_public_key_t * signer) | 472 | const __ops_public_key_t * signer) | |
464 | { | 473 | { | |
465 | unsigned char hashout[OPS_MAX_HASH_SIZE]; | 474 | unsigned char hashout[OPS_MAX_HASH_SIZE]; | |
466 | unsigned n; | 475 | unsigned n; | |
467 | 476 | |||
468 | n = hash->finish(hash, hashout); | 477 | n = hash->finish(hash, hashout); | |
469 | ||||
470 | return __ops_check_signature(hashout, n, sig, signer); | 478 | return __ops_check_signature(hashout, n, sig, signer); | |
471 | } | 479 | } | |
472 | 480 | |||
473 | static bool | 481 | static bool | |
474 | finalise_signature(__ops_hash_t * hash, | 482 | finalise_signature(__ops_hash_t * hash, | |
475 | const __ops_signature_t * sig, | 483 | const __ops_signature_t * sig, | |
476 | const __ops_public_key_t * signer, | 484 | const __ops_public_key_t * signer, | |
477 | const unsigned char *raw_packet) | 485 | const unsigned char *raw_packet) | |
478 | { | 486 | { | |
479 | hash_add_trailer(hash, sig, raw_packet); | 487 | hash_add_trailer(hash, sig, raw_packet); | |
480 | return hash_and_check_signature(hash, sig, signer); | 488 | return hash_and_check_signature(hash, sig, signer); | |
481 | } | 489 | } | |
482 | 490 | |||
483 | /** | 491 | /** | |
484 | * \ingroup Core_Signature | 492 | * \ingroup Core_Signature | |
485 | * | 493 | * | |
486 | * \brief Verify a certification signature. | 494 | * \brief Verify a certification signature. | |
487 | * | 495 | * | |
488 | * \param key The public key that was signed. | 496 | * \param key The public key that was signed. | |
489 | * \param id The user ID that was signed | 497 | * \param id The user ID that was signed | |
490 | * \param sig The signature. | 498 | * \param sig The signature. | |
491 | * \param signer The public key of the signer. | 499 | * \param signer The public key of the signer. | |
492 | * \param raw_packet The raw signature packet. | 500 | * \param raw_packet The raw signature packet. | |
493 | * \return true if OK; else false | 501 | * \return true if OK; else false | |
494 | */ | 502 | */ | |
495 | bool | 503 | bool | |
496 | __ops_check_user_id_certification_signature(const __ops_public_key_t * key, | 504 | __ops_check_useridcert_sig(const __ops_public_key_t * key, | |
497 | const __ops_user_id_t * id, | 505 | const __ops_user_id_t * id, | |
498 | const __ops_signature_t * sig, | 506 | const __ops_signature_t * sig, | |
499 | const __ops_public_key_t * signer, | 507 | const __ops_public_key_t * signer, | |
500 | const unsigned char *raw_packet) | 508 | const unsigned char *raw_packet) | |
501 | { | 509 | { | |
502 | __ops_hash_t hash; | 510 | __ops_hash_t hash; | |
503 | size_t user_id_len = strlen((char *) id->user_id); | 511 | size_t user_id_len = strlen((char *) id->user_id); | |
504 | 512 | |||
505 | init_key_signature(&hash, sig, key); | 513 | init_key_signature(&hash, sig, key); | |
506 | 514 | |||
507 | if (sig->info.version == OPS_V4) { | 515 | if (sig->info.version == OPS_V4) { | |
508 | __ops_hash_add_int(&hash, 0xb4, 1); | 516 | __ops_hash_add_int(&hash, 0xb4, 1); | |
509 | __ops_hash_add_int(&hash, user_id_len, 4); | 517 | __ops_hash_add_int(&hash, user_id_len, 4); | |
510 | } | 518 | } | |
511 | hash.add(&hash, id->user_id, user_id_len); | 519 | hash.add(&hash, id->user_id, user_id_len); | |
512 | 520 | |||
513 | return finalise_signature(&hash, sig, signer, raw_packet); | 521 | return finalise_signature(&hash, sig, signer, raw_packet); | |
514 | } | 522 | } | |
515 | 523 | |||
516 | /** | 524 | /** | |
517 | * \ingroup Core_Signature | 525 | * \ingroup Core_Signature | |
518 | * | 526 | * | |
519 | * Verify a certification signature. | 527 | * Verify a certification signature. | |
520 | * | 528 | * | |
521 | * \param key The public key that was signed. | 529 | * \param key The public key that was signed. | |
522 | * \param attribute The user attribute that was signed | 530 | * \param attribute The user attribute that was signed | |
523 | * \param sig The signature. | 531 | * \param sig The signature. | |
524 | * \param signer The public key of the signer. | 532 | * \param signer The public key of the signer. | |
525 | * \param raw_packet The raw signature packet. | 533 | * \param raw_packet The raw signature packet. | |
526 | * \return true if OK; else false | 534 | * \return true if OK; else false | |
527 | */ | 535 | */ | |
528 | bool | 536 | bool | |
529 | __ops_check_user_attribute_certification_signature(const __ops_public_key_t * key, | 537 | __ops_check_userattrcert_sig(const __ops_public_key_t * key, | |
530 | const __ops_user_attribute_t * attribute, | 538 | const __ops_user_attribute_t *attribute, | |
531 | const __ops_signature_t * sig, | 539 | const __ops_signature_t *sig, | |
532 | const __ops_public_key_t * signer, | 540 | const __ops_public_key_t *signer, | |
533 | const unsigned char *raw_packet) | 541 | const unsigned char *raw_packet) | |
534 | { | 542 | { | |
535 | __ops_hash_t hash; | 543 | __ops_hash_t hash; | |
536 | 544 | |||
537 | init_key_signature(&hash, sig, key); | 545 | init_key_signature(&hash, sig, key); | |
538 | 546 | |||
539 | if (sig->info.version == OPS_V4) { | 547 | if (sig->info.version == OPS_V4) { | |
540 | __ops_hash_add_int(&hash, 0xd1, 1); | 548 | __ops_hash_add_int(&hash, 0xd1, 1); | |
541 | __ops_hash_add_int(&hash, attribute->data.len, 4); | 549 | __ops_hash_add_int(&hash, attribute->data.len, 4); | |
542 | } | 550 | } | |
543 | hash.add(&hash, attribute->data.contents, attribute->data.len); | 551 | hash.add(&hash, attribute->data.contents, attribute->data.len); | |
544 | 552 | |||
545 | return finalise_signature(&hash, sig, signer, raw_packet); | 553 | return finalise_signature(&hash, sig, signer, raw_packet); | |
546 | } | 554 | } | |
@@ -602,30 +610,29 @@ __ops_check_direct_signature(const __ops | @@ -602,30 +610,29 @@ __ops_check_direct_signature(const __ops | |||
602 | * the material that was being signed, for example signed cleartext). | 610 | * the material that was being signed, for example signed cleartext). | |
603 | * | 611 | * | |
604 | * \param hash A hash structure of appropriate type that has been fed | 612 | * \param hash A hash structure of appropriate type that has been fed | |
605 | * the material to be signed. This MUST NOT have been finalised. | 613 | * the material to be signed. This MUST NOT have been finalised. | |
606 | * \param sig The signature to be verified. | 614 | * \param sig The signature to be verified. | |
607 | * \param signer The public key of the signer. | 615 | * \param signer The public key of the signer. | |
608 | * \return true if OK; else false | 616 | * \return true if OK; else false | |
609 | */ | 617 | */ | |
610 | bool | 618 | bool | |
611 | __ops_check_hash_signature(__ops_hash_t * hash, | 619 | __ops_check_hash_signature(__ops_hash_t * hash, | |
612 | const __ops_signature_t * sig, | 620 | const __ops_signature_t * sig, | |
613 | const __ops_public_key_t * signer) | 621 | const __ops_public_key_t * signer) | |
614 | { | 622 | { | |
615 | if (sig->info.hash_algorithm != hash->algorithm) | 623 | return (sig->info.hash_algorithm == hash->algorithm) ? | |
616 | return false; | 624 | finalise_signature(hash, sig, signer, NULL) : | |
617 | 625 | false; | ||
618 | return finalise_signature(hash, sig, signer, NULL); | |||
619 | } | 626 | } | |
620 | 627 | |||
621 | static void | 628 | static void | |
622 | start_signature_in_mem(__ops_create_signature_t * sig) | 629 | start_signature_in_mem(__ops_create_signature_t * sig) | |
623 | { | 630 | { | |
624 | /* since this has subpackets and stuff, we have to buffer the whole */ | 631 | /* since this has subpackets and stuff, we have to buffer the whole */ | |
625 | /* thing to get counts before writing. */ | 632 | /* thing to get counts before writing. */ | |
626 | sig->mem = __ops_memory_new(); | 633 | sig->mem = __ops_memory_new(); | |
627 | __ops_memory_init(sig->mem, 100); | 634 | __ops_memory_init(sig->mem, 100); | |
628 | __ops_writer_set_memory(sig->info, sig->mem); | 635 | __ops_writer_set_memory(sig->info, sig->mem); | |
629 | 636 | |||
630 | /* write nearly up to the first subpacket */ | 637 | /* write nearly up to the first subpacket */ | |
631 | __ops_write_scalar((unsigned)sig->sig.info.version, 1, sig->info); | 638 | __ops_write_scalar((unsigned)sig->sig.info.version, 1, sig->info); | |
@@ -691,27 +698,27 @@ __ops_signature_start_signature(__ops_cr | @@ -691,27 +698,27 @@ __ops_signature_start_signature(__ops_cr | |||
691 | const __ops_secret_key_t * key, | 698 | const __ops_secret_key_t * key, | |
692 | const __ops_hash_algorithm_t hash, | 699 | const __ops_hash_algorithm_t hash, | |
693 | const __ops_sig_type_t type) | 700 | const __ops_sig_type_t type) | |
694 | { | 701 | { | |
695 | sig->info = __ops_create_info_new(); | 702 | sig->info = __ops_create_info_new(); | |
696 | 703 | |||
697 | /* XXX: refactor with check (in several ways - check should probably */ | 704 | /* XXX: refactor with check (in several ways - check should probably */ | |
698 | /* | 705 | /* | |
699 | * use the buffered writer to construct packets (done), and also | 706 | * use the buffered writer to construct packets (done), and also | |
700 | * should | 707 | * should | |
701 | */ | 708 | */ | |
702 | /* share code for hash calculation) */ | 709 | /* share code for hash calculation) */ | |
703 | sig->sig.info.version = OPS_V4; | 710 | sig->sig.info.version = OPS_V4; | |
704 | sig->sig.info.key_algorithm = key->public_key.algorithm; | 711 | sig->sig.info.key_algorithm = key->pubkey.algorithm; | |
705 | sig->sig.info.hash_algorithm = hash; | 712 | sig->sig.info.hash_algorithm = hash; | |
706 | sig->sig.info.type = type; | 713 | sig->sig.info.type = type; | |
707 | 714 | |||
708 | sig->hashed_data_length = (unsigned)-1; | 715 | sig->hashed_data_length = (unsigned)-1; | |
709 | 716 | |||
710 | if (__ops_get_debug_level(__FILE__)) { | 717 | if (__ops_get_debug_level(__FILE__)) { | |
711 | fprintf(stderr, "initialising hash for sig in mem\n"); | 718 | fprintf(stderr, "initialising hash for sig in mem\n"); | |
712 | } | 719 | } | |
713 | initialise_hash(&sig->hash, &sig->sig); | 720 | initialise_hash(&sig->hash, &sig->sig); | |
714 | start_signature_in_mem(sig); | 721 | start_signature_in_mem(sig); | |
715 | } | 722 | } | |
716 | 723 | |||
717 | /** | 724 | /** | |
@@ -744,27 +751,28 @@ __ops_signature_start_message_signature( | @@ -744,27 +751,28 @@ __ops_signature_start_message_signature( | |||
744 | * \ingroup Core_Signature | 751 | * \ingroup Core_Signature | |
745 | * | 752 | * | |
746 | * Add plaintext data to a signature-to-be. | 753 | * Add plaintext data to a signature-to-be. | |
747 | * | 754 | * | |
748 | * \param sig The signature-to-be. | 755 | * \param sig The signature-to-be. | |
749 | * \param buf The plaintext data. | 756 | * \param buf The plaintext data. | |
750 | * \param length The amount of plaintext data. | 757 | * \param length The amount of plaintext data. | |
751 | */ | 758 | */ | |
752 | void | 759 | void | |
753 | __ops_signature_add_data(__ops_create_signature_t * sig, const void *buf, | 760 | __ops_signature_add_data(__ops_create_signature_t * sig, const void *buf, | |
754 | size_t length) | 761 | size_t length) | |
755 | { | 762 | { | |
756 | if (__ops_get_debug_level(__FILE__)) { | 763 | if (__ops_get_debug_level(__FILE__)) { | |
757 | fprintf(stderr, "__ops_signature_add_data adds to hash\n"); | 764 | (void) fprintf(stderr, | |
765 | "__ops_signature_add_data adds to hash\n"); | |||
758 | } | 766 | } | |
759 | sig->hash.add(&sig->hash, buf, length); | 767 | sig->hash.add(&sig->hash, buf, length); | |
760 | } | 768 | } | |
761 | 769 | |||
762 | /** | 770 | /** | |
763 | * \ingroup Core_Signature | 771 | * \ingroup Core_Signature | |
764 | * | 772 | * | |
765 | * Mark the end of the hashed subpackets in the signature | 773 | * Mark the end of the hashed subpackets in the signature | |
766 | * | 774 | * | |
767 | * \param sig | 775 | * \param sig | |
768 | */ | 776 | */ | |
769 | 777 | |||
770 | bool | 778 | bool | |
@@ -782,96 +790,99 @@ __ops_signature_hashed_subpackets_end(__ | @@ -782,96 +790,99 @@ __ops_signature_hashed_subpackets_end(__ | |||
782 | /** | 790 | /** | |
783 | * \ingroup Core_Signature | 791 | * \ingroup Core_Signature | |
784 | * | 792 | * | |
785 | * Write out a signature | 793 | * Write out a signature | |
786 | * | 794 | * | |
787 | * \param sig | 795 | * \param sig | |
788 | * \param key | 796 | * \param key | |
789 | * \param skey | 797 | * \param skey | |
790 | * \param info | 798 | * \param info | |
791 | * | 799 | * | |
792 | */ | 800 | */ | |
793 | 801 | |||
794 | bool | 802 | bool | |
795 | __ops_write_signature(__ops_create_signature_t * sig, const __ops_public_key_t * key, | 803 | __ops_write_signature(__ops_create_signature_t * sig, | |
796 | const __ops_secret_key_t * skey, __ops_create_info_t * info) | 804 | const __ops_public_key_t *key, | |
805 | const __ops_secret_key_t *skey, | |||
806 | __ops_create_info_t *info) | |||
797 | { | 807 | { | |
798 | bool rtn = false; | 808 | size_t l = __ops_memory_get_length(sig->mem); | |
799 | size_t l = __ops_memory_get_length(sig->mem); | 809 | bool rtn = false; | |
800 | 810 | |||
801 | /* check key not decrypted */ | 811 | /* check key not decrypted */ | |
802 | switch (skey->public_key.algorithm) { | 812 | switch (skey->pubkey.algorithm) { | |
803 | case OPS_PKA_RSA: | 813 | case OPS_PKA_RSA: | |
804 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 814 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
805 | case OPS_PKA_RSA_SIGN_ONLY: | 815 | case OPS_PKA_RSA_SIGN_ONLY: | |
806 | assert(skey->key.rsa.d); | 816 | assert(skey->key.rsa.d); | |
807 | break; | 817 | break; | |
808 | 818 | |||
809 | case OPS_PKA_DSA: | 819 | case OPS_PKA_DSA: | |
810 | assert(skey->key.dsa.x); | 820 | assert(skey->key.dsa.x); | |
811 | break; | 821 | break; | |
812 | 822 | |||
813 | default: | 823 | default: | |
814 | fprintf(stderr, "Unsupported algorithm %d\n", skey->public_key.algorithm); | 824 | (void) fprintf(stderr, "Unsupported algorithm %d\n", | |
825 | skey->pubkey.algorithm); | |||
815 | assert(/* CONSTCOND */0); | 826 | assert(/* CONSTCOND */0); | |
816 | } | 827 | } | |
817 | 828 | |||
818 | assert(sig->hashed_data_length != (unsigned) -1); | 829 | assert(sig->hashed_data_length != (unsigned) -1); | |
819 | 830 | |||
820 | __ops_memory_place_int(sig->mem, sig->unhashed_count_offset, | 831 | __ops_memory_place_int(sig->mem, sig->unhashed_count_offset, | |
821 | l - sig->unhashed_count_offset - 2, 2); | 832 | l - sig->unhashed_count_offset - 2, 2); | |
822 | 833 | |||
823 | /* add the packet from version number to end of hashed subpackets */ | 834 | /* add the packet from version number to end of hashed subpackets */ | |
824 | 835 | |||
825 | if (__ops_get_debug_level(__FILE__)) { | 836 | if (__ops_get_debug_level(__FILE__)) { | |
826 | fprintf(stderr, "--- Adding packet to hash from version number to hashed subpkts\n"); | 837 | (void) fprintf(stderr, | |
838 | "--- Adding packet to hash from version number to hashed subpkts\n"); | |||
827 | } | 839 | } | |
828 | sig->hash.add(&sig->hash, __ops_memory_get_data(sig->mem), | 840 | sig->hash.add(&sig->hash, __ops_memory_get_data(sig->mem), | |
829 | sig->unhashed_count_offset); | 841 | sig->unhashed_count_offset); | |
830 | 842 | |||
831 | /* add final trailer */ | 843 | /* add final trailer */ | |
832 | __ops_hash_add_int(&sig->hash, (unsigned)sig->sig.info.version, 1); | 844 | __ops_hash_add_int(&sig->hash, (unsigned)sig->sig.info.version, 1); | |
833 | __ops_hash_add_int(&sig->hash, 0xff, 1); | 845 | __ops_hash_add_int(&sig->hash, 0xff, 1); | |
834 | /* +6 for version, type, pk alg, hash alg, hashed subpacket length */ | 846 | /* +6 for version, type, pk alg, hash alg, hashed subpacket length */ | |
835 | __ops_hash_add_int(&sig->hash, sig->hashed_data_length + 6, 4); | 847 | __ops_hash_add_int(&sig->hash, sig->hashed_data_length + 6, 4); | |
836 | 848 | |||
837 | if (__ops_get_debug_level(__FILE__)) { | 849 | if (__ops_get_debug_level(__FILE__)) { | |
838 | fprintf(stderr, "--- Finished adding packet to hash from version number to hashed subpkts\n"); | 850 | fprintf(stderr, "--- Finished adding packet to hash from version number to hashed subpkts\n"); | |
839 | } | 851 | } | |
840 | /* XXX: technically, we could figure out how big the signature is */ | 852 | /* XXX: technically, we could figure out how big the signature is */ | |
841 | /* and write it directly to the output instead of via memory. */ | 853 | /* and write it directly to the output instead of via memory. */ | |
842 | switch (skey->public_key.algorithm) { | 854 | switch (skey->pubkey.algorithm) { | |
843 | case OPS_PKA_RSA: | 855 | case OPS_PKA_RSA: | |
844 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 856 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
845 | case OPS_PKA_RSA_SIGN_ONLY: | 857 | case OPS_PKA_RSA_SIGN_ONLY: | |
846 | rsa_sign(&sig->hash, &key->key.rsa, &skey->key.rsa, sig->info); | 858 | rsa_sign(&sig->hash, &key->key.rsa, &skey->key.rsa, sig->info); | |
847 | break; | 859 | break; | |
848 | 860 | |||
849 | case OPS_PKA_DSA: | 861 | case OPS_PKA_DSA: | |
850 | dsa_sign(&sig->hash, &key->key.dsa, &skey->key.dsa, sig->info); | 862 | dsa_sign(&sig->hash, &key->key.dsa, &skey->key.dsa, sig->info); | |
851 | break; | 863 | break; | |
852 | 864 | |||
853 | default: | 865 | default: | |
854 | fprintf(stderr, "Unsupported algorithm %d\n", skey->public_key.algorithm); | 866 | (void) fprintf(stderr, "Unsupported algorithm %d\n", | |
867 | skey->pubkey.algorithm); | |||
855 | assert(/*CONSTCOND*/0); | 868 | assert(/*CONSTCOND*/0); | |
856 | } | 869 | } | |
857 | 870 | |||
858 | ||||
859 | ||||
860 | rtn = __ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info); | 871 | rtn = __ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info); | |
861 | if (rtn != false) { | 872 | if (rtn != false) { | |
862 | l = __ops_memory_get_length(sig->mem); | 873 | l = __ops_memory_get_length(sig->mem); | |
863 | rtn = __ops_write_length(l, info) | 874 | rtn = __ops_write_length(l, info) && | |
864 | && __ops_write(__ops_memory_get_data(sig->mem), l, info); | 875 | __ops_write(__ops_memory_get_data(sig->mem), l, info); | |
865 | } | 876 | } | |
866 | __ops_memory_free(sig->mem); | 877 | __ops_memory_free(sig->mem); | |
867 | 878 | |||
868 | if (rtn == false) { | 879 | if (rtn == false) { | |
869 | OPS_ERROR(&info->errors, OPS_E_W, "Cannot write signature"); | 880 | OPS_ERROR(&info->errors, OPS_E_W, "Cannot write signature"); | |
870 | } | 881 | } | |
871 | return rtn; | 882 | return rtn; | |
872 | } | 883 | } | |
873 | 884 | |||
874 | /** | 885 | /** | |
875 | * \ingroup Core_Signature | 886 | * \ingroup Core_Signature | |
876 | * | 887 | * | |
877 | * __ops_signature_add_creation_time() adds a creation time to the signature. | 888 | * __ops_signature_add_creation_time() adds a creation time to the signature. | |
@@ -889,28 +900,29 @@ __ops_signature_add_creation_time(__ops_ | @@ -889,28 +900,29 @@ __ops_signature_add_creation_time(__ops_ | |||
889 | /** | 900 | /** | |
890 | * \ingroup Core_Signature | 901 | * \ingroup Core_Signature | |
891 | * | 902 | * | |
892 | * Adds issuer's key ID to the signature | 903 | * Adds issuer's key ID to the signature | |
893 | * | 904 | * | |
894 | * \param sig | 905 | * \param sig | |
895 | * \param keyid | 906 | * \param keyid | |
896 | */ | 907 | */ | |
897 | 908 | |||
898 | bool | 909 | bool | |
899 | __ops_signature_add_issuer_key_id(__ops_create_signature_t * sig, | 910 | __ops_signature_add_issuer_key_id(__ops_create_signature_t * sig, | |
900 | const unsigned char keyid[OPS_KEY_ID_SIZE]) | 911 | const unsigned char keyid[OPS_KEY_ID_SIZE]) | |
901 | { | 912 | { | |
902 | return __ops_write_ss_header(OPS_KEY_ID_SIZE + 1, OPS_PTAG_SS_ISSUER_KEY_ID, sig->info) | 913 | return __ops_write_ss_header(OPS_KEY_ID_SIZE + 1, | |
903 | && __ops_write(keyid, OPS_KEY_ID_SIZE, sig->info); | 914 | OPS_PTAG_SS_ISSUER_KEY_ID, sig->info) && | |
915 | __ops_write(keyid, OPS_KEY_ID_SIZE, sig->info); | |||
904 | } | 916 | } | |
905 | 917 | |||
906 | /** | 918 | /** | |
907 | * \ingroup Core_Signature | 919 | * \ingroup Core_Signature | |
908 | * | 920 | * | |
909 | * Adds primary user ID to the signature | 921 | * Adds primary user ID to the signature | |
910 | * | 922 | * | |
911 | * \param sig | 923 | * \param sig | |
912 | * \param primary | 924 | * \param primary | |
913 | */ | 925 | */ | |
914 | void | 926 | void | |
915 | __ops_signature_add_primary_user_id(__ops_create_signature_t * sig, | 927 | __ops_signature_add_primary_user_id(__ops_create_signature_t * sig, | |
916 | bool primary) | 928 | bool primary) | |
@@ -924,71 +936,73 @@ __ops_signature_add_primary_user_id(__op | @@ -924,71 +936,73 @@ __ops_signature_add_primary_user_id(__op | |||
924 | * | 936 | * | |
925 | * Get the hash structure in use for the signature. | 937 | * Get the hash structure in use for the signature. | |
926 | * | 938 | * | |
927 | * \param sig The signature structure. | 939 | * \param sig The signature structure. | |
928 | * \return The hash structure. | 940 | * \return The hash structure. | |
929 | */ | 941 | */ | |
930 | __ops_hash_t * | 942 | __ops_hash_t * | |
931 | __ops_signature_get_hash(__ops_create_signature_t * sig) | 943 | __ops_signature_get_hash(__ops_create_signature_t * sig) | |
932 | { | 944 | { | |
933 | return &sig->hash; | 945 | return &sig->hash; | |
934 | } | 946 | } | |
935 | 947 | |||
936 | static int | 948 | static int | |
937 | open_output_file(__ops_create_info_t ** cinfo, const char *input_filename, const char *output_filename, const bool use_armour, const bool overwrite) | 949 | open_output_file(__ops_create_info_t ** cinfo, | |
950 | const char *input_filename, | |||
951 | const char *output_filename, | |||
952 | const bool use_armour, | |||
953 | const bool overwrite) | |||
938 | { | 954 | { | |
939 | int fd_out; | 955 | int fd_out; | |
940 | 956 | |||
941 | /* setup output file */ | 957 | /* setup output file */ | |
942 | 958 | |||
943 | if (output_filename) { | 959 | if (output_filename) { | |
944 | fd_out = __ops_setup_file_write(cinfo, output_filename, overwrite); | 960 | fd_out = __ops_setup_file_write(cinfo, output_filename, | |
961 | overwrite); | |||
945 | } else { | 962 | } else { | |
946 | char *myfilename = NULL; | 963 | char *myfilename = NULL; | |
947 | unsigned filenamelen = strlen(input_filename) + 4 + 1; | 964 | unsigned filenamelen = strlen(input_filename) + 4 + 1; | |
965 | ||||
948 | myfilename = calloc(1, filenamelen); | 966 | myfilename = calloc(1, filenamelen); | |
949 | if (use_armour) | 967 | if (use_armour) { | |
950 | snprintf(myfilename, filenamelen, "%s.asc", input_filename); | 968 | (void) snprintf(myfilename, filenamelen, "%s.asc", | |
951 | else | 969 | input_filename); | |
952 | snprintf(myfilename, filenamelen, "%s.gpg", input_filename); | 970 | } else { | |
971 | (void) snprintf(myfilename, filenamelen, "%s.gpg", | |||
972 | input_filename); | |||
973 | } | |||
953 | fd_out = __ops_setup_file_write(cinfo, myfilename, overwrite); | 974 | fd_out = __ops_setup_file_write(cinfo, myfilename, overwrite); | |
954 | free(myfilename); | 975 | free(myfilename); | |
955 | } | 976 | } | |
956 | 977 | |||
957 | return fd_out; | 978 | return fd_out; | |
958 | } | 979 | } | |
959 | 980 | |||
960 | /** | 981 | /** | |
961 | \ingroup HighLevel_Sign | 982 | \ingroup HighLevel_Sign | |
962 | \brief Sign a file with a Cleartext Signature | 983 | \brief Sign a file with a Cleartext Signature | |
963 | \param input_filename Name of file to be signed | 984 | \param input_filename Name of file to be signed | |
964 | \param output_filename Filename to be created. If NULL, filename will be constructed from the input_filename. | 985 | \param output_filename Filename to be created. If NULL, filename will be constructed from the input_filename. | |
965 | \param skey Secret Key to sign with | 986 | \param skey Secret Key to sign with | |
966 | \param overwrite Allow output file to be overwritten, if set | 987 | \param overwrite Allow output file to be overwritten, if set | |
967 | \return true if OK, else false | 988 | \return true if OK, else false | |
968 | 989 | |||
969 | Example code: | |||
970 | \code | |||
971 | void example(const __ops_secret_key_t *skey, bool overwrite) | |||
972 | { | |||
973 | if (__ops_sign_file_as_cleartext("mytestfile.txt",NULL,skey,overwrite)==true) | |||
974 | printf("OK"); | |||
975 | else | |||
976 | printf("ERR"); | |||
977 | } | |||
978 | \endcode | |||
979 | */ | 990 | */ | |
980 | bool | 991 | bool | |
981 | __ops_sign_file_as_cleartext(const char *input_filename, const char *output_filename, const __ops_secret_key_t * skey, const bool overwrite) | 992 | __ops_sign_file_as_cleartext(const char *input_filename, | |
993 | const char *output_filename, | |||
994 | const __ops_secret_key_t *skey, | |||
995 | const bool overwrite) | |||
982 | { | 996 | { | |
983 | /* \todo allow choice of hash algorithams */ | 997 | /* \todo allow choice of hash algorithams */ | |
984 | /* enforce use of SHA1 for now */ | 998 | /* enforce use of SHA1 for now */ | |
985 | 999 | |||
986 | unsigned char keyid[OPS_KEY_ID_SIZE]; | 1000 | unsigned char keyid[OPS_KEY_ID_SIZE]; | |
987 | __ops_create_signature_t *sig = NULL; | 1001 | __ops_create_signature_t *sig = NULL; | |
988 | 1002 | |||
989 | int fd_in = 0; | 1003 | int fd_in = 0; | |
990 | int fd_out = 0; | 1004 | int fd_out = 0; | |
991 | __ops_create_info_t *cinfo = NULL; | 1005 | __ops_create_info_t *cinfo = NULL; | |
992 | unsigned char buf[MAXBUF]; | 1006 | unsigned char buf[MAXBUF]; | |
993 | /* int flags=0; */ | 1007 | /* int flags=0; */ | |
994 | bool rtn = false; | 1008 | bool rtn = false; | |
@@ -1009,326 +1023,282 @@ __ops_sign_file_as_cleartext(const char | @@ -1009,326 +1023,282 @@ __ops_sign_file_as_cleartext(const char | |||
1009 | 1023 | |||
1010 | if (fd_out < 0) { | 1024 | if (fd_out < 0) { | |
1011 | close(fd_in); | 1025 | close(fd_in); | |
1012 | return false; | 1026 | return false; | |
1013 | } | 1027 | } | |
1014 | /* set up signature */ | 1028 | /* set up signature */ | |
1015 | sig = __ops_create_signature_new(); | 1029 | sig = __ops_create_signature_new(); | |
1016 | if (!sig) { | 1030 | if (!sig) { | |
1017 | close(fd_in); | 1031 | close(fd_in); | |
1018 | __ops_teardown_file_write(cinfo, fd_out); | 1032 | __ops_teardown_file_write(cinfo, fd_out); | |
1019 | return false; | 1033 | return false; | |
1020 | } | 1034 | } | |
1021 | /* \todo could add more error detection here */ | 1035 | /* \todo could add more error detection here */ | |
1022 | __ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, OPS_SIG_BINARY); | 1036 | __ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, | |
1037 | OPS_SIG_BINARY); | |||
1023 | if (__ops_writer_push_clearsigned(cinfo, sig) != true) { | 1038 | if (__ops_writer_push_clearsigned(cinfo, sig) != true) { | |
1024 | return false; | 1039 | return false; | |
1025 | } | 1040 | } | |
1026 | 1041 | |||
1027 | /* Do the signing */ | 1042 | /* Do the signing */ | |
1028 | for (;;) { | 1043 | for (;;) { | |
1029 | int n = 0; | 1044 | int n = 0; | |
1030 | 1045 | |||
1031 | n = read(fd_in, buf, sizeof(buf)); | 1046 | n = read(fd_in, buf, sizeof(buf)); | |
1032 | if (!n) | 1047 | if (!n) | |
1033 | break; | 1048 | break; | |
1034 | assert(n >= 0); | 1049 | assert(n >= 0); | |
1035 | __ops_write(buf, (unsigned)n, cinfo); | 1050 | __ops_write(buf, (unsigned)n, cinfo); | |
1036 | } | 1051 | } | |
1037 | close(fd_in); | 1052 | close(fd_in); | |
1038 | 1053 | |||
1039 | /* add signature with subpackets: */ | 1054 | /* add signature with subpackets: */ | |
1040 | /* - creation time */ | 1055 | /* - creation time */ | |
1041 | /* - key id */ | 1056 | /* - key id */ | |
1042 | rtn = __ops_writer_switch_to_armoured_signature(cinfo) | 1057 | rtn = __ops_writer_switch_to_armoured_signature(cinfo) | |
1043 | && __ops_signature_add_creation_time(sig, time(NULL)); | 1058 | && __ops_signature_add_creation_time(sig, time(NULL)); | |
1044 | if (rtn == false) { | 1059 | if (rtn == false) { | |
1045 | __ops_teardown_file_write(cinfo, fd_out); | 1060 | __ops_teardown_file_write(cinfo, fd_out); | |
1046 | return false; | 1061 | return false; | |
1047 | } | 1062 | } | |
1048 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key); | 1063 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey); | |
1049 | 1064 | |||
1050 | rtn = __ops_signature_add_issuer_key_id(sig, keyid) | 1065 | rtn = __ops_signature_add_issuer_key_id(sig, keyid) && | |
1051 | && __ops_signature_hashed_subpackets_end(sig) | 1066 | __ops_signature_hashed_subpackets_end(sig) && | |
1052 | && __ops_write_signature(sig, &skey->public_key, skey, cinfo); | 1067 | __ops_write_signature(sig, &skey->pubkey, skey, cinfo); | |
1053 | 1068 | |||
1054 | __ops_teardown_file_write(cinfo, fd_out); | 1069 | __ops_teardown_file_write(cinfo, fd_out); | |
1055 | 1070 | |||
1056 | if (rtn == false) { | 1071 | if (rtn == false) { | |
1057 | OPS_ERROR(&cinfo->errors, OPS_E_W, "Cannot sign file as cleartext"); | 1072 | OPS_ERROR(&cinfo->errors, OPS_E_W, | |
1073 | "Cannot sign file as cleartext"); | |||
1058 | } | 1074 | } | |
1059 | return rtn; | 1075 | return rtn; | |
1060 | } | 1076 | } | |
1061 | 1077 | |||
1062 | #if 0 | 1078 | #if 0 | |
1063 | /* XXX commented out until I work out what header file to put this one in */ | 1079 | /* XXX commented out until I work out what header file to put this one in */ | |
1064 | /** | 1080 | /** | |
1065 | * \ingroup HighLevel_Sign | 1081 | * \ingroup HighLevel_Sign | |
1066 | * \brief Sign a buffer with a Cleartext signature | 1082 | * \brief Sign a buffer with a Cleartext signature | |
1067 | * \param cleartext Text to be signed | 1083 | * \param cleartext Text to be signed | |
1068 | * \param len Length of text | 1084 | * \param len Length of text | |
1069 | * \param signed_cleartext __ops_memory_t struct in which to write the signed cleartext | 1085 | * \param signed_cleartext __ops_memory_t struct in which to write the signed cleartext | |
1070 | * \param skey Secret key with which to sign the cleartext | 1086 | * \param skey Secret key with which to sign the cleartext | |
1071 | * \return true if OK; else false | 1087 | * \return true if OK; else false | |
1072 | 1088 | |||
1073 | * \note It is the calling function's responsibility to free signed_cleartext | 1089 | * \note It is the calling function's responsibility to free signed_cleartext | |
1074 | * \note signed_cleartext should be a NULL pointer when passed in | 1090 | * \note signed_cleartext should be a NULL pointer when passed in | |
1075 | 1091 | |||
1076 | Example code: | |||
1077 | \code | |||
1078 | void example(const __ops_secret_key_t *skey) | |||
1079 | { | |||
1080 | __ops_memory_t* mem=NULL; | |||
1081 | const char* buf="Some example text"; | |||
1082 | size_t len=strlen(buf); | |||
1083 | if (__ops_sign_buf_as_cleartext(buf,len, &mem, skey)==true) | |||
1084 | printf("OK"); | |||
1085 | else | |||
1086 | printf("ERR"); | |||
1087 | // free signed cleartext after use | |||
1088 | __ops_memory_free(mem); | |||
1089 | } | |||
1090 | \endcode | |||
1091 | */ | 1092 | */ | |
1092 | bool | 1093 | bool | |
1093 | __ops_sign_buf_as_cleartext(const char *cleartext, const size_t len, __ops_memory_t ** signed_cleartext, const __ops_secret_key_t * skey) | 1094 | __ops_sign_buf_as_cleartext(const char *cleartext, | |
1095 | const size_t len, | |||
1096 | __ops_memory_t **signed_cleartext, | |||
1097 | const __ops_secret_key_t *skey) | |||
1094 | { | 1098 | { | |
1095 | bool rtn = false; | 1099 | bool rtn = false; | |
1096 | 1100 | |||
1097 | /* \todo allow choice of hash algorithams */ | 1101 | /* \todo allow choice of hash algorithams */ | |
1098 | /* enforce use of SHA1 for now */ | 1102 | /* enforce use of SHA1 for now */ | |
1099 | 1103 | |||
1100 | unsigned char keyid[OPS_KEY_ID_SIZE]; | 1104 | unsigned char keyid[OPS_KEY_ID_SIZE]; | |
1101 | __ops_create_signature_t *sig = NULL; | 1105 | __ops_create_signature_t *sig = NULL; | |
1102 | 1106 | |||
1103 | __ops_create_info_t *cinfo = NULL; | 1107 | __ops_create_info_t *cinfo = NULL; | |
1104 | 1108 | |||
1105 | assert(*signed_cleartext == NULL); | 1109 | assert(*signed_cleartext == NULL); | |
1106 | 1110 | |||
1107 | /* set up signature */ | 1111 | /* set up signature */ | |
1108 | sig = __ops_create_signature_new(); | 1112 | sig = __ops_create_signature_new(); | |
1109 | if (!sig) { | 1113 | if (!sig) { | |
1110 | return false; | 1114 | return false; | |
1111 | } | 1115 | } | |
1112 | /* \todo could add more error detection here */ | 1116 | /* \todo could add more error detection here */ | |
1113 | __ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, OPS_SIG_BINARY); | 1117 | __ops_signature_start_cleartext_signature(sig, skey, OPS_HASH_SHA1, | |
1118 | OPS_SIG_BINARY); | |||
1114 | 1119 | |||
1115 | /* set up output file */ | 1120 | /* set up output file */ | |
1116 | __ops_setup_memory_write(&cinfo, signed_cleartext, len); | 1121 | __ops_setup_memory_write(&cinfo, signed_cleartext, len); | |
1117 | 1122 | |||
1118 | /* Do the signing */ | 1123 | /* Do the signing */ | |
1119 | /* add signature with subpackets: */ | 1124 | /* add signature with subpackets: */ | |
1120 | /* - creation time */ | 1125 | /* - creation time */ | |
1121 | /* - key id */ | 1126 | /* - key id */ | |
1122 | rtn = __ops_writer_push_clearsigned(cinfo, sig) | 1127 | rtn = __ops_writer_push_clearsigned(cinfo, sig) && | |
1123 | && __ops_write(cleartext, len, cinfo) | 1128 | __ops_write(cleartext, len, cinfo) && | |
1124 | && __ops_writer_switch_to_armoured_signature(cinfo) | 1129 | __ops_writer_switch_to_armoured_signature(cinfo) && | |
1125 | && __ops_signature_add_creation_time(sig, time(NULL)); | 1130 | __ops_signature_add_creation_time(sig, time(NULL)); | |
1126 | 1131 | |||
1127 | if (rtn == false) { | 1132 | if (rtn == false) { | |
1128 | return false; | 1133 | return false; | |
1129 | } | 1134 | } | |
1130 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key); | 1135 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey); | |
1131 | 1136 | |||
1132 | rtn = __ops_signature_add_issuer_key_id(sig, keyid) | 1137 | rtn = __ops_signature_add_issuer_key_id(sig, keyid) && | |
1133 | && __ops_signature_hashed_subpackets_end(sig) | 1138 | __ops_signature_hashed_subpackets_end(sig) && | |
1134 | && __ops_write_signature(sig, &skey->public_key, skey, cinfo) | 1139 | __ops_write_signature(sig, &skey->pubkey, skey, cinfo) && | |
1135 | && __ops_writer_close(cinfo); | 1140 | __ops_writer_close(cinfo); | |
1136 | 1141 | |||
1137 | /* Note: the calling function must free signed_cleartext */ | 1142 | /* Note: the calling function must free signed_cleartext */ | |
1138 | __ops_create_info_delete(cinfo); | 1143 | __ops_create_info_delete(cinfo); | |
1139 | 1144 | |||
1140 | return rtn; | 1145 | return rtn; | |
1141 | } | 1146 | } | |
1142 | #endif | 1147 | #endif | |
1143 | 1148 | |||
1144 | /** | 1149 | /** | |
1145 | \ingroup HighLevel_Sign | 1150 | \ingroup HighLevel_Sign | |
1146 | \brief Sign a file | 1151 | \brief Sign a file | |
1147 | \param input_filename Input filename | 1152 | \param input_filename Input filename | |
1148 | \param output_filename Output filename. If NULL, a name is constructed from the input filename. | 1153 | \param output_filename Output filename. If NULL, a name is constructed from the input filename. | |
1149 | \param skey Secret Key to use for signing | 1154 | \param skey Secret Key to use for signing | |
1150 | \param use_armour Write armoured text, if set. | 1155 | \param use_armour Write armoured text, if set. | |
1151 | \param overwrite May overwrite existing file, if set. | 1156 | \param overwrite May overwrite existing file, if set. | |
1152 | \return true if OK; else false; | 1157 | \return true if OK; else false; | |
1153 | 1158 | |||
1154 | Example code: | |||
1155 | \code | |||
1156 | void example(const __ops_secret_key_t *skey) | |||
1157 | { | |||
1158 | const char* filename="mytestfile"; | |||
1159 | const bool use_armour=false; | |||
1160 | const bool overwrite=false; | |||
1161 | if (__ops_sign_file(filename, NULL, skey, use_armour, overwrite)==true) | |||
1162 | printf("OK"); | |||
1163 | else | |||
1164 | printf("ERR"); | |||
1165 | } | |||
1166 | \endcode | |||
1167 | */ | 1159 | */ | |
1168 | bool | 1160 | bool | |
1169 | __ops_sign_file(const char *input_filename, const char *output_filename, const __ops_secret_key_t * skey, const bool use_armour, const bool overwrite) | 1161 | __ops_sign_file(const char *input_filename, const char *output_filename, const __ops_secret_key_t * skey, const bool use_armour, const bool overwrite) | |
1170 | { | 1162 | { | |
1171 | /* \todo allow choice of hash algorithams */ | 1163 | /* \todo allow choice of hash algorithams */ | |
1172 | /* enforce use of SHA1 for now */ | 1164 | /* enforce use of SHA1 for now */ | |
1173 | 1165 | |||
1174 | unsigned char keyid[OPS_KEY_ID_SIZE]; | 1166 | unsigned char keyid[OPS_KEY_ID_SIZE]; | |
1175 | __ops_create_signature_t *sig = NULL; | 1167 | __ops_create_signature_t *sig = NULL; | |
1176 | ||||
1177 | int fd_out = 0; | 1168 | int fd_out = 0; | |
1178 | __ops_create_info_t *cinfo = NULL; | 1169 | __ops_create_info_t *cinfo = NULL; | |
1179 | ||||
1180 | __ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1; | 1170 | __ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1; | |
1181 | __ops_sig_type_t sig_type = OPS_SIG_BINARY; | 1171 | __ops_sig_type_t sig_type = OPS_SIG_BINARY; | |
1182 | ||||
1183 | __ops_memory_t *mem_buf = NULL; | 1172 | __ops_memory_t *mem_buf = NULL; | |
1184 | __ops_hash_t *hash = NULL; | 1173 | __ops_hash_t *hash = NULL; | |
1174 | int errnum; | |||
1185 | 1175 | |||
1186 | /* read input file into buf */ | 1176 | /* read input file into buf */ | |
1187 | ||||
1188 | int errnum; | |||
1189 | mem_buf = __ops_write_mem_from_file(input_filename, &errnum); | 1177 | mem_buf = __ops_write_mem_from_file(input_filename, &errnum); | |
1190 | if (errnum) | 1178 | if (errnum) { | |
1191 | return false; | 1179 | return false; | |
1180 | } | |||
1192 | 1181 | |||
1193 | /* setup output file */ | 1182 | /* setup output file */ | |
1194 | 1183 | fd_out = open_output_file(&cinfo, input_filename, output_filename, | ||
1195 | fd_out = open_output_file(&cinfo, input_filename, output_filename, use_armour, overwrite); | 1184 | use_armour, overwrite); | |
1196 | ||||
1197 | if (fd_out < 0) { | 1185 | if (fd_out < 0) { | |
1198 | __ops_memory_free(mem_buf); | 1186 | __ops_memory_free(mem_buf); | |
1199 | return false; | 1187 | return false; | |
1200 | } | 1188 | } | |
1189 | ||||
1201 | /* set up signature */ | 1190 | /* set up signature */ | |
1202 | sig = __ops_create_signature_new(); | 1191 | sig = __ops_create_signature_new(); | |
1203 | __ops_signature_start_message_signature(sig, skey, hash_alg, sig_type); | 1192 | __ops_signature_start_message_signature(sig, skey, hash_alg, sig_type); | |
1204 | 1193 | |||
1205 | /* set armoured/not armoured here */ | 1194 | /* set armoured/not armoured here */ | |
1206 | if (use_armour) | 1195 | if (use_armour) { | |
1207 | __ops_writer_push_armoured_message(cinfo); | 1196 | __ops_writer_push_armoured_message(cinfo); | |
1197 | } | |||
1208 | 1198 | |||
1209 | if (__ops_get_debug_level(__FILE__)) { | 1199 | if (__ops_get_debug_level(__FILE__)) { | |
1210 | fprintf(stderr, "** Writing out one pass sig\n"); | 1200 | fprintf(stderr, "** Writing out one pass sig\n"); | |
1211 | } | 1201 | } | |
1212 | /* write one_pass_sig */ | 1202 | /* write one_pass_sig */ | |
1213 | __ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo); | 1203 | __ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo); | |
1214 | 1204 | |||
1215 | /* hash file contents */ | 1205 | /* hash file contents */ | |
1216 | hash = __ops_signature_get_hash(sig); | 1206 | hash = __ops_signature_get_hash(sig); | |
1217 | hash->add(hash, __ops_memory_get_data(mem_buf), __ops_memory_get_length(mem_buf)); | 1207 | hash->add(hash, __ops_memory_get_data(mem_buf), | |
1208 | __ops_memory_get_length(mem_buf)); | |||
1218 | 1209 | |||
1219 | /* output file contents as Literal Data packet */ | 1210 | /* output file contents as Literal Data packet */ | |
1220 | 1211 | |||
1221 | if (__ops_get_debug_level(__FILE__)) { | 1212 | if (__ops_get_debug_level(__FILE__)) { | |
1222 | fprintf(stderr, "** Writing out data now\n"); | 1213 | fprintf(stderr, "** Writing out data now\n"); | |
1223 | } | 1214 | } | |
1224 | __ops_write_literal_data_from_buf(__ops_memory_get_data(mem_buf), | 1215 | __ops_write_literal_data_from_buf(__ops_memory_get_data(mem_buf), | |
1225 | (const int)__ops_memory_get_length(mem_buf), | 1216 | (const int)__ops_memory_get_length(mem_buf), | |
1226 | OPS_LDT_BINARY, cinfo); | 1217 | OPS_LDT_BINARY, cinfo); | |
1227 | 1218 | |||
1228 | if (__ops_get_debug_level(__FILE__)) { | 1219 | if (__ops_get_debug_level(__FILE__)) { | |
1229 | fprintf(stderr, "** After Writing out data now\n"); | 1220 | fprintf(stderr, "** After Writing out data now\n"); | |
1230 | } | 1221 | } | |
1231 | /* add subpackets to signature */ | 1222 | /* add subpackets to signature */ | |
1232 | /* - creation time */ | 1223 | /* - creation time */ | |
1233 | /* - key id */ | 1224 | /* - key id */ | |
1234 | 1225 | |||
1235 | __ops_signature_add_creation_time(sig, time(NULL)); | 1226 | __ops_signature_add_creation_time(sig, time(NULL)); | |
1236 | 1227 | |||
1237 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key); | 1228 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey); | |
1238 | __ops_signature_add_issuer_key_id(sig, keyid); | 1229 | __ops_signature_add_issuer_key_id(sig, keyid); | |
1239 | 1230 | |||
1240 | __ops_signature_hashed_subpackets_end(sig); | 1231 | __ops_signature_hashed_subpackets_end(sig); | |
1241 | 1232 | |||
1242 | /* write out sig */ | 1233 | /* write out sig */ | |
1243 | __ops_write_signature(sig, &skey->public_key, skey, cinfo); | 1234 | __ops_write_signature(sig, &skey->pubkey, skey, cinfo); | |
1244 | 1235 | |||
1245 | __ops_teardown_file_write(cinfo, fd_out); | 1236 | __ops_teardown_file_write(cinfo, fd_out); | |
1246 | 1237 | |||
1247 | /* tidy up */ | 1238 | /* tidy up */ | |
1248 | __ops_create_signature_delete(sig); | 1239 | __ops_create_signature_delete(sig); | |
1249 | __ops_memory_free(mem_buf); | 1240 | __ops_memory_free(mem_buf); | |
1250 | 1241 | |||
1251 | return true; | 1242 | return true; | |
1252 | } | 1243 | } | |
1253 | 1244 | |||
1254 | #if 0 | 1245 | #if 0 | |
1255 | /* XXX commented out until I work out what header file to put this one in */ | 1246 | /* XXX commented out until I work out what header file to put this one in */ | |
1256 | /** | 1247 | /** | |
1257 | \ingroup HighLevel_Sign | 1248 | \ingroup HighLevel_Sign | |
1258 | \brief Signs a buffer | 1249 | \brief Signs a buffer | |
1259 | \param input Input text to be signed | 1250 | \param input Input text to be signed | |
1260 | \param input_len Length of input text | 1251 | \param input_len Length of input text | |
1261 | \param sig_type Signature type | 1252 | \param sig_type Signature type | |
1262 | \param skey Secret Key | 1253 | \param skey Secret Key | |
1263 | \param use_armour Write armoured text, if set | 1254 | \param use_armour Write armoured text, if set | |
1264 | \return New __ops_memory_t struct containing signed text | 1255 | \return New __ops_memory_t struct containing signed text | |
1265 | \note It is the caller's responsibility to call __ops_memory_free(me) | 1256 | \note It is the caller's responsibility to call __ops_memory_free(me) | |
1266 | 1257 | |||
1267 | Example Code: | |||
1268 | \code | |||
1269 | void example(const __ops_secret_key_t *skey) | |||
1270 | { | |||
1271 | const char* buf="Some example text"; | |||
1272 | const size_t len=strlen(buf); | |||
1273 | const bool use_armour=true; | |||
1274 | ||||
1275 | __ops_memory_t* mem=NULL; | |||
1276 | ||||
1277 | mem=__ops_sign_buf(buf,len,OPS_SIG_BINARY,skey,use_armour); | |||
1278 | if (mem) | |||
1279 | { | |||
1280 | printf ("OK"); | |||
1281 | __ops_memory_free(mem); | |||
1282 | } | |||
1283 | else | |||
1284 | { | |||
1285 | printf("ERR"); | |||
1286 | } | |||
1287 | } | |||
1288 | \endcode | |||
1289 | */ | 1258 | */ | |
1290 | __ops_memory_t * | 1259 | __ops_memory_t * | |
1291 | __ops_sign_buf(const void *input, const size_t input_len, const __ops_sig_type_t sig_type, const __ops_secret_key_t * skey, const bool use_armour) | 1260 | __ops_sign_buf(const void *input, | |
1261 | const size_t input_len, | |||
1262 | const __ops_sig_type_t sig_type, | |||
1263 | const __ops_secret_key_t * skey, | |||
1264 | const bool use_armour) | |||
1292 | { | 1265 | { | |
1293 | /* \todo allow choice of hash algorithams */ | 1266 | /* \todo allow choice of hash algorithams */ | |
1294 | /* enforce use of SHA1 for now */ | 1267 | /* enforce use of SHA1 for now */ | |
1295 | 1268 | |||
1296 | unsigned char keyid[OPS_KEY_ID_SIZE]; | 1269 | unsigned char keyid[OPS_KEY_ID_SIZE]; | |
1297 | __ops_create_signature_t *sig = NULL; | 1270 | __ops_create_signature_t *sig = NULL; | |
1298 | ||||
1299 | __ops_create_info_t *cinfo = NULL; | 1271 | __ops_create_info_t *cinfo = NULL; | |
1300 | __ops_memory_t *mem = __ops_memory_new(); | 1272 | __ops_memory_t *mem = __ops_memory_new(); | |
1301 | ||||
1302 | __ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1; | 1273 | __ops_hash_algorithm_t hash_alg = OPS_HASH_SHA1; | |
1303 | __ops_literal_data_type_t ld_type; | 1274 | __ops_literal_data_type_t ld_type; | |
1304 | __ops_hash_t *hash = NULL; | 1275 | __ops_hash_t *hash = NULL; | |
1305 | 1276 | |||
1306 | /* setup literal data packet type */ | 1277 | /* setup literal data packet type */ | |
1307 | if (sig_type == OPS_SIG_BINARY) | 1278 | ld_type = (sig_type == OPS_SIG_BINARY) ? OPS_LDT_BINARY : OPS_LDT_TEXT; | |
1308 | ld_type = OPS_LDT_BINARY; | 1279 | ||
1309 | else | |||
1310 | ld_type = OPS_LDT_TEXT; | |||
1311 | 1280 | |||
1312 | /* set up signature */ | 1281 | /* set up signature */ | |
1313 | sig = __ops_create_signature_new(); | 1282 | sig = __ops_create_signature_new(); | |
1314 | __ops_signature_start_message_signature(sig, skey, hash_alg, sig_type); | 1283 | __ops_signature_start_message_signature(sig, skey, hash_alg, sig_type); | |
1315 | 1284 | |||
1316 | /* setup writer */ | 1285 | /* setup writer */ | |
1317 | __ops_setup_memory_write(&cinfo, &mem, input_len); | 1286 | __ops_setup_memory_write(&cinfo, &mem, input_len); | |
1318 | 1287 | |||
1319 | /* set armoured/not armoured here */ | 1288 | /* set armoured/not armoured here */ | |
1320 | if (use_armour) | 1289 | if (use_armour) { | |
1321 | __ops_writer_push_armoured_message(cinfo); | 1290 | __ops_writer_push_armoured_message(cinfo); | |
1291 | } | |||
1322 | 1292 | |||
1323 | if (__ops_get_debug_level(__FILE__)) { | 1293 | if (__ops_get_debug_level(__FILE__)) { | |
1324 | fprintf(stderr, "** Writing out one pass sig\n"); | 1294 | fprintf(stderr, "** Writing out one pass sig\n"); | |
1325 | } | 1295 | } | |
1326 | /* write one_pass_sig */ | 1296 | /* write one_pass_sig */ | |
1327 | __ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo); | 1297 | __ops_write_one_pass_sig(skey, hash_alg, sig_type, cinfo); | |
1328 | 1298 | |||
1329 | /* hash file contents */ | 1299 | /* hash file contents */ | |
1330 | hash = __ops_signature_get_hash(sig); | 1300 | hash = __ops_signature_get_hash(sig); | |
1331 | hash->add(hash, input, input_len); | 1301 | hash->add(hash, input, input_len); | |
1332 | 1302 | |||
1333 | /* output file contents as Literal Data packet */ | 1303 | /* output file contents as Literal Data packet */ | |
1334 | 1304 | |||
@@ -1336,28 +1306,28 @@ __ops_sign_buf(const void *input, const | @@ -1336,28 +1306,28 @@ __ops_sign_buf(const void *input, const | |||
1336 | fprintf(stderr, "** Writing out data now\n"); | 1306 | fprintf(stderr, "** Writing out data now\n"); | |
1337 | } | 1307 | } | |
1338 | __ops_write_literal_data_from_buf(input, input_len, ld_type, cinfo); | 1308 | __ops_write_literal_data_from_buf(input, input_len, ld_type, cinfo); | |
1339 | 1309 | |||
1340 | if (__ops_get_debug_level(__FILE__)) { | 1310 | if (__ops_get_debug_level(__FILE__)) { | |
1341 | fprintf(stderr, "** After Writing out data now\n"); | 1311 | fprintf(stderr, "** After Writing out data now\n"); | |
1342 | } | 1312 | } | |
1343 | /* add subpackets to signature */ | 1313 | /* add subpackets to signature */ | |
1344 | /* - creation time */ | 1314 | /* - creation time */ | |
1345 | /* - key id */ | 1315 | /* - key id */ | |
1346 | 1316 | |||
1347 | __ops_signature_add_creation_time(sig, time(NULL)); | 1317 | __ops_signature_add_creation_time(sig, time(NULL)); | |
1348 | 1318 | |||
1349 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->public_key); | 1319 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, &skey->pubkey); | |
1350 | __ops_signature_add_issuer_key_id(sig, keyid); | 1320 | __ops_signature_add_issuer_key_id(sig, keyid); | |
1351 | 1321 | |||
1352 | __ops_signature_hashed_subpackets_end(sig); | 1322 | __ops_signature_hashed_subpackets_end(sig); | |
1353 | 1323 | |||
1354 | /* write out sig */ | 1324 | /* write out sig */ | |
1355 | __ops_write_signature(sig, &skey->public_key, skey, cinfo); | 1325 | __ops_write_signature(sig, &skey->pubkey, skey, cinfo); | |
1356 | 1326 | |||
1357 | /* tidy up */ | 1327 | /* tidy up */ | |
1358 | __ops_writer_close(cinfo); | 1328 | __ops_writer_close(cinfo); | |
1359 | __ops_create_signature_delete(sig); | 1329 | __ops_create_signature_delete(sig); | |
1360 | 1330 | |||
1361 | return mem; | 1331 | return mem; | |
1362 | } | 1332 | } | |
1363 | #endif | 1333 | #endif |
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c 2009/04/25 01:29:15 1.2
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c 2009/05/05 01:28:15 1.3
@@ -10,221 +10,252 @@ | @@ -10,221 +10,252 @@ | |||
10 | * | 10 | * | |
11 | * You may obtain a copy of the License at | 11 | * You may obtain a copy of the License at | |
12 | * http://www.apache.org/licenses/LICENSE-2.0 | 12 | * http://www.apache.org/licenses/LICENSE-2.0 | |
13 | * | 13 | * | |
14 | * Unless required by applicable law or agreed to in writing, software | 14 | * Unless required by applicable law or agreed to in writing, software | |
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | #include "config.h" | 21 | #include "config.h" | |
22 | 22 | |||
23 | #include "crypto.h" | 23 | #ifdef HAVE_FCNTL_H | |
24 | 24 | #include <fcntl.h> | ||
25 | #include "readerwriter.h" | |||
26 | #include "memory.h" | |||
27 | #include "parse_local.h" | |||
28 | #include "netpgpdefs.h" | |||
29 | #include "signature.h" | |||
30 | ||||
31 | #ifdef HAVE_ASSERT_H | |||
32 | #include <assert.h> | |||
33 | #endif | 25 | #endif | |
34 | 26 | |||
35 | #ifdef HAVE_UNISTD_H | 27 | #ifdef HAVE_UNISTD_H | |
36 | #include <unistd.h> | 28 | #include <unistd.h> | |
37 | #endif | 29 | #endif | |
38 | 30 | |||
39 | #include <string.h> | 31 | #include <string.h> | |
40 | #include <fcntl.h> | 32 | ||
33 | #include "crypto.h" | |||
34 | #include "readerwriter.h" | |||
35 | #include "memory.h" | |||
36 | #include "parse_local.h" | |||
37 | #include "netpgpdefs.h" | |||
38 | #include "signature.h" | |||
41 | 39 | |||
42 | /** | 40 | /** | |
43 | \ingroup Core_MPI | 41 | \ingroup Core_MPI | |
44 | \brief Decrypt and unencode MPI | 42 | \brief Decrypt and unencode MPI | |
45 | \param buf Buffer in which to write decrypted unencoded MPI | 43 | \param buf Buffer in which to write decrypted unencoded MPI | |
46 | \param buflen Length of buffer | 44 | \param buflen Length of buffer | |
47 | \param encmpi | 45 | \param encmpi | |
48 | \param skey | 46 | \param skey | |
49 | \return length of MPI | 47 | \return length of MPI | |
50 | \note only RSA at present | 48 | \note only RSA at present | |
51 | */ | 49 | */ | |
52 | int | 50 | int | |
53 | __ops_decrypt_and_unencode_mpi(unsigned char *buf, unsigned buflen, const BIGNUM * encmpi, | 51 | __ops_decrypt_and_unencode_mpi(unsigned char *buf, | |
54 | const __ops_secret_key_t * skey) | 52 | unsigned buflen, | |
53 | const BIGNUM * encmpi, | |||
54 | const __ops_secret_key_t *skey) | |||
55 | { | 55 | { | |
56 | unsigned char encmpibuf[NETPGP_BUFSIZ]; | 56 | unsigned char encmpibuf[NETPGP_BUFSIZ]; | |
57 | unsigned char mpibuf[NETPGP_BUFSIZ]; | 57 | unsigned char mpibuf[NETPGP_BUFSIZ]; | |
58 | unsigned mpisize; | 58 | unsigned mpisize; | |
59 | int n; | 59 | int n; | |
60 | int i; | 60 | int i; | |
61 | 61 | |||
62 | mpisize = BN_num_bytes(encmpi); | 62 | mpisize = BN_num_bytes(encmpi); | |
63 | /* MPI can't be more than 65,536 */ | 63 | /* MPI can't be more than 65,536 */ | |
64 | assert(mpisize <= sizeof(encmpibuf)); | 64 | if (mpisize > sizeof(encmpibuf)) { | |
65 | (void) fprintf(stderr, "mpisize too big %u\n", mpisize); | |||
66 | return -1; | |||
67 | } | |||
65 | BN_bn2bin(encmpi, encmpibuf); | 68 | BN_bn2bin(encmpi, encmpibuf); | |
66 | 69 | |||
67 | assert(skey->public_key.algorithm == OPS_PKA_RSA); | 70 | if (skey->pubkey.algorithm != OPS_PKA_RSA) { | |
71 | (void) fprintf(stderr, "pubkey algorithm wrong\n"); | |||
72 | return -1; | |||
73 | } | |||
68 | 74 | |||
69 | if (__ops_get_debug_level(__FILE__)) { | 75 | if (__ops_get_debug_level(__FILE__)) { | |
70 | fprintf(stderr, "\nDECRYPTING\n"); | 76 | (void) fprintf(stderr, "\nDECRYPTING\n"); | |
71 | fprintf(stderr, "encrypted data : "); | 77 | (void) fprintf(stderr, "encrypted data : "); | |
72 | for (i = 0; i < 16; i++) { | 78 | for (i = 0; i < 16; i++) { | |
73 | fprintf(stderr, "%2x ", encmpibuf[i]); | 79 | (void) fprintf(stderr, "%2x ", encmpibuf[i]); | |
74 | } | 80 | } | |
75 | fprintf(stderr, "\n"); | 81 | (void) fprintf(stderr, "\n"); | |
82 | } | |||
83 | n = __ops_rsa_private_decrypt(mpibuf, encmpibuf, | |||
84 | (unsigned)(BN_num_bits(encmpi) + 7) / 8, | |||
85 | &skey->key.rsa, &skey->pubkey.key.rsa); | |||
86 | if (n == -1) { | |||
87 | (void) fprintf(stderr, "ops_rsa_private_decrypt failure\n"); | |||
88 | return -1; | |||
76 | } | 89 | } | |
77 | n = __ops_rsa_private_decrypt(mpibuf, encmpibuf, (unsigned)(BN_num_bits(encmpi) + 7) / 8, | |||
78 | &skey->key.rsa, &skey->public_key.key.rsa); | |||
79 | assert(n != -1); | |||
80 | 90 | |||
81 | if (__ops_get_debug_level(__FILE__)) { | 91 | if (__ops_get_debug_level(__FILE__)) { | |
82 | fprintf(stderr, "decrypted encoded m buf : "); | 92 | (void) fprintf(stderr, "decrypted encoded m buf : "); | |
83 | for (i = 0; i < 16; i++) | 93 | for (i = 0; i < 16; i++) { | |
84 | fprintf(stderr, "%2x ", mpibuf[i]); | 94 | (void) fprintf(stderr, "%2x ", mpibuf[i]); | |
85 | fprintf(stderr, "\n"); | 95 | } | |
96 | (void) fprintf(stderr, "\n"); | |||
86 | } | 97 | } | |
87 | if (n <= 0) | 98 | if (n <= 0) { | |
88 | return -1; | 99 | return -1; | |
100 | } | |||
89 | 101 | |||
90 | if (__ops_get_debug_level(__FILE__)) { | 102 | if (__ops_get_debug_level(__FILE__)) { | |
91 | printf(" decrypted=%d ", n); | 103 | printf(" decrypted=%d ", n); | |
92 | hexdump(mpibuf, (unsigned)n, ""); | 104 | hexdump(mpibuf, (unsigned)n, ""); | |
93 | printf("\n"); | 105 | printf("\n"); | |
94 | } | 106 | } | |
95 | /* Decode EME-PKCS1_V1_5 (RFC 2437). */ | 107 | /* Decode EME-PKCS1_V1_5 (RFC 2437). */ | |
96 | 108 | |||
97 | if (mpibuf[0] != 0 || mpibuf[1] != 2) | 109 | if (mpibuf[0] != 0 || mpibuf[1] != 2) { | |
98 | return false; | 110 | return -1; | |
111 | } | |||
99 | 112 | |||
100 | /* Skip the random bytes. */ | 113 | /* Skip the random bytes. */ | |
101 | for (i = 2; i < n && mpibuf[i]; ++i); | 114 | for (i = 2; i < n && mpibuf[i]; ++i) { | |
115 | } | |||
102 | 116 | |||
103 | if (i == n || i < 10) | 117 | if (i == n || i < 10) { | |
104 | return false; | 118 | return -1; | |
119 | } | |||
105 | 120 | |||
106 | /* Skip the zero */ | 121 | /* Skip the zero */ | |
107 | ++i; | 122 | ++i; | |
108 | 123 | |||
109 | /* this is the unencoded m buf */ | 124 | /* this is the unencoded m buf */ | |
110 | if ((unsigned) (n - i) <= buflen) | 125 | if ((unsigned) (n - i) <= buflen) { | |
111 | (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); | 126 | (void) memcpy(buf, mpibuf + i, (unsigned)(n - i)); | |
127 | } | |||
112 | 128 | |||
113 | if (__ops_get_debug_level(__FILE__)) { | 129 | if (__ops_get_debug_level(__FILE__)) { | |
114 | int j; | 130 | int j; | |
115 | 131 | |||
116 | printf("decoded m buf:\n"); | 132 | printf("decoded m buf:\n"); | |
117 | for (j = 0; j < n - i; j++) | 133 | for (j = 0; j < n - i; j++) | |
118 | printf("%2x ", buf[j]); | 134 | printf("%2x ", buf[j]); | |
119 | printf("\n"); | 135 | printf("\n"); | |
120 | } | 136 | } | |
121 | return n - i; | 137 | return n - i; | |
122 | } | 138 | } | |
123 | 139 | |||
124 | /** | 140 | /** | |
125 | \ingroup Core_MPI | 141 | \ingroup Core_MPI | |
126 | \brief RSA-encrypt an MPI | 142 | \brief RSA-encrypt an MPI | |
127 | */ | 143 | */ | |
128 | bool | 144 | bool | |
129 | __ops_rsa_encrypt_mpi(const unsigned char *encoded_m_buf, | 145 | __ops_rsa_encrypt_mpi(const unsigned char *encoded_m_buf, | |
130 | const size_t sz_encoded_m_buf, | 146 | const size_t sz_encoded_m_buf, | |
131 | const __ops_public_key_t * pkey, | 147 | const __ops_public_key_t * pkey, | |
132 | __ops_pk_session_key_parameters_t * skp) | 148 | __ops_pk_session_key_parameters_t * skp) | |
133 | { | 149 | { | |
134 | 150 | |||
135 | unsigned char encmpibuf[NETPGP_BUFSIZ]; | 151 | unsigned char encmpibuf[NETPGP_BUFSIZ]; | |
136 | int n = 0; | 152 | int n = 0; | |
137 | 153 | |||
138 | assert(sz_encoded_m_buf == (size_t) BN_num_bytes(pkey->key.rsa.n)); | 154 | if (sz_encoded_m_buf != (size_t) BN_num_bytes(pkey->key.rsa.n)) { | |
155 | (void) fprintf(stderr, "sz_encoded_m_buf wrong\n"); | |||
156 | return false; | |||
157 | } | |||
139 | 158 | |||
140 | n = __ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, sz_encoded_m_buf, &pkey->key.rsa); | 159 | n = __ops_rsa_public_encrypt(encmpibuf, encoded_m_buf, | |
141 | assert(n != -1); | 160 | sz_encoded_m_buf, &pkey->key.rsa); | |
161 | if (n == -1) { | |||
162 | (void) fprintf(stderr, "__ops_rsa_public_encrypt failure\n"); | |||
163 | return false; | |||
164 | } | |||
142 | 165 | |||
143 | if (n <= 0) | 166 | if (n <= 0) | |
144 | return false; | 167 | return false; | |
145 | 168 | |||
146 | skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL); | 169 | skp->rsa.encrypted_m = BN_bin2bn(encmpibuf, n, NULL); | |
147 | 170 | |||
148 | if (__ops_get_debug_level(__FILE__)) { | 171 | if (__ops_get_debug_level(__FILE__)) { | |
149 | int i; | 172 | int i; | |
150 | fprintf(stderr, "encrypted mpi buf : "); | 173 | fprintf(stderr, "encrypted mpi buf : "); | |
151 | for (i = 0; i < 16; i++) { | 174 | for (i = 0; i < 16; i++) { | |
152 | fprintf(stderr, "%2x ", encmpibuf[i]); | 175 | fprintf(stderr, "%2x ", encmpibuf[i]); | |
153 | } | 176 | } | |
154 | fprintf(stderr, "\n"); | 177 | fprintf(stderr, "\n"); | |
155 | } | 178 | } | |
156 | return true; | 179 | return true; | |
157 | } | 180 | } | |
158 | 181 | |||
159 | static __ops_parse_cb_return_t | 182 | static __ops_parse_cb_return_t | |
160 | callback_write_parsed(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo); | 183 | callback_write_parsed(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo); | |
161 | 184 | |||
162 | /** | 185 | /** | |
163 | \ingroup HighLevel_Crypto | 186 | \ingroup HighLevel_Crypto | |
164 | Encrypt a file | 187 | Encrypt a file | |
165 | \param input_filename Name of file to be encrypted | 188 | \param input_filename Name of file to be encrypted | |
166 | \param output_filename Name of file to write to. If NULL, name is constructed from input_filename | 189 | \param output_filename Name of file to write to. If NULL, name is constructed from input_filename | |
167 | \param pub_key Public Key to encrypt file for | 190 | \param pub_key Public Key to encrypt file for | |
168 | \param use_armour Write armoured text, if set | 191 | \param use_armour Write armoured text, if set | |
169 | \param allow_overwrite Allow output file to be overwrwritten if it exists | 192 | \param allow_overwrite Allow output file to be overwrwritten if it exists | |
170 | \return true if OK; else false | 193 | \return true if OK; else false | |
171 | */ | 194 | */ | |
172 | bool | 195 | bool | |
173 | __ops_encrypt_file(const char *input_filename, const char *output_filename, const __ops_keydata_t * pub_key, const bool use_armour, const bool allow_overwrite) | 196 | __ops_encrypt_file(const char *input_filename, | |
197 | const char *output_filename, | |||
198 | const __ops_keydata_t * pub_key, | |||
199 | const bool use_armour, | |||
200 | const bool allow_overwrite) | |||
174 | { | 201 | { | |
175 | int fd_in = 0; | |||
176 | int fd_out = 0; | |||
177 | ||||
178 | __ops_create_info_t *create; | 202 | __ops_create_info_t *create; | |
179 | ||||
180 | unsigned char *buf; | 203 | unsigned char *buf; | |
181 | size_t bufsz; | 204 | size_t bufsz; | |
182 | size_t done; | 205 | size_t done; | |
206 | int fd_in = 0; | |||
207 | int fd_out = 0; | |||
183 | 208 | |||
184 | #ifdef O_BINARY | 209 | #ifdef O_BINARY | |
185 | fd_in = open(input_filename, O_RDONLY | O_BINARY); | 210 | fd_in = open(input_filename, O_RDONLY | O_BINARY); | |
186 | #else | 211 | #else | |
187 | fd_in = open(input_filename, O_RDONLY); | 212 | fd_in = open(input_filename, O_RDONLY); | |
188 | #endif | 213 | #endif | |
189 | if (fd_in < 0) { | 214 | if (fd_in < 0) { | |
190 | perror(input_filename); | 215 | perror(input_filename); | |
191 | return false; | 216 | return false; | |
192 | } | 217 | } | |
193 | fd_out = __ops_setup_file_write(&create, output_filename, allow_overwrite); | 218 | fd_out = __ops_setup_file_write(&create, output_filename, | |
194 | if (fd_out < 0) | 219 | allow_overwrite); | |
220 | if (fd_out < 0) { | |||
195 | return false; | 221 | return false; | |
222 | } | |||
196 | 223 | |||
197 | /* set armoured/not armoured here */ | 224 | /* set armoured/not armoured here */ | |
198 | if (use_armour) | 225 | if (use_armour) { | |
199 | __ops_writer_push_armoured_message(create); | 226 | __ops_writer_push_armoured_message(create); | |
227 | } | |||
200 | 228 | |||
201 | /* Push the encrypted writer */ | 229 | /* Push the encrypted writer */ | |
202 | __ops_writer_push_encrypt_se_ip(create, pub_key); | 230 | __ops_writer_push_encrypt_se_ip(create, pub_key); | |
203 | 231 | |||
204 | /* Do the writing */ | 232 | /* Do the writing */ | |
205 | 233 | |||
206 | buf = NULL; | 234 | buf = NULL; | |
207 | bufsz = 16; | 235 | bufsz = 16; | |
208 | done = 0; | 236 | done = 0; | |
209 | for (;;) { | 237 | for (;;) { | |
210 | int n = 0; | 238 | int n = 0; | |
211 | 239 | |||
212 | buf = realloc(buf, done + bufsz); | 240 | buf = realloc(buf, done + bufsz); | |
213 | 241 | |||
214 | n = read(fd_in, buf + done, bufsz); | 242 | if ((n = read(fd_in, buf + done, bufsz)) == 0) { | |
215 | if (!n) | |||
216 | break; | 243 | break; | |
217 | assert(n >= 0); | 244 | } | |
245 | if (n < 0) { | |||
246 | (void) fprintf(stderr, "Problem in read\n"); | |||
247 | return false; | |||
248 | } | |||
218 | done += n; | 249 | done += n; | |
219 | } | 250 | } | |
220 | 251 | |||
221 | /* This does the writing */ | 252 | /* This does the writing */ | |
222 | __ops_write(buf, done, create); | 253 | __ops_write(buf, done, create); | |
223 | 254 | |||
224 | /* tidy up */ | 255 | /* tidy up */ | |
225 | close(fd_in); | 256 | close(fd_in); | |
226 | free(buf); | 257 | free(buf); | |
227 | __ops_teardown_file_write(create, fd_out); | 258 | __ops_teardown_file_write(create, fd_out); | |
228 | 259 | |||
229 | return true; | 260 | return true; | |
230 | } | 261 | } | |
@@ -298,42 +329,42 @@ __ops_decrypt_file(const char *input_fil | @@ -298,42 +329,42 @@ __ops_decrypt_file(const char *input_fil | |||
298 | /* setup for writing decrypted contents to given output file */ | 329 | /* setup for writing decrypted contents to given output file */ | |
299 | 330 | |||
300 | /* setup keyring and passphrase callback */ | 331 | /* setup keyring and passphrase callback */ | |
301 | parse->cbinfo.cryptinfo.keyring = keyring; | 332 | parse->cbinfo.cryptinfo.keyring = keyring; | |
302 | parse->cbinfo.cryptinfo.cb_get_passphrase = cb_get_passphrase; | 333 | parse->cbinfo.cryptinfo.cb_get_passphrase = cb_get_passphrase; | |
303 | 334 | |||
304 | /* Set up armour/passphrase options */ | 335 | /* Set up armour/passphrase options */ | |
305 | 336 | |||
306 | if (use_armour) | 337 | if (use_armour) | |
307 | __ops_reader_push_dearmour(parse); | 338 | __ops_reader_push_dearmour(parse); | |
308 | 339 | |||
309 | /* Do it */ | 340 | /* Do it */ | |
310 | 341 | |||
311 | __ops_parse_and_print_errors(parse); | 342 | __ops_parse(parse, 1); | |
312 | 343 | |||
313 | /* Unsetup */ | 344 | /* Unsetup */ | |
314 | 345 | |||
315 | if (use_armour) | 346 | if (use_armour) | |
316 | __ops_reader_pop_dearmour(parse); | 347 | __ops_reader_pop_dearmour(parse); | |
317 | 348 | |||
318 | __ops_teardown_file_write(parse->cbinfo.cinfo, fd_out); | 349 | __ops_teardown_file_write(parse->cbinfo.cinfo, fd_out); | |
319 | __ops_teardown_file_read(parse, fd_in); | 350 | __ops_teardown_file_read(parse, fd_in); | |
320 | /* \todo cleardown crypt */ | 351 | /* \todo cleardown crypt */ | |
321 | 352 | |||
322 | return true; | 353 | return true; | |
323 | } | 354 | } | |
324 | 355 | |||
325 | static __ops_parse_cb_return_t | 356 | static __ops_parse_cb_return_t | |
326 | callback_write_parsed(const __ops_parser_content_t *contents, __ops_parse_cb_info_t * cbinfo) | 357 | callback_write_parsed(const __ops_packet_t *contents, __ops_parse_cb_info_t * cbinfo) | |
327 | { | 358 | { | |
328 | const __ops_parser_content_union_t *content = &contents->u; | 359 | const __ops_parser_content_union_t *content = &contents->u; | |
329 | static bool skipping; | 360 | static bool skipping; | |
330 | 361 | |||
331 | OPS_USED(cbinfo); | 362 | OPS_USED(cbinfo); | |
332 | 363 | |||
333 | if (__ops_get_debug_level(__FILE__)) { | 364 | if (__ops_get_debug_level(__FILE__)) { | |
334 | printf("callback_write_parsed: "); | 365 | printf("callback_write_parsed: "); | |
335 | __ops_print_packet(contents); | 366 | __ops_print_packet(contents); | |
336 | } | 367 | } | |
337 | if (contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT && skipping) { | 368 | if (contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT && skipping) { | |
338 | puts("...end of skip"); | 369 | puts("...end of skip"); | |
339 | skipping = false; | 370 | skipping = false; |
--- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c 2009/04/25 01:29:15 1.2
+++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c 2009/05/05 01:28:15 1.3
@@ -13,179 +13,176 @@ | @@ -13,179 +13,176 @@ | |||
13 | * | 13 | * | |
14 | * Unless required by applicable law or agreed to in writing, software | 14 | * Unless required by applicable law or agreed to in writing, software | |
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /** \file | 22 | /** \file | |
23 | */ | 23 | */ | |
24 | #include "config.h" | 24 | #include "config.h" | |
25 | 25 | |||
26 | #include <stdarg.h> | |||
27 | #include <stdio.h> | |||
28 | #include <stdlib.h> | |||
29 | #include <string.h> | |||
30 | ||||
31 | #ifdef HAVE_UNISTD_H | |||
32 | #include <unistd.h> | |||
33 | #endif | |||
34 | ||||
26 | #include <openssl/rand.h> | 35 | #include <openssl/rand.h> | |
27 | 36 | |||
28 | #include "errors.h" | 37 | #include "errors.h" | |
29 | #include "packet.h" | 38 | #include "packet.h" | |
30 | #include "crypto.h" | 39 | #include "crypto.h" | |
31 | #include "create.h" | 40 | #include "create.h" | |
32 | #include "packet-parse.h" | 41 | #include "packet-parse.h" | |
33 | #include "packet-show.h" | 42 | #include "packet-show.h" | |
34 | #include "signature.h" | 43 | #include "signature.h" | |
35 | #include "netpgpsdk.h" | 44 | #include "netpgpsdk.h" | |
36 | #include "netpgpdefs.h" | 45 | #include "netpgpdefs.h" | |
37 | #include "memory.h" | 46 | #include "memory.h" | |
38 | #include "keyring_local.h" | 47 | #include "keyring_local.h" | |
39 | #include "parse_local.h" | 48 | #include "parse_local.h" | |
40 | #include "readerwriter.h" | 49 | #include "readerwriter.h" | |
41 | #include "loccreate.h" | 50 | #include "loccreate.h" | |
42 | #include "version.h" | 51 | #include "version.h" | |
43 | 52 | |||
44 | #ifdef HAVE_ASSERT_H | |||
45 | #include <assert.h> | |||
46 | #endif | |||
47 | ||||
48 | #include <stdarg.h> | |||
49 | #include <stdio.h> | |||
50 | #include <stdlib.h> | |||
51 | #include <string.h> | |||
52 | ||||
53 | #ifdef HAVE_UNISTD_H | |||
54 | #include <unistd.h> | |||
55 | #endif | |||
56 | ||||
57 | #ifdef WIN32 | 53 | #ifdef WIN32 | |
58 | #define vsnprintf _vsnprintf | 54 | #define vsnprintf _vsnprintf | |
59 | #endif | 55 | #endif | |
60 | 56 | |||
61 | typedef struct { | 57 | typedef struct { | |
62 | __ops_keyring_t *keyring; | 58 | __ops_keyring_t *keyring; | |
63 | } accumulate_t; | 59 | } accumulate_t; | |
64 | 60 | |||
65 | /** | 61 | /** | |
66 | * \ingroup Core_Callbacks | 62 | * \ingroup Core_Callbacks | |
67 | */ | 63 | */ | |
68 | static __ops_parse_cb_return_t | 64 | static __ops_parse_cb_return_t | |
69 | accumulate_cb(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo) | 65 | accumulate_cb(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo) | |
70 | { | 66 | { | |
71 | accumulate_t *accumulate = __ops_parse_cb_get_arg(cbinfo); | 67 | accumulate_t *accumulate = __ops_parse_cb_get_arg(cbinfo); | |
72 | const __ops_parser_content_union_t *content = &contents->u; | 68 | const __ops_parser_content_union_t *content = &contents->u; | |
73 | __ops_keyring_t *keyring = accumulate->keyring; | 69 | __ops_keyring_t *keyring = accumulate->keyring; | |
74 | __ops_keydata_t *cur = NULL; | 70 | __ops_keydata_t *cur = NULL; | |
75 | const __ops_public_key_t *pkey; | 71 | const __ops_public_key_t *pkey; | |
76 | 72 | |||
77 | if (keyring->nkeys >= 0) | 73 | if (keyring->nkeys >= 0) | |
78 | cur = &keyring->keys[keyring->nkeys]; | 74 | cur = &keyring->keys[keyring->nkeys]; | |
79 | 75 | |||
80 | switch (contents->tag) { | 76 | switch (contents->tag) { | |
81 | case OPS_PTAG_CT_PUBLIC_KEY: | 77 | case OPS_PTAG_CT_PUBLIC_KEY: | |
82 | case OPS_PTAG_CT_SECRET_KEY: | 78 | case OPS_PTAG_CT_SECRET_KEY: | |
83 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | 79 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | |
84 | if (__ops_get_debug_level(__FILE__)) { | 80 | if (__ops_get_debug_level(__FILE__)) { | |
85 | (void) fprintf(stderr, "New key - tag %d\n", contents->tag); | 81 | (void) fprintf(stderr, "New key - tag %d\n", contents->tag); | |
86 | } | 82 | } | |
87 | ++keyring->nkeys; | 83 | ++keyring->nkeys; | |
88 | EXPAND_ARRAY(keyring, keys); | 84 | EXPAND_ARRAY(keyring, keys); | |
89 | 85 | |||
90 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | 86 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | |
91 | pkey = &content->public_key; | 87 | pkey = &content->pubkey; | |
92 | else | 88 | else | |
93 | pkey = &content->secret_key.public_key; | 89 | pkey = &content->secret_key.pubkey; | |
94 | 90 | |||
95 | (void) memset(&keyring->keys[keyring->nkeys], 0x0, | 91 | (void) memset(&keyring->keys[keyring->nkeys], 0x0, | |
96 | sizeof(keyring->keys[keyring->nkeys])); | 92 | sizeof(keyring->keys[keyring->nkeys])); | |
97 | 93 | |||
98 | __ops_keyid(keyring->keys[keyring->nkeys].key_id, | 94 | __ops_keyid(keyring->keys[keyring->nkeys].key_id, | |
99 | OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, pkey); | 95 | OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, pkey); | |
100 | __ops_fingerprint(&keyring->keys[keyring->nkeys].fingerprint, pkey); | 96 | __ops_fingerprint(&keyring->keys[keyring->nkeys].fingerprint, pkey); | |
101 | 97 | |||
102 | keyring->keys[keyring->nkeys].type = contents->tag; | 98 | keyring->keys[keyring->nkeys].type = contents->tag; | |
103 | 99 | |||
104 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | 100 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | |
105 | keyring->keys[keyring->nkeys].key.pkey = *pkey; | 101 | keyring->keys[keyring->nkeys].key.pkey = *pkey; | |
106 | else | 102 | else | |
107 | keyring->keys[keyring->nkeys].key.skey = content->secret_key; | 103 | keyring->keys[keyring->nkeys].key.skey = content->secret_key; | |
108 | return OPS_KEEP_MEMORY; | 104 | return OPS_KEEP_MEMORY; | |
109 | 105 | |||
110 | case OPS_PTAG_CT_USER_ID: | 106 | case OPS_PTAG_CT_USER_ID: | |
111 | if (__ops_get_debug_level(__FILE__)) { | 107 | if (__ops_get_debug_level(__FILE__)) { | |
112 | (void) fprintf(stderr, "User ID: %s\n", content->user_id.user_id); | 108 | (void) fprintf(stderr, "User ID: %s\n", content->user_id.user_id); | |
113 | } | 109 | } | |
114 | if (!cur) { | 110 | if (!cur) { | |
115 | OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No user id found"); | 111 | OPS_ERROR(cbinfo->errors, OPS_E_P_NO_USERID, "No user id found"); | |
116 | return OPS_KEEP_MEMORY; | 112 | return OPS_KEEP_MEMORY; | |
117 | } | 113 | } | |
118 | /* assert(cur); */ | |||
119 | __ops_add_userid_to_keydata(cur, &content->user_id); | 114 | __ops_add_userid_to_keydata(cur, &content->user_id); | |
120 | return OPS_KEEP_MEMORY; | 115 | return OPS_KEEP_MEMORY; | |
121 | 116 | |||
122 | case OPS_PARSER_PACKET_END: | 117 | case OPS_PARSER_PACKET_END: | |
123 | if (!cur) | 118 | if (!cur) | |
124 | return OPS_RELEASE_MEMORY; | 119 | return OPS_RELEASE_MEMORY; | |
125 | __ops_add_packet_to_keydata(cur, &content->packet); | 120 | __ops_add_packet_to_keydata(cur, &content->packet); | |
126 | return OPS_KEEP_MEMORY; | 121 | return OPS_KEEP_MEMORY; | |
127 | 122 | |||
128 | case OPS_PARSER_ERROR: | 123 | case OPS_PARSER_ERROR: | |
129 | fprintf(stderr, "Error: %s\n", content->error.error); | 124 | (void) fprintf(stderr, "Error: %s\n", content->error.error); | |
130 | assert( /* CONSTCOND */ 0); | 125 | return OPS_FINISHED; | |
131 | break; | |||
132 | 126 | |||
133 | case OPS_PARSER_ERRCODE: | 127 | case OPS_PARSER_ERRCODE: | |
134 | switch (content->errcode.errcode) { | 128 | switch (content->errcode.errcode) { | |
135 | default: | 129 | default: | |
136 | fprintf(stderr, "parse error: %s\n", | 130 | fprintf(stderr, "parse error: %s\n", | |
137 | __ops_errcode(content->errcode.errcode)); | 131 | __ops_errcode(content->errcode.errcode)); | |
138 | /* assert(0); */ | |||
139 | } | 132 | } | |
140 | break; | 133 | break; | |
141 | 134 | |||
142 | default: | 135 | default: | |
143 | break; | 136 | break; | |
144 | } | 137 | } | |
145 | 138 | |||
146 | /* XXX: we now exclude so many things, we should either drop this or */ | 139 | /* XXX: we now exclude so many things, we should either drop this or */ | |
147 | /* do something to pass on copies of the stuff we keep */ | 140 | /* do something to pass on copies of the stuff we keep */ | |
148 | return __ops_parse_stacked_cb(contents, cbinfo); | 141 | return __ops_parse_stacked_cb(contents, cbinfo); | |
149 | } | 142 | } | |
150 | 143 | |||
151 | /** | 144 | /** | |
152 | * \ingroup Core_Parse | 145 | * \ingroup Core_Parse | |
153 | * | 146 | * | |
154 | * Parse packets from an input stream until EOF or error. | 147 | * Parse packets from an input stream until EOF or error. | |
155 | * | 148 | * | |
156 | * Key data found in the parsed data is added to #keyring. | 149 | * Key data found in the parsed data is added to #keyring. | |
157 | * | 150 | * | |
158 | * \param keyring Pointer to an existing keyring | 151 | * \param keyring Pointer to an existing keyring | |
159 | * \param parse Options to use when parsing | 152 | * \param parse Options to use when parsing | |
160 | */ | 153 | */ | |
161 | 154 | |||
162 | int | 155 | int | |
163 | __ops_parse_and_accumulate(__ops_keyring_t * keyring, __ops_parse_info_t *parse) | 156 | __ops_parse_and_accumulate(__ops_keyring_t *keyring, __ops_parse_info_t *parse) | |
164 | { | 157 | { | |
158 | accumulate_t accumulate; | |||
165 | int rtn; | 159 | int rtn; | |
166 | accumulate_t accumulate; | |||
167 | 160 | |||
168 | assert(!parse->rinfo.accumulate); | 161 | if (parse->rinfo.accumulate) { | |
162 | (void) fprintf(stderr, | |||
163 | "__ops_parse_and_accumulate: already init\n"); | |||
164 | return 0; | |||
165 | } | |||
169 | 166 | |||
170 | (void) memset(&accumulate, 0x0, sizeof(accumulate)); | 167 | (void) memset(&accumulate, 0x0, sizeof(accumulate)); | |
171 | 168 | |||
172 | accumulate.keyring = keyring; | 169 | accumulate.keyring = keyring; | |
173 | /* Kinda weird, but to do with counting, and we put it back after */ | 170 | /* Kinda weird, but to do with counting, and we put it back after */ | |
174 | keyring->nkeys -= 1; | 171 | keyring->nkeys -= 1; | |
175 | 172 | |||
176 | __ops_parse_cb_push(parse, accumulate_cb, &accumulate); | 173 | __ops_parse_cb_push(parse, accumulate_cb, &accumulate); | |
177 | parse->rinfo.accumulate = true; | 174 | parse->rinfo.accumulate = true; | |
178 | rtn = __ops_parse(parse); | 175 | rtn = __ops_parse(parse, 0); | |
179 | 176 | |||
180 | keyring->nkeys += 1; | 177 | keyring->nkeys += 1; | |
181 | 178 | |||
182 | return rtn; | 179 | return rtn; | |
183 | } | 180 | } | |
184 | 181 | |||
185 | static void | 182 | static void | |
186 | dump_one_keydata(const __ops_keydata_t * key) | 183 | dump_one_keydata(const __ops_keydata_t * key) | |
187 | { | 184 | { | |
188 | unsigned n; | 185 | unsigned n; | |
189 | 186 | |||
190 | printf("Key ID: "); | 187 | printf("Key ID: "); | |
191 | hexdump(key->key_id, OPS_KEY_ID_SIZE, ""); | 188 | hexdump(key->key_id, OPS_KEY_ID_SIZE, ""); | |
@@ -297,37 +294,41 @@ __ops_errcode(const __ops_errcode_t errc | @@ -297,37 +294,41 @@ __ops_errcode(const __ops_errcode_t errc | |||
297 | * | 294 | * | |
298 | */ | 295 | */ | |
299 | 296 | |||
300 | void | 297 | void | |
301 | __ops_push_error(__ops_error_t ** errstack, __ops_errcode_t errcode, int sys_errno, | 298 | __ops_push_error(__ops_error_t ** errstack, __ops_errcode_t errcode, int sys_errno, | |
302 | const char *file, int line, const char *fmt,...) | 299 | const char *file, int line, const char *fmt,...) | |
303 | { | 300 | { | |
304 | /* first get the varargs and generate the comment */ | 301 | /* first get the varargs and generate the comment */ | |
305 | __ops_error_t *err; | 302 | __ops_error_t *err; | |
306 | unsigned maxbuf = 128; | 303 | unsigned maxbuf = 128; | |
307 | va_list args; | 304 | va_list args; | |
308 | char *comment; | 305 | char *comment; | |
309 | 306 | |||
310 | comment = calloc(1, maxbuf + 1); | 307 | if ((comment = calloc(1, maxbuf + 1)) == NULL) { | |
311 | assert(comment); | 308 | (void) fprintf(stderr, "calloc comment failure\n"); | |
309 | return; | |||
310 | } | |||
312 | 311 | |||
313 | va_start(args, fmt); | 312 | va_start(args, fmt); | |
314 | vsnprintf(comment, maxbuf + 1, fmt, args); | 313 | vsnprintf(comment, maxbuf + 1, fmt, args); | |
315 | va_end(args); | 314 | va_end(args); | |
316 | 315 | |||
317 | /* alloc a new error and add it to the top of the stack */ | 316 | /* alloc a new error and add it to the top of the stack */ | |
318 | 317 | |||
319 | err = calloc(1, sizeof(__ops_error_t)); | 318 | if ((err = calloc(1, sizeof(__ops_error_t))) == NULL) { | |
320 | assert(err); | 319 | (void) fprintf(stderr, "calloc comment failure\n"); | |
320 | return; | |||
321 | } | |||
321 | 322 | |||
322 | err->next = *errstack; | 323 | err->next = *errstack; | |
323 | *errstack = err; | 324 | *errstack = err; | |
324 | 325 | |||
325 | /* fill in the details */ | 326 | /* fill in the details */ | |
326 | err->errcode = errcode; | 327 | err->errcode = errcode; | |
327 | err->sys_errno = sys_errno; | 328 | err->sys_errno = sys_errno; | |
328 | err->file = file; | 329 | err->file = file; | |
329 | err->line = line; | 330 | err->line = line; | |
330 | 331 | |||
331 | err->comment = comment; | 332 | err->comment = comment; | |
332 | } | 333 | } | |
333 | 334 | |||
@@ -404,29 +405,33 @@ __ops_free_errors(__ops_error_t * errsta | @@ -404,29 +405,33 @@ __ops_free_errors(__ops_error_t * errsta | |||
404 | * \brief Calculate a public key fingerprint. | 405 | * \brief Calculate a public key fingerprint. | |
405 | * \param fp Where to put the calculated fingerprint | 406 | * \param fp Where to put the calculated fingerprint | |
406 | * \param key The key for which the fingerprint is calculated | 407 | * \param key The key for which the fingerprint is calculated | |
407 | */ | 408 | */ | |
408 | 409 | |||
409 | void | 410 | void | |
410 | __ops_fingerprint(__ops_fingerprint_t * fp, const __ops_public_key_t * key) | 411 | __ops_fingerprint(__ops_fingerprint_t * fp, const __ops_public_key_t * key) | |
411 | { | 412 | { | |
412 | if (key->version == 2 || key->version == 3) { | 413 | if (key->version == 2 || key->version == 3) { | |
413 | unsigned char *bn; | 414 | unsigned char *bn; | |
414 | size_t n; | 415 | size_t n; | |
415 | __ops_hash_t md5; | 416 | __ops_hash_t md5; | |
416 | 417 | |||
417 | assert(key->algorithm == OPS_PKA_RSA | 418 | if (key->algorithm != OPS_PKA_RSA && | |
418 | || key->algorithm == OPS_PKA_RSA_ENCRYPT_ONLY | 419 | key->algorithm != OPS_PKA_RSA_ENCRYPT_ONLY && | |
419 | || key->algorithm == OPS_PKA_RSA_SIGN_ONLY); | 420 | key->algorithm != OPS_PKA_RSA_SIGN_ONLY) { | |
421 | (void) fprintf(stderr, | |||
422 | "__ops_fingerprint: bad algorithm\n"); | |||
423 | return; | |||
424 | } | |||
420 | 425 | |||
421 | __ops_hash_md5(&md5); | 426 | __ops_hash_md5(&md5); | |
422 | md5.init(&md5); | 427 | md5.init(&md5); | |
423 | 428 | |||
424 | n = BN_num_bytes(key->key.rsa.n); | 429 | n = BN_num_bytes(key->key.rsa.n); | |
425 | bn = calloc(1, n); | 430 | bn = calloc(1, n); | |
426 | BN_bn2bin(key->key.rsa.n, bn); | 431 | BN_bn2bin(key->key.rsa.n, bn); | |
427 | md5.add(&md5, bn, n); | 432 | md5.add(&md5, bn, n); | |
428 | (void) free(bn); | 433 | (void) free(bn); | |
429 | 434 | |||
430 | n = BN_num_bytes(key->key.rsa.e); | 435 | n = BN_num_bytes(key->key.rsa.e); | |
431 | bn = calloc(1, n); | 436 | bn = calloc(1, n); | |
432 | BN_bn2bin(key->key.rsa.e, bn); | 437 | BN_bn2bin(key->key.rsa.e, bn); | |
@@ -469,30 +474,36 @@ __ops_fingerprint(__ops_fingerprint_t * | @@ -469,30 +474,36 @@ __ops_fingerprint(__ops_fingerprint_t * | |||
469 | * \brief Calculate the Key ID from the public key. | 474 | * \brief Calculate the Key ID from the public key. | |
470 | * \param keyid Space for the calculated ID to be stored | 475 | * \param keyid Space for the calculated ID to be stored | |
471 | * \param key The key for which the ID is calculated | 476 | * \param key The key for which the ID is calculated | |
472 | */ | 477 | */ | |
473 | 478 | |||
474 | void | 479 | void | |
475 | __ops_keyid(unsigned char *keyid, const size_t idlen, const int last, | 480 | __ops_keyid(unsigned char *keyid, const size_t idlen, const int last, | |
476 | const __ops_public_key_t *key) | 481 | const __ops_public_key_t *key) | |
477 | { | 482 | { | |
478 | if (key->version == 2 || key->version == 3) { | 483 | if (key->version == 2 || key->version == 3) { | |
479 | unsigned char bn[NETPGP_BUFSIZ]; | 484 | unsigned char bn[NETPGP_BUFSIZ]; | |
480 | unsigned n = BN_num_bytes(key->key.rsa.n); | 485 | unsigned n = BN_num_bytes(key->key.rsa.n); | |
481 | 486 | |||
482 | assert(n <= sizeof(bn)); | 487 | if (n > sizeof(bn)) { | |
483 | assert(key->algorithm == OPS_PKA_RSA | 488 | (void) fprintf(stderr, "__ops_keyid: bad num bytes\n"); | |
484 | || key->algorithm == OPS_PKA_RSA_ENCRYPT_ONLY | 489 | return; | |
485 | || key->algorithm == OPS_PKA_RSA_SIGN_ONLY); | 490 | } | |
491 | if (key->algorithm != OPS_PKA_RSA && | |||
492 | key->algorithm != OPS_PKA_RSA_ENCRYPT_ONLY && | |||
493 | key->algorithm != OPS_PKA_RSA_SIGN_ONLY) { | |||
494 | (void) fprintf(stderr, "__ops_keyid: bad algorithm\n"); | |||
495 | return; | |||
496 | } | |||
486 | BN_bn2bin(key->key.rsa.n, bn); | 497 | BN_bn2bin(key->key.rsa.n, bn); | |
487 | (void) memcpy(keyid, (last == 0) ? bn : bn + n - idlen, idlen); | 498 | (void) memcpy(keyid, (last == 0) ? bn : bn + n - idlen, idlen); | |
488 | } else { | 499 | } else { | |
489 | __ops_fingerprint_t finger; | 500 | __ops_fingerprint_t finger; | |
490 | 501 | |||
491 | __ops_fingerprint(&finger, key); | 502 | __ops_fingerprint(&finger, key); | |
492 | (void) memcpy(keyid, | 503 | (void) memcpy(keyid, | |
493 | (last == 0) ? finger.fingerprint : | 504 | (last == 0) ? finger.fingerprint : | |
494 | finger.fingerprint + finger.length - idlen, | 505 | finger.fingerprint + finger.length - idlen, | |
495 | idlen); | 506 | idlen); | |
496 | } | 507 | } | |
497 | } | 508 | } | |
498 | 509 | |||
@@ -539,27 +550,27 @@ __ops_hash_any(__ops_hash_t * hash, __op | @@ -539,27 +550,27 @@ __ops_hash_any(__ops_hash_t * hash, __op | |||
539 | case OPS_HASH_SHA384: | 550 | case OPS_HASH_SHA384: | |
540 | __ops_hash_sha384(hash); | 551 | __ops_hash_sha384(hash); | |
541 | break; | 552 | break; | |
542 | 553 | |||
543 | case OPS_HASH_SHA512: | 554 | case OPS_HASH_SHA512: | |
544 | __ops_hash_sha512(hash); | 555 | __ops_hash_sha512(hash); | |
545 | break; | 556 | break; | |
546 | 557 | |||
547 | case OPS_HASH_SHA224: | 558 | case OPS_HASH_SHA224: | |
548 | __ops_hash_sha224(hash); | 559 | __ops_hash_sha224(hash); | |
549 | break; | 560 | break; | |
550 | 561 | |||
551 | default: | 562 | default: | |
552 | assert( /* CONSTCOND */ 0); | 563 | (void) fprintf(stderr, "__ops_hash_any: bad algorithm\n"); | |
553 | } | 564 | } | |
554 | } | 565 | } | |
555 | 566 | |||
556 | /** | 567 | /** | |
557 | \ingroup Core_Hashes | 568 | \ingroup Core_Hashes | |
558 | \brief Returns size of hash for given hash algorithm | 569 | \brief Returns size of hash for given hash algorithm | |
559 | \param alg Hash algorithm to use | 570 | \param alg Hash algorithm to use | |
560 | \return Size of hash algorithm in bytes | 571 | \return Size of hash algorithm in bytes | |
561 | */ | 572 | */ | |
562 | unsigned | 573 | unsigned | |
563 | __ops_hash_size(__ops_hash_algorithm_t alg) | 574 | __ops_hash_size(__ops_hash_algorithm_t alg) | |
564 | { | 575 | { | |
565 | switch (alg) { | 576 | switch (alg) { | |
@@ -572,27 +583,27 @@ __ops_hash_size(__ops_hash_algorithm_t a | @@ -572,27 +583,27 @@ __ops_hash_size(__ops_hash_algorithm_t a | |||
572 | case OPS_HASH_SHA256: | 583 | case OPS_HASH_SHA256: | |
573 | return 32; | 584 | return 32; | |
574 | 585 | |||
575 | case OPS_HASH_SHA224: | 586 | case OPS_HASH_SHA224: | |
576 | return 28; | 587 | return 28; | |
577 | 588 | |||
578 | case OPS_HASH_SHA512: | 589 | case OPS_HASH_SHA512: | |
579 | return 64; | 590 | return 64; | |
580 | 591 | |||
581 | case OPS_HASH_SHA384: | 592 | case OPS_HASH_SHA384: | |
582 | return 48; | 593 | return 48; | |
583 | 594 | |||
584 | default: | 595 | default: | |
585 | assert( /* CONSTCOND */ 0); | 596 | (void) fprintf(stderr, "__ops_hash_size: bad algorithm\n"); | |
586 | } | 597 | } | |
587 | 598 | |||
588 | return 0; | 599 | return 0; | |
589 | } | 600 | } | |
590 | 601 | |||
591 | /** | 602 | /** | |
592 | \ingroup Core_Hashes | 603 | \ingroup Core_Hashes | |
593 | \brief Returns hash enum corresponding to given string | 604 | \brief Returns hash enum corresponding to given string | |
594 | \param hash Text name of hash algorithm i.e. "SHA1" | 605 | \param hash Text name of hash algorithm i.e. "SHA1" | |
595 | \returns Corresponding enum i.e. OPS_HASH_SHA1 | 606 | \returns Corresponding enum i.e. OPS_HASH_SHA1 | |
596 | */ | 607 | */ | |
597 | __ops_hash_algorithm_t | 608 | __ops_hash_algorithm_t | |
598 | __ops_hash_algorithm_from_text(const char *hash) | 609 | __ops_hash_algorithm_from_text(const char *hash) | |
@@ -738,59 +749,68 @@ __ops_memory_init(__ops_memory_t * mem, | @@ -738,59 +749,68 @@ __ops_memory_init(__ops_memory_t * mem, | |||
738 | mem->buf = calloc(1, needed); | 749 | mem->buf = calloc(1, needed); | |
739 | mem->allocated = needed; | 750 | mem->allocated = needed; | |
740 | } | 751 | } | |
741 | 752 | |||
742 | /** | 753 | /** | |
743 | \ingroup HighLevel_Memory | 754 | \ingroup HighLevel_Memory | |
744 | \brief Pad memory to required length | 755 | \brief Pad memory to required length | |
745 | \param mem Memory to use | 756 | \param mem Memory to use | |
746 | \param length New size | 757 | \param length New size | |
747 | */ | 758 | */ | |
748 | void | 759 | void | |
749 | __ops_memory_pad(__ops_memory_t * mem, size_t length) | 760 | __ops_memory_pad(__ops_memory_t * mem, size_t length) | |
750 | { | 761 | { | |
751 | assert(mem->allocated >= mem->length); | 762 | if (mem->allocated < mem->length) { | |
763 | (void) fprintf(stderr, "__ops_memory_pad: bad alloc in\n"); | |||
764 | return; | |||
765 | } | |||
752 | if (mem->allocated < mem->length + length) { | 766 | if (mem->allocated < mem->length + length) { | |
753 | mem->allocated = mem->allocated * 2 + length; | 767 | mem->allocated = mem->allocated * 2 + length; | |
754 | mem->buf = realloc(mem->buf, mem->allocated); | 768 | mem->buf = realloc(mem->buf, mem->allocated); | |
755 | } | 769 | } | |
756 | assert(mem->allocated >= mem->length + length); | 770 | if (mem->allocated < mem->length + length) { | |
771 | (void) fprintf(stderr, "__ops_memory_pad: bad alloc out\n"); | |||
772 | } | |||
757 | } | 773 | } | |
758 | 774 | |||
759 | /** | 775 | /** | |
760 | \ingroup HighLevel_Memory | 776 | \ingroup HighLevel_Memory | |
761 | \brief Add data to memory | 777 | \brief Add data to memory | |
762 | \param mem Memory to which to add | 778 | \param mem Memory to which to add | |
763 | \param src Data to add | 779 | \param src Data to add | |
764 | \param length Length of data to add | 780 | \param length Length of data to add | |
765 | */ | 781 | */ | |
766 | void | 782 | void | |
767 | __ops_memory_add(__ops_memory_t * mem, const unsigned char *src, size_t length) | 783 | __ops_memory_add(__ops_memory_t * mem, const unsigned char *src, size_t length) | |
768 | { | 784 | { | |
769 | __ops_memory_pad(mem, length); | 785 | __ops_memory_pad(mem, length); | |
770 | (void) memcpy(mem->buf + mem->length, src, length); | 786 | (void) memcpy(mem->buf + mem->length, src, length); | |
771 | mem->length += length; | 787 | mem->length += length; | |
772 | } | 788 | } | |
773 | 789 | |||
774 | /* XXX: this could be refactored via the writer, but an awful lot of */ | 790 | /* XXX: this could be refactored via the writer, but an awful lot of */ | |
775 | /* hoops to jump through for 2 lines of code! */ | 791 | /* hoops to jump through for 2 lines of code! */ | |
776 | void | 792 | void | |
777 | __ops_memory_place_int(__ops_memory_t * mem, unsigned offset, unsigned n, | 793 | __ops_memory_place_int(__ops_memory_t * mem, unsigned offset, unsigned n, | |
778 | size_t length) | 794 | size_t length) | |
779 | { | 795 | { | |
780 | assert(mem->allocated >= offset + length); | 796 | if (mem->allocated < offset + length) { | |
781 | 797 | (void) fprintf(stderr, | ||
782 | while (length--) | 798 | "__ops_memory_place_int: bad alloc\n"); | |
783 | mem->buf[offset++] = n >> (length * 8); | 799 | } else { | |
800 | while (length--) { | |||
801 | mem->buf[offset++] = n >> (length * 8); | |||
802 | } | |||
803 | } | |||
784 | } | 804 | } | |
785 | 805 | |||
786 | /** | 806 | /** | |
787 | * \ingroup HighLevel_Memory | 807 | * \ingroup HighLevel_Memory | |
788 | * \brief Retains allocated memory and set length of stored data to zero. | 808 | * \brief Retains allocated memory and set length of stored data to zero. | |
789 | * \param mem Memory to clear | 809 | * \param mem Memory to clear | |
790 | * \sa __ops_memory_release() | 810 | * \sa __ops_memory_release() | |
791 | * \sa __ops_memory_free() | 811 | * \sa __ops_memory_free() | |
792 | */ | 812 | */ | |
793 | void | 813 | void | |
794 | __ops_memory_clear(__ops_memory_t * mem) | 814 | __ops_memory_clear(__ops_memory_t * mem) | |
795 | { | 815 | { | |
796 | mem->length = 0; | 816 | mem->length = 0; |
--- src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c 2009/04/25 01:29:15 1.2
+++ src/crypto/external/bsd/netpgp/dist/src/lib/symmetric.c 2009/05/05 01:28:15 1.3
@@ -15,30 +15,26 @@ | @@ -15,30 +15,26 @@ | |||
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | #include "config.h" | 21 | #include "config.h" | |
22 | 22 | |||
23 | #include "crypto.h" | 23 | #include "crypto.h" | |
24 | #include "packet-show.h" | 24 | #include "packet-show.h" | |
25 | 25 | |||
26 | #include <string.h> | 26 | #include <string.h> | |
27 | 27 | |||
28 | #ifdef HAVE_ASSERT_H | |||
29 | #include <assert.h> | |||
30 | #endif | |||
31 | ||||
32 | #ifdef HAVE_OPENSSL_CAST_H | 28 | #ifdef HAVE_OPENSSL_CAST_H | |
33 | #include <openssl/cast.h> | 29 | #include <openssl/cast.h> | |
34 | #endif | 30 | #endif | |
35 | 31 | |||
36 | #ifdef HAVE_OPENSSL_IDEA_H | 32 | #ifdef HAVE_OPENSSL_IDEA_H | |
37 | #include <openssl/idea.h> | 33 | #include <openssl/idea.h> | |
38 | #endif | 34 | #endif | |
39 | 35 | |||
40 | #ifdef HAVE_OPENSSL_AES_H | 36 | #ifdef HAVE_OPENSSL_AES_H | |
41 | #include <openssl/aes.h> | 37 | #include <openssl/aes.h> | |
42 | #endif | 38 | #endif | |
43 | 39 | |||
44 | #ifdef HAVE_OPENSSL_DES_H | 40 | #ifdef HAVE_OPENSSL_DES_H | |
@@ -140,37 +136,42 @@ static __ops_crypt_t cast5 = | @@ -140,37 +136,42 @@ static __ops_crypt_t cast5 = | |||
140 | std_resync, | 136 | std_resync, | |
141 | cast5_block_encrypt, | 137 | cast5_block_encrypt, | |
142 | cast5_block_decrypt, | 138 | cast5_block_decrypt, | |
143 | cast5_cfb_encrypt, | 139 | cast5_cfb_encrypt, | |
144 | cast5_cfb_decrypt, | 140 | cast5_cfb_decrypt, | |
145 | std_finish, | 141 | std_finish, | |
146 | TRAILER | 142 | TRAILER | |
147 | }; | 143 | }; | |
148 | 144 | |||
149 | #ifndef OPENSSL_NO_IDEA | 145 | #ifndef OPENSSL_NO_IDEA | |
150 | static void | 146 | static void | |
151 | idea_init(__ops_crypt_t * crypt) | 147 | idea_init(__ops_crypt_t * crypt) | |
152 | { | 148 | { | |
153 | assert(crypt->keysize == IDEA_KEY_LENGTH); | 149 | if (crypt->keysize != IDEA_KEY_LENGTH) { | |
150 | (void) fprintf(stderr, "idea_init: keysize wrong\n"); | |||
151 | return; | |||
152 | } | |||
154 | 153 | |||
155 | if (crypt->encrypt_key) | 154 | if (crypt->encrypt_key) { | |
156 | free(crypt->encrypt_key); | 155 | (void) free(crypt->encrypt_key); | |
156 | } | |||
157 | crypt->encrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE)); | 157 | crypt->encrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE)); | |
158 | 158 | |||
159 | /* note that we don't invert the key when decrypting for CFB mode */ | 159 | /* note that we don't invert the key when decrypting for CFB mode */ | |
160 | idea_set_encrypt_key(crypt->key, crypt->encrypt_key); | 160 | idea_set_encrypt_key(crypt->key, crypt->encrypt_key); | |
161 | 161 | |||
162 | if (crypt->decrypt_key) | 162 | if (crypt->decrypt_key) { | |
163 | free(crypt->decrypt_key); | 163 | (void) free(crypt->decrypt_key); | |
164 | } | |||
164 | crypt->decrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE)); | 165 | crypt->decrypt_key = calloc(1, sizeof(IDEA_KEY_SCHEDULE)); | |
165 | 166 | |||
166 | idea_set_decrypt_key(crypt->encrypt_key, crypt->decrypt_key); | 167 | idea_set_decrypt_key(crypt->encrypt_key, crypt->decrypt_key); | |
167 | } | 168 | } | |
168 | 169 | |||
169 | static void | 170 | static void | |
170 | idea_block_encrypt(__ops_crypt_t * crypt, void *out, const void *in) | 171 | idea_block_encrypt(__ops_crypt_t * crypt, void *out, const void *in) | |
171 | { | 172 | { | |
172 | idea_ecb_encrypt(in, out, crypt->encrypt_key); | 173 | idea_ecb_encrypt(in, out, crypt->encrypt_key); | |
173 | } | 174 | } | |
174 | 175 | |||
175 | static void | 176 | static void | |
176 | idea_block_decrypt(__ops_crypt_t * crypt, void *out, const void *in) | 177 | idea_block_decrypt(__ops_crypt_t * crypt, void *out, const void *in) | |
@@ -398,101 +399,99 @@ get_proto(__ops_symmetric_algorithm_t al | @@ -398,101 +399,99 @@ get_proto(__ops_symmetric_algorithm_t al | |||
398 | return &idea; | 399 | return &idea; | |
399 | #endif /* OPENSSL_NO_IDEA */ | 400 | #endif /* OPENSSL_NO_IDEA */ | |
400 | 401 | |||
401 | case OPS_SA_AES_128: | 402 | case OPS_SA_AES_128: | |
402 | return &aes128; | 403 | return &aes128; | |
403 | 404 | |||
404 | case OPS_SA_AES_256: | 405 | case OPS_SA_AES_256: | |
405 | return &aes256; | 406 | return &aes256; | |
406 | 407 | |||
407 | case OPS_SA_TRIPLEDES: | 408 | case OPS_SA_TRIPLEDES: | |
408 | return &tripledes; | 409 | return &tripledes; | |
409 | 410 | |||
410 | default: | 411 | default: | |
411 | fprintf(stderr, "Unknown algorithm: %d (%s)\n", alg, __ops_show_symmetric_algorithm(alg)); | 412 | (void) fprintf(stderr, "Unknown algorithm: %d (%s)\n", | |
412 | /* assert(0); */ | 413 | alg, __ops_show_symmetric_algorithm(alg)); | |
413 | } | 414 | } | |
414 | 415 | |||
415 | return NULL; | 416 | return NULL; | |
416 | } | 417 | } | |
417 | 418 | |||
418 | int | 419 | int | |
419 | __ops_crypt_any(__ops_crypt_t * crypt, __ops_symmetric_algorithm_t alg) | 420 | __ops_crypt_any(__ops_crypt_t * crypt, __ops_symmetric_algorithm_t alg) | |
420 | { | 421 | { | |
421 | const __ops_crypt_t *ptr = get_proto(alg); | 422 | const __ops_crypt_t *ptr = get_proto(alg); | |
423 | ||||
422 | if (ptr) { | 424 | if (ptr) { | |
423 | *crypt = *ptr; | 425 | *crypt = *ptr; | |
424 | return 1; | 426 | return 1; | |
425 | } else { | 427 | } else { | |
426 | (void) memset(crypt, 0x0, sizeof(*crypt)); | 428 | (void) memset(crypt, 0x0, sizeof(*crypt)); | |
427 | return 0; | 429 | return 0; | |
428 | } | 430 | } | |
429 | } | 431 | } | |
430 | 432 | |||
431 | unsigned | 433 | unsigned | |
432 | __ops_block_size(__ops_symmetric_algorithm_t alg) | 434 | __ops_block_size(__ops_symmetric_algorithm_t alg) | |
433 | { | 435 | { | |
434 | const __ops_crypt_t *p = get_proto(alg); | 436 | const __ops_crypt_t *p = get_proto(alg); | |
435 | 437 | |||
436 | if (!p) | 438 | return (p == NULL) ? 0 : p->blocksize; | |
437 | return 0; | |||
438 | ||||
439 | return p->blocksize; | |||
440 | } | 439 | } | |
441 | 440 | |||
442 | unsigned | 441 | unsigned | |
443 | __ops_key_size(__ops_symmetric_algorithm_t alg) | 442 | __ops_key_size(__ops_symmetric_algorithm_t alg) | |
444 | { | 443 | { | |
445 | const __ops_crypt_t *p = get_proto(alg); | 444 | const __ops_crypt_t *p = get_proto(alg); | |
446 | 445 | |||
447 | if (!p) | 446 | return (p == NULL) ? 0 : p->keysize; | |
448 | return 0; | |||
449 | ||||
450 | return p->keysize; | |||
451 | } | 447 | } | |
452 | 448 | |||
453 | void | 449 | void | |
454 | __ops_encrypt_init(__ops_crypt_t * encrypt) | 450 | __ops_encrypt_init(__ops_crypt_t * encrypt) | |
455 | { | 451 | { | |
456 | /* \todo should there be a separate __ops_encrypt_init? */ | 452 | /* \todo should there be a separate __ops_encrypt_init? */ | |
457 | __ops_decrypt_init(encrypt); | 453 | __ops_decrypt_init(encrypt); | |
458 | } | 454 | } | |
459 | 455 | |||
460 | void | 456 | void | |
461 | __ops_decrypt_init(__ops_crypt_t * decrypt) | 457 | __ops_decrypt_init(__ops_crypt_t * decrypt) | |
462 | { | 458 | { | |
463 | decrypt->base_init(decrypt); | 459 | decrypt->base_init(decrypt); | |
464 | decrypt->block_encrypt(decrypt, decrypt->siv, decrypt->iv); | 460 | decrypt->block_encrypt(decrypt, decrypt->siv, decrypt->iv); | |
465 | (void) memcpy(decrypt->civ, decrypt->siv, decrypt->blocksize); | 461 | (void) memcpy(decrypt->civ, decrypt->siv, decrypt->blocksize); | |
466 | decrypt->num = 0; | 462 | decrypt->num = 0; | |
467 | } | 463 | } | |
468 | 464 | |||
469 | size_t | 465 | size_t | |
470 | __ops_decrypt_se(__ops_crypt_t * decrypt, void *outvoid, const void *invoid, size_t count) | 466 | __ops_decrypt_se(__ops_crypt_t * decrypt, void *outvoid, const void *invoid, | |
467 | size_t count) | |||
471 | { | 468 | { | |
472 | unsigned char *out = outvoid; | 469 | unsigned char *out = outvoid; | |
473 | const unsigned char *in = invoid; | 470 | const unsigned char *in = invoid; | |
474 | int saved = count; | 471 | int saved = count; | |
475 | 472 | |||
476 | /* | 473 | /* | |
477 | * in order to support v3's weird resyncing we have to implement CFB | 474 | * in order to support v3's weird resyncing we have to implement CFB | |
478 | * mode ourselves | 475 | * mode ourselves | |
479 | */ | 476 | */ | |
480 | while (count-- > 0) { | 477 | while (count-- > 0) { | |
481 | unsigned char t; | 478 | unsigned char t; | |
482 | 479 | |||
483 | if ((size_t) decrypt->num == decrypt->blocksize) { | 480 | if ((size_t) decrypt->num == decrypt->blocksize) { | |
484 | (void) memcpy(decrypt->siv, decrypt->civ, decrypt->blocksize); | 481 | (void) memcpy(decrypt->siv, decrypt->civ, | |
485 | decrypt->block_decrypt(decrypt, decrypt->civ, decrypt->civ); | 482 | decrypt->blocksize); | |
483 | decrypt->block_decrypt(decrypt, decrypt->civ, | |||
484 | decrypt->civ); | |||
486 | decrypt->num = 0; | 485 | decrypt->num = 0; | |
487 | } | 486 | } | |
488 | t = decrypt->civ[decrypt->num]; | 487 | t = decrypt->civ[decrypt->num]; | |
489 | *out++ = t ^ (decrypt->civ[decrypt->num++] = *in++); | 488 | *out++ = t ^ (decrypt->civ[decrypt->num++] = *in++); | |
490 | } | 489 | } | |
491 | 490 | |||
492 | return saved; | 491 | return saved; | |
493 | } | 492 | } | |
494 | 493 | |||
495 | size_t | 494 | size_t | |
496 | __ops_encrypt_se(__ops_crypt_t * encrypt, void *outvoid, const void *invoid, | 495 | __ops_encrypt_se(__ops_crypt_t * encrypt, void *outvoid, const void *invoid, | |
497 | size_t count) | 496 | size_t count) | |
498 | { | 497 | { |
--- src/crypto/external/bsd/netpgp/dist/src/lib/writer.c 2009/04/25 01:29:15 1.2
+++ src/crypto/external/bsd/netpgp/dist/src/lib/writer.c 2009/05/05 01:28:16 1.3
@@ -20,60 +20,54 @@ | @@ -20,60 +20,54 @@ | |||
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /** \file | 22 | /** \file | |
23 | * This file contains the base functions used by the writers. | 23 | * This file contains the base functions used by the writers. | |
24 | */ | 24 | */ | |
25 | #include "config.h" | 25 | #include "config.h" | |
26 | 26 | |||
27 | #include <sys/types.h> | 27 | #include <sys/types.h> | |
28 | 28 | |||
29 | #ifdef HAVE_SYS_UIO_H | 29 | #ifdef HAVE_SYS_UIO_H | |
30 | #include <sys/uio.h> | 30 | #include <sys/uio.h> | |
31 | #endif | 31 | #endif | |
32 | 32 | |||
33 | #ifdef HAVE_FCNTL_H | |||
34 | #include <fcntl.h> | |||
35 | #endif | |||
36 | ||||
37 | #include <stdlib.h> | |||
38 | #include <string.h> | |||
39 | ||||
40 | #ifdef HAVE_UNISTD_H | |||
41 | #include <unistd.h> | |||
42 | #endif | |||
43 | ||||
33 | #ifdef HAVE_OPENSSL_CAST_H | 44 | #ifdef HAVE_OPENSSL_CAST_H | |
34 | #include <openssl/cast.h> | 45 | #include <openssl/cast.h> | |
35 | #endif | 46 | #endif | |
36 | 47 | |||
37 | #include "create.h" | 48 | #include "create.h" | |
38 | #include "writer.h" | 49 | #include "writer.h" | |
39 | #include "keyring.h" | 50 | #include "keyring.h" | |
40 | #include "signature.h" | 51 | #include "signature.h" | |
41 | #include "packet.h" | 52 | #include "packet.h" | |
42 | #include "packet-parse.h" | 53 | #include "packet-parse.h" | |
43 | 54 | |||
44 | #include "readerwriter.h" | 55 | #include "readerwriter.h" | |
45 | #include "memory.h" | 56 | #include "memory.h" | |
46 | #include "netpgpdefs.h" | 57 | #include "netpgpdefs.h" | |
47 | #include "keyring_local.h" | 58 | #include "keyring_local.h" | |
48 | #include "version.h" | 59 | #include "version.h" | |
49 | 60 | |||
50 | #ifdef HAVE_ASSERT_H | |||
51 | #include <assert.h> | |||
52 | #endif | |||
53 | ||||
54 | #include <fcntl.h> | |||
55 | ||||
56 | #include <stdlib.h> | |||
57 | #include <string.h> | |||
58 | ||||
59 | #ifdef HAVE_UNISTD_H | |||
60 | #include <unistd.h> | |||
61 | #endif | |||
62 | ||||
63 | #ifdef HAVE_OPENSSL_CAST_H | |||
64 | #include <openssl/cast.h> | |||
65 | #endif | |||
66 | ||||
67 | 61 | |||
68 | /* | 62 | /* | |
69 | * return true if OK, otherwise false | 63 | * return true if OK, otherwise false | |
70 | */ | 64 | */ | |
71 | static bool | 65 | static bool | |
72 | base_write(const void *src, unsigned length, __ops_create_info_t * info) | 66 | base_write(const void *src, unsigned length, __ops_create_info_t * info) | |
73 | { | 67 | { | |
74 | return info->winfo.writer(src, length, &info->errors, &info->winfo); | 68 | return info->winfo.writer(src, length, &info->errors, &info->winfo); | |
75 | } | 69 | } | |
76 | 70 | |||
77 | /** | 71 | /** | |
78 | * \ingroup Core_WritePackets | 72 | * \ingroup Core_WritePackets | |
79 | * | 73 | * | |
@@ -114,27 +108,30 @@ __ops_write_scalar(unsigned n, unsigned | @@ -114,27 +108,30 @@ __ops_write_scalar(unsigned n, unsigned | |||
114 | /** | 108 | /** | |
115 | * \ingroup Core_WritePackets | 109 | * \ingroup Core_WritePackets | |
116 | * \param bn | 110 | * \param bn | |
117 | * \param info | 111 | * \param info | |
118 | * \return 1 if OK, otherwise 0 | 112 | * \return 1 if OK, otherwise 0 | |
119 | */ | 113 | */ | |
120 | 114 | |||
121 | bool | 115 | bool | |
122 | __ops_write_mpi(const BIGNUM * bn, __ops_create_info_t * info) | 116 | __ops_write_mpi(const BIGNUM * bn, __ops_create_info_t * info) | |
123 | { | 117 | { | |
124 | unsigned char buf[NETPGP_BUFSIZ]; | 118 | unsigned char buf[NETPGP_BUFSIZ]; | |
125 | unsigned bits = (unsigned)BN_num_bits(bn); | 119 | unsigned bits = (unsigned)BN_num_bits(bn); | |
126 | 120 | |||
127 | assert(bits <= 65535); | 121 | if (bits > 65535) { | |
122 | (void) fprintf(stderr, "__ops_write_mpi: too large %u\n", bits); | |||
123 | return false; | |||
124 | } | |||
128 | BN_bn2bin(bn, buf); | 125 | BN_bn2bin(bn, buf); | |
129 | return __ops_write_scalar(bits, 2, info) && | 126 | return __ops_write_scalar(bits, 2, info) && | |
130 | __ops_write(buf, (bits + 7) / 8, info); | 127 | __ops_write(buf, (bits + 7) / 8, info); | |
131 | } | 128 | } | |
132 | 129 | |||
133 | /** | 130 | /** | |
134 | * \ingroup Core_WritePackets | 131 | * \ingroup Core_WritePackets | |
135 | * \param tag | 132 | * \param tag | |
136 | * \param info | 133 | * \param info | |
137 | * \return 1 if OK, otherwise 0 | 134 | * \return 1 if OK, otherwise 0 | |
138 | */ | 135 | */ | |
139 | 136 | |||
140 | bool | 137 | bool | |
@@ -184,27 +181,30 @@ writer_info_finalise(__ops_error_t ** er | @@ -184,27 +181,30 @@ writer_info_finalise(__ops_error_t ** er | |||
184 | winfo->finaliser = NULL; | 181 | winfo->finaliser = NULL; | |
185 | } | 182 | } | |
186 | if (winfo->next && !writer_info_finalise(errors, winfo->next)) { | 183 | if (winfo->next && !writer_info_finalise(errors, winfo->next)) { | |
187 | winfo->finaliser = NULL; | 184 | winfo->finaliser = NULL; | |
188 | return false; | 185 | return false; | |
189 | } | 186 | } | |
190 | return ret; | 187 | return ret; | |
191 | } | 188 | } | |
192 | 189 | |||
193 | void | 190 | void | |
194 | writer_info_delete(__ops_writer_info_t * winfo) | 191 | writer_info_delete(__ops_writer_info_t * winfo) | |
195 | { | 192 | { | |
196 | /* we should have finalised before deleting */ | 193 | /* we should have finalised before deleting */ | |
197 | assert(!winfo->finaliser); | 194 | if (winfo->finaliser) { | |
195 | (void) fprintf(stderr, "writer_info_delete: not finalised\n"); | |||
196 | return; | |||
197 | } | |||
198 | if (winfo->next) { | 198 | if (winfo->next) { | |
199 | writer_info_delete(winfo->next); | 199 | writer_info_delete(winfo->next); | |
200 | free(winfo->next); | 200 | free(winfo->next); | |
201 | winfo->next = NULL; | 201 | winfo->next = NULL; | |
202 | } | 202 | } | |
203 | if (winfo->destroyer) { | 203 | if (winfo->destroyer) { | |
204 | winfo->destroyer(winfo); | 204 | winfo->destroyer(winfo); | |
205 | winfo->destroyer = NULL; | 205 | winfo->destroyer = NULL; | |
206 | } | 206 | } | |
207 | winfo->writer = NULL; | 207 | winfo->writer = NULL; | |
208 | } | 208 | } | |
209 | 209 | |||
210 | /** | 210 | /** | |
@@ -215,80 +215,89 @@ writer_info_delete(__ops_writer_info_t * | @@ -215,80 +215,89 @@ writer_info_delete(__ops_writer_info_t * | |||
215 | * \param info The info structure | 215 | * \param info The info structure | |
216 | * \param writer | 216 | * \param writer | |
217 | * \param finaliser | 217 | * \param finaliser | |
218 | * \param destroyer | 218 | * \param destroyer | |
219 | * \param arg The argument for the writer and destroyer | 219 | * \param arg The argument for the writer and destroyer | |
220 | */ | 220 | */ | |
221 | void | 221 | void | |
222 | __ops_writer_set(__ops_create_info_t * info, | 222 | __ops_writer_set(__ops_create_info_t * info, | |
223 | __ops_writer_t * writer, | 223 | __ops_writer_t * writer, | |
224 | __ops_writer_finaliser_t * finaliser, | 224 | __ops_writer_finaliser_t * finaliser, | |
225 | __ops_writer_destroyer_t * destroyer, | 225 | __ops_writer_destroyer_t * destroyer, | |
226 | void *arg) | 226 | void *arg) | |
227 | { | 227 | { | |
228 | assert(!info->winfo.writer); | 228 | if (info->winfo.writer) { | |
229 | info->winfo.writer = writer; | 229 | (void) fprintf(stderr, "__ops_writer_set: already set\n"); | |
230 | info->winfo.finaliser = finaliser; | 230 | } else { | |
231 | info->winfo.destroyer = destroyer; | 231 | info->winfo.writer = writer; | |
232 | info->winfo.arg = arg; | 232 | info->winfo.finaliser = finaliser; | |
233 | info->winfo.destroyer = destroyer; | |||
234 | info->winfo.arg = arg; | |||
235 | } | |||
233 | } | 236 | } | |
234 | 237 | |||
235 | /** | 238 | /** | |
236 | * \ingroup Core_Writers | 239 | * \ingroup Core_Writers | |
237 | * | 240 | * | |
238 | * Push a writer in info. There must already be another writer set. | 241 | * Push a writer in info. There must already be another writer set. | |
239 | * | 242 | * | |
240 | * \param info The info structure | 243 | * \param info The info structure | |
241 | * \param writer | 244 | * \param writer | |
242 | * \param finaliser | 245 | * \param finaliser | |
243 | * \param destroyer | 246 | * \param destroyer | |
244 | * \param arg The argument for the writer and destroyer | 247 | * \param arg The argument for the writer and destroyer | |
245 | */ | 248 | */ | |
246 | void | 249 | void | |
247 | __ops_writer_push(__ops_create_info_t * info, | 250 | __ops_writer_push(__ops_create_info_t * info, | |
248 | __ops_writer_t * writer, | 251 | __ops_writer_t * writer, | |
249 | __ops_writer_finaliser_t * finaliser, | 252 | __ops_writer_finaliser_t * finaliser, | |
250 | __ops_writer_destroyer_t * destroyer, | 253 | __ops_writer_destroyer_t * destroyer, | |
251 | void *arg) | 254 | void *arg) | |
252 | { | 255 | { | |
253 | __ops_writer_info_t *copy = calloc(1, sizeof(*copy)); | 256 | __ops_writer_info_t *copy = calloc(1, sizeof(*copy)); | |
254 | 257 | |||
255 | assert(info->winfo.writer); | 258 | if (info->winfo.writer == NULL) { | |
256 | *copy = info->winfo; | 259 | (void) fprintf(stderr, "__ops_writer_push: no orig writer\n"); | |
257 | info->winfo.next = copy; | 260 | } else { | |
258 | 261 | *copy = info->winfo; | ||
259 | info->winfo.writer = writer; | 262 | info->winfo.next = copy; | |
260 | info->winfo.finaliser = finaliser; | 263 | ||
261 | info->winfo.destroyer = destroyer; | 264 | info->winfo.writer = writer; | |
262 | info->winfo.arg = arg; | 265 | info->winfo.finaliser = finaliser; | |
266 | info->winfo.destroyer = destroyer; | |||
267 | info->winfo.arg = arg; | |||
268 | } | |||
263 | } | 269 | } | |
264 | 270 | |||
265 | void | 271 | void | |
266 | __ops_writer_pop(__ops_create_info_t * info) | 272 | __ops_writer_pop(__ops_create_info_t * info) | |
267 | { | 273 | { | |
268 | __ops_writer_info_t *next; | 274 | __ops_writer_info_t *next; | |
269 | 275 | |||
270 | /* Make sure the finaliser has been called. */ | 276 | /* Make sure the finaliser has been called. */ | |
271 | assert(!info->winfo.finaliser); | 277 | if (info->winfo.finaliser) { | |
272 | /* Make sure this is a stacked writer */ | 278 | (void) fprintf(stderr, | |
273 | assert(info->winfo.next); | 279 | "__ops_writer_pop: finaliser not called\n"); | |
274 | if (info->winfo.destroyer) { | 280 | } else if (info->winfo.next == NULL) { | |
275 | info->winfo.destroyer(&info->winfo); | 281 | (void) fprintf(stderr, | |
282 | "__ops_writer_pop: not a stacked writer\n"); | |||
283 | } else { | |||
284 | if (info->winfo.destroyer) { | |||
285 | info->winfo.destroyer(&info->winfo); | |||
286 | } | |||
287 | next = info->winfo.next; | |||
288 | info->winfo = *next; | |||
289 | free(next); | |||
276 | } | 290 | } | |
277 | ||||
278 | next = info->winfo.next; | |||
279 | info->winfo = *next; | |||
280 | ||||
281 | free(next); | |||
282 | } | 291 | } | |
283 | 292 | |||
284 | /** | 293 | /** | |
285 | * \ingroup Core_Writers | 294 | * \ingroup Core_Writers | |
286 | * | 295 | * | |
287 | * Close the writer currently set in info. | 296 | * Close the writer currently set in info. | |
288 | * | 297 | * | |
289 | * \param info The info structure | 298 | * \param info The info structure | |
290 | */ | 299 | */ | |
291 | bool | 300 | bool | |
292 | __ops_writer_close(__ops_create_info_t * info) | 301 | __ops_writer_close(__ops_create_info_t * info) | |
293 | { | 302 | { | |
294 | bool ret = writer_info_finalise(&info->errors, &info->winfo); | 303 | bool ret = writer_info_finalise(&info->errors, &info->winfo); | |
@@ -717,27 +726,28 @@ armoured_finaliser(__ops_armor_type_t ty | @@ -717,27 +726,28 @@ armoured_finaliser(__ops_armor_type_t ty | |||
717 | 726 | |||
718 | switch (type) { | 727 | switch (type) { | |
719 | case OPS_PGP_PUBLIC_KEY_BLOCK: | 728 | case OPS_PGP_PUBLIC_KEY_BLOCK: | |
720 | tail = tail_public_key; | 729 | tail = tail_public_key; | |
721 | sz_tail = sizeof(tail_public_key) - 1; | 730 | sz_tail = sizeof(tail_public_key) - 1; | |
722 | break; | 731 | break; | |
723 | 732 | |||
724 | case OPS_PGP_PRIVATE_KEY_BLOCK: | 733 | case OPS_PGP_PRIVATE_KEY_BLOCK: | |
725 | tail = tail_private_key; | 734 | tail = tail_private_key; | |
726 | sz_tail = sizeof(tail_private_key) - 1; | 735 | sz_tail = sizeof(tail_private_key) - 1; | |
727 | break; | 736 | break; | |
728 | 737 | |||
729 | default: | 738 | default: | |
730 | assert(/* CONSTCOND */0); | 739 | (void) fprintf(stderr, "armoured_finaliser: unusual type\n"); | |
740 | return false; | |||
731 | } | 741 | } | |
732 | 742 | |||
733 | base64 = __ops_writer_get_arg(winfo); | 743 | base64 = __ops_writer_get_arg(winfo); | |
734 | 744 | |||
735 | if (base64->pos) { | 745 | if (base64->pos) { | |
736 | if (!__ops_stacked_write(&b64map[base64->t], 1, errors, winfo)) { | 746 | if (!__ops_stacked_write(&b64map[base64->t], 1, errors, winfo)) { | |
737 | return false; | 747 | return false; | |
738 | } | 748 | } | |
739 | if (base64->pos == 1 && !__ops_stacked_write("==", 2, errors, winfo)) { | 749 | if (base64->pos == 1 && !__ops_stacked_write("==", 2, errors, winfo)) { | |
740 | return false; | 750 | return false; | |
741 | } | 751 | } | |
742 | if (base64->pos == 2 && !__ops_stacked_write("=", 1, errors, winfo)) { | 752 | if (base64->pos == 2 && !__ops_stacked_write("=", 1, errors, winfo)) { | |
743 | return false; | 753 | return false; | |
@@ -798,37 +808,41 @@ __ops_writer_push_armoured(__ops_create_ | @@ -798,37 +808,41 @@ __ops_writer_push_armoured(__ops_create_ | |||
798 | case OPS_PGP_PUBLIC_KEY_BLOCK: | 808 | case OPS_PGP_PUBLIC_KEY_BLOCK: | |
799 | header = hdr_public_key; | 809 | header = hdr_public_key; | |
800 | sz_hdr = sizeof(hdr_public_key) - 1; | 810 | sz_hdr = sizeof(hdr_public_key) - 1; | |
801 | finaliser = armoured_public_key_finaliser; | 811 | finaliser = armoured_public_key_finaliser; | |
802 | break; | 812 | break; | |
803 | 813 | |||
804 | case OPS_PGP_PRIVATE_KEY_BLOCK: | 814 | case OPS_PGP_PRIVATE_KEY_BLOCK: | |
805 | header = hdr_private_key; | 815 | header = hdr_private_key; | |
806 | sz_hdr = sizeof(hdr_private_key) - 1; | 816 | sz_hdr = sizeof(hdr_private_key) - 1; | |
807 | finaliser = armoured_private_key_finaliser; | 817 | finaliser = armoured_private_key_finaliser; | |
808 | break; | 818 | break; | |
809 | 819 | |||
810 | default: | 820 | default: | |
811 | assert(/* CONSTCOND */0); | 821 | (void) fprintf(stderr, | |
822 | "__ops_writer_push_armoured: unusual type\n"); | |||
823 | return; | |||
812 | } | 824 | } | |
813 | 825 | |||
814 | __ops_write(header, sz_hdr, info); | 826 | __ops_write(header, sz_hdr, info); | |
815 | 827 | |||
816 | __ops_writer_push(info, linebreak_writer, NULL, __ops_writer_generic_destroyer, | 828 | __ops_writer_push(info, linebreak_writer, NULL, | |
829 | __ops_writer_generic_destroyer, | |||
817 | calloc(1, sizeof(linebreak_t))); | 830 | calloc(1, sizeof(linebreak_t))); | |
818 | 831 | |||
819 | base64 = calloc(1, sizeof(*base64)); | 832 | base64 = calloc(1, sizeof(*base64)); | |
820 | base64->checksum = CRC24_INIT; | 833 | base64->checksum = CRC24_INIT; | |
821 | __ops_writer_push(info, base64_writer, finaliser, __ops_writer_generic_destroyer, base64); | 834 | __ops_writer_push(info, base64_writer, finaliser, | |
835 | __ops_writer_generic_destroyer, base64); | |||
822 | } | 836 | } | |
823 | 837 | |||
824 | /**************************************************************************/ | 838 | /**************************************************************************/ | |
825 | 839 | |||
826 | typedef struct { | 840 | typedef struct { | |
827 | __ops_crypt_t *crypt; | 841 | __ops_crypt_t *crypt; | |
828 | int free_crypt; | 842 | int free_crypt; | |
829 | } crypt_t; | 843 | } crypt_t; | |
830 | 844 | |||
831 | /* | 845 | /* | |
832 | * This writer simply takes plaintext as input, | 846 | * This writer simply takes plaintext as input, | |
833 | * encrypts it with the given key | 847 | * encrypts it with the given key | |
834 | * and outputs the resulting encrypted text | 848 | * and outputs the resulting encrypted text | |
@@ -838,27 +852,28 @@ encrypt_writer(const unsigned char *src, | @@ -838,27 +852,28 @@ encrypt_writer(const unsigned char *src, | |||
838 | unsigned length, | 852 | unsigned length, | |
839 | __ops_error_t ** errors, | 853 | __ops_error_t ** errors, | |
840 | __ops_writer_info_t * winfo) | 854 | __ops_writer_info_t * winfo) | |
841 | { | 855 | { | |
842 | 856 | |||
843 | #define BUFSZ 1024 /* arbitrary number */ | 857 | #define BUFSZ 1024 /* arbitrary number */ | |
844 | unsigned char encbuf[BUFSZ]; | 858 | unsigned char encbuf[BUFSZ]; | |
845 | unsigned remaining = length; | 859 | unsigned remaining = length; | |
846 | unsigned done = 0; | 860 | unsigned done = 0; | |
847 | 861 | |||
848 | crypt_t *pgp_encrypt = (crypt_t *) __ops_writer_get_arg(winfo); | 862 | crypt_t *pgp_encrypt = (crypt_t *) __ops_writer_get_arg(winfo); | |
849 | 863 | |||
850 | if (!__ops_is_sa_supported(pgp_encrypt->crypt->algorithm)) { | 864 | if (!__ops_is_sa_supported(pgp_encrypt->crypt->algorithm)) { | |
851 | assert(/* CONSTCOND */0);/* \todo proper error handling */ | 865 | (void) fprintf(stderr, "encrypt_writer: not supported\n"); | |
866 | return false; | |||
852 | } | 867 | } | |
853 | 868 | |||
854 | while (remaining) { | 869 | while (remaining) { | |
855 | unsigned len = remaining < BUFSZ ? remaining : BUFSZ; | 870 | unsigned len = remaining < BUFSZ ? remaining : BUFSZ; | |
856 | /* memcpy(buf,src,len); // \todo copy needed here? */ | 871 | /* memcpy(buf,src,len); // \todo copy needed here? */ | |
857 | 872 | |||
858 | pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, src + done, len); | 873 | pgp_encrypt->crypt->cfb_encrypt(pgp_encrypt->crypt, encbuf, src + done, len); | |
859 | 874 | |||
860 | if (__ops_get_debug_level(__FILE__)) { | 875 | if (__ops_get_debug_level(__FILE__)) { | |
861 | int i = 0; | 876 | int i = 0; | |
862 | 877 | |||
863 | fprintf(stderr, "WRITING:\nunencrypted: "); | 878 | fprintf(stderr, "WRITING:\nunencrypted: "); | |
864 | for (i = 0; i < 16; i++) { | 879 | for (i = 0; i < 16; i++) { | |
@@ -981,59 +996,68 @@ encrypt_se_ip_writer(const unsigned char | @@ -981,59 +996,68 @@ encrypt_se_ip_writer(const unsigned char | |||
981 | __ops_create_info_t *cinfo_literal; | 996 | __ops_create_info_t *cinfo_literal; | |
982 | __ops_memory_t *mem_compressed; | 997 | __ops_memory_t *mem_compressed; | |
983 | __ops_create_info_t *cinfo_compressed; | 998 | __ops_create_info_t *cinfo_compressed; | |
984 | __ops_memory_t *my_mem; | 999 | __ops_memory_t *my_mem; | |
985 | __ops_create_info_t *my_cinfo; | 1000 | __ops_create_info_t *my_cinfo; | |
986 | const unsigned int bufsz = 128; /* initial value; gets expanded as | 1001 | const unsigned int bufsz = 128; /* initial value; gets expanded as | |
987 | * necessary */ | 1002 | * necessary */ | |
988 | 1003 | |||
989 | __ops_setup_memory_write(&cinfo_literal, &mem_literal, bufsz); | 1004 | __ops_setup_memory_write(&cinfo_literal, &mem_literal, bufsz); | |
990 | __ops_setup_memory_write(&cinfo_compressed, &mem_compressed, bufsz); | 1005 | __ops_setup_memory_write(&cinfo_compressed, &mem_compressed, bufsz); | |
991 | __ops_setup_memory_write(&my_cinfo, &my_mem, bufsz); | 1006 | __ops_setup_memory_write(&my_cinfo, &my_mem, bufsz); | |
992 | 1007 | |||
993 | /* create literal data packet from source data */ | 1008 | /* create literal data packet from source data */ | |
994 | __ops_write_literal_data_from_buf(src, (const int)length, OPS_LDT_BINARY, cinfo_literal); | 1009 | __ops_write_literal_data_from_buf(src, (const int)length, | |
995 | assert(__ops_memory_get_length(mem_literal) > length); | 1010 | OPS_LDT_BINARY, cinfo_literal); | |
1011 | if (__ops_memory_get_length(mem_literal) <= length) { | |||
1012 | (void) fprintf(stderr, "encrypt_se_ip_writer: bad length\n"); | |||
1013 | return false; | |||
1014 | } | |||
996 | 1015 | |||
997 | /* create compressed packet from literal data packet */ | 1016 | /* create compressed packet from literal data packet */ | |
998 | __ops_write_compressed(__ops_memory_get_data(mem_literal), | 1017 | __ops_write_compressed(__ops_memory_get_data(mem_literal), | |
999 | __ops_memory_get_length(mem_literal), | 1018 | __ops_memory_get_length(mem_literal), | |
1000 | cinfo_compressed); | 1019 | cinfo_compressed); | |
1001 | 1020 | |||
1002 | /* create SE IP packet set from this compressed literal data */ | 1021 | /* create SE IP packet set from this compressed literal data */ | |
1003 | __ops_write_se_ip_pktset(__ops_memory_get_data(mem_compressed), | 1022 | __ops_write_se_ip_pktset(__ops_memory_get_data(mem_compressed), | |
1004 | __ops_memory_get_length(mem_compressed), | 1023 | __ops_memory_get_length(mem_compressed), | |
1005 | se_ip->crypt, my_cinfo); | 1024 | se_ip->crypt, my_cinfo); | |
1006 | assert(__ops_memory_get_length(my_mem) > __ops_memory_get_length(mem_compressed)); | 1025 | if (__ops_memory_get_length(my_mem) <= | |
1026 | __ops_memory_get_length(mem_compressed)) { | |||
1027 | (void) fprintf(stderr, | |||
1028 | "encrypt_se_ip_writer: bad comp length\n"); | |||
1029 | return false; | |||
1030 | } | |||
1007 | 1031 | |||
1008 | /* now write memory to next writer */ | 1032 | /* now write memory to next writer */ | |
1009 | rtn = __ops_stacked_write(__ops_memory_get_data(my_mem), | 1033 | rtn = __ops_stacked_write(__ops_memory_get_data(my_mem), | |
1010 | __ops_memory_get_length(my_mem), | 1034 | __ops_memory_get_length(my_mem), | |
1011 | errors, winfo); | 1035 | errors, winfo); | |
1012 | 1036 | |||
1013 | __ops_memory_free(my_mem); | 1037 | __ops_memory_free(my_mem); | |
1014 | __ops_memory_free(mem_compressed); | 1038 | __ops_memory_free(mem_compressed); | |
1015 | __ops_memory_free(mem_literal); | 1039 | __ops_memory_free(mem_literal); | |
1016 | 1040 | |||
1017 | return rtn; | 1041 | return rtn; | |
1018 | } | 1042 | } | |
1019 | 1043 | |||
1020 | static void | 1044 | static void | |
1021 | encrypt_se_ip_destroyer(__ops_writer_info_t * winfo) | 1045 | encrypt_se_ip_destroyer(__ops_writer_info_t * winfo) | |
1022 | { | 1046 | { | |
1023 | encrypt_se_ip_t *se_ip = __ops_writer_get_arg(winfo); | 1047 | encrypt_se_ip_t *se_ip = __ops_writer_get_arg(winfo); | |
1024 | 1048 | |||
1025 | free(se_ip->crypt); | 1049 | (void) free(se_ip->crypt); | |
1026 | free(se_ip); | 1050 | (void) free(se_ip); | |
1027 | } | 1051 | } | |
1028 | 1052 | |||
1029 | bool | 1053 | bool | |
1030 | __ops_write_se_ip_pktset(const unsigned char *data, | 1054 | __ops_write_se_ip_pktset(const unsigned char *data, | |
1031 | const unsigned int len, | 1055 | const unsigned int len, | |
1032 | __ops_crypt_t * crypted, | 1056 | __ops_crypt_t * crypted, | |
1033 | __ops_create_info_t * cinfo) | 1057 | __ops_create_info_t * cinfo) | |
1034 | { | 1058 | { | |
1035 | unsigned char hashed[SHA_DIGEST_LENGTH]; | 1059 | unsigned char hashed[SHA_DIGEST_LENGTH]; | |
1036 | const size_t sz_mdc = 1 + 1 + SHA_DIGEST_LENGTH; | 1060 | const size_t sz_mdc = 1 + 1 + SHA_DIGEST_LENGTH; | |
1037 | size_t sz_preamble = crypted->blocksize + 2; | 1061 | size_t sz_preamble = crypted->blocksize + 2; | |
1038 | unsigned char *preamble = calloc(1, sz_preamble); | 1062 | unsigned char *preamble = calloc(1, sz_preamble); | |
1039 | size_t sz_buf = sz_preamble + len + sz_mdc; | 1063 | size_t sz_buf = sz_preamble + len + sz_mdc; | |
@@ -1336,27 +1360,30 @@ __ops_writer_push_stream_encrypt_se_ip(_ | @@ -1336,27 +1360,30 @@ __ops_writer_push_stream_encrypt_se_ip(_ | |||
1336 | stream_encrypt_se_ip_destroyer, se_ip); | 1360 | stream_encrypt_se_ip_destroyer, se_ip); | |
1337 | /* tidy up */ | 1361 | /* tidy up */ | |
1338 | free(encrypted_pk_session_key); | 1362 | free(encrypted_pk_session_key); | |
1339 | free(iv); | 1363 | free(iv); | |
1340 | } | 1364 | } | |
1341 | 1365 | |||
1342 | 1366 | |||
1343 | static unsigned int | 1367 | static unsigned int | |
1344 | __ops_calc_partial_data_length(unsigned int len) | 1368 | __ops_calc_partial_data_length(unsigned int len) | |
1345 | { | 1369 | { | |
1346 | int i; | 1370 | int i; | |
1347 | unsigned int mask = MAX_PARTIAL_DATA_LENGTH; | 1371 | unsigned int mask = MAX_PARTIAL_DATA_LENGTH; | |
1348 | 1372 | |||
1349 | assert(len > 0); | 1373 | if (len == 0) { | |
1374 | (void) fprintf(stderr, "__ops_calc_partial_data_length: 0 len\n"); | |||
1375 | return 0; | |||
1376 | } | |||
1350 | if (len > MAX_PARTIAL_DATA_LENGTH) { | 1377 | if (len > MAX_PARTIAL_DATA_LENGTH) { | |
1351 | return MAX_PARTIAL_DATA_LENGTH; | 1378 | return MAX_PARTIAL_DATA_LENGTH; | |
1352 | } | 1379 | } | |
1353 | for (i = 0; i <= 30; i++) { | 1380 | for (i = 0; i <= 30; i++) { | |
1354 | if (mask & len) { | 1381 | if (mask & len) { | |
1355 | break; | 1382 | break; | |
1356 | } | 1383 | } | |
1357 | mask >>= 1; | 1384 | mask >>= 1; | |
1358 | } | 1385 | } | |
1359 | 1386 | |||
1360 | return mask; | 1387 | return mask; | |
1361 | } | 1388 | } | |
1362 | 1389 | |||
@@ -1397,27 +1424,32 @@ __ops_stream_write_literal_data(const un | @@ -1397,27 +1424,32 @@ __ops_stream_write_literal_data(const un | |||
1397 | static bool | 1424 | static bool | |
1398 | __ops_stream_write_literal_data_first(const unsigned char *data, | 1425 | __ops_stream_write_literal_data_first(const unsigned char *data, | |
1399 | unsigned int len, | 1426 | unsigned int len, | |
1400 | const __ops_literal_data_type_t type, | 1427 | const __ops_literal_data_type_t type, | |
1401 | __ops_create_info_t * info) | 1428 | __ops_create_info_t * info) | |
1402 | { | 1429 | { | |
1403 | /* \todo add filename */ | 1430 | /* \todo add filename */ | |
1404 | /* \todo add date */ | 1431 | /* \todo add date */ | |
1405 | /* \todo do we need to check text data for <cr><lf> line endings ? */ | 1432 | /* \todo do we need to check text data for <cr><lf> line endings ? */ | |
1406 | 1433 | |||
1407 | size_t sz_towrite = 1 + 1 + 4 + len; | 1434 | size_t sz_towrite = 1 + 1 + 4 + len; | |
1408 | size_t sz_pd = __ops_calc_partial_data_length(sz_towrite); | 1435 | size_t sz_pd = __ops_calc_partial_data_length(sz_towrite); | |
1409 | 1436 | |||
1410 | assert(sz_pd >= 512); | 1437 | if (sz_pd < 512) { | |
1438 | (void) fprintf(stderr, | |||
1439 | "__ops_stream_write_literal_data_first: bad sz_pd\n"); | |||
1440 | return false; | |||
1441 | } | |||
1442 | ||||
1411 | __ops_write_ptag(OPS_PTAG_CT_LITERAL_DATA, info); | 1443 | __ops_write_ptag(OPS_PTAG_CT_LITERAL_DATA, info); | |
1412 | __ops_write_partial_data_length(sz_pd, info); | 1444 | __ops_write_partial_data_length(sz_pd, info); | |
1413 | __ops_write_scalar((unsigned)type, 1, info); | 1445 | __ops_write_scalar((unsigned)type, 1, info); | |
1414 | __ops_write_scalar(0, 1, info); | 1446 | __ops_write_scalar(0, 1, info); | |
1415 | __ops_write_scalar(0, 4, info); | 1447 | __ops_write_scalar(0, 4, info); | |
1416 | __ops_write(data, sz_pd - 6, info); | 1448 | __ops_write(data, sz_pd - 6, info); | |
1417 | 1449 | |||
1418 | data += (sz_pd - 6); | 1450 | data += (sz_pd - 6); | |
1419 | sz_towrite -= sz_pd; | 1451 | sz_towrite -= sz_pd; | |
1420 | 1452 | |||
1421 | __ops_stream_write_literal_data(data, sz_towrite, info); | 1453 | __ops_stream_write_literal_data(data, sz_towrite, info); | |
1422 | return true; | 1454 | return true; | |
1423 | } | 1455 | } | |
@@ -1457,27 +1489,31 @@ __ops_stream_write_se_ip(const unsigned | @@ -1457,27 +1489,31 @@ __ops_stream_write_se_ip(const unsigned | |||
1457 | } | 1489 | } | |
1458 | 1490 | |||
1459 | static bool | 1491 | static bool | |
1460 | __ops_stream_write_se_ip_first(const unsigned char *data, | 1492 | __ops_stream_write_se_ip_first(const unsigned char *data, | |
1461 | unsigned int len, | 1493 | unsigned int len, | |
1462 | stream_encrypt_se_ip_t * se_ip, | 1494 | stream_encrypt_se_ip_t * se_ip, | |
1463 | __ops_create_info_t * cinfo) | 1495 | __ops_create_info_t * cinfo) | |
1464 | { | 1496 | { | |
1465 | size_t sz_preamble = se_ip->crypt->blocksize + 2; | 1497 | size_t sz_preamble = se_ip->crypt->blocksize + 2; | |
1466 | size_t sz_towrite = sz_preamble + 1 + len; | 1498 | size_t sz_towrite = sz_preamble + 1 + len; | |
1467 | unsigned char *preamble = calloc(1, sz_preamble); | 1499 | unsigned char *preamble = calloc(1, sz_preamble); | |
1468 | size_t sz_pd = __ops_calc_partial_data_length(sz_towrite); | 1500 | size_t sz_pd = __ops_calc_partial_data_length(sz_towrite); | |
1469 | 1501 | |||
1470 | assert(sz_pd >= 512); | 1502 | if (sz_pd < 512) { | |
1503 | (void) fprintf(stderr, | |||
1504 | "__ops_stream_write_se_ip_first: bad sz_pd\n"); | |||
1505 | return false; | |||
1506 | } | |||
1471 | 1507 | |||
1472 | __ops_write_ptag(OPS_PTAG_CT_SE_IP_DATA, cinfo); | 1508 | __ops_write_ptag(OPS_PTAG_CT_SE_IP_DATA, cinfo); | |
1473 | __ops_write_partial_data_length(sz_pd, cinfo); | 1509 | __ops_write_partial_data_length(sz_pd, cinfo); | |
1474 | __ops_write_scalar(SE_IP_DATA_VERSION, 1, cinfo); | 1510 | __ops_write_scalar(SE_IP_DATA_VERSION, 1, cinfo); | |
1475 | 1511 | |||
1476 | __ops_writer_push_encrypt_crypt(cinfo, se_ip->crypt); | 1512 | __ops_writer_push_encrypt_crypt(cinfo, se_ip->crypt); | |
1477 | 1513 | |||
1478 | __ops_random(preamble, se_ip->crypt->blocksize); | 1514 | __ops_random(preamble, se_ip->crypt->blocksize); | |
1479 | preamble[se_ip->crypt->blocksize] = preamble[se_ip->crypt->blocksize - 2]; | 1515 | preamble[se_ip->crypt->blocksize] = preamble[se_ip->crypt->blocksize - 2]; | |
1480 | preamble[se_ip->crypt->blocksize + 1] = preamble[se_ip->crypt->blocksize - 1]; | 1516 | preamble[se_ip->crypt->blocksize + 1] = preamble[se_ip->crypt->blocksize - 1]; | |
1481 | 1517 | |||
1482 | __ops_hash_any(&se_ip->hash, OPS_HASH_SHA1); | 1518 | __ops_hash_any(&se_ip->hash, OPS_HASH_SHA1); | |
1483 | se_ip->hash.init(&se_ip->hash); | 1519 | se_ip->hash.init(&se_ip->hash); |
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c 2009/04/30 04:57:57 1.3
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.c 2009/05/05 01:28:15 1.4
@@ -13,53 +13,51 @@ | @@ -13,53 +13,51 @@ | |||
13 | * | 13 | * | |
14 | * Unless required by applicable law or agreed to in writing, software | 14 | * Unless required by applicable law or agreed to in writing, software | |
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /** \file | 22 | /** \file | |
23 | */ | 23 | */ | |
24 | #include "config.h" | 24 | #include "config.h" | |
25 | 25 | |||
26 | #ifdef HAVE_FCNTL_H | |||
27 | #include <fcntl.h> | |||
28 | #endif | |||
29 | ||||
30 | #include <stdlib.h> | |||
31 | #include <string.h> | |||
32 | ||||
33 | #ifdef HAVE_TERMIOS_H | |||
34 | #include <termios.h> | |||
35 | #endif | |||
36 | ||||
37 | #ifdef HAVE_UNISTD_H | |||
38 | #include <unistd.h> | |||
39 | #endif | |||
40 | ||||
26 | #include "keyring.h" | 41 | #include "keyring.h" | |
27 | #include "packet-parse.h" | 42 | #include "packet-parse.h" | |
28 | #include "signature.h" | 43 | #include "signature.h" | |
29 | #include "netpgpsdk.h" | 44 | #include "netpgpsdk.h" | |
30 | ||||
31 | #include "readerwriter.h" | 45 | #include "readerwriter.h" | |
32 | #include "netpgpdefs.h" | 46 | #include "netpgpdefs.h" | |
33 | #include "keyring_local.h" | 47 | #include "keyring_local.h" | |
34 | #include "parse_local.h" | 48 | #include "parse_local.h" | |
35 | #include "validate.h" | 49 | #include "validate.h" | |
36 | 50 | |||
37 | #include <stdlib.h> | |||
38 | #include <string.h> | |||
39 | ||||
40 | #ifdef HAVE_UNISTD_H | |||
41 | #include <unistd.h> | |||
42 | #endif | |||
43 | ||||
44 | #ifdef HAVE_TERMIOS_H | |||
45 | #include <termios.h> | |||
46 | #endif | |||
47 | ||||
48 | #include <fcntl.h> | |||
49 | ||||
50 | #ifdef HAVE_ASSERT_H | |||
51 | #include <assert.h> | |||
52 | #endif | |||
53 | 51 | |||
54 | 52 | |||
55 | /** | 53 | /** | |
56 | \ingroup HighLevel_Keyring | 54 | \ingroup HighLevel_Keyring | |
57 | 55 | |||
58 | \brief Creates a new __ops_keydata_t struct | 56 | \brief Creates a new __ops_keydata_t struct | |
59 | 57 | |||
60 | \return A new __ops_keydata_t struct, initialised to zero. | 58 | \return A new __ops_keydata_t struct, initialised to zero. | |
61 | 59 | |||
62 | \note The returned __ops_keydata_t struct must be freed after use with __ops_keydata_free. | 60 | \note The returned __ops_keydata_t struct must be freed after use with __ops_keydata_free. | |
63 | */ | 61 | */ | |
64 | 62 | |||
65 | __ops_keydata_t * | 63 | __ops_keydata_t * | |
@@ -69,67 +67,69 @@ __ops_keydata_new(void) | @@ -69,67 +67,69 @@ __ops_keydata_new(void) | |||
69 | } | 67 | } | |
70 | 68 | |||
71 | 69 | |||
72 | /** | 70 | /** | |
73 | \ingroup HighLevel_Keyring | 71 | \ingroup HighLevel_Keyring | |
74 | 72 | |||
75 | \brief Frees keydata and its memory | 73 | \brief Frees keydata and its memory | |
76 | 74 | |||
77 | \param keydata Key to be freed. | 75 | \param keydata Key to be freed. | |
78 | 76 | |||
79 | \note This frees the keydata itself, as well as any other memory alloc-ed by it. | 77 | \note This frees the keydata itself, as well as any other memory alloc-ed by it. | |
80 | */ | 78 | */ | |
81 | void | 79 | void | |
82 | __ops_keydata_free(__ops_keydata_t * keydata) | 80 | __ops_keydata_free(__ops_keydata_t *keydata) | |
83 | { | 81 | { | |
84 | unsigned n; | 82 | unsigned n; | |
85 | 83 | |||
86 | for (n = 0; n < keydata->nuids; ++n) | 84 | for (n = 0; n < keydata->nuids; ++n) { | |
87 | __ops_user_id_free(&keydata->uids[n]); | 85 | __ops_user_id_free(&keydata->uids[n]); | |
88 | free(keydata->uids); | 86 | } | |
87 | (void) free(keydata->uids); | |||
89 | keydata->uids = NULL; | 88 | keydata->uids = NULL; | |
90 | keydata->nuids = 0; | 89 | keydata->nuids = 0; | |
91 | 90 | |||
92 | for (n = 0; n < keydata->npackets; ++n) | 91 | for (n = 0; n < keydata->npackets; ++n) { | |
93 | __ops_packet_free(&keydata->packets[n]); | 92 | __ops_subpacket_free(&keydata->packets[n]); | |
94 | free(keydata->packets); | 93 | } | |
94 | (void) free(keydata->packets); | |||
95 | keydata->packets = NULL; | 95 | keydata->packets = NULL; | |
96 | keydata->npackets = 0; | 96 | keydata->npackets = 0; | |
97 | 97 | |||
98 | if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) | 98 | if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) { | |
99 | __ops_public_key_free(&keydata->key.pkey); | 99 | __ops_public_key_free(&keydata->key.pkey); | |
100 | else | 100 | } else { | |
101 | __ops_secret_key_free(&keydata->key.skey); | 101 | __ops_secret_key_free(&keydata->key.skey); | |
102 | } | |||
102 | 103 | |||
103 | free(keydata); | 104 | (void) free(keydata); | |
104 | } | 105 | } | |
105 | 106 | |||
106 | /** | 107 | /** | |
107 | \ingroup HighLevel_KeyGeneral | 108 | \ingroup HighLevel_KeyGeneral | |
108 | 109 | |||
109 | \brief Returns the public key in the given keydata. | 110 | \brief Returns the public key in the given keydata. | |
110 | \param keydata | 111 | \param keydata | |
111 | 112 | |||
112 | \return Pointer to public key | 113 | \return Pointer to public key | |
113 | 114 | |||
114 | \note This is not a copy, do not free it after use. | 115 | \note This is not a copy, do not free it after use. | |
115 | */ | 116 | */ | |
116 | 117 | |||
117 | const __ops_public_key_t * | 118 | const __ops_public_key_t * | |
118 | __ops_get_public_key_from_data(const __ops_keydata_t * keydata) | 119 | __ops_get_public_key_from_data(const __ops_keydata_t * keydata) | |
119 | { | 120 | { | |
120 | if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) | 121 | return (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) ? &keydata->key.pkey : | |
121 | return &keydata->key.pkey; | 122 | &keydata->key.skey.pubkey; | |
122 | return &keydata->key.skey.public_key; | |||
123 | } | 123 | } | |
124 | 124 | |||
125 | /** | 125 | /** | |
126 | \ingroup HighLevel_KeyGeneral | 126 | \ingroup HighLevel_KeyGeneral | |
127 | 127 | |||
128 | \brief Check whether this is a secret key or not. | 128 | \brief Check whether this is a secret key or not. | |
129 | */ | 129 | */ | |
130 | 130 | |||
131 | bool | 131 | bool | |
132 | __ops_is_key_secret(const __ops_keydata_t * data) | 132 | __ops_is_key_secret(const __ops_keydata_t * data) | |
133 | { | 133 | { | |
134 | return data->type != OPS_PTAG_CT_PUBLIC_KEY; | 134 | return data->type != OPS_PTAG_CT_PUBLIC_KEY; | |
135 | } | 135 | } | |
@@ -137,120 +137,111 @@ __ops_is_key_secret(const __ops_keydata_ | @@ -137,120 +137,111 @@ __ops_is_key_secret(const __ops_keydata_ | |||
137 | /** | 137 | /** | |
138 | \ingroup HighLevel_KeyGeneral | 138 | \ingroup HighLevel_KeyGeneral | |
139 | 139 | |||
140 | \brief Returns the secret key in the given keydata. | 140 | \brief Returns the secret key in the given keydata. | |
141 | 141 | |||
142 | \note This is not a copy, do not free it after use. | 142 | \note This is not a copy, do not free it after use. | |
143 | 143 | |||
144 | \note This returns a const. If you need to be able to write to this pointer, use __ops_get_writable_secret_key_from_data | 144 | \note This returns a const. If you need to be able to write to this pointer, use __ops_get_writable_secret_key_from_data | |
145 | */ | 145 | */ | |
146 | 146 | |||
147 | const __ops_secret_key_t * | 147 | const __ops_secret_key_t * | |
148 | __ops_get_secret_key_from_data(const __ops_keydata_t * data) | 148 | __ops_get_secret_key_from_data(const __ops_keydata_t * data) | |
149 | { | 149 | { | |
150 | if (data->type != OPS_PTAG_CT_SECRET_KEY) | 150 | return (data->type == OPS_PTAG_CT_SECRET_KEY) ? &data->key.skey : NULL; | |
151 | return NULL; | |||
152 | ||||
153 | return &data->key.skey; | |||
154 | } | 151 | } | |
155 | 152 | |||
156 | /** | 153 | /** | |
157 | \ingroup HighLevel_KeyGeneral | 154 | \ingroup HighLevel_KeyGeneral | |
158 | 155 | |||
159 | \brief Returns the secret key in the given keydata. | 156 | \brief Returns the secret key in the given keydata. | |
160 | 157 | |||
161 | \note This is not a copy, do not free it after use. | 158 | \note This is not a copy, do not free it after use. | |
162 | 159 | |||
163 | \note If you do not need to be able to modify this key, there is an equivalent read-only function __ops_get_secret_key_from_data. | 160 | \note If you do not need to be able to modify this key, there is an equivalent read-only function __ops_get_secret_key_from_data. | |
164 | */ | 161 | */ | |
165 | 162 | |||
166 | __ops_secret_key_t * | 163 | __ops_secret_key_t * | |
167 | __ops_get_writable_secret_key_from_data(__ops_keydata_t * data) | 164 | __ops_get_writable_secret_key_from_data(__ops_keydata_t * data) | |
168 | { | 165 | { | |
169 | if (data->type != OPS_PTAG_CT_SECRET_KEY) | 166 | return (data->type == OPS_PTAG_CT_SECRET_KEY) ? &data->key.skey : NULL; | |
170 | return NULL; | |||
171 | ||||
172 | return &data->key.skey; | |||
173 | } | 167 | } | |
174 | 168 | |||
175 | typedef struct { | 169 | typedef struct { | |
176 | const __ops_keydata_t *key; | 170 | const __ops_keydata_t *key; | |
177 | char *pphrase; | 171 | char *pphrase; | |
178 | __ops_secret_key_t *skey; | 172 | __ops_secret_key_t *skey; | |
179 | } decrypt_t; | 173 | } decrypt_t; | |
180 | 174 | |||
181 | static __ops_parse_cb_return_t | 175 | static __ops_parse_cb_return_t | |
182 | decrypt_cb(const __ops_parser_content_t * contents, | 176 | decrypt_cb(const __ops_packet_t * contents, | |
183 | __ops_parse_cb_info_t * cbinfo) | 177 | __ops_parse_cb_info_t * cbinfo) | |
184 | { | 178 | { | |
185 | const __ops_parser_content_union_t *content = &contents->u; | 179 | const __ops_parser_content_union_t *content = &contents->u; | |
186 | decrypt_t *decrypt = __ops_parse_cb_get_arg(cbinfo); | 180 | decrypt_t *decrypt = __ops_parse_cb_get_arg(cbinfo); | |
187 | 181 | |||
188 | OPS_USED(cbinfo); | 182 | OPS_USED(cbinfo); | |
189 | 183 | |||
190 | switch (contents->tag) { | 184 | switch (contents->tag) { | |
191 | case OPS_PARSER_PTAG: | 185 | case OPS_PARSER_PTAG: | |
192 | case OPS_PTAG_CT_USER_ID: | 186 | case OPS_PTAG_CT_USER_ID: | |
193 | case OPS_PTAG_CT_SIGNATURE: | 187 | case OPS_PTAG_CT_SIGNATURE: | |
194 | case OPS_PTAG_CT_SIGNATURE_HEADER: | 188 | case OPS_PTAG_CT_SIGNATURE_HEADER: | |
195 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | 189 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | |
196 | case OPS_PTAG_CT_TRUST: | 190 | case OPS_PTAG_CT_TRUST: | |
197 | break; | 191 | break; | |
198 | 192 | |||
199 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 193 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
200 | *content->secret_key_passphrase.passphrase = decrypt->pphrase; | 194 | *content->skey_passphrase.passphrase = decrypt->pphrase; | |
201 | return OPS_KEEP_MEMORY; | 195 | return OPS_KEEP_MEMORY; | |
202 | 196 | |||
203 | case OPS_PARSER_ERRCODE: | 197 | case OPS_PARSER_ERRCODE: | |
204 | switch (content->errcode.errcode) { | 198 | switch (content->errcode.errcode) { | |
205 | case OPS_E_P_MPI_FORMAT_ERROR: | 199 | case OPS_E_P_MPI_FORMAT_ERROR: | |
206 | /* Generally this means a bad passphrase */ | 200 | /* Generally this means a bad passphrase */ | |
207 | fprintf(stderr, "Bad passphrase!\n"); | 201 | fprintf(stderr, "Bad passphrase!\n"); | |
208 | goto done; | 202 | return OPS_RELEASE_MEMORY; | |
209 | 203 | |||
210 | case OPS_E_P_PACKET_CONSUMED: | 204 | case OPS_E_P_PACKET_CONSUMED: | |
211 | /* And this is because of an error we've accepted */ | 205 | /* And this is because of an error we've accepted */ | |
212 | goto done; | 206 | return OPS_RELEASE_MEMORY; | |
213 | 207 | |||
214 | default: | 208 | default: | |
215 | fprintf(stderr, "parse error: %s\n", | 209 | fprintf(stderr, "parse error: %s\n", | |
216 | __ops_errcode(content->errcode.errcode)); | 210 | __ops_errcode(content->errcode.errcode)); | |
217 | assert( /* CONSTCOND */ 0); | 211 | return OPS_FINISHED; | |
218 | break; | |||
219 | } | 212 | } | |
220 | 213 | |||
221 | break; | 214 | break; | |
222 | 215 | |||
223 | case OPS_PARSER_ERROR: | 216 | case OPS_PARSER_ERROR: | |
224 | fprintf(stderr, "parse error: %s\n", content->error.error); | 217 | fprintf(stderr, "parse error: %s\n", content->error.error); | |
225 | assert( /* CONSTCOND */ 0); | 218 | return OPS_FINISHED; | |
226 | break; | |||
227 | 219 | |||
228 | case OPS_PTAG_CT_SECRET_KEY: | 220 | case OPS_PTAG_CT_SECRET_KEY: | |
229 | decrypt->skey = calloc(1, sizeof(*decrypt->skey)); | 221 | decrypt->skey = calloc(1, sizeof(*decrypt->skey)); | |
230 | *decrypt->skey = content->secret_key; | 222 | *decrypt->skey = content->secret_key; | |
231 | return OPS_KEEP_MEMORY; | 223 | return OPS_KEEP_MEMORY; | |
232 | 224 | |||
233 | case OPS_PARSER_PACKET_END: | 225 | case OPS_PARSER_PACKET_END: | |
234 | /* nothing to do */ | 226 | /* nothing to do */ | |
235 | break; | 227 | break; | |
236 | 228 | |||
237 | default: | 229 | default: | |
238 | fprintf(stderr, "Unexpected tag %d (0x%x)\n", contents->tag, | 230 | fprintf(stderr, "Unexpected tag %d (0x%x)\n", contents->tag, | |
239 | contents->tag); | 231 | contents->tag); | |
240 | assert( /* CONSTCOND */ 0); | 232 | return OPS_FINISHED; | |
241 | } | 233 | } | |
242 | 234 | |||
243 | done: | |||
244 | return OPS_RELEASE_MEMORY; | 235 | return OPS_RELEASE_MEMORY; | |
245 | } | 236 | } | |
246 | 237 | |||
247 | /** | 238 | /** | |
248 | \ingroup Core_Keys | 239 | \ingroup Core_Keys | |
249 | \brief Decrypts secret key from given keydata with given passphrase | 240 | \brief Decrypts secret key from given keydata with given passphrase | |
250 | \param key Key from which to get secret key | 241 | \param key Key from which to get secret key | |
251 | \param pphrase Passphrase to use to decrypt secret key | 242 | \param pphrase Passphrase to use to decrypt secret key | |
252 | \return secret key | 243 | \return secret key | |
253 | */ | 244 | */ | |
254 | __ops_secret_key_t * | 245 | __ops_secret_key_t * | |
255 | __ops_decrypt_secret_key_from_data(const __ops_keydata_t * key, | 246 | __ops_decrypt_secret_key_from_data(const __ops_keydata_t * key, | |
256 | const char *pphrase) | 247 | const char *pphrase) | |
@@ -258,27 +249,27 @@ __ops_decrypt_secret_key_from_data(const | @@ -258,27 +249,27 @@ __ops_decrypt_secret_key_from_data(const | |||
258 | __ops_parse_info_t *pinfo; | 249 | __ops_parse_info_t *pinfo; | |
259 | decrypt_t decrypt; | 250 | decrypt_t decrypt; | |
260 | 251 | |||
261 | (void) memset(&decrypt, 0x0, sizeof(decrypt)); | 252 | (void) memset(&decrypt, 0x0, sizeof(decrypt)); | |
262 | decrypt.key = key; | 253 | decrypt.key = key; | |
263 | decrypt.pphrase = strdup(pphrase); | 254 | decrypt.pphrase = strdup(pphrase); | |
264 | 255 | |||
265 | pinfo = __ops_parse_info_new(); | 256 | pinfo = __ops_parse_info_new(); | |
266 | 257 | |||
267 | __ops_keydata_reader_set(pinfo, key); | 258 | __ops_keydata_reader_set(pinfo, key); | |
268 | __ops_parse_cb_set(pinfo, decrypt_cb, &decrypt); | 259 | __ops_parse_cb_set(pinfo, decrypt_cb, &decrypt); | |
269 | pinfo->rinfo.accumulate = true; | 260 | pinfo->rinfo.accumulate = true; | |
270 | 261 | |||
271 | __ops_parse(pinfo); | 262 | __ops_parse(pinfo, 0); | |
272 | 263 | |||
273 | return decrypt.skey; | 264 | return decrypt.skey; | |
274 | } | 265 | } | |
275 | 266 | |||
276 | /** | 267 | /** | |
277 | \ingroup Core_Keys | 268 | \ingroup Core_Keys | |
278 | \brief Set secret key in content | 269 | \brief Set secret key in content | |
279 | \param content Content to be set | 270 | \param content Content to be set | |
280 | \param key Keydata to get secret key from | 271 | \param key Keydata to get secret key from | |
281 | */ | 272 | */ | |
282 | void | 273 | void | |
283 | __ops_set_secret_key(__ops_parser_content_union_t * content, const __ops_keydata_t * key) | 274 | __ops_set_secret_key(__ops_parser_content_union_t * content, const __ops_keydata_t * key) | |
284 | { | 275 | { | |
@@ -396,32 +387,32 @@ __ops_copy_userid(__ops_user_id_t * dst, | @@ -396,32 +387,32 @@ __ops_copy_userid(__ops_user_id_t * dst, | |||
396 | 387 | |||
397 | (void) memcpy(dst->user_id, src->user_id, len); | 388 | (void) memcpy(dst->user_id, src->user_id, len); | |
398 | } | 389 | } | |
399 | 390 | |||
400 | /* \todo check where pkt pointers are copied */ | 391 | /* \todo check where pkt pointers are copied */ | |
401 | /** | 392 | /** | |
402 | \ingroup Core_Keys | 393 | \ingroup Core_Keys | |
403 | \brief Copy packet, including contents | 394 | \brief Copy packet, including contents | |
404 | \param dst Destination packet | 395 | \param dst Destination packet | |
405 | \param src Source packet | 396 | \param src Source packet | |
406 | \note If dst already has a packet, it will be freed. | 397 | \note If dst already has a packet, it will be freed. | |
407 | */ | 398 | */ | |
408 | void | 399 | void | |
409 | __ops_copy_packet(__ops_packet_t * dst, const __ops_packet_t * src) | 400 | __ops_copy_packet(__ops_subpacket_t * dst, const __ops_subpacket_t * src) | |
410 | { | 401 | { | |
411 | if (dst->raw) | 402 | if (dst->raw) { | |
412 | free(dst->raw); | 403 | (void) free(dst->raw); | |
404 | } | |||
413 | dst->raw = calloc(1, src->length); | 405 | dst->raw = calloc(1, src->length); | |
414 | ||||
415 | dst->length = src->length; | 406 | dst->length = src->length; | |
416 | (void) memcpy(dst->raw, src->raw, src->length); | 407 | (void) memcpy(dst->raw, src->raw, src->length); | |
417 | } | 408 | } | |
418 | 409 | |||
419 | /** | 410 | /** | |
420 | \ingroup Core_Keys | 411 | \ingroup Core_Keys | |
421 | \brief Add User ID to keydata | 412 | \brief Add User ID to keydata | |
422 | \param keydata Key to which to add User ID | 413 | \param keydata Key to which to add User ID | |
423 | \param userid User ID to add | 414 | \param userid User ID to add | |
424 | \return Pointer to new User ID | 415 | \return Pointer to new User ID | |
425 | */ | 416 | */ | |
426 | __ops_user_id_t * | 417 | __ops_user_id_t * | |
427 | __ops_add_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * userid) | 418 | __ops_add_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * userid) | |
@@ -439,116 +430,112 @@ __ops_add_userid_to_keydata(__ops_keydat | @@ -439,116 +430,112 @@ __ops_add_userid_to_keydata(__ops_keydat | |||
439 | __ops_copy_userid(new_uid, userid); | 430 | __ops_copy_userid(new_uid, userid); | |
440 | keydata->nuids++; | 431 | keydata->nuids++; | |
441 | 432 | |||
442 | return new_uid; | 433 | return new_uid; | |
443 | } | 434 | } | |
444 | 435 | |||
445 | /** | 436 | /** | |
446 | \ingroup Core_Keys | 437 | \ingroup Core_Keys | |
447 | \brief Add packet to key | 438 | \brief Add packet to key | |
448 | \param keydata Key to which to add packet | 439 | \param keydata Key to which to add packet | |
449 | \param packet Packet to add | 440 | \param packet Packet to add | |
450 | \return Pointer to new packet | 441 | \return Pointer to new packet | |
451 | */ | 442 | */ | |
452 | __ops_packet_t * | 443 | __ops_subpacket_t * | |
453 | __ops_add_packet_to_keydata(__ops_keydata_t * keydata, const __ops_packet_t * packet) | 444 | __ops_add_packet_to_keydata(__ops_keydata_t * keydata, const __ops_subpacket_t * packet) | |
454 | { | 445 | { | |
455 | __ops_packet_t *new_pkt = NULL; | 446 | __ops_subpacket_t *new_pkt = NULL; | |
456 | 447 | |||
457 | EXPAND_ARRAY(keydata, packets); | 448 | EXPAND_ARRAY(keydata, packets); | |
458 | 449 | |||
459 | /* initialise new entry in array */ | 450 | /* initialise new entry in array */ | |
460 | new_pkt = &keydata->packets[keydata->npackets]; | 451 | new_pkt = &keydata->packets[keydata->npackets]; | |
461 | new_pkt->length = 0; | 452 | new_pkt->length = 0; | |
462 | new_pkt->raw = NULL; | 453 | new_pkt->raw = NULL; | |
463 | 454 | |||
464 | /* now copy it */ | 455 | /* now copy it */ | |
465 | __ops_copy_packet(new_pkt, packet); | 456 | __ops_copy_packet(new_pkt, packet); | |
466 | keydata->npackets++; | 457 | keydata->npackets++; | |
467 | 458 | |||
468 | return new_pkt; | 459 | return new_pkt; | |
469 | } | 460 | } | |
470 | 461 | |||
471 | /** | 462 | /** | |
472 | \ingroup Core_Keys | 463 | \ingroup Core_Keys | |
473 | \brief Add signed User ID to key | 464 | \brief Add signed User ID to key | |
474 | \param keydata Key to which to add signed User ID | 465 | \param keydata Key to which to add signed User ID | |
475 | \param user_id User ID to add | 466 | \param user_id User ID to add | |
476 | \param sigpacket Packet to add | 467 | \param sigpacket Packet to add | |
477 | */ | 468 | */ | |
478 | void | 469 | void | |
479 | __ops_add_signed_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * user_id, const __ops_packet_t * sigpacket) | 470 | __ops_add_signed_userid_to_keydata(__ops_keydata_t * keydata, const __ops_user_id_t * user_id, const __ops_subpacket_t * sigpacket) | |
480 | { | 471 | { | |
481 | /* int i=0; */ | 472 | __ops_subpacket_t *pkt = NULL; | |
482 | __ops_user_id_t *uid = NULL; | 473 | __ops_user_id_t *uid = NULL; | |
483 | __ops_packet_t *pkt = NULL; | |||
484 | 474 | |||
485 | uid = __ops_add_userid_to_keydata(keydata, user_id); | 475 | uid = __ops_add_userid_to_keydata(keydata, user_id); | |
486 | pkt = __ops_add_packet_to_keydata(keydata, sigpacket); | 476 | pkt = __ops_add_packet_to_keydata(keydata, sigpacket); | |
487 | 477 | |||
488 | /* | 478 | /* | |
489 | * add entry in sigs array to link the userid and sigpacket | 479 | * add entry in sigs array to link the userid and sigpacket | |
490 | */ | 480 | * and add ptr to it from the sigs array */ | |
491 | ||||
492 | /* and add ptr to it from the sigs array */ | |||
493 | EXPAND_ARRAY(keydata, sigs); | 481 | EXPAND_ARRAY(keydata, sigs); | |
494 | 482 | |||
495 | /**setup new entry in array */ | 483 | /**setup new entry in array */ | |
496 | ||||
497 | keydata->sigs[keydata->nsigs].userid = uid; | 484 | keydata->sigs[keydata->nsigs].userid = uid; | |
498 | keydata->sigs[keydata->nsigs].packet = pkt; | 485 | keydata->sigs[keydata->nsigs].packet = pkt; | |
499 | 486 | |||
500 | keydata->nsigs++; | 487 | keydata->nsigs++; | |
501 | } | 488 | } | |
502 | 489 | |||
503 | /** | 490 | /** | |
504 | \ingroup Core_Keys | 491 | \ingroup Core_Keys | |
505 | \brief Add selfsigned User ID to key | 492 | \brief Add selfsigned User ID to key | |
506 | \param keydata Key to which to add user ID | 493 | \param keydata Key to which to add user ID | |
507 | \param userid Self-signed User ID to add | 494 | \param userid Self-signed User ID to add | |
508 | \return true if OK; else false | 495 | \return true if OK; else false | |
509 | */ | 496 | */ | |
510 | bool | 497 | bool | |
511 | __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t * keydata, __ops_user_id_t * userid) | 498 | __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t * keydata, __ops_user_id_t * userid) | |
512 | { | 499 | { | |
513 | __ops_packet_t sigpacket; | 500 | __ops_subpacket_t sigpacket; | |
514 | 501 | |||
515 | __ops_memory_t *mem_userid = NULL; | 502 | __ops_memory_t *mem_userid = NULL; | |
516 | __ops_create_info_t *cinfo_userid = NULL; | 503 | __ops_create_info_t *cinfo_userid = NULL; | |
517 | 504 | |||
518 | __ops_memory_t *mem_sig = NULL; | 505 | __ops_memory_t *mem_sig = NULL; | |
519 | __ops_create_info_t *cinfo_sig = NULL; | 506 | __ops_create_info_t *cinfo_sig = NULL; | |
520 | 507 | |||
521 | __ops_create_signature_t *sig = NULL; | 508 | __ops_create_signature_t *sig = NULL; | |
522 | 509 | |||
523 | /* | 510 | /* | |
524 | * create signature packet for this userid | 511 | * create signature packet for this userid | |
525 | */ | 512 | */ | |
526 | 513 | |||
527 | /* create userid pkt */ | 514 | /* create userid pkt */ | |
528 | __ops_setup_memory_write(&cinfo_userid, &mem_userid, 128); | 515 | __ops_setup_memory_write(&cinfo_userid, &mem_userid, 128); | |
529 | __ops_write_struct_user_id(userid, cinfo_userid); | 516 | __ops_write_struct_user_id(userid, cinfo_userid); | |
530 | 517 | |||
531 | /* create sig for this pkt */ | 518 | /* create sig for this pkt */ | |
532 | 519 | |||
533 | sig = __ops_create_signature_new(); | 520 | sig = __ops_create_signature_new(); | |
534 | __ops_signature_start_key_signature(sig, &keydata->key.skey.public_key, userid, OPS_CERT_POSITIVE); | 521 | __ops_signature_start_key_signature(sig, &keydata->key.skey.pubkey, userid, OPS_CERT_POSITIVE); | |
535 | __ops_signature_add_creation_time(sig, time(NULL)); | 522 | __ops_signature_add_creation_time(sig, time(NULL)); | |
536 | __ops_signature_add_issuer_key_id(sig, keydata->key_id); | 523 | __ops_signature_add_issuer_key_id(sig, keydata->key_id); | |
537 | __ops_signature_add_primary_user_id(sig, true); | 524 | __ops_signature_add_primary_user_id(sig, true); | |
538 | __ops_signature_hashed_subpackets_end(sig); | 525 | __ops_signature_hashed_subpackets_end(sig); | |
539 | 526 | |||
540 | __ops_setup_memory_write(&cinfo_sig, &mem_sig, 128); | 527 | __ops_setup_memory_write(&cinfo_sig, &mem_sig, 128); | |
541 | __ops_write_signature(sig, &keydata->key.skey.public_key, &keydata->key.skey, cinfo_sig); | 528 | __ops_write_signature(sig, &keydata->key.skey.pubkey, &keydata->key.skey, cinfo_sig); | |
542 | 529 | |||
543 | /* add this packet to keydata */ | 530 | /* add this packet to keydata */ | |
544 | 531 | |||
545 | sigpacket.length = __ops_memory_get_length(mem_sig); | 532 | sigpacket.length = __ops_memory_get_length(mem_sig); | |
546 | sigpacket.raw = __ops_memory_get_data(mem_sig); | 533 | sigpacket.raw = __ops_memory_get_data(mem_sig); | |
547 | 534 | |||
548 | /* add userid to keydata */ | 535 | /* add userid to keydata */ | |
549 | __ops_add_signed_userid_to_keydata(keydata, userid, &sigpacket); | 536 | __ops_add_signed_userid_to_keydata(keydata, userid, &sigpacket); | |
550 | 537 | |||
551 | /* cleanup */ | 538 | /* cleanup */ | |
552 | __ops_create_signature_delete(sig); | 539 | __ops_create_signature_delete(sig); | |
553 | __ops_create_info_delete(cinfo_userid); | 540 | __ops_create_info_delete(cinfo_userid); | |
554 | __ops_create_info_delete(cinfo_sig); | 541 | __ops_create_info_delete(cinfo_sig); | |
@@ -557,54 +544,59 @@ __ops_add_selfsigned_userid_to_keydata(_ | @@ -557,54 +544,59 @@ __ops_add_selfsigned_userid_to_keydata(_ | |||
557 | 544 | |||
558 | return true; | 545 | return true; | |
559 | } | 546 | } | |
560 | 547 | |||
561 | /** | 548 | /** | |
562 | \ingroup Core_Keys | 549 | \ingroup Core_Keys | |
563 | \brief Initialise __ops_keydata_t | 550 | \brief Initialise __ops_keydata_t | |
564 | \param keydata Keydata to initialise | 551 | \param keydata Keydata to initialise | |
565 | \param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY | 552 | \param type OPS_PTAG_CT_PUBLIC_KEY or OPS_PTAG_CT_SECRET_KEY | |
566 | */ | 553 | */ | |
567 | void | 554 | void | |
568 | __ops_keydata_init(__ops_keydata_t * keydata, const __ops_content_tag_t type) | 555 | __ops_keydata_init(__ops_keydata_t * keydata, const __ops_content_tag_t type) | |
569 | { | 556 | { | |
570 | assert(keydata->type == OPS_PTAG_CT_RESERVED); | 557 | if (keydata->type != OPS_PTAG_CT_RESERVED) { | |
571 | assert(type == OPS_PTAG_CT_PUBLIC_KEY || type == OPS_PTAG_CT_SECRET_KEY); | 558 | (void) fprintf(stderr, | |
572 | 559 | "__ops_keydata_init: wrong keydata type\n"); | ||
573 | keydata->type = type; | 560 | } else if (type != OPS_PTAG_CT_PUBLIC_KEY && | |
561 | type != OPS_PTAG_CT_SECRET_KEY) { | |||
562 | (void) fprintf(stderr, "__ops_keydata_init: wrong type\n"); | |||
563 | } else { | |||
564 | keydata->type = type; | |||
565 | } | |||
574 | } | 566 | } | |
575 | 567 | |||
576 | /** | 568 | /** | |
577 | Example Usage: | 569 | Example Usage: | |
578 | \code | 570 | \code | |
579 | 571 | |||
580 | // definition of variables | 572 | // definition of variables | |
581 | __ops_keyring_t keyring; | 573 | __ops_keyring_t keyring; | |
582 | char* filename="~/.gnupg/pubring.gpg"; | 574 | char* filename="~/.gnupg/pubring.gpg"; | |
583 | 575 | |||
584 | // Read keyring from file | 576 | // Read keyring from file | |
585 | __ops_keyring_read_from_file(&keyring,filename); | 577 | __ops_keyring_read_from_file(&keyring,filename); | |
586 | 578 | |||
587 | // do actions using keyring | 579 | // do actions using keyring | |
588 | ... | 580 | ... | |
589 | 581 | |||
590 | // Free memory alloc-ed in __ops_keyring_read_from_file() | 582 | // Free memory alloc-ed in __ops_keyring_read_from_file() | |
591 | __ops_keyring_free(keyring); | 583 | __ops_keyring_free(keyring); | |
592 | \endcode | 584 | \endcode | |
593 | */ | 585 | */ | |
594 | 586 | |||
595 | 587 | |||
596 | static __ops_parse_cb_return_t | 588 | static __ops_parse_cb_return_t | |
597 | cb_keyring_read(const __ops_parser_content_t * contents, | 589 | cb_keyring_read(const __ops_packet_t * contents, | |
598 | __ops_parse_cb_info_t * cbinfo) | 590 | __ops_parse_cb_info_t * cbinfo) | |
599 | { | 591 | { | |
600 | OPS_USED(cbinfo); | 592 | OPS_USED(cbinfo); | |
601 | 593 | |||
602 | switch (contents->tag) { | 594 | switch (contents->tag) { | |
603 | case OPS_PARSER_PTAG: | 595 | case OPS_PARSER_PTAG: | |
604 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: /* we get these because we | 596 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: /* we get these because we | |
605 | * didn't prompt */ | 597 | * didn't prompt */ | |
606 | case OPS_PTAG_CT_SIGNATURE_HEADER: | 598 | case OPS_PTAG_CT_SIGNATURE_HEADER: | |
607 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | 599 | case OPS_PTAG_CT_SIGNATURE_FOOTER: | |
608 | case OPS_PTAG_CT_SIGNATURE: | 600 | case OPS_PTAG_CT_SIGNATURE: | |
609 | case OPS_PTAG_CT_TRUST: | 601 | case OPS_PTAG_CT_TRUST: | |
610 | case OPS_PARSER_ERRCODE: | 602 | case OPS_PARSER_ERRCODE: |
--- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c 2009/04/30 04:57:57 1.3
+++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c 2009/05/05 01:28:15 1.4
@@ -34,68 +34,68 @@ | @@ -34,68 +34,68 @@ | |||
34 | #ifdef HAVE_OPENSSL_DSA_H | 34 | #ifdef HAVE_OPENSSL_DSA_H | |
35 | #include <openssl/dsa.h> | 35 | #include <openssl/dsa.h> | |
36 | #endif | 36 | #endif | |
37 | 37 | |||
38 | #ifdef HAVE_OPENSSL_RSA_H | 38 | #ifdef HAVE_OPENSSL_RSA_H | |
39 | #include <openssl/rsa.h> | 39 | #include <openssl/rsa.h> | |
40 | #endif | 40 | #endif | |
41 | 41 | |||
42 | #ifdef HAVE_OPENSSL_ERR_H | 42 | #ifdef HAVE_OPENSSL_ERR_H | |
43 | #include <openssl/err.h> | 43 | #include <openssl/err.h> | |
44 | #endif | 44 | #endif | |
45 | 45 | |||
46 | 46 | |||
47 | #ifdef HAVE_ASSERT_H | |||
48 | #include <assert.h> | |||
49 | #endif | |||
50 | ||||
51 | #include <stdlib.h> | 47 | #include <stdlib.h> | |
52 | 48 | |||
53 | /* Apple */ | 49 | /* Apple */ | |
54 | #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H | 50 | #ifdef HAVE_COMMONCRYPTO_COMMONDIGEST_H | |
55 | #undef MD5_DIGEST_LENGTH | 51 | #undef MD5_DIGEST_LENGTH | |
56 | #undef SHA_DIGEST_LENGTH | 52 | #undef SHA_DIGEST_LENGTH | |
57 | #define COMMON_DIGEST_FOR_OPENSSL 1 | 53 | #define COMMON_DIGEST_FOR_OPENSSL 1 | |
58 | #include <CommonCrypto/CommonDigest.h> | 54 | #include <CommonCrypto/CommonDigest.h> | |
59 | #endif | 55 | #endif | |
60 | 56 | |||
61 | #include "crypto.h" | 57 | #include "crypto.h" | |
62 | #include "keyring.h" | 58 | #include "keyring.h" | |
63 | ||||
64 | #include "readerwriter.h" | 59 | #include "readerwriter.h" | |
65 | #include "netpgpdefs.h" | 60 | #include "netpgpdefs.h" | |
66 | #include "keyring_local.h" | 61 | #include "keyring_local.h" | |
67 | 62 | |||
68 | 63 | |||
69 | static void | 64 | static void | |
70 | test_secret_key(const __ops_secret_key_t * skey) | 65 | test_secret_key(const __ops_secret_key_t * skey) | |
71 | { | 66 | { | |
72 | RSA *test = RSA_new(); | 67 | RSA *test = RSA_new(); | |
73 | 68 | |||
74 | test->n = BN_dup(skey->public_key.key.rsa.n); | 69 | test->n = BN_dup(skey->pubkey.key.rsa.n); | |
75 | test->e = BN_dup(skey->public_key.key.rsa.e); | 70 | test->e = BN_dup(skey->pubkey.key.rsa.e); | |
76 | 71 | |||
77 | test->d = BN_dup(skey->key.rsa.d); | 72 | test->d = BN_dup(skey->key.rsa.d); | |
78 | test->p = BN_dup(skey->key.rsa.p); | 73 | test->p = BN_dup(skey->key.rsa.p); | |
79 | test->q = BN_dup(skey->key.rsa.q); | 74 | test->q = BN_dup(skey->key.rsa.q); | |
80 | 75 | |||
81 | assert(RSA_check_key(test) == 1); | 76 | if (RSA_check_key(test) != 1) { | |
77 | (void) fprintf(stderr, | |||
78 | "test_secret_key: RSA_check_key failed\n"); | |||
79 | } | |||
82 | RSA_free(test); | 80 | RSA_free(test); | |
83 | } | 81 | } | |
84 | 82 | |||
85 | static void | 83 | static void | |
86 | md5_init(__ops_hash_t * hash) | 84 | md5_init(__ops_hash_t * hash) | |
87 | { | 85 | { | |
88 | assert(!hash->data); | 86 | if (hash->data) { | |
87 | (void) fprintf(stderr, "md5_init: hash data non-null\n"); | |||
88 | } | |||
89 | hash->data = calloc(1, sizeof(MD5_CTX)); | 89 | hash->data = calloc(1, sizeof(MD5_CTX)); | |
90 | MD5_Init(hash->data); | 90 | MD5_Init(hash->data); | |
91 | } | 91 | } | |
92 | 92 | |||
93 | static void | 93 | static void | |
94 | md5_add(__ops_hash_t * hash, const unsigned char *data, unsigned length) | 94 | md5_add(__ops_hash_t * hash, const unsigned char *data, unsigned length) | |
95 | { | 95 | { | |
96 | MD5_Update(hash->data, data, length); | 96 | MD5_Update(hash->data, data, length); | |
97 | } | 97 | } | |
98 | 98 | |||
99 | static unsigned | 99 | static unsigned | |
100 | md5_finish(__ops_hash_t * hash, unsigned char *out) | 100 | md5_finish(__ops_hash_t * hash, unsigned char *out) | |
101 | { | 101 | { | |
@@ -115,27 +115,29 @@ md5_finish, NULL}; | @@ -115,27 +115,29 @@ md5_finish, NULL}; | |||
115 | */ | 115 | */ | |
116 | void | 116 | void | |
117 | __ops_hash_md5(__ops_hash_t * hash) | 117 | __ops_hash_md5(__ops_hash_t * hash) | |
118 | { | 118 | { | |
119 | *hash = md5; | 119 | *hash = md5; | |
120 | } | 120 | } | |
121 | 121 | |||
122 | static void | 122 | static void | |
123 | sha1_init(__ops_hash_t * hash) | 123 | sha1_init(__ops_hash_t * hash) | |
124 | { | 124 | { | |
125 | if (__ops_get_debug_level(__FILE__)) { | 125 | if (__ops_get_debug_level(__FILE__)) { | |
126 | fprintf(stderr, "***\n***\nsha1_init\n***\n"); | 126 | fprintf(stderr, "***\n***\nsha1_init\n***\n"); | |
127 | } | 127 | } | |
128 | assert(!hash->data); | 128 | if (hash->data) { | |
129 | (void) fprintf(stderr, "sha1_init: hash data non-null\n"); | |||
130 | } | |||
129 | hash->data = calloc(1, sizeof(SHA_CTX)); | 131 | hash->data = calloc(1, sizeof(SHA_CTX)); | |
130 | SHA1_Init(hash->data); | 132 | SHA1_Init(hash->data); | |
131 | } | 133 | } | |
132 | 134 | |||
133 | static void | 135 | static void | |
134 | sha1_add(__ops_hash_t * hash, const unsigned char *data, | 136 | sha1_add(__ops_hash_t * hash, const unsigned char *data, | |
135 | unsigned length) | 137 | unsigned length) | |
136 | { | 138 | { | |
137 | if (__ops_get_debug_level(__FILE__)) { | 139 | if (__ops_get_debug_level(__FILE__)) { | |
138 | unsigned int i = 0; | 140 | unsigned int i = 0; | |
139 | fprintf(stderr, "adding %d to hash:\n ", length); | 141 | fprintf(stderr, "adding %d to hash:\n ", length); | |
140 | for (i = 0; i < length; i++) { | 142 | for (i = 0; i < length; i++) { | |
141 | fprintf(stderr, "0x%02x ", data[i]); | 143 | fprintf(stderr, "0x%02x ", data[i]); | |
@@ -175,27 +177,29 @@ sha1_add, sha1_finish, NULL}; | @@ -175,27 +177,29 @@ sha1_add, sha1_finish, NULL}; | |||
175 | */ | 177 | */ | |
176 | void | 178 | void | |
177 | __ops_hash_sha1(__ops_hash_t * hash) | 179 | __ops_hash_sha1(__ops_hash_t * hash) | |
178 | { | 180 | { | |
179 | *hash = sha1; | 181 | *hash = sha1; | |
180 | } | 182 | } | |
181 | 183 | |||
182 | static void | 184 | static void | |
183 | sha256_init(__ops_hash_t * hash) | 185 | sha256_init(__ops_hash_t * hash) | |
184 | { | 186 | { | |
185 | if (__ops_get_debug_level(__FILE__)) { | 187 | if (__ops_get_debug_level(__FILE__)) { | |
186 | fprintf(stderr, "***\n***\nsha256_init\n***\n"); | 188 | fprintf(stderr, "***\n***\nsha256_init\n***\n"); | |
187 | } | 189 | } | |
188 | assert(!hash->data); | 190 | if (hash->data) { | |
191 | (void) fprintf(stderr, "sha256_init: hash data non-null\n"); | |||
192 | } | |||
189 | hash->data = calloc(1, sizeof(SHA256_CTX)); | 193 | hash->data = calloc(1, sizeof(SHA256_CTX)); | |
190 | SHA256_Init(hash->data); | 194 | SHA256_Init(hash->data); | |
191 | } | 195 | } | |
192 | 196 | |||
193 | static void | 197 | static void | |
194 | sha256_add(__ops_hash_t * hash, const unsigned char *data, | 198 | sha256_add(__ops_hash_t * hash, const unsigned char *data, | |
195 | unsigned length) | 199 | unsigned length) | |
196 | { | 200 | { | |
197 | if (__ops_get_debug_level(__FILE__)) { | 201 | if (__ops_get_debug_level(__FILE__)) { | |
198 | unsigned int i = 0; | 202 | unsigned int i = 0; | |
199 | fprintf(stderr, "adding %d to hash:\n ", length); | 203 | fprintf(stderr, "adding %d to hash:\n ", length); | |
200 | for (i = 0; i < length; i++) { | 204 | for (i = 0; i < length; i++) { | |
201 | fprintf(stderr, "0x%02x ", data[i]); | 205 | fprintf(stderr, "0x%02x ", data[i]); | |
@@ -234,27 +238,29 @@ __ops_hash_sha256(__ops_hash_t * hash) | @@ -234,27 +238,29 @@ __ops_hash_sha256(__ops_hash_t * hash) | |||
234 | *hash = sha256; | 238 | *hash = sha256; | |
235 | } | 239 | } | |
236 | 240 | |||
237 | /* | 241 | /* | |
238 | * SHA384 | 242 | * SHA384 | |
239 | */ | 243 | */ | |
240 | 244 | |||
241 | static void | 245 | static void | |
242 | sha384_init(__ops_hash_t * hash) | 246 | sha384_init(__ops_hash_t * hash) | |
243 | { | 247 | { | |
244 | if (__ops_get_debug_level(__FILE__)) { | 248 | if (__ops_get_debug_level(__FILE__)) { | |
245 | fprintf(stderr, "***\n***\nsha384_init\n***\n"); | 249 | fprintf(stderr, "***\n***\nsha384_init\n***\n"); | |
246 | } | 250 | } | |
247 | assert(!hash->data); | 251 | if (hash->data) { | |
252 | (void) fprintf(stderr, "sha384_init: hash data non-null\n"); | |||
253 | } | |||
248 | hash->data = calloc(1, sizeof(SHA512_CTX)); | 254 | hash->data = calloc(1, sizeof(SHA512_CTX)); | |
249 | SHA384_Init(hash->data); | 255 | SHA384_Init(hash->data); | |
250 | } | 256 | } | |
251 | 257 | |||
252 | static void | 258 | static void | |
253 | sha384_add(__ops_hash_t * hash, const unsigned char *data, | 259 | sha384_add(__ops_hash_t * hash, const unsigned char *data, | |
254 | unsigned length) | 260 | unsigned length) | |
255 | { | 261 | { | |
256 | if (__ops_get_debug_level(__FILE__)) { | 262 | if (__ops_get_debug_level(__FILE__)) { | |
257 | unsigned int i = 0; | 263 | unsigned int i = 0; | |
258 | fprintf(stderr, "adding %d to hash:\n ", length); | 264 | fprintf(stderr, "adding %d to hash:\n ", length); | |
259 | for (i = 0; i < length; i++) { | 265 | for (i = 0; i < length; i++) { | |
260 | fprintf(stderr, "0x%02x ", data[i]); | 266 | fprintf(stderr, "0x%02x ", data[i]); | |
@@ -293,27 +299,29 @@ __ops_hash_sha384(__ops_hash_t * hash) | @@ -293,27 +299,29 @@ __ops_hash_sha384(__ops_hash_t * hash) | |||
293 | *hash = sha384; | 299 | *hash = sha384; | |
294 | } | 300 | } | |
295 | 301 | |||
296 | /* | 302 | /* | |
297 | * SHA512 | 303 | * SHA512 | |
298 | */ | 304 | */ | |
299 | 305 | |||
300 | static void | 306 | static void | |
301 | sha512_init(__ops_hash_t * hash) | 307 | sha512_init(__ops_hash_t * hash) | |
302 | { | 308 | { | |
303 | if (__ops_get_debug_level(__FILE__)) { | 309 | if (__ops_get_debug_level(__FILE__)) { | |
304 | fprintf(stderr, "***\n***\nsha512_init\n***\n"); | 310 | fprintf(stderr, "***\n***\nsha512_init\n***\n"); | |
305 | } | 311 | } | |
306 | assert(!hash->data); | 312 | if (hash->data) { | |
313 | (void) fprintf(stderr, "sha512_init: hash data non-null\n"); | |||
314 | } | |||
307 | hash->data = calloc(1, sizeof(SHA512_CTX)); | 315 | hash->data = calloc(1, sizeof(SHA512_CTX)); | |
308 | SHA512_Init(hash->data); | 316 | SHA512_Init(hash->data); | |
309 | } | 317 | } | |
310 | 318 | |||
311 | static void | 319 | static void | |
312 | sha512_add(__ops_hash_t * hash, const unsigned char *data, | 320 | sha512_add(__ops_hash_t * hash, const unsigned char *data, | |
313 | unsigned length) | 321 | unsigned length) | |
314 | { | 322 | { | |
315 | if (__ops_get_debug_level(__FILE__)) { | 323 | if (__ops_get_debug_level(__FILE__)) { | |
316 | unsigned int i = 0; | 324 | unsigned int i = 0; | |
317 | fprintf(stderr, "adding %d to hash:\n ", length); | 325 | fprintf(stderr, "adding %d to hash:\n ", length); | |
318 | for (i = 0; i < length; i++) { | 326 | for (i = 0; i < length; i++) { | |
319 | fprintf(stderr, "0x%02x ", data[i]); | 327 | fprintf(stderr, "0x%02x ", data[i]); | |
@@ -352,27 +360,29 @@ __ops_hash_sha512(__ops_hash_t * hash) | @@ -352,27 +360,29 @@ __ops_hash_sha512(__ops_hash_t * hash) | |||
352 | *hash = sha512; | 360 | *hash = sha512; | |
353 | } | 361 | } | |
354 | 362 | |||
355 | /* | 363 | /* | |
356 | * SHA224 | 364 | * SHA224 | |
357 | */ | 365 | */ | |
358 | 366 | |||
359 | static void | 367 | static void | |
360 | sha224_init(__ops_hash_t * hash) | 368 | sha224_init(__ops_hash_t * hash) | |
361 | { | 369 | { | |
362 | if (__ops_get_debug_level(__FILE__)) { | 370 | if (__ops_get_debug_level(__FILE__)) { | |
363 | fprintf(stderr, "***\n***\nsha1_init\n***\n"); | 371 | fprintf(stderr, "***\n***\nsha1_init\n***\n"); | |
364 | } | 372 | } | |
365 | assert(!hash->data); | 373 | if (hash->data) { | |
374 | (void) fprintf(stderr, "sha224_init: hash data non-null\n"); | |||
375 | } | |||
366 | hash->data = calloc(1, sizeof(SHA256_CTX)); | 376 | hash->data = calloc(1, sizeof(SHA256_CTX)); | |
367 | SHA224_Init(hash->data); | 377 | SHA224_Init(hash->data); | |
368 | } | 378 | } | |
369 | 379 | |||
370 | static void | 380 | static void | |
371 | sha224_add(__ops_hash_t * hash, const unsigned char *data, | 381 | sha224_add(__ops_hash_t * hash, const unsigned char *data, | |
372 | unsigned length) | 382 | unsigned length) | |
373 | { | 383 | { | |
374 | if (__ops_get_debug_level(__FILE__)) { | 384 | if (__ops_get_debug_level(__FILE__)) { | |
375 | unsigned int i = 0; | 385 | unsigned int i = 0; | |
376 | fprintf(stderr, "adding %d to hash:\n ", length); | 386 | fprintf(stderr, "adding %d to hash:\n ", length); | |
377 | for (i = 0; i < length; i++) { | 387 | for (i = 0; i < length; i++) { | |
378 | fprintf(stderr, "0x%02x ", data[i]); | 388 | fprintf(stderr, "0x%02x ", data[i]); | |
@@ -439,27 +449,31 @@ __ops_dsa_verify(const unsigned char *ha | @@ -439,27 +449,31 @@ __ops_dsa_verify(const unsigned char *ha | |||
439 | } | 449 | } | |
440 | fprintf(stderr, "\n"); | 450 | fprintf(stderr, "\n"); | |
441 | } | 451 | } | |
442 | /* printf("hash_length=%ld\n", hash_length); */ | 452 | /* printf("hash_length=%ld\n", hash_length); */ | |
443 | /* printf("Q=%d\n", BN_num_bytes(odsa->q)); */ | 453 | /* printf("Q=%d\n", BN_num_bytes(odsa->q)); */ | |
444 | qlen = BN_num_bytes(odsa->q); | 454 | qlen = BN_num_bytes(odsa->q); | |
445 | if (qlen < hash_length) | 455 | if (qlen < hash_length) | |
446 | hash_length = qlen; | 456 | hash_length = qlen; | |
447 | /* ret=DSA_do_verify(hash,hash_length,osig,odsa); */ | 457 | /* ret=DSA_do_verify(hash,hash_length,osig,odsa); */ | |
448 | ret = DSA_do_verify(hash, (int)hash_length, osig, odsa); | 458 | ret = DSA_do_verify(hash, (int)hash_length, osig, odsa); | |
449 | if (__ops_get_debug_level(__FILE__)) { | 459 | if (__ops_get_debug_level(__FILE__)) { | |
450 | fprintf(stderr, "ret=%d\n", ret); | 460 | fprintf(stderr, "ret=%d\n", ret); | |
451 | } | 461 | } | |
452 | assert(ret >= 0); | 462 | if (ret < 0) { | |
463 | (void) fprintf(stderr, | |||
464 | "__ops_do_verify: DSA_do_verify failed\n"); | |||
465 | return 0; | |||
466 | } | |||
453 | 467 | |||
454 | odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL; | 468 | odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL; | |
455 | DSA_free(odsa); | 469 | DSA_free(odsa); | |
456 | 470 | |||
457 | osig->r = osig->s = NULL; | 471 | osig->r = osig->s = NULL; | |
458 | DSA_SIG_free(osig); | 472 | DSA_SIG_free(osig); | |
459 | 473 | |||
460 | return ret != 0; | 474 | return ret != 0; | |
461 | } | 475 | } | |
462 | 476 | |||
463 | /** | 477 | /** | |
464 | \ingroup Core_Crypto | 478 | \ingroup Core_Crypto | |
465 | \brief Recovers message digest from the signature | 479 | \brief Recovers message digest from the signature | |
@@ -507,28 +521,34 @@ __ops_rsa_private_encrypt(unsigned char | @@ -507,28 +521,34 @@ __ops_rsa_private_encrypt(unsigned char | |||
507 | int n; | 521 | int n; | |
508 | 522 | |||
509 | orsa = RSA_new(); | 523 | orsa = RSA_new(); | |
510 | orsa->n = rsa->n; /* XXX: do we need n? */ | 524 | orsa->n = rsa->n; /* XXX: do we need n? */ | |
511 | orsa->d = srsa->d; | 525 | orsa->d = srsa->d; | |
512 | orsa->p = srsa->q; | 526 | orsa->p = srsa->q; | |
513 | orsa->q = srsa->p; | 527 | orsa->q = srsa->p; | |
514 | 528 | |||
515 | /* debug */ | 529 | /* debug */ | |
516 | orsa->e = rsa->e; | 530 | orsa->e = rsa->e; | |
517 | /* If this isn't set, it's very likely that the programmer hasn't */ | 531 | /* If this isn't set, it's very likely that the programmer hasn't */ | |
518 | /* decrypted the secret key. RSA_check_key segfaults in that case. */ | 532 | /* decrypted the secret key. RSA_check_key segfaults in that case. */ | |
519 | /* Use __ops_decrypt_secret_key_from_data() to do that. */ | 533 | /* Use __ops_decrypt_secret_key_from_data() to do that. */ | |
520 | assert(orsa->d); | 534 | if (orsa->d == NULL) { | |
521 | assert(RSA_check_key(orsa) == 1); | 535 | (void) fprintf(stderr, "orsa is not set\n"); | |
536 | return 0; | |||
537 | } | |||
538 | if (RSA_check_key(orsa) != 1) { | |||
539 | (void) fprintf(stderr, "RSA_check_key is not set\n"); | |||
540 | return 0; | |||
541 | } | |||
522 | /* end debug */ | 542 | /* end debug */ | |
523 | 543 | |||
524 | n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING); | 544 | n = RSA_private_encrypt((int)length, in, out, orsa, RSA_NO_PADDING); | |
525 | 545 | |||
526 | orsa->n = orsa->d = orsa->p = orsa->q = NULL; | 546 | orsa->n = orsa->d = orsa->p = orsa->q = NULL; | |
527 | RSA_free(orsa); | 547 | RSA_free(orsa); | |
528 | 548 | |||
529 | return n; | 549 | return n; | |
530 | } | 550 | } | |
531 | 551 | |||
532 | /** | 552 | /** | |
533 | \ingroup Core_Crypto | 553 | \ingroup Core_Crypto | |
534 | \brief Decrypts RSA-encrypted data | 554 | \brief Decrypts RSA-encrypted data | |
@@ -546,27 +566,30 @@ __ops_rsa_private_decrypt(unsigned char | @@ -546,27 +566,30 @@ __ops_rsa_private_decrypt(unsigned char | |||
546 | { | 566 | { | |
547 | RSA *orsa; | 567 | RSA *orsa; | |
548 | int n; | 568 | int n; | |
549 | char errbuf[1024]; | 569 | char errbuf[1024]; | |
550 | 570 | |||
551 | orsa = RSA_new(); | 571 | orsa = RSA_new(); | |
552 | orsa->n = rsa->n; /* XXX: do we need n? */ | 572 | orsa->n = rsa->n; /* XXX: do we need n? */ | |
553 | orsa->d = srsa->d; | 573 | orsa->d = srsa->d; | |
554 | orsa->p = srsa->q; | 574 | orsa->p = srsa->q; | |
555 | orsa->q = srsa->p; | 575 | orsa->q = srsa->p; | |
556 | 576 | |||
557 | /* debug */ | 577 | /* debug */ | |
558 | orsa->e = rsa->e; | 578 | orsa->e = rsa->e; | |
559 | assert(RSA_check_key(orsa) == 1); | 579 | if (RSA_check_key(orsa) != 1) { | |
580 | (void) fprintf(stderr, "RSA_check_key is not set\n"); | |||
581 | return 0; | |||
582 | } | |||
560 | /* end debug */ | 583 | /* end debug */ | |
561 | 584 | |||
562 | n = RSA_private_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); | 585 | n = RSA_private_decrypt((int)length, in, out, orsa, RSA_NO_PADDING); | |
563 | 586 | |||
564 | if (__ops_get_debug_level(__FILE__)) { | 587 | if (__ops_get_debug_level(__FILE__)) { | |
565 | printf("__ops_rsa_private_decrypt: n=%d\n",n); | 588 | printf("__ops_rsa_private_decrypt: n=%d\n",n); | |
566 | } | 589 | } | |
567 | 590 | |||
568 | errbuf[0] = '\0'; | 591 | errbuf[0] = '\0'; | |
569 | if (n == -1) { | 592 | if (n == -1) { | |
570 | unsigned long err = ERR_get_error(); | 593 | unsigned long err = ERR_get_error(); | |
571 | ERR_error_string(err, &errbuf[0]); | 594 | ERR_error_string(err, &errbuf[0]); | |
572 | fprintf(stderr, "openssl error : %s\n", errbuf); | 595 | fprintf(stderr, "openssl error : %s\n", errbuf); | |
@@ -675,84 +698,87 @@ __ops_rsa_generate_keypair(const int num | @@ -675,84 +698,87 @@ __ops_rsa_generate_keypair(const int num | |||
675 | BN_CTX *ctx = BN_CTX_new(); | 698 | BN_CTX *ctx = BN_CTX_new(); | |
676 | __ops_create_info_t *cinfo; | 699 | __ops_create_info_t *cinfo; | |
677 | __ops_memory_t *mem; | 700 | __ops_memory_t *mem; | |
678 | 701 | |||
679 | __ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY); | 702 | __ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY); | |
680 | skey = __ops_get_writable_secret_key_from_data(keydata); | 703 | skey = __ops_get_writable_secret_key_from_data(keydata); | |
681 | 704 | |||
682 | /* generate the key pair */ | 705 | /* generate the key pair */ | |
683 | 706 | |||
684 | rsa = RSA_generate_key(numbits, e, NULL, NULL); | 707 | rsa = RSA_generate_key(numbits, e, NULL, NULL); | |
685 | 708 | |||
686 | /* populate __ops key from ssl key */ | 709 | /* populate __ops key from ssl key */ | |
687 | 710 | |||
688 | skey->public_key.version = 4; | 711 | skey->pubkey.version = 4; | |
689 | skey->public_key.creation_time = time(NULL); | 712 | skey->pubkey.creation_time = time(NULL); | |
690 | skey->public_key.days_valid = 0; | 713 | skey->pubkey.days_valid = 0; | |
691 | skey->public_key.algorithm = OPS_PKA_RSA; | 714 | skey->pubkey.algorithm = OPS_PKA_RSA; | |
692 | 715 | |||
693 | skey->public_key.key.rsa.n = BN_dup(rsa->n); | 716 | skey->pubkey.key.rsa.n = BN_dup(rsa->n); | |
694 | skey->public_key.key.rsa.e = BN_dup(rsa->e); | 717 | skey->pubkey.key.rsa.e = BN_dup(rsa->e); | |
695 | 718 | |||
696 | skey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; | 719 | skey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; | |
697 | skey->s2k_specifier = OPS_S2KS_SALTED; | 720 | skey->s2k_specifier = OPS_S2KS_SALTED; | |
698 | /* skey->s2k_specifier=OPS_S2KS_SIMPLE; */ | 721 | /* skey->s2k_specifier=OPS_S2KS_SIMPLE; */ | |
699 | skey->algorithm = OPS_SA_CAST5; /* \todo make param */ | 722 | skey->algorithm = OPS_SA_CAST5; /* \todo make param */ | |
700 | skey->hash_algorithm = OPS_HASH_SHA1; /* \todo make param */ | 723 | skey->hash_algorithm = OPS_HASH_SHA1; /* \todo make param */ | |
701 | skey->octet_count = 0; | 724 | skey->octet_count = 0; | |
702 | skey->checksum = 0; | 725 | skey->checksum = 0; | |
703 | 726 | |||
704 | skey->key.rsa.d = BN_dup(rsa->d); | 727 | skey->key.rsa.d = BN_dup(rsa->d); | |
705 | skey->key.rsa.p = BN_dup(rsa->p); | 728 | skey->key.rsa.p = BN_dup(rsa->p); | |
706 | skey->key.rsa.q = BN_dup(rsa->q); | 729 | skey->key.rsa.q = BN_dup(rsa->q); | |
707 | skey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx); | 730 | skey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx); | |
708 | assert(skey->key.rsa.u); | 731 | if (skey->key.rsa.u == NULL) { | |
732 | (void) fprintf(stderr, "skey->key.rsa.u is NULL\n"); | |||
733 | return 0; | |||
734 | } | |||
709 | BN_CTX_free(ctx); | 735 | BN_CTX_free(ctx); | |
710 | 736 | |||
711 | RSA_free(rsa); | 737 | RSA_free(rsa); | |
712 | 738 | |||
713 | __ops_keyid(keydata->key_id, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | 739 | __ops_keyid(keydata->key_id, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | |
714 | &keydata->key.skey.public_key); | 740 | &keydata->key.skey.pubkey); | |
715 | __ops_fingerprint(&keydata->fingerprint, &keydata->key.skey.public_key); | 741 | __ops_fingerprint(&keydata->fingerprint, &keydata->key.skey.pubkey); | |
716 | 742 | |||
717 | /* Generate checksum */ | 743 | /* Generate checksum */ | |
718 | 744 | |||
719 | cinfo = NULL; | 745 | cinfo = NULL; | |
720 | mem = NULL; | 746 | mem = NULL; | |
721 | 747 | |||
722 | __ops_setup_memory_write(&cinfo, &mem, 128); | 748 | __ops_setup_memory_write(&cinfo, &mem, 128); | |
723 | 749 | |||
724 | __ops_push_skey_checksum_writer(cinfo, skey); | 750 | __ops_push_skey_checksum_writer(cinfo, skey); | |
725 | 751 | |||
726 | switch (skey->public_key.algorithm) { | 752 | switch (skey->pubkey.algorithm) { | |
727 | /* case OPS_PKA_DSA: */ | 753 | /* case OPS_PKA_DSA: */ | |
728 | /* return __ops_write_mpi(key->key.dsa.x,info); */ | 754 | /* return __ops_write_mpi(key->key.dsa.x,info); */ | |
729 | 755 | |||
730 | case OPS_PKA_RSA: | 756 | case OPS_PKA_RSA: | |
731 | case OPS_PKA_RSA_ENCRYPT_ONLY: | 757 | case OPS_PKA_RSA_ENCRYPT_ONLY: | |
732 | case OPS_PKA_RSA_SIGN_ONLY: | 758 | case OPS_PKA_RSA_SIGN_ONLY: | |
733 | if (!__ops_write_mpi(skey->key.rsa.d, cinfo) | 759 | if (!__ops_write_mpi(skey->key.rsa.d, cinfo) | |
734 | || !__ops_write_mpi(skey->key.rsa.p, cinfo) | 760 | || !__ops_write_mpi(skey->key.rsa.p, cinfo) | |
735 | || !__ops_write_mpi(skey->key.rsa.q, cinfo) | 761 | || !__ops_write_mpi(skey->key.rsa.q, cinfo) | |
736 | || !__ops_write_mpi(skey->key.rsa.u, cinfo)) | 762 | || !__ops_write_mpi(skey->key.rsa.u, cinfo)) | |
737 | return false; | 763 | return false; | |
738 | break; | 764 | break; | |
739 | 765 | |||
740 | /* case OPS_PKA_ELGAMAL: */ | 766 | /* case OPS_PKA_ELGAMAL: */ | |
741 | /* return __ops_write_mpi(key->key.elgamal.x,info); */ | 767 | /* return __ops_write_mpi(key->key.elgamal.x,info); */ | |
742 | 768 | |||
743 | default: | 769 | default: | |
744 | assert( /* CONSTCOND */ 0); | 770 | (void) fprintf(stderr, "Bad skey->pubkey.algorithm\n"); | |
745 | break; | 771 | return false; | |
746 | } | 772 | } | |
747 | 773 | |||
748 | /* close rather than pop, since its the only one on the stack */ | 774 | /* close rather than pop, since its the only one on the stack */ | |
749 | __ops_writer_close(cinfo); | 775 | __ops_writer_close(cinfo); | |
750 | __ops_teardown_memory_write(cinfo, mem); | 776 | __ops_teardown_memory_write(cinfo, mem); | |
751 | 777 | |||
752 | /* should now have checksum in skey struct */ | 778 | /* should now have checksum in skey struct */ | |
753 | 779 | |||
754 | /* test */ | 780 | /* test */ | |
755 | if (__ops_get_debug_level(__FILE__)) | 781 | if (__ops_get_debug_level(__FILE__)) | |
756 | test_secret_key(skey); | 782 | test_secret_key(skey); | |
757 | 783 | |||
758 | return true; | 784 | return true; |
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c 2009/04/30 04:57:57 1.3
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c 2009/05/05 01:28:15 1.4
@@ -14,37 +14,33 @@ | @@ -14,37 +14,33 @@ | |||
14 | * Unless required by applicable law or agreed to in writing, software | 14 | * Unless required by applicable law or agreed to in writing, software | |
15 | * distributed under the License is distributed on an "AS IS" BASIS, | 15 | * distributed under the License is distributed on an "AS IS" BASIS, | |
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /* | 22 | /* | |
23 | * ! \file \brief Standard API print functions | 23 | * ! \file \brief Standard API print functions | |
24 | */ | 24 | */ | |
25 | #include "config.h" | 25 | #include "config.h" | |
26 | 26 | |||
27 | #ifdef HAVE_ASSERT_H | |||
28 | #include <assert.h> | |||
29 | #endif | |||
30 | ||||
31 | #include <string.h> | 27 | #include <string.h> | |
28 | #include <stdio.h> | |||
32 | 29 | |||
33 | #include "crypto.h" | 30 | #include "crypto.h" | |
34 | #include "keyring.h" | 31 | #include "keyring.h" | |
35 | #include "packet-show.h" | 32 | #include "packet-show.h" | |
36 | #include "signature.h" | 33 | #include "signature.h" | |
37 | ||||
38 | #include "readerwriter.h" | 34 | #include "readerwriter.h" | |
39 | #include "netpgpdefs.h" | 35 | #include "netpgpdefs.h" | |
40 | #include "keyring_local.h" | 36 | #include "keyring_local.h" | |
41 | #include "parse_local.h" | 37 | #include "parse_local.h" | |
42 | 38 | |||
43 | static int indent = 0; | 39 | static int indent = 0; | |
44 | 40 | |||
45 | static void print_bn(const char *, const BIGNUM *); | 41 | static void print_bn(const char *, const BIGNUM *); | |
46 | static void print_hex(const unsigned char *, size_t); | 42 | static void print_hex(const unsigned char *, size_t); | |
47 | static void print_hexdump(const char *, const unsigned char *, unsigned int); | 43 | static void print_hexdump(const char *, const unsigned char *, unsigned int); | |
48 | static void print_hexdump_data(const char *, const unsigned char *, unsigned int); | 44 | static void print_hexdump_data(const char *, const unsigned char *, unsigned int); | |
49 | static void print_indent(void); | 45 | static void print_indent(void); | |
50 | static void print_name(const char *); | 46 | static void print_name(const char *); | |
@@ -112,27 +108,28 @@ __ops_print_public_key(const __ops_publi | @@ -112,27 +108,28 @@ __ops_print_public_key(const __ops_publi | |||
112 | case OPS_PKA_RSA_SIGN_ONLY: | 108 | case OPS_PKA_RSA_SIGN_ONLY: | |
113 | print_bn("n", pkey->key.rsa.n); | 109 | print_bn("n", pkey->key.rsa.n); | |
114 | print_bn("e", pkey->key.rsa.e); | 110 | print_bn("e", pkey->key.rsa.e); | |
115 | break; | 111 | break; | |
116 | 112 | |||
117 | case OPS_PKA_ELGAMAL: | 113 | case OPS_PKA_ELGAMAL: | |
118 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 114 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
119 | print_bn("p", pkey->key.elgamal.p); | 115 | print_bn("p", pkey->key.elgamal.p); | |
120 | print_bn("g", pkey->key.elgamal.g); | 116 | print_bn("g", pkey->key.elgamal.g); | |
121 | print_bn("y", pkey->key.elgamal.y); | 117 | print_bn("y", pkey->key.elgamal.y); | |
122 | break; | 118 | break; | |
123 | 119 | |||
124 | default: | 120 | default: | |
125 | assert( /* CONSTCOND */ 0); | 121 | (void) fprintf(stderr, | |
122 | "__ops_print_public_key: Unusual algorithm\n"); | |||
126 | } | 123 | } | |
127 | 124 | |||
128 | printf("------- end of PUBLIC KEY ------\n"); | 125 | printf("------- end of PUBLIC KEY ------\n"); | |
129 | } | 126 | } | |
130 | 127 | |||
131 | /** | 128 | /** | |
132 | \ingroup Core_Print | 129 | \ingroup Core_Print | |
133 | 130 | |||
134 | Prints a secret key | 131 | Prints a secret key | |
135 | 132 | |||
136 | \param key Ptr to public key | 133 | \param key Ptr to public key | |
137 | */ | 134 | */ | |
138 | 135 | |||
@@ -147,88 +144,91 @@ __ops_print_secret_keydata(const __ops_k | @@ -147,88 +144,91 @@ __ops_print_secret_keydata(const __ops_k | |||
147 | printf(" "); | 144 | printf(" "); | |
148 | 145 | |||
149 | print_time_short(key->key.pkey.creation_time); | 146 | print_time_short(key->key.pkey.creation_time); | |
150 | printf(" "); | 147 | printf(" "); | |
151 | 148 | |||
152 | if (key->nuids == 1) { | 149 | if (key->nuids == 1) { | |
153 | /* print on same line as other info */ | 150 | /* print on same line as other info */ | |
154 | printf("%s\n", key->uids[0].user_id); | 151 | printf("%s\n", key->uids[0].user_id); | |
155 | } else { | 152 | } else { | |
156 | /* print all uids on separate line */ | 153 | /* print all uids on separate line */ | |
157 | unsigned int i; | 154 | unsigned int i; | |
158 | printf("\n"); | 155 | printf("\n"); | |
159 | for (i = 0; i < key->nuids; i++) { | 156 | for (i = 0; i < key->nuids; i++) { | |
160 | printf("uid %s\n", key->uids[i].user_id); | 157 | printf("uid %s\n", | |
158 | key->uids[i].user_id); | |||
161 | } | 159 | } | |
162 | } | 160 | } | |
163 | } | 161 | } | |
164 | 162 | |||
165 | /* | 163 | /* | |
166 | void | 164 | void | |
167 | __ops_print_secret_key_verbose(const __ops_secret_key_t* skey) | 165 | __ops_print_secret_key_verbose(const __ops_secret_key_t* skey) | |
168 | { | 166 | { | |
169 | if(key->type == OPS_PTAG_CT_SECRET_KEY) | 167 | if(key->type == OPS_PTAG_CT_SECRET_KEY) | |
170 | print_tagname("SECRET_KEY"); | 168 | print_tagname("SECRET_KEY"); | |
171 | else | 169 | else | |
172 | print_tagname("ENCRYPTED_SECRET_KEY"); | 170 | print_tagname("ENCRYPTED_SECRET_KEY"); | |
173 | __ops_print_secret_key(key->type,skey); | 171 | __ops_print_secret_key(key->type,skey); | |
174 | } | 172 | } | |
175 | */ | 173 | */ | |
176 | 174 | |||
177 | /** | 175 | /** | |
178 | \ingroup Core_Print | 176 | \ingroup Core_Print | |
179 | \param type | 177 | \param type | |
180 | \param skey | 178 | \param skey | |
181 | */ | 179 | */ | |
182 | static void | 180 | static void | |
183 | __ops_print_secret_key_verbose(const __ops_content_tag_t type, const __ops_secret_key_t * skey) | 181 | __ops_print_secret_key_verbose(const __ops_content_tag_t type, | |
182 | const __ops_secret_key_t * skey) | |||
184 | { | 183 | { | |
185 | printf("------- SECRET KEY or ENCRYPTED SECRET KEY ------\n"); | 184 | printf("------- SECRET KEY or ENCRYPTED SECRET KEY ------\n"); | |
186 | if (type == OPS_PTAG_CT_SECRET_KEY) | 185 | if (type == OPS_PTAG_CT_SECRET_KEY) | |
187 | print_tagname("SECRET_KEY"); | 186 | print_tagname("SECRET_KEY"); | |
188 | else | 187 | else | |
189 | print_tagname("ENCRYPTED_SECRET_KEY"); | 188 | print_tagname("ENCRYPTED_SECRET_KEY"); | |
190 | /* __ops_print_public_key(key); */ | 189 | /* __ops_print_public_key(key); */ | |
191 | printf("S2K Usage: %d\n", skey->s2k_usage); | 190 | printf("S2K Usage: %d\n", skey->s2k_usage); | |
192 | if (skey->s2k_usage != OPS_S2KU_NONE) { | 191 | if (skey->s2k_usage != OPS_S2KU_NONE) { | |
193 | printf("S2K Specifier: %d\n", skey->s2k_specifier); | 192 | printf("S2K Specifier: %d\n", skey->s2k_specifier); | |
194 | printf("Symmetric algorithm: %d (%s)\n", skey->algorithm, | 193 | printf("Symmetric algorithm: %d (%s)\n", skey->algorithm, | |
195 | __ops_show_symmetric_algorithm(skey->algorithm)); | 194 | __ops_show_symmetric_algorithm(skey->algorithm)); | |
196 | printf("Hash algorithm: %d (%s)\n", skey->hash_algorithm, | 195 | printf("Hash algorithm: %d (%s)\n", skey->hash_algorithm, | |
197 | __ops_show_hash_algorithm(skey->hash_algorithm)); | 196 | __ops_show_hash_algorithm(skey->hash_algorithm)); | |
198 | if (skey->s2k_specifier != OPS_S2KS_SIMPLE) | 197 | if (skey->s2k_specifier != OPS_S2KS_SIMPLE) | |
199 | print_hexdump("Salt", skey->salt, sizeof(skey->salt)); | 198 | print_hexdump("Salt", skey->salt, sizeof(skey->salt)); | |
200 | if (skey->s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED) | 199 | if (skey->s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED) | |
201 | printf("Octet count: %d\n", skey->octet_count); | 200 | printf("Octet count: %d\n", skey->octet_count); | |
202 | print_hexdump("IV", skey->iv, __ops_block_size(skey->algorithm)); | 201 | print_hexdump("IV", skey->iv, __ops_block_size(skey->algorithm)); | |
203 | } | 202 | } | |
204 | /* no more set if encrypted */ | 203 | /* no more set if encrypted */ | |
205 | if (type == OPS_PTAG_CT_ENCRYPTED_SECRET_KEY) | 204 | if (type == OPS_PTAG_CT_ENCRYPTED_SECRET_KEY) | |
206 | return; | 205 | return; | |
207 | 206 | |||
208 | switch (skey->public_key.algorithm) { | 207 | switch (skey->pubkey.algorithm) { | |
209 | case OPS_PKA_RSA: | 208 | case OPS_PKA_RSA: | |
210 | print_bn("d", skey->key.rsa.d); | 209 | print_bn("d", skey->key.rsa.d); | |
211 | print_bn("p", skey->key.rsa.p); | 210 | print_bn("p", skey->key.rsa.p); | |
212 | print_bn("q", skey->key.rsa.q); | 211 | print_bn("q", skey->key.rsa.q); | |
213 | print_bn("u", skey->key.rsa.u); | 212 | print_bn("u", skey->key.rsa.u); | |
214 | break; | 213 | break; | |
215 | 214 | |||
216 | case OPS_PKA_DSA: | 215 | case OPS_PKA_DSA: | |
217 | print_bn("x", skey->key.dsa.x); | 216 | print_bn("x", skey->key.dsa.x); | |
218 | break; | 217 | break; | |
219 | 218 | |||
220 | default: | 219 | default: | |
221 | assert( /* CONSTCOND */ 0); | 220 | (void) fprintf(stderr, | |
221 | "__ops_print_secret_key_verbose: unusual algorithm\n"); | |||
222 | } | 222 | } | |
223 | 223 | |||
224 | if (skey->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) | 224 | if (skey->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED) | |
225 | print_hexdump("Checkhash", skey->checkhash, OPS_CHECKHASH_SIZE); | 225 | print_hexdump("Checkhash", skey->checkhash, OPS_CHECKHASH_SIZE); | |
226 | else | 226 | else | |
227 | printf("Checksum: %04x\n", skey->checksum); | 227 | printf("Checksum: %04x\n", skey->checksum); | |
228 | 228 | |||
229 | printf("------- end of SECRET KEY or ENCRYPTED SECRET KEY ------\n"); | 229 | printf("------- end of SECRET KEY or ENCRYPTED SECRET KEY ------\n"); | |
230 | } | 230 | } | |
231 | 231 | |||
232 | 232 | |||
233 | /* static functions */ | 233 | /* static functions */ | |
234 | 234 | |||
@@ -353,27 +353,27 @@ showtime_short(time_t t) | @@ -353,27 +353,27 @@ showtime_short(time_t t) | |||
353 | const int maxbuf=512; | 353 | const int maxbuf=512; | |
354 | char buf[maxbuf+1]; | 354 | char buf[maxbuf+1]; | |
355 | buf[maxbuf]='\0'; | 355 | buf[maxbuf]='\0'; | |
356 | // this needs to be tm struct | 356 | // this needs to be tm struct | |
357 | strftime(buf,maxbuf,"%F",&t); | 357 | strftime(buf,maxbuf,"%F",&t); | |
358 | printf(buf); | 358 | printf(buf); | |
359 | */ | 359 | */ | |
360 | tm = gmtime(&t); | 360 | tm = gmtime(&t); | |
361 | printf("%04d-%02d-%02d", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday); | 361 | printf("%04d-%02d-%02d", tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday); | |
362 | } | 362 | } | |
363 | 363 | |||
364 | 364 | |||
365 | static void | 365 | static void | |
366 | print_packet_hex(const __ops_packet_t * packet) | 366 | print_packet_hex(const __ops_subpacket_t * packet) | |
367 | { | 367 | { | |
368 | unsigned char *cur; | 368 | unsigned char *cur; | |
369 | unsigned rem; | 369 | unsigned rem; | |
370 | unsigned blksz = 4; | 370 | unsigned blksz = 4; | |
371 | int i; | 371 | int i; | |
372 | 372 | |||
373 | printf("\nhexdump of packet contents follows:\n"); | 373 | printf("\nhexdump of packet contents follows:\n"); | |
374 | for (i = 1, cur = packet->raw; cur < (packet->raw + packet->length); cur += blksz, i++) { | 374 | for (i = 1, cur = packet->raw; cur < (packet->raw + packet->length); cur += blksz, i++) { | |
375 | rem = packet->raw + packet->length - cur; | 375 | rem = packet->raw + packet->length - cur; | |
376 | hexdump(cur, (rem <= blksz) ? rem : blksz, ""); | 376 | hexdump(cur, (rem <= blksz) ? rem : blksz, ""); | |
377 | printf(" "); | 377 | printf(" "); | |
378 | if (i % 8 == 0) { | 378 | if (i % 8 == 0) { | |
379 | printf("\n"); | 379 | printf("\n"); | |
@@ -533,27 +533,28 @@ __ops_print_pk_session_key(__ops_content | @@ -533,27 +533,28 @@ __ops_print_pk_session_key(__ops_content | |||
533 | printf("Algorithm: %d (%s)\n", key->algorithm, | 533 | printf("Algorithm: %d (%s)\n", key->algorithm, | |
534 | __ops_show_pka(key->algorithm)); | 534 | __ops_show_pka(key->algorithm)); | |
535 | switch (key->algorithm) { | 535 | switch (key->algorithm) { | |
536 | case OPS_PKA_RSA: | 536 | case OPS_PKA_RSA: | |
537 | print_bn("encrypted_m", key->parameters.rsa.encrypted_m); | 537 | print_bn("encrypted_m", key->parameters.rsa.encrypted_m); | |
538 | break; | 538 | break; | |
539 | 539 | |||
540 | case OPS_PKA_ELGAMAL: | 540 | case OPS_PKA_ELGAMAL: | |
541 | print_bn("g_to_k", key->parameters.elgamal.g_to_k); | 541 | print_bn("g_to_k", key->parameters.elgamal.g_to_k); | |
542 | print_bn("encrypted_m", key->parameters.elgamal.encrypted_m); | 542 | print_bn("encrypted_m", key->parameters.elgamal.encrypted_m); | |
543 | break; | 543 | break; | |
544 | 544 | |||
545 | default: | 545 | default: | |
546 | assert( /* CONSTCOND */ 0); | 546 | (void) fprintf(stderr, | |
547 | "__ops_print_pk_session_key: unusual algorithm\n"); | |||
547 | } | 548 | } | |
548 | 549 | |||
549 | if (tag != OPS_PTAG_CT_PK_SESSION_KEY) | 550 | if (tag != OPS_PTAG_CT_PK_SESSION_KEY) | |
550 | return; | 551 | return; | |
551 | 552 | |||
552 | printf("Symmetric algorithm: %d (%s)\n", key->symmetric_algorithm, | 553 | printf("Symmetric algorithm: %d (%s)\n", key->symmetric_algorithm, | |
553 | __ops_show_symmetric_algorithm(key->symmetric_algorithm)); | 554 | __ops_show_symmetric_algorithm(key->symmetric_algorithm)); | |
554 | print_hexdump("Key", key->key, __ops_key_size(key->symmetric_algorithm)); | 555 | print_hexdump("Key", key->key, __ops_key_size(key->symmetric_algorithm)); | |
555 | printf("Checksum: %04x\n", key->checksum); | 556 | printf("Checksum: %04x\n", key->checksum); | |
556 | } | 557 | } | |
557 | 558 | |||
558 | static void | 559 | static void | |
559 | start_subpacket(int type) | 560 | start_subpacket(int type) | |
@@ -566,27 +567,27 @@ start_subpacket(int type) | @@ -566,27 +567,27 @@ start_subpacket(int type) | |||
566 | } | 567 | } | |
567 | 568 | |||
568 | static void | 569 | static void | |
569 | end_subpacket(void) | 570 | end_subpacket(void) | |
570 | { | 571 | { | |
571 | indent--; | 572 | indent--; | |
572 | } | 573 | } | |
573 | 574 | |||
574 | /** | 575 | /** | |
575 | \ingroup Core_Print | 576 | \ingroup Core_Print | |
576 | \param contents | 577 | \param contents | |
577 | */ | 578 | */ | |
578 | int | 579 | int | |
579 | __ops_print_packet(const __ops_parser_content_t * contents) | 580 | __ops_print_packet(const __ops_packet_t * contents) | |
580 | { | 581 | { | |
581 | const __ops_parser_content_union_t *content = &contents->u; | 582 | const __ops_parser_content_union_t *content = &contents->u; | |
582 | __ops_text_t *text; | 583 | __ops_text_t *text; | |
583 | const char *str; | 584 | const char *str; | |
584 | static bool unarmoured; | 585 | static bool unarmoured; | |
585 | 586 | |||
586 | if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) { | 587 | if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) { | |
587 | unarmoured = false; | 588 | unarmoured = false; | |
588 | puts("UNARMOURED TEXT ends"); | 589 | puts("UNARMOURED TEXT ends"); | |
589 | } | 590 | } | |
590 | if (contents->tag == OPS_PARSER_PTAG) { | 591 | if (contents->tag == OPS_PARSER_PTAG) { | |
591 | printf("=> OPS_PARSER_PTAG: %s\n", __ops_show_packet_tag(content->ptag.content_tag)); | 592 | printf("=> OPS_PARSER_PTAG: %s\n", __ops_show_packet_tag(content->ptag.content_tag)); | |
592 | } else { | 593 | } else { | |
@@ -637,27 +638,27 @@ __ops_print_packet(const __ops_parser_co | @@ -637,27 +638,27 @@ __ops_print_packet(const __ops_parser_co | |||
637 | content->se_data_body.length); | 638 | content->se_data_body.length); | |
638 | printf(" data="); | 639 | printf(" data="); | |
639 | hexdump(content->se_data_body.data, | 640 | hexdump(content->se_data_body.data, | |
640 | content->se_data_body.length, ""); | 641 | content->se_data_body.length, ""); | |
641 | printf("\n"); | 642 | printf("\n"); | |
642 | break; | 643 | break; | |
643 | 644 | |||
644 | case OPS_PTAG_CT_PUBLIC_KEY: | 645 | case OPS_PTAG_CT_PUBLIC_KEY: | |
645 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | 646 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | |
646 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | 647 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | |
647 | print_tagname("PUBLIC KEY"); | 648 | print_tagname("PUBLIC KEY"); | |
648 | else | 649 | else | |
649 | print_tagname("PUBLIC SUBKEY"); | 650 | print_tagname("PUBLIC SUBKEY"); | |
650 | __ops_print_public_key(&content->public_key); | 651 | __ops_print_public_key(&content->pubkey); | |
651 | break; | 652 | break; | |
652 | 653 | |||
653 | case OPS_PTAG_CT_TRUST: | 654 | case OPS_PTAG_CT_TRUST: | |
654 | print_tagname("TRUST"); | 655 | print_tagname("TRUST"); | |
655 | print_data("Trust", &content->trust.data); | 656 | print_data("Trust", &content->trust.data); | |
656 | break; | 657 | break; | |
657 | 658 | |||
658 | case OPS_PTAG_CT_USER_ID: | 659 | case OPS_PTAG_CT_USER_ID: | |
659 | /* XXX: how do we print UTF-8? */ | 660 | /* XXX: how do we print UTF-8? */ | |
660 | print_tagname("USER ID"); | 661 | print_tagname("USER ID"); | |
661 | print_utf8_string("user_id", content->user_id.user_id); | 662 | print_utf8_string("user_id", content->user_id.user_id); | |
662 | break; | 663 | break; | |
663 | 664 | |||
@@ -698,27 +699,29 @@ __ops_print_packet(const __ops_parser_co | @@ -698,27 +699,29 @@ __ops_print_packet(const __ops_parser_co | |||
698 | break; | 699 | break; | |
699 | 700 | |||
700 | case OPS_PKA_DSA: | 701 | case OPS_PKA_DSA: | |
701 | print_bn("r", content->signature.info.signature.dsa.r); | 702 | print_bn("r", content->signature.info.signature.dsa.r); | |
702 | print_bn("s", content->signature.info.signature.dsa.s); | 703 | print_bn("s", content->signature.info.signature.dsa.s); | |
703 | break; | 704 | break; | |
704 | 705 | |||
705 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 706 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
706 | print_bn("r", content->signature.info.signature.elgamal.r); | 707 | print_bn("r", content->signature.info.signature.elgamal.r); | |
707 | print_bn("s", content->signature.info.signature.elgamal.s); | 708 | print_bn("s", content->signature.info.signature.elgamal.s); | |
708 | break; | 709 | break; | |
709 | 710 | |||
710 | default: | 711 | default: | |
711 | assert( /* CONSTCOND */ 0); | 712 | (void) fprintf(stderr, | |
713 | "__ops_print_packet: Unusual algorithm\n"); | |||
714 | return 0; | |||
712 | } | 715 | } | |
713 | 716 | |||
714 | if (content->signature.hash) | 717 | if (content->signature.hash) | |
715 | printf("data hash is set\n"); | 718 | printf("data hash is set\n"); | |
716 | 719 | |||
717 | break; | 720 | break; | |
718 | 721 | |||
719 | case OPS_PTAG_CT_COMPRESSED: | 722 | case OPS_PTAG_CT_COMPRESSED: | |
720 | print_tagname("COMPRESSED"); | 723 | print_tagname("COMPRESSED"); | |
721 | print_unsigned_int("Compressed Data Type", | 724 | print_unsigned_int("Compressed Data Type", | |
722 | (unsigned)content->compressed.type); | 725 | (unsigned)content->compressed.type); | |
723 | break; | 726 | break; | |
724 | 727 | |||
@@ -742,27 +745,30 @@ __ops_print_packet(const __ops_parser_co | @@ -742,27 +745,30 @@ __ops_print_packet(const __ops_parser_co | |||
742 | 745 | |||
743 | print_unsigned_int("Nested", | 746 | print_unsigned_int("Nested", | |
744 | content->one_pass_signature.nested); | 747 | content->one_pass_signature.nested); | |
745 | break; | 748 | break; | |
746 | 749 | |||
747 | case OPS_PTAG_CT_USER_ATTRIBUTE: | 750 | case OPS_PTAG_CT_USER_ATTRIBUTE: | |
748 | print_tagname("USER ATTRIBUTE"); | 751 | print_tagname("USER ATTRIBUTE"); | |
749 | print_hexdump("User Attribute", | 752 | print_hexdump("User Attribute", | |
750 | content->user_attribute.data.contents, | 753 | content->user_attribute.data.contents, | |
751 | content->user_attribute.data.len); | 754 | content->user_attribute.data.len); | |
752 | break; | 755 | break; | |
753 | 756 | |||
754 | case OPS_PTAG_RAW_SS: | 757 | case OPS_PTAG_RAW_SS: | |
755 | assert(!contents->critical); | 758 | if (contents->critical) { | |
759 | (void) fprintf(stderr, "contents are critical\n"); | |||
760 | return 0; | |||
761 | } | |||
756 | start_subpacket(contents->tag); | 762 | start_subpacket(contents->tag); | |
757 | print_unsigned_int("Raw Signature Subpacket: tag", | 763 | print_unsigned_int("Raw Signature Subpacket: tag", | |
758 | (unsigned)(content->ss_raw.tag - | 764 | (unsigned)(content->ss_raw.tag - | |
759 | OPS_PTAG_SIGNATURE_SUBPACKET_BASE)); | 765 | OPS_PTAG_SIGNATURE_SUBPACKET_BASE)); | |
760 | print_hexdump("Raw Data", | 766 | print_hexdump("Raw Data", | |
761 | content->ss_raw.raw, | 767 | content->ss_raw.raw, | |
762 | content->ss_raw.length); | 768 | content->ss_raw.length); | |
763 | break; | 769 | break; | |
764 | 770 | |||
765 | case OPS_PTAG_SS_CREATION_TIME: | 771 | case OPS_PTAG_SS_CREATION_TIME: | |
766 | start_subpacket(contents->tag); | 772 | start_subpacket(contents->tag); | |
767 | print_time("Signature Creation Time", content->ss_time.time); | 773 | print_time("Signature Creation Time", content->ss_time.time); | |
768 | end_subpacket(); | 774 | end_subpacket(); | |
@@ -1063,27 +1069,29 @@ __ops_print_packet(const __ops_parser_co | @@ -1063,27 +1069,29 @@ __ops_print_packet(const __ops_parser_co | |||
1063 | case OPS_PKA_PRIVATE03: | 1069 | case OPS_PKA_PRIVATE03: | |
1064 | case OPS_PKA_PRIVATE04: | 1070 | case OPS_PKA_PRIVATE04: | |
1065 | case OPS_PKA_PRIVATE05: | 1071 | case OPS_PKA_PRIVATE05: | |
1066 | case OPS_PKA_PRIVATE06: | 1072 | case OPS_PKA_PRIVATE06: | |
1067 | case OPS_PKA_PRIVATE07: | 1073 | case OPS_PKA_PRIVATE07: | |
1068 | case OPS_PKA_PRIVATE08: | 1074 | case OPS_PKA_PRIVATE08: | |
1069 | case OPS_PKA_PRIVATE09: | 1075 | case OPS_PKA_PRIVATE09: | |
1070 | case OPS_PKA_PRIVATE10: | 1076 | case OPS_PKA_PRIVATE10: | |
1071 | print_data("Private/Experimental", | 1077 | print_data("Private/Experimental", | |
1072 | &content->signature.info.signature.unknown.data); | 1078 | &content->signature.info.signature.unknown.data); | |
1073 | break; | 1079 | break; | |
1074 | 1080 | |||
1075 | default: | 1081 | default: | |
1076 | assert( /* CONSTCOND */ 0); | 1082 | (void) fprintf(stderr, | |
1083 | "__ops_print_packet: Unusual key algorithm\n"); | |||
1084 | return 0; | |||
1077 | } | 1085 | } | |
1078 | break; | 1086 | break; | |
1079 | 1087 | |||
1080 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 1088 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
1081 | print_tagname("OPS_PARSER_CMD_GET_SK_PASSPHRASE"); | 1089 | print_tagname("OPS_PARSER_CMD_GET_SK_PASSPHRASE"); | |
1082 | break; | 1090 | break; | |
1083 | 1091 | |||
1084 | case OPS_PTAG_CT_SECRET_KEY: | 1092 | case OPS_PTAG_CT_SECRET_KEY: | |
1085 | print_tagname("OPS_PTAG_CT_SECRET_KEY"); | 1093 | print_tagname("OPS_PTAG_CT_SECRET_KEY"); | |
1086 | __ops_print_secret_key_verbose(contents->tag, &content->secret_key); | 1094 | __ops_print_secret_key_verbose(contents->tag, &content->secret_key); | |
1087 | break; | 1095 | break; | |
1088 | 1096 | |||
1089 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | 1097 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | |
@@ -1140,27 +1148,27 @@ __ops_print_packet(const __ops_parser_co | @@ -1140,27 +1148,27 @@ __ops_print_packet(const __ops_parser_co | |||
1140 | content->get_secret_key.pk_session_key); | 1148 | content->get_secret_key.pk_session_key); | |
1141 | break; | 1149 | break; | |
1142 | 1150 | |||
1143 | default: | 1151 | default: | |
1144 | print_tagname("UNKNOWN PACKET TYPE"); | 1152 | print_tagname("UNKNOWN PACKET TYPE"); | |
1145 | fprintf(stderr, "__ops_print_packet: unknown tag=%d (0x%x)\n", contents->tag, | 1153 | fprintf(stderr, "__ops_print_packet: unknown tag=%d (0x%x)\n", contents->tag, | |
1146 | contents->tag); | 1154 | contents->tag); | |
1147 | exit(1); | 1155 | exit(1); | |
1148 | } | 1156 | } | |
1149 | return 1; | 1157 | return 1; | |
1150 | } | 1158 | } | |
1151 | 1159 | |||
1152 | static __ops_parse_cb_return_t | 1160 | static __ops_parse_cb_return_t | |
1153 | cb_list_packets(const __ops_parser_content_t * contents, __ops_parse_cb_info_t * cbinfo) | 1161 | cb_list_packets(const __ops_packet_t * contents, __ops_parse_cb_info_t * cbinfo) | |
1154 | { | 1162 | { | |
1155 | OPS_USED(cbinfo); | 1163 | OPS_USED(cbinfo); | |
1156 | 1164 | |||
1157 | __ops_print_packet(contents); | 1165 | __ops_print_packet(contents); | |
1158 | #ifdef XXX | 1166 | #ifdef XXX | |
1159 | if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) { | 1167 | if (unarmoured && contents->tag != OPS_PTAG_CT_UNARMOURED_TEXT) { | |
1160 | unarmoured = false; | 1168 | unarmoured = false; | |
1161 | puts("UNARMOURED TEXT ends"); | 1169 | puts("UNARMOURED TEXT ends"); | |
1162 | } | 1170 | } | |
1163 | switch (contents->tag) { | 1171 | switch (contents->tag) { | |
1164 | case OPS_PARSER_ERROR: | 1172 | case OPS_PARSER_ERROR: | |
1165 | printf("parse error: %s\n", content->error.error); | 1173 | printf("parse error: %s\n", content->error.error); | |
1166 | break; | 1174 | break; | |
@@ -1205,27 +1213,27 @@ cb_list_packets(const __ops_parser_conte | @@ -1205,27 +1213,27 @@ cb_list_packets(const __ops_parser_conte | |||
1205 | printf(" data="); | 1213 | printf(" data="); | |
1206 | hexdump(content->se_data_body.data, | 1214 | hexdump(content->se_data_body.data, | |
1207 | content->se_data_body.length, ""); | 1215 | content->se_data_body.length, ""); | |
1208 | printf("\n"); | 1216 | printf("\n"); | |
1209 | break; | 1217 | break; | |
1210 | 1218 | |||
1211 | case OPS_PTAG_CT_PUBLIC_KEY: | 1219 | case OPS_PTAG_CT_PUBLIC_KEY: | |
1212 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | 1220 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | |
1213 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | 1221 | if (contents->tag == OPS_PTAG_CT_PUBLIC_KEY) | |
1214 | print_tagname("PUBLIC KEY"); | 1222 | print_tagname("PUBLIC KEY"); | |
1215 | else | 1223 | else | |
1216 | print_tagname("PUBLIC SUBKEY"); | 1224 | print_tagname("PUBLIC SUBKEY"); | |
1217 | 1225 | |||
1218 | __ops_print_public_key(&content->public_key); | 1226 | __ops_print_public_key(&content->pubkey); | |
1219 | break; | 1227 | break; | |
1220 | 1228 | |||
1221 | case OPS_PTAG_CT_TRUST: | 1229 | case OPS_PTAG_CT_TRUST: | |
1222 | print_tagname("TRUST"); | 1230 | print_tagname("TRUST"); | |
1223 | print_data("Trust", &content->trust.data); | 1231 | print_data("Trust", &content->trust.data); | |
1224 | break; | 1232 | break; | |
1225 | 1233 | |||
1226 | case OPS_PTAG_CT_USER_ID: | 1234 | case OPS_PTAG_CT_USER_ID: | |
1227 | /* XXX: how do we print UTF-8? */ | 1235 | /* XXX: how do we print UTF-8? */ | |
1228 | print_tagname("USER ID"); | 1236 | print_tagname("USER ID"); | |
1229 | print_utf8_string("user_id", content->user_id.user_id); | 1237 | print_utf8_string("user_id", content->user_id.user_id); | |
1230 | break; | 1238 | break; | |
1231 | 1239 | |||
@@ -1265,32 +1273,34 @@ cb_list_packets(const __ops_parser_conte | @@ -1265,32 +1273,34 @@ cb_list_packets(const __ops_parser_conte | |||
1265 | break; | 1273 | break; | |
1266 | 1274 | |||
1267 | case OPS_PKA_DSA: | 1275 | case OPS_PKA_DSA: | |
1268 | print_bn("r", content->signature.info.signature.dsa.r); | 1276 | print_bn("r", content->signature.info.signature.dsa.r); | |
1269 | print_bn("s", content->signature.info.signature.dsa.s); | 1277 | print_bn("s", content->signature.info.signature.dsa.s); | |
1270 | break; | 1278 | break; | |
1271 | 1279 | |||
1272 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | 1280 | case OPS_PKA_ELGAMAL_ENCRYPT_OR_SIGN: | |
1273 | print_bn("r", content->signature.info.signature.elgamal.r); | 1281 | print_bn("r", content->signature.info.signature.elgamal.r); | |
1274 | print_bn("s", content->signature.info.signature.elgamal.s); | 1282 | print_bn("s", content->signature.info.signature.elgamal.s); | |
1275 | break; | 1283 | break; | |
1276 | 1284 | |||
1277 | default: | 1285 | default: | |
1278 | assert(0); | 1286 | (void) fprintf(stderr, | |
1287 | "__ops_print_packet: Unusual sig key algorithm\n"); | |||
1288 | return; | |||
1279 | } | 1289 | } | |
1280 | 1290 | |||
1281 | if (content->signature.hash) | 1291 | if (content->signature.hash) { | |
1282 | printf("data hash is set\n"); | 1292 | printf("data hash is set\n"); | |
1283 | 1293 | } | ||
1284 | break; | 1294 | break; | |
1285 | 1295 | |||
1286 | case OPS_PTAG_CT_COMPRESSED: | 1296 | case OPS_PTAG_CT_COMPRESSED: | |
1287 | print_tagname("COMPRESSED"); | 1297 | print_tagname("COMPRESSED"); | |
1288 | print_unsigned_int("Compressed Data Type", content->compressed.type); | 1298 | print_unsigned_int("Compressed Data Type", content->compressed.type); | |
1289 | break; | 1299 | break; | |
1290 | 1300 | |||
1291 | case OPS_PTAG_CT_ONE_PASS_SIGNATURE: | 1301 | case OPS_PTAG_CT_ONE_PASS_SIGNATURE: | |
1292 | print_tagname("ONE PASS SIGNATURE"); | 1302 | print_tagname("ONE PASS SIGNATURE"); | |
1293 | 1303 | |||
1294 | print_unsigned_int("Version", content->one_pass_signature.version); | 1304 | print_unsigned_int("Version", content->one_pass_signature.version); | |
1295 | print_string_and_value("Signature Type", | 1305 | print_string_and_value("Signature Type", | |
1296 | __ops_show_sig_type(content->one_pass_signature.sig_type), | 1306 | __ops_show_sig_type(content->one_pass_signature.sig_type), | |
@@ -1307,27 +1317,31 @@ cb_list_packets(const __ops_parser_conte | @@ -1307,27 +1317,31 @@ cb_list_packets(const __ops_parser_conte | |||
1307 | 1317 | |||
1308 | print_unsigned_int("Nested", | 1318 | print_unsigned_int("Nested", | |
1309 | content->one_pass_signature.nested); | 1319 | content->one_pass_signature.nested); | |
1310 | break; | 1320 | break; | |
1311 | 1321 | |||
1312 | case OPS_PTAG_CT_USER_ATTRIBUTE: | 1322 | case OPS_PTAG_CT_USER_ATTRIBUTE: | |
1313 | print_tagname("USER ATTRIBUTE"); | 1323 | print_tagname("USER ATTRIBUTE"); | |
1314 | print_hexdump("User Attribute", | 1324 | print_hexdump("User Attribute", | |
1315 | content->user_attribute.data.contents, | 1325 | content->user_attribute.data.contents, | |
1316 | content->user_attribute.data.len); | 1326 | content->user_attribute.data.len); | |
1317 | break; | 1327 | break; | |
1318 | 1328 | |||
1319 | case OPS_PTAG_RAW_SS: | 1329 | case OPS_PTAG_RAW_SS: | |
1320 | assert(!contents->critical); | 1330 | if (contents->critical) { | |
1331 | (void) fprintf(stderr, | |||
1332 | "PTAG_RAW_SS contents are critical\n"); | |||
1333 | return; | |||
1334 | } | |||
1321 | start_subpacket(contents->tag); | 1335 | start_subpacket(contents->tag); | |
1322 | print_unsigned_int("Raw Signature Subpacket: tag", | 1336 | print_unsigned_int("Raw Signature Subpacket: tag", | |
1323 | content->ss_raw.tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE); | 1337 | content->ss_raw.tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE); | |
1324 | print_hexdump("Raw Data", | 1338 | print_hexdump("Raw Data", | |
1325 | content->ss_raw.raw, | 1339 | content->ss_raw.raw, | |
1326 | content->ss_raw.length); | 1340 | content->ss_raw.length); | |
1327 | break; | 1341 | break; | |
1328 | 1342 | |||
1329 | case OPS_PTAG_SS_CREATION_TIME: | 1343 | case OPS_PTAG_SS_CREATION_TIME: | |
1330 | start_subpacket(contents->tag); | 1344 | start_subpacket(contents->tag); | |
1331 | print_time("Signature Creation Time", content->ss_time.time); | 1345 | print_time("Signature Creation Time", content->ss_time.time); | |
1332 | end_subpacket(); | 1346 | end_subpacket(); | |
1333 | break; | 1347 | break; | |
@@ -1621,27 +1635,29 @@ cb_list_packets(const __ops_parser_conte | @@ -1621,27 +1635,29 @@ cb_list_packets(const __ops_parser_conte | |||
1621 | case OPS_PKA_PRIVATE03: | 1635 | case OPS_PKA_PRIVATE03: | |
1622 | case OPS_PKA_PRIVATE04: | 1636 | case OPS_PKA_PRIVATE04: | |
1623 | case OPS_PKA_PRIVATE05: | 1637 | case OPS_PKA_PRIVATE05: | |
1624 | case OPS_PKA_PRIVATE06: | 1638 | case OPS_PKA_PRIVATE06: | |
1625 | case OPS_PKA_PRIVATE07: | 1639 | case OPS_PKA_PRIVATE07: | |
1626 | case OPS_PKA_PRIVATE08: | 1640 | case OPS_PKA_PRIVATE08: | |
1627 | case OPS_PKA_PRIVATE09: | 1641 | case OPS_PKA_PRIVATE09: | |
1628 | case OPS_PKA_PRIVATE10: | 1642 | case OPS_PKA_PRIVATE10: | |
1629 | print_data("Private/Experimental", | 1643 | print_data("Private/Experimental", | |
1630 | &content->signature.info.signature.unknown.data); | 1644 | &content->signature.info.signature.unknown.data); | |
1631 | break; | 1645 | break; | |
1632 | 1646 | |||
1633 | default: | 1647 | default: | |
1634 | assert(0); | 1648 | (void) fprintf(stderr, | |
1649 | "signature footer - bad algorithm\n"); | |||
1650 | return; | |||
1635 | } | 1651 | } | |
1636 | break; | 1652 | break; | |
1637 | 1653 | |||
1638 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 1654 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
1639 | if (cbinfo->cryptinfo.cb_get_passphrase) { | 1655 | if (cbinfo->cryptinfo.cb_get_passphrase) { | |
1640 | return cbinfo->cryptinfo.cb_get_passphrase(contents, cbinfo); | 1656 | return cbinfo->cryptinfo.cb_get_passphrase(contents, cbinfo); | |
1641 | } | 1657 | } | |
1642 | break; | 1658 | break; | |
1643 | 1659 | |||
1644 | case OPS_PTAG_CT_SECRET_KEY: | 1660 | case OPS_PTAG_CT_SECRET_KEY: | |
1645 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | 1661 | case OPS_PTAG_CT_ENCRYPTED_SECRET_KEY: | |
1646 | __ops_print_secret_key_verbose(contents->tag, &content->secret_key); | 1662 | __ops_print_secret_key_verbose(contents->tag, &content->secret_key); | |
1647 | break; | 1663 | break; | |
@@ -1717,17 +1733,17 @@ __ops_list_packets(char *filename, bool | @@ -1717,17 +1733,17 @@ __ops_list_packets(char *filename, bool | |||
1717 | { | 1733 | { | |
1718 | int fd = 0; | 1734 | int fd = 0; | |
1719 | __ops_parse_info_t *pinfo = NULL; | 1735 | __ops_parse_info_t *pinfo = NULL; | |
1720 | const bool accumulate = true; | 1736 | const bool accumulate = true; | |
1721 | 1737 | |||
1722 | fd = __ops_setup_file_read(&pinfo, filename, NULL, cb_list_packets, accumulate); | 1738 | fd = __ops_setup_file_read(&pinfo, filename, NULL, cb_list_packets, accumulate); | |
1723 | __ops_parse_options(pinfo, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); | 1739 | __ops_parse_options(pinfo, OPS_PTAG_SS_ALL, OPS_PARSE_PARSED); | |
1724 | pinfo->cryptinfo.keyring = keyring; | 1740 | pinfo->cryptinfo.keyring = keyring; | |
1725 | pinfo->cryptinfo.cb_get_passphrase = cb_get_passphrase; | 1741 | pinfo->cryptinfo.cb_get_passphrase = cb_get_passphrase; | |
1726 | 1742 | |||
1727 | if (armour) | 1743 | if (armour) | |
1728 | __ops_reader_push_dearmour(pinfo); | 1744 | __ops_reader_push_dearmour(pinfo); | |
1729 | 1745 | |||
1730 | __ops_parse_and_print_errors(pinfo); | 1746 | __ops_parse(pinfo, 1); | |
1731 | 1747 | |||
1732 | __ops_teardown_file_read(pinfo, fd); | 1748 | __ops_teardown_file_read(pinfo, fd); | |
1733 | } | 1749 | } |
--- src/crypto/external/bsd/netpgp/dist/src/lib/validate.c 2009/05/02 02:38:55 1.3
+++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.c 2009/05/05 01:28:15 1.4
@@ -23,31 +23,36 @@ | @@ -23,31 +23,36 @@ | |||
23 | #include "packet-parse.h" | 23 | #include "packet-parse.h" | |
24 | #include "packet-show.h" | 24 | #include "packet-show.h" | |
25 | #include "keyring.h" | 25 | #include "keyring.h" | |
26 | #include "signature.h" | 26 | #include "signature.h" | |
27 | #include "netpgpsdk.h" | 27 | #include "netpgpsdk.h" | |
28 | 28 | |||
29 | #include "readerwriter.h" | 29 | #include "readerwriter.h" | |
30 | #include "netpgpdefs.h" | 30 | #include "netpgpdefs.h" | |
31 | #include "memory.h" | 31 | #include "memory.h" | |
32 | #include "keyring_local.h" | 32 | #include "keyring_local.h" | |
33 | #include "parse_local.h" | 33 | #include "parse_local.h" | |
34 | #include "validate.h" | 34 | #include "validate.h" | |
35 | 35 | |||
36 | #include <sys/types.h> | |||
37 | #include <sys/param.h> | |||
38 | #include <sys/stat.h> | |||
39 | ||||
36 | #ifdef HAVE_ASSERT_H | 40 | #ifdef HAVE_ASSERT_H | |
37 | #include <assert.h> | 41 | #include <assert.h> | |
38 | #endif | 42 | #endif | |
39 | 43 | |||
40 | #include <string.h> | 44 | #include <string.h> | |
45 | #include <stdio.h> | |||
41 | 46 | |||
42 | 47 | |||
43 | /* Does the signed hash match the given hash? */ | 48 | /* Does the signed hash match the given hash? */ | |
44 | static bool | 49 | static bool | |
45 | check_binary_signature(const unsigned len, | 50 | check_binary_signature(const unsigned len, | |
46 | const unsigned char *data, | 51 | const unsigned char *data, | |
47 | const __ops_signature_t * sig, | 52 | const __ops_signature_t * sig, | |
48 | const __ops_public_key_t * signer __attribute__((unused))) | 53 | const __ops_public_key_t * signer __attribute__((unused))) | |
49 | { | 54 | { | |
50 | unsigned char hashout[OPS_MAX_HASH_SIZE]; | 55 | unsigned char hashout[OPS_MAX_HASH_SIZE]; | |
51 | unsigned char trailer[6]; | 56 | unsigned char trailer[6]; | |
52 | unsigned int hashedlen; | 57 | unsigned int hashedlen; | |
53 | __ops_hash_t hash; | 58 | __ops_hash_t hash; | |
@@ -93,52 +98,56 @@ check_binary_signature(const unsigned le | @@ -93,52 +98,56 @@ check_binary_signature(const unsigned le | |||
93 | return __ops_check_signature(hashout, n, sig, signer); | 98 | return __ops_check_signature(hashout, n, sig, signer); | |
94 | } | 99 | } | |
95 | 100 | |||
96 | static int | 101 | static int | |
97 | keydata_reader(void *dest, size_t length, __ops_error_t ** errors, | 102 | keydata_reader(void *dest, size_t length, __ops_error_t ** errors, | |
98 | __ops_reader_info_t * rinfo, | 103 | __ops_reader_info_t * rinfo, | |
99 | __ops_parse_cb_info_t * cbinfo) | 104 | __ops_parse_cb_info_t * cbinfo) | |
100 | { | 105 | { | |
101 | validate_reader_t *reader = __ops_reader_get_arg(rinfo); | 106 | validate_reader_t *reader = __ops_reader_get_arg(rinfo); | |
102 | 107 | |||
103 | OPS_USED(errors); | 108 | OPS_USED(errors); | |
104 | OPS_USED(cbinfo); | 109 | OPS_USED(cbinfo); | |
105 | if (reader->offset == reader->key->packets[reader->packet].length) { | 110 | if (reader->offset == reader->key->packets[reader->packet].length) { | |
106 | ++reader->packet; | 111 | reader->packet += 1; | |
107 | reader->offset = 0; | 112 | reader->offset = 0; | |
108 | } | 113 | } | |
109 | if (reader->packet == reader->key->npackets) | 114 | if (reader->packet == reader->key->npackets) { | |
110 | return 0; | 115 | return 0; | |
116 | } | |||
111 | 117 | |||
112 | /* | 118 | /* | |
113 | * we should never be asked to cross a packet boundary in a single | 119 | * we should never be asked to cross a packet boundary in a single | |
114 | * read | 120 | * read | |
115 | */ | 121 | */ | |
116 | assert(reader->key->packets[reader->packet].length >= | 122 | if (reader->key->packets[reader->packet].length < | |
117 | reader->offset + length); | 123 | reader->offset + length) { | |
124 | (void) fprintf(stderr, "keydata_reader: weird length\n"); | |||
125 | return 0; | |||
126 | } | |||
118 | 127 | |||
119 | (void) memcpy(dest, | 128 | (void) memcpy(dest, | |
120 | &reader->key->packets[reader->packet].raw[reader->offset], | 129 | &reader->key->packets[reader->packet].raw[reader->offset], | |
121 | length); | 130 | length); | |
122 | reader->offset += length; | 131 | reader->offset += length; | |
123 | 132 | |||
124 | return length; | 133 | return length; | |
125 | } | 134 | } | |
126 | 135 | |||
127 | static void | 136 | static void | |
128 | free_signature_info(__ops_signature_info_t * sig) | 137 | free_signature_info(__ops_signature_info_t * sig) | |
129 | { | 138 | { | |
130 | free(sig->v4_hashed_data); | 139 | (void) free(sig->v4_hashed_data); | |
131 | free(sig); | 140 | (void) free(sig); | |
132 | } | 141 | } | |
133 | 142 | |||
134 | static void | 143 | static void | |
135 | copy_signature_info(__ops_signature_info_t * dst, | 144 | copy_signature_info(__ops_signature_info_t * dst, | |
136 | const __ops_signature_info_t * src) | 145 | const __ops_signature_info_t * src) | |
137 | { | 146 | { | |
138 | (void) memcpy(dst, src, sizeof(*src)); | 147 | (void) memcpy(dst, src, sizeof(*src)); | |
139 | dst->v4_hashed_data = calloc(1, src->v4_hashed_data_length); | 148 | dst->v4_hashed_data = calloc(1, src->v4_hashed_data_length); | |
140 | (void) memcpy(dst->v4_hashed_data, src->v4_hashed_data, | 149 | (void) memcpy(dst->v4_hashed_data, src->v4_hashed_data, | |
141 | src->v4_hashed_data_length); | 150 | src->v4_hashed_data_length); | |
142 | } | 151 | } | |
143 | 152 | |||
144 | static void | 153 | static void | |
@@ -148,98 +157,106 @@ add_sig_to_list(const __ops_signature_in | @@ -148,98 +157,106 @@ add_sig_to_list(const __ops_signature_in | |||
148 | { | 157 | { | |
149 | if (*count == 0) { | 158 | if (*count == 0) { | |
150 | *sigs = calloc(*count + 1, sizeof(__ops_signature_info_t)); | 159 | *sigs = calloc(*count + 1, sizeof(__ops_signature_info_t)); | |
151 | } else { | 160 | } else { | |
152 | *sigs = realloc(*sigs, | 161 | *sigs = realloc(*sigs, | |
153 | (*count + 1) * sizeof(__ops_signature_info_t)); | 162 | (*count + 1) * sizeof(__ops_signature_info_t)); | |
154 | } | 163 | } | |
155 | copy_signature_info(&(*sigs)[*count], sig); | 164 | copy_signature_info(&(*sigs)[*count], sig); | |
156 | *count += 1; | 165 | *count += 1; | |
157 | } | 166 | } | |
158 | 167 | |||
159 | 168 | |||
160 | __ops_parse_cb_return_t | 169 | __ops_parse_cb_return_t | |
161 | __ops_validate_key_cb(const __ops_parser_content_t * contents, | 170 | __ops_validate_key_cb(const __ops_packet_t * contents, | |
162 | __ops_parse_cb_info_t * cbinfo) | 171 | __ops_parse_cb_info_t * cbinfo) | |
163 | { | 172 | { | |
164 | const __ops_parser_content_union_t *content = &contents->u; | 173 | const __ops_parser_content_union_t *content = &contents->u; | |
165 | const __ops_keydata_t *signer; | 174 | const __ops_keydata_t *signer; | |
166 | validate_key_cb_t *key = __ops_parse_cb_get_arg(cbinfo); | 175 | validate_key_cb_t *key = __ops_parse_cb_get_arg(cbinfo); | |
167 | __ops_error_t **errors = __ops_parse_cb_get_errors(cbinfo); | 176 | __ops_error_t **errors = __ops_parse_cb_get_errors(cbinfo); | |
168 | bool valid = false; | 177 | bool valid = false; | |
169 | 178 | |||
170 | if (__ops_get_debug_level(__FILE__)) { | 179 | if (__ops_get_debug_level(__FILE__)) { | |
171 | printf("%s\n", __ops_show_packet_tag(contents->tag)); | 180 | printf("%s\n", __ops_show_packet_tag(contents->tag)); | |
172 | } | 181 | } | |
173 | 182 | |||
174 | switch (contents->tag) { | 183 | switch (contents->tag) { | |
175 | case OPS_PTAG_CT_PUBLIC_KEY: | 184 | case OPS_PTAG_CT_PUBLIC_KEY: | |
176 | assert(key->pkey.version == 0); | 185 | if (key->pkey.version != 0) { | |
177 | key->pkey = content->public_key; | 186 | (void) fprintf(stderr, | |
187 | "__ops_validate_key_cb: version bad\n"); | |||
188 | return OPS_FINISHED; | |||
189 | } | |||
190 | key->pkey = content->pubkey; | |||
178 | return OPS_KEEP_MEMORY; | 191 | return OPS_KEEP_MEMORY; | |
179 | 192 | |||
180 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | 193 | case OPS_PTAG_CT_PUBLIC_SUBKEY: | |
181 | if (key->subkey.version) | 194 | if (key->subkey.version) | |
182 | __ops_public_key_free(&key->subkey); | 195 | __ops_public_key_free(&key->subkey); | |
183 | key->subkey = content->public_key; | 196 | key->subkey = content->pubkey; | |
184 | return OPS_KEEP_MEMORY; | 197 | return OPS_KEEP_MEMORY; | |
185 | 198 | |||
186 | case OPS_PTAG_CT_SECRET_KEY: | 199 | case OPS_PTAG_CT_SECRET_KEY: | |
187 | key->skey = content->secret_key; | 200 | key->skey = content->secret_key; | |
188 | key->pkey = key->skey.public_key; | 201 | key->pkey = key->skey.pubkey; | |
189 | return OPS_KEEP_MEMORY; | 202 | return OPS_KEEP_MEMORY; | |
190 | 203 | |||
191 | case OPS_PTAG_CT_USER_ID: | 204 | case OPS_PTAG_CT_USER_ID: | |
192 | if (key->user_id.user_id) | 205 | if (key->user_id.user_id) | |
193 | __ops_user_id_free(&key->user_id); | 206 | __ops_user_id_free(&key->user_id); | |
194 | key->user_id = content->user_id; | 207 | key->user_id = content->user_id; | |
195 | key->last_seen = ID; | 208 | key->last_seen = ID; | |
196 | return OPS_KEEP_MEMORY; | 209 | return OPS_KEEP_MEMORY; | |
197 | 210 | |||
198 | case OPS_PTAG_CT_USER_ATTRIBUTE: | 211 | case OPS_PTAG_CT_USER_ATTRIBUTE: | |
199 | assert(content->user_attribute.data.len); | 212 | if (content->user_attribute.data.len == 0) { | |
213 | (void) fprintf(stderr, | |||
214 | "__ops_validate_key_cb: user attribute length 0"); | |||
215 | return OPS_FINISHED; | |||
216 | } | |||
200 | printf("user attribute, length=%d\n", | 217 | printf("user attribute, length=%d\n", | |
201 | (int) content->user_attribute.data.len); | 218 | (int) content->user_attribute.data.len); | |
202 | if (key->user_attribute.data.len) | 219 | if (key->user_attribute.data.len) | |
203 | __ops_user_attribute_free(&key->user_attribute); | 220 | __ops_user_attribute_free(&key->user_attribute); | |
204 | key->user_attribute = content->user_attribute; | 221 | key->user_attribute = content->user_attribute; | |
205 | key->last_seen = ATTRIBUTE; | 222 | key->last_seen = ATTRIBUTE; | |
206 | return OPS_KEEP_MEMORY; | 223 | return OPS_KEEP_MEMORY; | |
207 | 224 | |||
208 | case OPS_PTAG_CT_SIGNATURE: /* V3 sigs */ | 225 | case OPS_PTAG_CT_SIGNATURE: /* V3 sigs */ | |
209 | case OPS_PTAG_CT_SIGNATURE_FOOTER: /* V4 sigs */ | 226 | case OPS_PTAG_CT_SIGNATURE_FOOTER: /* V4 sigs */ | |
210 | 227 | |||
211 | signer = __ops_keyring_find_key_by_id(key->keyring, | 228 | signer = __ops_keyring_find_key_by_id(key->keyring, | |
212 | content->signature.info.signer_id); | 229 | content->signature.info.signer_id); | |
213 | if (!signer) { | 230 | if (!signer) { | |
214 | add_sig_to_list(&content->signature.info, | 231 | add_sig_to_list(&content->signature.info, | |
215 | &key->result->unknown_sigs, | 232 | &key->result->unknown_sigs, | |
216 | &key->result->unknownc); | 233 | &key->result->unknownc); | |
217 | break; | 234 | break; | |
218 | } | 235 | } | |
219 | switch (content->signature.info.type) { | 236 | switch (content->signature.info.type) { | |
220 | case OPS_CERT_GENERIC: | 237 | case OPS_CERT_GENERIC: | |
221 | case OPS_CERT_PERSONA: | 238 | case OPS_CERT_PERSONA: | |
222 | case OPS_CERT_CASUAL: | 239 | case OPS_CERT_CASUAL: | |
223 | case OPS_CERT_POSITIVE: | 240 | case OPS_CERT_POSITIVE: | |
224 | case OPS_SIG_REV_CERT: | 241 | case OPS_SIG_REV_CERT: | |
225 | if (key->last_seen == ID) | 242 | if (key->last_seen == ID) | |
226 | valid = __ops_check_user_id_certification_signature(&key->pkey, | 243 | valid = __ops_check_useridcert_sig(&key->pkey, | |
227 | &key->user_id, | 244 | &key->user_id, | |
228 | &content->signature, | 245 | &content->signature, | |
229 | __ops_get_public_key_from_data(signer), | 246 | __ops_get_public_key_from_data(signer), | |
230 | key->rarg->key->packets[key->rarg->packet].raw); | 247 | key->rarg->key->packets[key->rarg->packet].raw); | |
231 | else | 248 | else | |
232 | valid = __ops_check_user_attribute_certification_signature(&key->pkey, | 249 | valid = __ops_check_userattrcert_sig(&key->pkey, | |
233 | &key->user_attribute, | 250 | &key->user_attribute, | |
234 | &content->signature, | 251 | &content->signature, | |
235 | __ops_get_public_key_from_data(signer), | 252 | __ops_get_public_key_from_data(signer), | |
236 | key->rarg->key->packets[key->rarg->packet].raw); | 253 | key->rarg->key->packets[key->rarg->packet].raw); | |
237 | 254 | |||
238 | break; | 255 | break; | |
239 | 256 | |||
240 | case OPS_SIG_SUBKEY: | 257 | case OPS_SIG_SUBKEY: | |
241 | /* | 258 | /* | |
242 | * XXX: we should also check that the signer is the | 259 | * XXX: we should also check that the signer is the | |
243 | * key we are validating, I think. | 260 | * key we are validating, I think. | |
244 | */ | 261 | */ | |
245 | valid = __ops_check_subkey_signature(&key->pkey, &key->subkey, | 262 | valid = __ops_check_subkey_signature(&key->pkey, &key->subkey, | |
@@ -251,27 +268,28 @@ __ops_validate_key_cb(const __ops_parser | @@ -251,27 +268,28 @@ __ops_validate_key_cb(const __ops_parser | |||
251 | case OPS_SIG_DIRECT: | 268 | case OPS_SIG_DIRECT: | |
252 | valid = __ops_check_direct_signature(&key->pkey, &content->signature, | 269 | valid = __ops_check_direct_signature(&key->pkey, &content->signature, | |
253 | __ops_get_public_key_from_data(signer), | 270 | __ops_get_public_key_from_data(signer), | |
254 | key->rarg->key->packets[key->rarg->packet].raw); | 271 | key->rarg->key->packets[key->rarg->packet].raw); | |
255 | break; | 272 | break; | |
256 | 273 | |||
257 | case OPS_SIG_STANDALONE: | 274 | case OPS_SIG_STANDALONE: | |
258 | case OPS_SIG_PRIMARY: | 275 | case OPS_SIG_PRIMARY: | |
259 | case OPS_SIG_REV_KEY: | 276 | case OPS_SIG_REV_KEY: | |
260 | case OPS_SIG_REV_SUBKEY: | 277 | case OPS_SIG_REV_SUBKEY: | |
261 | case OPS_SIG_TIMESTAMP: | 278 | case OPS_SIG_TIMESTAMP: | |
262 | case OPS_SIG_3RD_PARTY: | 279 | case OPS_SIG_3RD_PARTY: | |
263 | OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, | 280 | OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, | |
264 | "Verification of signature type 0x%02x not yet implemented\n", content->signature.info.type); | 281 | "Sig Verification type 0x%02x not done yet\n", | |
282 | content->signature.info.type); | |||
265 | break; | 283 | break; | |
266 | 284 | |||
267 | default: | 285 | default: | |
268 | OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, | 286 | OPS_ERROR_1(errors, OPS_E_UNIMPLEMENTED, | |
269 | "Unexpected signature type 0x%02x\n", | 287 | "Unexpected signature type 0x%02x\n", | |
270 | content->signature.info.type); | 288 | content->signature.info.type); | |
271 | } | 289 | } | |
272 | 290 | |||
273 | if (valid) { | 291 | if (valid) { | |
274 | add_sig_to_list(&content->signature.info, | 292 | add_sig_to_list(&content->signature.info, | |
275 | &key->result->valid_sigs, | 293 | &key->result->valid_sigs, | |
276 | &key->result->validc); | 294 | &key->result->validc); | |
277 | } else { | 295 | } else { | |
@@ -285,35 +303,34 @@ __ops_validate_key_cb(const __ops_parser | @@ -285,35 +303,34 @@ __ops_validate_key_cb(const __ops_parser | |||
285 | /* ignore these */ | 303 | /* ignore these */ | |
286 | case OPS_PARSER_PTAG: | 304 | case OPS_PARSER_PTAG: | |
287 | case OPS_PTAG_CT_SIGNATURE_HEADER: | 305 | case OPS_PTAG_CT_SIGNATURE_HEADER: | |
288 | case OPS_PARSER_PACKET_END: | 306 | case OPS_PARSER_PACKET_END: | |
289 | break; | 307 | break; | |
290 | 308 | |||
291 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | 309 | case OPS_PARSER_CMD_GET_SK_PASSPHRASE: | |
292 | if (key->cb_get_passphrase) { | 310 | if (key->cb_get_passphrase) { | |
293 | return key->cb_get_passphrase(contents, cbinfo); | 311 | return key->cb_get_passphrase(contents, cbinfo); | |
294 | } | 312 | } | |
295 | break; | 313 | break; | |
296 | 314 | |||
297 | default: | 315 | default: | |
298 | fprintf(stderr, "unexpected tag=0x%x\n", contents->tag); | 316 | (void) fprintf(stderr, "unexpected tag=0x%x\n", contents->tag); | |
299 | assert(/* CONSTCOND */0); | 317 | return OPS_FINISHED; | |
300 | break; | |||
301 | } | 318 | } | |
302 | return OPS_RELEASE_MEMORY; | 319 | return OPS_RELEASE_MEMORY; | |
303 | } | 320 | } | |
304 | 321 | |||
305 | __ops_parse_cb_return_t | 322 | __ops_parse_cb_return_t | |
306 | validate_data_cb(const __ops_parser_content_t * contents, | 323 | validate_data_cb(const __ops_packet_t * contents, | |
307 | __ops_parse_cb_info_t * cbinfo) | 324 | __ops_parse_cb_info_t * cbinfo) | |
308 | { | 325 | { | |
309 | const __ops_parser_content_union_t *content = &contents->u; | 326 | const __ops_parser_content_union_t *content = &contents->u; | |
310 | const __ops_keydata_t *signer; | 327 | const __ops_keydata_t *signer; | |
311 | validate_data_cb_t *data = __ops_parse_cb_get_arg(cbinfo); | 328 | validate_data_cb_t *data = __ops_parse_cb_get_arg(cbinfo); | |
312 | __ops_error_t **errors = __ops_parse_cb_get_errors(cbinfo); | 329 | __ops_error_t **errors = __ops_parse_cb_get_errors(cbinfo); | |
313 | bool valid = false; | 330 | bool valid = false; | |
314 | 331 | |||
315 | if (__ops_get_debug_level(__FILE__)) { | 332 | if (__ops_get_debug_level(__FILE__)) { | |
316 | printf("validate_data_cb: %s\n", | 333 | printf("validate_data_cb: %s\n", | |
317 | __ops_show_packet_tag(contents->tag)); | 334 | __ops_show_packet_tag(contents->tag)); | |
318 | } | 335 | } | |
319 | switch (contents->tag) { | 336 | switch (contents->tag) { | |
@@ -461,77 +478,77 @@ validate_result_status(__ops_validation_ | @@ -461,77 +478,77 @@ validate_result_status(__ops_validation_ | |||
461 | * \brief Validate all signatures on a single key against the given keyring | 478 | * \brief Validate all signatures on a single key against the given keyring | |
462 | * \param result Where to put the result | 479 | * \param result Where to put the result | |
463 | * \param key Key to validate | 480 | * \param key Key to validate | |
464 | * \param keyring Keyring to use for validation | 481 | * \param keyring Keyring to use for validation | |
465 | * \param cb_get_passphrase Callback to use to get passphrase | 482 | * \param cb_get_passphrase Callback to use to get passphrase | |
466 | * \return true if all signatures OK; else false | 483 | * \return true if all signatures OK; else false | |
467 | * \note It is the caller's responsiblity to free result after use. | 484 | * \note It is the caller's responsiblity to free result after use. | |
468 | * \sa __ops_validate_result_free() | 485 | * \sa __ops_validate_result_free() | |
469 | */ | 486 | */ | |
470 | bool | 487 | bool | |
471 | __ops_validate_key_signatures(__ops_validation_t * result, | 488 | __ops_validate_key_signatures(__ops_validation_t * result, | |
472 | const __ops_keydata_t * key, | 489 | const __ops_keydata_t * key, | |
473 | const __ops_keyring_t * keyring, | 490 | const __ops_keyring_t * keyring, | |
474 | __ops_parse_cb_return_t cb_get_passphrase(const __ops_parser_content_t *, __ops_parse_cb_info_t *) | 491 | __ops_parse_cb_return_t cb_get_passphrase(const __ops_packet_t *, __ops_parse_cb_info_t *) | |
475 | ) | 492 | ) | |
476 | { | 493 | { | |
477 | __ops_parse_info_t *pinfo; | 494 | __ops_parse_info_t *pinfo; | |
478 | validate_key_cb_t carg; | 495 | validate_key_cb_t carg; | |
479 | 496 | |||
480 | (void) memset(&carg, 0x0, sizeof(carg)); | 497 | (void) memset(&carg, 0x0, sizeof(carg)); | |
481 | carg.result = result; | 498 | carg.result = result; | |
482 | carg.cb_get_passphrase = cb_get_passphrase; | 499 | carg.cb_get_passphrase = cb_get_passphrase; | |
483 | 500 | |||
484 | pinfo = __ops_parse_info_new(); | 501 | pinfo = __ops_parse_info_new(); | |
485 | /* __ops_parse_options(&opt,OPS_PTAG_CT_SIGNATURE,OPS_PARSE_PARSED); */ | 502 | /* __ops_parse_options(&opt,OPS_PTAG_CT_SIGNATURE,OPS_PARSE_PARSED); */ | |
486 | 503 | |||
487 | carg.keyring = keyring; | 504 | carg.keyring = keyring; | |
488 | 505 | |||
489 | __ops_parse_cb_set(pinfo, __ops_validate_key_cb, &carg); | 506 | __ops_parse_cb_set(pinfo, __ops_validate_key_cb, &carg); | |
490 | pinfo->rinfo.accumulate = true; | 507 | pinfo->rinfo.accumulate = true; | |
491 | __ops_keydata_reader_set(pinfo, key); | 508 | __ops_keydata_reader_set(pinfo, key); | |
492 | 509 | |||
493 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | 510 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | |
494 | /* is never used. */ | 511 | /* is never used. */ | |
495 | carg.rarg = pinfo->rinfo.arg; | 512 | carg.rarg = pinfo->rinfo.arg; | |
496 | 513 | |||
497 | __ops_parse(pinfo); | 514 | __ops_parse(pinfo, 0); | |
498 | 515 | |||
499 | __ops_public_key_free(&carg.pkey); | 516 | __ops_public_key_free(&carg.pkey); | |
500 | if (carg.subkey.version) | 517 | if (carg.subkey.version) | |
501 | __ops_public_key_free(&carg.subkey); | 518 | __ops_public_key_free(&carg.subkey); | |
502 | __ops_user_id_free(&carg.user_id); | 519 | __ops_user_id_free(&carg.user_id); | |
503 | __ops_user_attribute_free(&carg.user_attribute); | 520 | __ops_user_attribute_free(&carg.user_attribute); | |
504 | 521 | |||
505 | __ops_parse_info_delete(pinfo); | 522 | __ops_parse_info_delete(pinfo); | |
506 | 523 | |||
507 | if (result->invalidc || result->unknownc || !result->validc) | 524 | if (result->invalidc || result->unknownc || !result->validc) | |
508 | return false; | 525 | return false; | |
509 | else | 526 | else | |
510 | return true; | 527 | return true; | |
511 | } | 528 | } | |
512 | 529 | |||
513 | /** | 530 | /** | |
514 | \ingroup HighLevel_Verify | 531 | \ingroup HighLevel_Verify | |
515 | \param result Where to put the result | 532 | \param result Where to put the result | |
516 | \param ring Keyring to use | 533 | \param ring Keyring to use | |
517 | \param cb_get_passphrase Callback to use to get passphrase | 534 | \param cb_get_passphrase Callback to use to get passphrase | |
518 | \note It is the caller's responsibility to free result after use. | 535 | \note It is the caller's responsibility to free result after use. | |
519 | \sa __ops_validate_result_free() | 536 | \sa __ops_validate_result_free() | |
520 | */ | 537 | */ | |
521 | bool | 538 | bool | |
522 | __ops_validate_all_signatures(__ops_validation_t * result, | 539 | __ops_validate_all_signatures(__ops_validation_t * result, | |
523 | const __ops_keyring_t * ring, | 540 | const __ops_keyring_t * ring, | |
524 | __ops_parse_cb_return_t cb_get_passphrase(const __ops_parser_content_t *, __ops_parse_cb_info_t *) | 541 | __ops_parse_cb_return_t cb_get_passphrase(const __ops_packet_t *, __ops_parse_cb_info_t *) | |
525 | ) | 542 | ) | |
526 | { | 543 | { | |
527 | int n; | 544 | int n; | |
528 | 545 | |||
529 | (void) memset(result, 0x0, sizeof(*result)); | 546 | (void) memset(result, 0x0, sizeof(*result)); | |
530 | for (n = 0; n < ring->nkeys; ++n) { | 547 | for (n = 0; n < ring->nkeys; ++n) { | |
531 | __ops_validate_key_signatures(result, &ring->keys[n], ring, | 548 | __ops_validate_key_signatures(result, &ring->keys[n], ring, | |
532 | cb_get_passphrase); | 549 | cb_get_passphrase); | |
533 | } | 550 | } | |
534 | return validate_result_status(result); | 551 | return validate_result_status(result); | |
535 | } | 552 | } | |
536 | 553 | |||
537 | /** | 554 | /** | |
@@ -568,52 +585,74 @@ __ops_validate_result_free(__ops_validat | @@ -568,52 +585,74 @@ __ops_validate_result_free(__ops_validat | |||
568 | \return true if signatures validate successfully; | 585 | \return true if signatures validate successfully; | |
569 | false if signatures fail or there are no signatures | 586 | false if signatures fail or there are no signatures | |
570 | \note After verification, result holds the details of all keys which | 587 | \note After verification, result holds the details of all keys which | |
571 | have passed, failed and not been recognised. | 588 | have passed, failed and not been recognised. | |
572 | \note It is the caller's responsiblity to call | 589 | \note It is the caller's responsiblity to call | |
573 | __ops_validate_result_free(result) after use. | 590 | __ops_validate_result_free(result) after use. | |
574 | */ | 591 | */ | |
575 | bool | 592 | bool | |
576 | __ops_validate_file(__ops_validation_t *result, | 593 | __ops_validate_file(__ops_validation_t *result, | |
577 | const char *filename, | 594 | const char *filename, | |
578 | const int armoured, | 595 | const int armoured, | |
579 | const __ops_keyring_t *keyring) | 596 | const __ops_keyring_t *keyring) | |
580 | { | 597 | { | |
581 | __ops_parse_info_t *pinfo = NULL; | 598 | __ops_parse_info_t *pinfo = NULL; | |
582 | validate_data_cb_t validation; | 599 | validate_data_cb_t validation; | |
583 | int fd = 0; | 600 | struct stat st; | |
601 | int64_t origsize; | |||
602 | char origfile[MAXPATHLEN]; | |||
603 | int fd; | |||
604 | int cc; | |||
605 | ||||
606 | #define SIG_OVERHEAD 284 /* depends on sig size */ | |||
607 | ||||
608 | if (stat(filename, &st) < 0) { | |||
609 | (void) fprintf(stderr, "can't validate \"%s\"\n", filename); | |||
610 | return false; | |||
611 | } | |||
612 | origsize = st.st_size; | |||
613 | cc = snprintf(origfile, sizeof(origfile), "%s", filename); | |||
614 | if (strcmp(&origfile[cc - 4], ".sig") == 0) { | |||
615 | origfile[cc - 4] = 0x0; | |||
616 | if (stat(origfile, &st) == 0 && | |||
617 | st.st_size - SIG_OVERHEAD < origsize) { | |||
618 | /* XXX - agc */ | |||
619 | pinfo->synthlit = __UNCONST(filename); | |||
620 | } | |||
621 | } | |||
584 | 622 | |||
585 | fd = __ops_setup_file_read(&pinfo, filename, &validation, | 623 | fd = __ops_setup_file_read(&pinfo, filename, &validation, | |
586 | validate_data_cb, true); | 624 | validate_data_cb, true); | |
587 | if (fd < 0) { | 625 | if (fd < 0) { | |
588 | return false; | 626 | return false; | |
589 | } | 627 | } | |
590 | 628 | |||
591 | /* Set verification reader and handling options */ | 629 | /* Set verification reader and handling options */ | |
592 | (void) memset(&validation, 0x0, sizeof(validation)); | 630 | (void) memset(&validation, 0x0, sizeof(validation)); | |
593 | validation.result = result; | 631 | validation.result = result; | |
594 | validation.keyring = keyring; | 632 | validation.keyring = keyring; | |
595 | validation.mem = __ops_memory_new(); | 633 | validation.mem = __ops_memory_new(); | |
596 | __ops_memory_init(validation.mem, 128); | 634 | __ops_memory_init(validation.mem, 128); | |
597 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | 635 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | |
598 | /* is never used. */ | 636 | /* is never used. */ | |
599 | validation.rarg = pinfo->rinfo.arg; | 637 | validation.rarg = pinfo->rinfo.arg; | |
600 | 638 | |||
601 | if (armoured) { | 639 | if (armoured) { | |
602 | __ops_reader_push_dearmour(pinfo); | 640 | __ops_reader_push_dearmour(pinfo); | |
603 | } | 641 | } | |
604 | 642 | |||
605 | /* Do the verification */ | 643 | /* Do the verification */ | |
606 | __ops_parse(pinfo); | 644 | __ops_parse(pinfo, 0); | |
645 | ||||
607 | if (__ops_get_debug_level(__FILE__)) { | 646 | if (__ops_get_debug_level(__FILE__)) { | |
608 | printf("valid=%d, invalid=%d, unknown=%d\n", | 647 | printf("valid=%d, invalid=%d, unknown=%d\n", | |
609 | result->validc, | 648 | result->validc, | |
610 | result->invalidc, | 649 | result->invalidc, | |
611 | result->unknownc); | 650 | result->unknownc); | |
612 | } | 651 | } | |
613 | 652 | |||
614 | /* Tidy up */ | 653 | /* Tidy up */ | |
615 | if (armoured) { | 654 | if (armoured) { | |
616 | __ops_reader_pop_dearmour(pinfo); | 655 | __ops_reader_pop_dearmour(pinfo); | |
617 | } | 656 | } | |
618 | __ops_teardown_file_read(pinfo, fd); | 657 | __ops_teardown_file_read(pinfo, fd); | |
619 | 658 | |||
@@ -649,27 +688,27 @@ __ops_validate_mem(__ops_validation_t *r | @@ -649,27 +688,27 @@ __ops_validate_mem(__ops_validation_t *r | |||
649 | validation.result = result; | 688 | validation.result = result; | |
650 | validation.keyring = keyring; | 689 | validation.keyring = keyring; | |
651 | validation.mem = __ops_memory_new(); | 690 | validation.mem = __ops_memory_new(); | |
652 | __ops_memory_init(validation.mem, 128); | 691 | __ops_memory_init(validation.mem, 128); | |
653 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | 692 | /* Note: Coverity incorrectly reports an error that carg.rarg */ | |
654 | /* is never used. */ | 693 | /* is never used. */ | |
655 | validation.rarg = pinfo->rinfo.arg; | 694 | validation.rarg = pinfo->rinfo.arg; | |
656 | 695 | |||
657 | if (armoured) { | 696 | if (armoured) { | |
658 | __ops_reader_push_dearmour(pinfo); | 697 | __ops_reader_push_dearmour(pinfo); | |
659 | } | 698 | } | |
660 | 699 | |||
661 | /* Do the verification */ | 700 | /* Do the verification */ | |
662 | __ops_parse(pinfo); | 701 | __ops_parse(pinfo, 0); | |
663 | if (__ops_get_debug_level(__FILE__)) { | 702 | if (__ops_get_debug_level(__FILE__)) { | |
664 | printf("valid=%d, invalid=%d, unknown=%d\n", | 703 | printf("valid=%d, invalid=%d, unknown=%d\n", | |
665 | result->validc, | 704 | result->validc, | |
666 | result->invalidc, | 705 | result->invalidc, | |
667 | result->unknownc); | 706 | result->unknownc); | |
668 | } | 707 | } | |
669 | 708 | |||
670 | /* Tidy up */ | 709 | /* Tidy up */ | |
671 | if (armoured) { | 710 | if (armoured) { | |
672 | __ops_reader_pop_dearmour(pinfo); | 711 | __ops_reader_pop_dearmour(pinfo); | |
673 | } | 712 | } | |
674 | __ops_teardown_memory_read(pinfo, mem); | 713 | __ops_teardown_memory_read(pinfo, mem); | |
675 | 714 |
--- src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/keyring.h 2009/05/05 01:28:15 1.2
@@ -57,36 +57,36 @@ bool __ops_keyring_read_from_file(__op | @@ -57,36 +57,36 @@ bool __ops_keyring_read_from_file(__op | |||
57 | char *__ops_malloc_passphrase(char *); | 57 | char *__ops_malloc_passphrase(char *); | |
58 | 58 | |||
59 | void __ops_keyring_list(const __ops_keyring_t *); | 59 | void __ops_keyring_list(const __ops_keyring_t *); | |
60 | 60 | |||
61 | void __ops_set_secret_key(__ops_parser_content_union_t *, const __ops_keydata_t *); | 61 | void __ops_set_secret_key(__ops_parser_content_union_t *, const __ops_keydata_t *); | |
62 | 62 | |||
63 | const unsigned char *__ops_get_key_id(const __ops_keydata_t *); | 63 | const unsigned char *__ops_get_key_id(const __ops_keydata_t *); | |
64 | unsigned __ops_get_user_id_count(const __ops_keydata_t *); | 64 | unsigned __ops_get_user_id_count(const __ops_keydata_t *); | |
65 | const unsigned char *__ops_get_user_id(const __ops_keydata_t *, unsigned); | 65 | const unsigned char *__ops_get_user_id(const __ops_keydata_t *, unsigned); | |
66 | bool __ops_is_key_supported(const __ops_keydata_t *); | 66 | bool __ops_is_key_supported(const __ops_keydata_t *); | |
67 | const __ops_keydata_t *__ops_keyring_get_key_by_index(const __ops_keyring_t *, int); | 67 | const __ops_keydata_t *__ops_keyring_get_key_by_index(const __ops_keyring_t *, int); | |
68 | 68 | |||
69 | __ops_user_id_t *__ops_add_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *); | 69 | __ops_user_id_t *__ops_add_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *); | |
70 | __ops_packet_t *__ops_add_packet_to_keydata(__ops_keydata_t *, const __ops_packet_t *); | 70 | __ops_subpacket_t *__ops_add_packet_to_keydata(__ops_keydata_t *, const __ops_subpacket_t *); | |
71 | void __ops_add_signed_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *, const __ops_packet_t *); | 71 | void __ops_add_signed_userid_to_keydata(__ops_keydata_t *, const __ops_user_id_t *, const __ops_subpacket_t *); | |
72 | 72 | |||
73 | bool __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t *, __ops_user_id_t *); | 73 | bool __ops_add_selfsigned_userid_to_keydata(__ops_keydata_t *, __ops_user_id_t *); | |
74 | 74 | |||
75 | __ops_keydata_t *__ops_keydata_new(void); | 75 | __ops_keydata_t *__ops_keydata_new(void); | |
76 | void __ops_keydata_init(__ops_keydata_t *, const __ops_content_tag_t); | 76 | void __ops_keydata_init(__ops_keydata_t *, const __ops_content_tag_t); | |
77 | 77 | |||
78 | void __ops_copy_userid(__ops_user_id_t *, const __ops_user_id_t *); | 78 | void __ops_copy_userid(__ops_user_id_t *, const __ops_user_id_t *); | |
79 | void __ops_copy_packet(__ops_packet_t *, const __ops_packet_t *); | 79 | void __ops_copy_packet(__ops_subpacket_t *, const __ops_subpacket_t *); | |
80 | unsigned __ops_get_keydata_content_type(const __ops_keydata_t *); | 80 | unsigned __ops_get_keydata_content_type(const __ops_keydata_t *); | |
81 | 81 | |||
82 | int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_parse_info_t *); | 82 | int __ops_parse_and_accumulate(__ops_keyring_t *, __ops_parse_info_t *); | |
83 | 83 | |||
84 | void __ops_print_public_keydata(const __ops_keydata_t *); | 84 | void __ops_print_public_keydata(const __ops_keydata_t *); | |
85 | void __ops_print_public_key(const __ops_public_key_t *); | 85 | void __ops_print_public_key(const __ops_public_key_t *); | |
86 | 86 | |||
87 | void __ops_print_secret_keydata(const __ops_keydata_t *); | 87 | void __ops_print_secret_keydata(const __ops_keydata_t *); | |
88 | void __ops_list_packets(char *, bool, __ops_keyring_t *, __ops_parse_cb_t *); | 88 | void __ops_list_packets(char *, bool, __ops_keyring_t *, __ops_parse_cb_t *); | |
89 | 89 | |||
90 | int __ops_export_key(const __ops_keydata_t *, unsigned char *); | 90 | int __ops_export_key(const __ops_keydata_t *, unsigned char *); | |
91 | 91 | |||
92 | #endif /* OPS_KEYRING_H */ | 92 | #endif /* OPS_KEYRING_H */ |
--- src/crypto/external/bsd/netpgp/dist/src/lib/Attic/keyring_local.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/Attic/keyring_local.h 2009/05/05 01:28:15 1.2
@@ -35,30 +35,30 @@ | @@ -35,30 +35,30 @@ | |||
35 | } \ | 35 | } \ | |
36 | } while(/*CONSTCOND*/0) | 36 | } while(/*CONSTCOND*/0) | |
37 | 37 | |||
38 | /** __ops_keydata_key_t | 38 | /** __ops_keydata_key_t | |
39 | */ | 39 | */ | |
40 | typedef union { | 40 | typedef union { | |
41 | __ops_public_key_t pkey; | 41 | __ops_public_key_t pkey; | |
42 | __ops_secret_key_t skey; | 42 | __ops_secret_key_t skey; | |
43 | } __ops_keydata_key_t; | 43 | } __ops_keydata_key_t; | |
44 | 44 | |||
45 | 45 | |||
46 | /** sigpacket_t */ | 46 | /** sigpacket_t */ | |
47 | typedef struct { | 47 | typedef struct { | |
48 | __ops_user_id_t *userid; | 48 | __ops_user_id_t *userid; | |
49 | __ops_packet_t *packet; | 49 | __ops_subpacket_t *packet; | |
50 | } sigpacket_t; | 50 | } sigpacket_t; | |
51 | 51 | |||
52 | /* XXX: gonna have to expand this to hold onto subkeys, too... */ | 52 | /* XXX: gonna have to expand this to hold onto subkeys, too... */ | |
53 | /** \struct __ops_keydata | 53 | /** \struct __ops_keydata | |
54 | * \todo expand to hold onto subkeys | 54 | * \todo expand to hold onto subkeys | |
55 | */ | 55 | */ | |
56 | struct __ops_keydata { | 56 | struct __ops_keydata { | |
57 | DECLARE_ARRAY(__ops_user_id_t, uids); | 57 | DECLARE_ARRAY(__ops_user_id_t, uids); | |
58 | DECLARE_ARRAY(__ops_packet_t, packets); | 58 | DECLARE_ARRAY(__ops_subpacket_t, packets); | |
59 | DECLARE_ARRAY(sigpacket_t, sigs); | 59 | DECLARE_ARRAY(sigpacket_t, sigs); | |
60 | unsigned char key_id[8]; | 60 | unsigned char key_id[8]; | |
61 | __ops_fingerprint_t fingerprint; | 61 | __ops_fingerprint_t fingerprint; | |
62 | __ops_content_tag_t type; | 62 | __ops_content_tag_t type; | |
63 | __ops_keydata_key_t key; | 63 | __ops_keydata_key_t key; | |
64 | }; | 64 | }; |
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h 2009/05/05 01:28:15 1.2
@@ -45,25 +45,25 @@ typedef struct __ops_validation_t { | @@ -45,25 +45,25 @@ typedef struct __ops_validation_t { | |||
45 | __ops_signature_info_t *valid_sigs; | 45 | __ops_signature_info_t *valid_sigs; | |
46 | unsigned int invalidc; | 46 | unsigned int invalidc; | |
47 | __ops_signature_info_t *invalid_sigs; | 47 | __ops_signature_info_t *invalid_sigs; | |
48 | unsigned int unknownc; | 48 | unsigned int unknownc; | |
49 | __ops_signature_info_t *unknown_sigs; | 49 | __ops_signature_info_t *unknown_sigs; | |
50 | } __ops_validation_t; | 50 | } __ops_validation_t; | |
51 | 51 | |||
52 | void __ops_validate_result_free(__ops_validation_t *); | 52 | void __ops_validate_result_free(__ops_validation_t *); | |
53 | 53 | |||
54 | bool | 54 | bool | |
55 | __ops_validate_key_signatures(__ops_validation_t *, | 55 | __ops_validate_key_signatures(__ops_validation_t *, | |
56 | const __ops_keydata_t *, | 56 | const __ops_keydata_t *, | |
57 | const __ops_keyring_t *, | 57 | const __ops_keyring_t *, | |
58 | __ops_parse_cb_return_t cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *)); | 58 | __ops_parse_cb_return_t cb(const __ops_packet_t *, __ops_parse_cb_info_t *)); | |
59 | 59 | |||
60 | bool | 60 | bool | |
61 | __ops_validate_all_signatures(__ops_validation_t *, | 61 | __ops_validate_all_signatures(__ops_validation_t *, | |
62 | const __ops_keyring_t *, | 62 | const __ops_keyring_t *, | |
63 | __ops_parse_cb_return_t cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *)); | 63 | __ops_parse_cb_return_t cb(const __ops_packet_t *, __ops_parse_cb_info_t *)); | |
64 | 64 | |||
65 | bool __ops_check_signature(const unsigned char *, unsigned, const __ops_signature_t *, const __ops_public_key_t *); | 65 | bool __ops_check_signature(const unsigned char *, unsigned, const __ops_signature_t *, const __ops_public_key_t *); | |
66 | 66 | |||
67 | const char *__ops_get_info(const char *type); | 67 | const char *__ops_get_info(const char *type); | |
68 | 68 | |||
69 | #endif | 69 | #endif |
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.h 2009/05/05 01:28:15 1.2
@@ -40,30 +40,30 @@ typedef struct __ops_region_t { | @@ -40,30 +40,30 @@ typedef struct __ops_region_t { | |||
40 | } __ops_region_t; | 40 | } __ops_region_t; | |
41 | 41 | |||
42 | void __ops_init_subregion(__ops_region_t * subregion, __ops_region_t * region); | 42 | void __ops_init_subregion(__ops_region_t * subregion, __ops_region_t * region); | |
43 | 43 | |||
44 | /** __ops_parse_callback_return_t */ | 44 | /** __ops_parse_callback_return_t */ | |
45 | typedef enum { | 45 | typedef enum { | |
46 | OPS_RELEASE_MEMORY, | 46 | OPS_RELEASE_MEMORY, | |
47 | OPS_KEEP_MEMORY, | 47 | OPS_KEEP_MEMORY, | |
48 | OPS_FINISHED | 48 | OPS_FINISHED | |
49 | } __ops_parse_cb_return_t; | 49 | } __ops_parse_cb_return_t; | |
50 | 50 | |||
51 | typedef struct __ops_parse_cb_info __ops_parse_cb_info_t; | 51 | typedef struct __ops_parse_cb_info __ops_parse_cb_info_t; | |
52 | 52 | |||
53 | typedef __ops_parse_cb_return_t __ops_parse_cb_t(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 53 | typedef __ops_parse_cb_return_t __ops_parse_cb_t(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
54 | 54 | |||
55 | __ops_parse_cb_return_t | 55 | __ops_parse_cb_return_t | |
56 | get_passphrase_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 56 | get_passphrase_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
57 | 57 | |||
58 | typedef struct __ops_parse_info __ops_parse_info_t; | 58 | typedef struct __ops_parse_info __ops_parse_info_t; | |
59 | typedef struct __ops_reader_info __ops_reader_info_t; | 59 | typedef struct __ops_reader_info __ops_reader_info_t; | |
60 | typedef struct __ops_crypt_info __ops_crypt_info_t; | 60 | typedef struct __ops_crypt_info __ops_crypt_info_t; | |
61 | 61 | |||
62 | /* | 62 | /* | |
63 | A reader MUST read at least one byte if it can, and should read up | 63 | A reader MUST read at least one byte if it can, and should read up | |
64 | to the number asked for. Whether it reads more for efficiency is | 64 | to the number asked for. Whether it reads more for efficiency is | |
65 | its own decision, but if it is a stacked reader it should never | 65 | its own decision, but if it is a stacked reader it should never | |
66 | read more than the length of the region it operates in (which it | 66 | read more than the length of the region it operates in (which it | |
67 | would have to be given when it is stacked). | 67 | would have to be given when it is stacked). | |
68 | 68 | |||
69 | If a read is short because of EOF, then it should return the short | 69 | If a read is short because of EOF, then it should return the short | |
@@ -88,32 +88,31 @@ void __ops_parse_info_delete( | @@ -88,32 +88,31 @@ void __ops_parse_info_delete( | |||
88 | __ops_error_t *__ops_parse_info_get_errors(__ops_parse_info_t *); | 88 | __ops_error_t *__ops_parse_info_get_errors(__ops_parse_info_t *); | |
89 | __ops_crypt_t *__ops_parse_get_decrypt(__ops_parse_info_t *); | 89 | __ops_crypt_t *__ops_parse_get_decrypt(__ops_parse_info_t *); | |
90 | 90 | |||
91 | void __ops_parse_cb_set(__ops_parse_info_t *, __ops_parse_cb_t *, void *); | 91 | void __ops_parse_cb_set(__ops_parse_info_t *, __ops_parse_cb_t *, void *); | |
92 | void __ops_parse_cb_push(__ops_parse_info_t *, __ops_parse_cb_t *, void *); | 92 | void __ops_parse_cb_push(__ops_parse_info_t *, __ops_parse_cb_t *, void *); | |
93 | void *__ops_parse_cb_get_arg(__ops_parse_cb_info_t *); | 93 | void *__ops_parse_cb_get_arg(__ops_parse_cb_info_t *); | |
94 | void *__ops_parse_cb_get_errors(__ops_parse_cb_info_t *); | 94 | void *__ops_parse_cb_get_errors(__ops_parse_cb_info_t *); | |
95 | void __ops_reader_set(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *); | 95 | void __ops_reader_set(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *); | |
96 | void __ops_reader_push(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *); | 96 | void __ops_reader_push(__ops_parse_info_t *, __ops_reader_t *, __ops_reader_destroyer_t *, void *); | |
97 | void __ops_reader_pop(__ops_parse_info_t *); | 97 | void __ops_reader_pop(__ops_parse_info_t *); | |
98 | 98 | |||
99 | void *__ops_reader_get_arg(__ops_reader_info_t *); | 99 | void *__ops_reader_get_arg(__ops_reader_info_t *); | |
100 | 100 | |||
101 | __ops_parse_cb_return_t __ops_parse_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 101 | __ops_parse_cb_return_t __ops_parse_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
102 | __ops_parse_cb_return_t __ops_parse_stacked_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 102 | __ops_parse_cb_return_t __ops_parse_stacked_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
103 | __ops_reader_info_t *__ops_parse_get_rinfo(__ops_parse_info_t *); | 103 | __ops_reader_info_t *__ops_parse_get_rinfo(__ops_parse_info_t *); | |
104 | 104 | |||
105 | int __ops_parse(__ops_parse_info_t *); | 105 | int __ops_parse(__ops_parse_info_t *, int); | |
106 | int __ops_parse_and_print_errors(__ops_parse_info_t *); | |||
107 | 106 | |||
108 | void __ops_parse_and_validate(__ops_parse_info_t *); | 107 | void __ops_parse_and_validate(__ops_parse_info_t *); | |
109 | 108 | |||
110 | /** Used to specify whether subpackets should be returned raw, parsed or ignored. | 109 | /** Used to specify whether subpackets should be returned raw, parsed or ignored. | |
111 | */ | 110 | */ | |
112 | typedef enum { | 111 | typedef enum { | |
113 | OPS_PARSE_RAW, /* !< Callback Raw */ | 112 | OPS_PARSE_RAW, /* !< Callback Raw */ | |
114 | OPS_PARSE_PARSED, /* !< Callback Parsed */ | 113 | OPS_PARSE_PARSED, /* !< Callback Parsed */ | |
115 | OPS_PARSE_IGNORE /* !< Don't callback */ | 114 | OPS_PARSE_IGNORE /* !< Don't callback */ | |
116 | } __ops_parse_type_t; | 115 | } __ops_parse_type_t; | |
117 | 116 | |||
118 | void | 117 | void | |
119 | __ops_parse_options(__ops_parse_info_t *, __ops_content_tag_t, __ops_parse_type_t); | 118 | __ops_parse_options(__ops_parse_info_t *, __ops_content_tag_t, __ops_parse_type_t); |
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h 2009/05/05 01:28:15 1.2
@@ -484,27 +484,27 @@ bool __ops_is_hash_alg_supported(const | @@ -484,27 +484,27 @@ bool __ops_is_hash_alg_supported(const | |||
484 | /* Hash size for secret key check */ | 484 | /* Hash size for secret key check */ | |
485 | #define OPS_CHECKHASH_SIZE 20 | 485 | #define OPS_CHECKHASH_SIZE 20 | |
486 | 486 | |||
487 | /* SHA1 Hash Size \todo is this the same as OPS_CHECKHASH_SIZE?? */ | 487 | /* SHA1 Hash Size \todo is this the same as OPS_CHECKHASH_SIZE?? */ | |
488 | #define OPS_SHA1_HASH_SIZE SHA_DIGEST_LENGTH | 488 | #define OPS_SHA1_HASH_SIZE SHA_DIGEST_LENGTH | |
489 | #define OPS_SHA256_HASH_SIZE SHA256_DIGEST_LENGTH | 489 | #define OPS_SHA256_HASH_SIZE SHA256_DIGEST_LENGTH | |
490 | 490 | |||
491 | /* Max hash size */ | 491 | /* Max hash size */ | |
492 | #define OPS_MAX_HASH_SIZE 64 | 492 | #define OPS_MAX_HASH_SIZE 64 | |
493 | 493 | |||
494 | /** __ops_secret_key_t | 494 | /** __ops_secret_key_t | |
495 | */ | 495 | */ | |
496 | typedef struct { | 496 | typedef struct { | |
497 | __ops_public_key_t public_key; | 497 | __ops_public_key_t pubkey; | |
498 | __ops_s2k_usage_t s2k_usage; | 498 | __ops_s2k_usage_t s2k_usage; | |
499 | __ops_s2k_specifier_t s2k_specifier; | 499 | __ops_s2k_specifier_t s2k_specifier; | |
500 | __ops_symmetric_algorithm_t algorithm; | 500 | __ops_symmetric_algorithm_t algorithm; | |
501 | __ops_hash_algorithm_t hash_algorithm; | 501 | __ops_hash_algorithm_t hash_algorithm; | |
502 | unsigned char salt[OPS_SALT_SIZE]; | 502 | unsigned char salt[OPS_SALT_SIZE]; | |
503 | unsigned octet_count; | 503 | unsigned octet_count; | |
504 | unsigned char iv[OPS_MAX_BLOCK_SIZE]; | 504 | unsigned char iv[OPS_MAX_BLOCK_SIZE]; | |
505 | __ops_secret_key_union_t key; | 505 | __ops_secret_key_union_t key; | |
506 | unsigned checksum; | 506 | unsigned checksum; | |
507 | unsigned char checkhash[OPS_CHECKHASH_SIZE]; | 507 | unsigned char checkhash[OPS_CHECKHASH_SIZE]; | |
508 | } __ops_secret_key_t; | 508 | } __ops_secret_key_t; | |
509 | 509 | |||
510 | /** Structure to hold one trust packet's data */ | 510 | /** Structure to hold one trust packet's data */ | |
@@ -711,30 +711,30 @@ typedef struct { | @@ -711,30 +711,30 @@ typedef struct { | |||
711 | typedef struct { | 711 | typedef struct { | |
712 | __ops_public_key_algorithm_t pka_alg; | 712 | __ops_public_key_algorithm_t pka_alg; | |
713 | __ops_hash_algorithm_t hash_alg; | 713 | __ops_hash_algorithm_t hash_alg; | |
714 | __ops_data_t hash; | 714 | __ops_data_t hash; | |
715 | } __ops_ss_signature_target_t; | 715 | } __ops_ss_signature_target_t; | |
716 | 716 | |||
717 | /** Signature Subpacket : Embedded Signature */ | 717 | /** Signature Subpacket : Embedded Signature */ | |
718 | typedef struct { | 718 | typedef struct { | |
719 | __ops_data_t sig; | 719 | __ops_data_t sig; | |
720 | } __ops_ss_embedded_signature_t; | 720 | } __ops_ss_embedded_signature_t; | |
721 | 721 | |||
722 | /** __ops_packet_t */ | 722 | /** __ops_packet_t */ | |
723 | 723 | |||
724 | typedef struct { | 724 | typedef struct __ops_subpacket_t { | |
725 | size_t length; | 725 | size_t length; | |
726 | unsigned char *raw; | 726 | unsigned char *raw; | |
727 | } __ops_packet_t; | 727 | } __ops_subpacket_t; | |
728 | 728 | |||
729 | /** Types of Compression */ | 729 | /** Types of Compression */ | |
730 | typedef enum { | 730 | typedef enum { | |
731 | OPS_C_NONE = 0, | 731 | OPS_C_NONE = 0, | |
732 | OPS_C_ZIP = 1, | 732 | OPS_C_ZIP = 1, | |
733 | OPS_C_ZLIB = 2, | 733 | OPS_C_ZLIB = 2, | |
734 | OPS_C_BZIP2 = 3 | 734 | OPS_C_BZIP2 = 3 | |
735 | } __ops_compression_type_t; | 735 | } __ops_compression_type_t; | |
736 | 736 | |||
737 | /* | 737 | /* | |
738 | * unlike most structures, this will feed its data as a stream to the | 738 | * unlike most structures, this will feed its data as a stream to the | |
739 | * application instead of directly including it | 739 | * application instead of directly including it | |
740 | */ | 740 | */ | |
@@ -929,38 +929,38 @@ typedef struct { | @@ -929,38 +929,38 @@ typedef struct { | |||
929 | } __ops_se_data_body_t; | 929 | } __ops_se_data_body_t; | |
930 | 930 | |||
931 | /** __ops_get_secret_key_t */ | 931 | /** __ops_get_secret_key_t */ | |
932 | typedef struct { | 932 | typedef struct { | |
933 | const __ops_secret_key_t **secret_key; | 933 | const __ops_secret_key_t **secret_key; | |
934 | const __ops_pk_session_key_t *pk_session_key; | 934 | const __ops_pk_session_key_t *pk_session_key; | |
935 | } __ops_get_secret_key_t; | 935 | } __ops_get_secret_key_t; | |
936 | 936 | |||
937 | /** __ops_parser_union_content_t */ | 937 | /** __ops_parser_union_content_t */ | |
938 | typedef union { | 938 | typedef union { | |
939 | __ops_parser_error_t error; | 939 | __ops_parser_error_t error; | |
940 | __ops_parser_errcode_t errcode; | 940 | __ops_parser_errcode_t errcode; | |
941 | __ops_ptag_t ptag; | 941 | __ops_ptag_t ptag; | |
942 | __ops_public_key_t public_key; | 942 | __ops_public_key_t pubkey; | |
943 | __ops_trust_t trust; | 943 | __ops_trust_t trust; | |
944 | __ops_user_id_t user_id; | 944 | __ops_user_id_t user_id; | |
945 | __ops_user_attribute_t user_attribute; | 945 | __ops_user_attribute_t user_attribute; | |
946 | __ops_signature_t signature; | 946 | __ops_signature_t signature; | |
947 | __ops_ss_raw_t ss_raw; | 947 | __ops_ss_raw_t ss_raw; | |
948 | __ops_ss_trust_t ss_trust; | 948 | __ops_ss_trust_t ss_trust; | |
949 | __ops_ss_revocable_t ss_revocable; | 949 | __ops_ss_revocable_t ss_revocable; | |
950 | __ops_ss_time_t ss_time; | 950 | __ops_ss_time_t ss_time; | |
951 | __ops_ss_key_id_t ss_issuer_key_id; | 951 | __ops_ss_key_id_t ss_issuer_key_id; | |
952 | __ops_ss_notation_data_t ss_notation_data; | 952 | __ops_ss_notation_data_t ss_notation_data; | |
953 | __ops_packet_t packet; | 953 | __ops_subpacket_t packet; | |
954 | __ops_compressed_t compressed; | 954 | __ops_compressed_t compressed; | |
955 | __ops_one_pass_signature_t one_pass_signature; | 955 | __ops_one_pass_signature_t one_pass_signature; | |
956 | __ops_ss_preferred_ska_t ss_preferred_ska; | 956 | __ops_ss_preferred_ska_t ss_preferred_ska; | |
957 | __ops_ss_preferred_hash_t ss_preferred_hash; | 957 | __ops_ss_preferred_hash_t ss_preferred_hash; | |
958 | __ops_ss_preferred_compression_t ss_preferred_compression; | 958 | __ops_ss_preferred_compression_t ss_preferred_compression; | |
959 | __ops_ss_key_flags_t ss_key_flags; | 959 | __ops_ss_key_flags_t ss_key_flags; | |
960 | __ops_ss_key_server_prefs_t ss_key_server_prefs; | 960 | __ops_ss_key_server_prefs_t ss_key_server_prefs; | |
961 | __ops_ss_primary_user_id_t ss_primary_user_id; | 961 | __ops_ss_primary_user_id_t ss_primary_user_id; | |
962 | __ops_ss_regexp_t ss_regexp; | 962 | __ops_ss_regexp_t ss_regexp; | |
963 | __ops_ss_policy_url_t ss_policy_url; | 963 | __ops_ss_policy_url_t ss_policy_url; | |
964 | __ops_ss_preferred_key_server_t ss_preferred_key_server; | 964 | __ops_ss_preferred_key_server_t ss_preferred_key_server; | |
965 | __ops_ss_revocation_key_t ss_revocation_key; | 965 | __ops_ss_revocation_key_t ss_revocation_key; | |
966 | __ops_ss_userdefined_t ss_userdefined; | 966 | __ops_ss_userdefined_t ss_userdefined; | |
@@ -971,35 +971,35 @@ typedef union { | @@ -971,35 +971,35 @@ typedef union { | |||
971 | __ops_ss_features_t ss_features; | 971 | __ops_ss_features_t ss_features; | |
972 | __ops_ss_signature_target_t ss_signature_target; | 972 | __ops_ss_signature_target_t ss_signature_target; | |
973 | __ops_ss_embedded_signature_t ss_embedded_signature; | 973 | __ops_ss_embedded_signature_t ss_embedded_signature; | |
974 | __ops_ss_revocation_reason_t ss_revocation_reason; | 974 | __ops_ss_revocation_reason_t ss_revocation_reason; | |
975 | __ops_secret_key_t secret_key; | 975 | __ops_secret_key_t secret_key; | |
976 | __ops_user_id_t ss_signers_user_id; | 976 | __ops_user_id_t ss_signers_user_id; | |
977 | __ops_armour_header_t armour_header; | 977 | __ops_armour_header_t armour_header; | |
978 | __ops_armour_trailer_t armour_trailer; | 978 | __ops_armour_trailer_t armour_trailer; | |
979 | __ops_signed_cleartext_header_t signed_cleartext_header; | 979 | __ops_signed_cleartext_header_t signed_cleartext_header; | |
980 | __ops_signed_cleartext_body_t signed_cleartext_body; | 980 | __ops_signed_cleartext_body_t signed_cleartext_body; | |
981 | __ops_signed_cleartext_trailer_t signed_cleartext_trailer; | 981 | __ops_signed_cleartext_trailer_t signed_cleartext_trailer; | |
982 | __ops_unarmoured_text_t unarmoured_text; | 982 | __ops_unarmoured_text_t unarmoured_text; | |
983 | __ops_pk_session_key_t pk_session_key; | 983 | __ops_pk_session_key_t pk_session_key; | |
984 | __ops_secret_key_passphrase_t secret_key_passphrase; | 984 | __ops_secret_key_passphrase_t skey_passphrase; | |
985 | __ops_se_ip_data_header_t se_ip_data_header; | 985 | __ops_se_ip_data_header_t se_ip_data_header; | |
986 | __ops_se_ip_data_body_t se_ip_data_body; | 986 | __ops_se_ip_data_body_t se_ip_data_body; | |
987 | __ops_se_data_body_t se_data_body; | 987 | __ops_se_data_body_t se_data_body; | |
988 | __ops_get_secret_key_t get_secret_key; | 988 | __ops_get_secret_key_t get_secret_key; | |
989 | } __ops_parser_content_union_t; | 989 | } __ops_parser_content_union_t; | |
990 | 990 | |||
991 | /** __ops_parser_content_t */ | 991 | /** __ops_packet_t */ | |
992 | struct __ops_parser_content_t { | 992 | struct __ops_packet_t { | |
993 | __ops_content_tag_t tag; /* type of contents */ | 993 | __ops_content_tag_t tag; /* type of contents */ | |
994 | unsigned char critical; /* for signature subpackets */ | 994 | unsigned char critical; /* for signature subpackets */ | |
995 | __ops_parser_content_union_t u; /* union for contents */ | 995 | __ops_parser_content_union_t u; /* union for contents */ | |
996 | }; | 996 | }; | |
997 | 997 | |||
998 | /** __ops_fingerprint_t */ | 998 | /** __ops_fingerprint_t */ | |
999 | typedef struct { | 999 | typedef struct { | |
1000 | unsigned char fingerprint[20]; | 1000 | unsigned char fingerprint[20]; | |
1001 | unsigned length; | 1001 | unsigned length; | |
1002 | } __ops_fingerprint_t; | 1002 | } __ops_fingerprint_t; | |
1003 | 1003 | |||
1004 | void __ops_init(void); | 1004 | void __ops_init(void); | |
1005 | void __ops_finish(void); | 1005 | void __ops_finish(void); | |
@@ -1017,21 +1017,21 @@ void __ops_ss_preferred_compr | @@ -1017,21 +1017,21 @@ void __ops_ss_preferred_compr | |||
1017 | void __ops_ss_key_flags_free(__ops_ss_key_flags_t *); | 1017 | void __ops_ss_key_flags_free(__ops_ss_key_flags_t *); | |
1018 | void __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *); | 1018 | void __ops_ss_key_server_prefs_free(__ops_ss_key_server_prefs_t *); | |
1019 | void __ops_ss_features_free(__ops_ss_features_t *); | 1019 | void __ops_ss_features_free(__ops_ss_features_t *); | |
1020 | void __ops_ss_notation_data_free(__ops_ss_notation_data_t *); | 1020 | void __ops_ss_notation_data_free(__ops_ss_notation_data_t *); | |
1021 | void __ops_ss_policy_url_free(__ops_ss_policy_url_t *); | 1021 | void __ops_ss_policy_url_free(__ops_ss_policy_url_t *); | |
1022 | void __ops_ss_preferred_key_server_free(__ops_ss_preferred_key_server_t *); | 1022 | void __ops_ss_preferred_key_server_free(__ops_ss_preferred_key_server_t *); | |
1023 | void __ops_ss_regexp_free(__ops_ss_regexp_t *); | 1023 | void __ops_ss_regexp_free(__ops_ss_regexp_t *); | |
1024 | void __ops_ss_userdefined_free(__ops_ss_userdefined_t *); | 1024 | void __ops_ss_userdefined_free(__ops_ss_userdefined_t *); | |
1025 | void __ops_ss_reserved_free(__ops_ss_unknown_t *); | 1025 | void __ops_ss_reserved_free(__ops_ss_unknown_t *); | |
1026 | void __ops_ss_revocation_reason_free(__ops_ss_revocation_reason_t *); | 1026 | void __ops_ss_revocation_reason_free(__ops_ss_revocation_reason_t *); | |
1027 | void __ops_ss_signature_target_free(__ops_ss_signature_target_t *); | 1027 | void __ops_ss_signature_target_free(__ops_ss_signature_target_t *); | |
1028 | void __ops_ss_embedded_signature_free(__ops_ss_embedded_signature_t *); | 1028 | void __ops_ss_embedded_signature_free(__ops_ss_embedded_signature_t *); | |
1029 | 1029 | |||
1030 | void __ops_packet_free(__ops_packet_t *); | 1030 | void __ops_subpacket_free(__ops_subpacket_t *); | |
1031 | void __ops_parser_content_free(__ops_parser_content_t *); | 1031 | void __ops_parser_content_free(__ops_packet_t *); | |
1032 | void __ops_secret_key_free(__ops_secret_key_t *); | 1032 | void __ops_secret_key_free(__ops_secret_key_t *); | |
1033 | void __ops_pk_session_key_free(__ops_pk_session_key_t *); | 1033 | void __ops_pk_session_key_free(__ops_pk_session_key_t *); | |
1034 | 1034 | |||
1035 | int __ops_print_packet(const __ops_parser_content_t *); | 1035 | int __ops_print_packet(const __ops_packet_t *); | |
1036 | 1036 | |||
1037 | #endif | 1037 | #endif |
--- src/crypto/external/bsd/netpgp/dist/src/lib/Attic/parse_local.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/Attic/parse_local.h 2009/05/05 01:28:15 1.2
@@ -16,31 +16,30 @@ | @@ -16,31 +16,30 @@ | |||
16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 16 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
17 | * | 17 | * | |
18 | * See the License for the specific language governing permissions and | 18 | * See the License for the specific language governing permissions and | |
19 | * limitations under the License. | 19 | * limitations under the License. | |
20 | */ | 20 | */ | |
21 | 21 | |||
22 | /** \file */ | 22 | /** \file */ | |
23 | 23 | |||
24 | #include "types.h" | 24 | #include "types.h" | |
25 | #include "crypto.h" | 25 | #include "crypto.h" | |
26 | 26 | |||
27 | /** __ops_reader_info */ | 27 | /** __ops_reader_info */ | |
28 | struct __ops_reader_info { | 28 | struct __ops_reader_info { | |
29 | __ops_reader_t *reader; /* !< the reader function to use to get the | 29 | __ops_reader_t *reader;/* !< the reader function to use to get the | |
30 | * data to be parsed */ | 30 | * data to be parsed */ | |
31 | __ops_reader_destroyer_t *destroyer; | 31 | __ops_reader_destroyer_t *destroyer; | |
32 | void *arg; /* !< the args to pass to the reader function */ | 32 | void *arg; /* !< the args to pass to the reader function */ | |
33 | ||||
34 | unsigned accumulate:1; /* !< set to accumulate packet data */ | 33 | unsigned accumulate:1; /* !< set to accumulate packet data */ | |
35 | unsigned char *accumulated; /* !< the accumulated data */ | 34 | unsigned char *accumulated; /* !< the accumulated data */ | |
36 | unsigned asize; /* !< size of the buffer */ | 35 | unsigned asize; /* !< size of the buffer */ | |
37 | unsigned alength;/* !< used buffer */ | 36 | unsigned alength;/* !< used buffer */ | |
38 | /* XXX: what do we do about offsets into compressed packets? */ | 37 | /* XXX: what do we do about offsets into compressed packets? */ | |
39 | unsigned position; /* !< the offset from the beginning | 38 | unsigned position; /* !< the offset from the beginning | |
40 | * (with this reader) */ | 39 | * (with this reader) */ | |
41 | 40 | |||
42 | __ops_reader_info_t *next; | 41 | __ops_reader_info_t *next; | |
43 | __ops_parse_info_t *pinfo;/* !< A pointer back to the parent parse_info | 42 | __ops_parse_info_t *pinfo;/* !< A pointer back to the parent parse_info | |
44 | * structure */ | 43 | * structure */ | |
45 | }; | 44 | }; | |
46 | 45 | |||
@@ -97,25 +96,26 @@ typedef struct { | @@ -97,25 +96,26 @@ typedef struct { | |||
97 | * - the accumulated data, if any | 96 | * - the accumulated data, if any | |
98 | * - the size of the buffer, and how much has been used | 97 | * - the size of the buffer, and how much has been used | |
99 | * | 98 | * | |
100 | * It has a linked list of errors. | 99 | * It has a linked list of errors. | |
101 | */ | 100 | */ | |
102 | 101 | |||
103 | struct __ops_parse_info { | 102 | struct __ops_parse_info { | |
104 | unsigned char ss_raw[NTAGS / 8]; /* !< one bit per | 103 | unsigned char ss_raw[NTAGS / 8]; /* !< one bit per | |
105 | * signature-subpacket type; | 104 | * signature-subpacket type; | |
106 | * set to get raw data */ | 105 | * set to get raw data */ | |
107 | unsigned char ss_parsed[NTAGS / 8]; /* !< one bit per | 106 | unsigned char ss_parsed[NTAGS / 8]; /* !< one bit per | |
108 | * signature-subpacket type; | 107 | * signature-subpacket type; | |
109 | * set to get parsed data */ | 108 | * set to get parsed data */ | |
110 | 109 | __ops_reader_info_t rinfo; | ||
111 | __ops_reader_info_t rinfo; | 110 | __ops_parse_cb_info_t cbinfo; | |
112 | __ops_parse_cb_info_t cbinfo; | 111 | __ops_error_t *errors; | |
113 | __ops_error_t *errors; | 112 | __ops_crypt_t decrypt; | |
114 | __ops_crypt_t decrypt; | 113 | __ops_crypt_info_t cryptinfo; | |
115 | __ops_crypt_info_t cryptinfo; | 114 | size_t nhashes; | |
116 | size_t nhashes; | |||
117 | __ops_parse_hash_info_t *hashes; | 115 | __ops_parse_hash_info_t *hashes; | |
118 | unsigned reading_v3_secret:1; | 116 | unsigned reading_v3_secret:1; | |
119 | unsigned reading_mpi_length:1; | 117 | unsigned reading_mpi_length:1; | |
120 | unsigned exact_read:1; | 118 | unsigned exact_read:1; | |
119 | void *synthsig; /* synthetic sig */ | |||
120 | void *synthlit; /* synthetic literal data */ | |||
121 | }; | 121 | }; |
--- src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/readerwriter.h 2009/05/05 01:28:15 1.2
@@ -56,43 +56,43 @@ void __ops_writer_push_encrypt_se_ip(__o | @@ -56,43 +56,43 @@ void __ops_writer_push_encrypt_se_ip(__o | |||
56 | 56 | |||
57 | void __ops_push_skey_checksum_writer(__ops_create_info_t *, __ops_secret_key_t *); | 57 | void __ops_push_skey_checksum_writer(__ops_create_info_t *, __ops_secret_key_t *); | |
58 | bool __ops_pop_skey_checksum_writer(__ops_create_info_t *); | 58 | bool __ops_pop_skey_checksum_writer(__ops_create_info_t *); | |
59 | 59 | |||
60 | 60 | |||
61 | /* memory writing */ | 61 | /* memory writing */ | |
62 | void __ops_setup_memory_write(__ops_create_info_t **, __ops_memory_t **, size_t); | 62 | void __ops_setup_memory_write(__ops_create_info_t **, __ops_memory_t **, size_t); | |
63 | void __ops_teardown_memory_write(__ops_create_info_t *, __ops_memory_t *); | 63 | void __ops_teardown_memory_write(__ops_create_info_t *, __ops_memory_t *); | |
64 | 64 | |||
65 | /* memory reading */ | 65 | /* memory reading */ | |
66 | void | 66 | void | |
67 | __ops_setup_memory_read(__ops_parse_info_t **, __ops_memory_t *, | 67 | __ops_setup_memory_read(__ops_parse_info_t **, __ops_memory_t *, | |
68 | void *, | 68 | void *, | |
69 | __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), bool); | 69 | __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), bool); | |
70 | void __ops_teardown_memory_read(__ops_parse_info_t *, __ops_memory_t *); | 70 | void __ops_teardown_memory_read(__ops_parse_info_t *, __ops_memory_t *); | |
71 | 71 | |||
72 | /* file writing */ | 72 | /* file writing */ | |
73 | int __ops_setup_file_write(__ops_create_info_t **, const char *, bool); | 73 | int __ops_setup_file_write(__ops_create_info_t **, const char *, bool); | |
74 | void __ops_teardown_file_write(__ops_create_info_t *, int); | 74 | void __ops_teardown_file_write(__ops_create_info_t *, int); | |
75 | 75 | |||
76 | /* file appending */ | 76 | /* file appending */ | |
77 | int __ops_setup_file_append(__ops_create_info_t **, const char *); | 77 | int __ops_setup_file_append(__ops_create_info_t **, const char *); | |
78 | void __ops_teardown_file_append(__ops_create_info_t *, int); | 78 | void __ops_teardown_file_append(__ops_create_info_t *, int); | |
79 | 79 | |||
80 | /* file reading */ | 80 | /* file reading */ | |
81 | int __ops_setup_file_read(__ops_parse_info_t **, const char *, void *, | 81 | int __ops_setup_file_read(__ops_parse_info_t **, const char *, void *, | |
82 | __ops_parse_cb_return_t callback(const __ops_parser_content_t *, __ops_parse_cb_info_t *), bool); | 82 | __ops_parse_cb_return_t callback(const __ops_packet_t *, __ops_parse_cb_info_t *), bool); | |
83 | void __ops_teardown_file_read(__ops_parse_info_t *, int); | 83 | void __ops_teardown_file_read(__ops_parse_info_t *, int); | |
84 | 84 | |||
85 | bool __ops_reader_set_accumulate(__ops_parse_info_t *, bool); | 85 | bool __ops_reader_set_accumulate(__ops_parse_info_t *, bool); | |
86 | 86 | |||
87 | /* useful callbacks */ | 87 | /* useful callbacks */ | |
88 | __ops_parse_cb_return_t | 88 | __ops_parse_cb_return_t | |
89 | literal_data_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 89 | literal_data_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
90 | __ops_parse_cb_return_t | 90 | __ops_parse_cb_return_t | |
91 | pk_session_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 91 | pk_session_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
92 | __ops_parse_cb_return_t | 92 | __ops_parse_cb_return_t | |
93 | get_secret_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 93 | get_secret_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
94 | 94 | |||
95 | /* from reader_fd.c */ | 95 | /* from reader_fd.c */ | |
96 | void __ops_reader_set_fd(__ops_parse_info_t *, int); | 96 | void __ops_reader_set_fd(__ops_parse_info_t *, int); | |
97 | 97 | |||
98 | #endif /* OPS_READERWRITER_H__ */ | 98 | #endif /* OPS_READERWRITER_H__ */ |
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.h 2009/05/05 01:28:15 1.2
@@ -24,33 +24,33 @@ | @@ -24,33 +24,33 @@ | |||
24 | 24 | |||
25 | #ifndef OPS_SIGNATURE_H | 25 | #ifndef OPS_SIGNATURE_H | |
26 | #define OPS_SIGNATURE_H | 26 | #define OPS_SIGNATURE_H | |
27 | 27 | |||
28 | #include "packet.h" | 28 | #include "packet.h" | |
29 | #include "create.h" | 29 | #include "create.h" | |
30 | 30 | |||
31 | typedef struct __ops_create_signature __ops_create_signature_t; | 31 | typedef struct __ops_create_signature __ops_create_signature_t; | |
32 | 32 | |||
33 | __ops_create_signature_t *__ops_create_signature_new(void); | 33 | __ops_create_signature_t *__ops_create_signature_new(void); | |
34 | void __ops_create_signature_delete(__ops_create_signature_t *); | 34 | void __ops_create_signature_delete(__ops_create_signature_t *); | |
35 | 35 | |||
36 | bool | 36 | bool | |
37 | __ops_check_user_id_certification_signature(const __ops_public_key_t *, | 37 | __ops_check_useridcert_sig(const __ops_public_key_t *, | |
38 | const __ops_user_id_t *, | 38 | const __ops_user_id_t *, | |
39 | const __ops_signature_t *, | 39 | const __ops_signature_t *, | |
40 | const __ops_public_key_t *, | 40 | const __ops_public_key_t *, | |
41 | const unsigned char *); | 41 | const unsigned char *); | |
42 | bool | 42 | bool | |
43 | __ops_check_user_attribute_certification_signature(const __ops_public_key_t *, | 43 | __ops_check_userattrcert_sig(const __ops_public_key_t *, | |
44 | const __ops_user_attribute_t *, | 44 | const __ops_user_attribute_t *, | |
45 | const __ops_signature_t *, | 45 | const __ops_signature_t *, | |
46 | const __ops_public_key_t *, | 46 | const __ops_public_key_t *, | |
47 | const unsigned char *); | 47 | const unsigned char *); | |
48 | bool | 48 | bool | |
49 | __ops_check_subkey_signature(const __ops_public_key_t *, | 49 | __ops_check_subkey_signature(const __ops_public_key_t *, | |
50 | const __ops_public_key_t *, | 50 | const __ops_public_key_t *, | |
51 | const __ops_signature_t *, | 51 | const __ops_signature_t *, | |
52 | const __ops_public_key_t *, | 52 | const __ops_public_key_t *, | |
53 | const unsigned char *); | 53 | const unsigned char *); | |
54 | bool | 54 | bool | |
55 | __ops_check_direct_signature(const __ops_public_key_t *, | 55 | __ops_check_direct_signature(const __ops_public_key_t *, | |
56 | const __ops_signature_t *, | 56 | const __ops_signature_t *, |
--- src/crypto/external/bsd/netpgp/dist/src/lib/types.h 2009/04/23 06:32:03 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/types.h 2009/05/05 01:28:15 1.2
@@ -47,28 +47,28 @@ typedef struct { | @@ -47,28 +47,28 @@ typedef struct { | |||
47 | } __ops_map_t; | 47 | } __ops_map_t; | |
48 | 48 | |||
49 | /** __ops_errcode_name_map_t */ | 49 | /** __ops_errcode_name_map_t */ | |
50 | typedef __ops_map_t __ops_errcode_name_map_t; | 50 | typedef __ops_map_t __ops_errcode_name_map_t; | |
51 | 51 | |||
52 | typedef struct _ops_crypt_t __ops_crypt_t; | 52 | typedef struct _ops_crypt_t __ops_crypt_t; | |
53 | 53 | |||
54 | /** __ops_hash_t */ | 54 | /** __ops_hash_t */ | |
55 | typedef struct _ops_hash_t __ops_hash_t; | 55 | typedef struct _ops_hash_t __ops_hash_t; | |
56 | 56 | |||
57 | /** Revocation Reason type */ | 57 | /** Revocation Reason type */ | |
58 | typedef unsigned char __ops_ss_rr_code_t; | 58 | typedef unsigned char __ops_ss_rr_code_t; | |
59 | 59 | |||
60 | /** __ops_parser_content_t */ | 60 | /** __ops_packet_t */ | |
61 | typedef struct __ops_parser_content_t __ops_parser_content_t; | 61 | typedef struct __ops_packet_t __ops_packet_t; | |
62 | 62 | |||
63 | /** Writer flags */ | 63 | /** Writer flags */ | |
64 | typedef enum { | 64 | typedef enum { | |
65 | OPS_WF_DUMMY | 65 | OPS_WF_DUMMY | |
66 | } __ops_writer_flags_t; | 66 | } __ops_writer_flags_t; | |
67 | 67 | |||
68 | /** | 68 | /** | |
69 | * \ingroup Create | 69 | * \ingroup Create | |
70 | * Contains the required information about how to write | 70 | * Contains the required information about how to write | |
71 | */ | 71 | */ | |
72 | typedef struct __ops_create_info __ops_create_info_t; | 72 | typedef struct __ops_create_info __ops_create_info_t; | |
73 | 73 | |||
74 | #endif | 74 | #endif |
--- src/crypto/external/bsd/netpgp/dist/src/lib/validate.h 2009/04/23 06:32:04 1.1.1.1
+++ src/crypto/external/bsd/netpgp/dist/src/lib/validate.h 2009/05/05 01:28:16 1.2
@@ -32,47 +32,47 @@ typedef struct { | @@ -32,47 +32,47 @@ typedef struct { | |||
32 | __ops_public_key_t pkey; | 32 | __ops_public_key_t pkey; | |
33 | __ops_public_key_t subkey; | 33 | __ops_public_key_t subkey; | |
34 | __ops_secret_key_t skey; | 34 | __ops_secret_key_t skey; | |
35 | enum { | 35 | enum { | |
36 | ATTRIBUTE = 1, | 36 | ATTRIBUTE = 1, | |
37 | ID | 37 | ID | |
38 | } last_seen; | 38 | } last_seen; | |
39 | __ops_user_id_t user_id; | 39 | __ops_user_id_t user_id; | |
40 | __ops_user_attribute_t user_attribute; | 40 | __ops_user_attribute_t user_attribute; | |
41 | unsigned char hash[OPS_MAX_HASH_SIZE]; | 41 | unsigned char hash[OPS_MAX_HASH_SIZE]; | |
42 | const __ops_keyring_t *keyring; | 42 | const __ops_keyring_t *keyring; | |
43 | validate_reader_t *rarg; | 43 | validate_reader_t *rarg; | |
44 | __ops_validation_t *result; | 44 | __ops_validation_t *result; | |
45 | __ops_parse_cb_return_t(*cb_get_passphrase) (const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 45 | __ops_parse_cb_return_t(*cb_get_passphrase) (const __ops_packet_t *, __ops_parse_cb_info_t *); | |
46 | } validate_key_cb_t; | 46 | } validate_key_cb_t; | |
47 | 47 | |||
48 | /** Struct use with the validate_data_cb callback */ | 48 | /** Struct use with the validate_data_cb callback */ | |
49 | typedef struct { | 49 | typedef struct { | |
50 | enum { | 50 | enum { | |
51 | LITERAL_DATA, | 51 | LITERAL_DATA, | |
52 | SIGNED_CLEARTEXT | 52 | SIGNED_CLEARTEXT | |
53 | } use; /* <! this is set to indicate what | 53 | } use; /* <! this is set to indicate what | |
54 | * kind of data we have */ | 54 | * kind of data we have */ | |
55 | union { | 55 | union { | |
56 | __ops_literal_data_body_t literal_data_body; /* <! Used to hold | 56 | __ops_literal_data_body_t literal_data_body; /* <! Used to hold | |
57 | * Literal Data */ | 57 | * Literal Data */ | |
58 | __ops_signed_cleartext_body_t signed_cleartext_body; /* <! Used to hold | 58 | __ops_signed_cleartext_body_t signed_cleartext_body; /* <! Used to hold | |
59 | * Signed Cleartext */ | 59 | * Signed Cleartext */ | |
60 | } data; /* <! the data itself */ | 60 | } data; /* <! the data itself */ | |
61 | unsigned char hash[OPS_MAX_HASH_SIZE]; /* <! the hash */ | 61 | unsigned char hash[OPS_MAX_HASH_SIZE]; /* <! the hash */ | |
62 | __ops_memory_t *mem; | 62 | __ops_memory_t *mem; | |
63 | const __ops_keyring_t *keyring; /* <! keyring to use */ | 63 | const __ops_keyring_t *keyring; /* <! keyring to use */ | |
64 | validate_reader_t *rarg; /* <! reader-specific arg */ | 64 | validate_reader_t *rarg; /* <! reader-specific arg */ | |
65 | __ops_validation_t *result; /* <! where to put the result */ | 65 | __ops_validation_t *result; /* <! where to put the result */ | |
66 | } validate_data_cb_t; /* <! used with | 66 | } validate_data_cb_t; /* <! used with | |
67 | * validate_data_cb callback */ | 67 | * validate_data_cb callback */ | |
68 | 68 | |||
69 | void __ops_keydata_reader_set(__ops_parse_info_t *, const __ops_keydata_t *); | 69 | void __ops_keydata_reader_set(__ops_parse_info_t *, const __ops_keydata_t *); | |
70 | 70 | |||
71 | __ops_parse_cb_return_t __ops_validate_key_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 71 | __ops_parse_cb_return_t __ops_validate_key_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
72 | 72 | |||
73 | bool __ops_validate_file(__ops_validation_t *, const char *, const int, const __ops_keyring_t *); | 73 | bool __ops_validate_file(__ops_validation_t *, const char *, const int, const __ops_keyring_t *); | |
74 | bool __ops_validate_mem(__ops_validation_t *, __ops_memory_t *, const int, const __ops_keyring_t *); | 74 | bool __ops_validate_mem(__ops_validation_t *, __ops_memory_t *, const int, const __ops_keyring_t *); | |
75 | 75 | |||
76 | __ops_parse_cb_return_t validate_data_cb(const __ops_parser_content_t *, __ops_parse_cb_info_t *); | 76 | __ops_parse_cb_return_t validate_data_cb(const __ops_packet_t *, __ops_parse_cb_info_t *); | |
77 | 77 | |||
78 | #endif /* !VALIDATE_H_ */ | 78 | #endif /* !VALIDATE_H_ */ |
--- src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3 2009/05/02 09:40:01 1.5
+++ src/crypto/external/bsd/netpgp/dist/src/lib/libnetpgp.3 2009/05/05 01:28:15 1.6
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | .\" $NetBSD: libnetpgp.3,v 1.5 2009/05/02 09:40:01 wiz Exp $ | 1 | .\" $NetBSD: libnetpgp.3,v 1.6 2009/05/05 01:28:15 agc Exp $ | |
2 | .\" | 2 | .\" | |
3 | .\" Copyright (c) 2009 The NetBSD Foundation, Inc. | 3 | .\" Copyright (c) 2009 The NetBSD Foundation, Inc. | |
4 | .\" All rights reserved. | 4 | .\" All rights reserved. | |
5 | .\" | 5 | .\" | |
6 | .\" This manual page is derived from software contributed to The | 6 | .\" This manual page is derived from software contributed to The | |
7 | .\" NetBSD Foundation by Alistair Crooks (agc@NetBSD.org) | 7 | .\" NetBSD Foundation by Alistair Crooks (agc@NetBSD.org) | |
8 | .\" | 8 | .\" | |
9 | .\" Redistribution and use in source and binary forms, with or without | 9 | .\" Redistribution and use in source and binary forms, with or without | |
10 | .\" modification, are permitted provided that the following conditions | 10 | .\" modification, are permitted provided that the following conditions | |
11 | .\" are met: | 11 | .\" are met: | |
12 | .\" 1. Redistributions of source code must retain the above copyright | 12 | .\" 1. Redistributions of source code must retain the above copyright | |
13 | .\" notice, this list of conditions and the following disclaimer. | 13 | .\" notice, this list of conditions and the following disclaimer. | |
14 | .\" 2. Redistributions in binary form must reproduce the above copyright | 14 | .\" 2. Redistributions in binary form must reproduce the above copyright | |
@@ -17,27 +17,27 @@ | @@ -17,27 +17,27 @@ | |||
17 | .\" | 17 | .\" | |
18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | 18 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS | |
19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | 19 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | 20 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | 21 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS | |
22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | 22 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR | |
23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | 23 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | 24 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | 25 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN | |
26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | 26 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | 27 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE | |
28 | .\" POSSIBILITY OF SUCH DAMAGE. | 28 | .\" POSSIBILITY OF SUCH DAMAGE. | |
29 | .\" | 29 | .\" | |
30 | .Dd May 2, 2009 | 30 | .Dd May 4, 2009 | |
31 | .Dt LIBNETPGP 3 | 31 | .Dt LIBNETPGP 3 | |
32 | .Os | 32 | .Os | |
33 | .Sh NAME | 33 | .Sh NAME | |
34 | .Nm libnetpgp | 34 | .Nm libnetpgp | |
35 | .Nd digital signing and verification, encryption and decryption | 35 | .Nd digital signing and verification, encryption and decryption | |
36 | .Sh LIBRARY | 36 | .Sh LIBRARY | |
37 | .Lb libnetpgp | 37 | .Lb libnetpgp | |
38 | .Sh SYNOPSIS | 38 | .Sh SYNOPSIS | |
39 | .In netpgp.h | 39 | .In netpgp.h | |
40 | .Ft int | 40 | .Ft int | |
41 | .Fo netpgp_init | 41 | .Fo netpgp_init | |
42 | .Fa "netpgp_t *netpgp" "char *userid" "char *pubringfile" "char *secringfile" | 42 | .Fa "netpgp_t *netpgp" "char *userid" "char *pubringfile" "char *secringfile" | |
43 | .Fc | 43 | .Fc | |
@@ -85,26 +85,30 @@ | @@ -85,26 +85,30 @@ | |||
85 | .Fc | 85 | .Fc | |
86 | .Ft int | 86 | .Ft int | |
87 | .Fo netpgp_set_debug | 87 | .Fo netpgp_set_debug | |
88 | .Fa "const char *filename" | 88 | .Fa "const char *filename" | |
89 | .Fc | 89 | .Fc | |
90 | .Ft int | 90 | .Ft int | |
91 | .Fo netpgp_get_debug | 91 | .Fo netpgp_get_debug | |
92 | .Fa "const char *filename" | 92 | .Fa "const char *filename" | |
93 | .Fc | 93 | .Fc | |
94 | .Ft int | 94 | .Ft int | |
95 | .Fo netpgp_get_info | 95 | .Fo netpgp_get_info | |
96 | .Fa "const char *type" | 96 | .Fa "const char *type" | |
97 | .Fc | 97 | .Fc | |
98 | .Ft int | |||
99 | .Fo netpgp_list_packets | |||
100 | .Fa "netpgp_t *netpgp" "char *filename" "int armour" "char *pubringname" | |||
101 | .Fc | |||
98 | .Sh DESCRIPTION | 102 | .Sh DESCRIPTION | |
99 | .Nm | 103 | .Nm | |
100 | is a library interface to enable digital signatures to be created and | 104 | is a library interface to enable digital signatures to be created and | |
101 | verified, and also for files and memory to be encrypted and decrypted. | 105 | verified, and also for files and memory to be encrypted and decrypted. | |
102 | Functions are also provided for management of user keys. | 106 | Functions are also provided for management of user keys. | |
103 | .Pp | 107 | .Pp | |
104 | The library uses functions from the openssl library for multi-precision | 108 | The library uses functions from the openssl library for multi-precision | |
105 | integer arithmetic, and for RSA and DSA key signing and verification, | 109 | integer arithmetic, and for RSA and DSA key signing and verification, | |
106 | encryption and decryption. | 110 | encryption and decryption. | |
107 | .Pp | 111 | .Pp | |
108 | Normal operation sees the | 112 | Normal operation sees the | |
109 | .Nm | 113 | .Nm | |
110 | process be initialised using the | 114 | process be initialised using the | |
@@ -158,26 +162,36 @@ files are the lifeblood of the | @@ -158,26 +162,36 @@ files are the lifeblood of the | |||
158 | library. | 162 | library. | |
159 | To encrypt a file, the | 163 | To encrypt a file, the | |
160 | .Fn netpgp_encrypt_file | 164 | .Fn netpgp_encrypt_file | |
161 | and the | 165 | and the | |
162 | .Fn netpgp_decrypt_file | 166 | .Fn netpgp_decrypt_file | |
163 | is used to decrypt the results of the encryption. | 167 | is used to decrypt the results of the encryption. | |
164 | To sign a file, the | 168 | To sign a file, the | |
165 | .Fn netpgp_sign_file | 169 | .Fn netpgp_sign_file | |
166 | is used, and the resulting signed file can be verified | 170 | is used, and the resulting signed file can be verified | |
167 | using the | 171 | using the | |
168 | .Fn netpgp_verify_file | 172 | .Fn netpgp_verify_file | |
169 | function. | 173 | function. | |
170 | .Pp | 174 | .Pp | |
175 | Internally, an encrypted or signed file | |||
176 | is made up of | |||
177 | .Dq packets | |||
178 | which hold information pertaining to the signature, | |||
179 | encryption method, and the data which is being protected. | |||
180 | This information can be displayed in a verbose manner using | |||
181 | the | |||
182 | .Fn netpgp_list_packets | |||
183 | function. | |||
184 | .Pp | |||
171 | In | 185 | In | |
172 | .Nm | 186 | .Nm | |
173 | files are encrypted using the public key of the userid. | 187 | files are encrypted using the public key of the userid. | |
174 | The secret key is used to decrypt the results of that encryption. | 188 | The secret key is used to decrypt the results of that encryption. | |
175 | Files are signed using the secret key of the userid. | 189 | Files are signed using the secret key of the userid. | |
176 | The public key is used to verify that the file was signed, | 190 | The public key is used to verify that the file was signed, | |
177 | who signed the file, and the date and time at which it was signed. | 191 | who signed the file, and the date and time at which it was signed. | |
178 | .Pp | 192 | .Pp | |
179 | Some utility functions are also provided for debugging, and for | 193 | Some utility functions are also provided for debugging, and for | |
180 | finding out version and maintainer information from calling programs. | 194 | finding out version and maintainer information from calling programs. | |
181 | These are the | 195 | These are the | |
182 | .Fn netpgp_set_debug | 196 | .Fn netpgp_set_debug | |
183 | and the | 197 | and the |
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c 2009/05/02 04:19:43 1.6
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgp.c 2009/05/05 01:28:15 1.7
@@ -215,45 +215,45 @@ sign_detached(char *f, char *sigfile, __ | @@ -215,45 +215,45 @@ sign_detached(char *f, char *sigfile, __ | |||
215 | } | 215 | } | |
216 | __ops_signature_add_data(sig, buf, (unsigned)n); | 216 | __ops_signature_add_data(sig, buf, (unsigned)n); | |
217 | } | 217 | } | |
218 | } else { | 218 | } else { | |
219 | __ops_signature_add_data(sig, mmapped, (unsigned)st.st_size); | 219 | __ops_signature_add_data(sig, mmapped, (unsigned)st.st_size); | |
220 | (void) munmap(mmapped, (unsigned)st.st_size); | 220 | (void) munmap(mmapped, (unsigned)st.st_size); | |
221 | } | 221 | } | |
222 | (void) close(fd); | 222 | (void) close(fd); | |
223 | 223 | |||
224 | /* calculate the signature */ | 224 | /* calculate the signature */ | |
225 | t = time(NULL); | 225 | t = time(NULL); | |
226 | __ops_signature_add_creation_time(sig, t); | 226 | __ops_signature_add_creation_time(sig, t); | |
227 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | 227 | __ops_keyid(keyid, OPS_KEY_ID_SIZE, OPS_KEY_ID_SIZE, | |
228 | &seckey->public_key); | 228 | &seckey->pubkey); | |
229 | __ops_signature_add_issuer_key_id(sig, keyid); | 229 | __ops_signature_add_issuer_key_id(sig, keyid); | |
230 | __ops_signature_hashed_subpackets_end(sig); | 230 | __ops_signature_hashed_subpackets_end(sig); | |
231 | 231 | |||
232 | /* write the signature to the detached file */ | 232 | /* write the signature to the detached file */ | |
233 | if (sigfile == NULL) { | 233 | if (sigfile == NULL) { | |
234 | (void) snprintf(fname, sizeof(fname), "%s.sig", f); | 234 | (void) snprintf(fname, sizeof(fname), "%s.sig", f); | |
235 | sigfile = fname; | 235 | sigfile = fname; | |
236 | } | 236 | } | |
237 | fd = open(sigfile, O_CREAT|O_TRUNC|O_WRONLY, 0666); | 237 | fd = open(sigfile, O_CREAT|O_TRUNC|O_WRONLY, 0666); | |
238 | if (fd < 0) { | 238 | if (fd < 0) { | |
239 | (void) fprintf(stderr, "can't write signature to \"%s\"\n", | 239 | (void) fprintf(stderr, "can't write signature to \"%s\"\n", | |
240 | sigfile); | 240 | sigfile); | |
241 | return 0; | 241 | return 0; | |
242 | } | 242 | } | |
243 | 243 | |||
244 | info = __ops_create_info_new(); | 244 | info = __ops_create_info_new(); | |
245 | __ops_writer_set_fd(info, fd); | 245 | __ops_writer_set_fd(info, fd); | |
246 | __ops_write_signature(sig, &seckey->public_key, seckey, info); | 246 | __ops_write_signature(sig, &seckey->pubkey, seckey, info); | |
247 | __ops_secret_key_free(seckey); | 247 | __ops_secret_key_free(seckey); | |
248 | (void) close(fd); | 248 | (void) close(fd); | |
249 | 249 | |||
250 | return 1; | 250 | return 1; | |
251 | } | 251 | } | |
252 | 252 | |||
253 | /***************************************************************************/ | 253 | /***************************************************************************/ | |
254 | /* exported functions start here */ | 254 | /* exported functions start here */ | |
255 | /***************************************************************************/ | 255 | /***************************************************************************/ | |
256 | 256 | |||
257 | /* initialise a netpgp_t structure */ | 257 | /* initialise a netpgp_t structure */ | |
258 | int | 258 | int | |
259 | netpgp_init(netpgp_t *netpgp, char *userid, char *pubring, char *secring) | 259 | netpgp_init(netpgp_t *netpgp, char *userid, char *pubring, char *secring) | |
@@ -520,13 +520,38 @@ netpgp_set_debug(const char *f) | @@ -520,13 +520,38 @@ netpgp_set_debug(const char *f) | |||
520 | /* get the debugging level per filename */ | 520 | /* get the debugging level per filename */ | |
521 | int | 521 | int | |
522 | netpgp_get_debug(const char *f) | 522 | netpgp_get_debug(const char *f) | |
523 | { | 523 | { | |
524 | return __ops_get_debug_level(f); | 524 | return __ops_get_debug_level(f); | |
525 | } | 525 | } | |
526 | 526 | |||
527 | /* return the version for the library */ | 527 | /* return the version for the library */ | |
528 | const char * | 528 | const char * | |
529 | netpgp_get_info(const char *type) | 529 | netpgp_get_info(const char *type) | |
530 | { | 530 | { | |
531 | return __ops_get_info(type); | 531 | return __ops_get_info(type); | |
532 | } | 532 | } | |
533 | ||||
534 | int | |||
535 | netpgp_list_packets(netpgp_t *netpgp, char *f, int armour, char *pubringname) | |||
536 | { | |||
537 | __ops_keyring_t *keyring; | |||
538 | char ringname[MAXPATHLEN]; | |||
539 | char *homedir; | |||
540 | ||||
541 | homedir = getenv("HOME"); | |||
542 | if (pubringname == NULL) { | |||
543 | (void) snprintf(ringname, sizeof(ringname), | |||
544 | "%s/.gnupg/pubring.gpg", homedir); | |||
545 | pubringname = ringname; | |||
546 | } | |||
547 | keyring = calloc(1, sizeof(*keyring)); | |||
548 | if (!__ops_keyring_read_from_file(keyring, false, pubringname)) { | |||
549 | (void) fprintf(stderr, "Cannot read pub keyring %s\n", | |||
550 | pubringname); | |||
551 | return 0; | |||
552 | } | |||
553 | netpgp->pubring = keyring; | |||
554 | netpgp->pubringfile = strdup(pubringname); | |||
555 | __ops_list_packets(f, armour, keyring, get_passphrase_cb); | |||
556 | return 1; | |||
557 | } |